Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-announce

From: glsamaker@g.o
To: gentoo-announce@l.g.o
Subject: [gentoo-announce] [ GLSA 202209-17 ] Redis: Multiple Vulnerabilities
Date: Thu, 29 Sep 2022 14:40:35
Message-Id: 166446131372.9.5038677060958041712@90bb6a0775af
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 202209-17
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 https://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: High
8 Title: Redis: Multiple Vulnerabilities
9 Date: September 29, 2022
10 Bugs: #803302, #816282, #841404, #856040, #859181, #872278
11 ID: 202209-17
12
13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15 Synopsis
16 ========
17
18 Multiple vulnerabilities have been found in Redis, the worst of which
19 could result in arbitrary code execution.
20
21 Background
22 ==========
23
24 Redis is an open source (BSD licensed), in-memory data structure store,
25 used as a database, cache and message broker.
26
27 Affected packages
28 =================
29
30 -------------------------------------------------------------------
31 Package / Vulnerable / Unaffected
32 -------------------------------------------------------------------
33 1 dev-db/redis < 7.0.5 >= 7.0.5
34
35 Description
36 ===========
37
38 Multiple vulnerabilities have been discovered in Redis. Please review
39 the CVE identifiers referenced below for details.
40
41 Impact
42 ======
43
44 Please review the referenced CVE identifiers for details.
45
46 Workaround
47 ==========
48
49 There is no known workaround at this time.
50
51 Resolution
52 ==========
53
54 All Redis users should upgrade to the latest version:
55
56 # emerge --sync
57 # emerge --ask --oneshot --verbose ">=dev-db/redis-7.0.5"
58
59 References
60 ==========
61
62 [ 1 ] CVE-2021-32626
63 https://nvd.nist.gov/vuln/detail/CVE-2021-32626
64 [ 2 ] CVE-2021-32627
65 https://nvd.nist.gov/vuln/detail/CVE-2021-32627
66 [ 3 ] CVE-2021-32628
67 https://nvd.nist.gov/vuln/detail/CVE-2021-32628
68 [ 4 ] CVE-2021-32672
69 https://nvd.nist.gov/vuln/detail/CVE-2021-32672
70 [ 5 ] CVE-2021-32675
71 https://nvd.nist.gov/vuln/detail/CVE-2021-32675
72 [ 6 ] CVE-2021-32687
73 https://nvd.nist.gov/vuln/detail/CVE-2021-32687
74 [ 7 ] CVE-2021-32761
75 https://nvd.nist.gov/vuln/detail/CVE-2021-32761
76 [ 8 ] CVE-2021-32762
77 https://nvd.nist.gov/vuln/detail/CVE-2021-32762
78 [ 9 ] CVE-2021-41099
79 https://nvd.nist.gov/vuln/detail/CVE-2021-41099
80 [ 10 ] CVE-2022-24735
81 https://nvd.nist.gov/vuln/detail/CVE-2022-24735
82 [ 11 ] CVE-2022-24736
83 https://nvd.nist.gov/vuln/detail/CVE-2022-24736
84 [ 12 ] CVE-2022-31144
85 https://nvd.nist.gov/vuln/detail/CVE-2022-31144
86 [ 13 ] CVE-2022-33105
87 https://nvd.nist.gov/vuln/detail/CVE-2022-33105
88 [ 14 ] CVE-2022-35951
89 https://nvd.nist.gov/vuln/detail/CVE-2022-35951
90
91 Availability
92 ============
93
94 This GLSA and any updates to it are available for viewing at
95 the Gentoo Security Website:
96
97 https://security.gentoo.org/glsa/202209-17
98
99 Concerns?
100 =========
101
102 Security is a primary focus of Gentoo Linux and ensuring the
103 confidentiality and security of our users' machines is of utmost
104 importance to us. Any security concerns should be addressed to
105 security@g.o or alternatively, you may file a bug at
106 https://bugs.gentoo.org.
107
108 License
109 =======
110
111 Copyright 2022 Gentoo Foundation, Inc; referenced text
112 belongs to its owner(s).
113
114 The contents of this document are licensed under the
115 Creative Commons - Attribution / Share Alike license.
116
117 https://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature
Report Message
Find on MARC Find on Google Groups