UBUNTU-CVE-2023-45145

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2023-45145

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-45145.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2023-45145

Related

Published

2023-10-18T21:15:00Z

Modified

2024-10-15T14:11:47Z

Severity

3.6 (Low) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Redis is an in-memory database that persists on disk. On startup, Redis begins listening on a Unix socket before adjusting its permissions to the user-provided configuration. If a permissive umask(2) is used, this creates a race condition that enables, during a short period of time, another process to establish an otherwise unauthorized connection. This problem has existed since Redis 2.6.0-RC1. This issue has been addressed in Redis versions 7.2.2, 7.0.14 and 6.2.14. Users are advised to upgrade. For users unable to upgrade, it is possible to work around the problem by disabling Unix sockets, starting Redis with a restrictive umask, or storing the Unix socket file in a protected directory.

References

Affected packages

Ubuntu:Pro:14.04:LTS / redis

Package

Name: redis
Purl: pkg:deb/ubuntu/redis?arch=src?distro=trusty/esm

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2:2.8.4-2ubuntu0.2+esm3

Affected versions

2:2.*

2:2.6.13-1

2:2.6.16-3

2:2.8.0-1

2:2.8.2-1

2:2.8.4-2

2:2.8.4-2ubuntu0.2

2:2.8.4-2ubuntu0.2+esm1

2:2.8.4-2ubuntu0.2+esm2

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "2:2.8.4-2ubuntu0.2+esm3",
            "binary_name": "redis-server"
        },
        {
            "binary_version": "2:2.8.4-2ubuntu0.2+esm3",
            "binary_name": "redis-server-dbgsym"
        },
        {
            "binary_version": "2:2.8.4-2ubuntu0.2+esm3",
            "binary_name": "redis-tools"
        },
        {
            "binary_version": "2:2.8.4-2ubuntu0.2+esm3",
            "binary_name": "redis-tools-dbgsym"
        }
    ]
}

Ubuntu:Pro:16.04:LTS / redis

Package

Name: redis
Purl: pkg:deb/ubuntu/redis?arch=src?distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2:3.0.6-1ubuntu0.4+esm2

Affected versions

2:3.*

2:3.0.3-3

2:3.0.5-1

2:3.0.5-2

2:3.0.5-3

2:3.0.5-4

2:3.0.6-1

2:3.0.6-1ubuntu0.2

2:3.0.6-1ubuntu0.3

2:3.0.6-1ubuntu0.4

2:3.0.6-1ubuntu0.4+esm1

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "2:3.0.6-1ubuntu0.4+esm2",
            "binary_name": "redis-sentinel"
        },
        {
            "binary_version": "2:3.0.6-1ubuntu0.4+esm2",
            "binary_name": "redis-server"
        },
        {
            "binary_version": "2:3.0.6-1ubuntu0.4+esm2",
            "binary_name": "redis-server-dbgsym"
        },
        {
            "binary_version": "2:3.0.6-1ubuntu0.4+esm2",
            "binary_name": "redis-tools"
        },
        {
            "binary_version": "2:3.0.6-1ubuntu0.4+esm2",
            "binary_name": "redis-tools-dbgsym"
        }
    ]
}

Ubuntu:Pro:18.04:LTS / redis

Package

Name: redis
Purl: pkg:deb/ubuntu/redis?arch=src?distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5:4.0.9-1ubuntu0.2+esm4

Affected versions

4:4.*

4:4.0.1-7

4:4.0.2-6

4:4.0.2-9

5:4.*

5:4.0.5-1

5:4.0.6-1

5:4.0.6-2

5:4.0.7-1

5:4.0.8-1

5:4.0.8-2

5:4.0.9-1

5:4.0.9-1ubuntu0.1

5:4.0.9-1ubuntu0.2

5:4.0.9-1ubuntu0.2+esm2

5:4.0.9-1ubuntu0.2+esm3

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "5:4.0.9-1ubuntu0.2+esm4",
            "binary_name": "redis"
        },
        {
            "binary_version": "5:4.0.9-1ubuntu0.2+esm4",
            "binary_name": "redis-sentinel"
        },
        {
            "binary_version": "5:4.0.9-1ubuntu0.2+esm4",
            "binary_name": "redis-server"
        },
        {
            "binary_version": "5:4.0.9-1ubuntu0.2+esm4",
            "binary_name": "redis-tools"
        },
        {
            "binary_version": "5:4.0.9-1ubuntu0.2+esm4",
            "binary_name": "redis-tools-dbgsym"
        }
    ]
}

