|
|
Subscribe / Log in / New account

AlmaLinux alert ALSA-2025:19238 (redis:6)



From:
              AlmaLinux Errata Notifications via Announce <announce@lists.almalinux.org>


To:
              announce@lists.almalinux.org


Subject:
              [Announce]  [Security Advisory] ALSA-2025:19238: redis:6 security update (Important)


Date:
              Thu, 30 Oct 2025 14:01:49 +0000


Message-ID:
              <0100019a356cbb9a-6e4d9c43-26ce-4f3d-aa6b-b56c965d61a8-000000@email.amazonses.com>


Archive-link:
              Article


Hi,

You are receiving an AlmaLinux Security update email because you subscribed to receive errata
notifications from AlmaLinux.

AlmaLinux: 8
Type: Security
Severity: Important
Release date: 2025-10-30

Summary:

Redis is an advanced key-value store. It is often referred to as a data-structure server since keys
can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an
in-memory data set. You can persist it either by dumping the data set to disk every once in a
while, or by appending each command to a log.  

Security Fix(es):  

  * redis: Lua library commands may lead to integer overflow and potential RCE (CVE-2025-46817)
  * Redis: Redis: Authenticated users can execute LUA scripts as a different user
(CVE-2025-46818)
  * Redis: Redis is vulnerable to DoS via specially crafted LUA scripts (CVE-2025-46819)
  * Redis: Redis Lua Use-After-Free may lead to remote code execution (CVE-2025-49844)


For more details about the security issue(s), including the impact, a CVSS score, acknowledgments,
and other related information, refer to the CVE page(s) listed in the References section.


Full details, updated packages, references, and other related information:
https://errata.almalinux.org/8/ALSA-2025-19238.html

This message is automatically generated, please don’t reply. For further questions, please, contact
us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on
https://lists.almalinux.org.

Kind regards,
AlmaLinux Team
_______________________________________________
Announce mailing list -- announce@lists.almalinux.org
To unsubscribe send an email to announce-leave@lists.almalinux.org
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds