aboutsummaryrefslogtreecommitdiffstats
path: root/english/lts/security/2017/dla-1161.wml
blob: 469d31cf51bf34b81bf9f3fc4378e244ed6d183e (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
<define-tag description>LTS security update</define-tag>
<define-tag moreinfo>
<p>It was discovered that there was a <q>Cross Protocol Scripting</q> attack in
the Redis key-value database.</p>

<p>"POST" and "Host:" command strings (which are not valid in the Redis
protocol) were not immediately rejected when an attacker makes HTTP
request to the Redis TCP port.</p>

<p>For Debian 7 <q>Wheezy</q>, this issue has been fixed in redis version
2:2.4.14-1+deb7u2.</p>

<p>We recommend that you upgrade your redis packages.</p>
</define-tag>

# do not modify the following line
#include "$(ENGLISHDIR)/lts/security/2017/dla-1161.data"
# $Id: $

© 2014-2024 Faster IT GmbH | imprint | privacy policy