File _patchinfo of Package patchinfo.19597
<patchinfo incident="19597">
<issue tracker="cve" id="2021-29477"/>
<issue tracker="cve" id="2021-21309"/>
<issue tracker="cve" id="2021-29478"/>
<issue tracker="bnc" id="1185730">VUL-0: CVE-2021-29478: redis: Integer overflow via COPY command for large intsets</issue>
<issue tracker="bnc" id="1182657">VUL-0: CVE-2021-21309: redis: Integer overflow on 32-bit systems</issue>
<issue tracker="bnc" id="1185729">VUL-0: CVE-2021-29477: redis: Integer overflow via STRALGO LCS command</issue>
<packager>jzerebecki</packager>
<rating>important</rating>
<category>security</category>
<summary>Security update for redis</summary>
<description>This update for redis fixes the following issues:
redis was updated to 6.0.13:
* CVE-2021-29477: Integer overflow in STRALGO LCS command (bsc#1185729)
* CVE-2021-29478: Integer overflow in COPY command for large intsets (bsc#1185730)
* Cluster: Skip unnecessary check which may prevent failure detection
* Fix performance regression in BRPOP on Redis 6.0
* Fix edge-case when a module client is unblocked
redis 6.0.12:
* Fix compilation error on non-glibc systems if jemalloc is not used
redis 6.0.11:
* CVE-2021-21309: Avoid 32-bit overflows when proto-max-bulk-len
is set high (bsc#1182657)
* Fix handling of threaded IO and CLIENT PAUSE (failover), could
lead to data loss or a crash
* Fix the selection of a random element from large hash tables
* Fix broken protocol in client tracking tracking-redir-broken message
* XINFO able to access expired keys on a replica
* Fix broken protocol in redis-benchmark when used with -a or
--dbnum
* Avoid assertions (on older kernels) when testing arm64 CoW bug
* CONFIG REWRITE should honor umask settings
* Fix firstkey,lastkey,step in COMMAND command for some commands
* RM_ZsetRem: Delete key if empty, the bug could leave empty
zset keys
- Switch systemd type of the sentinel service from notify to simple. This can
be reverted when updating to 6.2 which fixes
https://github.com/redis/redis/issues/7284 .
</description>
</patchinfo>