Issued:
2021-10-20
Updated:
2021-10-20

RHSA-2021:3944 - Security Advisory

Synopsis

Important: redis:5 security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for the redis:5 module is now available for Red Hat Enterprise Linux 8.2 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, or by appending each command to a log.

Security Fix(es):

  • redis: Lua scripts can overflow the heap-based Lua stack (CVE-2021-32626)
  • redis: Integer overflow issue with Streams (CVE-2021-32627)
  • redis: Integer overflow bug in the ziplist data structure (CVE-2021-32628)
  • redis: Denial of service via Redis Standard Protocol (RESP) request (CVE-2021-32675)
  • redis: Integer overflow issue with intsets (CVE-2021-32687)
  • redis: Integer overflow issue with strings (CVE-2021-41099)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.2 x86_64
  • Red Hat Enterprise Linux Server - AUS 8.2 x86_64
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.2 s390x
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.2 ppc64le
  • Red Hat Enterprise Linux Server - TUS 8.2 x86_64
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.2 aarch64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.2 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.2 x86_64

Fixes

  • BZ - 2010991 - CVE-2021-32687 redis: Integer overflow issue with intsets
  • BZ - 2011000 - CVE-2021-32675 redis: Denial of service via Redis Standard Protocol (RESP) request
  • BZ - 2011004 - CVE-2021-32628 redis: Integer overflow bug in the ziplist data structure
  • BZ - 2011010 - CVE-2021-32627 redis: Integer overflow issue with Streams
  • BZ - 2011017 - CVE-2021-32626 redis: Lua scripts can overflow the heap-based Lua stack
  • BZ - 2011020 - CVE-2021-41099 redis: Integer overflow issue with strings

Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.2

SRPM
redis-5.0.3-5.module+el8.2.0+12926+485b5fc9.src.rpm SHA-256: e56e594e564af6a43fb764f13c3dcc9e521a77f84d2dadfdc5b1c90c7a2fceda
x86_64
redis-doc-5.0.3-5.module+el8.2.0+12926+485b5fc9.noarch.rpm SHA-256: c8442cf3fcb8d15f75b1f5ca906b3d0cc1318af255bc42858fb4191e0771a4e0
redis-5.0.3-5.module+el8.2.0+12926+485b5fc9.x86_64.rpm SHA-256: 7f8d855fb85ea8c6f3e68cf1be69ccb1a142e0c2edfa2ed827609885740d3ef4
redis-debuginfo-5.0.3-5.module+el8.2.0+12926+485b5fc9.x86_64.rpm SHA-256: 422754224c02a757c418900aab795893a6ffcbce5679d0b74e87b9a76f5c94e9
redis-debugsource-5.0.3-5.module+el8.2.0+12926+485b5fc9.x86_64.rpm SHA-256: d5641c0f4b04b869ff7aad7f20c7078af29a91d9cbc4682aad93447ac668c927
redis-devel-5.0.3-5.module+el8.2.0+12926+485b5fc9.x86_64.rpm SHA-256: d1874ce3919aa8b9b313a6213fa3820e2f42ae95a8ab00087b2d01f1756967b1

Red Hat Enterprise Linux Server - AUS 8.2

SRPM
redis-5.0.3-5.module+el8.2.0+12926+485b5fc9.src.rpm SHA-256: e56e594e564af6a43fb764f13c3dcc9e521a77f84d2dadfdc5b1c90c7a2fceda
x86_64
redis-doc-5.0.3-5.module+el8.2.0+12926+485b5fc9.noarch.rpm SHA-256: c8442cf3fcb8d15f75b1f5ca906b3d0cc1318af255bc42858fb4191e0771a4e0
redis-5.0.3-5.module+el8.2.0+12926+485b5fc9.x86_64.rpm SHA-256: 7f8d855fb85ea8c6f3e68cf1be69ccb1a142e0c2edfa2ed827609885740d3ef4
redis-debuginfo-5.0.3-5.module+el8.2.0+12926+485b5fc9.x86_64.rpm SHA-256: 422754224c02a757c418900aab795893a6ffcbce5679d0b74e87b9a76f5c94e9
redis-debugsource-5.0.3-5.module+el8.2.0+12926+485b5fc9.x86_64.rpm SHA-256: d5641c0f4b04b869ff7aad7f20c7078af29a91d9cbc4682aad93447ac668c927
redis-devel-5.0.3-5.module+el8.2.0+12926+485b5fc9.x86_64.rpm SHA-256: d1874ce3919aa8b9b313a6213fa3820e2f42ae95a8ab00087b2d01f1756967b1

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.2

SRPM
redis-5.0.3-5.module+el8.2.0+12926+485b5fc9.src.rpm SHA-256: e56e594e564af6a43fb764f13c3dcc9e521a77f84d2dadfdc5b1c90c7a2fceda
s390x
redis-doc-5.0.3-5.module+el8.2.0+12926+485b5fc9.noarch.rpm SHA-256: c8442cf3fcb8d15f75b1f5ca906b3d0cc1318af255bc42858fb4191e0771a4e0
redis-5.0.3-5.module+el8.2.0+12926+485b5fc9.s390x.rpm SHA-256: 2056ea70861aae60e926520d73d636747215fec10795a13b40cc8dad63be374d
redis-debuginfo-5.0.3-5.module+el8.2.0+12926+485b5fc9.s390x.rpm SHA-256: 1345e7fd53ffcb9ba97f86a04dc26bde989370ef77ebd118310ab0ddd38a6126
redis-debugsource-5.0.3-5.module+el8.2.0+12926+485b5fc9.s390x.rpm SHA-256: 20663d4dfcb3a64949fd3092d99fefccde9ccbf535b457a8025ce85ff2aec8c1
redis-devel-5.0.3-5.module+el8.2.0+12926+485b5fc9.s390x.rpm SHA-256: 632b5485da0cff5e83656f85e88a89f13b59e5d0743ad38a14b9757c8ac2fbc7

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.2

SRPM
redis-5.0.3-5.module+el8.2.0+12926+485b5fc9.src.rpm SHA-256: e56e594e564af6a43fb764f13c3dcc9e521a77f84d2dadfdc5b1c90c7a2fceda
ppc64le
redis-doc-5.0.3-5.module+el8.2.0+12926+485b5fc9.noarch.rpm SHA-256: c8442cf3fcb8d15f75b1f5ca906b3d0cc1318af255bc42858fb4191e0771a4e0
redis-5.0.3-5.module+el8.2.0+12926+485b5fc9.ppc64le.rpm SHA-256: 5f121ec52dad1476af88dcbbb8bdf9eff185311018d5eb0045d29b407a2dcd98
redis-debuginfo-5.0.3-5.module+el8.2.0+12926+485b5fc9.ppc64le.rpm SHA-256: 63513a3c1a26ebe7a68dc9510f56c4446259240da8eb13b71033ba166dd6a275
redis-debugsource-5.0.3-5.module+el8.2.0+12926+485b5fc9.ppc64le.rpm SHA-256: e6274dc752e0860976cbee0bc49e1ca2d2c9d29905ee20c05ca8919ac1733bbc
redis-devel-5.0.3-5.module+el8.2.0+12926+485b5fc9.ppc64le.rpm SHA-256: ed0f45e910a65ed953974ba9b7e594558f3e82b4046527d75bbe5931c959d3db

Red Hat Enterprise Linux Server - TUS 8.2

SRPM
redis-5.0.3-5.module+el8.2.0+12926+485b5fc9.src.rpm SHA-256: e56e594e564af6a43fb764f13c3dcc9e521a77f84d2dadfdc5b1c90c7a2fceda
x86_64
redis-doc-5.0.3-5.module+el8.2.0+12926+485b5fc9.noarch.rpm SHA-256: c8442cf3fcb8d15f75b1f5ca906b3d0cc1318af255bc42858fb4191e0771a4e0
redis-5.0.3-5.module+el8.2.0+12926+485b5fc9.x86_64.rpm SHA-256: 7f8d855fb85ea8c6f3e68cf1be69ccb1a142e0c2edfa2ed827609885740d3ef4
redis-debuginfo-5.0.3-5.module+el8.2.0+12926+485b5fc9.x86_64.rpm SHA-256: 422754224c02a757c418900aab795893a6ffcbce5679d0b74e87b9a76f5c94e9
redis-debugsource-5.0.3-5.module+el8.2.0+12926+485b5fc9.x86_64.rpm SHA-256: d5641c0f4b04b869ff7aad7f20c7078af29a91d9cbc4682aad93447ac668c927
redis-devel-5.0.3-5.module+el8.2.0+12926+485b5fc9.x86_64.rpm SHA-256: d1874ce3919aa8b9b313a6213fa3820e2f42ae95a8ab00087b2d01f1756967b1

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.2

SRPM
redis-5.0.3-5.module+el8.2.0+12926+485b5fc9.src.rpm SHA-256: e56e594e564af6a43fb764f13c3dcc9e521a77f84d2dadfdc5b1c90c7a2fceda
aarch64
redis-5.0.3-5.module+el8.2.0+12926+485b5fc9.aarch64.rpm SHA-256: 7b1a3e290763290626a2561def0887673448a175cea01bd26b4824cd89554402
redis-debuginfo-5.0.3-5.module+el8.2.0+12926+485b5fc9.aarch64.rpm SHA-256: ea5819ab289e4e1a04c2a08538e76aeb609d38e84dcac299855f572a45506a8d
redis-debugsource-5.0.3-5.module+el8.2.0+12926+485b5fc9.aarch64.rpm SHA-256: 2847c03695706ab37e8bd86777cf2e85851c319220da33e298ca45291d5314f4
redis-devel-5.0.3-5.module+el8.2.0+12926+485b5fc9.aarch64.rpm SHA-256: 3ef31ff665e7d71308da41c669fcfb47838b9520704d34dd9bebeb1a7fc9444b
redis-doc-5.0.3-5.module+el8.2.0+12926+485b5fc9.noarch.rpm SHA-256: c8442cf3fcb8d15f75b1f5ca906b3d0cc1318af255bc42858fb4191e0771a4e0

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.2

SRPM
redis-5.0.3-5.module+el8.2.0+12926+485b5fc9.src.rpm SHA-256: e56e594e564af6a43fb764f13c3dcc9e521a77f84d2dadfdc5b1c90c7a2fceda
ppc64le
redis-doc-5.0.3-5.module+el8.2.0+12926+485b5fc9.noarch.rpm SHA-256: c8442cf3fcb8d15f75b1f5ca906b3d0cc1318af255bc42858fb4191e0771a4e0
redis-5.0.3-5.module+el8.2.0+12926+485b5fc9.ppc64le.rpm SHA-256: 5f121ec52dad1476af88dcbbb8bdf9eff185311018d5eb0045d29b407a2dcd98
redis-debuginfo-5.0.3-5.module+el8.2.0+12926+485b5fc9.ppc64le.rpm SHA-256: 63513a3c1a26ebe7a68dc9510f56c4446259240da8eb13b71033ba166dd6a275
redis-debugsource-5.0.3-5.module+el8.2.0+12926+485b5fc9.ppc64le.rpm SHA-256: e6274dc752e0860976cbee0bc49e1ca2d2c9d29905ee20c05ca8919ac1733bbc
redis-devel-5.0.3-5.module+el8.2.0+12926+485b5fc9.ppc64le.rpm SHA-256: ed0f45e910a65ed953974ba9b7e594558f3e82b4046527d75bbe5931c959d3db

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.2

SRPM
redis-5.0.3-5.module+el8.2.0+12926+485b5fc9.src.rpm SHA-256: e56e594e564af6a43fb764f13c3dcc9e521a77f84d2dadfdc5b1c90c7a2fceda
x86_64
redis-doc-5.0.3-5.module+el8.2.0+12926+485b5fc9.noarch.rpm SHA-256: c8442cf3fcb8d15f75b1f5ca906b3d0cc1318af255bc42858fb4191e0771a4e0
redis-5.0.3-5.module+el8.2.0+12926+485b5fc9.x86_64.rpm SHA-256: 7f8d855fb85ea8c6f3e68cf1be69ccb1a142e0c2edfa2ed827609885740d3ef4
redis-debuginfo-5.0.3-5.module+el8.2.0+12926+485b5fc9.x86_64.rpm SHA-256: 422754224c02a757c418900aab795893a6ffcbce5679d0b74e87b9a76f5c94e9
redis-debugsource-5.0.3-5.module+el8.2.0+12926+485b5fc9.x86_64.rpm SHA-256: d5641c0f4b04b869ff7aad7f20c7078af29a91d9cbc4682aad93447ac668c927
redis-devel-5.0.3-5.module+el8.2.0+12926+485b5fc9.x86_64.rpm SHA-256: d1874ce3919aa8b9b313a6213fa3820e2f42ae95a8ab00087b2d01f1756967b1

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.