|
|
Subscribe / Log in / New account

Debian alert DSA-6020-1 (redis)



From:
              Moritz Muehlenhoff <jmm@debian.org>


To:
              debian-security-announce@lists.debian.org


Subject:
              [SECURITY] [DSA 6020-1] redis security update


Date:
              Wed, 08 Oct 2025 18:19:11 +0000


Message-ID:
              <aOarHw-WSZH-O9zf@seger.debian.org>


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-6020-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
October 08, 2025                      https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : redis
CVE ID         : CVE-2025-46817 CVE-2025-46818 CVE-2025-46819 CVE-2025-49844

Multiple security issues were discovered in the Lua scripting interface
of Redis, a persistent key-value database, which could result in the
execution of arbitrary code or denial of service.

For the oldstable distribution (bookworm), these problems have been fixed
in version 5:7.0.15-1~deb12u6.

For the stable distribution (trixie), these problems have been fixed in
version 5:8.0.2-3+deb13u1.

We recommend that you upgrade your redis packages.

For the detailed security status of redis please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/redis

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmjmqmUACgkQEMKTtsN8
TjaY+g//VPLjh+VVX+QdKTRilOFdZKg5KOkPb47XonS5NzKIBQc7vHmOW8DghO45
IeUAFxucQwD0r3neASoYPsv0xFZUnQZQ3z6jQpOyimL39TlbrCJ15cKZKqPSFfkv
0h0LSfExODriT+wmcPtPSmumRuS/Kpz0s4gUXwtNhgF4QeShJlIF+fMuIP0TZODN
iPdTsNpAxPZ/+ha+xZ4GhRn9pxOLPBfnVuxqZbq6UgFfyrRfBfOZzmm1fD3VfBwT
C7D1lgZarUMtx7AMHpeUzQOrNLPhcMOUDFrcKXbS7o2xf2yUoKMXI30M05Mn3FTw
KGIwJmcV2GLGFhW1NzptrsOnWfRdh2Te3EDIziwnXrAqjYLsrBo6GYtNvf0ONcBJ
AO6SL1mPlJowDTHxnQ5xX/lecPXVo6lWV+ceI4NjAh9WzU7imXYailiYEiyHw79/
qLACg+A7y7MTG2LiOh1bUhK5MQdgUejwZoc/PzjrJS6nuPocEZA/i4wb105sqzdS
edGRanQqA9RIJOP96Zf08hnaTK29CxyhzTDTcWLTRzbnzUTFFx1KJf2i187j1smk
jfZvlP5MbnjTrOMr/ozcBJHgvo1trTAqBXvzSPUbi7TwUzK/IUUNsDnoNzEUlDEE
aMTjybLr6ccsViH6YseDrfGjUh4UMDFMFNUJcqnlc7QGnl46ZhY=
=DNII
-----END PGP SIGNATURE-----
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds