USN-5316-1: Redis vulnerability
8 March 2022
Redis could be made to run programs if it received specially crafted network traffic from an authenticated user.
- redis - Persistent key-value database with network interface
Reginaldo Silva discovered that due to a packaging issue, a remote attacker
with the ability to execute arbitrary Lua scripts could possibly escape the
Lua sandbox and execute arbitrary code on the host.
The problem can be corrected by updating your system to the following package versions:
In general, a standard system update will make all the necessary changes.