From 8e3342054dabc1188e9921bb521888ca9fb385fe Mon Sep 17 00:00:00 2001 From: Madelyn Olson Date: Mon, 6 Jan 2025 14:03:36 -0800 Subject: [PATCH] Update release notes with final security information Signed-off-by: Madelyn Olson --- 00-RELEASENOTES | 7 +++++++ src/eval.c | 2 +- src/sort.c | 2 +- 3 files changed, 9 insertions(+), 2 deletions(-) diff --git a/00-RELEASENOTES b/00-RELEASENOTES index 53e87da272..4299ecc2a9 100644 --- a/00-RELEASENOTES +++ b/00-RELEASENOTES @@ -36,12 +36,19 @@ Bug fixes mode. (#1155) * Send the correct error message when `FUNCTION KIlL` is used to kill an ongoing script. (#1171) +* Fix a potential memory corruption when databases are emptied, such as + through `FLUSHDB`, when during active defrag is running. Behavior changes ================ * Revert an unintended breaking change when sending an unsubuscribe command when a client is not subscribed to any channels. (#1265) +Security fixes +============== +* (CVE-2024-46981) Lua script commands may lead to remote code execution. (#1513) +* (CVE-2024-51741) Denial-of-service due to malformed ACL selectors. (#1514) + ================================================================================ Valkey 8.0.1 - Released Tue 1 Oct 2024 ================================================================================ diff --git a/src/eval.c b/src/eval.c index 8d36e28326..73d5e2fedc 100644 --- a/src/eval.c +++ b/src/eval.c @@ -282,7 +282,7 @@ void scriptingInit(int setup) { void freeLuaScriptsSync(dict *lua_scripts, list *lua_scripts_lru_list, lua_State *lua) { dictRelease(lua_scripts); listRelease(lua_scripts_lru_list); - lua_gc(lctx.lua, LUA_GCCOLLECT, 0); + lua_gc(lua, LUA_GCCOLLECT, 0); lua_close(lua); #if !defined(USE_LIBC) diff --git a/src/sort.c b/src/sort.c index 92777b068c..8390c5ba2e 100644 --- a/src/sort.c +++ b/src/sort.c @@ -262,7 +262,7 @@ void sortCommandGeneric(client *c, int readonly) { /* If GET is specified with a real pattern, we can't accept it in cluster mode, * unless we can make sure the keys formed by the pattern are in the same slot * as the key to sort. */ - if (server.cluster_enabled && + if (server.cluster_enabled && !isReturnSubstPattern(c->argv[j + 1]->ptr) && !isReturnSubstPattern(c->argv[j + 1]->ptr) && patternHashSlot(c->argv[j + 1]->ptr, sdslen(c->argv[j + 1]->ptr)) != getKeySlot(c->argv[1]->ptr)) { addReplyError(c, "GET option of SORT denied in Cluster mode when "