[SECURITY] [DLA DLA-1396-1] redis security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Package : redis
Version : 2:2.8.17-1+deb8u6
CVE IDs : CVE-2018-11218, CVE-2018-11219, CVE-2018-12326
Debian Bugs : #901495, #902410
It was discovered that there were a number of vulnerabilities in redis,
a persistent key-value database:
* CVE-2018-11218, CVE-2018-11219: Multiple heap
corruption and integer overflow vulnerabilities. (#901495)
* CVE-2018-12326: Buffer overflow in the "redis-cli" tool which could
have allowed an attacker to achieve code execution and/or escalate to
higher privileges via a crafted command line. (#902410)
For Debian 8 "Jessie", these issues have been fixed in redis version
2:2.8.17-1+deb8u6.
We recommend that you upgrade your redis packages.
Regards,
- --
,''`.
: :' : Chris Lamb
`. `'` lamby@debian.org / chris-lamb.co.uk
`-
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlsyXmMACgkQHpU+J9Qx
HlhQcw/+OjWmtgY+7YwyUfmK02qmx/4xmt6xhzX4Lxh7cPMn6J8VUkz4pAUYnQnV
12nhOR2Ts0dAchRet2GLqJ/3unLahUZRWYgbl20XRswmOHobAaxELRn+o2J/T3m9
4swLrY2PtnAQ7zZWuK1/ePiWALn5F06ITpjG2f+UNCa3L7aYn6VExgeKVIgk8LuX
Fq3zUHNQPQjb924frZ/kn0+iUDpPwGHCkDtzWtltNBgsFSM0FVbTh6MJfXrsagT6
d+jKKrc+gDGb2WZiq7VANQ4Wx1DxFA3HBcLobjOBB/I4Zq3XRmMXTuibvRHv2xqk
HwUKSy87CByEn76HuHZfo9hmtX1RB2lqpq4KQ87I4E0dBKtIEyBFjSv7Mr/NOP7Q
/FUFZegHWM9WomFbqjbe2Ga18KRV7KFQAiN2iE5QyRVUgI1YK8K7z2KbAiGBcdsU
uV6dZonuRwxWj0mz3A3HYMaIuP/u+KMdPpVpGmuq4cqA6VozeWbSelasK9zEaZah
E94HA+aDiVfNCceTCq69uPZlJKHCDDb3OLbAv+BeDT2+GkNCdZ64GdTCxOw9BCMy
S+0m+/sxcZBHjD2WNyfK20Z3++ZL3mMb47yENE8wB0OOf8ZItxTANUcZYL8rvsC5
hB34DVoEkrGJWF7d7fKgEbZRV/gZB5IZNBmPqNkxVgbteULnJcE=
=19rh
-----END PGP SIGNATURE-----
Reply to: