ALASREDIS6-2024-010

Amazon Linux 2 Security Advisory: ALASREDIS6-2024-010
Advisory Release Date: 2024-09-26 01:10 Pacific
Advisory Updated Date: 2024-10-02 14:50 Pacific

Severity: Important

References: CVE-2024-31228 CVE-2024-31449
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

Denial-of-service due to unbounded pattern matching (CVE-2024-31228)

Lua library commands may be exploited by an authenticated user to achieve remote-code-execution (CVE-2024-31449)

Affected Packages:

redis

Note:

This advisory is applicable to Amazon Linux 2 - Redis6 Extra. Visit this page to learn more about Amazon Linux 2 (AL2) Extras and this FAQ section for the difference between AL2 Core and AL2 Extras advisories.

Issue Correction:
Run yum update redis to update your system.

New Packages:

aarch64:
    redis-6.2.14-2.amzn2.aarch64
    redis-devel-6.2.14-2.amzn2.aarch64
    redis-debuginfo-6.2.14-2.amzn2.aarch64

noarch:
    redis-doc-6.2.14-2.amzn2.noarch

src:
    redis-6.2.14-2.amzn2.src

x86_64:
    redis-6.2.14-2.amzn2.x86_64
    redis-devel-6.2.14-2.amzn2.x86_64
    redis-debuginfo-6.2.14-2.amzn2.x86_64

Additional References

Red Hat: CVE-2024-31228, CVE-2024-31449

Mitre: CVE-2024-31228, CVE-2024-31449

Select your cookie preferences

Customize cookie preferences

Essential

Performance

Functional

Advertising

ALASREDIS6-2024-010

Additional References