Bug 32103

Summary:	Redis new security issue CVE-2022-24834
Product:	Mageia	Reporter:	Stig-Ørjan Smelror <smelror>
Component:	Security	Assignee:	QA Team <qa-bugs>
Status:	RESOLVED FIXED	QA Contact:	Sec team <security>
Severity:	normal
Priority:	Normal	CC:	andrewsfarm, davidwhodgins, herman.viaene, sysadmin-bugs
Version:	8	Keywords:	advisory, validated_update
Target Milestone:	---
Hardware:	All
OS:	Linux
Whiteboard:	MGA8-64-OK MGA9-64-OK
Source RPM:	redis-6.0.19-1.src.rpm	CVE:	CVE-2022-24834
Status comment:

Description Stig-Ørjan Smelror 2023-07-16 09:04:18 CEST

Upstream has fixed CVE-2022-24834 in version 6.0.20.

https://github.com/redis/redis/releases/tag/6.0.20

Comment 1 Stig-Ørjan Smelror 2023-07-16 09:04:44 CEST

Cauldron has been updated

CVE: (none) => CVE-2022-24834

Comment 2 Stig-Ørjan Smelror 2023-07-16 09:53:16 CEST

Advisory
========

Redis has been updated to fix CVE-2022-24834.

CVE-2022-24834: A specially crafted Lua script executing in Redis can trigger a heap overflow in the cjson and cmsgpack libraries, and result in heap corruption and potentially remote code execution.

References
==========
https://github.com/redis/redis/releases/tag/6.0.20
https://github.com/redis/redis/security/advisories/GHSA-p8x2-9v9q-c838
https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-24834

Files
=====

Uploaded to core/updates_testing

redis-6.0.20-1.mga8

from redis-6.0.20-1.mga8.src.rpm

Assignee: smelror => qa-bugs

Comment 3 Herman Viaene 2023-07-24 15:27:49 CEST

MGA8-64 MATE on Acer Aspire 5253
No installation issues
Ref bug 19158 for correct tutorial
# systemctl start redis
[root@mach7 ~]# systemctl -l status redis
● redis.service - Redis persistent key-value database
     Loaded: loaded (/usr/lib/systemd/system/redis.service; disabled; vendor preset: disabled)
    Drop-In: /usr/lib/systemd/system/redis.service.d
             └─limit.conf
     Active: active (running) since Mon 2023-07-24 15:10:19 CEST; 22s ago
   Main PID: 4648 (redis-server)
      Tasks: 5 (limit: 4364)
     Memory: 1.7M
        CPU: 136ms
     CGroup: /system.slice/redis.service
             └─4648 /usr/bin/redis-server 127.0.0.1:6379

Jul 24 15:10:19 mach7.hviaene.thuis systemd[1]: Started Redis persistent key-value database.

$ redis-cli < tutorial
OK
"pluto"
OK
(integer) 8
(integer) 9
"9"
(integer) 1
(integer) 1
OK
(integer) 1
(integer) 40
(integer) 40
(integer) 40
OK
(integer) 4
(integer) 5
(integer) 6
1) "Polly"
2) "Polly"
3) "Sukie"
4) "Zack"
5) "Sukie"
6) "Zack"
1) "Polly"
2) "Polly"
1) "Polly"
2) "Sukie"

Ref bug 24042 for further testing
$ redis-cli
127.0.0.1:6379> lrange friends 1 2
1) "Polly"
2) "Sukie"
127.0.0.1:6379> GET server:name
"pluto"
127.0.0.1:6379> set resource:lock "Demo 2"
OK
127.0.0.1:6379> expire "Demo 2" 10
(integer) 0
127.0.0.1:6379> ttl resource:lock
(integer) -1
127.0.0.1:6379> lpush friends "Lucy"
(integer) 7
127.0.0.1:6379> lrange friends 7 7
(empty array)
127.0.0.1:6379> lrange friends 0 0
1) "Lucy"
127.0.0.1:6379> lrange friends 0 -1
1) "Lucy"
2) "Polly"
3) "Polly"
4) "Sukie"
5) "Zack"
6) "Sukie"
7) "Zack"
127.0.0.1:6379> exit

Looks OK.

CC: (none) => herman.viaene
Whiteboard: (none) => MGA8-64-OK

Comment 4 Thomas Andrews 2023-07-27 16:28:34 CEST

Validating. Advisory in comment 2.

CC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => validated_update

Dave Hodgins 2023-08-20 20:55:24 CEST

CC: (none) => davidwhodgins
Keywords: (none) => advisory
Whiteboard: MGA8-64-OK => MGA8-64-OK MGA9-64-OK

Comment 5 Mageia Robot 2023-08-23 21:58:19 CEST

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2023-0246.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED