Security update for redis SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2018:1802-1 Final 1 1 2018-06-22T21:54:23Z current 2018-06-22T21:54:23Z 2018-06-22T21:54:23Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for redis This update for redis to 4.0.10 fixes the following issues: These security issues were fixed: - CVE-2018-11218: Prevent heap corruption vulnerability in cmsgpack (bsc#1097430). - CVE-2018-11219: Prevent integer overflow in Lua scripting (bsc#1097768). For Leap 42.3 and openSUSE SLE 12 backports this is a jump from 4.0.6. For additional details please see - https://raw.githubusercontent.com/antirez/redis/4.0.9/00-RELEASENOTES - https://raw.githubusercontent.com/antirez/redis/4.0.8/00-RELEASENOTES - https://raw.githubusercontent.com/antirez/redis/4.0.7/00-RELEASENOTES The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) http://lists.opensuse.org/opensuse-security-announce/2018-06/msg00043.html E-Mail link for openSUSE-SU-2018:1802-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Package Hub for SUSE Linux Enterprise 12 redis-4.0.10-15.1 redis-4.0.10-15.1 as a component of SUSE Package Hub for SUSE Linux Enterprise 12 Memory Corruption was discovered in the cmsgpack library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2 because of stack-based buffer overflows. CVE-2018-11218 SUSE Package Hub for SUSE Linux Enterprise 12:redis-4.0.10-15.1 moderate Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2018-06/msg00043.html https://www.suse.com/security/cve/CVE-2018-11218.html CVE-2018-11218 https://bugzilla.suse.com/1097430 SUSE Bug 1097430 https://bugzilla.suse.com/1097768 SUSE Bug 1097768 An Integer Overflow issue was discovered in the struct library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2, leading to a failure of bounds checking. CVE-2018-11219 SUSE Package Hub for SUSE Linux Enterprise 12:redis-4.0.10-15.1 moderate Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2018-06/msg00043.html https://www.suse.com/security/cve/CVE-2018-11219.html CVE-2018-11219 https://bugzilla.suse.com/1097430 SUSE Bug 1097430 https://bugzilla.suse.com/1097768 SUSE Bug 1097768