(CVE-2023-25155) Specially crafted SRANDMEMBER, ZRANDMEMBER, and HRANDFIELD commands can trigger an integer overflow, resulting in a runtime assertion and termination of the Redis server process. (CVE-2022-36021) String matching commands (like SCAN or KEYS) with a specially crafted pattern to trigger a denial-of-service attack on Redis, causing it to hang and consume 100% CPU time. Fixed in 6.0.18. https://github.com/redis/redis/releases/tag/6.0.18
Advisory ======== Redis version 7.0.9 contains an update to 2 critical security issues. (CVE-2023-25155) Specially crafted SRANDMEMBER, ZRANDMEMBER, and HRANDFIELD commands can trigger an integer overflow, resulting in a runtime assertion and termination of the Redis server process. (CVE-2022-36021) String matching commands (like SCAN or KEYS) with a specially crafted pattern to trigger a denial-of-service attack on Redis, causing it to hang and consume 100% CPU time. References ========== https://github.com/redis/redis/releases/tag/6.0.18 Files ===== Uploaded to core/updates_testing redis-6.0.18-1.mga8 from redis-6.0.18-1.mga8.src.rpm
Assignee: smelror => qa-bugs
CVE: (none) => CVE-2023-25155, CVE-2022-36021
Updated the package for Mageia8, x86_64. Restarted the redis server. Referred to earlier bugs which used a condensed tutorial script. Fed that to the command line application and saw the expected results, as on all other occasions. $ redis-cli < tutorial OK "rapunzel" OK (integer) 8 (integer) 9 "9" (integer) 1 (integer) 1 OK [...] IIRC redis creates a database in RAM which hangs around to act as an active container for numerical and text data at least and provides some extra functionality, like arithmetic. $ urpmq --whatrequires-recursive redis ntopng redis # ntopng -i eno1 > session.ntopng ^C^C # head session.ntopng 01/Mar/2023 20:12:39 [Ntop.cpp:2336] Setting local networks to 127.0.0.0/8,fe80::/10 01/Mar/2023 20:12:39 [Redis.cpp:157] Successfully connected to redis 127.0.0.1:6379@0 01/Mar/2023 20:12:39 [Redis.cpp:157] Successfully connected to redis 127.0.0.1:6379@0 01/Mar/2023 20:12:40 [PcapInterface.cpp:93] Reading packets from eno1 [id: 0] 01/Mar/2023 20:12:40 [Ntop.cpp:2441] Registered interface eno1 [id: 0] 01/Mar/2023 20:12:40 [main.cpp:312] PID stored in file /var/run/ntopng/ntopng.pid 01/Mar/2023 20:12:40 [Geolocation.cpp:107] Running without geolocation support. 01/Mar/2023 20:12:40 [Geolocation.cpp:108] To enable geolocation follow the instructions at 01/Mar/2023 20:12:40 [Geolocation.cpp:109] https://github.com/ntop/ntopng/blob/dev/doc/README.geolocation.md 01/Mar/2023 20:12:40 [HTTPserver.cpp:1529] Web server dirs [/usr/share/ntopng/httpdocs][/usr/share/ntopng/scripts] # cat /var/run/ntopng/ntopng.pid 1507319 $ ps aux | grep ntopng ntopng 1507319 1.9 0.6 3022956 214028 pts/7 SLl+ 20:18 0:03 ntopng -i eno1 Fair enough. Letting this go.
CC: (none) => tarazed25Whiteboard: (none) => MGA8-64-OK
Validating. Advisory in comment 1.
CC: (none) => andrewsfarm, sysadmin-bugsKeywords: (none) => validated_update
Keywords: (none) => advisoryCC: (none) => davidwhodgins
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2023-0086.html
Status: NEW => RESOLVEDResolution: (none) => FIXED
Blocks: (none) => 31174
CVE-2022-35977 was also fixed in this update (Bug 31174).