Upgrade urgency: SECURITY, Contains fixes to security issues that affect authenticated client connections. MODERATE otherwise. Fix integer overflow in STRALGO LCS (CVE-2021-32625) An integer overflow bug in Redis version 6.0 or newer can be exploited using the STRALGO LCS command to corrupt the heap and potentially result with remote code execution. This is a result of an incomplete fix by CVE-2021-29477.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a300cf170fb7ffa7dce510fedfea2e22e93cdca8 commit a300cf170fb7ffa7dce510fedfea2e22e93cdca8 Author: Sam James <sam@gentoo.org> AuthorDate: 2021-06-01 14:35:34 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2021-06-01 15:18:37 +0000 dev-db/redis: add 6.2.4 Bug: https://bugs.gentoo.org/793719 Signed-off-by: Sam James <sam@gentoo.org> dev-db/redis/Manifest | 1 + dev-db/redis/redis-6.2.4.ebuild | 187 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 188 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b5783e19f210558382f8fdb2825d2c49ebcd726d commit b5783e19f210558382f8fdb2825d2c49ebcd726d Author: Sam James <sam@gentoo.org> AuthorDate: 2021-06-01 14:22:50 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2021-06-01 15:18:36 +0000 dev-db/redis: add 6.0.14 Bug: https://bugs.gentoo.org/793719 Signed-off-by: Sam James <sam@gentoo.org> dev-db/redis/Manifest | 1 + dev-db/redis/redis-6.0.14.ebuild | 187 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 188 insertions(+)
sparc stable
x86 done
amd64 done
arm done
ppc64 done
arm64 done
ppc stable