Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 910191 (CVE-2022-24834, CVE-2023-36824) - <dev-db/redis-{6.2.13, 7.0.12}: Multiple vulnerabilities
Summary: <dev-db/redis-{6.2.13, 7.0.12}: Multiple vulnerabilities
Status: CONFIRMED
Alias: CVE-2022-24834, CVE-2023-36824
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B2 [glsa]
Keywords: PullRequest
Depends on: 910235 914574
Blocks:
  Show dependency tree
 
Reported: 2023-07-10 12:39 UTC by Petr Vaněk
Modified: 2024-07-20 08:37 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Petr Vaněk gentoo-dev 2023-07-10 12:39:21 UTC
CVE-2022-24834 - A specially crafted Lua script executing in Redis can trigger a heap overflow in the cjson and cmsgpack libraries, and result in heap corruption and potentially remote code execution. The problem exists in all versions of Redis with Lua scripting support, starting from 2.6, and affects only authenticated and authorized users.

CVE-2023-36824 - Extracting key names from a command and a list of arguments may, in some cases, trigger a heap overflow and result in reading random heap memory, heap corruption and potentially remote code execution. Specifically: using COMMAND GETKEYS* and validation of key names in ACL rules.
Comment 1 Larry the Git Cow gentoo-dev 2023-07-12 07:00:18 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7f005e9cd9e670ac80d75587af5072475ebb5b7a

commit 7f005e9cd9e670ac80d75587af5072475ebb5b7a
Author:     Petr Vaněk <arkamar@atlas.cz>
AuthorDate: 2023-07-10 12:17:51 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2023-07-12 06:59:52 +0000

    dev-db/redis: add 6.2.13
    
    Bug: https://bugs.gentoo.org/910191
    Signed-off-by: Petr Vaněk <arkamar@atlas.cz>
    Closes: https://github.com/gentoo/gentoo/pull/31823
    Signed-off-by: Sam James <sam@gentoo.org>

 dev-db/redis/Manifest            |   1 +
 dev-db/redis/redis-6.2.13.ebuild | 195 +++++++++++++++++++++++++++++++++++++++
 2 files changed, 196 insertions(+)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b0d749c9b237cdd6ce76e18151dc4abd070352f6

commit b0d749c9b237cdd6ce76e18151dc4abd070352f6
Author:     Petr Vaněk <arkamar@atlas.cz>
AuthorDate: 2023-07-10 12:14:52 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2023-07-12 06:59:52 +0000

    dev-db/redis: add 7.0.12
    
    Bug: https://bugs.gentoo.org/910191
    Signed-off-by: Petr Vaněk <arkamar@atlas.cz>
    Signed-off-by: Sam James <sam@gentoo.org>

 dev-db/redis/Manifest            |   1 +
 dev-db/redis/redis-7.0.12.ebuild | 187 +++++++++++++++++++++++++++++++++++++++
 2 files changed, 188 insertions(+)
Comment 2 Larry the Git Cow gentoo-dev 2023-07-25 04:56:40 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c951a17cd1fe9cae75a262fbda6128bbb24d24b6

commit c951a17cd1fe9cae75a262fbda6128bbb24d24b6
Author:     Petr Vaněk <arkamar@atlas.cz>
AuthorDate: 2023-07-15 07:56:12 +0000
Commit:     John Helmert III <ajak@gentoo.org>
CommitDate: 2023-07-25 04:56:32 +0000

    dev-db/redis: drop 6.2.12, 7.0.11
    
    Bug: https://bugs.gentoo.org/910191
    Signed-off-by: Petr Vaněk <arkamar@atlas.cz>
    Closes: https://github.com/gentoo/gentoo/pull/31895
    Signed-off-by: John Helmert III <ajak@gentoo.org>

 dev-db/redis/Manifest            |   2 -
 dev-db/redis/redis-6.2.12.ebuild | 195 ---------------------------------------
 dev-db/redis/redis-7.0.11.ebuild | 187 -------------------------------------
 3 files changed, 384 deletions(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=218682a12e5fc6cb8ca1052687aaf19180093122

commit 218682a12e5fc6cb8ca1052687aaf19180093122
Author:     Petr Vaněk <arkamar@atlas.cz>
AuthorDate: 2023-07-15 07:53:24 +0000
Commit:     John Helmert III <ajak@gentoo.org>
CommitDate: 2023-07-25 04:56:27 +0000

    dev-db/redis: drop 7.0.10
    
    Bug: https://bugs.gentoo.org/904486
    Bug: https://bugs.gentoo.org/910191
    Signed-off-by: Petr Vaněk <arkamar@atlas.cz>
    Signed-off-by: John Helmert III <ajak@gentoo.org>

 dev-db/redis/Manifest            |   1 -
 dev-db/redis/redis-7.0.10.ebuild | 187 ---------------------------------------
 2 files changed, 188 deletions(-)
Comment 3 Larry the Git Cow gentoo-dev 2024-01-09 14:24:37 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=40f0aeee0d9ab31c81a869f258821733048f7423

commit 40f0aeee0d9ab31c81a869f258821733048f7423
Author:     Petr Vaněk <arkamar@gentoo.org>
AuthorDate: 2024-01-09 14:12:04 +0000
Commit:     Petr Vaněk <arkamar@gentoo.org>
CommitDate: 2024-01-09 14:23:54 +0000

    dev-db/redis: drop versions
    
    This commit drops most of vulnerable versions, however, security
    cleanups are still blocked because of 7.0.5 which is the last stable
    version for arm.
    
