redis 5:6.0.16-1 source package in Ubuntu
Changelog
redis (5:6.0.16-1) unstable; urgency=medium
* New upstream security release:
- CVE-2021-32762: Integer to heap buffer overflow issue in redis-cli and
redis-sentinel parsing large multi-bulk replies on some older and less
common platforms.
- CVE-2021-32687: Integer to heap buffer overflow with intsets, when
set-max-intset-entries is manually configured to a non-default, very
large value.
- CVE-2021-32675: Denial Of Service when processing RESP request payloads
with a large number of elements on many connections.
- CVE-2021-32672: Random heap reading issue with Lua Debugger.
- CVE-2021-32628: Integer to heap buffer overflow handling ziplist-encoded
data types, when configuring a large, non-default value for
hash-max-ziplist-entries, hash-max-ziplist-value,
zset-max-ziplist-entries or zset-max-ziplist-value.
- CVE-2021-32627: Integer to heap buffer overflow issue with streams, when
configuring a non-default, large value for proto-max-bulk-len and
client-query-buffer-limit.
- CVE-2021-32626: Specially crafted Lua scripts may result with Heap
buffer overflow.
- CVE-2021-41099: Integer to heap buffer overflow handling certain string
commands and network payloads, when proto-max-bulk-len is manually
configured to a non-default, very large value.
* Refresh patches.
* Bump Standards-Version to 4.6.0.
-- Chris Lamb <email address hidden> Mon, 04 Oct 2021 14:37:24 +0100
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| redis_6.0.16-1.dsc | 2.2 KiB | c90fad51e966b2ff82349e060936d9a98cd5b182f3a61838191ee0f42e351bd8 |
| redis_6.0.16.orig.tar.gz | 2.2 MiB | 8bea58a468bb67bedc92d8c2e44c170e42e6ea02527cbc5d233e92e8d78d1b99 |
| redis_6.0.16-1.debian.tar.xz | 28.8 KiB | 5a09f4f4c6e2b3fafc7b986bca0e67578e70167e7ec60928aec7d5af913ca661 |
Available diffs
- diff from 5:6.0.15-1 to 5:6.0.16-1 (15.8 KiB)
No changes file available.
Binary packages built by this source
- redis: Persistent key-value database with network interface (metapackage)
Redis is a key-value database in a similar vein to memcache but the dataset
is non-volatile. Redis additionally provides native support for atomically
manipulating and querying data structures such as lists and sets.
.
The dataset is stored entirely in memory and periodically flushed to disk.
.
This package installs the main redis-server package.
- redis-sentinel: Persistent key-value database with network interface (monitoring)
Redis is a key-value database in a similar vein to memcache but the dataset
is non-volatile. Redis additionally provides native support for atomically
manipulating and querying data structures such as lists and sets.
.
This package contains the Redis Sentinel monitoring software.
- redis-server: Persistent key-value database with network interface
Redis is a key-value database in a similar vein to memcache but the dataset
is non-volatile. Redis additionally provides native support for atomically
manipulating and querying data structures such as lists and sets.
.
The dataset is stored entirely in memory and periodically flushed to disk.
- redis-tools: Persistent key-value database with network interface (client)
Redis is a key-value database in a similar vein to memcache but the dataset
is non-volatile. Redis additionally provides native support for atomically
manipulating and querying data structures such as lists and sets.
.
This package contains the command line client and other tools.
- redis-tools-dbgsym: debug symbols for redis-tools
