[Bug 1198952] New: VUL-0: CVE-2022-24735: redis: Lua code injection
http://bugzilla.opensuse.org/show_bug.cgi?id=1198952 Bug ID: 1198952 Summary: VUL-0: CVE-2022-24735: redis: Lua code injection Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.3 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: danilo.spinella@suse.com Reporter: Andreas.Stieger@gmx.de QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- In Redis before 6.2.7, by exploiting weaknesses in the Lua script execution environment, an attacker with access to Redis can inject Lua code that will execute with the (potentially higher) privileges of another Redis user. References: https://raw.githubusercontent.com/redis/redis/6.2/00-RELEASENOTES -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1198952 http://bugzilla.opensuse.org/show_bug.cgi?id=1198952#c1 --- Comment #1 from Andreas Stieger <Andreas.Stieger@gmx.de> --- bump to 6.2.7 https://build.opensuse.org/request/show/973269 -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1198952 http://bugzilla.opensuse.org/show_bug.cgi?id=1198952#c5 --- Comment #5 from Andreas Stieger <Andreas.Stieger@gmx.de> --- Don't forget to include the 6.0.16 fixes you still have open -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1198952 http://bugzilla.opensuse.org/show_bug.cgi?id=1198952#c8 --- Comment #8 from Andreas Stieger <Andreas.Stieger@gmx.de> --- CVE-2021-41099 bug 1191299 CVE-2021-32762 bug 1191300 CVE-2021-32687 bug 1191302 CVE-2021-32675 bug 1191303 CVE-2021-32672 bug 1191304 CVE-2021-32628 bug 1191305 CVE-2021-32627 bug 1191305 CVE-2021-32626 bug 1191306 Fixed in SUSE:SLE-15-SP2:Update/redis but not SUSE:SLE-15:Update/redis. Bringing this up since you mentioned SUSE:SLE-15:Update/redis explicitly. -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@suse.com