    Bug: https://bugs.gentoo.org/891169
    Bug: https://bugs.gentoo.org/898464
    Bug: https://bugs.gentoo.org/902501
    Bug: https://bugs.gentoo.org/904486
    Bug: https://bugs.gentoo.org/910191
    Bug: https://bugs.gentoo.org/913741
    Bug: https://bugs.gentoo.org/915989
    Bug: https://bugs.gentoo.org/921662
    Signed-off-by: Petr Vaněk <arkamar@gentoo.org>

 dev-db/redis/Manifest                              |   7 -
 dev-db/redis/files/redis-6.2.7-cve-2022-3647.patch | 173 ------------------
 dev-db/redis/redis-6.2.11.ebuild                   | 195 --------------------
 dev-db/redis/redis-6.2.13.ebuild                   | 195 --------------------
 dev-db/redis/redis-6.2.7-r2.ebuild                 | 198 --------------------
 dev-db/redis/redis-7.0.12.ebuild                   | 187 -------------------
 dev-db/redis/redis-7.0.13.ebuild                   | 187 -------------------
 dev-db/redis/redis-7.0.9.ebuild                    | 187 -------------------
 dev-db/redis/redis-7.2.2.ebuild                    | 200 ---------------------
 9 files changed, 1529 deletions(-)
Comment 4 Larry the Git Cow gentoo-dev 2024-01-10 10:18:08 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3a7e6b8769400cbbd7e4f3161d8c7dfdd62af8af

commit 3a7e6b8769400cbbd7e4f3161d8c7dfdd62af8af
Author:     Petr Vaněk <arkamar@gentoo.org>
AuthorDate: 2024-01-10 10:05:04 +0000
Commit:     Petr Vaněk <arkamar@gentoo.org>
CommitDate: 2024-01-10 10:16:11 +0000

    dev-db/redis: destabilize 7.0.5-r1 for ~arm
    
    Dropping the stable keyword for arm architecture due to a lack of
    security stabilization for over a year.
    
    Bug: https://bugs.gentoo.org/891169
    Bug: https://bugs.gentoo.org/898464
    Bug: https://bugs.gentoo.org/902501
    Bug: https://bugs.gentoo.org/904486
    Bug: https://bugs.gentoo.org/910191
    Bug: https://bugs.gentoo.org/913741
    Bug: https://bugs.gentoo.org/915548#c6
    Bug: https://bugs.gentoo.org/915989
    Bug: https://bugs.gentoo.org/918847
    Bug: https://bugs.gentoo.org/921662
    Signed-off-by: Petr Vaněk <arkamar@gentoo.org>

 dev-db/redis/redis-7.0.5-r1.ebuild        | 4 ++--
 profiles/arch/arm/package.use.stable.mask | 2 ++
 2 files changed, 4 insertions(+), 2 deletions(-)
Comment 5 Larry the Git Cow gentoo-dev 2024-01-10 12:28:18 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8942d96c5ff1a45db0922d9e5e4403b050494bf6

commit 8942d96c5ff1a45db0922d9e5e4403b050494bf6
Author:     Petr Vaněk <arkamar@gentoo.org>
AuthorDate: 2024-01-10 12:25:59 +0000
Commit:     Petr Vaněk <arkamar@gentoo.org>
CommitDate: 2024-01-10 12:27:32 +0000

    dev-db/redis: drop 7.0.5-r1
    
    Bug: https://bugs.gentoo.org/891169
    Bug: https://bugs.gentoo.org/898464
    Bug: https://bugs.gentoo.org/902501
    Bug: https://bugs.gentoo.org/904486
    Bug: https://bugs.gentoo.org/910191
    Bug: https://bugs.gentoo.org/913741
    Bug: https://bugs.gentoo.org/915989
    Bug: https://bugs.gentoo.org/921662
    Signed-off-by: Petr Vaněk <arkamar@gentoo.org>

 dev-db/redis/Manifest                              |   1 -
 .../files/redis-7.0.4-replica-tests-fix.patch      |  61 -------
 dev-db/redis/files/redis-7.0.5-cve-2022-3647.patch | 173 -------------------
 dev-db/redis/redis-7.0.5-r1.ebuild                 | 191 ---------------------
 4 files changed, 426 deletions(-)