fluidB
/
webdiss
1
0
Fork 0
Code Pull Requests Activity

Release 0.1.17.1 (Fixes Redis vulnerabilities)

Browse Source 
Security update: upgrading the version of Redis bundled in
the Webdis image to fix a number of severe vulnerabilities.

* Low severity vulnerability found in redis/redis
  Description: Integer Overflow or Wraparound
  Info: https://snyk.io/vuln/SNYK-ALPINE314-REDIS-1727801
  Introduced through: redis/redis@6.2.5-r0
  From: redis/redis@6.2.5-r0
  Fixed in: 6.2.6-r0

* Medium severity vulnerability found in redis/redis
  Description: Out-of-bounds Read
  Info: https://snyk.io/vuln/SNYK-ALPINE314-REDIS-1727803
  Introduced through: redis/redis@6.2.5-r0
  From: redis/redis@6.2.5-r0
  Fixed in: 6.2.6-r0

* High severity vulnerability found in redis/redis
  Description: Allocation of Resources Without Limits or Throttling
  Info: https://snyk.io/vuln/SNYK-ALPINE314-REDIS-1727783
  Introduced through: redis/redis@6.2.5-r0
  From: redis/redis@6.2.5-r0
  Fixed in: 6.2.6-r0

* High severity vulnerability found in redis/redis
  Description: CVE-2021-32626
  Info: https://snyk.io/vuln/SNYK-ALPINE314-REDIS-1727820
  Introduced through: redis/redis@6.2.5-r0
  From: redis/redis@6.2.5-r0
  Fixed in: 6.2.6-r0

* High severity vulnerability found in redis/redis
  Description: Integer Overflow or Wraparound
  Info: https://snyk.io/vuln/SNYK-ALPINE314-REDIS-1727822
  Introduced through: redis/redis@6.2.5-r0
  From: redis/redis@6.2.5-r0
  Fixed in: 6.2.6-r0

* High severity vulnerability found in redis/redis
  Description: Integer Overflow or Wraparound
  Info: https://snyk.io/vuln/SNYK-ALPINE314-REDIS-1727823
  Introduced through: redis/redis@6.2.5-r0
  From: redis/redis@6.2.5-r0
  Fixed in: 6.2.6-r0

* High severity vulnerability found in redis/redis
  Description: Integer Overflow or Wraparound
  Info: https://snyk.io/vuln/SNYK-ALPINE314-REDIS-1727825
  Introduced through: redis/redis@6.2.5-r0
  From: redis/redis@6.2.5-r0
  Fixed in: 6.2.6-r0

* High severity vulnerability found in redis/redis
  Description: Integer Overflow or Wraparound
  Info: https://snyk.io/vuln/SNYK-ALPINE314-REDIS-1727826
  Introduced through: redis/redis@6.2.5-r0
  From: redis/redis@6.2.5-r0
  Fixed in: 6.2.6-r0
master
Nicolas Favre-Felix 3 years ago
parent 9bbe0d3389
commit 942be1fd54
No known key found for this signature in database
GPG Key ID: C04E7AA8B6F73372
2 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File

3
Dockerfile
Unescape Escape View File

@ -11,7 +11,8 @@ RUN sed -i -e 's/"daemonize":.*true,/"daemonize": false,/g' /etc/webdis.prod.jso
# main image
FROM alpine:3.14.2
# Required dependencies, with versions fixing known security vulnerabilities
RUN apk update && apk add libevent msgpack-c 'redis>5.1' 'apk-tools>2.12.6-r0'
# RUN apk update && apk add libevent msgpack-c 'redis>5.1' 'apk-tools>2.12.6-r0'
RUN apk update && apk add libevent msgpack-c 'redis>6.2.6' 'apk-tools>2.12.6-r0'
COPY --from=stage /usr/local/bin/webdis /usr/local/bin/
COPY --from=stage /etc/webdis.prod.json /etc/webdis.prod.json
RUN echo "daemonize yes" >> /etc/redis.conf

2
src/version.h
Unescape Escape View File

@ -2,7 +2,7 @@
#define VERSION_H
#ifndef WEBDIS_VERSION
#define WEBDIS_VERSION "0.1.18-dev"
#define WEBDIS_VERSION "0.1.17.1"
#endif
#endif /* VERSION_H */

Write Preview
Loading…
Cancel
Save