-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: rh-redis5-redis security update Advisory ID: RHSA-2019:1819-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2019:1819 Issue date: 2019-07-22 CVE Names: CVE-2019-10192 CVE-2019-10193 ===================================================================== 1. Summary: An update for rh-redis5-redis is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, or by appending each command to a log. Security Fix(es): * redis: Heap buffer overflow in HyperLogLog triggered by malicious client (CVE-2019-10192) * redis: Stack buffer overflow in HyperLogLog triggered by malicious client (CVE-2019-10193) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1723918 - CVE-2019-10192 redis: Heap buffer overflow in HyperLogLog triggered by malicious client 1727668 - CVE-2019-10193 redis: Stack buffer overflow in HyperLogLog triggered by malicious client 6. Package List: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: rh-redis5-redis-5.0.5-1.el7.src.rpm aarch64: rh-redis5-redis-5.0.5-1.el7.aarch64.rpm rh-redis5-redis-debuginfo-5.0.5-1.el7.aarch64.rpm ppc64le: rh-redis5-redis-5.0.5-1.el7.ppc64le.rpm rh-redis5-redis-debuginfo-5.0.5-1.el7.ppc64le.rpm s390x: rh-redis5-redis-5.0.5-1.el7.s390x.rpm rh-redis5-redis-debuginfo-5.0.5-1.el7.s390x.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: rh-redis5-redis-5.0.5-1.el7.src.rpm aarch64: rh-redis5-redis-5.0.5-1.el7.aarch64.rpm rh-redis5-redis-debuginfo-5.0.5-1.el7.aarch64.rpm ppc64le: rh-redis5-redis-5.0.5-1.el7.ppc64le.rpm rh-redis5-redis-debuginfo-5.0.5-1.el7.ppc64le.rpm s390x: rh-redis5-redis-5.0.5-1.el7.s390x.rpm rh-redis5-redis-debuginfo-5.0.5-1.el7.s390x.rpm x86_64: rh-redis5-redis-5.0.5-1.el7.x86_64.rpm rh-redis5-redis-debuginfo-5.0.5-1.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4): Source: rh-redis5-redis-5.0.5-1.el7.src.rpm ppc64le: rh-redis5-redis-5.0.5-1.el7.ppc64le.rpm rh-redis5-redis-debuginfo-5.0.5-1.el7.ppc64le.rpm s390x: rh-redis5-redis-5.0.5-1.el7.s390x.rpm rh-redis5-redis-debuginfo-5.0.5-1.el7.s390x.rpm x86_64: rh-redis5-redis-5.0.5-1.el7.x86_64.rpm rh-redis5-redis-debuginfo-5.0.5-1.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5): Source: rh-redis5-redis-5.0.5-1.el7.src.rpm ppc64le: rh-redis5-redis-5.0.5-1.el7.ppc64le.rpm rh-redis5-redis-debuginfo-5.0.5-1.el7.ppc64le.rpm s390x: rh-redis5-redis-5.0.5-1.el7.s390x.rpm rh-redis5-redis-debuginfo-5.0.5-1.el7.s390x.rpm x86_64: rh-redis5-redis-5.0.5-1.el7.x86_64.rpm rh-redis5-redis-debuginfo-5.0.5-1.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6): Source: rh-redis5-redis-5.0.5-1.el7.src.rpm ppc64le: rh-redis5-redis-5.0.5-1.el7.ppc64le.rpm rh-redis5-redis-debuginfo-5.0.5-1.el7.ppc64le.rpm s390x: rh-redis5-redis-5.0.5-1.el7.s390x.rpm rh-redis5-redis-debuginfo-5.0.5-1.el7.s390x.rpm x86_64: rh-redis5-redis-5.0.5-1.el7.x86_64.rpm rh-redis5-redis-debuginfo-5.0.5-1.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7): Source: rh-redis5-redis-5.0.5-1.el7.src.rpm x86_64: rh-redis5-redis-5.0.5-1.el7.x86_64.rpm rh-redis5-redis-debuginfo-5.0.5-1.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2019-10192 https://access.redhat.com/security/cve/CVE-2019-10193 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXTW7itzjgjWX9erEAQiUvxAAmmdUt0quw005/zX0pUcRY/XUEq6/HrGR 5O0GHNDMJGZ/cURONp/Mwc58+rWEDjvrwMqokmMrAjQ+u9Smdo5OoIkT98Cu0Orl JBBPWRpJw8yTFTFkv+jke62n16JUuLMho9O4Q6LDJd+akFwgEnbn3wKg/3FEAdP0 K5eUH9cBYo/Rpdoz4sP0HqT3U1iz8nI6kYDFKg2PEaAxgvj/X86BI1Rs178oB+Xl ypTCVRGqtgZhAmvkKa1cxSZXIzQ+uvrpuypFLQ0CYzBWd/jQMupOHIpb0d4VlRC4 WWNQ2QwTP6jkvKm61zP8NJaSclXWBu1tV4+g4u8aTRZvOLmN56ROR6/8GR30vrgF fQjjl6rHbLGiSlUAKJAx1SAcZTk6XF5Am/wVNVKMm07Udymu/DeAQljOmuPh5L6Z 6nXkohGZCs2wmoV7pPxxZcOUGJ1QMTKgHJkbOKbihaA6+semBHCjySvC2xdZPj2x +nmpN/NN/d8jRxIqnGajnxOxpT0n6nQIYiVK2pAjrwUtWKePfQX+2vVwxblRnYQk oFAjRuaGmaeCDdJhJw9pROyeEOZbf+vuuM5p8zy6J7lZ779zJnG8X503qZpT54DW wvWyKMsbEia9NEwMuGlCxCNGY6ozWm+Q+nzcCnLusHAQ66/z/uVZP0JSHMl5Xf60 zPOxNH/SXPU= =afHN -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce