Hide Forgot
Redis is vulnerable to an integer overflow in the lua_struct.c:b_unpack() function. A remote attacker could exploit this to cause a denial of service or have other unspecified impact.
External References: http://antirez.com/news/119
Created redis tracking bugs for this issue: Affects: epel-all [bug 1591538] Affects: fedora-all [bug 1591540]
We already have 4.0.10
Patches: https://github.com/antirez/redis/commit/1eb08bcd4634ae42ec45e8284923ac048beaa4c3 https://github.com/antirez/redis/commit/e89086e09a38cc6713bcd4b9c29abf92cf393936
This issue has been addressed in the following products: Red Hat OpenStack Platform 10.0 (Newton) Via RHSA-2019:0052 https://access.redhat.com/errata/RHSA-2019:0052
This issue has been addressed in the following products: Red Hat OpenStack Platform 13.0 (Queens) Via RHSA-2019:0094 https://access.redhat.com/errata/RHSA-2019:0094
This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS Red Hat Software Collections for Red Hat Enterprise Linux 6 Via RHSA-2019:1860 https://access.redhat.com/errata/RHSA-2019:1860