Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2018.1869 Security update for redis comes to Debian 8 27 June 2018 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: redis Publisher: Debian Operating System: Debian GNU/Linux 8 Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Increased Privileges -- Existing Account Denial of Service -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2018-12326 CVE-2018-11219 CVE-2018-11218 Reference: ESB-2018.1850 ESB-2018.1779 Original Bulletin: https://lists.debian.org/debian-lts-announce/2018/06/msg00003.html - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Package : redis Version : 2:2.8.17-1+deb8u6 CVE IDs : CVE-2018-11218, CVE-2018-11219, CVE-2018-12326 Debian Bugs : #901495, #902410 It was discovered that there were a number of vulnerabilities in redis, a persistent key-value database: * CVE-2018-11218, CVE-2018-11219: Multiple heap corruption and integer overflow vulnerabilities. (#901495) * CVE-2018-12326: Buffer overflow in the "redis-cli" tool which could have allowed an attacker to achieve code execution and/or escalate to higher privileges via a crafted command line. (#902410) For Debian 8 "Jessie", these issues have been fixed in redis version 2:2.8.17-1+deb8u6. We recommend that you upgrade your redis packages. Regards, - - -- ,''`. : :' : Chris Lamb `. `'` lamby@debian.org / chris-lamb.co.uk `- - -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlsyXmMACgkQHpU+J9Qx HlhQcw/+OjWmtgY+7YwyUfmK02qmx/4xmt6xhzX4Lxh7cPMn6J8VUkz4pAUYnQnV 12nhOR2Ts0dAchRet2GLqJ/3unLahUZRWYgbl20XRswmOHobAaxELRn+o2J/T3m9 4swLrY2PtnAQ7zZWuK1/ePiWALn5F06ITpjG2f+UNCa3L7aYn6VExgeKVIgk8LuX Fq3zUHNQPQjb924frZ/kn0+iUDpPwGHCkDtzWtltNBgsFSM0FVbTh6MJfXrsagT6 d+jKKrc+gDGb2WZiq7VANQ4Wx1DxFA3HBcLobjOBB/I4Zq3XRmMXTuibvRHv2xqk HwUKSy87CByEn76HuHZfo9hmtX1RB2lqpq4KQ87I4E0dBKtIEyBFjSv7Mr/NOP7Q /FUFZegHWM9WomFbqjbe2Ga18KRV7KFQAiN2iE5QyRVUgI1YK8K7z2KbAiGBcdsU uV6dZonuRwxWj0mz3A3HYMaIuP/u+KMdPpVpGmuq4cqA6VozeWbSelasK9zEaZah E94HA+aDiVfNCceTCq69uPZlJKHCDDb3OLbAv+BeDT2+GkNCdZ64GdTCxOw9BCMy S+0m+/sxcZBHjD2WNyfK20Z3++ZL3mMb47yENE8wB0OOf8ZItxTANUcZYL8rvsC5 hB34DVoEkrGJWF7d7fKgEbZRV/gZB5IZNBmPqNkxVgbteULnJcE= =19rh - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBWzMLGWaOgq3Tt24GAQj5cQ/+I3FnST5BxJ85MCxTTXQ/GbFSzu/iGM+7 BydxnQZyhQLHjGnXQWlyso/ouH+f4UEhFY2sMub2P68s1a5dqG8+q332oKrSqVXE mmjbCe3olIccslNMfXitSviskLWXBb6bTJAv3aK2Ba3pecI4KW0iNPNuDH63Kcvl 78OsoXVH+HCWJqEQvMjiejhOSNAgzDJI+1GisCdMUqqDt63RQGtnNWxC+qvrM2ta g6Fq7fhqarAEoOBJms7QPmFa5TTbl7hKTE35rufXxdXRSsbCMVgwyxvrWrsBFHXa 02VQ9tMlKtdNIB/GA7C0iGpzI3sXM+iS5I4fCUEXHPA9D2GVGAOGlvuPMTsRJN54 S5wxN/tux/WtYf14d/8/RaIioFovw0E3KGOjNmpkB2YZ5hAjGRwdXse5ywtmWiGc lORL9gWwPLuqA8c7KTgQuyrAhcNUrud98dIiPS5WZV8AeoKka1+DPT4bBON31xSn tdmIS+wezOxu2lquBC172Ah9JjL0Wz0ew+zRjfqLRPHD6IVtqateXBKQ/Vh3UpEJ LQj/fkdm0S0fRdPu1qUUFry2wl3Xyp58kJOXkpcrDq2CG2t3jvGh6k/zCzG+17NM e326bA8CHdf84N8h8DHN5iGd9pLzEXi4ZX+Ms/msRFuxOOWv8JjHZL3wSgOzGjgx SLtRw7gEBCY= =Bx+R -----END PGP SIGNATURE-----