[El-errata] ELSA-2021-3918 Important: Oracle Linux 8 redis:5 security update

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Tue Oct 19 18:58:09 PDT 2021


Oracle Linux Security Advisory ELSA-2021-3918

http://linux.oracle.com/errata/ELSA-2021-3918.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
redis-5.0.3-5.module+el8.4.0+20382+7694043a.x86_64.rpm
redis-devel-5.0.3-5.module+el8.4.0+20382+7694043a.x86_64.rpm
redis-doc-5.0.3-5.module+el8.4.0+20382+7694043a.noarch.rpm

aarch64:
redis-5.0.3-5.module+el8.4.0+20382+7694043a.aarch64.rpm
redis-devel-5.0.3-5.module+el8.4.0+20382+7694043a.aarch64.rpm
redis-doc-5.0.3-5.module+el8.4.0+20382+7694043a.noarch.rpm


SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/redis-5.0.3-5.module+el8.4.0+20382+7694043a.src.rpm

Related CVEs:

CVE-2021-32626
CVE-2021-32627
CVE-2021-32628
CVE-2021-32675
CVE-2021-32687
CVE-2021-41099




Description of changes:

[5.0.3-5]
- fix denial of service via Redis Standard Protocol (RESP) request
  CVE-2021-32675

[5.0.3-4]
- fix lua scripts can overflow the heap-based Lua stack
  CVE-2021-32626
- fix integer overflow issue with Streams
  CVE-2021-32627
- fix integer overflow bug in the ziplist data structure
  CVE-2021-32628
- fix integer overflow issue with intsets
  CVE-2021-32687
- fix integer overflow issue with strings
  CVE-2021-41099



More information about the El-errata mailing list