Package "redis-server"
Name: |
redis-server
|
Description: |
Persistent key-value database with network interface
|
Latest version: |
2:3.0.6-1ubuntu0.4 |
Release: |
xenial (16.04) |
Level: |
updates |
Repository: |
universe |
Head package: |
redis |
Homepage: |
http://redis.io/ |
Links
Download "redis-server"
Other versions of "redis-server" in Xenial
Changelog
redis (2:3.0.6-1ubuntu0.4) xenial-security; urgency=medium
* SECURITY UPDATE: heap buffer overflows in Hyperloglog (Closes: #1836496)
- debian/patches/CVE-2019-10192.patch: Fix hyperloglog corruption
- CVE-2019-10192
-- Julian Andres Klode <email address hidden> Sun, 14 Jul 2019 21:21:22 +0200
|
Source diff to previous version |
CVE-2019-10192 |
A heap-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5 |
|
redis (2:3.0.6-1ubuntu0.3) xenial-security; urgency=medium
* SECURITY UPDATE: Tighten Permissions
- Ensure /var/lib/redis and /var/log/redis are not world readable
- Set UMask=007 in redis-server.service, redis-sentinel.server
- Changes taken from Debian version 3:3.2.5-2
- CVE-2016-2121
-- Mike Salvatore <email address hidden> Fri, 07 Dec 2018 11:02:30 -0500
|
Source diff to previous version |
CVE-2016-2121 |
A permissions flaw was found in redis, which sets weak permissions on certain files and directories that could potentially contain sensitive informat |
|
redis (2:3.0.6-1ubuntu0.2) xenial-security; urgency=medium
* SECURITY UPDATE: Permissions issue
- debian/patches/CVE-2013-7458.patch: fix in
deps/linenoise/linenoise.c.
- CVE-2013-7458
* SECURITY UPDATE: Cross protocol scripting
- debian/patches/CVE-2016-10517.patch: fix in
src/redis.c, src/redis.h.
- CVE-2016-10517
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2017-15047.patch: fix in
src/cluster.c.
- CVE-2017-15047
* SECURITY UPDATE: Memory corruption
- debian/patches/CVE-2018-11218.patch: fix in
deps/lua/src/lua_cmsgpack.c.
- CVE-2018-11218
* SECURITY UPDATE: Integer Overflow
- debian/patches/CVE-2018-11219-*.patch: fix in
deps/lua/src/lua_struct.c.
- CVE-2018-11219
* SECURITY UPDATE: Buffer overflow in the redis-cli
- debian/patches/CVE-2018-12326.patch: fix in
redis-cli.c.
- CVE-2018-12326
-- <email address hidden> (Leonidas S. Barbosa) Tue, 26 Jun 2018 17:12:39 -0300
|
CVE-2013-7458 |
linenoise, as used in Redis before 3.2.3, uses world-readable permissions for .rediscli_history, which allows local users to obtain sensitive informa |
CVE-2016-10517 |
networking.c in Redis before 3.2.7 allows "Cross Protocol Scripting" because it lacks a check for POST and Host: strings, which are not valid in the |
CVE-2017-15047 |
The clusterLoadConfig function in cluster.c in Redis 4.0.2 allows attackers to cause a denial of service (out-of-bounds array index and application c |
CVE-2018-11218 |
Memory Corruption was discovered in the cmsgpack library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2 becau |
CVE-2018-11219 |
An Integer Overflow issue was discovered in the struct library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2 |
CVE-2018-12326 |
Buffer overflow in redis-cli of Redis before 4.0.10 and 5.x before 5.0 RC3 allows an attacker to achieve code execution and escalate to higher privil |
|
About
-
Send Feedback to @ubuntu_updates