[3.7] redis: Multiples vulnerabilities (CVE-2018-11218, CVE-2018-11219)
CVE-2018-11218: Memory Corruption was discovered in the cmsgpack library
in the Lua subsystem in Redis
before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2 because of
stack-based buffer overflows.
References:
https://github.com/antirez/redis/issues/5017
http://antirez.com/news/119
CVE-2018-11219: An Integer Overflow issue was discovered in the struct
library in the Lua subsystem in Redis
before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2, leading to a
failure of bounds checking.
References:
https://github.com/antirez/redis/issues/5017
http://antirez.com/news/119
(from redmine: issue id 9021, created on 2018-06-19, closed on 2018-06-21)
- Relations:
- copied_to #9020 (closed)
- parent #9020 (closed)
- Changesets:
- Revision ac61833f by Natanael Copa on 2018-06-19T10:11:47Z:
main/redis: security upgrade to 4.0.10 (CVE-2018-11218,CVE-2018-11219)
fixes #9021