-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Package : redis Version : 2:2.4.14-1+deb7u2 CVE ID : CVE-2016-1051
It was discovered that there was a "Cross Protocol Scripting" attack in the Redis key-value database. "POST" and "Host:" command strings (which are not valid in the Redis protocol) were not immediately rejected when an attacker makes HTTP request to the Redis TCP port. For Debian 7 "Wheezy", this issue has been fixed in redis version 2:2.4.14-1+deb7u2. We recommend that you upgrade your redis packages. Regards, - -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `- -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAln/OqEACgkQHpU+J9Qx Hlir3A/7Bl3qthLmd/DSpLY1Xfm6C646oDlXeDwdyrFnpc79W3J8n2oCZ0REpKLe tztDLWXBefEHsO3ETMZsZM5q/9zexMT5GFkw06txYWqbApfDMTAwQQ43n9FWGZyD pyS3VlKGh9RmDM7aaD/EVGjlZQWCrxX1nO56o9hGWvEzCRO2sRCRfc8hKRhgdLBt xgNqWMK0aSWVzRmyt64NZ5CEG79/Az6MUqXVeHHkS2aJFKsIWuncsnuuz1V57omm Z5I293uuoJquHy+Clzgfyz0QGixBCeQ2Xo4nTuRuifbTthSctocJSoZu4PGpVlpr xK7peIMa6fqaf5efxu/auP+Tb2aDB97vjqUSaUIJC4ecj2XRjvHE8iW3/q++2b4s PCChyGfLIQPbJAn/ykbrpJ8jQnpGcxLBHIDuykT33ttbV0mt/cCB2I4W/Au919cN YmHUZDElzQbT4qqIzkQKPLhykFgfUUtuznGoUg5PTePG5d/efWo3cjJhQY85Bgb/ xEKip9GjAk5uH0CNW8n7SwdBhfXVkJB0Oq79TdlcF39lWyWMn6zF8IOxGlR9A0Ut pVl4B9wXmosWKCRKrCRDM+UYW32FD5DpFayC1bscqbR8Po4Vlkrrj5T3vvquZLX5 jJ0/wgu1tDq9V24nIHFTfhHZ6+Lwa1vkSW9ozDUXYmY7qsOov+8= =4T+c -----END PGP SIGNATURE-----