redis 5:7.0.12-1 source package in Ubuntu
Changelog
redis (5:7.0.12-1) unstable; urgency=high * New upstream security release: - CVE-2022-24834: A specially-crafted Lua script executing in Redis could have triggered a heap overflow in the cjson and cmsgpack libraries and result in heap corruption and potentially remote code execution. The problem exists in all versions of Redis with Lua scripting support and affects only authenticated/authorised users. - CVE-2023-36824: Extracting key names from a command and a list of arguments may, in some cases, have triggered a heap overflow and result in reading random heap memory, heap corruption and potentially remote code execution. (Specifically using COMMAND GETKEYS* and validation of key names in ACL rules). (Closes: #1040879) For more information, please see: <https://raw.githubusercontent.com/redis/redis/7.0/00-RELEASENOTES> -- Chris Lamb <email address hidden> Wed, 12 Jul 2023 10:07:09 +0100
See full publishing history Publishing
Series | Published | Component | Section | |
---|---|---|---|---|
Mantic | release | universe | misc |
Downloads
File | Size | SHA-256 Checksum |
---|---|---|
redis_7.0.12-1.dsc | 2.2 KiB | e011831d24088b9d946cbe0e9422663adbf52197d51293fb00b55f01d8a073f9 |
redis_7.0.12.orig.tar.gz | 2.9 MiB | 13d4689454e29e7b9f1161b544e6d08b0ddd27d057859fde7b1916869b3bf701 |
redis_7.0.12-1.debian.tar.xz | 27.9 KiB | dd8db40f47f60e78514166de827f1e6802c7eaa181f4da17f2eeac743f4bc8b9 |
Available diffs
- diff from 5:7.0.11-1 to 5:7.0.12-1 (14.2 KiB)
No changes file available.
Binary packages built by this source
- redis: Persistent key-value database with network interface (metapackage)
Redis is a key-value database in a similar vein to memcache but the dataset
is non-volatile. Redis additionally provides native support for atomically
manipulating and querying data structures such as lists and sets.
.
The dataset is stored entirely in memory and periodically flushed to disk.
.
This package depends on the redis-server package.
- redis-sentinel: Persistent key-value database with network interface (monitoring)
Redis is a key-value database in a similar vein to memcache but the dataset
is non-volatile. Redis additionally provides native support for atomically
manipulating and querying data structures such as lists and sets.
.
This package contains the Redis Sentinel monitoring software.
- redis-server: Persistent key-value database with network interface
Redis is a key-value database in a similar vein to memcache but the dataset
is non-volatile. Redis additionally provides native support for atomically
manipulating and querying data structures such as lists and sets.
.
The dataset is stored entirely in memory and periodically flushed to disk.
- redis-tools: Persistent key-value database with network interface (client)
Redis is a key-value database in a similar vein to memcache but the dataset
is non-volatile. Redis additionally provides native support for atomically
manipulating and querying data structures such as lists and sets.
.
This package contains the command line client and other tools.
- redis-tools-dbgsym: debug symbols for redis-tools