Overview

File _patchinfo of Package patchinfo.19597

<patchinfo incident="19597">
  <issue tracker="cve" id="2021-29477"/>
  <issue tracker="cve" id="2021-21309"/>
  <issue tracker="cve" id="2021-29478"/>
  <issue tracker="bnc" id="1185730">VUL-0: CVE-2021-29478: redis: Integer overflow via COPY command for large intsets</issue>
  <issue tracker="bnc" id="1182657">VUL-0: CVE-2021-21309: redis: Integer overflow on 32-bit systems</issue>
  <issue tracker="bnc" id="1185729">VUL-0: CVE-2021-29477: redis: Integer overflow via STRALGO LCS command</issue>
  <packager>jzerebecki</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for redis</summary>
  <description>This update for redis fixes the following issues:

redis was updated to 6.0.13:

* CVE-2021-29477: Integer overflow in STRALGO LCS command (bsc#1185729)
* CVE-2021-29478: Integer overflow in COPY command for large intsets (bsc#1185730)
* Cluster: Skip unnecessary check which may prevent failure detection
* Fix performance regression in BRPOP on Redis 6.0
* Fix edge-case when a module client is unblocked

redis 6.0.12:

* Fix compilation error on non-glibc systems if jemalloc is not used

redis 6.0.11:

* CVE-2021-21309: Avoid 32-bit overflows when proto-max-bulk-len
  is set high (bsc#1182657)
* Fix handling of threaded IO and CLIENT PAUSE (failover), could
  lead to data loss or a crash
* Fix the selection of a random element from large hash tables
* Fix broken protocol in client tracking tracking-redir-broken message
* XINFO able to access expired keys on a replica
* Fix broken protocol in redis-benchmark when used with -a or
  --dbnum 
* Avoid assertions (on older kernels) when testing arm64 CoW bug
* CONFIG REWRITE should honor umask settings
* Fix firstkey,lastkey,step in COMMAND command for some commands
* RM_ZsetRem: Delete key if empty, the bug could leave empty
  zset keys 

- Switch systemd type of the sentinel service from notify to simple. This can
  be reverted when updating to 6.2 which fixes
  https://github.com/redis/redis/issues/7284 .
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places