redis-7.0.8-2.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:12743 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z redis-7.0.8-2.1 on GA media These are all security issues fixed in the redis-7.0.8-2.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-12743 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:12743 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2022-36021/ SUSE CVE CVE-2022-36021 page https://www.suse.com/security/cve/CVE-2023-25155/ SUSE CVE CVE-2023-25155 page openSUSE Tumbleweed redis-7.0.8-2.1 redis-7.0.8-2.1 as a component of openSUSE Tumbleweed Redis is an in-memory database that persists on disk. Authenticated users can use string matching commands (like `SCAN` or `KEYS`) with a specially crafted pattern to trigger a denial-of-service attack on Redis, causing it to hang and consume 100% CPU time. The problem is fixed in Redis versions 6.0.18, 6.2.11, 7.0.9. CVE-2022-36021 openSUSE Tumbleweed:redis-7.0.8-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-36021.html CVE-2022-36021 https://bugzilla.suse.com/1208790 SUSE Bug 1208790 https://bugzilla.suse.com/1208793 SUSE Bug 1208793 Redis is an in-memory database that persists on disk. Authenticated users issuing specially crafted `SRANDMEMBER`, `ZRANDMEMBER`, and `HRANDFIELD` commands can trigger an integer overflow, resulting in a runtime assertion and termination of the Redis server process. This problem affects all Redis versions. Patches were released in Redis version(s) 6.0.18, 6.2.11 and 7.0.9. CVE-2023-25155 openSUSE Tumbleweed:redis-7.0.8-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-25155.html CVE-2023-25155 https://bugzilla.suse.com/1208790 SUSE Bug 1208790 https://bugzilla.suse.com/1208793 SUSE Bug 1208793