[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA DLA-1396-1] redis security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : redis
Version        : 2:2.8.17-1+deb8u6
CVE IDs        : CVE-2018-11218, CVE-2018-11219, CVE-2018-12326
Debian Bugs    : #901495, #902410

It was discovered that there were a number of vulnerabilities in redis,
a persistent key-value database:

  * CVE-2018-11218, CVE-2018-11219: Multiple heap
    corruption and integer overflow vulnerabilities. (#901495)

  * CVE-2018-12326: Buffer overflow in the "redis-cli" tool which could
    have allowed an attacker to achieve code execution and/or escalate to
    higher privileges via a crafted command line. (#902410)

For Debian 8 "Jessie", these issues have been fixed in redis version
2:2.8.17-1+deb8u6.

We recommend that you upgrade your redis packages.


Regards,

- -- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlsyXmMACgkQHpU+J9Qx
HlhQcw/+OjWmtgY+7YwyUfmK02qmx/4xmt6xhzX4Lxh7cPMn6J8VUkz4pAUYnQnV
12nhOR2Ts0dAchRet2GLqJ/3unLahUZRWYgbl20XRswmOHobAaxELRn+o2J/T3m9
4swLrY2PtnAQ7zZWuK1/ePiWALn5F06ITpjG2f+UNCa3L7aYn6VExgeKVIgk8LuX
Fq3zUHNQPQjb924frZ/kn0+iUDpPwGHCkDtzWtltNBgsFSM0FVbTh6MJfXrsagT6
d+jKKrc+gDGb2WZiq7VANQ4Wx1DxFA3HBcLobjOBB/I4Zq3XRmMXTuibvRHv2xqk
HwUKSy87CByEn76HuHZfo9hmtX1RB2lqpq4KQ87I4E0dBKtIEyBFjSv7Mr/NOP7Q
/FUFZegHWM9WomFbqjbe2Ga18KRV7KFQAiN2iE5QyRVUgI1YK8K7z2KbAiGBcdsU
uV6dZonuRwxWj0mz3A3HYMaIuP/u+KMdPpVpGmuq4cqA6VozeWbSelasK9zEaZah
E94HA+aDiVfNCceTCq69uPZlJKHCDDb3OLbAv+BeDT2+GkNCdZ64GdTCxOw9BCMy
S+0m+/sxcZBHjD2WNyfK20Z3++ZL3mMb47yENE8wB0OOf8ZItxTANUcZYL8rvsC5
hB34DVoEkrGJWF7d7fKgEbZRV/gZB5IZNBmPqNkxVgbteULnJcE=
=19rh
-----END PGP SIGNATURE-----


Reply to: