openSUSE has issued an advisory tomorrow (January 26): https://lists.opensuse.org/opensuse-updates/2018-01/msg00096.html The issue was fixed upstream in 4.0.3. Mageia 5 and Mageia 6 are also affected.
Whiteboard: (none) => MGA6TOO
Here's the actual openSUSE advisory: https://lists.opensuse.org/opensuse-updates/2018-01/msg00099.html
Assigning to all packagers collectively, since the registered maintainer for this package is most likely unavailable.
CC: (none) => joequant, mageia, marja11Assignee: bugsquad => pkg-bugs
Assignee: pkg-bugs => smelrorCC: (none) => smelrorWhiteboard: MGA6TOO => MGA6TOO MGA5TOO
Whiteboard: MGA6TOO MGA5TOO => MGA6TOO
Advisory: ======================== Redis has been updated to fix a security issue. The following vulnerabilities were fixed: - CVE-2017-15047: Buffer overflows occurring reading redis.conf (bsc#1061967) The following bugs are fixed: - Several PSYNC2 bugs could cause data corruption References: https://nvd.nist.gov/vuln/detail/CVE-2017-15047 https://bugzilla.suse.com/1061967 https://lists.opensuse.org/opensuse-updates/2018-01/msg00099.html Updated packages in core/updates_testing: ======================== redis-4.0.7-1.mga6 from redis-4.0.7-1.mga6.src.rpm
Keywords: (none) => advisoryAssignee: smelror => qa-bugsCVE: (none) => CVE-2017-15047
Version: Cauldron => 6CC: (none) => tmbWhiteboard: MGA6TOO => (none)
MGA6-32 on Dell Latitude D600 Mate No installation issues Tried to follow bug 19158 Comment 2 # systemctl start redis # systemctl -l status redis ● redis.service - Redis persistent key-value database Loaded: loaded (/usr/lib/systemd/system/redis.service; enabled; vendor preset: enabled) Drop-In: /usr/lib/systemd/system/redis.service.d └─limit.conf Active: active (running) since vr 2018-02-02 10:32:43 CET; 3s ago Main PID: 14360 (redis-server) CGroup: /system.slice/redis.service └─14360 /usr/bin/redis-server 127.0.0.1:6379 feb 02 10:32:43 xxx.yyy.zzz systemd[1]: Started Redis persistent key-value database. then $ redis-cli < tutorial OK "pluto" OK (integer) 8 (integer) 9 "9" (integer) 1 (integer) 1 OK (integer) 1 (integer) 40 (integer) 40 (integer) 40 OK (integer) 1 (integer) 2 (integer) 3 1) "David" 2) "Suzy" 3) "Zack" 1) "David" 2) "Suzy" 1) "Suzy" 2) "Zack" looks OK but then I have no idea what this .rediscli_history is about , nor does this item exist anywhere on my system. Leaving to more knowledgeable people to judge this test.
CC: (none) => herman.viaene
Mageia 6 :: x86_64 Downgraded redis (updated via another bug test) # systemctl enable redis # systemctl start redis # systemctl status redis ● redis.service - Redis persistent key-value database Loaded: loaded (/usr/lib/systemd/system/redis.service; enabled; vendor preset Drop-In: /usr/lib/systemd/system/redis.service.d └─limit.conf Active: failed (Result: exit-code) since Mon 2018-02-05 09:39:48 GMT; 11s ago Process: 17915 ExecStop=/usr/libexec/redis-shutdown (code=exited, status=1/FAI Process: 17911 ExecStart=/usr/bin/redis-server /etc/redis.conf --daemonize no Main PID: 17911 (code=exited, status=1/FAILURE) Feb 05 09:39:48 vega systemd[1]: Started Redis persistent key-value database. Feb 05 09:39:48 vega systemd[1]: redis.service: Main process exited, code=exited Feb 05 09:39:48 vega systemd[1]: redis.service: Control process exited, code=exi Feb 05 09:39:48 vega systemd[1]: redis.service: Unit entered failed state. Feb 05 09:39:48 vega systemd[1]: redis.service: Failed with result 'exit-code'. # systemctl disable redis Presumably the failure is due to the bug. Update redis again. # systemctl enable redis Created symlink /etc/systemd/system/multi-user.target.wants/redis.service → /usr/lib/systemd/system/redis.service. # systemctl start redis # systemctl status redis ● redis.service - Redis persistent key-value database Loaded: loaded (/usr/lib/systemd/system/redis.service; enabled; vendor preset Drop-In: /usr/lib/systemd/system/redis.service.d └─limit.conf Active: active (running) since Mon 2018-02-05 09:45:31 GMT; 7s ago Main PID: 27607 (redis-server) CGroup: /system.slice/redis.service └─27607 /usr/bin/redis-server 127.0.0.1:6379 Feb 05 09:45:31 vega systemd[1]: Started Redis persistent key-value database. I wondered where Herman found this 'tutorial' and ran locate on my system and discovered it was a relic from a previous QA test. $ cat tutorial SET server:name "pluto" GET server:name set connections 7 incr connections incr connections get connections del connections incr connections set resource:lock "Redis Demo 1" expire resource:lock 40 ttl resource:lock ttl resource:lock ttl resource:lock set resource:lock "Demo 2" rpush friends "Suzy" rpush friends "Zack" lpush friends "David" lrange friends 0 -1 lrange friends 0 1 lrange friends 1 2 exit and when run against redis-cli produces the output which Herman lists. .rediscli_history seems to be some kind of log but it does not make much sense to me. $ ll .rediscli_history -rw------- 1 lcl lcl 30 Feb 5 09:47 .rediscli_history $ cat .rediscli_history ps aux | grep redis exit quit However, the update works, and Herman, you can OK your test.
CC: (none) => tarazed25
Whiteboard: (none) => MGA6-64-OK
Whiteboard: MGA6-64-OK => MGA6-64-OK MGA6-32-OK
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
Stig-Ørjan Smelror, please note that the advisory keyword should not be added until the advisory has been committed to svn. In this case ... http://svnweb.mageia.org/advisories/22465.adv?view=log The info in the suggested advisory in the bug report is used to create the advisory in svn, in the proper format to allow the automated tools to push the correct srpms from updates testing to updates, and to create the advisories sent to subscribers of https://ml.mageia.org/l/arc/updates-announce The advisory has now been committed to svn.
CC: (none) => davidwhodgins
(In reply to Dave Hodgins from comment #6) > Stig-Ørjan Smelror, please note that the advisory keyword should not be added > until the advisory has been committed to svn. In this case ... > http://svnweb.mageia.org/advisories/22465.adv?view=log > > The info in the suggested advisory in the bug report is used to create the > advisory in svn, in the proper format to allow the automated tools to push > the correct srpms from updates testing to updates, and to create the > advisories > sent to subscribers of > https://ml.mageia.org/l/arc/updates-announce > > The advisory has now been committed to svn. Thank you. Initially I thought it was when the advisory was added here. Cheers, Stig
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2018-0119.html
Status: NEW => RESOLVEDResolution: (none) => FIXED