Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 902501 (CVE-2023-28425) - <dev-db/redis-7.0.10: Specially crafted MSETNX command can lead to assertion and denial-of-service
Summary: <dev-db/redis-7.0.10: Specially crafted MSETNX command can lead to assertion ...
Status: RESOLVED FIXED
Alias: CVE-2023-28425
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal
Assignee: Gentoo Security
URL:
Whiteboard: B2 [glsa+]
Keywords: PullRequest
Depends on: 902721 905692 914574
Blocks:
  Show dependency tree
 
Reported: 2023-03-21 07:47 UTC by Petr Vaněk
Modified: 2024-08-07 06:35 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Petr Vaněk gentoo-dev 2023-03-21 07:47:22 UTC
CVE-2023-28425 - Starting in version 7.0.8 and prior to version 7.0.10, authenticated users can use the MSETNX command to trigger a runtime assertion and termination of the Redis server process. The problem is fixed in Redis version 7.0.10.
Comment 1 Larry the Git Cow gentoo-dev 2023-03-22 01:20:27 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=19681fd5fa178dc41d2f61225a0958ea3b538224

commit 19681fd5fa178dc41d2f61225a0958ea3b538224
Author:     Petr Vaněk <arkamar@atlas.cz>
AuthorDate: 2023-03-21 08:07:29 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2023-03-22 01:17:37 +0000

    dev-db/redis: drop 6.2.10, 7.0.8
    
    Bug: https://bugs.gentoo.org/891169
    Bug: https://bugs.gentoo.org/898464
    Bug: https://bugs.gentoo.org/902501
    Signed-off-by: Petr Vaněk <arkamar@atlas.cz>
    Closes: https://github.com/gentoo/gentoo/pull/30278
    Signed-off-by: Sam James <sam@gentoo.org>

 dev-db/redis/Manifest            |   2 -
 dev-db/redis/redis-6.2.10.ebuild | 195 ---------------------------------------
 dev-db/redis/redis-7.0.8.ebuild  | 187 -------------------------------------
 3 files changed, 384 deletions(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=971d538d97b1448ba5fb980919393b1eeb9c8f44

commit 971d538d97b1448ba5fb980919393b1eeb9c8f44
Author:     Petr Vaněk <arkamar@atlas.cz>
AuthorDate: 2023-03-21 07:51:37 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2023-03-22 01:17:37 +0000

    dev-db/redis: add 7.0.10
    
    Bug: https://bugs.gentoo.org/902501
    Signed-off-by: Petr Vaněk <arkamar@atlas.cz>
    Signed-off-by: Sam James <sam@gentoo.org>

 dev-db/redis/Manifest            |   1 +
 dev-db/redis/redis-7.0.10.ebuild | 187 +++++++++++++++++++++++++++++++++++++++
 2 files changed, 188 insertions(+)
Comment 2 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2023-03-22 01:22:37 UTC
The summary has to have the first fixed versions in tree which makes it hard to express quick regressions like this.
Comment 3 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-05-23 04:21:05 UTC
("[stable]" itself indicates stablereq is in progress)
Comment 4 Larry the Git Cow gentoo-dev 2024-01-09 14:24:38 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=40f0aeee0d9ab31c81a869f258821733048f7423

commit 40f0aeee0d9ab31c81a869f258821733048f7423
Author:     Petr Vaněk <arkamar@gentoo.org>
AuthorDate: 2024-01-09 14:12:04 +0000
Commit:     Petr Vaněk <arkamar@gentoo.org>
CommitDate: 2024-01-09 14:23:54 +0000

    dev-db/redis: drop versions
    
    This commit drops most of vulnerable versions, however, security
    cleanups are still blocked because of 7.0.5 which is the last stable
    version for arm.
    
    Bug: https://bugs.gentoo.org/891169
    Bug: https://bugs.gentoo.org/898464
    Bug: https://bugs.gentoo.org/902501
    Bug: https://bugs.gentoo.org/904486
    Bug: https://bugs.gentoo.org/910191
    Bug: https://bugs.gentoo.org/913741
    Bug: https://bugs.gentoo.org/915989
    Bug: https://bugs.gentoo.org/921662
    Signed-off-by: Petr Vaněk <arkamar@gentoo.org>

