A vulnerability in Redis could lead to remote code execution.
|Package||dev-db/redis on all architectures|
|Affected versions||< 6.0.12|
|Unaffected versions||>= 5.0.12
Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache and message broker.
It was discovered that there were a number of integer overflow issues in Redis.
A remote attacker, able to connect to a Redis instance, could send a malicious crafted large request possibly resulting in the execution of arbitrary code with the privileges of the process or a Denial of Service condition.
There is no known workaround at this time.
All Redis 5.x users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-db/redis-5.0.12"
All Redis 6.x users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-db/redis-6.0.12"
March 31, 2021
March 31, 2021: 1