GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Wed Mar 31, 2021 1:26 pm Post subject: [ GLSA 202103-02 ] Redis |
 |
|
Gentoo Linux Security Advisory
Title: Redis: Remote code execution (GLSA 202103-02)
Severity: normal
Exploitable: local, remote
Date: 2021-03-31
Bug(s): #773328
ID: 202103-02
Synopsis
A vulnerability in Redis could lead to remote code execution.
Background
Redis is an open source (BSD licensed), in-memory data structure store,
used as a database, cache and message broker.
Affected Packages
Package: dev-db/redis
Vulnerable: < 6.0.12
Unaffected: >= 5.0.12
Unaffected: >= 6.0.12
Architectures: All supported architectures
Description
It was discovered that there were a number of integer overflow issues in
Redis.
Impact
A remote attacker, able to connect to a Redis instance, could send a
malicious crafted large request possibly resulting in the execution of
arbitrary code with the privileges of the process or a Denial of Service
condition.
Workaround
There is no known workaround at this time.
Resolution
All Redis 5.x users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=dev-db/redis-5.0.12"
|
All Redis 6.x users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=dev-db/redis-6.0.12"
|
References
CVE-2021-21309 |
|
News & Announcements
