Nacionalni CERT

Sigurnosni nedostatak programskog paketa redis

<p>--------------------------------------------------------------------------------<br />Fedora Update Notification<br />FEDORA-2017-4b176c1694<br />2017-06-17 19:40:32.933950<br />--------------------------------------------------------------------------------<br /><br />Name : redis<br />Product : Fedora 24<br />Version : 3.2.8<br />Release : 1.fc24<br />URL : http://redis.io<br />Summary : A persistent key-value database<br />Description :<br />Redis is an advanced key-value store. It is often referred to as a data<br />structure server since keys can contain strings, hashes, lists, sets and<br />sorted sets.<br /><br />You can run atomic operations on these types, like appending to a string;<br />incrementing the value in a hash; pushing to a list; computing set<br />intersection, union and difference; or getting the member with highest<br />ranking in a sorted set.<br /><br />In order to achieve its outstanding performance, Redis works with an<br />in-memory dataset. Depending on your use case, you can persist it either<br />by dumping the dataset to disk every once in a while, or by appending<br />each command to a log.<br /><br />Redis also supports trivial-to-setup master-slave replication, with very<br />fast non-blocking first synchronization, auto-reconnection on net split<br />and so forth.<br /><br />Other features include Transactions, Pub/Sub, Lua scripting, Keys with a<br />limited time-to-live, and configuration settings to make Redis behave like<br />a cache.<br /><br />You can use Redis from most programming languages also.<br /><br />--------------------------------------------------------------------------------<br />Update Information:<br /><br />Upstream 3.2.8 ---- Upstream 3.2.7 (important security fix) ---- Security<br />fix for CVE-2013-7458<br />--------------------------------------------------------------------------------<br />References:<br /><br /> [ 1 ] Bug #1363670 - CVE-2013-7458 redis: world-readable ~/.rediscli_history<br /> https://bugzilla.redhat.com/show_bug.cgi?id=1363670<br />--------------------------------------------------------------------------------<br /><br />This update can be installed with the "dnf" update program. Use<br />su -c 'dnf upgrade redis' at the command line.<br />For more information, refer to the dnf documentation available at<br />http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-lab... /><br />All packages are signed with the Fedora Project GPG key. More details on the<br />GPG keys used by the Fedora Project can be found at<br />https://fedoraproject.org/keys<br />--------------------------------------------------------------------------------<br />_______________________________________________<br />package-announce mailing list -- package-announce@lists.fedoraproject.org<br />To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org</p>
Otkriven je sigurnosni nedostatak u programskom paketu redis za operacijski sustav Fedora. Otkriveni nedostatak potencijalnim napadačima omogućuje otkrivanje osjetljivih informacija. Savjetuje se ažuriranje izdanim zakrpama.