FEDORA-EPEL-2018-a83d5ad82b

security update in Fedora EPEL 6 for redis

Status: stable 10 months ago

Upstream 3.2.12 security fix release.

How to install

sudo dnf upgrade --advisory=FEDORA-EPEL-2018-a83d5ad82b

Comments 11

This update has been submitted for testing by nathans.

This update has been pushed to testing.

This update has reached 14 days in testing and can be pushed to stable now if the maintainer wishes

This update has been submitted for batched by nathans.

This update has been submitted for stable by nathans.

This update has been pushed to stable.

Hello,

I still see the issue that the /var/run/redis not being created with the latest rpm as well Please find the screenshot below [root@ES-0 policybased-rules]# yum list | grep redis redis.x86_64 3.2.12-1.el6 @epel php-nrk-Predis.noarch 0.8.6-1.el6 epel php-pecl-redis.x86_64 2.2.8-1.el6 epel php-redis.x86_64 2.2.2-5.git6f7087f.el6 epel python-redis.noarch 2.0.0-1.el6 epel uwsgi-logger-redis.x86_64 2.0.16-1.el6 epel uwsgi-router-redis.x86_64 2.0.16-1.el6 epel [root@ES-0 policybased-rules]# rpm -ql redis-3.2.12-1.el6.x86_64 /etc/logrotate.d/redis /etc/rc.d/init.d/redis /etc/rc.d/init.d/redis-sentinel /etc/redis-sentinel.conf /etc/redis.conf /etc/security/limits.d/95-redis.conf /usr/bin/redis-benchmark /usr/bin/redis-check-aof /usr/bin/redis-check-rdb /usr/bin/redis-cli /usr/bin/redis-sentinel /usr/bin/redis-server /usr/libexec/redis-shutdown /usr/share/doc/redis-3.2.12 /usr/share/doc/redis-3.2.12/00-RELEASENOTES /usr/share/doc/redis-3.2.12/BUGS /usr/share/doc/redis-3.2.12/CONTRIBUTING /usr/share/doc/redis-3.2.12/COPYING /usr/share/doc/redis-3.2.12/MANIFESTO /usr/share/doc/redis-3.2.12/README.md /usr/share/man/man1/redis-benchmark.1.gz /usr/share/man/man1/redis-check-aof.1.gz /usr/share/man/man1/redis-check-rdb.1.gz /usr/share/man/man1/redis-cli.1.gz /usr/share/man/man1/redis-sentinel.1.gz /usr/share/man/man1/redis-server.1.gz /usr/share/man/man5/redis-sentinel.conf.5.gz /usr/share/man/man5/redis.conf.5.gz /var/lib/redis /var/log/redis /var/run/redis [root@ES-0 policybased-rules]# file /var/run/redis /var/run/redis: cannot open `/var/run/redis' (No such file or directory) [root@ES-0 policybased-rules]# cat /etc/re redhat-release redis.conf redis.conf.rpmsave redis-sentinel.conf resolv.conf [root@ES-0 policybased-rules]# cat /etc/redhat-release CentOS release 6.5 (Final)

| # rpm -ql redis-3.2.12-1.el6.x86_64 | [...] | /var/run/redis | # file /var/run/redis /var/run/redis: cannot open `/var/run/redis' (No such file or directory)

This suggests to me that something has removed this directory post-installation...?

I have not removed any directories. I just tried to install the latest rpm which has the fix for the /var/run/redis directory not being created but after the installation i dont see the directory itself. And it is weird that when the service is started it starts fine but when we check the status iut shows that redis is stopped.

It is indeed wierd, not sure what to make of it. If your /var/run an in-memory filesystem perhaps?

No it is not an in-memory we infact have a seperate filesystem for the /var partition.

Content Type
RPM
Status
stable
Test Gating
Submitted by
Update Type
security
Update Severity
unspecified
Karma
0
stable threshold: 3
unstable threshold: -3
Autopush
Enabled
Dates
submitted 11 months ago
in testing 11 months ago
in stable 10 months ago

Related Bugs 5

00 #1499153 CVE-2017-15047 redis: Insufficient input validation in the clusterLoadConfig function [epel-all]
00 #1591537 CVE-2018-11218 redis: Heap corruption in lua_cmsgpack.c [epel-all]
00 #1591538 CVE-2018-11219 redis: Integer overflow in lua_struct.c:b_unpack() [epel-all]
00 #1592931 /var/run/redis directory not created by RPM (redis-3.2.11-1.el6.x86_64.rpm)
00 #1594294 CVE-2018-12326 redis: code execution via a crafted command line [epel-all]

Automated Test Results