ALSA-2025:19238

[ALSA-2025:19238] Important: redis:6 security update

Type:

security

Severity:

important

Release date:

2025-10-30

Description:

Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, or by appending each command to a log.  

Security Fix(es):  

  * redis: Lua library commands may lead to integer overflow and potential RCE (CVE-2025-46817)
  * Redis: Redis: Authenticated users can execute LUA scripts as a different user (CVE-2025-46818)
  * Redis: Redis is vulnerable to DoS via specially crafted LUA scripts (CVE-2025-46819)
  * Redis: Redis Lua Use-After-Free may lead to remote code execution (CVE-2025-49844)


For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	redis-devel-6.2.20-1.module_el8.10.0+4056+739731b0.aarch64.rpm	2bae1b74163dcc2e2c11ea8755059ac8bfb90b0f8a82689b83ee2f98e98156d6
aarch64	redis-6.2.20-1.module_el8.10.0+4056+739731b0.aarch64.rpm	afff4eaba8fe791bff5d9ef1c5ddff414f62a32a194170b1bdd06657c0769831
noarch	redis-doc-6.2.20-1.module_el8.10.0+4056+739731b0.noarch.rpm	5a965954de717567dae9e8ca714759d08be771d6b2e21f7a38c1b5958208a5d0
ppc64le	redis-devel-6.2.20-1.module_el8.10.0+4056+739731b0.ppc64le.rpm	59357c89075b030e6cbc9da76c4b72bc24fcfeb75e85e2b9c74d2e6238048927
ppc64le	redis-6.2.20-1.module_el8.10.0+4056+739731b0.ppc64le.rpm	f9eaa08f682c801503ab44cc9d44958468af00461553bde794748a4fb7a7d91a
s390x	redis-6.2.20-1.module_el8.10.0+4056+739731b0.s390x.rpm	266c19054dfab110926f0f8e9c6c6947192b9a0e5084a3d13f412ff9415290e1
s390x	redis-devel-6.2.20-1.module_el8.10.0+4056+739731b0.s390x.rpm	e7773998499a0f948fb30b41c3615fab1dc045e934cb4bad9064c90bcd98eda5
x86_64	redis-6.2.20-1.module_el8.10.0+4056+739731b0.x86_64.rpm	1eff3d95f9eba8c7cb1497e073a047b377c701678b78af289510de90162fe2ad
x86_64	redis-devel-6.2.20-1.module_el8.10.0+4056+739731b0.x86_64.rpm	239c422b8868b96b245544a348795f6b695bff7bf107da1f206d82e306ef990c

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.