Read Time:1 Minute, 1 Second

FEDORA-2023-800612d23a

Packages in this update:

redis-7.0.12-1.fc37

Update description:

Redis 7.0.12 – Released Mon July 10 12:00:00 IDT 2023

Upgrade urgency SECURITY: See security fixes below.

Security Fixes:

(CVE-2022-24834) A specially crafted Lua script executing in Redis can trigger
a heap overflow in the cjson and cmsgpack libraries, and result in heap
corruption and potentially remote code execution. The problem exists in all
versions of Redis with Lua scripting support, starting from 2.6, and affects
only authenticated and authorized users.
(CVE-2023-36824) Extracting key names from a command and a list of arguments
may, in some cases, trigger a heap overflow and result in reading random heap
memory, heap corruption and potentially remote code execution. Specifically:
using COMMAND GETKEYS* and validation of key names in ACL rules.

Bug Fixes

Re-enable downscale rehashing while there is a fork child (#12276)
Fix possible hang in HRANDFIELD, SRANDMEMBER, ZRANDMEMBER when used with <count> (#12276)
Improve fairness issue in RANDOMKEY, HRANDFIELD, SRANDMEMBER, ZRANDMEMBER, SPOP, and eviction (#12276)
Fix WAIT to be effective after a blocked module command being unblocked (#12220)
Avoid unnecessary full sync after master restart in a rare case (#12088)

Read More

More Stories

suricata-7.0.8-1.el8

FEDORA-EPEL-2025-02e26b51d5 Packages in this update: suricata-7.0.8-1.el8 Update description: Various security, performance, accuracy, and stability issues have been fixed. Read More

suricata-7.0.8-1.fc40

FEDORA-2025-aa783e1cbd Packages in this update: suricata-7.0.8-1.fc40 Update description: Various security, performance, accuracy, and stability issues have been fixed. Read More

suricata-7.0.8-1.el9

FEDORA-EPEL-2025-9dfb7c8f88 Packages in this update: suricata-7.0.8-1.el9 Update description: Various security, performance, accuracy, and stability issues have been fixed. Read More