ALSA-2022:8096 Low: redis security and bug fix update

Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, ...

Low: redis security and bug fix update

Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, ...

AlmaLinux 8 : redis:6 (ALSA-2022:7541)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:7541 advisory. redis: Code injection via Lua script execution environment CVE-2022-24735 redis: Malformed Lua script can crash Redis CVE-2022-24736 Tenable has extracted...

CentOS 8 : redis:6 (CESA-2022:7541)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2022:7541 advisory. - redis: Code injection via Lua script execution environment CVE-2022-24735 - redis: Malformed Lua script can crash Redis CVE-2022-24736 Note that Ness...

httpd: mod_lua: Information disclosure with websockets

A flaw was found in the modlua module of httpd. The data returned by the wsread function may point past the end of the storage allocated for the buffer, resulting in information disclosure...

redis: Malformed Lua script can crash Redis

A flaw was found in the Redis database when a malformed Lua script can cause a NULL pointer dereference. This flaw allows an attacker to load a crafting script, which results in a crash of the redis-server process...

redis: Code injection via Lua script execution environment

A flaw was found in the Redis database where Lua scripts can be manipulated to overcome ACL rules. This flaw allows an attacker with access to Redis to inject Lua code that executes the potentially higher privileges of another Redis user...

RLSA-2022:7541 Low: redis:6 security, bug fix, and enhancement update

Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, ...

redis:6 security, bug fix, and enhancement update

An update is available for redis. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Redis is an advanced key-value store. It is often referred to as a data-structu...

ALSA-2022:7541 Low: redis:6 security, bug fix, and enhancement update

Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, ...

RHEL 8 : redis:6 (RHSA-2022:7541)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:7541 advisory. Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets...

Low: redis:6 security, bug fix, and enhancement update

Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, ...

Amazon Linux 2022 : redis6, redis6-devel (ALAS2022-2022-199)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-199 advisory. A flaw was found in the Redis database where Lua scripts can be manipulated to overcome ACL rules. This flaw allows an attacker with access to Redis to inject Lua code that executes the...

Amazon Linux 2022 : lua, lua-devel, lua-libs (ALAS2022-2022-176)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-176 advisory. A stack overflow issue was discovered in Lua in the luaresume function of ldo.c. This flaw allows a local attacker to pass a specially crafted file to the Lua Interpreter, causing a crash that...

Oracle Linux 9 : lua (ELSA-2022-7329)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-7329 advisory. - Fix up CVE-2022-33099 patch Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has not...

RHEL 9 : lua (RHSA-2022:7329)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:7329 advisory. The lua packages provide support for Lua, a powerful light-weight programming language designed for extending applications. Lua is also frequently us...

AlmaLinux 9 : lua (ALSA-2022:7329)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2022:7329 advisory. - An issue in the component luaGrunerror of Lua v5.4.4 and below leads to a heap-buffer overflow when a recursive error occurs. CVE-2022-33099 Note that Nessus has...

lua: heap buffer overflow in luaG_errormsg() in ldebug.c due to uncontrolled recursion in error handling

A vulnerability was found in Lua. During error handling, the luaGerrormsg component uses slots from EXTRASTACK. Some errors can recur such as a string overflow while creating an error message in 'luaGrunerror', or a C-stack overflow before calling the message handler, causing a crash that leads t...

Moderate: Red Hat Security Advisory: lua security update

An update for lua is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CV...

RLSA-2022:7329 Moderate: lua security update

The lua packages provide support for Lua, a powerful light-weight programming language designed for extending applications. Lua is also frequently used as a general-purpose, stand-alone language. Security Fixes: lua: heap buffer overflow in luaGerrormsg in ldebug.c due to uncontrolled recursion i...