[Bug 1178205] New: VUL-0: redis: potential heap overflow when using a heap allocator other than jemalloc or glibc's malloc
http://bugzilla.opensuse.org/show_bug.cgi?id=1178205 Bug ID: 1178205 Summary: VUL-0: redis: potential heap overflow when using a heap allocator other than jemalloc or glibc's malloc Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.2 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: mrueckert@suse.com Reporter: Andreas.Stieger@gmx.de QA Contact: qa-bugs@suse.de CC: security-team@suse.de Found By: --- Blocker: --- Redis 6.0.9 fixes a potential heap overflow when using a heap allocator other than jemalloc or glibc's malloc. When using a system with no malloc_usable_size(), zmalloc_size() assumed that the heap allocator always returns blocks that are long-padded. This may not always be the case, and will result with zmalloc_size() returning a size that is bigger than allocated. At least in one case this leads to out of bound write, process crash and a potential security vulnerability. Effectively this does not affect the vast majority of users, who use jemalloc or glibc. https://raw.githubusercontent.com/redis/redis/6.0/00-RELEASENOTES https://github.com/redis/redis/pull/7963 -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1178205 http://bugzilla.opensuse.org/show_bug.cgi?id=1178205#c1 Andreas Stieger <Andreas.Stieger@gmx.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution|--- |INVALID --- Comment #1 from Andreas Stieger <Andreas.Stieger@gmx.de> --- From https://build.opensuse.org/public/build/server:database/openSUSE_Tumbleweed/...
[ 34s] echo MALLOC=jemalloc >> .make-settings
-- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1178205 http://bugzilla.opensuse.org/show_bug.cgi?id=1178205#c5 --- Comment #5 from OBSbugzilla Bot <bwiedemann+obsbugzillabot@suse.com> --- This is an autogenerated message for OBS integration: This bug (1178205) was mentioned in https://build.opensuse.org/request/show/891113 15.2 / redis -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@suse.com