Mageia 9 Redis Medium Remote Code Execution Vulnerabilities MGASA-2026-0134
mageia
May 14, 2026
MGASA-2026-0134 - Updated redis packages fix security vulnerabilities
Summary
Description:
(CVE-2026-23479) Use-After-Free in unblock client flow may lead to
Remote Code Execution.
(CVE-2026-25243) Invalid memory access in RESTORE may lead to Remote
Code Execution
(CVE-2026-23631) Lua Use-After-Free may lead to remote code execution
A user can manipulate data read by a connection by injecting \r\n
sequences into a Redis error reply
References
- https://bugs.mageia.org/show_bug.cgi?id=35514
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/CVOEZ7I2TIPXYBFA4UYY5GI5Q4VOAD7C/
- https://github.com/redis/redis/releases/tag/7.2.13
- https://github.com/redis/redis/releases/tag/7.2.14
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23479
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23631
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25243
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25588
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25589
Topics Covered
Resolution
SRPMS
- 9/core/redis-7.2.14-1.mga9
PREVIOUS
NEXT
Severity
medium
Lowest
Low
Medium
High
Critical
Publication date: 14 May 2026
URL: https://advisories.mageia.org/MGASA-2026-0134.html
Type: security
CVE: CVE-2026-23479,
CVE-2026-23631,
CVE-2026-25243,
CVE-2026-25588,
CVE-2026-25589
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!