Bug 25278 - redis new security issues CVE-2019-10192 and CVE-2019-10193
Summary: redis new security issues CVE-2019-10192 and CVE-2019-10193
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 6
Hardware: All Linux
Priority: Normal major
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
Whiteboard: MGA6-64-OK
Keywords: advisory, validated_update
Depends on:
Reported: 2019-08-12 00:35 CEST by David Walser
Modified: 2019-08-18 14:41 CEST (History)
4 users (show)

See Also:
Source RPM: redis-4.0.12-1.mga6.src.rpm
Status comment: Fixed upstream in 4.0.14


Description David Walser 2019-08-12 00:35:27 CEST
Debian has issued an advisory on July 11:

The issues are fixed upstream in 4.0.14 and 5.0.4.
David Walser 2019-08-12 00:35:42 CEST

Status comment: (none) => Fixed upstream in 4.0.14
Severity: normal => major

Comment 1 David Walser 2019-08-12 00:58:43 CEST
Ubuntu has issued an advisory for this on July 16:
Comment 2 Stig-Ørjan Smelror 2019-08-12 08:32:00 CEST

This update fixes 2 security issues.

CVE-2019-10192: A heap-buffer overflow vulnerability was found in the Redis hyperloglog data structure
CVE-2019-10193: A stack-buffer overflow vulnerability was found in the Redis hyperloglog data structure




from redis-4.0.14-1.mga6.src.rpm
Stig-Ørjan Smelror 2019-08-12 08:32:13 CEST

Assignee: smelror => qa-bugs

Comment 3 Len Lawrence 2019-08-16 18:23:04 CEST
mga6, x86_64

Clean update from version 4.0.12 to 4.0.14.

$ sudo systemctl start redis
$ sudo systemctl enable redis
$ systemctl status redis● redis.service - Redis persistent key-value database
   Loaded: loaded (/usr/lib/systemd/system/redis.service; enabled; vendor 
  Drop-In: /usr/lib/systemd/system/redis.service.d
   Active: active (running) since Fri 2019-08-16 16:56:19 BST; 2min 51s ago

Ran the simple tutorial exercise reported here several times before.
See bug 22465 for instance.
$ redis-cli> set server:name pluto
OK> GET server:name
"pluto"> set connections 5
OK> incr connections
(integer) 6> incr connections
(integer) 7> get connections
"7"> del connections
(integer) 1> incr connections
(integer) 1> set resource:lock "Redis Demo 1"
OK> expire resource:lock 40
(integer) 1> ttl resource:lock
(integer) -2> set resource:lock "Demo 2"
OK> rpush friends "Suzy"
(integer) 8> rpush friends "Zack"
(integer) 9> lpush friends "David"
(integer) 10> lpush friends "David"
(integer) 11> lrange friends 0 -1
 1) "David"
 2) "David"
 3) "Lucy"
 4) "David"
 5) "David"
 6) "Suzy"
 7) "Zack"
 8) "Suzy"
 9) "Zack"
10) "Suzy"
11) "Zack"> lrange friends 0 1
1) "David"
2) "David"> lrange friends 1 2
1) "David"
2) "Lucy"> exit
This confirms the persistence of the database from earlier tests.  Up arrow functions as expected and where extra input is possible the system provides an unobtrusive prompt on the rest of the commandline, describing the options.

At this simple level the system works.

Whiteboard: (none) => MGA6-64-OK
CC: (none) => tarazed25

Comment 4 Thomas Andrews 2019-08-18 02:58:17 CEST
Validating. Advisory in Comment 2.

Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs

Thomas Backlund 2019-08-18 13:06:12 CEST

CC: (none) => tmb
Keywords: (none) => advisory

Comment 5 Mageia Robot 2019-08-18 14:41:02 CEST
An update for this issue has been pushed to the Mageia Updates repository.


Resolution: (none) => FIXED

Note You need to log in before you can comment on or make changes to this bug.