Ubuntu Docker Images

Update redis OCI for jammy

Bug #1960109 reported by Bryce Harrington
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Ubuntu Docker Images
Fix Released
Undecided
Sergio Durigan Junior

Bug Description

Scheduled-For: ubuntu-22.03

Update redis OCI for jammy

redis | 5:6.0.15-1 | impish/universe
redis | 5:6.0.16-1build1 | jammy/universe

redis | 5:6.0.15-1 | stable
redis | 5:6.0.16-1 | testing
redis | 5:6.0.16-1 | unstable
redis | 5:6.0.16-1+deb11u1 | proposed-updates
redis | 5:6.2.6-1 | experimental

redis (5:6.0.16-1build1) jammy; urgency=medium

  * No-change rebuild against libssl3

 -- Steve Langasek <email address hidden> Thu, 09 Dec 2021 00:16:26 +0000

redis (5:6.0.16-1) unstable; urgency=medium

  * New upstream security release:

    - CVE-2021-32762: Integer to heap buffer overflow issue in redis-cli and
      redis-sentinel parsing large multi-bulk replies on some older and less
      common platforms.

    - CVE-2021-32687: Integer to heap buffer overflow with intsets, when
      set-max-intset-entries is manually configured to a non-default, very
      large value.

    - CVE-2021-32675: Denial Of Service when processing RESP request payloads
      with a large number of elements on many connections.

    - CVE-2021-32672: Random heap reading issue with Lua Debugger.

    - CVE-2021-32628: Integer to heap buffer overflow handling ziplist-encoded
      data types, when configuring a large, non-default value for
      hash-max-ziplist-entries, hash-max-ziplist-value,
      zset-max-ziplist-entries or zset-max-ziplist-value.

    - CVE-2021-32627: Integer to heap buffer overflow issue with streams, when
      configuring a non-default, large value for proto-max-bulk-len and
      client-query-buffer-limit.

    - CVE-2021-32626: Specially crafted Lua scripts may result with Heap
      buffer overflow.

    - CVE-2021-41099: Integer to heap buffer overflow handling certain string
      commands and network payloads, when proto-max-bulk-len is manually
      configured to a non-default, very large value.

  * Refresh patches.
  * Bump Standards-Version to 4.6.0.

 -- Chris Lamb <email address hidden> Mon, 04 Oct 2021 14:37:24 +0100

See original description
Bryce Harrington (bryce)
description: updated
Bryce Harrington (bryce)
Changed in ubuntu-docker-images:
assignee: nobody → Sergio Durigan Junior (sergiodj)
status: New → Fix Committed
Athos Ribeiro (athos-ribeiro)
Changed in ubuntu-docker-images:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.