import redis-6.0.9-3.module+el8.4.0+10984+ed187465
This commit is contained in:
parent
530799fc58
commit
3690af4c88
27
SOURCES/redis-CVE-2021-26477.patch
Normal file
27
SOURCES/redis-CVE-2021-26477.patch
Normal file
@ -0,0 +1,27 @@
|
|||||||
|
From 394614a5f91d88380f480c4610926a865b5b0f16 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Oran Agra <oran@redislabs.com>
|
||||||
|
Date: Mon, 3 May 2021 08:32:31 +0300
|
||||||
|
Subject: [PATCH] Fix integer overflow in STRALGO LCS (CVE-2021-29477)
|
||||||
|
|
||||||
|
An integer overflow bug in Redis version 6.0 or newer could be exploited using
|
||||||
|
the STRALGO LCS command to corrupt the heap and potentially result with remote
|
||||||
|
code execution.
|
||||||
|
|
||||||
|
(cherry picked from commit f0c5f920d0f88bd8aa376a2c05af4902789d1ef9)
|
||||||
|
---
|
||||||
|
src/t_string.c | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/src/t_string.c b/src/t_string.c
|
||||||
|
index 4886f7e44388..5310a297db16 100644
|
||||||
|
--- a/src/t_string.c
|
||||||
|
+++ b/src/t_string.c
|
||||||
|
@@ -576,7 +576,7 @@ void stralgoLCS(client *c) {
|
||||||
|
/* Setup an uint32_t array to store at LCS[i,j] the length of the
|
||||||
|
* LCS A0..i-1, B0..j-1. Note that we have a linear array here, so
|
||||||
|
* we index it as LCS[j+(blen+1)*j] */
|
||||||
|
- uint32_t *lcs = zmalloc((alen+1)*(blen+1)*sizeof(uint32_t));
|
||||||
|
+ uint32_t *lcs = zmalloc((size_t)(alen+1)*(blen+1)*sizeof(uint32_t));
|
||||||
|
#define LCS(A,B) lcs[(B)+((A)*(blen+1))]
|
||||||
|
|
||||||
|
/* Start building the LCS table. */
|
@ -20,7 +20,7 @@
|
|||||||
|
|
||||||
Name: redis
|
Name: redis
|
||||||
Version: 6.0.9
|
Version: 6.0.9
|
||||||
Release: 2%{?dist}
|
Release: 3%{?dist}
|
||||||
Summary: A persistent key-value database
|
Summary: A persistent key-value database
|
||||||
# redis, jemalloc, linenoise, lzf, hiredis are BSD
|
# redis, jemalloc, linenoise, lzf, hiredis are BSD
|
||||||
# lua is MIT
|
# lua is MIT
|
||||||
@ -52,6 +52,7 @@ Patch0002: 0002-install-redis-check-rdb-as-a-symlink-instead-of-dupl.pat
|
|||||||
Patch0003: redis-config.patch
|
Patch0003: redis-config.patch
|
||||||
|
|
||||||
# Security patches
|
# Security patches
|
||||||
|
Patch100: redis-CVE-2021-26477.patch
|
||||||
|
|
||||||
BuildRequires: gcc
|
BuildRequires: gcc
|
||||||
%if %{with tests}
|
%if %{with tests}
|
||||||
@ -136,6 +137,7 @@ mv ../%{name}-doc-%{doc_commit} doc
|
|||||||
%patch0001 -p1
|
%patch0001 -p1
|
||||||
%patch0002 -p1
|
%patch0002 -p1
|
||||||
%patch0003 -p1
|
%patch0003 -p1
|
||||||
|
%patch100 -p1 -b .cve29477
|
||||||
|
|
||||||
mv deps/lua/COPYRIGHT COPYRIGHT-lua
|
mv deps/lua/COPYRIGHT COPYRIGHT-lua
|
||||||
mv deps/jemalloc/COPYING COPYING-jemalloc
|
mv deps/jemalloc/COPYING COPYING-jemalloc
|
||||||
@ -284,6 +286,10 @@ exit 0
|
|||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed May 12 2021 Remi Collet <rcollet@redhat.com> - 6.0.9-3
|
||||||
|
- fix integer overflow via STRALGO LCS command
|
||||||
|
CVE-2021-29477
|
||||||
|
|
||||||
* Tue Nov 24 2020 Remi Collet <rcollet@redhat.com> - 6.0.9-2
|
* Tue Nov 24 2020 Remi Collet <rcollet@redhat.com> - 6.0.9-2
|
||||||
- revert "simplify config rewrite file" and keep
|
- revert "simplify config rewrite file" and keep
|
||||||
configuration in /etc
|
configuration in /etc
|
||||||
|
Loading…
Reference in New Issue
Block a user