Bug 29549

Summary: hiredis new security issue CVE-2021-32765
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: major    
Priority: Normal CC: andrewsfarm, geiger.david68210, herman.viaene, mageia, marja11, rverschelde, sysadmin-bugs
Version: 8Keywords: advisory, validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
See Also: https://bugs.mageia.org/show_bug.cgi?id=29552
Whiteboard: MGA8-64-OK
Source RPM: hiredis-0.13.3-6.mga8.src.rpm CVE:
Status comment:

Description David Walser 2021-10-12 22:18:18 CEST 
Debian-LTS has issued an advisory today (October 12):
https://www.debian.org/lts/security/2021/dla-2783

The issue is fixed upstream in 1.0.1:
https://github.com/redis/hiredis/security/advisories/GHSA-hfm9-39pp-55p2

Mageia 8 is also affected.
David Walser 2021-10-12 22:18:36 CEST

Status comment: (none) => Patch available from Debian
CC: (none) => geiger.david68210
Whiteboard: (none) => MGA8TOO

David Walser 2021-10-13 15:44:28 CEST

See Also: (none) => https://bugs.mageia.org/show_bug.cgi?id=29552

Comment 1 Marja Van Waes 2021-10-13 22:15:17 CEST 
Assigning to the registered maintainer

CC: (none) => marja11
Assignee: bugsquad => rverschelde

Comment 2 David Walser 2021-12-06 19:19:33 CET 
openSUSE has issued an advisory for this today (December 6):
https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/A2J7PHNSWD2ZHOSNIVUJTW2HJ34RJDBG/
Comment 3 Nicolas Lécureuil 2021-12-15 00:26:14 CET 
Fixed in mga8/9:

src:
    - hiredis-0.13.3-6.1.mga8

Assignee: rverschelde => qa-bugs
Version: Cauldron => 8
Status comment: Patch available from Debian => (none)
CC: (none) => mageia, rverschelde
Whiteboard: MGA8TOO => (none)

Comment 4 David Walser 2021-12-15 00:34:22 CET 
libhiredis-devel-0.13.3-6.1.mga8
libhiredis0.13-0.13.3-6.1.mga8

from hiredis-0.13.3-6.1.mga8.src.rpm
Comment 5 Herman Viaene 2021-12-15 15:15:05 CET 
MGA8-64 Plasma on Lenovo B50 in Dutch
No installation issues.
Following Len's test in bug 26255 Comment 4
$ strace -o libhiredis.txt tellico 
Created a collection, added two books to it, and saved.
Checked the trace file and found reference to /lib64/libhiredis.so.0.13
Seems OK.

Whiteboard: (none) => MGA8-64-OK
CC: (none) => herman.viaene

Comment 6 Thomas Andrews 2021-12-15 22:20:53 CET 
Validating.

Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs

Thomas Backlund 2021-12-19 12:08:57 CET

Keywords: (none) => advisory

Comment 7 Mageia Robot 2021-12-19 13:27:32 CET 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2021-0562.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED