Issued:: 2021-10-25
Updated:: 2021-10-25

RHSA-2021:3980 - Security Advisory

Overview
Updated Packages

Synopsis

Important: Red Hat OpenStack Platform 13.0 (redis) security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for redis is now available for Red Hat OpenStack Platform 13
(Queens).

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

Description

Redis is an advanced key-value store.

Security Fix(es):

Lua scripts can overflow the heap-based Lua stack (CVE-2021-32626)
Integer overflow issue with Streams (CVE-2021-32627)
Integer overflow bug in the ziplist data structure (CVE-2021-32628)
Denial of service via Redis Standard Protocol (RESP) request

(CVE-2021-32675)

Integer overflow issue with intsets (CVE-2021-32687)
Integer overflow issue with strings (CVE-2021-41099)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page listed in the References section.

Solution

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat OpenStack 13 - Extended Life Cycle Support 13 x86_64
Red Hat OpenStack 13 for IBM Power - Extended Life Cycle Support 13 ppc64le
Red Hat OpenStack 13 Director Deployment Tools - Extended Life Cycle Support 13 x86_64
Red Hat OpenStack 13 Director Deployment Tools for IBM Power LE - Extended Life Cycle Support 13 ppc64le

Fixes

BZ - 2010991 - CVE-2021-32687 redis: Integer overflow issue with intsets
BZ - 2011000 - CVE-2021-32675 redis: Denial of service via Redis Standard Protocol (RESP) request
BZ - 2011004 - CVE-2021-32628 redis: Integer overflow bug in the ziplist data structure
BZ - 2011010 - CVE-2021-32627 redis: Integer overflow issue with Streams
BZ - 2011017 - CVE-2021-32626 redis: Lua scripts can overflow the heap-based Lua stack
BZ - 2011020 - CVE-2021-41099 redis: Integer overflow issue with strings

CVEs

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat OpenStack 13 - Extended Life Cycle Support 13

SRPM
redis-3.2.8-5.el7ost.src.rpm	SHA-256: f42ebad6516cec7655dd16679fcb583835f523018ccba6277369eea052ef07e8
x86_64
redis-3.2.8-5.el7ost.x86_64.rpm	SHA-256: caf9d165088cb9b56f981df89dc08aba6beb2cacdf55efeec5ab1bd77d5527f4
redis-debuginfo-3.2.8-5.el7ost.x86_64.rpm	SHA-256: f7900b74541959d9c077ffa36696f5699e27977e0fbde424efb2d099b7e3c98b

Red Hat OpenStack 13 for IBM Power - Extended Life Cycle Support 13

SRPM
redis-3.2.8-5.el7ost.src.rpm	SHA-256: f42ebad6516cec7655dd16679fcb583835f523018ccba6277369eea052ef07e8
ppc64le
redis-3.2.8-5.el7ost.ppc64le.rpm	SHA-256: 5fc3a61e356476780348d145173c32980860a5b97b4f7524392cc2116205800b
redis-debuginfo-3.2.8-5.el7ost.ppc64le.rpm	SHA-256: 515923b934406d65447a1ad6ada525668b94d7100d965f54780d2e9568f66fff

Red Hat OpenStack 13 Director Deployment Tools - Extended Life Cycle Support 13

SRPM
redis-3.2.8-5.el7ost.src.rpm	SHA-256: f42ebad6516cec7655dd16679fcb583835f523018ccba6277369eea052ef07e8
x86_64
redis-3.2.8-5.el7ost.x86_64.rpm	SHA-256: caf9d165088cb9b56f981df89dc08aba6beb2cacdf55efeec5ab1bd77d5527f4
redis-debuginfo-3.2.8-5.el7ost.x86_64.rpm	SHA-256: f7900b74541959d9c077ffa36696f5699e27977e0fbde424efb2d099b7e3c98b

Red Hat OpenStack 13 Director Deployment Tools for IBM Power LE - Extended Life Cycle Support 13

SRPM
redis-3.2.8-5.el7ost.src.rpm	SHA-256: f42ebad6516cec7655dd16679fcb583835f523018ccba6277369eea052ef07e8
ppc64le
redis-3.2.8-5.el7ost.ppc64le.rpm	SHA-256: 5fc3a61e356476780348d145173c32980860a5b97b4f7524392cc2116205800b
redis-debuginfo-3.2.8-5.el7ost.ppc64le.rpm	SHA-256: 515923b934406d65447a1ad6ada525668b94d7100d965f54780d2e9568f66fff

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation