Details: https://nvd.nist.gov/vuln/detail/CVE-2025-27151
In redis 7 this is already patched[1], and the recipe contains the fix. For redis 6 backport the relevant patch (which is referenced in the nvd report) [1]: https://github.com/redis/redis/commit/d0eeee6e31f0fefb510007a8cfdf5dce729a8be9 Signed-off-by: Gyorgy Sarvari <[email protected]> --- .../redis/redis/CVE-2025-27151.patch | 32 +++++++++++++++++++ .../recipes-extended/redis/redis_6.2.21.bb | 3 +- .../recipes-extended/redis/redis_7.2.12.bb | 1 + 3 files changed, 35 insertions(+), 1 deletion(-) create mode 100644 meta-oe/recipes-extended/redis/redis/CVE-2025-27151.patch diff --git a/meta-oe/recipes-extended/redis/redis/CVE-2025-27151.patch b/meta-oe/recipes-extended/redis/redis/CVE-2025-27151.patch new file mode 100644 index 0000000000..ccd56ea8a8 --- /dev/null +++ b/meta-oe/recipes-extended/redis/redis/CVE-2025-27151.patch @@ -0,0 +1,32 @@ +From 845233cecd6327a20957a97b78e61bccaaa652f7 Mon Sep 17 00:00:00 2001 +From: YaacovHazan <[email protected]> +Date: Tue, 27 May 2025 10:23:27 +0300 +Subject: [PATCH] Check length of AOF file name in redis-check-aof + (CVE-2025-27151) + +Ensure that the length of the input file name does not exceed PATH_MAX + +CVE: CVE-2025-27151 +Upstream-Status: Backport [https://github.com/redis/redis/commit/d0eeee6e31f0fefb510007a8cfdf5dce729a8be9] +Signed-off-by: Gyorgy Sarvari <[email protected]> +--- + src/redis-check-aof.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/src/redis-check-aof.c b/src/redis-check-aof.c +index 1507e0a..3961ac5 100644 +--- a/src/redis-check-aof.c ++++ b/src/redis-check-aof.c +@@ -164,6 +164,12 @@ int redis_check_aof_main(int argc, char **argv) { + exit(1); + } + ++ /* Check if filepath is longer than PATH_MAX */ ++ if (strlen(filename) > PATH_MAX) { ++ printf("Error: filename is too long (exceeds PATH_MAX)\n"); ++ exit(1); ++ } ++ + FILE *fp = fopen(filename,"r+"); + if (fp == NULL) { + printf("Cannot open file: %s\n", filename); diff --git a/meta-oe/recipes-extended/redis/redis_6.2.21.bb b/meta-oe/recipes-extended/redis/redis_6.2.21.bb index efa8677e76..d23d3c07c6 100644 --- a/meta-oe/recipes-extended/redis/redis_6.2.21.bb +++ b/meta-oe/recipes-extended/redis/redis_6.2.21.bb @@ -16,7 +16,8 @@ SRC_URI = "http://download.redis.io/releases/${BP}.tar.gz \ file://0004-src-Do-not-reset-FINAL_LIBS.patch \ file://0005-Define-_GNU_SOURCE-to-get-PTHREAD_MUTEX_INITIALIZER.patch \ file://0006-Define-correct-gregs-for-RISCV32.patch \ - " + file://CVE-2025-27151.patch \ + " SRC_URI[sha256sum] = "6383b32ba8d246f41bbbb83663381f5a5f4c4713235433cec22fc4a47e9b6d5f" diff --git a/meta-oe/recipes-extended/redis/redis_7.2.12.bb b/meta-oe/recipes-extended/redis/redis_7.2.12.bb index cd2be6f27e..efbe86b358 100644 --- a/meta-oe/recipes-extended/redis/redis_7.2.12.bb +++ b/meta-oe/recipes-extended/redis/redis_7.2.12.bb @@ -71,3 +71,4 @@ SYSTEMD_SERVICE:${PN} = "redis.service" CVE_STATUS[CVE-2022-3734] = "not-applicable-platform: CVE only applies for Windows." CVE_STATUS[CVE-2022-0543] = "not-applicable-config: the vulnerability is not present in upstream, only in Debian-packaged versions" +CVE_STATUS[CVE-2025-27151] = "fixed-version: the used version(7.2.12) contains the fix"
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#122186): https://lists.openembedded.org/g/openembedded-devel/message/122186 Mute This Topic: https://lists.openembedded.org/mt/116544458/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
