FEDORA-EPEL-2016-23fa04bf1c

security update in Fedora EPEL 7 for redis

Status: stable 8 months ago

Security fix for CVE-2013-7458

Comments 10

This update has been submitted for testing by hguemar.

This update has been pushed to testing.

This update has reached 14 days in testing and can be pushed to stable now if the maintainer wishes

Considering the number of people asking me to push that update ... It would have just gone faster if people voted ;-)

Works for me. Although 3.2.3 contains a critical security issue, see https://raw.githubusercontent.com/antirez/redis/3.2/00-RELEASENOTES

karma: +1 #1363672: +1 #1363670: +1 #1278967: +1 #1228332: +1 #1069036: +1 #923970: +1 #895121: +1

Has passed testing here as well.

karma: +1 #1363672: +1 #1363670: +1 #1228332: +1 #1069036: +1 #923970: +1 #895121: +1

We ran it in production for a few days. No issues whatsoever.

karma: +1

This update has been submitted for stable by bodhi.

This update has been pushed to stable.


Add Comment & Feedback
Toggle Preview

Comment fields support Fedora-Flavored Markdown.

-1 0 +1 Feedback Guidelines
#1363672 CVE-2013-7458 redis: world-readable ~/.rediscli_history [epel-all]
#1363670 CVE-2013-7458 redis: world-readable ~/.rediscli_history
#1278967 CVE-2015-8080 redis: Integer wraparound in lua_struct.c causing stack-based buffer overflow [epel-all]
#1228332 redis: Lua sandbox escape and arbitrary code execution [epel-all]
#1069036 redis: insecure temporary file creation [epel-all]
#923970 redis in epel is very out of date
#895121 redis 2.4: Insecure temporary flaw use for redis service's vm swap file [epel-all]
Is the update generally functional?
Content Type
RPM
Status
stable
Submitted by
Update Type
security
Karma
+3
stable threshold: 3
unstable threshold: -3
Autopush
Enabled
Dates
submitted a year ago
in testing a year ago
in stable 8 months ago

Related Bugs 7

0+2 #1363672 CVE-2013-7458 redis: world-readable ~/.rediscli_history [epel-all]
0+2 #1363670 CVE-2013-7458 redis: world-readable ~/.rediscli_history
0+1 #1278967 CVE-2015-8080 redis: Integer wraparound in lua_struct.c causing stack-based buffer overflow [epel-all]
0+2 #1228332 redis: Lua sandbox escape and arbitrary code execution [epel-all]
0+2 #1069036 redis: insecure temporary file creation [epel-all]
0+2 #923970 redis in epel is very out of date
0+2 #895121 redis 2.4: Insecure temporary flaw use for redis service's vm swap file [epel-all]

Automated Test Results