b023c29a1e
#### Why I did it The current redis version of SONiC is `6.0.6`, which contains many high-risky security issues like CVEs that are fixed in the latest version. The Redis release notes also highly recommend to upgrade with SECURITY urgency. ``` ================================================================================ Redis 6.0.16 Released Mon Oct 4 12:00:00 IDT 2021 ================================================================================ Upgrade urgency: SECURITY, contains fixes to security issues. Security Fixes: * (CVE-2021-41099) Integer to heap buffer overflow handling certain string commands and network payloads, when proto-max-bulk-len is manually configured to a non-default, very large value [reported by yiyuaner]. * (CVE-2021-32762) Integer to heap buffer overflow issue in redis-cli and redis-sentinel parsing large multi-bulk replies on some older and less common platforms [reported by Microsoft Vulnerability Research]. * (CVE-2021-32687) Integer to heap buffer overflow with intsets, when set-max-intset-entries is manually configured to a non-default, very large value [reported by Pawel Wieczorkiewicz, AWS]. * (CVE-2021-32675) Denial Of Service when processing RESP request payloads with a large number of elements on many connections. * (CVE-2021-32672) Random heap reading issue with Lua Debugger [reported by Meir Shpilraien]. * (CVE-2021-32628) Integer to heap buffer overflow handling ziplist-encoded data types, when configuring a large, non-default value for hash-max-ziplist-entries, hash-max-ziplist-value, zset-max-ziplist-entries or zset-max-ziplist-value [reported by sundb]. * (CVE-2021-32627) Integer to heap buffer overflow issue with streams, when configuring a non-default, large value for proto-max-bulk-len and client-query-buffer-limit [reported by sundb]. * (CVE-2021-32626) Specially crafted Lua scripts may result with Heap buffer overflow [reported by Meir Shpilraien]. Other bug fixes: * Fix appendfsync to always guarantee fsync before reply, on MacOS and FreeBSD (kqueue) (#9416) * Fix the wrong mis-detection of sync_file_range system call, affecting performance (#9371) * Fix replication issues when repl-diskless-load is used (#9280) ``` #### How I did it Edit `Dockerfile.j2` file #### How to verify it Check redis version #### Description for the changelog This PR will upgrade redis-server version to `6.0.16`. |
||
---|---|---|
.. | ||
docker-base | ||
docker-base-bullseye | ||
docker-base-buster | ||
docker-base-stretch | ||
docker-basic_router | ||
docker-config-engine | ||
docker-config-engine-bullseye | ||
docker-config-engine-buster | ||
docker-config-engine-stretch | ||
docker-database | ||
docker-dhcp-relay | ||
docker-fpm-frr | ||
docker-fpm-gobgp | ||
docker-iccpd | ||
docker-lldp | ||
docker-macsec | ||
docker-mux | ||
docker-nat | ||
docker-orchagent | ||
docker-pde | ||
docker-platform-monitor | ||
docker-ptf | ||
docker-router-advertiser | ||
docker-sflow | ||
docker-snmp | ||
docker-sonic-mgmt | ||
docker-sonic-mgmt-framework | ||
docker-sonic-p4rt | ||
docker-sonic-restapi | ||
docker-sonic-sdk | ||
docker-sonic-sdk-buildenv | ||
docker-sonic-telemetry | ||
docker-swss-layer-buster | ||
docker-teamd | ||
dockerfile-macros.j2 |