[ALSA-2026:25925] Important: valkey security update
Type:
security
Severity:
important
Release date:
2026-07-02
Description:
Valkey is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing set intersection, union and difference; or getting the member with highest ranking in a sorted set. In order to achieve its outstanding performance, Valkey works with an in-memory dataset. Depending on your use case, you can persist it either by dumping the dataset to disk every once in a while, or by appending each command to a log. Valkey also supports trivial-to-setup master-slave replication, with very fast non-blocking first synchronization, auto-reconnection on net split and so forth. Other features include Transactions, Pub/Sub, Lua scripting, Keys with a limited time-to-live, and configuration settings to make Valkey behave like a cache. You can use Valkey from most programming languages also. Security Fix(es): * redis: use-after-free in unblock client flow may allow remote code execution (CVE-2026-23479) * redis: Remote code execution via use-after-free in Lua scripting (CVE-2026-23631) * redis: RESTORE invalid memory access may allow remote code execution (CVE-2026-25243) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Updated packages listed below:
Architecture Package Checksum
aarch64 valkey-8.0.9-1.el9_8.aarch64.rpm 256b1bd03c769e9cd7385befd9d8ca9d4078b8370af63ccca10608a3eb6e1405
aarch64 valkey-devel-8.0.9-1.el9_8.aarch64.rpm fbf3bb7119e758a4b02f7d10c2f296193b7b79c8a50dd7cfba22386aea093532
ppc64le valkey-devel-8.0.9-1.el9_8.ppc64le.rpm d74850ceeebcded99834e95c175616429f0f2b4817b3066bd07cd3b454e2efaa
ppc64le valkey-8.0.9-1.el9_8.ppc64le.rpm e6e98deb7db0618d8ecc6954bf3a8e2ffd79d1d2e7caa94223d1f4756adeb0e7
s390x valkey-8.0.9-1.el9_8.s390x.rpm 07d2f8e0ebbf8ab0cf4a525664d2fd850768bdc52f23f2cf1222c679e8cc122d
s390x valkey-devel-8.0.9-1.el9_8.s390x.rpm e44cebcd4d658d367631a85b9b81f1dac71bcaf18a6209d8fb9791b83c5ab147
x86_64 valkey-devel-8.0.9-1.el9_8.x86_64.rpm 3526fbf5163c1bbba9f8625b33f134bfb8983ae94385c114ff173b6c7d7aea89
x86_64 valkey-8.0.9-1.el9_8.x86_64.rpm b4d72b9156106f4a96fa1d05bb9c956f5267d50590d7ff5e31c9f85f1c615735
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.