Publishing details
Changelog
redis (5:7.0.12-1) unstable; urgency=high
* New upstream security release:
- CVE-2022-24834: A specially-crafted Lua script executing in Redis could
have triggered a heap overflow in the cjson and cmsgpack libraries and
result in heap corruption and potentially remote code execution. The
problem exists in all versions of Redis with Lua scripting support and
affects only authenticated/authorised users.
- CVE-2023-36824: Extracting key names from a command and a list of
arguments may, in some cases, have triggered a heap overflow and result
in reading random heap memory, heap corruption and potentially remote
code execution. (Specifically using COMMAND GETKEYS* and validation of
key names in ACL rules). (Closes: #1040879)
For more information, please see:
<https://raw.githubusercontent.com/redis/redis/7.0/00-RELEASENOTES>
-- Chris Lamb <email address hidden> Wed, 12 Jul 2023 10:07:09 +0100
Builds
Built packages
-
redis
Persistent key-value database with network interface (metapackage)
-
redis-sentinel
Persistent key-value database with network interface (monitoring)
-
redis-server
Persistent key-value database with network interface
-
redis-tools
Persistent key-value database with network interface (client)
-
redis-tools-dbgsym
debug symbols for redis-tools
Package files