redis-7.0.11-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:12874-1 Final 1 1 2024-06-15T00:00:00Z current 2024-06-15T00:00:00Z 2024-06-15T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z redis-7.0.11-1.1 on GA media These are all security issues fixed in the redis-7.0.11-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-12874 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2023-28425/ SUSE CVE CVE-2023-28425 page https://www.suse.com/security/cve/CVE-2023-28856/ SUSE CVE CVE-2023-28856 page openSUSE Tumbleweed redis-7.0.11-1.1 redis-7.0.11-1.1 as a component of openSUSE Tumbleweed Redis is an in-memory database that persists on disk. Starting in version 7.0.8 and prior to version 7.0.10, authenticated users can use the MSETNX command to trigger a runtime assertion and termination of the Redis server process. The problem is fixed in Redis version 7.0.10. CVE-2023-28425 openSUSE Tumbleweed:redis-7.0.11-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-28425.html CVE-2023-28425 https://bugzilla.suse.com/1209528 SUSE Bug 1209528 Redis is an open source, in-memory database that persists on disk. Authenticated users can use the `HINCRBYFLOAT` command to create an invalid hash field that will crash Redis on access in affected versions. This issue has been addressed in in versions 7.0.11, 6.2.12, and 6.0.19. Users are advised to upgrade. There are no known workarounds for this issue. CVE-2023-28856 openSUSE Tumbleweed:redis-7.0.11-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-28856.html CVE-2023-28856 https://bugzilla.suse.com/1210548 SUSE Bug 1210548