| Package | redis |
|---|---|
| Version | 2:2.8.17-1+deb8u9 |
| Related CVEs | CVE-2021-32672 CVE-2021-32687 CVE-2021-32675 CVE-2021-32626 |
A number of vulnerabilities were discovered in Redis, a popular key/value database:
-
CVE-2021-32672: Random heap reading issue with Lua Debugger.
-
CVE-2021-32687: Integer to heap buffer overflow with intsets, when set-max-intset-entries is manually configured to a non-default, very large value.
-
CVE-2021-32675: Denial Of Service when processing RESP request payloads with a large number of elements on many connections.
-
CVE-2021-32626: Specially crafted Lua scripts may result with Heap buffer overflow.
For Debian 8 Jessie, these problems have been fixed in version 2:2.8.17-1+deb8u9.
We recommend that you upgrade your redis packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.