Debian 10261 Published by

A redis security update has been released for Debian GNU/Linux 8 and 9 Extended LTS to address an authentication bypass vulnerability.



ELA-988-1 redis security update

Package : redis
Version : 2:2.8.17-1+deb8u12 (jessie), 3:3.2.6-3+deb9u12 (stretch)

Related CVEs :
CVE-2023-45145

It was discovered that there was a authentication bypass vulnerability in
Redis, a popular key-value database similar to memcached.
On startup, Redis began listening on a Unix socket before adjusting its
permissions to the user-provided configuration. If a permissive umask(2) was
used, this created a race condition that enabled, during a short period of
time, another process to establish an otherwise unauthorized connection.

ELA-988-1 redis security update