-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Package : redis Version : 2:2.8.17-1+deb8u6 CVE IDs : CVE-2018-11218, CVE-2018-11219, CVE-2018-12326 Debian Bugs : #901495, #902410
It was discovered that there were a number of vulnerabilities in redis, a persistent key-value database: * CVE-2018-11218, CVE-2018-11219: Multiple heap corruption and integer overflow vulnerabilities. (#901495) * CVE-2018-12326: Buffer overflow in the "redis-cli" tool which could have allowed an attacker to achieve code execution and/or escalate to higher privileges via a crafted command line. (#902410) For Debian 8 "Jessie", these issues have been fixed in redis version 2:2.8.17-1+deb8u6. We recommend that you upgrade your redis packages. Regards, - -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `- -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlsyXmMACgkQHpU+J9Qx HlhQcw/+OjWmtgY+7YwyUfmK02qmx/4xmt6xhzX4Lxh7cPMn6J8VUkz4pAUYnQnV 12nhOR2Ts0dAchRet2GLqJ/3unLahUZRWYgbl20XRswmOHobAaxELRn+o2J/T3m9 4swLrY2PtnAQ7zZWuK1/ePiWALn5F06ITpjG2f+UNCa3L7aYn6VExgeKVIgk8LuX Fq3zUHNQPQjb924frZ/kn0+iUDpPwGHCkDtzWtltNBgsFSM0FVbTh6MJfXrsagT6 d+jKKrc+gDGb2WZiq7VANQ4Wx1DxFA3HBcLobjOBB/I4Zq3XRmMXTuibvRHv2xqk HwUKSy87CByEn76HuHZfo9hmtX1RB2lqpq4KQ87I4E0dBKtIEyBFjSv7Mr/NOP7Q /FUFZegHWM9WomFbqjbe2Ga18KRV7KFQAiN2iE5QyRVUgI1YK8K7z2KbAiGBcdsU uV6dZonuRwxWj0mz3A3HYMaIuP/u+KMdPpVpGmuq4cqA6VozeWbSelasK9zEaZah E94HA+aDiVfNCceTCq69uPZlJKHCDDb3OLbAv+BeDT2+GkNCdZ64GdTCxOw9BCMy S+0m+/sxcZBHjD2WNyfK20Z3++ZL3mMb47yENE8wB0OOf8ZItxTANUcZYL8rvsC5 hB34DVoEkrGJWF7d7fKgEbZRV/gZB5IZNBmPqNkxVgbteULnJcE= =19rh -----END PGP SIGNATURE-----