SUSE has issued an advisory on April 30: https://lists.suse.com/pipermail/sle-updates/2025-April/039118.html
Source RPM: (none) => redis-7.0.14-1.2.mga9.src.rpmCVE: (none) => CVE-2025-21605
Following endless links, it looks as if this are the one that matters: https://github.com/redis/redis/releases/tag/7.4.3 7.4.3  YaacovHazan released this 2 weeks ago 7.4.3 2408011 Update urgency: SECURITY: There are security fixes in the release. Security fixes (CVE-2025-21605) An unauthenticated client can cause an unlimited growth of output buffers Bug fixes #13661 FUNCTION FLUSH - memory leak when using jemalloc #13793 WAITAOF returns prematurely #13853 SLAVEOF - crash when clients are blocked on lazy free #13863 RANDOMKEY - infinite loop during client pause #13877 ShardID inconsistency when both primary and replica support it and each one of those leads to a patch - in v7.4.3. So the apparent solution is to update redis to that. DavidG has already done that in Cauldron, so M9 remains to do. [The Suse bug also references 2 newer releases of 'valkey', 8.0.3 & 8.1.1, both with lists of bugs fixed (patches visible). All, with redis, released 2w ago.]
Assignee: bugsquad => geiger.david68210Status comment: (none) => ? Fixed in version 7.4.3
Suggested advisory: ======================== The updated package fixes a security vulnerability: Redis DoS Vulnerability due to unlimited growth of output buffers abused by unauthenticated client. (CVE-2025-21605) References: https://lists.suse.com/pipermail/sle-updates/2025-April/039118.html ======================== Updated package in core/updates_testing: ======================== redis-7.0.14-1.3.mga9 from SRPM: redis-7.0.14-1.3.mga9.src.rpm
Status comment: ? Fixed in version 7.4.3 => (none)Assignee: geiger.david68210 => qa-bugsStatus: NEW => ASSIGNED
Keywords: (none) => advisory
RH x86_64 installing redis-7.0.14-1.3.mga9.x86_64.rpm from //home/katnatek/qa-testing/x86_64 Preparing... ################################################################################################## 1/1: redis ################################################################################################## 1/1: removing redis-7.0.14-1.2.mga9.x86_64 ################################################################################################## systemctl start redis.service systemctl status redis.service ● redis.service - Redis persistent key-value database Loaded: loaded (/usr/lib/systemd/system/redis.service; disabled; preset: disabled) Drop-In: /usr/lib/systemd/system/redis.service.d └─limit.conf Active: active (running) since Fri 2025-05-23 12:55:46 CST; 22s ago Main PID: 84776 (redis-server) Tasks: 5 (limit: 6903) Memory: 2.8M CPU: 49ms CGroup: /system.slice/redis.service └─84776 "/usr/bin/redis-server 127.0.0.1:6379" may 23 12:55:46 jgrey.phoenix systemd[1]: Started redis.service. Use the Len Lawrence's wise to test redis-cli < redis-tutorial OK "pluto" OK (integer) 8 (integer) 9 "9" (integer) 1 (integer) 1 OK (integer) 1 (integer) 40 (integer) 40 (integer) 40 OK (integer) 1 (integer) 2 (integer) 3 1) "David" 2) "Suzy" 3) "Zack" 1) "David" 2) "Suzy" 1) "Suzy" 2) "Zack" redis-cli 127.0.0.1:6379> get server:name "pluto" 