Bugzilla – Bug 1002351
VUL-0: CVE-2016-8339: redis: CONFIG SET client-output-buffer-limit Code Execution Vulnerability
Last modified: 2020-11-11 14:35:20 UTC
Info: [1] http://blog.talosintel.com/2016/09/redis-vulnerability.html [2] http://www.talosintelligence.com/reports/TALOS-2016-0206/ From [2]: Tested Versions: Redis - 3.2.3 Due to https://software.opensuse.org/package/redis , version 3.2.3 is being in use in Tumbleweed branch of openSUSE.
(In reply to Mikhail Kasimov from comment #0) > Info: > > [1] http://blog.talosintel.com/2016/09/redis-vulnerability.html > [2] http://www.talosintelligence.com/reports/TALOS-2016-0206/ > > From [2]: Tested Versions: Redis - 3.2.3 > > Due to https://software.opensuse.org/package/redis , version 3.2.3 is being > in use in Tumbleweed branch of openSUSE. UPD: server:database 3.2.3 for 13.2, 42.1, 42.2, SLE-12, SLE-11 SP4.
Factory only.
bugbot adjusting priority
https://github.com/antirez/redis/commit/6d9f8e2462fc2c426d48c941edeb78e5df7d2977 https://build.opensuse.org/request/show/437057
SUSE-OU-2020:3291-1: An update that solves 7 vulnerabilities, contains four features and has two fixes is now available. Category: optional (moderate) Bug References: 1002351,1047218,1061967,1064980,1097430,1131555,798455,835815,991250 CVE References: CVE-2013-7458,CVE-2015-8080,CVE-2016-10517,CVE-2016-8339,CVE-2017-15047,CVE-2018-11218,CVE-2018-11219 JIRA References: ECO-2417,ECO-2867,SLE-11578,SLE-12821 Sources used: SUSE Linux Enterprise Module for Server Applications 15-SP2 (src): redis-6.0.8-1.3.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.