CVE-2022-0543 also applies to Ubuntu
Alex Murray
alex.murray at canonical.com
Mon Mar 7 02:44:12 UTC 2022
Hi Reginaldo,
I am taking a look at this now for Ubuntu (note as redis is in universe
it is community maintained but since this is a relatively trivial fix
and you are planning to release a PoC exploit I have taken this on
myself).
Thanks,
Alex
On Thu, 2022-03-03 at 16:21:19 -0300, Reginaldo Silva wrote:
> Sure thing
>
> Debian bug:
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1005787
>
> Debian DSA:
> https://www.debian.org/security/2022/dsa-5081
>
> Cheers,
>
> Reginaldo
> On Thu, Mar 3, 2022 at 15:00 Thomas Ward <teward at thomas-ward.net> wrote:
>
>> Is there a Debian or Ununtu bug for this? For tracking purposes for a fix
>> and such.
>>
>>
>>
>> Sent from my Galaxy
>>
>>
>>
>> -------- Original message --------
>> From: Reginaldo Silva <reginaldo at ubercomp.com>
>> Date: 3/3/22 11:59 (GMT-05:00)
>> To: ubuntu-devel-discuss at lists.ubuntu.com
>> Subject: CVE-2022-0543 also applies to Ubuntu
>>
>> Hi, Ubuntu team.
>>
>> Back in January I discovered that there's a redis sandbox escape on Debian
>> and Debian-derived distributions. It also affects Ubuntu. Please update
>> from the Debian sources (it's a one-line patch to debian/rules). I plan to
>> publish a blog post with a Proof of Concept exploit, but will give time for
>> Ubuntu to release a fix first.
>>
>> https://lists.debian.org/debian-security-announce/2022/msg00048.html
>>
>> Best regards,
>>
>> Reginaldo
>>
> --
> Ubuntu-devel-discuss mailing list
> Ubuntu-devel-discuss at lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
More information about the Ubuntu-devel-discuss
mailing list