redis-7.0.8-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:12619 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z redis-7.0.8-1.1 on GA media These are all security issues fixed in the redis-7.0.8-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-12619 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:12619 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2022-35977/ SUSE CVE CVE-2022-35977 page https://www.suse.com/security/cve/CVE-2023-22458/ SUSE CVE CVE-2023-22458 page openSUSE Tumbleweed redis-7.0.8-1.1 redis-7.0.8-1.1 as a component of openSUSE Tumbleweed Redis is an in-memory database that persists on disk. Authenticated users issuing specially crafted `SETRANGE` and `SORT(_RO)` commands can trigger an integer overflow, resulting with Redis attempting to allocate impossible amounts of memory and abort with an out-of-memory (OOM) panic. The problem is fixed in Redis versions 7.0.8, 6.2.9 and 6.0.17. Users are advised to upgrade. There are no known workarounds for this vulnerability. CVE-2022-35977 openSUSE Tumbleweed:redis-7.0.8-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-35977.html CVE-2022-35977 https://bugzilla.suse.com/1207202 SUSE Bug 1207202 Redis is an in-memory database that persists on disk. Authenticated users can issue a `HRANDFIELD` or `ZRANDMEMBER` command with specially crafted arguments to trigger a denial-of-service by crashing Redis with an assertion failure. This problem affects Redis versions 6.2 or newer up to but not including 6.2.9 as well as versions 7.0 up to but not including 7.0.8. Users are advised to upgrade. There are no known workarounds for this vulnerability. CVE-2023-22458 openSUSE Tumbleweed:redis-7.0.8-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-22458.html CVE-2023-22458 https://bugzilla.suse.com/1207203 SUSE Bug 1207203