Bugs fixes in "redis"
| Origin | Bug number | Title | Date fixed |
|---|---|---|---|
| CVE | CVE-2013-7458 | linenoise, as used in Redis before 3.2.3, uses world-readable permissions for .rediscli_history, which allows local users to obtain sensitive informa | 2018-11-28 |
| CVE | CVE-2018-12326 | Buffer overflow in redis-cli of Redis before 4.0.10 and 5.x before 5.0 RC3 allows an attacker to achieve code execution and escalate to higher privil | 2018-11-28 |
| CVE | CVE-2018-11219 | An Integer Overflow issue was discovered in the struct library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2 | 2018-11-28 |
| CVE | CVE-2018-11218 | Memory Corruption was discovered in the cmsgpack library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2 becau | 2018-11-28 |
| CVE | CVE-2017-15047 | The clusterLoadConfig function in cluster.c in Redis 4.0.2 allows attackers to cause a denial of service (out-of-bounds array index and application c | 2018-11-28 |
| CVE | CVE-2016-10517 | networking.c in Redis before 3.2.7 allows "Cross Protocol Scripting" because it lacks a check for POST and Host: strings, which are not valid in the | 2018-11-28 |
| CVE | CVE-2013-7458 | linenoise, as used in Redis before 3.2.3, uses world-readable permissions for .rediscli_history, which allows local users to obtain sensitive informa | 2018-11-28 |
| CVE | CVE-2018-12326 | Buffer overflow in redis-cli of Redis before 4.0.10 and 5.x before 5.0 RC3 allows an attacker to achieve code execution and escalate to higher privil | 2018-11-28 |
| CVE | CVE-2018-11219 | An Integer Overflow issue was discovered in the struct library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2 | 2018-11-28 |
| CVE | CVE-2018-11218 | Memory Corruption was discovered in the cmsgpack library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2 becau | 2018-11-28 |
| CVE | CVE-2016-10517 | networking.c in Redis before 3.2.7 allows "Cross Protocol Scripting" because it lacks a check for POST and Host: strings, which are not valid in the | 2018-11-28 |
| CVE | CVE-2015-8080 | Integer overflow in the getnum function in lua_struct.c in Redis 2.8.x before 2.8.24 and 3.0.x before 3.0.6 allows context-dependent attackers with p | 2018-11-28 |
| CVE | CVE-2015-4335 | Redis before 2.8.21 and 3.x before 3.0.2 allows remote attackers to execute arbitrary Lua bytecode via the eval command. | 2018-11-28 |
| CVE | CVE-2013-7458 | linenoise, as used in Redis before 3.2.3, uses world-readable permissions for .rediscli_history, which allows local users to obtain sensitive informa | 2018-11-28 |
| CVE | CVE-2018-12326 | Buffer overflow in redis-cli of Redis before 4.0.10 and 5.x before 5.0 RC3 allows an attacker to achieve code execution and escalate to higher privil | 2018-11-28 |
| CVE | CVE-2018-11219 | An Integer Overflow issue was discovered in the struct library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2 | 2018-11-28 |
| CVE | CVE-2018-11218 | Memory Corruption was discovered in the cmsgpack library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2 becau | 2018-11-28 |
| CVE | CVE-2017-15047 | The clusterLoadConfig function in cluster.c in Redis 4.0.2 allows attackers to cause a denial of service (out-of-bounds array index and application c | 2018-11-28 |
| CVE | CVE-2016-10517 | networking.c in Redis before 3.2.7 allows "Cross Protocol Scripting" because it lacks a check for POST and Host: strings, which are not valid in the | 2018-11-28 |
| CVE | CVE-2013-7458 | linenoise, as used in Redis before 3.2.3, uses world-readable permissions for .rediscli_history, which allows local users to obtain sensitive informa | 2018-11-28 |
About
-
Send Feedback to @ubuntu_updates
