[Bug 1186722] New: VUL-0: CVE-2021-32625: redis: integer overflow in STRALGO LCS
http://bugzilla.opensuse.org/show_bug.cgi?id=1186722 Bug ID: 1186722 Summary: VUL-0: CVE-2021-32625: redis: integer overflow in STRALGO LCS Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.2 Hardware: Other OS: Other Status: NEW Severity: Major Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: Andreas.Stieger@gmx.de QA Contact: qa-bugs@suse.de CC: amajer@suse.com, kstreitova@suse.com, michael@stroeder.com, michal.hrusecky@opensuse.org, mpluskal@suse.com, security-team@suse.de Found By: Security Response Team Blocker: --- An integer overflow bug in Redis version 6.0 or newer can be exploited using the STRALGO LCS command to corrupt the heap and potentially result with remote code execution. This is a result of an incomplete fix by CVE-2021-29477. master: https://github.com/redis/redis/commit/1ddecf1958924b178b76a31d989ef1e05af819... 6.2.x: https://github.com/redis/redis/commit/e9a1438ac4c52aa68dfa2a8324b64193568421... 6.0.x: https://github.com/redis/redis/commit/dd27c4e15ee54251093c5895d3681c3894d2b6... References: https://raw.githubusercontent.com/redis/redis/6.2/00-RELEASENOTES -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1186722 http://bugzilla.opensuse.org/show_bug.cgi?id=1186722#c1 --- Comment #1 from Andreas Stieger <Andreas.Stieger@gmx.de> --- Factory: https://build.opensuse.org/request/show/896856 Leap 15.2: https://build.opensuse.org/request/show/896860 Maintenance process for Leap 15.3 is unclear... -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1186722 http://bugzilla.opensuse.org/show_bug.cgi?id=1186722#c2 Andreas Stieger <Andreas.Stieger@gmx.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |IN_PROGRESS --- Comment #2 from Andreas Stieger <Andreas.Stieger@gmx.de> --- Leap 15.3: https://build.opensuse.org/request/show/896971 -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1186722 http://bugzilla.opensuse.org/show_bug.cgi?id=1186722#c8 --- Comment #8 from Andreas Stieger <Andreas.Stieger@gmx.de> --- openSUSE:Maintenance claims to maintain SUSE:SLE-15:Update. Hence my note about documentation updates. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1186722 http://bugzilla.opensuse.org/show_bug.cgi?id=1186722#c9 --- Comment #9 from Andreas Stieger <Andreas.Stieger@gmx.de> --- Can you confirm SR#896971 / openSUSE:Maintenance:16456 is usable? If not SR#898170 is to SUSE:SLE-15:Update in OBS which can be mirrored. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1186722 http://bugzilla.opensuse.org/show_bug.cgi?id=1186722#c11 --- Comment #11 from Andreas Stieger <Andreas.Stieger@gmx.de> --- SR#896971 was created using mbranch and mr. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1186722 http://bugzilla.opensuse.org/show_bug.cgi?id=1186722#c1 --- Comment #1 from Andreas Stieger <Andreas.Stieger@gmx.de> --- Factory: https://build.opensuse.org/request/show/896856 Leap 15.2: https://build.opensuse.org/request/show/896860 Maintenance process for Leap 15.3 is unclear... -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1186722 http://bugzilla.opensuse.org/show_bug.cgi?id=1186722#c2 Andreas Stieger <Andreas.Stieger@gmx.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |IN_PROGRESS --- Comment #2 from Andreas Stieger <Andreas.Stieger@gmx.de> --- Leap 15.3: https://build.opensuse.org/request/show/896971 -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1186722 http://bugzilla.opensuse.org/show_bug.cgi?id=1186722#c8 --- Comment #8 from Andreas Stieger <Andreas.Stieger@gmx.de> --- openSUSE:Maintenance claims to maintain SUSE:SLE-15:Update. Hence my note about documentation updates. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1186722 http://bugzilla.opensuse.org/show_bug.cgi?id=1186722#c9 --- Comment #9 from Andreas Stieger <Andreas.Stieger@gmx.de> --- Can you confirm SR#896971 / openSUSE:Maintenance:16456 is usable? If not SR#898170 is to SUSE:SLE-15:Update in OBS which can be mirrored. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1186722 http://bugzilla.opensuse.org/show_bug.cgi?id=1186722#c11 --- Comment #11 from Andreas Stieger <Andreas.Stieger@gmx.de> --- SR#896971 was created using mbranch and mr. -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@suse.com