ALAS-2024-717

Amazon Linux 2023 Security Advisory: ALAS-2024-717
Advisory Release Date: 2024-09-26 01:44 Pacific
Advisory Updated Date: 2024-10-02 15:30 Pacific

Severity: Important

References: CVE-2024-31228 CVE-2024-31449
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

Denial-of-service due to unbounded pattern matching (CVE-2024-31228)

Lua library commands may be exploited by an authenticated user to achieve remote-code-execution (CVE-2024-31449)

Affected Packages:

redis6

Issue Correction:
Run dnf update redis6 --releasever 2023.5.20241001 to update your system.

New Packages:

aarch64:
    redis6-debuginfo-6.2.14-2.amzn2023.0.1.aarch64
    redis6-devel-6.2.14-2.amzn2023.0.1.aarch64
    redis6-6.2.14-2.amzn2023.0.1.aarch64
    redis6-debugsource-6.2.14-2.amzn2023.0.1.aarch64

noarch:
    redis6-doc-6.2.14-2.amzn2023.0.1.noarch

src:
    redis6-6.2.14-2.amzn2023.0.1.src

x86_64:
    redis6-debuginfo-6.2.14-2.amzn2023.0.1.x86_64
    redis6-devel-6.2.14-2.amzn2023.0.1.x86_64
    redis6-debugsource-6.2.14-2.amzn2023.0.1.x86_64
    redis6-6.2.14-2.amzn2023.0.1.x86_64

Additional References

Red Hat: CVE-2024-31228, CVE-2024-31449

Mitre: CVE-2024-31228, CVE-2024-31449

Select your cookie preferences

Customize cookie preferences

Essential

Performance

Functional

Advertising

ALAS-2024-717

Additional References