Security update for redis7 SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2023:2925-1 Final 1 1 2023-07-20T19:34:11Z current 2023-07-20T19:34:11Z 2023-07-20T19:34:11Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for redis7 This update for redis7 fixes the following issues: - CVE-2022-24834: Fixed heap overflow in the cjson and cmsgpack libraries (bsc#1213193). - CVE-2023-28856: Fixed HINCRBYFLOAT invalid key crash (bsc#1210548). - CVE-2022-36021: Fixed integer overflow via Specially crafted SRANDMEMBER, ZRANDMEMBER, and HRANDFIELD (bsc#1208790). - CVE-2023-25155: Fixed Integer Overflow in RAND commands (bsc#1208793). - CVE-2023-28425: Fixed denial-of-service via Specially crafted MSETNX command (bsc#1209528). - CVE-2023-36824: Fixed heap overflow in COMMAND GETKEYS and ACL evaluation (bsc#1213249). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2023-2925,SUSE-SLE-Module-Server-Applications-15-SP5-2023-2925,openSUSE-SLE-15.5-2023-2925 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2023/suse-su-20232925-1/ Link for SUSE-SU-2023:2925-1 https://lists.suse.com/pipermail/sle-security-updates/2023-July/015551.html E-Mail link for SUSE-SU-2023:2925-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1208790 SUSE Bug 1208790 https://bugzilla.suse.com/1208793 SUSE Bug 1208793 https://bugzilla.suse.com/1209528 SUSE Bug 1209528 https://bugzilla.suse.com/1210548 SUSE Bug 1210548 https://bugzilla.suse.com/1213193 SUSE Bug 1213193 https://bugzilla.suse.com/1213249 SUSE Bug 1213249 https://www.suse.com/security/cve/CVE-2022-24834/ SUSE CVE CVE-2022-24834 page https://www.suse.com/security/cve/CVE-2022-36021/ SUSE CVE CVE-2022-36021 page https://www.suse.com/security/cve/CVE-2023-25155/ SUSE CVE CVE-2023-25155 page https://www.suse.com/security/cve/CVE-2023-28425/ SUSE CVE CVE-2023-28425 page https://www.suse.com/security/cve/CVE-2023-28856/ SUSE CVE CVE-2023-28856 page https://www.suse.com/security/cve/CVE-2023-36824/ SUSE CVE CVE-2023-36824 page SUSE Linux Enterprise Module for Server Applications 15 SP5 openSUSE Leap 15.5 redis7-7.0.8-150500.3.3.1 redis7-7.0.8-150500.3.3.1 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP5 redis7-7.0.8-150500.3.3.1 as a component of openSUSE Leap 15.5 Redis is an in-memory database that persists on disk. A specially crafted Lua script executing in Redis can trigger a heap overflow in the cjson library, and result with heap corruption and potentially remote code execution. The problem exists in all versions of Redis with Lua scripting support, starting from 2.6, and affects only authenticated and authorized users. The problem is fixed in versions 7.0.12, 6.2.13, and 6.0.20. CVE-2022-24834 SUSE Linux Enterprise Module for Server Applications 15 SP5:redis7-7.0.8-150500.3.3.1 openSUSE Leap 15.5:redis7-7.0.8-150500.3.3.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20232925-1/ https://www.suse.com/security/cve/CVE-2022-24834.html CVE-2022-24834 https://bugzilla.suse.com/1213193 SUSE Bug 1213193 Redis is an in-memory database that persists on disk. Authenticated users can use string matching commands (like `SCAN` or `KEYS`) with a specially crafted pattern to trigger a denial-of-service attack on Redis, causing it to hang and consume 100% CPU time. The problem is fixed in Redis versions 6.0.18, 6.2.11, 7.0.9. CVE-2022-36021 SUSE Linux Enterprise Module for Server Applications 15 SP5:redis7-7.0.8-150500.3.3.1 openSUSE Leap 15.5:redis7-7.0.8-150500.3.3.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20232925-1/ https://www.suse.com/security/cve/CVE-2022-36021.html CVE-2022-36021 https://bugzilla.suse.com/1208790 SUSE Bug 1208790 https://bugzilla.suse.com/1208793 SUSE Bug 1208793 Redis is an in-memory database that persists on disk. Authenticated users issuing specially crafted `SRANDMEMBER`, `ZRANDMEMBER`, and `HRANDFIELD` commands can trigger an integer overflow, resulting in a runtime assertion and termination of the Redis server process. This problem affects all Redis versions. Patches were released in Redis version(s) 6.0.18, 6.2.11 and 7.0.9. CVE-2023-25155 SUSE Linux Enterprise Module for Server Applications 15 SP5:redis7-7.0.8-150500.3.3.1 openSUSE Leap 15.5:redis7-7.0.8-150500.3.3.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20232925-1/ https://www.suse.com/security/cve/CVE-2023-25155.html CVE-2023-25155 https://bugzilla.suse.com/1208790 SUSE Bug 1208790 https://bugzilla.suse.com/1208793 SUSE Bug 1208793 Redis is an in-memory database that persists on disk. Starting in version 7.0.8 and prior to version 7.0.10, authenticated users can use the MSETNX command to trigger a runtime assertion and termination of the Redis server process. The problem is fixed in Redis version 7.0.10. CVE-2023-28425 SUSE Linux Enterprise Module for Server Applications 15 SP5:redis7-7.0.8-150500.3.3.1 openSUSE Leap 15.5:redis7-7.0.8-150500.3.3.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20232925-1/ https://www.suse.com/security/cve/CVE-2023-28425.html CVE-2023-28425 https://bugzilla.suse.com/1209528 SUSE Bug 1209528 Redis is an open source, in-memory database that persists on disk. Authenticated users can use the `HINCRBYFLOAT` command to create an invalid hash field that will crash Redis on access in affected versions. This issue has been addressed in in versions 7.0.11, 6.2.12, and 6.0.19. Users are advised to upgrade. There are no known workarounds for this issue. CVE-2023-28856 SUSE Linux Enterprise Module for Server Applications 15 SP5:redis7-7.0.8-150500.3.3.1 openSUSE Leap 15.5:redis7-7.0.8-150500.3.3.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20232925-1/ https://www.suse.com/security/cve/CVE-2023-28856.html CVE-2023-28856 https://bugzilla.suse.com/1210548 SUSE Bug 1210548 Redis is an in-memory database that persists on disk. In Redit 7.0 prior to 7.0.12, extracting key names from a command and a list of arguments may, in some cases, trigger a heap overflow and result in reading random heap memory, heap corruption and potentially remote code execution. Several scenarios that may lead to authenticated users executing a specially crafted `COMMAND GETKEYS` or `COMMAND GETKEYSANDFLAGS`and authenticated users who were set with ACL rules that match key names, executing a specially crafted command that refers to a variadic list of key names. The vulnerability is patched in Redis 7.0.12. CVE-2023-36824 SUSE Linux Enterprise Module for Server Applications 15 SP5:redis7-7.0.8-150500.3.3.1 openSUSE Leap 15.5:redis7-7.0.8-150500.3.3.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20232925-1/ https://www.suse.com/security/cve/CVE-2023-36824.html CVE-2023-36824 https://bugzilla.suse.com/1213249 SUSE Bug 1213249