SUSE Package Hub - openSUSE-2019-481

Update Info

openSUSE-2019-481

Security update for redis

Type: security

Severity: important

Issued: 2019-03-23

Description:

This update for redis to 4.0.10 fixes the following issues:

These security issues were fixed:

- CVE-2018-11218: Prevent heap corruption vulnerability in cmsgpack (bsc#1097430).
- CVE-2018-11219: Prevent integer overflow in Lua scripting (bsc#1097768).

For Leap 42.3 and openSUSE SLE 12 backports this is a jump from 4.0.6. For
additional details please see

- https://raw.githubusercontent.com/antirez/redis/4.0.9/00-RELEASENOTES
- https://raw.githubusercontent.com/antirez/redis/4.0.8/00-RELEASENOTES
- https://raw.githubusercontent.com/antirez/redis/4.0.7/00-RELEASENOTES

References

CVE: CVE-2018-11219
CVE: CVE-2018-11218
Bugzilla: 1097768 https://bugzilla.opensuse.org/show_bug.cgi?id=1097768
Bugzilla: 1097430 VUL-0: CVE-2018-11218 CVE-2018-11219: redis: 2 issues

Packages

redis-4.0.10-15.1