127.0.0.1:6379> exit ntopng -i eno1 > ntopng.session ^C file ntopng.session ntopng.session: ASCII text less ntopng.session 23/May/2025 13:07:44 [Ntop.cpp:2336] Setting local networks to 127.0.0.0/8,fe80::/10 23/May/2025 13:07:44 [Redis.cpp:157] Successfully connected to redis 127.0.0.1:6379@0 23/May/2025 13:07:44 [Redis.cpp:157] Successfully connected to redis 127.0.0.1:6379@0 23/May/2025 13:07:44 [PcapInterface.cpp:93] Reading packets from eno1 [id: 0] 23/May/2025 13:07:44 [Ntop.cpp:2441] Registered interface eno1 [id: 0] 23/May/2025 13:07:44 [main.cpp:312] PID stored in file /var/run/ntopng/ntopng.pid 23/May/2025 13:07:44 [Geolocation.cpp:107] Running without geolocation support. 23/May/2025 13:07:44 [Geolocation.cpp:108] To enable geolocation follow the instructions at 23/May/2025 13:07:44 [Geolocation.cpp:109] https://github.com/ntop/ntopng/blob/dev/doc/README.geolocation.md 23/May/2025 13:07:45 [HTTPserver.cpp:1529] Web server dirs [/usr/share/ntopng/httpdocs][/usr/share/ntopng/scripts] 23/May/2025 13:07:45 [HTTPserver.cpp:1532] HTTP server listening on 3000 23/May/2025 13:07:45 [Utils.cpp:764] User changed to ntopng 23/May/2025 13:07:45 [NetworkInterface.cpp:2593] Started flow user script hooks loop on interface eno1 [id: 0]... 23/May/2025 13:07:45 [main.cpp:382] Working directory: /var/lib/ntopng 23/May/2025 13:07:45 [main.cpp:384] Scripts/HTML pages directory: /usr/share/ntopng 23/May/2025 13:07:45 [Ntop.cpp:440] Welcome to ntopng x86_64 v.4.2.220416 - (C) 1998-20 ntop.org 23/May/2025 13:07:45 [Ntop.cpp:841] Adding 192.168.1.3/32 as IPv4 interface address for eno1 23/May/2025 13:07:45 [Ntop.cpp:850] Adding 192.168.1.0/24 as IPv4 local network for eno1 23/May/2025 13:07:50 [PeriodicActivities.cpp:109] Started periodic activities loop... 23/May/2025 13:07:50 [startup.lua:50] Processing startup.lua: please hold on... 23/May/2025 13:07:50 [startup.lua:144] [lists_utils.lua:758] Refreshing category lists... 23/May/2025 13:07:51 [startup.lua:144] [lists_utils.lua:411] Updating list 'Emerging Threats' [https://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt]... OK 23/May/2025 13:07:51 [startup.lua:144] [lists_utils.lua:411] Updating list 'Feodo Tracker Botnet C2 IP Blocklist' [https://feodotracker.abuse.ch/downloads/ipblocklist.txt]... OK 23/May/2025 13:07:52 [startup.lua:144] [lists_utils.lua:411] Updating list 'NoCoin Filter List' [https://raw.githubusercontent.com/hoshsadiq/adblock-nocoin-list/master/hosts.txt]... OK 23/May/2025 13:07:52 [startup.lua:144] [lists_utils.lua:411] Updating list 'SSLBL Botnet C2 IP Blacklist' [https://sslbl.abuse.ch/blacklist/sslipblacklist.txt]... OK 23/May/2025 13:07:53 [startup.lua:144] [lists_utils.lua:411] Updating list 'SSLBL JA3' [https://sslbl.abuse.ch/blacklist/ja3_fingerprints.csv]... OK 23/May/2025 13:08:04 [main.cpp:50] Shutting down... Looks good to me
