Bug 1097768 - (CVE-2018-11219) VUL-0: CVE-2018-11219: redis: Integer overflow in lua_struct.c:b_unpack()
(CVE-2018-11219)
VUL-0: CVE-2018-11219: redis: Integer overflow in lua_struct.c:b_unpack()
Status: RESOLVED DUPLICATE of bug 1097430
Classification: openSUSE
Product: openSUSE Distribution
Classification: openSUSE
Component: Security
Leap 42.3
Other Other
: P5 - None : Normal (vote)
: ---
Assigned To: Илья Индиго
Security Team bot
https://smash.suse.de/issue/208031/
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2018-06-15 06:06 UTC by Alexander Bergmann
Modified: 2019-03-27 08:03 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Bergmann 2018-06-15 06:06:54 UTC
rh#1590062

Redis is vulnerable to an integer overflow in the lua_struct.c:b_unpack() function. A remote attacker could exploit this to cause a denial of service or have other unspecified impact.

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1590062
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11219
Comment 2 Swamp Workflow Management 2018-06-23 01:09:04 UTC
openSUSE-SU-2018:1794-1: An update that fixes two vulnerabilities is now available.

Category: security (important)
Bug References: 1097430,1097768
CVE References: CVE-2018-11218,CVE-2018-11219
Sources used:
SUSE Package Hub for SUSE Linux Enterprise 12 (src):    redis-4.0.10-15.1
Comment 3 Swamp Workflow Management 2018-06-23 01:13:35 UTC
openSUSE-SU-2018:1802-1: An update that fixes two vulnerabilities is now available.

Category: security (important)
Bug References: 1097430,1097768
CVE References: CVE-2018-11218,CVE-2018-11219
Sources used:
openSUSE Leap 42.3 (src):    redis-4.0.10-17.1
openSUSE Leap 15.0 (src):    redis-4.0.10-lp150.3.3.1