|Related CVEs||CVE-2021-32672 CVE-2021-32687 CVE-2021-32675 CVE-2021-32626|
A number of vulnerabilities were discovered in Redis, a popular key/value database:
CVE-2021-32672: Random heap reading issue with Lua Debugger.
CVE-2021-32687: Integer to heap buffer overflow with intsets, when set-max-intset-entries is manually configured to a non-default, very large value.
CVE-2021-32675: Denial Of Service when processing RESP request payloads with a large number of elements on many connections.
CVE-2021-32626: Specially crafted Lua scripts may result with Heap buffer overflow.
For Debian 8 Jessie, these problems have been fixed in version 2:2.8.17-1+deb8u9.
We recommend that you upgrade your redis packages.
Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/