Debian-LTS has issued an advisory on February 25: https://www.debian.org/lts/security/2021/dla-2576 Mageia 7 and Mageia 8 are also affected.
Whiteboard: (none) => MGA8TOO, MGA7TOOStatus comment: (none) => Patch available from Debian
Assigning to Stig as the active maintainer of 'redis'.
Assignee: bugsquad => smelror
Blocks: (none) => 28492
fixed in cauldron. I cloned the bugreport for mga7. Fixed for mga8: - redis-6.0.11-1.mga8
Whiteboard: MGA8TOO, MGA7TOO => (none)Version: Cauldron => 8CC: (none) => mageiaAssignee: smelror => qa-bugs
Status comment: Patch available from Debian => (none)
Advisory: ======================== Updated redis packages fix security vulnerability: It was discovered that there were a number of integer overflow issues in Redis. It is currently believed that the issues only affect 32-bit based systems (CVE-2021-21309). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21309 https://www.debian.org/lts/security/2021/dla-2576
Testing this on 32-bit hardware because of the advisory. Installed redis and dependency on a 32-bit mga8 Xfce4 system, then used qarepo to get the update. No installation issues. Referenced Bug 24042 for testing procedure: $ su Password: # systemctl start redis.service # exit exit $ systemctl status redis.service <font color="#55FF55"><b>●</b></font> redis.service - Redis persistent key-value database Loaded: loaded (/usr/lib/systemd/system/redis.service; disabled; vendor pr<span style="background-color:#FFFFFF"><font color="#000000">></font></span> Drop-In: /usr/lib/systemd/system/redis.service.d └─limit.conf Active: <font color="#55FF55"><b>active (running)</b></font> since Wed 2021-03-24 17:53:06 EDT; 59s ago Main PID: 9829 (redis-server) Tasks: 5 (limit: 4791) CPU: 1.343s CGroup: /system.slice/redis.service └─9829 /usr/bin/redis-server 127.0.0.1:6379 $ redis-cli < tutorial.txt OK "pluto" OK (integer) 8 (integer) 9 "9" (integer) 1 (integer) 1 OK (integer) 1 (integer) 40 (integer) 40 (integer) 40 OK (integer) 1 (integer) 2 (integer) 3 1) "David" 2) "Suzy" 3) "Zack" 1) "David" 2) "Suzy" 1) "Suzy" 2) "Zack" $ Results for this very basic script are as expected. Giving this a 32-bit OK, and Validating. Advisory in Comment 3.
Keywords: (none) => validated_updateWhiteboard: (none) => MGA8-32-OKCC: (none) => andrewsfarm, sysadmin-bugs
CC: (none) => ouaurelienKeywords: (none) => advisoryCVE: (none) => CVE-2021-21309
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2021-0155.html
Status: NEW => RESOLVEDResolution: (none) => FIXED