(RHSA-2021:2034) Important: redis:6 security update

2021-05-1907:13:43

access.redhat.com

redis key-value store

data-structure server

security update

integer overflow vulnerability

stralgo lcs command

cve-2021-29477

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.019

Percentile

88.7%

JSON

Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, or by appending each command to a log.

Security Fix(es):

redis: Integer overflow via STRALGO LCS command (CVE-2021-29477)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

OSVersionArchitecturePackageVersionFilename
RedHatanyx86_64redis-debugsource< 6.0.9-3.module+el8.4.0+10984+ed187465redis-debugsource-6.0.9-3.module+el8.4.0+10984+ed187465.x86_64.rpm
RedHatanyaarch64redis-devel< 6.0.9-3.module+el8.4.0+10984+ed187465redis-devel-6.0.9-3.module+el8.4.0+10984+ed187465.aarch64.rpm
RedHatanynoarchredis-doc< 6.0.9-3.module+el8.4.0+10984+ed187465redis-doc-6.0.9-3.module+el8.4.0+10984+ed187465.noarch.rpm
RedHatanys390xredis-devel< 6.0.9-3.module+el8.4.0+10984+ed187465redis-devel-6.0.9-3.module+el8.4.0+10984+ed187465.s390x.rpm
RedHatanyaarch64redis< 6.0.9-3.module+el8.4.0+10984+ed187465redis-6.0.9-3.module+el8.4.0+10984+ed187465.aarch64.rpm
RedHatanyx86_64redis-debuginfo< 6.0.9-3.module+el8.4.0+10984+ed187465redis-debuginfo-6.0.9-3.module+el8.4.0+10984+ed187465.x86_64.rpm
RedHatanyppc64leredis-devel< 6.0.9-3.module+el8.4.0+10984+ed187465redis-devel-6.0.9-3.module+el8.4.0+10984+ed187465.ppc64le.rpm
RedHatanyaarch64redis-debugsource< 6.0.9-3.module+el8.4.0+10984+ed187465redis-debugsource-6.0.9-3.module+el8.4.0+10984+ed187465.aarch64.rpm
RedHatanyppc64leredis-debugsource< 6.0.9-3.module+el8.4.0+10984+ed187465redis-debugsource-6.0.9-3.module+el8.4.0+10984+ed187465.ppc64le.rpm
RedHatanyppc64leredis< 6.0.9-3.module+el8.4.0+10984+ed187465redis-6.0.9-3.module+el8.4.0+10984+ed187465.ppc64le.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	any	x86_64	redis-debugsource	< 6.0.9-3.module+el8.4.0+10984+ed187465	redis-debugsource-6.0.9-3.module+el8.4.0+10984+ed187465.x86_64.rpm
RedHat	any	aarch64	redis-devel	< 6.0.9-3.module+el8.4.0+10984+ed187465	redis-devel-6.0.9-3.module+el8.4.0+10984+ed187465.aarch64.rpm
RedHat	any	noarch	redis-doc	< 6.0.9-3.module+el8.4.0+10984+ed187465	redis-doc-6.0.9-3.module+el8.4.0+10984+ed187465.noarch.rpm
RedHat	any	s390x	redis-devel	< 6.0.9-3.module+el8.4.0+10984+ed187465	redis-devel-6.0.9-3.module+el8.4.0+10984+ed187465.s390x.rpm
RedHat	any	aarch64	redis	< 6.0.9-3.module+el8.4.0+10984+ed187465	redis-6.0.9-3.module+el8.4.0+10984+ed187465.aarch64.rpm
RedHat	any	x86_64	redis-debuginfo	< 6.0.9-3.module+el8.4.0+10984+ed187465	redis-debuginfo-6.0.9-3.module+el8.4.0+10984+ed187465.x86_64.rpm
RedHat	any	ppc64le	redis-devel	< 6.0.9-3.module+el8.4.0+10984+ed187465	redis-devel-6.0.9-3.module+el8.4.0+10984+ed187465.ppc64le.rpm
RedHat	any	aarch64	redis-debugsource	< 6.0.9-3.module+el8.4.0+10984+ed187465	redis-debugsource-6.0.9-3.module+el8.4.0+10984+ed187465.aarch64.rpm
RedHat	any	ppc64le	redis-debugsource	< 6.0.9-3.module+el8.4.0+10984+ed187465	redis-debugsource-6.0.9-3.module+el8.4.0+10984+ed187465.ppc64le.rpm
RedHat	any	ppc64le	redis	< 6.0.9-3.module+el8.4.0+10984+ed187465	redis-6.0.9-3.module+el8.4.0+10984+ed187465.ppc64le.rpm