 dev-db/redis/Manifest                              |   7 -
 dev-db/redis/files/redis-6.2.7-cve-2022-3647.patch | 173 ------------------
 dev-db/redis/redis-6.2.11.ebuild                   | 195 --------------------
 dev-db/redis/redis-6.2.13.ebuild                   | 195 --------------------
 dev-db/redis/redis-6.2.7-r2.ebuild                 | 198 --------------------
 dev-db/redis/redis-7.0.12.ebuild                   | 187 -------------------
 dev-db/redis/redis-7.0.13.ebuild                   | 187 -------------------
 dev-db/redis/redis-7.0.9.ebuild                    | 187 -------------------
 dev-db/redis/redis-7.2.2.ebuild                    | 200 ---------------------
 9 files changed, 1529 deletions(-)
Comment 5 Larry the Git Cow gentoo-dev 2024-01-10 10:18:09 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3a7e6b8769400cbbd7e4f3161d8c7dfdd62af8af

commit 3a7e6b8769400cbbd7e4f3161d8c7dfdd62af8af
Author:     Petr Vaněk <arkamar@gentoo.org>
AuthorDate: 2024-01-10 10:05:04 +0000
Commit:     Petr Vaněk <arkamar@gentoo.org>
CommitDate: 2024-01-10 10:16:11 +0000

    dev-db/redis: destabilize 7.0.5-r1 for ~arm
    
    Dropping the stable keyword for arm architecture due to a lack of
    security stabilization for over a year.
    
    Bug: https://bugs.gentoo.org/891169
    Bug: https://bugs.gentoo.org/898464
    Bug: https://bugs.gentoo.org/902501
    Bug: https://bugs.gentoo.org/904486
    Bug: https://bugs.gentoo.org/910191
    Bug: https://bugs.gentoo.org/913741
    Bug: https://bugs.gentoo.org/915548#c6
    Bug: https://bugs.gentoo.org/915989
    Bug: https://bugs.gentoo.org/918847
    Bug: https://bugs.gentoo.org/921662
    Signed-off-by: Petr Vaněk <arkamar@gentoo.org>

 dev-db/redis/redis-7.0.5-r1.ebuild        | 4 ++--
 profiles/arch/arm/package.use.stable.mask | 2 ++
 2 files changed, 4 insertions(+), 2 deletions(-)
Comment 6 Larry the Git Cow gentoo-dev 2024-01-10 12:28:19 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8942d96c5ff1a45db0922d9e5e4403b050494bf6

commit 8942d96c5ff1a45db0922d9e5e4403b050494bf6
Author:     Petr Vaněk <arkamar@gentoo.org>
AuthorDate: 2024-01-10 12:25:59 +0000
Commit:     Petr Vaněk <arkamar@gentoo.org>
CommitDate: 2024-01-10 12:27:32 +0000

    dev-db/redis: drop 7.0.5-r1
    
    Bug: https://bugs.gentoo.org/891169
    Bug: https://bugs.gentoo.org/898464
    Bug: https://bugs.gentoo.org/902501
    Bug: https://bugs.gentoo.org/904486
    Bug: https://bugs.gentoo.org/910191
    Bug: https://bugs.gentoo.org/913741
    Bug: https://bugs.gentoo.org/915989
    Bug: https://bugs.gentoo.org/921662
    Signed-off-by: Petr Vaněk <arkamar@gentoo.org>

 dev-db/redis/Manifest                              |   1 -
 .../files/redis-7.0.4-replica-tests-fix.patch      |  61 -------
 dev-db/redis/files/redis-7.0.5-cve-2022-3647.patch | 173 -------------------
 dev-db/redis/redis-7.0.5-r1.ebuild                 | 191 ---------------------
 4 files changed, 426 deletions(-)
Comment 7 Larry the Git Cow gentoo-dev 2024-08-07 06:33:30 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=bbba9c645e3767933f8d769ab743fca8728487ab

commit bbba9c645e3767933f8d769ab743fca8728487ab
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2024-08-07 06:33:13 +0000
Commit:     Hans de Graaff <graaff@gentoo.org>
CommitDate: 2024-08-07 06:33:27 +0000

    [ GLSA 202408-05 ] Redis: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/891169
    Bug: https://bugs.gentoo.org/898464
    Bug: https://bugs.gentoo.org/902501
    Bug: https://bugs.gentoo.org/904486
    Bug: https://bugs.gentoo.org/910191
    Bug: https://bugs.gentoo.org/913741
    Bug: https://bugs.gentoo.org/915989
    Bug: https://bugs.gentoo.org/921662
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Hans de Graaff <graaff@gentoo.org>

 glsa-202408-05.xml | 59 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 59 insertions(+)