Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Fedora 42: Valkey Addresses Serious Security Flaws from Out-of-Bounds

fedora
Calendar Grey July 25, 2025
Dist Fedora Esm H88
Valkey 8.0.4 on Fedora 42 introduces critical security enhancements. Update today to mitigate potential threats from existing vulnerabilities.
Valkey 8.0.4 - Released Mon 07 July 2025 Upgrade urgency SECURITY: This release includes security fixes we recommend you apply as soon as possible

Summary

Valkey is an advanced key-value store. It is often referred to as a data

structure server since keys can contain strings, hashes, lists, sets and

sorted sets.

You can run atomic operations on these types, like appending to a string;

incrementing the value in a hash; pushing to a list; computing set

intersection, union and difference; or getting the member with highest

ranking in a sorted set.

In order to achieve its outstanding performance, Valkey works with an

in-memory dataset. Depending on your use case, you can persist it either

by dumping the dataset to disk every once in a while, or by appending

each command to a log.

Valkey also supports trivial-to-setup master-slave replication, with very

fast non-blocking first synchronization, auto-reconnection on net split

and so forth.

Other features include Transactions, Pub/Sub, Lua scripting, Keys with a

limited time-to-live, and configuration settings to make Valkey behave like

a cache.

You can use Valkey from most programming languages also.

Update Information:

Valkey 8.0.4 - Released Mon 07 July 2025 Upgrade urgency SECURITY: This release includes security fixes we recommend you apply as soon as possible. Security fixes CVE-2025-32023 prevent out-of-bounds write during hyperloglog operations (#2146) CVE-2025-48367 retry accept on transient errors (#2315) Security fixes backported from 8.1.2 CVE-2025-27151 Check length of AOF file name in valkey-check-aof (#2146)

Topics%20covered

Topics Covered

security advisory denial of service fedora critical out-of-bounds valkey

Change Log

* Wed Jul 16 2025 Remi Collet - 8.0.4-1 - update to 8.0.4 fixes CVE-2025-27151 CVE-2025-48367 and CVE-2025-32023

References


[ 1 ] Bug #2380113 - CVE-2025-27151 valkey: Redis Stack Buffer Overflow [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2380113 [ 2 ] Bug #2380116 - CVE-2025-48367 valkey: Redis Unauthenticated Denial of Service [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2380116 [ 3 ] Bug #2380118 - CVE-2025-32023 valkey: Redis Hyperloglog Out-of-Bounds Write Vulnerability [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2380118

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-8e2eddc063' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
important
Lowest
Low
Medium
High
Critical

Name: valkey
Product: Fedora 42
Version: 8.0.4
Release: 1.fc42
URL: https://valkey.io
Summary: A persistent key-value database

Topics%20covered

Topics Covered

security advisory denial of service fedora critical out-of-bounds valkey

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here