Alerts This Week
Warning Icon 1 609
Alerts This Week
Warning Icon 1 609

Fedora 41: Critical Valkey Remote Code Execution Flaw CVE-2025-49844

fedora
Calendar Grey October 13, 2025
Dist Fedora Esm H88
Upgrade Valkey on Fedora 41 to address critical remote code execution risks immediately.
Valkey 8.0.6 - Released Fri 03 October 2025 Upgrade urgency SECURITY: This release includes security fixes we recommend you apply as soon as possible

Summary

Valkey is an advanced key-value store. It is often referred to as a data

structure server since keys can contain strings, hashes, lists, sets and

sorted sets.

You can run atomic operations on these types, like appending to a string;

incrementing the value in a hash; pushing to a list; computing set

intersection, union and difference; or getting the member with highest

ranking in a sorted set.

In order to achieve its outstanding performance, Valkey works with an

in-memory dataset. Depending on your use case, you can persist it either

by dumping the dataset to disk every once in a while, or by appending

each command to a log.

Valkey also supports trivial-to-setup master-slave replication, with very

fast non-blocking first synchronization, auto-reconnection on net split

and so forth.

Other features include Transactions, Pub/Sub, Lua scripting, Keys with a

limited time-to-live, and configuration settings to make Valkey behave like

a cache.

You can use Valkey from most programming languages also.

Update Information:

Valkey 8.0.6 - Released Fri 03 October 2025 Upgrade urgency SECURITY: This release includes security fixes we recommend you apply as soon as possible. Security fixes CVE-2025-49844 A Lua script may lead to remote code execution CVE-2025-46817 A Lua script may lead to integer overflow and potential RCE CVE-2025-46818 A Lua script can be executed in the context of another user CVE-2025-46819 LUA out-of-bound read Bug fixes Fix accounting for dual channel RDB bytes in replication stats (#2616) Minor fix for dual rdb channel connection conn error log (#2658) Fix unsigned difference expression compared to zero (#2101) Valkey 8.0.5 - Released Thu 22 Aug 2025 Upgrade urgency SECURITY: This release includes security fixes we recommend you apply as soon as possible. Bug fixes Fix clients remaining blocked when reprocessing commands after certain blocking operations (#2109) Fix a memory corruption issue in the sharded pub/sub unsubscribe logic (#2137) Fix potential me...

Topics%20covered

Topics Covered

security advisory fedora critical remote code execution lua script valkey

Change Log

* Sat Oct 4 2025 Remi Collet - 8.0.6-1 - update to 8.0.6 fixes CVE-2025-49844 CVE-2025-46817 CVE-2025-46818 and CVE-2025-46819 - update documentation to 8.0.5

References


[ 1 ] Bug #2402050 - CVE-2025-49844 valkey: Redis Lua Use-After-Free may lead to remote code execution [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2402050

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-00e79c49ca' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: valkey
Product: Fedora 41
Version: 8.0.6
Release: 1.fc41
URL: https://valkey.io
Summary: A persistent key-value database

Topics%20covered

Topics Covered

security advisory fedora critical remote code execution lua script valkey

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here