Alerts This Week
Warning Icon 1 1,154
Alerts This Week
Warning Icon 1 1,154

Fedora 42 Valkey Security Issues CVE-2026-23479 Critical Memory Access

fedora
Calendar Grey May 18, 2026
Dist Fedora Esm H88
Fedora 42 valkey update addresses critical security flaws, ensure your system is protected against potential threats.
Version 8.0.9 Security fixes (CVE-2026-23479) Use-After-Free in unblock client flow (CVE-2026-25243) Invalid Memory Access in RESTORE command (CVE-2026-23631) Use-after-free when f...

Summary

Valkey is an advanced key-value store. It is often referred to as a data

structure server since keys can contain strings, hashes, lists, sets and

sorted sets.

You can run atomic operations on these types, like appending to a string;

incrementing the value in a hash; pushing to a list; computing set

intersection, union and difference; or getting the member with highest

ranking in a sorted set.

In order to achieve its outstanding performance, Valkey works with an

in-memory dataset. Depending on your use case, you can persist it either

by dumping the dataset to disk every once in a while, or by appending

each command to a log.

Valkey also supports trivial-to-setup master-slave replication, with very

fast non-blocking first synchronization, auto-reconnection on net split

and so forth.

Other features include Transactions, Pub/Sub, Lua scripting, Keys with a

limited time-to-live, and configuration settings to make Valkey behave like

a cache.

You can use Valkey from most programming languages also.

Update Information:

Version 8.0.9 Security fixes (CVE-2026-23479) Use-After-Free in unblock client flow (CVE-2026-25243) Invalid Memory Access in RESTORE command (CVE-2026-23631) Use-after-free when full sync occurs during a yielding Lua/function execution

Change Log

* Thu May 7 2026 Remi Collet - 8.0.9-1 - Valkey 8.0.9 - Wed 06 May 2026 - Upgrade urgency SECURITY: This release includes security fixes

References


[ 1 ] Bug #2477968 - CVE-2026-23479 valkey: use-after-free in unblock client flow may allow remote code execution [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2477968

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-114b1e5d3a' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: valkey
Product: Fedora 42
Version: 8.0.9
Release: 1.fc42
Summary: A persistent key-value database

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here