You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa redis

Sigurnosni nedostatak programskog paketa redis

  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LSU

openSUSE Security Update: Security update for redis
______________________________________________________________________________

Announcement ID: openSUSE-SU-2020:1035-1
Rating: moderate
References: #1173018
Cross-References: CVE-2020-14147
Affected Products:
SUSE Package Hub for SUSE Linux Enterprise 12
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:

This update for redis fixes the following issues:

– CVE-2020-14147: Context dependent attackers with permission to run Lua
code in a Redis session could have caused a denial of service (memory
corruption and application crash)
or possibly bypass sandbox restrictions (boo#1173018)

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

– SUSE Package Hub for SUSE Linux Enterprise 12:

zypper in -t patch openSUSE-2020-1035=1

Package List:

– SUSE Package Hub for SUSE Linux Enterprise 12 (aarch64 ppc64le s390x x86_64):

redis-4.0.14-24.1

References:

https://www.suse.com/security/cve/CVE-2020-14147.html
https://bugzilla.suse.com/1173018


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

 

   openSUSE Security Update: Security update for redis
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2020:1035-1
Rating:             moderate
References:         #1173018 
Cross-References:   CVE-2020-14147
Affected Products:
                    openSUSE Leap 15.1
                    openSUSE Backports SLE-15-SP1
                    SUSE Package Hub for SUSE Linux Enterprise 12
______________________________________________________________________________

   An update that fixes one vulnerability is now available.

Description:

   This update for redis fixes the following issues:

   - CVE-2020-14147: Context dependent attackers with permission to run Lua
     code in a Redis session could have caused a denial of service (memory
     corruption and application crash)
     or possibly bypass sandbox restrictions (boo#1173018)


Patch Instructions:

   To install this openSUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - openSUSE Leap 15.1:

      zypper in -t patch openSUSE-2020-1035=1

   - openSUSE Backports SLE-15-SP1:

      zypper in -t patch openSUSE-2020-1035=1

   - SUSE Package Hub for SUSE Linux Enterprise 12:

      zypper in -t patch openSUSE-2020-1035=1



Package List:

   - openSUSE Leap 15.1 (x86_64):

      redis-4.0.14-lp151.2.6.1
      redis-debuginfo-4.0.14-lp151.2.6.1
      redis-debugsource-4.0.14-lp151.2.6.1

   - openSUSE Backports SLE-15-SP1 (aarch64 ppc64le s390x x86_64):

      redis-4.0.14-bp151.3.6.1

   - SUSE Package Hub for SUSE Linux Enterprise 12 (aarch64 ppc64le s390x x86_64):

      redis-4.0.14-24.1


References:

   https://www.suse.com/security/cve/CVE-2020-14147.html
   https://bugzilla.suse.com/1173018

-- 
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org
AutorGoran Culibrk
Cert idNCERT-REF-2020-07-0001-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
IzvorAdobe
Top
More in Preporuke
Sigurnosni nedostaci programskog paketa singularity

Otkriveni su sigurnosni nedostaci u programskom paketu singularity za operacijski sustav openSUSE. Otkriveni nedostaci potencijalnim napadačima omogućuju izazivanje DoS stanja,...

Close