rpm/redis
SHA256
1
0
Fork 0
forked from pool/redis
Code Pull Requests Activity

Accepting request 1073382 from home:AndreasStieger:branches:server:database

Browse Source 
redis 7.0.10 CVE-2023-28425 boo#1209528

OBS-URL: https://build.opensuse.org/request/show/1073382
OBS-URL: https://build.opensuse.org/package/show/server:database/redis?expand=0&rev=220
This commit is contained in:
Danilo Spinella
2023-03-21 13:39:55 +00:00
committed by Git OBS Bridge
parent 7616b2211a
commit f703ac4735
7 changed files with 52 additions and 213 deletions
Download Patch File Download Diff File Expand all files Collapse all files

42
redis.changes
View File

@@ -1,3 +1,45 @@
-------------------------------------------------------------------
Mon Mar 20 21:22:02 UTC 2023 - Andreas Stieger <andreas.stieger@gmx.de>
- redis 7.0.10
* CVE-2023-28425: Specially crafted MSETNX command can lead to
assertion and denial-of-service (boo#1209528)
* Large blocks of replica client output buffer may lead to psync
loops and unnecessary memory usage
* Fix CLIENT REPLY OFF|SKIP to not silence push notifications
* Trim excessive memory usage in stream nodes when exceeding
`stream-node-max-bytes`
* Fix module RM_Call commands failing with OOM when maxmemory is
changed to zero
-------------------------------------------------------------------
Mon Mar 20 21:16:24 UTC 2023 - Andreas Stieger <andreas.stieger@gmx.de>
- redis 7.0.9
* CVE-2023-25155: Specially crafted SRANDMEMBER, ZRANDMEMBER, and
HRANDFIELD commands can trigger an integer overflow, resulting
in a runtime assertion and termination of the Redis server
process. Previously patched, drop
Integer-Overflow-in-RAND-commands-can-lead-to-assert.patch
* CVE-2022-36021: String matching commands (like SCAN or KEYS)
with a specially crafted pattern to trigger a denial-of-service
attack on Redis, causing it to hang and consume 100% CPU time.
Previously upatched, drop
String-pattern-matching-had-exponential-time-complex.patch
* Fix a crash when reaching the maximum invalidations limit of
client-side tracking
* Fix a crash when SPUBLISH is used after passing the
cluster-link-sendbuf-limit
* Fix possible memory corruption in FLUSHALL when a client
watches more than one key
* Fix cluster inbound link keepalive time
* Flush propagation list in active-expire of writable replicas to
fix an assertion
* Avoid propagating DEL of lazy expire from SCAN and RANDOMKEY as
MULTI-EXEC
* Avoid realloc to reduce size of strings when it is unneeded
* Improve CLUSTER SLOTS reply efficiency for non-continuous slots
-------------------------------------------------------------------
Wed Mar 1 16:29:28 UTC 2023 - Valentin Lefebvre <valentin.lefebvre@suse.com>