Hi everybody,
Redis 6.2.4 and 6.0.14 are out to address an overflow issue in the STRALGO LCS.
Upgrade urgency: SECURITY, Contains fixes to security issues that affect
authenticated client connections. MODERATE otherwise.
Fix integer overflow in STRALGO LCS (CVE-2021-32625)
An integer overflow bug in Redis version 6.0 or newer can be exploited using the
STRALGO LCS command to corrupt the heap and potentially result with remote code
execution. This is a result of an incomplete fix by CVE-2021-29477.
Redis 6.2.4 release notes
---
Bug fixes that are only applicable to previous releases of Redis 6.2:
Other bug fixes:
Improvements:
Redis 6.0.14 release notes
---
Other bug fixes:
Cheers,
The Redis Team