|
|
Subscribe / Log in / New account

Debian alert DSA-6022-1 (valkey)



From:
              Moritz Muehlenhoff <jmm@debian.org>


To:
              debian-security-announce@lists.debian.org


Subject:
              [SECURITY] [DSA 6022-1] valkey security update


Date:
              Thu, 09 Oct 2025 18:53:45 +0000


Message-ID:
              <aOgEuQQFYxBYwvNw@seger.debian.org>


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-6022-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
October 09, 2025                      https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : valkey
CVE ID         : CVE-2025-46817 CVE-2025-46818 CVE-2025-46819 CVE-2025-49844

Multiple security issues were discovered in the Lua scripting interface
of Valkey, a persistent key-value database, which could result in the
execution of arbitrary code or denial of service.

For the stable distribution (trixie), these problems have been fixed in
version 8.1.1+dfsg1-3+deb13u1.

We recommend that you upgrade your valkey packages.

For the detailed security status of valkey please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/valkey

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmjoAngACgkQEMKTtsN8
TjYxeQ//T9kccHygdkgq25mg4gZ6CZIILm5QEZYFZB7ToAU68soXf2tO3+uCJR1h
gBh46j4AB5AI1WjxizM4ws3GLmI5V5gyPrtYexpGWDo5srusoJcR1+Qdxk7JsTNq
AUtUpb7SLV34UvblPQJS01F+zNqHhQACP1OWnGbxptAhRQa055E+F2Sig6ms9nHk
QOaoGn53s7KXKWbsdz/gEbSdoQWJ70EWvkoQPD83kt5hHkXMj3xryW9e0goQKkcL
qvLoKy9Qg4++hUAjVe/lLpLXGhJoKrrHjTJHPN3+ZaRVFt8ZpKET4n6gLmrvTfez
6AJ+aD56pikPXYWO2i0J6E4urADhyTb/XHbllNcUWxToDpj6yZEQlOlqL5lVGKPd
125aZOZWF3uVxUzgshNrnUOl46kT6j8g46XhvSooM8JevloYyMQeiQvFjs7edT2X
L7rsyIG0i/3wJgG/EsDzfdQ0mhC/KxsJCZq1yfzrvZSIf5ZmErOm1lLb2h1n5fbx
LBK9mQPRjFGv938CIO5zQxBzog+7qYQxC9tqZ0WmFDLRC0bsyoon3z5RGUz5XyRp
9ddDiiYKeeosx8vyjk0Wh3f8GGy/3SACUa6/BNhEw0JG/c9oJSQCaY72XlPKyoOV
OjBh/Q4JiY2OKKuMmW1VNl6nf17/OYFZdCK0lVgrBr03/tSqMq4=
=xDHj
-----END PGP SIGNATURE-----
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds