redis:7 security update
エラータID: AXSA:2025-9608:01
リリース日:
2025/01/30 Thursday - 17:11
題名:
redis:7 security update
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- Redis のガベージコレクターには、ローカルの攻撃者により、
巧妙に細工された Lua スクリプトの処理を介して、任意の
コードの実行を可能とする脆弱性が存在します。
(CVE-2024-46981)
- Redis には、ローカルの攻撃者により、不正な ACL セレクター
の作成を介して、サービス拒否攻撃 (パニックの発生) を可能
とする脆弱性が存在します。(CVE-2024-51741)
Modularity name: redis
Stream name: 7
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2024-46981
Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to manipulate the garbage collector and potentially lead to remote code execution. The problem is fixed in 7.4.2, 7.2.7, and 6.2.17. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from executing Lua scripts. This can be done using ACL to restrict EVAL and EVALSHA commands.
Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to manipulate the garbage collector and potentially lead to remote code execution. The problem is fixed in 7.4.2, 7.2.7, and 6.2.17. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from executing Lua scripts. This can be done using ACL to restrict EVAL and EVALSHA commands.
CVE-2024-51741
Redis is an open source, in-memory database that persists on disk. An authenticated with sufficient privileges may create a malformed ACL selector which, when accessed, triggers a server panic and subsequent denial of service. The problem is fixed in Redis 7.2.7 and 7.4.2.
Redis is an open source, in-memory database that persists on disk. An authenticated with sufficient privileges may create a malformed ACL selector which, when accessed, triggers a server panic and subsequent denial of service. The problem is fixed in Redis 7.2.7 and 7.4.2.
追加情報:
N/A
ダウンロード:
SRPMS
- redis-7.2.7-1.module+el9+1064+58275413.src.rpm
MD5: 7be0248ada037dc431a3e081c57b7c09
SHA-256: 544e085e5dcfb2b170d56626e4f4593f231194c26e90bb119aeab0afdddcf268
Size: 4.44 MB
Asianux Server 9 for x86_64
- redis-7.2.7-1.module+el9+1064+58275413.x86_64.rpm
MD5: b5152622b94a691c18206682b6d8324f
SHA-256: 78e62c2111f029486038b87f2f666ae0531f1a2a8c24f4905fdd96fdf6715170
Size: 1.63 MB - redis-debugsource-7.2.7-1.module+el9+1064+58275413.x86_64.rpm
MD5: 747245cf693bc2f3e07f4fda41891dcc
SHA-256: e6ddb2cdc2e609b090d2ea00f11bb9abde86519c7f90e647f8fd3bae48f3db70
Size: 1.54 MB - redis-devel-7.2.7-1.module+el9+1064+58275413.x86_64.rpm
MD5: 23e4acd883456f91ad966ef4356abf30
SHA-256: 936c9a37c59cb47161477766ab2d4f37ef0da6ecbca41c4e3cd5fdfcf435bcf9
Size: 24.36 kB - redis-doc-7.2.7-1.module+el9+1064+58275413.noarch.rpm
MD5: 6cf1923178223ad76ee5da40e8d27788
SHA-256: 8ca8053079544b9c65caf4903f1c8109e97a270d0f39db2ebb834d0bbc12894e
Size: 639.68 kB
English