Red Hat Product Errata RHBA-2025:0698 - Bug Fix Advisory
Issued:
2025-01-27
Updated:
2025-01-27

RHBA-2025:0698 - Bug Fix Advisory

Synopsis

updated rhel8/redis-6 container image

Type/Severity

Bug Fix Advisory

Topic

Updated rhel8/redis-6 container image is now available for Red Hat Enterprise Linux 8.

Description

The rhel8/redis-6 container image has been updated for Red Hat Enterprise Linux 8 to address the following security advisory: RHSA-2025:0595 (see References)

Users of rhel8/redis-6 container images are advised to upgrade to these updated images, which contain backported patches to correct these security issues, fix these bugs and add these enhancements. Users of these images are also encouraged to rebuild all container images that depend on these images.

You can find images updated by this advisory in Red Hat Container Catalog (see References).

Solution

The Red Hat Enterprise Linux 8 container image provided by this update can be downloaded from the Red Hat Container Registry at registry.access.redhat.com. Installation instructions for your platform are available at Red Hat Container Catalog (see References).

Dockerfiles and scripts should be amended either to refer to this new image specifically, or to the latest image generally.

Affected Products

  • Red Hat Enterprise Linux for x86_64 8 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 8 s390x
  • Red Hat Enterprise Linux for Power, little endian 8 ppc64le
  • Red Hat Enterprise Linux for ARM 64 8 aarch64

Fixes

  • BZ - 2163132 - CVE-2023-22458 redis: Integer overflow in the Redis HRANDFIELD and ZRANDMEMBER commands may lead to denial-of-service
  • BZ - 2163133 - CVE-2022-35977 redis: Integer overflow in the Redis SETRANGE and SORT/SORT_RO commands may result with false OOM panic
  • BZ - 2174305 - CVE-2022-36021 redis: Specially crafted SRANDMEMBER, ZRANDMEMBER, and HRANDFIELD commands can trigger an integer overflow
  • BZ - 2174306 - CVE-2023-25155 redis: String matching commands (like SCAN or KEYS) with a specially crafted pattern to trigger a denial-of-service attack
  • BZ - 2187525 - CVE-2023-28856 redis: Insufficient validation of HINCRBYFLOAT command
  • BZ - 2221662 - CVE-2022-24834 redis: heap overflow in the lua cjson and cmsgpack libraries
  • BZ - 2244940 - CVE-2023-45145 redis: possible bypass of Unix socket permissions on startup
  • BZ - 2317056 - CVE-2024-31449 redis: Lua library commands may lead to stack overflow and RCE in Redis
  • BZ - 2317058 - CVE-2024-31228 redis: Denial-of-service due to unbounded pattern matching in Redis
  • BZ - 2336004 - CVE-2024-46981 redis: Redis' Lua library commands may lead to remote code execution
  • RHEL-66165 - redis:6 rebase to 6.2.16

aarch64

rhel8/redis-6@sha256:282e8d2faea25255cd050b5866dc716f8057606cbfb3ac273738d03b054d96ca

ppc64le

rhel8/redis-6@sha256:e6bb6a26a1ca44eba184b91931b438307be4aea80b7b88365141b08bdaf657bd

s390x

rhel8/redis-6@sha256:52d358f55d086abca03cfbc299cabebcb0181b146b2fe2c91b1136bc0ec1ea5c

x86_64

rhel8/redis-6@sha256:d3fec525e54cf9056b5999efa4e63b47cb5e0851e7787b113cb531effab25cde

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.