Debian alert DLA-3973-1 (redis)
| From: | Adrian Bunk <bunk@debian.org> | |
| To: | debian-lts-announce@lists.debian.org | |
| Subject: | [SECURITY] [DLA 3973-1] redis security update | |
| Date: | Thu, 28 Nov 2024 23:49:25 +0200 | |
| Message-ID: | <Z0jlZbyDeiJQhkRL@localhost> |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3973-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk November 28, 2024 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package : redis Version : 5:6.0.16-1+deb11u4 CVE ID : CVE-2022-35977 CVE-2024-31228 Debian Bug : 1084805 Multiple vulnerabilities have been fixed in the key–value database Redis. CVE-2022-35977 integer overflows in SETRANGE and SORT CVE-2024-31228 unbounded pattern matching DoS For Debian 11 bullseye, these problems have been fixed in version 5:6.0.16-1+deb11u4. We recommend that you upgrade your redis packages. For the detailed security status of redis please refer to its security tracker page at: https://security-tracker.debian.org/tracker/redis Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmdI5WUACgkQiNJCh6LY mLHghw//SmwP4qp3i8p7OuBRFVpWdVYwe+sRo69YtmiGktpn3bDsJcjrRbEy9eEX yJ5XZTcuLRm32HqN1pvrlMtT4bz5eP9nUAMQzvgGWarT5PH0H4QL9covJbZWAedd kq37P7+u0GZVc1LuU1M1eBUn9ryeC0p1E8ThmgefR9EDFgXyLpG+GHu8325GGsim pT86FMi1Md09YexV/2L9X2leL3vSr5hEefk6UNu3zqUk+0MPa4d/JuGyWh8uvH41 Gqf5TP1i2rZ7g/Fccw3pJRuN2gXC2njf7Hi28mDlscg+JIP7LbMq9UftK3xgWadC TxbJu7p/MxTFQKlmBax+uneRk0HwE0RZRXFBjLMkqx+Tlq2hykCRIUwCrQFTZ7Db rT4Ck2TRwAI4ekJqYiD88DxINjJqY44WOB5vErfCb72VF7JaoDD5u4ZBj3M50M3F A4OQEnsUxkm+fJ/OGH3RQ2i7xk0+3O50AAa2Py9DE/j6CCxnWpfM1Cb/1tcWSj6Z 7+PVq8ee9+8L/y71z1rOGrM3l3dWl+w+jj3QJ9vV3DBAydRq0Wl9UhwOwka3gYeW tinfuV7jd4DQnYiSx7DeRRXTZr4WJEmgGFGBkVxwWJ47oTh16nPdLEdYzOnR1osE YhRpzOTDbz7ny6W6VzPoO+9+csetLLLm/HI1+2D4ioo3e5GUGRg= =NRVZ -----END PGP SIGNATURE-----