diff options
| author |   Tony Tascioglu <tony.tascioglu@windriver.com> | 2021-08-10 11:51:45 -0700 |
|---|---|---|
| committer |   Armin Kuster <akuster808@gmail.com> | 2021-08-14 11:43:12 -0700 |
| commit | acf5769aff4edb67b187d70ac339a6484e1cc527 (patch) | |
| tree | e8f514fc0cfa31537d3d5de0a5335c63a6eeb3b5 /meta-oe/recipes-extended/redis/redis_6.2.2.bb | |
| parent | b2c8972406a263fac9e8b8f3a41251b6d451ef10 (diff) | |
| download | meta-openembedded-contrib-acf5769aff4edb67b187d70ac339a6484e1cc527.tar.gz | |
redis: fix CVE-2021-32625
CVE: CVE-2021-32625
Upstream-Status: Backport [e9a1438ac4c52aa68dfa2a8324b6419356842116]
Fix integer overflow in STRALGO LCS (CVE-2021-32625) (#9011)
An integer overflow bug in Redis version 6.0 or newer can be exploited using the
STRALGO LCS command to corrupt the heap and potentially result with remote code
execution. This is a result of an incomplete fix by CVE-2021-29477.
Signed-off-by: Tony Tascioglu <tony.tascioglu@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Diffstat (limited to 'meta-oe/recipes-extended/redis/redis_6.2.2.bb')
| -rw-r--r-- | meta-oe/recipes-extended/redis/redis_6.2.2.bb | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/meta-oe/recipes-extended/redis/redis_6.2.2.bb b/meta-oe/recipes-extended/redis/redis_6.2.2.bb index a36c190af3..a9e6eaffaa 100644 --- a/meta-oe/recipes-extended/redis/redis_6.2.2.bb +++ b/meta-oe/recipes-extended/redis/redis_6.2.2.bb @@ -18,6 +18,7 @@ SRC_URI = "http://download.redis.io/releases/${BP}.tar.gz \ file://0006-Define-correct-gregs-for-RISCV32.patch \ file://fix-CVE-2021-29477.patch \ file://fix-CVE-2021-29478.patch \ + file://fix-CVE-2021-32625.patch \ " SRC_URI[sha256sum] = "7a260bb74860f1b88c3d5942bf8ba60ca59f121c6dce42d3017bed6add0b9535" |