CVE-2015-4335
Published: 9 June 2015
Redis before 2.8.21 and 3.x before 3.0.2 allows remote attackers to execute arbitrary Lua bytecode via the eval command.
From the Ubuntu Security Team
It was discovered that Redis incorrectly handled eval commands. An attacker could possibly use this issue to execute arbitrary code.
Notes
Author | Note |
---|---|
leosilva | xenial already has the code patched |
Priority
Status
Package | Release | Status |
---|---|---|
redis Launchpad, Ubuntu, Debian |
artful |
Ignored
(end of life)
|
bionic |
Not vulnerable
(5:4.0.9-1)
|
|
precise |
Ignored
(end of life)
|
|
trusty |
Released
(2:2.8.4-2ubuntu0.2)
|
|
upstream |
Released
(2:3.0.2-1)
|
|
utopic |
Ignored
(end of life)
|
|
vivid |
Ignored
(end of life)
|
|
wily |
Ignored
(end of life)
|
|
xenial |
Not vulnerable
(2:3.0.6-1)
|
|
yakkety |
Ignored
(end of life)
|
|
zesty |
Ignored
(end of life)
|
|
Patches: upstream: https://github.com/antirez/redis/commit/fdf9d455098f54f7666c702ae464e6ea21e25411 |