redis-6.2.11-1.fc36

Read Time:39 Second

FEDORA-2023-7a98e2d545

Packages in this update:

redis-6.2.11-1.fc36

Update description:

Redis 6.2.11 – Released Tue Feb 28 12:00:00 IST 2023

Upgrade urgency: SECURITY, contains fixes to security issues.

Security Fixes:

(CVE-2023-25155) Specially crafted SRANDMEMBER, ZRANDMEMBER, and HRANDFIELD
commands can trigger an integer overflow, resulting in a runtime assertion
and termination of the Redis server process.
(CVE-2022-36021) String matching commands (like SCAN or KEYS) with a specially
crafted pattern to trigger a denial-of-service attack on Redis, causing it to
hang and consume 100% CPU time.

Bug Fixes

Fix a crash when reaching the maximum invalidations limit of client-side tracking (#11814)
Fix cluster inbound link keepalive time (#11785)
Make sure that fork child doesn’t do incremental rehashing (#11692)

Read More