Operating System:

[Debian]

Published:

30 January 2020

Protect yourself against future threats.

//Service

Member Security Incident Notifications

Be proactive with your security and receive our daily Member Security Incident Notifications (MSINs) custom to your network.

Read more
Resources > Security Bulletins > ESB-2020.0332 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2020.0332
                          hiredis security update
                              30 January 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           hiredis
Publisher:         Debian
Operating System:  Debian GNU/Linux 8
Impact/Access:     Denial of Service -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-7105  

Original Bulletin: 
   https://lists.debian.org/debian-lts-announce/2020/01/msg00028.html
   https://security-tracker.debian.org/tracker/CVE-2020-7105

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : hiredis
Version        : 0.11.0-4+deb8u1
CVE ID         : CVE-2020-7105
Debian Bug     : #949995

It was discovered that there were a large number of NULL pointer
dereferences due to unchecked return values from malloc and friends
in hiredis, a minimalistic C client library.

For Debian 8 "Jessie", these issue have been fixed in hiredis version
0.11.0-4+deb8u1.

We recommend that you upgrade your hiredis packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


Regards,

- - -- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-

- -----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAl4xh28ACgkQHpU+J9Qx
HljmWg/9G/mGdKqAxO2um02y8T+jphkAGpU5U/fB7qKht23ERkZbfNCt6RfQuOrR
UIxL7tmHBSyMmA/vkNuaoirx7GHz6zTT9oWcxGCtKmetCeH3XPeDvmMOnjOwq558
XYb+olE06JDQdMGKC/D4D6Lmw7or5sw8braIYT5cSO42NO5jrkzt50lv65PnrE4g
FouYDeH+pp2PHARTa2xF9ZFy5Vhj6ns5TNhmzN7AfSYJzO5YdMxn2g98kIbrDB13
BOqWYBP+m/M4hR/CnB/6LYTqvj1VfzUwwe5UCv+FEDh54xo6c6r78co9fsBqTz4u
a9js73AuTjBVN2rQFH9MpO9FXj0SX3wYDMYNxAt6Fr9iyRNxvulbpanHBk4ImIUs
SfN/TZTqQbr4oajkJZjQSQXm5qDQEMij38SQB4FMNOtklkZs/L9wDWlA/XkLNC/3
Gf6TslAr0BCMeJlRH5sQHeY/sDjbAH8C8MundvQfYlsVSSWdiI9FL+gj5gxKaq4A
wqtODOda6M5zRkUh7g/KaX/LHAZABN7zvYLoBRIfwm8MtxB6jhet7zQHv/bwzYC3
Qw7GMpwi3kUkF7aBSSZnR2L5Lgc05WFgrnJYftEQRwEqM/gRwOlWiZY/FGc9GjX1
VOgOEl2b/Fx/y1+ZBPomlimByaCMQOfINe5jPk5uHL78pY54KIs=
=U5yc
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBXjIZ9GaOgq3Tt24GAQiLjA/9FQVmc1OueqRbeyRvzP3qfsEjFTXCywmD
GhxXK3nCFNk/JIfD8ynt2kTZNx4YaZU6ysSCAqhncU8ypWkv7YlMU4/0vWvqxi8E
AX36H35w3HTsosJr9kCQb4Hju2BTTlkVdU03Ln9qG01BRCjJhSWeE3DJHWO4Z7Mi
RiHV5mIQKg3bP5CHvt2RhMkatyBIZUj3G7K9gJzKZA7l8Q7vS0whq6kveIVW/M/k
FrDjxV+qxbVkBVArshU3Y4uKcvGYcAKhnHhox2AybY79xasz9k5q8gJkW34sj6ce
8ETSXiVuQmXdIGYeifWGal19XCS4D2vgnPi66E4D/C2BYEG1nt40NiOYpVr4JREO
esLuQ+BHTZz402sq27pBrTGI9yAHBorz7KeLwtWdSb8NvphhKyxrS7mmKd5xj90p
i5x5c3kkzUnBVLSla19x44qd+HALS5zDryB8I/S8/9ofdQ5LocQhtf445oH732Mc
+FnYck6ATnBDQ7B/s0I1CX1Y8TN6sffk0N2jn2pRVSeSjn7yvSY2ECNYX5DBd2b+
v/d9SK5Nd5ahXSnDuTjhnKqNPsZ1l8dVa4hby6ll7LBVN0FVOl35BMuVSnM+87Uw
FpIiRgYSr+xip7fsj0yYkSiYvbcSp0yJNpJs9286wLplSKE3uXU578qWwfnPFxoW
CHwTQRtJ4Ws=
=HIUs
-----END PGP SIGNATURE-----