Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Fedora 42 FEDORA-2025-129268f8e4 critical: valkey integer underflow

fedora
Calendar Grey June 15, 2025
Dist Fedora Esm H88
Patch for CVE-2025-49113, resolving a severe buffer overflow in Valkey for Fedora 42 to improve system security.
Fix CVE-2025-49112 Fix CVE-2025-49112

Summary

Valkey is an advanced key-value store. It is often referred to as a data

structure server since keys can contain strings, hashes, lists, sets and

sorted sets.

You can run atomic operations on these types, like appending to a string;

incrementing the value in a hash; pushing to a list; computing set

intersection, union and difference; or getting the member with highest

ranking in a sorted set.

In order to achieve its outstanding performance, Valkey works with an

in-memory dataset. Depending on your use case, you can persist it either

by dumping the dataset to disk every once in a while, or by appending

each command to a log.

Valkey also supports trivial-to-setup master-slave replication, with very

fast non-blocking first synchronization, auto-reconnection on net split

and so forth.

Other features include Transactions, Pub/Sub, Lua scripting, Keys with a

limited time-to-live, and configuration settings to make Valkey behave like

a cache.

You can use Valkey from most programming languages also.

Update Information:

Fix CVE-2025-49112 Fix CVE-2025-49112

Topics%20covered

Topics Covered

security advisory fedora critical database integer underflow valkey

Change Log

* Fri Jun 6 2025 Jonathan Wright - 8.0.3-3 - Apply patch for CVE-2025-49112 properly * Fri Jun 6 2025 Jonathan Wright - 8.0.3-2 - Fixes CVE-2025-49112

References


[ 1 ] Bug #2369765 - CVE-2025-49112 valkey: Valkey Integer Underflow Vulnerability [epel-8] https://bugzilla.redhat.com/show_bug.cgi?id=2369765 [ 2 ] Bug #2369766 - CVE-2025-49112 valkey: Valkey Integer Underflow Vulnerability [epel-9] https://bugzilla.redhat.com/show_bug.cgi?id=2369766 [ 3 ] Bug #2369767 - CVE-2025-49112 valkey: Valkey Integer Underflow Vulnerability [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2369767

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-129268f8e4' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: valkey
Product: Fedora 42
Version: 8.0.3
Release: 3.fc42
URL: https://valkey.io
Summary: A persistent key-value database

Topics%20covered

Topics Covered

security advisory fedora critical database integer underflow valkey

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here