MGA9-64 Plasma Wayland on Compaq H000SB. No installation issues. Ref bug 33924 and tests above: # systemctl start redis [root@mach3 ~]# systemctl -l status redis ● redis.service - Redis persistent key-value database Loaded: loaded (/usr/lib/systemd/system/redis.service; disabled; preset: disabled) Drop-In: /usr/lib/systemd/system/redis.service.d └─limit.conf Active: active (running) since Sun 2025-05-25 10:58:36 CEST; 24s ago Main PID: 20706 (redis-server) Tasks: 5 (limit: 8806) Memory: 2.7M CPU: 112ms CGroup: /system.slice/redis.service └─20706 "/usr/bin/redis-server 127.0.0.1:6379" May 25 10:58:36 mach3.hviaene.thuis systemd[1]: Started redis.service. normal user: [tester9@mach3 ~]$ redis-cli 127.0.0.1:6379> get server:name (nil) I don't understand that feedback. 127.0.0.1:6379> exit Installed ntopng # ntopng -i wlo1 > ntopng.session sh: line 1: netstat: command not found ^C # file ntopng.session ntopng.session: HTML document, ASCII text Opened file: 25/May/2025 11:06:28 [Ntop.cpp:2336] Setting local networks to 127.0.0.0/8,fe80::/10 25/May/2025 11:06:28 [Redis.cpp:157] Successfully connected to redis 127.0.0.1:6379@0 25/May/2025 11:06:28 [Redis.cpp:157] Successfully connected to redis 127.0.0.1:6379@0 25/May/2025 11:06:29 [PcapInterface.cpp:93] Reading packets from wlo1 [id: 0] 25/May/2025 11:06:29 [Ntop.cpp:2441] Registered interface wlo1 [id: 0] 25/May/2025 11:06:29 [main.cpp:312] PID stored in file /var/run/ntopng/ntopng.pid 25/May/2025 11:06:29 [Geolocation.cpp:107] Running without geolocation support. 25/May/2025 11:06:29 [Geolocation.cpp:108] To enable geolocation follow the instructions at 25/May/2025 11:06:29 [Geolocation.cpp:109] https://github.com/ntop/ntopng/blob/dev/doc/README.geolocation.md 25/May/2025 11:06:31 [HTTPserver.cpp:1529] Web server dirs [/usr/share/ntopng/httpdocs][/usr/share/ntopng/scripts] 25/May/2025 11:06:31 [HTTPserver.cpp:1532] HTTP server listening on 3000 25/May/2025 11:06:31 [Utils.cpp:764] User changed to ntopng 25/May/2025 11:06:31 [NetworkInterface.cpp:2593] Started flow user script hooks loop on interface wlo1 [id: 0]... 25/May/2025 11:06:31 [main.cpp:382] Working directory: /var/lib/ntopng 25/May/2025 11:06:31 [main.cpp:384] Scripts/HTML pages directory: /usr/share/ntopng 25/May/2025 11:06:31 [Ntop.cpp:440] Welcome to ntopng x86_64 v.4.2.220416 - (C) 1998-20 ntop.org 25/May/2025 11:06:31 [Ntop.cpp:841] Adding 127.0.0.1/32 as IPv4 interface address for wlo1 25/May/2025 11:06:31 [Ntop.cpp:850] Adding 127.0.0.0/8 as IPv4 local network for wlo1 etc .... and at the end 25/May/2025 11:06:42 [startup.lua:218] Startup completed: ntopng is now operational 25/May/2025 11:06:42 [PeriodicActivities.cpp:172] Each periodic activity script will use 2 threads 25/May/2025 11:06:42 [NetworkInterface.cpp:2735] Started packet polling on interface wlo1 [id: 0]... 25/May/2025 11:06:45 [main.cpp:50] Shutting down... 25/May/2025 11:06:45 [PcapInterface.cpp:336] Terminated packet polling for wlo1 25/May/2025 11:06:46 [NetworkInterface.cpp:2621] Flow dump thread completed for wlo1 25/May/2025 11:06:49 [Ntop.cpp:2540] Terminating periodic activities 25/May/2025 11:06:50 [Ntop.cpp:2546] Executing shutdown script 25/May/2025 11:06:50 [main.cpp:47] Ok I am leaving now Searching for the netstat command, but apparently it does not exist anymore, it is netstat-nat now?????
CC: (none) => herman.viaene
netstat is deprecated, but it should still be in the same package it's been in (net-tools, IIRC). Perhaps we should patch ntopng to use the ss command.
