Overview

File _patchinfo of Package patchinfo.21742

<patchinfo incident="21742">
  <issue tracker="cve" id="2021-41099"/>
  <issue tracker="cve" id="2021-32687"/>
  <issue tracker="cve" id="2021-32628"/>
  <issue tracker="cve" id="2021-32626"/>
  <issue tracker="cve" id="2021-32672"/>
  <issue tracker="cve" id="2021-32762"/>
  <issue tracker="cve" id="2021-32627"/>
  <issue tracker="cve" id="2021-32675"/>
  <issue tracker="bnc" id="1191299">VUL-0: CVE-2021-41099: redis: Integer to heap buffer overflow handling certain string commands and network payloads, when proto-max-bulk-len is manually configured to a non-default, very large value</issue>
  <issue tracker="bnc" id="1191303">VUL-0: CVE-2021-32675: redis: Denial Of Service when processing RESP request payloads with a large number of elements on many connections</issue>
  <issue tracker="bnc" id="1191304">VUL-0: CVE-2021-32672: redis: Random heap reading issue with Lua Debugger</issue>
  <issue tracker="bnc" id="1191306">VUL-0: CVE-2021-32626: redis: Specially crafted Lua scripts may result with Heap buffer overflow</issue>
  <issue tracker="bnc" id="1191305">VUL-0:  CVE-2021-32627,CVE-2021-32628: redis: Integer to heap buffer overflows</issue>
  <issue tracker="bnc" id="1191302">VUL-0:  CVE-2021-32687: redis: Integer to heap buffer overflow with intsets, when set-max-intset-entries is manually configured to a non-default, very large value</issue>
  <issue tracker="bnc" id="1191300">VUL-0:  CVE-2021-32762: redis: Integer to heap buffer overflow issue in redis-cli and redis-sentinel parsing large multi-bulk replies on some older and less common platforms</issue>
  <packager>dspinella</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for redis</summary>
  <description>This update for redis fixes the following issues:
	  
- CVE-2021-32627: Fixed integer to heap buffer overflows with streams (bsc#1191305).
- CVE-2021-32628: Fixed integer to heap buffer overflows handling ziplist-encoded data types (bsc#1191305).
- CVE-2021-32687: Fixed integer to heap buffer overflow with intsets (bsc#1191302).
- CVE-2021-32762: Fixed integer to heap buffer overflow issue in redis-cli and redis-sentinel (bsc#1191300).
- CVE-2021-32626: Fixed heap buffer overflow caused by specially crafted Lua scripts (bsc#1191306).
- CVE-2021-32672: Fixed random heap reading issue with Lua Debugger (bsc#1191304).
- CVE-2021-32675: Fixed Denial Of Service when processing RESP request payloads with a large number of elements on many connections (bsc#1191303).
- CVE-2021-41099: Fixed integer to heap buffer overflow handling certain string commands and network payloads (bsc#1191299).
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places