RLSA-2025:19238

Synopsis

Important: redis:6 security update

Description

Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, or by appending each command to a log.

Security Fix(es):

* redis: Lua library commands may lead to integer overflow and potential RCE (CVE-2025-46817)

* Redis: Redis: Authenticated users can execute LUA scripts as a different user (CVE-2025-46818)

* Redis: Redis is vulnerable to DoS via specially crafted LUA scripts (CVE-2025-46819)

* Redis: Redis Lua Use-After-Free may lead to remote code execution (CVE-2025-49844)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected products

Rocky Linux 8 aarch64 Rocky Linux 8 x86_64

Fixes

2401258 2401292 2401322 2401324

CVEs

CVE-2025-46817 CVE-2025-46818 CVE-2025-46819 CVE-2025-49844

Affected packages

Rocky Linux 8 aarch64 - AppStream

redis-0:6.2.20-1.module+el8.10.0+2081+450a296c.aarch64.rpm redis-0:6.2.20-1.module+el8.10.0+2081+450a296c.src.rpm redis-debuginfo-0:6.2.20-1.module+el8.10.0+2081+450a296c.aarch64.rpm redis-debugsource-0:6.2.20-1.module+el8.10.0+2081+450a296c.aarch64.rpm redis-devel-0:6.2.20-1.module+el8.10.0+2081+450a296c.aarch64.rpm redis-doc-0:6.2.20-1.module+el8.10.0+2081+450a296c.noarch.rpm

Rocky Linux 8 x86_64 - AppStream

redis-0:6.2.20-1.module+el8.10.0+2081+450a296c.src.rpm redis-0:6.2.20-1.module+el8.10.0+2081+450a296c.x86_64.rpm redis-debuginfo-0:6.2.20-1.module+el8.10.0+2081+450a296c.x86_64.rpm redis-debugsource-0:6.2.20-1.module+el8.10.0+2081+450a296c.x86_64.rpm redis-devel-0:6.2.20-1.module+el8.10.0+2081+450a296c.x86_64.rpm redis-doc-0:6.2.20-1.module+el8.10.0+2081+450a296c.noarch.rpm