{"affected":[{"ecosystem_specific":{"binaries":[{"redis":"4.0.2-9.1"}]},"package":{"ecosystem":"SUSE:Package Hub 12","name":"redis","purl":"pkg:rpm/suse/redis&distro=SUSE%20Package%20Hub%2012"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.0.2-9.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for redis to version 4.0.2 fixes the following issues:\n\n- CVE-2016-8339: CONFIG SET client-output-buffer-limit Code Execution Vulnerability (boo#1002351)\n\nThe following upstream changes are included:\n   \n- SLOWLOG now logs the offending client name and address\n- The modules native data types RDB format changed.\n- The AOF check utility is now able to deal with RDB preambles.\n- GEORADIUS_RO and GEORADIUSBYMEMBER_RO variants, not supporting the STORE option,\n  were added in order to allow read-only scaling of such queries.\n- HSET is now variadic, and HMSET is considered deprecated\n- GEORADIUS huge radius (>= ~6000 km) corner cases fixed\n- HyperLogLog commands no longer crash on certain input (non HLL) strings.\n- Fixed SLAVEOF inside MULTI/EXEC blocks.\n- TCP binding bug fixed when only certain addresses were available for a given por\n- MIGRATE could crash the server after a socket error \n  ","id":"openSUSE-SU-2017:2984-1","modified":"2017-11-10T13:02:13Z","published":"2017-11-10T13:02:13Z","references":[{"type":"ADVISORY","url":null},{"type":"REPORT","url":"https://bugzilla.suse.com/1064980"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-10517"}],"related":["CVE-2016-10517"],"summary":"Security update for redis","upstream":["CVE-2016-10517"]}