redis:7 security update
エラータID: AXSA:2024-9438:01
リリース日:
2024/12/19 Thursday - 22:58
題名:
redis:7 security update
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- Redis には、SORT_RO コマンドによって参照されるキーを
適切に識別できない問題があるため、ローカルの攻撃者により、
ACL の設定で許容していないキーへの不正なアクセスを可能と
する脆弱性が存在します。(CVE-2023-41053)
- Redis には、起動から利用者が設定した権限設定に変更する
までの間、デフォルトの権限設定で UNIX ソケットを開いて
しまう問題があるため、ローカルの攻撃者により、別の
プロセスからの不正な接続を可能とする脆弱性が存在します。
(CVE-2023-45145)
- Redis には、認証されたローカルの攻撃者により、細工された
ACL セレクターによるサーバーアクセスを介して、サービス
拒否攻撃 (パニックの発生) を可能とする脆弱性が存在します。
(CVE-2024-31227)
- Redis の "KEYS"、"SCAN"、"PSUBSCRIBE"、"FUNCTION LIST"、
"COMMAND LIST"、ACL 定義などのコマンドの処理には、制限
されていない再起処理の実行に起因したスタック領域のオーバー
フローの問題があるため、認証されたローカルの攻撃者により、
巧妙に細工された長い文字列の入力を介して、サービス拒否攻撃
(プロセスのクラッシュの発生) を可能とする脆弱性が存在します。
(CVE-2024-31228)
- Redis のビットライブラリには、スタック領域のバッファー
オーバーフローの問題があるため、認証されたローカルの攻撃者
により、巧妙に細工された Lua スクリプトの実行を介して、任意
のコードの実行を可能とする脆弱性が存在します。
(CVE-2024-31449)
Modularity name: redis
Stream name: 7
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2023-41053
Redis is an in-memory database that persists on disk. Redis does not correctly identify keys accessed by `SORT_RO` and as a result may grant users executing this command access to keys that are not explicitly authorized by the ACL configuration. The problem exists in Redis 7.0 or newer and has been fixed in Redis 7.0.13 and 7.2.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Redis is an in-memory database that persists on disk. Redis does not correctly identify keys accessed by `SORT_RO` and as a result may grant users executing this command access to keys that are not explicitly authorized by the ACL configuration. The problem exists in Redis 7.0 or newer and has been fixed in Redis 7.0.13 and 7.2.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVE-2023-45145
Redis is an in-memory database that persists on disk. On startup, Redis begins listening on a Unix socket before adjusting its permissions to the user-provided configuration. If a permissive umask(2) is used, this creates a race condition that enables, during a short period of time, another process to establish an otherwise unauthorized connection. This problem has existed since Redis 2.6.0-RC1. This issue has been addressed in Redis versions 7.2.2, 7.0.14 and 6.2.14. Users are advised to upgrade. For users unable to upgrade, it is possible to work around the problem by disabling Unix sockets, starting Redis with a restrictive umask, or storing the Unix socket file in a protected directory.
Redis is an in-memory database that persists on disk. On startup, Redis begins listening on a Unix socket before adjusting its permissions to the user-provided configuration. If a permissive umask(2) is used, this creates a race condition that enables, during a short period of time, another process to establish an otherwise unauthorized connection. This problem has existed since Redis 2.6.0-RC1. This issue has been addressed in Redis versions 7.2.2, 7.0.14 and 6.2.14. Users are advised to upgrade. For users unable to upgrade, it is possible to work around the problem by disabling Unix sockets, starting Redis with a restrictive umask, or storing the Unix socket file in a protected directory.
CVE-2024-31227
Redis is an open source, in-memory database that persists on disk. An authenticated with sufficient privileges may create a malformed ACL selector which, when accessed, triggers a server panic and subsequent denial of service. The problem exists in Redis 7 prior to versions 7.2.6 and 7.4.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Redis is an open source, in-memory database that persists on disk. An authenticated with sufficient privileges may create a malformed ACL selector which, when accessed, triggers a server panic and subsequent denial of service. The problem exists in Redis 7 prior to versions 7.2.6 and 7.4.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVE-2024-31228
Redis is an open source, in-memory database that persists on disk. Authenticated users can trigger a denial-of-service by using specially crafted, long string match patterns on supported commands such as `KEYS`, `SCAN`, `PSUBSCRIBE`, `FUNCTION LIST`, `COMMAND LIST` and ACL definitions. Matching of extremely long patterns may result in unbounded recursion, leading to stack overflow and process crash. This problem has been fixed in Redis versions 6.2.16, 7.2.6, and 7.4.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Redis is an open source, in-memory database that persists on disk. Authenticated users can trigger a denial-of-service by using specially crafted, long string match patterns on supported commands such as `KEYS`, `SCAN`, `PSUBSCRIBE`, `FUNCTION LIST`, `COMMAND LIST` and ACL definitions. Matching of extremely long patterns may result in unbounded recursion, leading to stack overflow and process crash. This problem has been fixed in Redis versions 6.2.16, 7.2.6, and 7.4.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVE-2024-31449
Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to trigger a stack buffer overflow in the bit library, which may potentially lead to remote code execution. The problem exists in all versions of Redis with Lua scripting. This problem has been fixed in Redis versions 6.2.16, 7.2.6, and 7.4.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to trigger a stack buffer overflow in the bit library, which may potentially lead to remote code execution. The problem exists in all versions of Redis with Lua scripting. This problem has been fixed in Redis versions 6.2.16, 7.2.6, and 7.4.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
追加情報:
N/A
ダウンロード:
SRPMS
- redis-7.2.6-1.module+el9+1056+a69f941b.src.rpm
MD5: 19f26bbaa4fd6943ed2d0d8e134bf74f
SHA-256: 01f6f6d649907d71a4a146ec8f9380b1c727e1644b96e6ba63499845c4b4bca8
Size: 4.43 MB
Asianux Server 9 for x86_64
- redis-7.2.6-1.module+el9+1056+a69f941b.x86_64.rpm
MD5: 068d0ecb0533192183cf0967478391a5
SHA-256: 9d5c04ea7148b797349ee05fb090d7c4d594491b0f20faf987d8183c6b0e33a2
Size: 1.63 MB - redis-debugsource-7.2.6-1.module+el9+1056+a69f941b.x86_64.rpm
MD5: 3a384874ec9c7d41e3ff10ce01cc9fab
SHA-256: 893fe6a6a720ad74a765b6767f7e6b1700bf56a1116074e7ccd958f394d3a4f4
Size: 1.54 MB - redis-devel-7.2.6-1.module+el9+1056+a69f941b.x86_64.rpm
MD5: b68d1d6804cc85093e93c9b179a8d7f1
SHA-256: 7aa7c515951e91b55d37f903abb58e7375df051b8a30a735cbe363bd50112cd2
Size: 24.50 kB - redis-doc-7.2.6-1.module+el9+1056+a69f941b.noarch.rpm
MD5: bc5f0803307de8bc0ed2b4d5834b082f
SHA-256: 5d8f134f4647d983c0f1fbd5c546e977033fecf79444b0a39a5b6c8f3de6ca6f
Size: 639.73 kB
English