redis: fix CVE-2024-31449 - linux/meta-openembedded.git - Mirror of git.openembedded.org/meta-openembedded

diff options

author	Divya Chellam <divya.chellam@windriver.com>	2025-01-31 12:51:00 +0000
committer	Armin Kuster <akuster808@gmail.com>	2025-02-09 07:55:17 -0800
commit	654ba2447cd14b4998edb63dc3722efb8d78fd56 (patch)
tree	f72629d79dcff74153424be0946a031f6c7ace07 /meta-python/recipes-devtools/python/python-numeric/0001-it-tries-to-define-this-function-differently-than-it.patch
parent	42df84dcf334714336fe90fa92d59f7786802a39 (diff)
download	meta-openembedded-654ba2447cd14b4998edb63dc3722efb8d78fd56.tar.gz

redis: fix CVE-2024-31449

Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to trigger a stack buffer overflow in the bit library, which may potentially lead to remote code execution. The problem exists in all versions of Redis with Lua scripting. This problem has been fixed in Redis versions 6.2.16, 7.2.6, and 7.4.1. Users are advised to upgrade. There are no known workarounds for this vulnerability. Reference: https://nvd.nist.gov/vuln/detail/CVE-2024-31449 Upstream-patches: https://github.com/redis/redis/commit/1f7c148be2cbacf7d50aa461c58b871e87cc5ed9 https://github.com/redis/redis/commit/fe8de4313f85e0f8af2eff1f78b52cfe56fb4c71 Signed-off-by: Divya Chellam <divya.chellam@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>

Diffstat (limited to 'meta-python/recipes-devtools/python/python-numeric/0001-it-tries-to-define-this-function-differently-than-it.patch')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: