## This update for valkey fixes the following issues: Update to version 8.0.7. Security issues fixed: * CVE-2025-67733: data tampering and denial of service via improper null character handling in Lua scripts (bsc#1258746). * CVE-2026-21863: denial of service via invalid clusterbus packet (bsc#1258788). Other updates and bugfixes: * ltrim should not call signalModifiedKey when no elements are removed (#2787) * chained replica crash when doing dual channel replication (#2983) * used_memory_dataset underflow due to miscalculated used_memory_overhead (#3005) * avoids crash during MODULE UNLOAD when ACL rules reference a module command and subcommand (#3160) * server assert on ACL LOAD and resetchannels (#3182) * bug causing no response flush sometimes when IO threads are busy (#3205) ## Patch Instructions:
* bsc#1258746
* bsc#1258788
Cross-
* CVE-2025-67733
* CVE-2026-21863
CVSS scores:
* CVE-2025-67733 ( SUSE ): 6.8 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H
* CVE-2025-67733 ( NVD ): 8.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H
* CVE-2025-67733 ( NVD ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
* CVE-2026-21863 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-21863 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
* Server Applications Module 15-SP7
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
An update that solves two vulnerabilities can now be installed.
##
* https://www.suse.com/security/cve/CVE-2025-67733.html
Get the latest Linux and open source security news straight to your inbox.