ALSA-2025:19237

[ALSA-2025:19237] Important: redis security update

Type:

security

Severity:

important

Release date:

2025-10-30

Description:

Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, or by appending each command to a log.  

Security Fix(es):  

  * redis: Lua library commands may lead to integer overflow and potential RCE (CVE-2025-46817)
  * Redis: Redis: Authenticated users can execute LUA scripts as a different user (CVE-2025-46818)
  * Redis: Redis is vulnerable to DoS via specially crafted LUA scripts (CVE-2025-46819)
  * Redis: Redis Lua Use-After-Free may lead to remote code execution (CVE-2025-49844)


For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	redis-devel-6.2.20-1.el9_6.aarch64.rpm	6442fa64d40ae4ebea9b9d55fd6c2d23ae3c45d51478ac006469164a796ee4d5
aarch64	redis-6.2.20-1.el9_6.aarch64.rpm	c017301e2b4a87eca2518d706417abda6f1076c6ce9c1ae0a6196bb04ba38fd6
i686	redis-devel-6.2.20-1.el9_6.i686.rpm	0c0b59c774b645c0b970c2fd0742ce00f2680f7bd0e97582aa00581bcf662497
noarch	redis-doc-6.2.20-1.el9_6.noarch.rpm	1e8b70ff7c429f4c9a4b2ceeb0700b5d771d0e49fd783385b99e72d840a97e99
ppc64le	redis-devel-6.2.20-1.el9_6.ppc64le.rpm	41186205c40e48754a3032051aae4bff39cd54cb8153d5d0637eefc4e75e96b6
ppc64le	redis-6.2.20-1.el9_6.ppc64le.rpm	d5123699c39c15cafa06f7779e7df1a13a22c3ab1f8de6bfde656255ef2efa98
s390x	redis-6.2.20-1.el9_6.s390x.rpm	5b43c4b7d3eb60cb891f5de031dc25594e84b8d8ffa06bc0e059addc50822540
s390x	redis-devel-6.2.20-1.el9_6.s390x.rpm	e4dd3b299980bf7179914f2cdd3ad6ee456b4f874e308930d5c51a5dec6fa418
x86_64	redis-6.2.20-1.el9_6.x86_64.rpm	2d08736aa96f0930cb6ff91d952cede699bd606c5bd22f23c5f5e6290d5ccd06
x86_64	redis-devel-6.2.20-1.el9_6.x86_64.rpm	d2922fa621b6b90f129a98129b372a388ba15623fec949b21ae556950f6f5f5b

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.