Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Fedora 41: Valkey 8.0.4 Important Security Patch for DoS Vulnerability

fedora
Calendar Grey July 25, 2025
Dist Fedora Esm H88
Valkey 8.0.4 for Fedora 41 incorporates crucial security enhancements. Implement fixes for buffer overflows and authentication issues.
Valkey 8.0.4 - Released Mon 07 July 2025 Upgrade urgency SECURITY: This release includes security fixes we recommend you apply as soon as possible

Summary

Valkey is an advanced key-value store. It is often referred to as a data

structure server since keys can contain strings, hashes, lists, sets and

sorted sets.

You can run atomic operations on these types, like appending to a string;

incrementing the value in a hash; pushing to a list; computing set

intersection, union and difference; or getting the member with highest

ranking in a sorted set.

In order to achieve its outstanding performance, Valkey works with an

in-memory dataset. Depending on your use case, you can persist it either

by dumping the dataset to disk every once in a while, or by appending

each command to a log.

Valkey also supports trivial-to-setup master-slave replication, with very

fast non-blocking first synchronization, auto-reconnection on net split

and so forth.

Other features include Transactions, Pub/Sub, Lua scripting, Keys with a

limited time-to-live, and configuration settings to make Valkey behave like

a cache.

You can use Valkey from most programming languages also.

Update Information:

Valkey 8.0.4 - Released Mon 07 July 2025 Upgrade urgency SECURITY: This release includes security fixes we recommend you apply as soon as possible. Security fixes CVE-2025-32023 prevent out-of-bounds write during hyperloglog operations (#2146) CVE-2025-48367 retry accept on transient errors (#2315) Security fixes backported from 8.1.2 CVE-2025-27151 Check length of AOF file name in valkey-check-aof (#2146)

Topics%20covered

Topics Covered

security advisory denial of service fedora critical key value store description of security issue

Change Log

* Wed Jul 16 2025 Remi Collet - 8.0.4-1 - update to 8.0.4 fixes CVE-2025-27151 CVE-2025-48367 and CVE-2025-32023

References


[ 1 ] Bug #2380113 - CVE-2025-27151 valkey: Redis Stack Buffer Overflow [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2380113 [ 2 ] Bug #2380116 - CVE-2025-48367 valkey: Redis Unauthenticated Denial of Service [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2380116 [ 3 ] Bug #2380118 - CVE-2025-32023 valkey: Redis Hyperloglog Out-of-Bounds Write Vulnerability [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2380118

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-34895333b5' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
important
Lowest
Low
Medium
High
Critical

Name: valkey
Product: Fedora 41
Version: 8.0.4
Release: 1.fc41
URL: https://valkey.io
Summary: A persistent key-value database

Topics%20covered

Topics Covered

security advisory denial of service fedora critical key value store description of security issue

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here