[Secure-testing-team] Bug#842987: redis: CVE-2016-2121: weak permissions on sensitive files
Salvatore Bonaccorso
carnil at debian.org
Wed Nov 2 19:53:40 UTC 2016
Source: redis
Version: 2:2.8.17-1
Severity: important
Tags: security
Hi
See
https://bugzilla.redhat.com/show_bug.cgi?id=1390588
and
https://bugzilla.redhat.com/show_bug.cgi?id=1374700
This partially seems to hold as well for Debian, at least for the
/var/lib/redis part for unstable. For jessie it looks e.g.
/etc/resis/redis.conf and otherwould be world-readable as well.
Regards,
Salvatore
More information about the Secure-testing-team
mailing list