Read Time:54 Second

FEDORA-2023-c685251667

Packages in this update:

redis-7.0.9-1.fc37

Update description:

Redis 7.0.9 – Released Tue Feb 28 12:00:00 IST 2023

Upgrade urgency: SECURITY, contains fixes to security issues.

Security Fixes:

(CVE-2023-25155) Specially crafted SRANDMEMBER, ZRANDMEMBER, and HRANDFIELD
commands can trigger an integer overflow, resulting in a runtime assertion
and termination of the Redis server process.
(CVE-2022-36021) String matching commands (like SCAN or KEYS) with a specially
crafted pattern to trigger a denial-of-service attack on Redis, causing it to
hang and consume 100% CPU time.

Bug Fixes

Fix a crash when reaching the maximum invalidations limit of client-side tracking (#11814)
Fix a crash when SPUBLISH is used after passing the cluster-link-sendbuf-limit (#11752)
Fix possible memory corruption in FLUSHALL when a client watches more than one key (#11854)
Fix cluster inbound link keepalive time (#11785)
Flush propagation list in active-expire of writable replicas to fix an assertion (#11615)
Avoid propagating DEL of lazy expire from SCAN and RANDOMKEY as MULTI-EXEC (#11788)

ClickFix: How to Infect Your PC in Three Easy Steps

Friday Squid Blogging: SQUID Band

Upcoming Speaking Engagements

LockBit Ransomware Developer Extradited to US

TP-Link Router Botnet

Fraudsters Impersonate Clop Ransomware to Extort Businesses

Cybersecurity Industry Falls Short on Collaboration, Says Former GCHQ Director

Volt Typhoon Accessed US OT Network for Nearly a Year

CISA, FBI Warn of Medusa Ransomware Impacting Critical Infrastructure

redis-7.0.9-1.fc37

FEDORA-2023-c685251667

Packages in this update:

Update description:

OpenIPMI-2.0.36-1.fc41

chromium-134.0.6998.88-3.fc42

jupyterlab-4.3.6-1.fc41

jupyterlab-4.3.6-1.fc40

MS-ISAC CYBERSECURITY ADVISORY – Multiple Vulnerabilities in Sante PACS Server Could Allow for Remote Code Execution – PATCH NOW – TLP: CLEAR

dotnet8.0-8.0.114-1.fc40