Overview

File _patchinfo of Package patchinfo.36950

<patchinfo incident="36950">
  <issue tracker="cve" id="2024-46981"/>
  <issue tracker="cve" id="2024-31228"/>
  <issue tracker="cve" id="2024-31449"/>
  <issue tracker="bnc" id="1231265">VUL-0: CVE-2024-31228: redis,valkey,redict: Prevent unbounded recursive pattern matching</issue>
  <issue tracker="bnc" id="1235387">VUL-0: CVE-2024-46981: redis,redis7: Lua scripts can be used to manipulate the garbage collector, leading to remote code execution</issue>
  <issue tracker="bnc" id="1231264">VUL-0: CVE-2024-31449: redis,valkey,redict: Integer overflow bug in Lua bit_tohex</issue>
  <packager>ateixeira</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for redis</summary>
  <description>This update for redis fixes the following issues:

- CVE-2024-31228: Prevent unbounded recursive pattern matching. (bsc#1231265)
- CVE-2024-31449: Fixed an integer overflow bug in Lua bit_tohex. (bsc#1231264)
- CVE-2024-46981: Fixed a bug where lua scripts can be used to manipulate the garbage collector, leading to remote code execution. (bsc#1235387)
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places