Ubuntu:20.04:LTS / redis

Package

Name: redis
Purl: pkg:deb/ubuntu/redis?arch=src?distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5:5.*

5:5.0.5-2build1

5:5.0.6-1

5:5.0.7-1

5:5.0.7-2

5:5.0.7-2ubuntu0.1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:20.04:LTS / redis

Package

Name: redis
Purl: pkg:deb/ubuntu/redis?arch=src?distro=esm-apps/focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5:5.0.7-2ubuntu0.1+esm2

Affected versions

5:5.*

5:5.0.5-2build1

5:5.0.6-1

5:5.0.7-1

5:5.0.7-2

5:5.0.7-2ubuntu0.1~esm1

5:5.0.7-2ubuntu0.1

5:5.0.7-2ubuntu0.1+esm1

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "5:5.0.7-2ubuntu0.1+esm2",
            "binary_name": "redis"
        },
        {
            "binary_version": "5:5.0.7-2ubuntu0.1+esm2",
            "binary_name": "redis-sentinel"
        },
        {
            "binary_version": "5:5.0.7-2ubuntu0.1+esm2",
            "binary_name": "redis-server"
        },
        {
            "binary_version": "5:5.0.7-2ubuntu0.1+esm2",
            "binary_name": "redis-tools"
        },
        {
            "binary_version": "5:5.0.7-2ubuntu0.1+esm2",
            "binary_name": "redis-tools-dbgsym"
        }
    ]
}

Ubuntu:22.04:LTS / redis

Package

Name: redis
Purl: pkg:deb/ubuntu/redis?arch=src?distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5:6.*

5:6.0.15-1

5:6.0.16-1

5:6.0.16-1build1

5:6.0.16-1ubuntu1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:22.04:LTS / redis

Package

Name: redis
Purl: pkg:deb/ubuntu/redis?arch=src?distro=esm-apps/jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5:6.0.16-1ubuntu1+esm1

Affected versions

5:6.*

5:6.0.15-1

5:6.0.16-1

5:6.0.16-1build1

5:6.0.16-1ubuntu1

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "5:6.0.16-1ubuntu1+esm1",
            "binary_name": "redis"
        },
        {
            "binary_version": "5:6.0.16-1ubuntu1+esm1",
            "binary_name": "redis-sentinel"
        },
        {
            "binary_version": "5:6.0.16-1ubuntu1+esm1",
            "binary_name": "redis-server"
        },
        {
            "binary_version": "5:6.0.16-1ubuntu1+esm1",
            "binary_name": "redis-tools"
        },
        {
            "binary_version": "5:6.0.16-1ubuntu1+esm1",
            "binary_name": "redis-tools-dbgsym"
        }
    ]
}

Ubuntu:24.10 / redis

Package

Name: redis
Purl: pkg:deb/ubuntu/redis?arch=src?distro=oracular

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5:7.0.15-1build2

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "5:7.0.15-1build2",
            "binary_name": "redis"
        },
        {
            "binary_version": "5:7.0.15-1build2",
            "binary_name": "redis-sentinel"
        },
        {
            "binary_version": "5:7.0.15-1build2",
            "binary_name": "redis-server"
        },
        {
            "binary_version": "5:7.0.15-1build2",
            "binary_name": "redis-tools"
        },
        {
            "binary_version": "5:7.0.15-1build2",
            "binary_name": "redis-tools-dbgsym"
        }
    ]
}

Ubuntu:24.04:LTS / redis

Package

Name: redis
Purl: pkg:deb/ubuntu/redis?arch=src?distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5:7.0.14-1

Affected versions

5:7.*

5:7.0.12-1

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "5:7.0.14-1",
            "binary_name": "redis"
        },
        {
            "binary_version": "5:7.0.14-1",
            "binary_name": "redis-sentinel"
        },
        {
            "binary_version": "5:7.0.14-1",
            "binary_name": "redis-server"
        },
        {
            "binary_version": "5:7.0.14-1",
            "binary_name": "redis-tools"
        },
        {
            "binary_version": "5:7.0.14-1",
            "binary_name": "redis-tools-dbgsym"
        }
    ]
}