diff mbox series

[meta-oe,scarthgap,6/8] redis: handle CVE-2025-27151

Message ID 20251130203511.462501-6-skandigraun@gmail.com
State New
Headers show
Series [meta-oe,scarthgap,1/8] yasm: add alternative CVE_PRODUCT | expand

Commit Message

Gyorgy Sarvari Nov. 30, 2025, 8:35 p.m. UTC 
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-27151

In redis 7 this is already patched[1], and the recipe contains the
fix.
For redis 6 backport the relevant patch (which is referenced in the
nvd report)

[1]: https://github.com/redis/redis/commit/d0eeee6e31f0fefb510007a8cfdf5dce729a8be9

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
 .../redis/redis/CVE-2025-27151.patch          | 32 +++++++++++++++++++
 .../recipes-extended/redis/redis_6.2.21.bb    |  3 +-
 .../recipes-extended/redis/redis_7.2.12.bb    |  1 +
 3 files changed, 35 insertions(+), 1 deletion(-)
 create mode 100644 meta-oe/recipes-extended/redis/redis/CVE-2025-27151.patch
diff mbox series

Patch

diff --git a/meta-oe/recipes-extended/redis/redis/CVE-2025-27151.patch b/meta-oe/recipes-extended/redis/redis/CVE-2025-27151.patch
new file mode 100644
index 0000000000..ccd56ea8a8
--- /dev/null
+++ b/meta-oe/recipes-extended/redis/redis/CVE-2025-27151.patch
@@ -0,0 +1,32 @@ 
+From 845233cecd6327a20957a97b78e61bccaaa652f7 Mon Sep 17 00:00:00 2001
+From: YaacovHazan <yaacov.hazan@redis.com>
+Date: Tue, 27 May 2025 10:23:27 +0300
+Subject: [PATCH] Check length of AOF file name in redis-check-aof
+ (CVE-2025-27151)
+
+Ensure that the length of the input file name does not exceed PATH_MAX
+
+CVE: CVE-2025-27151
+Upstream-Status: Backport [https://github.com/redis/redis/commit/d0eeee6e31f0fefb510007a8cfdf5dce729a8be9]
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ src/redis-check-aof.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/src/redis-check-aof.c b/src/redis-check-aof.c
+index 1507e0a..3961ac5 100644
+--- a/src/redis-check-aof.c
++++ b/src/redis-check-aof.c
+@@ -164,6 +164,12 @@ int redis_check_aof_main(int argc, char **argv) {
+         exit(1);
+     }
+ 
++    /* Check if filepath is longer than PATH_MAX */
++    if (strlen(filename) > PATH_MAX) {
++        printf("Error: filename is too long (exceeds PATH_MAX)\n");
++        exit(1);
++    }
++
+     FILE *fp = fopen(filename,"r+");
+     if (fp == NULL) {
+         printf("Cannot open file: %s\n", filename);
diff --git a/meta-oe/recipes-extended/redis/redis_6.2.21.bb b/meta-oe/recipes-extended/redis/redis_6.2.21.bb
index efa8677e76..d23d3c07c6 100644
--- a/meta-oe/recipes-extended/redis/redis_6.2.21.bb
+++ b/meta-oe/recipes-extended/redis/redis_6.2.21.bb
@@ -16,7 +16,8 @@  SRC_URI = "http://download.redis.io/releases/${BP}.tar.gz \
            file://0004-src-Do-not-reset-FINAL_LIBS.patch \
            file://0005-Define-_GNU_SOURCE-to-get-PTHREAD_MUTEX_INITIALIZER.patch \
            file://0006-Define-correct-gregs-for-RISCV32.patch \
-          "
+           file://CVE-2025-27151.patch \
+           "
 
 SRC_URI[sha256sum] = "6383b32ba8d246f41bbbb83663381f5a5f4c4713235433cec22fc4a47e9b6d5f"
 
diff --git a/meta-oe/recipes-extended/redis/redis_7.2.12.bb b/meta-oe/recipes-extended/redis/redis_7.2.12.bb
index cd2be6f27e..efbe86b358 100644
--- a/meta-oe/recipes-extended/redis/redis_7.2.12.bb
+++ b/meta-oe/recipes-extended/redis/redis_7.2.12.bb
@@ -71,3 +71,4 @@  SYSTEMD_SERVICE:${PN} = "redis.service"
 
 CVE_STATUS[CVE-2022-3734] = "not-applicable-platform: CVE only applies for Windows."
 CVE_STATUS[CVE-2022-0543] = "not-applicable-config: the vulnerability is not present in upstream, only in Debian-packaged versions"
+CVE_STATUS[CVE-2025-27151] = "fixed-version: the used version(7.2.12) contains the fix"