FYI - updates to remediate this for Ubuntu 20.04 LTS and Ubuntu 21.10 were published earlier via USN-5316-1
https://ubuntu.com/security/notices/USN-5316-1 Thanks, Alex On Mon, 2022-03-07 at 13:14:12 +1030, Alex Murray wrote: > Hi Reginaldo, > > I am taking a look at this now for Ubuntu (note as redis is in universe > it is community maintained but since this is a relatively trivial fix > and you are planning to release a PoC exploit I have taken this on > myself). > > Thanks, > Alex > > On Thu, 2022-03-03 at 16:21:19 -0300, Reginaldo Silva wrote: > >> Sure thing >> >> Debian bug: >> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1005787 >> >> Debian DSA: >> https://www.debian.org/security/2022/dsa-5081 >> >> Cheers, >> >> Reginaldo >> On Thu, Mar 3, 2022 at 15:00 Thomas Ward <tew...@thomas-ward.net> wrote: >> >>> Is there a Debian or Ununtu bug for this? For tracking purposes for a fix >>> and such. >>> >>> >>> >>> Sent from my Galaxy >>> >>> >>> >>> -------- Original message -------- >>> From: Reginaldo Silva <regina...@ubercomp.com> >>> Date: 3/3/22 11:59 (GMT-05:00) >>> To: ubuntu-devel-discuss@lists.ubuntu.com >>> Subject: CVE-2022-0543 also applies to Ubuntu >>> >>> Hi, Ubuntu team. >>> >>> Back in January I discovered that there's a redis sandbox escape on Debian >>> and Debian-derived distributions. It also affects Ubuntu. Please update >>> from the Debian sources (it's a one-line patch to debian/rules). I plan to >>> publish a blog post with a Proof of Concept exploit, but will give time for >>> Ubuntu to release a fix first. >>> >>> https://lists.debian.org/debian-security-announce/2022/msg00048.html >>> >>> Best regards, >>> >>> Reginaldo >>> >> -- >> Ubuntu-devel-discuss mailing list >> Ubuntu-devel-discuss@lists.ubuntu.com >> Modify settings or unsubscribe at: >> https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss > > -- > Ubuntu-devel-discuss mailing list > Ubuntu-devel-discuss@lists.ubuntu.com > Modify settings or unsubscribe at: > https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
