redis-6.2.17-1.el9_5
エラータID: AXSA:2025-9591:01
リリース日:
2025/01/30 Thursday - 11:40
題名:
redis-6.2.17-1.el9_5
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- Redis には、ヒープオーバーフローの問題があるため、
ローカルの攻撃者により、巧妙に細工された Redis 上で
稼働する Lua スクリプトを介して、任意のコードの実行
を可能とする脆弱性が存在します。(CVE-2022-24834)
- Redis には、起動から利用者が設定した権限設定に変更
するまでの間、デフォルトの権限設定で UNIX ソケットを
開いてしまう問題があるため、ローカルの攻撃者により、
別のプロセスからの不正な接続を可能とする脆弱性が存在
します。(CVE-2023-45145)
- Redis の "KEYS"、"SCAN"、"PSUBSCRIBE"、
"FUNCTION LIST"、"COMMAND LIST"、ACL 定義などの
コマンドの処理には、制限されていない再起処理の実行に
起因したスタック領域のオーバーフローの問題があるため
、認証されたローカルの攻撃者により、巧妙に細工された
長い文字列の入力を介して、サービス拒否攻撃 (プロセス
のクラッシュの発生) を可能とする脆弱性が存在します。
(CVE-2024-31228)
- Redis のビットライブラリには、スタック領域の
バッファーオーバーフローの問題があるため、認証された
ローカルの攻撃者により、巧妙に細工された Lua
スクリプトの実行を介して、任意のコードの実行を可能
とする脆弱性が存在します。(CVE-2024-31449)
- Redis のガベージコレクターには、ローカルの攻撃者に
より、巧妙に細工された Lua スクリプトの処理を介して、
任意のコードの実行を可能とする脆弱性が存在します。
(CVE-2024-46981)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2022-24834
Redis is an in-memory database that persists on disk. A specially crafted Lua script executing in Redis can trigger a heap overflow in the cjson library, and result with heap corruption and potentially remote code execution. The problem exists in all versions of Redis with Lua scripting support, starting from 2.6, and affects only authenticated and authorized users. The problem is fixed in versions 7.0.12, 6.2.13, and 6.0.20.
Redis is an in-memory database that persists on disk. A specially crafted Lua script executing in Redis can trigger a heap overflow in the cjson library, and result with heap corruption and potentially remote code execution. The problem exists in all versions of Redis with Lua scripting support, starting from 2.6, and affects only authenticated and authorized users. The problem is fixed in versions 7.0.12, 6.2.13, and 6.0.20.
CVE-2023-45145
Redis is an in-memory database that persists on disk. On startup, Redis begins listening on a Unix socket before adjusting its permissions to the user-provided configuration. If a permissive umask(2) is used, this creates a race condition that enables, during a short period of time, another process to establish an otherwise unauthorized connection. This problem has existed since Redis 2.6.0-RC1. This issue has been addressed in Redis versions 7.2.2, 7.0.14 and 6.2.14. Users are advised to upgrade. For users unable to upgrade, it is possible to work around the problem by disabling Unix sockets, starting Redis with a restrictive umask, or storing the Unix socket file in a protected directory.
Redis is an in-memory database that persists on disk. On startup, Redis begins listening on a Unix socket before adjusting its permissions to the user-provided configuration. If a permissive umask(2) is used, this creates a race condition that enables, during a short period of time, another process to establish an otherwise unauthorized connection. This problem has existed since Redis 2.6.0-RC1. This issue has been addressed in Redis versions 7.2.2, 7.0.14 and 6.2.14. Users are advised to upgrade. For users unable to upgrade, it is possible to work around the problem by disabling Unix sockets, starting Redis with a restrictive umask, or storing the Unix socket file in a protected directory.
CVE-2024-31228
Redis is an open source, in-memory database that persists on disk. Authenticated users can trigger a denial-of-service by using specially crafted, long string match patterns on supported commands such as `KEYS`, `SCAN`, `PSUBSCRIBE`, `FUNCTION LIST`, `COMMAND LIST` and ACL definitions. Matching of extremely long patterns may result in unbounded recursion, leading to stack overflow and process crash. This problem has been fixed in Redis versions 6.2.16, 7.2.6, and 7.4.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Redis is an open source, in-memory database that persists on disk. Authenticated users can trigger a denial-of-service by using specially crafted, long string match patterns on supported commands such as `KEYS`, `SCAN`, `PSUBSCRIBE`, `FUNCTION LIST`, `COMMAND LIST` and ACL definitions. Matching of extremely long patterns may result in unbounded recursion, leading to stack overflow and process crash. This problem has been fixed in Redis versions 6.2.16, 7.2.6, and 7.4.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVE-2024-31449
Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to trigger a stack buffer overflow in the bit library, which may potentially lead to remote code execution. The problem exists in all versions of Redis with Lua scripting. This problem has been fixed in Redis versions 6.2.16, 7.2.6, and 7.4.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to trigger a stack buffer overflow in the bit library, which may potentially lead to remote code execution. The problem exists in all versions of Redis with Lua scripting. This problem has been fixed in Redis versions 6.2.16, 7.2.6, and 7.4.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVE-2024-46981
Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to manipulate the garbage collector and potentially lead to remote code execution. The problem is fixed in 7.4.2, 7.2.7, and 6.2.17. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from executing Lua scripts. This can be done using ACL to restrict EVAL and EVALSHA commands.
Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to manipulate the garbage collector and potentially lead to remote code execution. The problem is fixed in 7.4.2, 7.2.7, and 6.2.17. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from executing Lua scripts. This can be done using ACL to restrict EVAL and EVALSHA commands.
追加情報:
N/A
ダウンロード:
SRPMS
- redis-6.2.17-1.el9_5.src.rpm
MD5: f94edce0ea5ef3d019b635d1af2fad58
SHA-256: 5ea79a11b78e3dbf78282c09fb05fea640af6161c8ca5cbae6f1155266c91ff5
Size: 3.01 MB
Asianux Server 9 for x86_64
- redis-6.2.17-1.el9_5.x86_64.rpm
MD5: b3bdeaad82cf1f81b35715221119cf56
SHA-256: 579eb40d67bd63f20254b0c26df8b4b6ec8d6b3a24033dde214395ce19c8caee
Size: 1.30 MB - redis-devel-6.2.17-1.el9_5.i686.rpm
MD5: d8875f2c37e667a3718b63e364678715
SHA-256: 5dcb7b2c1459a5876e49c3679a3e3154077c5e0a73faa5ecd5fa74d59877ac8d
Size: 18.56 kB - redis-devel-6.2.17-1.el9_5.x86_64.rpm
MD5: 448c6ad8ade5beaf7364ac64492e1c54
SHA-256: de71f1e4d5780f8045c39ee897cebbe55fcac0dec90283aa81eb1052da2485c6
Size: 18.54 kB - redis-doc-6.2.17-1.el9_5.noarch.rpm
MD5: 01465b94681b8b08faafa8e7842eb21a
SHA-256: bdf06d23751ad739f1a1976f95a7ecc44266ab36d2bb27627145a03d5cfe535d
Size: 548.54 kB
English