import redis-6.0.9-3.module+el8.4.0+10984+ed187465
This commit is contained in:
parent
2771094fa4
commit
ab1b607054
27
SOURCES/redis-CVE-2021-26477.patch
Normal file
27
SOURCES/redis-CVE-2021-26477.patch
Normal file
@ -0,0 +1,27 @@
|
||||
From 394614a5f91d88380f480c4610926a865b5b0f16 Mon Sep 17 00:00:00 2001
|
||||
From: Oran Agra <oran@redislabs.com>
|
||||
Date: Mon, 3 May 2021 08:32:31 +0300
|
||||
Subject: [PATCH] Fix integer overflow in STRALGO LCS (CVE-2021-29477)
|
||||
|
||||
An integer overflow bug in Redis version 6.0 or newer could be exploited using
|
||||
the STRALGO LCS command to corrupt the heap and potentially result with remote
|
||||
code execution.
|
||||
|
||||
(cherry picked from commit f0c5f920d0f88bd8aa376a2c05af4902789d1ef9)
|
||||
---
|
||||
src/t_string.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/t_string.c b/src/t_string.c
|
||||
index 4886f7e44388..5310a297db16 100644
|
||||
--- a/src/t_string.c
|
||||
+++ b/src/t_string.c
|
||||
@@ -576,7 +576,7 @@ void stralgoLCS(client *c) {
|
||||
/* Setup an uint32_t array to store at LCS[i,j] the length of the
|
||||
* LCS A0..i-1, B0..j-1. Note that we have a linear array here, so
|
||||
* we index it as LCS[j+(blen+1)*j] */
|
||||
- uint32_t *lcs = zmalloc((alen+1)*(blen+1)*sizeof(uint32_t));
|
||||
+ uint32_t *lcs = zmalloc((size_t)(alen+1)*(blen+1)*sizeof(uint32_t));
|
||||
#define LCS(A,B) lcs[(B)+((A)*(blen+1))]
|
||||
|
||||
/* Start building the LCS table. */
|
@ -20,7 +20,7 @@
|
||||
|
||||
Name: redis
|
||||
Version: 6.0.9
|
||||
Release: 2%{?dist}
|
||||
Release: 3%{?dist}
|
||||
Summary: A persistent key-value database
|
||||
# redis, jemalloc, linenoise, lzf, hiredis are BSD
|
||||
# lua is MIT
|
||||
@ -52,6 +52,7 @@ Patch0002: 0002-install-redis-check-rdb-as-a-symlink-instead-of-dupl.pat
|
||||
Patch0003: redis-config.patch
|
||||
|
||||
# Security patches
|
||||
Patch100: redis-CVE-2021-26477.patch
|
||||
|
||||
BuildRequires: gcc
|
||||
%if %{with tests}
|
||||
@ -136,6 +137,7 @@ mv ../%{name}-doc-%{doc_commit} doc
|
||||
%patch0001 -p1
|
||||
%patch0002 -p1
|
||||
%patch0003 -p1
|
||||
%patch100 -p1 -b .cve29477
|
||||
|
||||
mv deps/lua/COPYRIGHT COPYRIGHT-lua
|
||||
mv deps/jemalloc/COPYING COPYING-jemalloc
|
||||
@ -284,6 +286,10 @@ exit 0
|
||||
|
||||
|
||||
%changelog
|
||||
* Wed May 12 2021 Remi Collet <rcollet@redhat.com> - 6.0.9-3
|
||||
- fix integer overflow via STRALGO LCS command
|
||||
CVE-2021-29477
|
||||
|
||||
* Tue Nov 24 2020 Remi Collet <rcollet@redhat.com> - 6.0.9-2
|
||||
- revert "simplify config rewrite file" and keep
|
||||
configuration in /etc
|
||||
|
Loading…
Reference in New Issue
Block a user