QID 239725
Date Published: 2021-11-02
QID 239725: Red Hat Update for red hat openstack platform 13.0 (redis) (RHSA-2021:3980)
redis is an advanced key-value store.
Security Fix(es):- lua scripts can overflow the heap-based lua stack (cve-2021-32626)
- integer overflow issue with streams (cve-2021-32627)
- integer overflow bug in the ziplist data structure (cve-2021-32628)
- denial of service via redis standard protocol (resp) request
Affected Products:
- Red Hat openstack 13 - extended life cycle support 13 x86_64
- Red Hat openstack 13 for ibm power - extended life cycle support 13 ppc64le
- Red Hat openstack 13 director deployment tools - extended life cycle support 13 x86_64
- Red Hat openstack 13 director deployment tools for ibm power le - extended life cycle support 13 ppc64le
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.
On successful exploitation, it could allow an attacker to execute code.
Solution
Upgrade to the latest packages which contain a patch.
Refer to Refer to :
Applying Package Updates to RHEL system for details.
Refer to Red Hat security advisory RHSA-2021:3980 Update to address this issue and obtain more information.
Vendor References
- RHSA-2021:3980 -
access.redhat.com/errata/RHSA-2021:3980
CVEs related to QID 239725
Software Advisories
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| RHSA-2021:3980 | Red Hat Enterprise Linux |
access.redhat.com/errata/RHSA-2021:3980 |