[SECURITY] [DLA 2083-1] hiredis security update

2020-01-2913:24:30

lists.debian.org

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.6

Confidence

High

EPSS

0.003

Percentile

71.8%

JSON

Package : hiredis
Version : 0.11.0-4+deb8u1
CVE ID : CVE-2020-7105
Debian Bug : #949995

It was discovered that there were a large number of NULL pointer
dereferences due to unchecked return values from malloc and friends
in hiredis, a minimalistic C client library.

For Debian 8 "Jessie", these issue have been fixed in hiredis version
0.11.0-4+deb8u1.

We recommend that you upgrade your hiredis packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

Regards,

  ,&#x27;&#x27;`.
 : :&#x27;  :     Chris Lamb
 `. `&#x27;`      [email protected] / chris-lamb.co.uk
   `-

OSVersionArchitecturePackageVersionFilename
Debian8allhiredis< 0.11.0-4+deb8u1hiredis_0.11.0-4+deb8u1_all.deb
Debian8armellibhiredis-dbg< 0.11.0-4+deb8u1libhiredis-dbg_0.11.0-4+deb8u1_armel.deb
Debian8amd64libhiredis0.10< 0.11.0-4+deb8u1libhiredis0.10_0.11.0-4+deb8u1_amd64.deb
Debian8i386libhiredis-dbg< 0.11.0-4+deb8u1libhiredis-dbg_0.11.0-4+deb8u1_i386.deb
Debian8armellibhiredis0.10< 0.11.0-4+deb8u1libhiredis0.10_0.11.0-4+deb8u1_armel.deb
Debian8amd64libhiredis-dbg< 0.11.0-4+deb8u1libhiredis-dbg_0.11.0-4+deb8u1_amd64.deb
Debian8armhflibhiredis-dbg< 0.11.0-4+deb8u1libhiredis-dbg_0.11.0-4+deb8u1_armhf.deb
Debian8i386libhiredis-dev< 0.11.0-4+deb8u1libhiredis-dev_0.11.0-4+deb8u1_i386.deb
Debian8amd64libhiredis-dev< 0.11.0-4+deb8u1libhiredis-dev_0.11.0-4+deb8u1_amd64.deb
Debian8armhflibhiredis0.10< 0.11.0-4+deb8u1libhiredis0.10_0.11.0-4+deb8u1_armhf.deb

OS	Version	Architecture	Package	Version	Filename
Debian	8	all	hiredis	< 0.11.0-4+deb8u1	hiredis_0.11.0-4+deb8u1_all.deb
Debian	8	armel	libhiredis-dbg	< 0.11.0-4+deb8u1	libhiredis-dbg_0.11.0-4+deb8u1_armel.deb
Debian	8	amd64	libhiredis0.10	< 0.11.0-4+deb8u1	libhiredis0.10_0.11.0-4+deb8u1_amd64.deb
Debian	8	i386	libhiredis-dbg	< 0.11.0-4+deb8u1	libhiredis-dbg_0.11.0-4+deb8u1_i386.deb
Debian	8	armel	libhiredis0.10	< 0.11.0-4+deb8u1	libhiredis0.10_0.11.0-4+deb8u1_armel.deb
Debian	8	amd64	libhiredis-dbg	< 0.11.0-4+deb8u1	libhiredis-dbg_0.11.0-4+deb8u1_amd64.deb
Debian	8	armhf	libhiredis-dbg	< 0.11.0-4+deb8u1	libhiredis-dbg_0.11.0-4+deb8u1_armhf.deb
Debian	8	i386	libhiredis-dev	< 0.11.0-4+deb8u1	libhiredis-dev_0.11.0-4+deb8u1_i386.deb
Debian	8	amd64	libhiredis-dev	< 0.11.0-4+deb8u1	libhiredis-dev_0.11.0-4+deb8u1_amd64.deb
Debian	8	armhf	libhiredis0.10	< 0.11.0-4+deb8u1	libhiredis0.10_0.11.0-4+deb8u1_armhf.deb