Oracle Linux 6277 Published by

A redis:6 security update has been released for Oracle Linux 8.



El-errata: ELSA-2021-3945 Important: Oracle Linux 8 redis:6 security update


Oracle Linux Security Advisory ELSA-2021-3945

  http://linux.oracle.com/errata/ELSA-2021-3945.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
redis-6.0.9-5.module+el8.4.0+20384+68ad316c.x86_64.rpm
redis-devel-6.0.9-5.module+el8.4.0+20384+68ad316c.x86_64.rpm
redis-doc-6.0.9-5.module+el8.4.0+20384+68ad316c.noarch.rpm

aarch64:
redis-6.0.9-5.module+el8.4.0+20384+68ad316c.aarch64.rpm
redis-devel-6.0.9-5.module+el8.4.0+20384+68ad316c.aarch64.rpm
redis-doc-6.0.9-5.module+el8.4.0+20384+68ad316c.noarch.rpm

SRPMS:
  http://oss.oracle.com/ol8/SRPMS-updates/redis-6.0.9-5.module+el8.4.0+20384+68ad316c.src.rpm

Related CVEs:

CVE-2021-32626
CVE-2021-32627
CVE-2021-32628
CVE-2021-32675
CVE-2021-32687
CVE-2021-41099



Description of changes:

[6.0.9-5]
- fix denial of service via Redis Standard Protocol (RESP) request
CVE-2021-32675

[6.0.9-4]
- fix lua scripts can overflow the heap-based Lua stack
CVE-2021-32626
- fix integer overflow issue with Streams
CVE-2021-32627
- fix integer overflow bug in the ziplist data structure
CVE-2021-32628
- fix integer overflow issue with intsets
CVE-2021-32687
- fix integer overflow issue with strings
CVE-2021-41099
[6.0.9-3]
- fix integer overflow via STRALGO LCS command
CVE-2021-29477