redis: fix CVE-2021-29478 - linux/meta-openembedded.git - Mirror of git.openembedded.org/meta-openembedded

diff options

author	Tony Tascioglu <tony.tascioglu@windriver.com>	2021-07-16 11:47:33 -0700
committer	Armin Kuster <akuster808@gmail.com>	2021-07-17 16:14:06 -0700
commit	ffb3fbb6fec1ba31192b1b54a25fbf75e904f6b4 (patch)
tree	3a2c98613216056c46e045dbefaea9c724303eab /meta-python/recipes-devtools/python/python3-pillow/0001-Use-snprintf-instead-of-sprintf.patch
parent	5865a7684755011d45c4f51d4227851c641d9eea (diff)
download	meta-openembedded-ffb3fbb6fec1ba31192b1b54a25fbf75e904f6b4.tar.gz

redis: fix CVE-2021-29478

This patch backports the fix for CVE-2021-29478 CVE: CVE-2021-29478 Upstream-Status: Backport [https://github.com/redis/redis/commit/29900d4e6bccdf3691bedf0ea9a5d84863fa3592] An integer overflow bug in Redis 6.2 could be exploited to corrupt the heap and potentially result with remote code execution. The vulnerability involves changing the default set-max-intset-entries configuration value, creating a large set key that consists of integer values and using the COPY command to duplicate it. The integer overflow bug exists in all versions of Redis starting with 2.6, where it could result with a corrupted RDB or DUMP payload, but not exploited through COPY (which did not exist before 6.2). Signed-off-by: Tony Tascioglu <tony.tascioglu@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>

Diffstat (limited to 'meta-python/recipes-devtools/python/python3-pillow/0001-Use-snprintf-instead-of-sprintf.patch')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: