===================================================================== CERT-Renater Note d'Information No. 2021/VULN089 _____________________________________________________________________ DATE : 22/02/2022 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Debian running redis versions prior to 5:5.0.14-1+deb10u2, 5:6.0.16-1+deb11u2. ===================================================================== https://www.debian.org/security/2022/dsa-5081 https://lists.debian.org/debian-security-announce/2022/msg00048.html _____________________________________________________________________ - ------------------------------------------------------------------------- Debian Security Advisory DSA-5081-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff February 18, 2022 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : redis CVE ID : CVE-2022-0543 Debian Bug : 1005787 Reginaldo Silva discovered a (Debian-specific) Lua sandbox escape in Redis, a persistent key-value database. For the oldstable distribution (buster), this problem has been fixed in version 5:5.0.14-1+deb10u2. For the stable distribution (bullseye), this problem has been fixed in version 5:6.0.16-1+deb11u2. We recommend that you upgrade your redis packages. For the detailed security status of redis please refer to its security tracker page at: https://security-tracker.debian.org/tracker/redis Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================