Debian Security Advisory
DLA-1396-1 redis -- LTS security update
- Date Reported:
- 26 Jun 2018
- Affected Packages:
- redis
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-2018-11218, CVE-2018-11219, CVE-2018-12326.
- More information:
-
It was discovered that there were a number of vulnerabilities in redis, a persistent key-value database:
- CVE-2018-11218 /
CVE-2018-11219
Multiple heap corruption and integer overflow vulnerabilities. (#901495)
- CVE-2018-12326
Buffer overflow in the "redis-cli" tool which could have allowed an attacker to achieve code execution and/or escalate to higher privileges via a crafted command line. (#902410)
For Debian 8
Jessie
, these issues have been fixed in redis version 2:2.8.17-1+deb8u6.We recommend that you upgrade your redis packages.
- CVE-2018-11218 /
CVE-2018-11219