redis: fix CVE-2024-46981 - linux/meta-openembedded.git - Mirror of git.openembedded.org/meta-openembedded

diff options

author	Divya Chellam <divya.chellam@windriver.com>	2025-02-04 12:25:27 +0000
committer	Armin Kuster <akuster808@gmail.com>	2025-02-09 07:55:20 -0800
commit	d9340d705d8f01beb4e935dbdc20ddfde98e784b (patch)
tree	8f7f7f42f34e81355b11f14368ff05fd5ece691e /meta-python/recipes-devtools/python/python-numeric/0001-it-tries-to-define-this-function-differently-than-it.patch
parent	654ba2447cd14b4998edb63dc3722efb8d78fd56 (diff)
download	meta-openembedded-d9340d705d8f01beb4e935dbdc20ddfde98e784b.tar.gz

redis: fix CVE-2024-46981

Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to manipulate the garbage collector and potentially lead to remote code execution. The problem is fixed in 7.4.2, 7.2.7, and 6.2.17. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from executing Lua scripts. This can be done using ACL to restrict EVAL and EVALSHA commands. Reference: https://nvd.nist.gov/vuln/detail/CVE-2024-46981 Upstream-patch: https://github.com/redis/redis/commit/e344b2b5879aa52870e6838212dfb78b7968fcbf Signed-off-by: Divya Chellam <divya.chellam@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>

Diffstat (limited to 'meta-python/recipes-devtools/python/python-numeric/0001-it-tries-to-define-this-function-differently-than-it.patch')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: