October 2021 - openSUSE Bugs - openSUSE Mailing Lists

[Bug 1191303] VUL-0: CVE-2021-32675: redis: Denial Of Service when processing RESP request payloads with a large number of elements on many connections
by bugzilla_noreply＠suse.com 06 Oct '21

06 Oct '21

https://bugzilla.suse.com/show_bug.cgi?id=1191303 https://bugzilla.suse.com/show_bug.cgi?id=1191303#c2 Danilo Spinella <danilo.spinella(a)suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |IN_PROGRESS --- Comment #2 from Danilo Spinella <danilo.spinella(a)suse.com> --- Fix for the branch 6.0: https://github.com/redis/redis/commit/5674b0057ff2903d43eaff802017eddf37c36… -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1191304] VUL-0: CVE-2021-32672: redis: Random heap reading issue with Lua Debugger
by bugzilla_noreply＠suse.com 06 Oct '21

06 Oct '21

https://bugzilla.suse.com/show_bug.cgi?id=1191304 https://bugzilla.suse.com/show_bug.cgi?id=1191304#c2 Danilo Spinella <danilo.spinella(a)suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |IN_PROGRESS --- Comment #2 from Danilo Spinella <danilo.spinella(a)suse.com> --- Fix for the branch 6.0: https://github.com/redis/redis/commit/6ac3c0b7abd35f37201ed2d6298ecef4ea1ae… -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1189837] New: VUL-0: CVE-2020-18976: tcpreplay: sending a crafted pcap file to the 'tcpreplay-edit could result in DoS
by bugzilla_noreply＠suse.com 06 Oct '21

06 Oct '21

http://bugzilla.opensuse.org/show_bug.cgi?id=1189837 Bug ID: 1189837 Summary: VUL-0: CVE-2020-18976: tcpreplay: sending a crafted pcap file to the 'tcpreplay-edit could result in DoS Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.3 Hardware: Other URL: https://smash.suse.de/issue/308326/ OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Other Assignee: mpluskal(a)suse.com Reporter: gianluca.gabrielli(a)suse.com QA Contact: security-team(a)suse.de Found By: Security Response Team Blocker: --- Buffer Overflow in Tcpreplay v4.3.2 allows attackers to cause a Denial of Service via the 'do_checksum' function in 'checksum.c'. It can be triggered by sending a crafted pcap file to the 'tcpreplay-edit' binary. This issue is different than CVE-2019-8381. References: https://github.com/appneta/tcpreplay/issues/556 References: https://bugzilla.redhat.com/show_bug.cgi?id=1997812 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-18976 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-18976 https://github.com/appneta/tcpreplay/issues/556 -- You are receiving this mail because: You are on the CC list for the bug.

1 2

[Bug 1186448] Request update to SUSE:Factory:Head/fwts from 21.03.00 to 21.05.00
by bugzilla_noreply＠suse.com 06 Oct '21

06 Oct '21

http://bugzilla.opensuse.org/show_bug.cgi?id=1186448 http://bugzilla.opensuse.org/show_bug.cgi?id=1186448#c3 Martin Pluskal <mpluskal(a)suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|IN_PROGRESS |RESOLVED Resolution|--- |FIXED --- Comment #3 from Martin Pluskal <mpluskal(a)suse.com> --- Updated some time ago -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1191306] VUL-0: CVE-2021-32626: redis: Specially crafted Lua scripts may result with Heap buffer overflow
by bugzilla_noreply＠suse.com 06 Oct '21

06 Oct '21

https://bugzilla.suse.com/show_bug.cgi?id=1191306 https://bugzilla.suse.com/show_bug.cgi?id=1191306#c2 Danilo Spinella <danilo.spinella(a)suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |IN_PROGRESS --- Comment #2 from Danilo Spinella <danilo.spinella(a)suse.com> --- Fix for branch 6.0: https://github.com/redis/redis/commit/666ed7facf4524bf6d19b11b20faa2cf93fdf… -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1191300] VUL-0: CVE-2021-32762: redis: Integer to heap buffer overflow issue in redis-cli and redis-sentinel parsing large multi-bulk replies on some older and less common platforms
by bugzilla_noreply＠suse.com 06 Oct '21

06 Oct '21

https://bugzilla.suse.com/show_bug.cgi?id=1191300 https://bugzilla.suse.com/show_bug.cgi?id=1191300#c2 Danilo Spinella <danilo.spinella(a)suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |IN_PROGRESS --- Comment #2 from Danilo Spinella <danilo.spinella(a)suse.com> --- Fix for branch 6.0: https://github.com/redis/redis/commit/bb7597f46ee7798531e236a20f41729d5a056… -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1191302] VUL-0: CVE-2021-32687: redis: Integer to heap buffer overflow with intsets, when set-max-intset-entries is manually configured to a non-default, very large value
by bugzilla_noreply＠suse.com 06 Oct '21

06 Oct '21

https://bugzilla.suse.com/show_bug.cgi?id=1191302 https://bugzilla.suse.com/show_bug.cgi?id=1191302#c2 Danilo Spinella <danilo.spinella(a)suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |IN_PROGRESS --- Comment #2 from Danilo Spinella <danilo.spinella(a)suse.com> --- Fix for the 6.0 branch: https://github.com/redis/redis/commit/a30d367a71b7017581cf1ca104242a3c644de… -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1184924] [Build 134.3] openQA test fails in kdump_and_crash - forced crash didn't result into expected reboot
by bugzilla_noreply＠suse.com 06 Oct '21

06 Oct '21

https://bugzilla.suse.com/show_bug.cgi?id=1184924 Ivan Ivanov <ivan.ivanov(a)suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |duwe(a)suse.com -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1184924] [Build 134.3] openQA test fails in kdump_and_crash - forced crash didn't result into expected reboot
by bugzilla_noreply＠suse.com 06 Oct '21

06 Oct '21

https://bugzilla.suse.com/show_bug.cgi?id=1184924 https://bugzilla.suse.com/show_bug.cgi?id=1184924#c20 --- Comment #20 from Ivan Ivanov <ivan.ivanov(a)suse.com> --- To be on the safe side :-). Torsten, add_hwgenerator_randomness() is not supposed to be called early during kernel init, right? Please, see backtrace in comment #14. -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1191305] VUL-0: CVE-2021-32627,CVE-2021-32628: redis: Integer to heap buffer overflows
by bugzilla_noreply＠suse.com 06 Oct '21

06 Oct '21

https://bugzilla.suse.com/show_bug.cgi?id=1191305 https://bugzilla.suse.com/show_bug.cgi?id=1191305#c2 Danilo Spinella <danilo.spinella(a)suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |IN_PROGRESS --- Comment #2 from Danilo Spinella <danilo.spinella(a)suse.com> --- Fix for branch 6.0 (SLE has version 6.0.14): https://github.com/redis/redis/commit/f6a40570fa63d5afdd596c78083d754081d80… -- You are receiving this mail because: You are on the CC list for the bug.

1 0