Upstream has fixed CVE-2022-24834 in version 6.0.20. https://github.com/redis/redis/releases/tag/6.0.20
Cauldron has been updated
CVE: (none) => CVE-2022-24834
Advisory ======== Redis has been updated to fix CVE-2022-24834. CVE-2022-24834: A specially crafted Lua script executing in Redis can trigger a heap overflow in the cjson and cmsgpack libraries, and result in heap corruption and potentially remote code execution. References ========== https://github.com/redis/redis/releases/tag/6.0.20 https://github.com/redis/redis/security/advisories/GHSA-p8x2-9v9q-c838 https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-24834 Files ===== Uploaded to core/updates_testing redis-6.0.20-1.mga8 from redis-6.0.20-1.mga8.src.rpm
Assignee: smelror => qa-bugs
MGA8-64 MATE on Acer Aspire 5253 No installation issues Ref bug 19158 for correct tutorial # systemctl start redis [root@mach7 ~]# systemctl -l status redis ● redis.service - Redis persistent key-value database Loaded: loaded (/usr/lib/systemd/system/redis.service; disabled; vendor preset: disabled) Drop-In: /usr/lib/systemd/system/redis.service.d └─limit.conf Active: active (running) since Mon 2023-07-24 15:10:19 CEST; 22s ago Main PID: 4648 (redis-server) Tasks: 5 (limit: 4364) Memory: 1.7M CPU: 136ms CGroup: /system.slice/redis.service └─4648 /usr/bin/redis-server 127.0.0.1:6379 Jul 24 15:10:19 mach7.hviaene.thuis systemd[1]: Started Redis persistent key-value database. $ redis-cli < tutorial OK "pluto" OK (integer) 8 (integer) 9 "9" (integer) 1 (integer) 1 OK (integer) 1 (integer) 40 (integer) 40 (integer) 40 OK (integer) 4 (integer) 5 (integer) 6 1) "Polly" 2) "Polly" 3) "Sukie" 4) "Zack" 5) "Sukie" 6) "Zack" 1) "Polly" 2) "Polly" 1) "Polly" 2) "Sukie" Ref bug 24042 for further testing $ redis-cli 127.0.0.1:6379> lrange friends 1 2 1) "Polly" 2) "Sukie" 127.0.0.1:6379> GET server:name "pluto" 127.0.0.1:6379> set resource:lock "Demo 2" OK 127.0.0.1:6379> expire "Demo 2" 10 (integer) 0 127.0.0.1:6379> ttl resource:lock (integer) -1 127.0.0.1:6379> lpush friends "Lucy" (integer) 7 127.0.0.1:6379> lrange friends 7 7 (empty array) 127.0.0.1:6379> lrange friends 0 0 1) "Lucy" 127.0.0.1:6379> lrange friends 0 -1 1) "Lucy" 2) "Polly" 3) "Polly" 4) "Sukie" 5) "Zack" 6) "Sukie" 7) "Zack" 127.0.0.1:6379> exit Looks OK.
CC: (none) => herman.viaeneWhiteboard: (none) => MGA8-64-OK
Validating. Advisory in comment 2.
CC: (none) => andrewsfarm, sysadmin-bugsKeywords: (none) => validated_update
CC: (none) => davidwhodginsKeywords: (none) => advisoryWhiteboard: MGA8-64-OK => MGA8-64-OK MGA9-64-OK
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2023-0246.html
Status: NEW => RESOLVEDResolution: (none) => FIXED