Installed net-tools, opened 3000/tcp on firewall, now I get 26/May/2025 10:47:41 [Ntop.cpp:2336] Setting local networks to 127.0.0.0/8,fe80::/10 26/May/2025 10:47:41 [Redis.cpp:157] Successfully connected to redis 127.0.0.1:6379@0 26/May/2025 10:47:41 [Redis.cpp:157] Successfully connected to redis 127.0.0.1:6379@0 26/May/2025 10:47:41 [PcapInterface.cpp:93] Reading packets from wlo1 [id: 0] 26/May/2025 10:47:41 [Ntop.cpp:2441] Registered interface wlo1 [id: 0] 26/May/2025 10:47:41 [main.cpp:312] PID stored in file /var/run/ntopng/ntopng.pid 26/May/2025 10:47:41 [Geolocation.cpp:107] Running without geolocation support. 26/May/2025 10:47:41 [Geolocation.cpp:108] To enable geolocation follow the instructions at 26/May/2025 10:47:41 [Geolocation.cpp:109] https://github.com/ntop/ntopng/blob/dev/doc/README.geolocation.md 26/May/2025 10:47:42 [HTTPserver.cpp:1529] Web server dirs [/usr/share/ntopng/httpdocs][/usr/share/ntopng/scripts] 26/May/2025 10:47:42 [HTTPserver.cpp:1532] HTTP server listening on 3000 26/May/2025 10:47:42 [Utils.cpp:764] User changed to ntopng 26/May/2025 10:47:42 [NetworkInterface.cpp:2593] Started flow user script hooks loop on interface wlo1 [id: 0]... 26/May/2025 10:47:42 [main.cpp:382] Working directory: /var/lib/ntopng 26/May/2025 10:47:42 [main.cpp:384] Scripts/HTML pages directory: /usr/share/ntopng 26/May/2025 10:47:42 [Ntop.cpp:440] Welcome to ntopng x86_64 v.4.2.220416 - (C) 1998-20 ntop.org 26/May/2025 10:47:42 [Ntop.cpp:841] Adding 127.0.0.1/32 as IPv4 interface address for wlo1 26/May/2025 10:47:42 [Ntop.cpp:850] Adding 127.0.0.0/8 as IPv4 local network for wlo1 26/May/2025 10:47:42 [Ntop.cpp:841] Adding 192.168.2.3/32 as IPv4 interface address for wlo1 26/May/2025 10:47:42 [Ntop.cpp:850] Adding 192.168.2.0/24 as IPv4 local network for wlo1 26/May/2025 10:47:42 [Ntop.cpp:872] Adding ::1/128 as IPv6 interface address for wlo1 26/May/2025 10:47:42 [Ntop.cpp:882] Adding ::1/128 as IPv6 local network for wlo1 26/May/2025 10:47:42 [Ntop.cpp:872] Adding fd00::baee:65ff:fe09:660c/128 as IPv6 interface address for wlo1 26/May/2025 10:47:42 [Ntop.cpp:882] Adding fd00::baee:65ff:fe09:660c/64 as IPv6 local network for wlo1 26/May/2025 10:47:42 [Ntop.cpp:872] Adding fe80::baee:65ff:fe09:660c/128 as IPv6 interface address for wlo1 26/May/2025 10:47:42 [Ntop.cpp:882] Adding fe80::baee:65ff:fe09:660c/64 as IPv6 local network for wlo1 26/May/2025 10:47:43 [PeriodicActivities.cpp:109] Started periodic activities loop... 26/May/2025 10:47:44 [startup.lua:50] Processing startup.lua: please hold on... 26/May/2025 10:47:44 [startup.lua:144] [lists_utils.lua:758] Refreshing category lists... 26/May/2025 10:47:45 [startup.lua:144] [lists_utils.lua:621] WARNING: List 'SSLBL Botnet C2 IP Blacklist' has 0 rules. Please report this to https://github.com/ntop/ntopng 26/May/2025 10:47:45 [startup.lua:144] [lists_utils.lua:460] WARNING: Invalid domain '<!DOCTYPE html>' in list 'Snort IP Blacklist' 26/May/2025 10:47:45 [startup.lua:144] [lists_utils.lua:460] WARNING: Invalid domain '<html lang="en">' in list 'Snort IP Blacklist' And a whole list of simolar warnings, I lack the knowledge to judge whether this point to another problem or anything else
(In reply to Herman Viaene from comment #4) For some test you need a file https://bugs.mageia.org/attachment.cgi?id=8371 Bugs#19158 comment#4 If comment#6 output is the same with current version I think that could proceed
Output as in comment 6 is the same with the current version, so in full trust in katnatek, giving the OK.
Whiteboard: (none) => MGA9-64-OK
(In reply to Herman Viaene from comment #8) > Output as in comment 6 is the same with the current version, so in full > trust in katnatek, giving the OK. Well it looks more like an issue of ntopng with some configuration in your system than redis issue
Out of my expertise, so I'll trust in katnatek, as well. Validating.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2025-0171.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED