matthew/sonic-buildimage
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
e24fe9bc60
sonic-buildimage/dockers/docker-database
History
Jason Lyu b023c29a1e
[redis] Upgrade redis version (#9757) 
#### Why I did it

The current redis version of SONiC is `6.0.6`, which contains many high-risky security issues like CVEs that are fixed in the latest version. The Redis release notes also highly recommend to upgrade with SECURITY urgency.

```
================================================================================
Redis 6.0.16 Released Mon Oct 4 12:00:00 IDT 2021
================================================================================

Upgrade urgency: SECURITY, contains fixes to security issues.

Security Fixes:
* (CVE-2021-41099) Integer to heap buffer overflow handling certain string
  commands and network payloads, when proto-max-bulk-len is manually configured
  to a non-default, very large value [reported by yiyuaner].
* (CVE-2021-32762) Integer to heap buffer overflow issue in redis-cli and
  redis-sentinel parsing large multi-bulk replies on some older and less common
  platforms [reported by Microsoft Vulnerability Research].
* (CVE-2021-32687) Integer to heap buffer overflow with intsets, when
  set-max-intset-entries is manually configured to a non-default, very large
  value [reported by Pawel Wieczorkiewicz, AWS].
* (CVE-2021-32675) Denial Of Service when processing RESP request payloads with
  a large number of elements on many connections.
* (CVE-2021-32672) Random heap reading issue with Lua Debugger [reported by
  Meir Shpilraien].
* (CVE-2021-32628) Integer to heap buffer overflow handling ziplist-encoded
  data types, when configuring a large, non-default value for
  hash-max-ziplist-entries, hash-max-ziplist-value, zset-max-ziplist-entries
  or zset-max-ziplist-value [reported by sundb].
* (CVE-2021-32627) Integer to heap buffer overflow issue with streams, when
  configuring a non-default, large value for proto-max-bulk-len and
  client-query-buffer-limit [reported by sundb].
* (CVE-2021-32626) Specially crafted Lua scripts may result with Heap buffer
  overflow [reported by Meir Shpilraien].

Other bug fixes:
* Fix appendfsync to always guarantee fsync before reply, on MacOS and FreeBSD (kqueue) (#9416)
* Fix the wrong mis-detection of sync_file_range system call, affecting performance (#9371)
* Fix replication issues when repl-diskless-load is used (#9280)
```

#### How I did it

Edit `Dockerfile.j2` file

#### How to verify it

Check redis version

#### Description for the changelog
This PR will upgrade redis-server version to `6.0.16`.
2022-02-15 16:43:01 -08:00
..
base_image_files [Monit] Deprecate the feature of monitoring the critical processes by Monit (#7676) 2021-06-04 10:16:53 -07:00
critical_processes [dockers] Update critical_processes file syntax (#4831) 2020-06-25 21:18:21 -07:00
database_config.json.j2 [PINS] Add APPL_STATE_DB and response path log (#9082) 2021-11-24 10:31:06 -08:00
database_global.json.j2 Multi DB with namespace support, Introducing the database_global.json… (#4477) 2020-05-08 21:24:05 -07:00
docker-database-init.sh [docker-base-buster][docker-config-engine-buster] No longer install Python 2 (#6162) 2020-12-25 21:29:25 -08:00
Dockerfile.j2 [redis] Upgrade redis version (#9757) 2022-02-15 16:43:01 -08:00
flush_unused_database [docker-database] Fix Python3 issue (#7700) 2021-05-31 05:36:24 -07:00
supervisord.conf.j2 [dockers][supervisor] Increase event buffer size for process exit listener; Set all event buffer sizes to 1024 (#7083) 2021-03-27 21:14:24 -07:00