UbuntuUpdates.org

Package "redis"

Name: redis

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • Persistent key-value database with network interface
  • Persistent key-value database with network interface (client)
Latest version: 2:2.8.4-2ubuntu0.2
Release: trusty (14.04)
Level: updates
Repository: universe

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Other versions of "redis" in Trusty

Repository Area Version
security universe 2:2.8.4-2ubuntu0.2

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 2:2.8.4-2ubuntu0.2 2018-11-28 20:07:07 UTC

  redis (2:2.8.4-2ubuntu0.2) trusty-security; urgency=medium

  * SECURITY UPDATE: Permissions issue
    - debian/patches/CVE-2013-7458.patch: fix in
      deps/linenoise/linenoise.c.
    - CVE-2013-7458
  * SECURITY UPDATE: Arbitrary code execution
    - debian/patches/CVE-2015-4335.patch: fix in
      deps/lua/src/ldo.c.
    - CVE-2015-4335
  * SECURITY UPDATE: Integer overflow
    - debian/patches/CVE-2015-8080.patch: fix in
      deps/lua/src/lua_struct.c.
    - CVE-2015-8080
  * SECURITY UPDATE: Cross protocol scripting
    - debian/patches/CVE-2016-10517.patch: fix in
      src/redis.c, src/redis.h.
    - CVE-2016-10517
  * SECURITY UPDATE: Memory corruption
    - debian/patches/CVE-2018-11218.patch: fix in
      deps/lua/src/lua_cmsgpack.c.
    - CVE-2018-11218
  * SECURITY UPDATE: Integer Overflow
    - debian/patches/CVE-2018-11219-*.patch: fix in
      deps/lua/src/lua_struct.c.
    - CVE-2018-11219
  * SECURITY UPDATE: Buffer overflow in the redis-cli
    - debian/patches/CVE-2018-12326.patch: fix in
      redis-cli.c.
    - CVE-2018-12326

 -- <email address hidden> (Leonidas S. Barbosa) Tue, 26 Jun 2018 15:50:43 -0300
CVE-2013-7458 linenoise, as used in Redis before 3.2.3, uses world-readable permissions for .rediscli_history, which allows local users to obtain sensitive informa
CVE-2015-4335 Redis before 2.8.21 and 3.x before 3.0.2 allows remote attackers to execute arbitrary Lua bytecode via the eval command.
CVE-2015-8080 Integer overflow in the getnum function in lua_struct.c in Redis 2.8.x before 2.8.24 and 3.0.x before 3.0.6 allows context-dependent attackers with p
CVE-2016-10517 networking.c in Redis before 3.2.7 allows "Cross Protocol Scripting" because it lacks a check for POST and Host: strings, which are not valid in the
CVE-2018-11218 Memory Corruption was discovered in the cmsgpack library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2 becau
CVE-2018-11219 An Integer Overflow issue was discovered in the struct library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2
CVE-2018-12326 Buffer overflow in redis-cli of Redis before 4.0.10 and 5.x before 5.0 RC3 allows an attacker to achieve code execution and escalate to higher privil


About   -   Send Feedback to @ubuntu_updates