new packages: lua

An update is available for lua. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Enterprise...

new packages: lua-rpm-macros

An update is available for lua-rpm-macros. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...

new packages: lua-posix

An update is available for lua-posix. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linux 9....

The vulnerability of the Redis database management system, related to pointer assignment errors, allows attackers to trigger a service failure.

The vulnerability of the Redis database management system is related to errors in pointer assignment. Exploiting this vulnerability can allow an attacker to trigger a service failure using a specially crafted Lua script...

GHSA-4HX3-M8W5-G5QH yii2-redis Potential Remote code execution

Potential remote code execution in LUA context of the redis server via methods yii\redis\ActiveRecord::findOne and yii\redis\ActiveRecord::findAll in yiisoft/yii2-redis. Attackers could probably manipulate data on the redis server...

yii2-redis Potential Remote code execution

Potential remote code execution in LUA context of the redis server via methods yii\redis\ActiveRecord::findOne and yii\redis\ActiveRecord::findAll in yiisoft/yii2-redis. Attackers could probably manipulate data on the redis server...

CVE-2022-28805 affecting package lua 5.3.5-8

CVE-2022-28805 affecting package lua 5.3.5-8. A patched version of the package is available...

Lua scripts can be manipulated to overcome ACL rules in Redis

...

A Malformed Lua script can crash Redis

...

Fedora: Security Advisory for redis (FEDORA-2022-44373f6778)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 34 Update: redis-6.2.7-1.fc34

Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing se...

[SECURITY] Fedora 36 Update: redis-6.2.7-1.fc36

Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing se...

Remote Code Execution (RCE)

redis is vulnerable to remote code execution. The vulnerability exists because the users are not properly restricted which allows an attacker with access to Redis can inject arbitrary Lua code...

Denial Of Service (DoS)

Redis is vulnerable to denial of service. An attacker can load a specially crafted Lua script can cause NULL pointer dereference which will result with a crash of the redis-server process...

Redis < 6.2.7 Multiple Vulnerabilities

Redis is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:redis:redis"; if description...

Denial Of Service (DoS)

lua is vulnerable to denial of service. The vulnerability exists due to a lacks a certain luaKexp2anyregup call, leading to a heap-based buffer over-read in lparser.c allowing an attacker to crash the system via maliciously crafted script...

CVE-2022-24736

A flaw was found in the Redis database when a malformed Lua script can cause a NULL pointer dereference. This flaw allows an attacker to load a crafting script, which results in a crash of the redis-server process. Mitigation If Lua scripting is not being used, this vulnerability can be mitigated...

CVE-2022-24735

A flaw was found in the Redis database where Lua scripts can be manipulated to overcome ACL rules. This flaw allows an attacker with access to Redis to inject Lua code that executes the potentially higher privileges of another Redis user. Mitigation If Lua scripting is not being used, this...

Redis Lua Sandbox Escape

This module exploits CVE-2022-0543, a Lua-based Redis sandbox escape. The vulnerability was introduced by Debian and Ubuntu Redis packages that insufficiently sanitized the Lua environment. The maintainers failed to disable the package interface, allowing attackers to load arbitrary libraries. On...

USN-5371-2 nginx vulnerability

USN-5371-1 fixed several vulnerabilities in nginx. This update provides the fix for CVE-2021-3618 for Ubuntu 22.04 LTS. Original advisory details: It was discovered that nginx Lua module mishandled certain inputs. An attacker could possibly use this issue to perform an HTTP Request Smuggling...