Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -5 articles for you...
89
security advisoryFedorasecurity fixFedora 41: valkey 8.0.3 security fix advisory for CVE-2025-21605
Valkey 8.0.3 - Released Wed 23 Apr 2025 Upgrade urgency SECURITY: This release includes security fixes we recommend you apply as soon as possible. Bug fixes Optimize RDB load performance and fix cluster mode resizing on replica side. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-d191ee2f9a 2025-05-03 01:10:19.809477+00:00 -------------------------------------------------------------------------------- Name : valkey Product : Fedora 41 Version : 8.0.3 Release : 1.fc41 URL : https://valkey.io Summary : A persistent key-value database Description : Valkey is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing set intersection, union and difference; or getting the member with highest ranking in a sorted set. In order to achieve its outstanding performance, Valkey works with an in-memory dataset. Depending on your use case, you can persist it either by dumping the dataset to disk every once in a while, or by appending each command to a log. Valkey also supports trivial-to-setup master-slave replication, with very fast non-blocking first synchronization, auto-reconnection on net split and so forth. Other features include Transactions, Pub/Sub, Lua scripting, Keys with a limited time-to-live, and configuration settings to make Valkey behave like a cache. You can use Valkey from most programming languages also. -------------------------------------------------------------------------------- Update Information: Valkey 8.0.3 - Released Wed 23 Apr 2025 Upgrade urgency SECURITY: This release includes security fixes we recommend you apply as soon as possible. Bug fixes Optimize RDB load performance and fix cluster mode resizing onreplica side (#1199) Fix memory leak in forgotten node ping ext code path (#1574) Fix cluster info sent stats for message with light header (#1563) Fix module LatencyAddSample still work when latency-monitor-threshold is 0 (#1541) Fix potential crash in radix tree recompression of huge keys (#1722) Fix error "SSL routines::bad length" when connTLSWrite is called second time with smaller buffer (#1737) Fix temp file leak druing replication error handling (#1721) Fix ACL LOAD crash on replica since the primary client don't has a user (#1842) Fix RANDOMKEY infinite loop during CLIENT PAUSE (#1850) fix: add samples to stream object consumer trees (#1825) Fix cluster slot stats assertion during promotion of replica (#1950) Fix panic in primary when blocking shutdown after previous block with timeout (#1948) Ignore stale gossip packets that arrive out of order (#1777) Fix incorrect lag reported in XINFO GROUPS (#1952) Avoid shard id update of replica if not matching with primary shard id (#573) Security fixes CVE-2025-21605 Limit output buffer for unauthenticated clients (#1993) -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 24 2025 Remi Collet - 8.0.3-1 - update to 8.0.3 fixes CVE-2025-21605 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-d191ee2f9a' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
May 03, 2025 •Critical Fedora 89
security advisoryupdatecriticalFedora 41 redict update 2025-d6c0319427 critical: multiple CVE fixes
update to 7.3.2 fixes CVE-2024-46981 fixes CVE-2024-51741 fixes CVE-2024-31449 fixes CVE-2024-31227. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-d6c0319427 2025-01-17 01:25:27.857344+00:00 -------------------------------------------------------------------------------- Name : redict Product : Fedora 41 Version : 7.3.2 Release : 1.fc41 URL : https://redict.io Summary : A persistent key-value database Description : Redict is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing set intersection, union and difference; or getting the member with highest ranking in a sorted set. In order to achieve its outstanding performance, Redict works with an in-memory dataset. Depending on your use case, you can persist it either by dumping the dataset to disk every once in a while, or by appending each command to a log. Redict also supports trivial-to-setup master-slave replication, with very fast non-blocking first synchronization, auto-reconnection on net split and so forth. Other features include Transactions, Pub/Sub, Lua scripting, Keys with a limited time-to-live, and configuration settings to make Redict behave like a cache. You can use Redict from most programming languages also. -------------------------------------------------------------------------------- Update Information: update to 7.3.2 fixes CVE-2024-46981 fixes CVE-2024-51741 fixes CVE-2024-31449 fixes CVE-2024-31227 fixes CVE-2024-31228 -------------------------------------------------------------------------------- ChangeLog: * Wed Jan 8 2025 Jonathan Wright - 7.3.2-1 - update to 7.3.2 rhbz#2315906 fixes CVE-2024-46981 fixes CVE-2024-51741 fixes CVE-2024-31449 fixes CVE-2024-31227 fixes CVE-2024-31228 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-d6c0319427' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Jan 17, 2025 •Critical Fedora 
89
security advisorysecurity issuefedoraFedora 37 Security Advisory: Redis 7.0.13 - Critical Access Control Issue
**Redis 7.0.13** Released Wed 06 Sep 2023 15:00:00 IDT Upgrade urgency SECURITY: See security fixes below. Security Fixes * (**CVE-2023-41053**) Redis does not correctly identify keys accessed by SORT_RO and as a result may grant users executing this command access to keys that are not explicitly authorized by the ACL configuration. Bug Fixes * Cluster: fix a race condition. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2023-0e9e7544df 2023-09-16 01:40:12.903746 -------------------------------------------------------------------------------- Name : redis Product : Fedora 37 Version : 7.0.13 Release : 1.fc37 URL : https://redis.io Summary : A persistent key-value database Description : Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing set intersection, union and difference; or getting the member with highest ranking in a sorted set. In order to achieve its outstanding performance, Redis works with an in-memory dataset. Depending on your use case, you can persist it either by dumping the dataset to disk every once in a while, or by appending each command to a log. Redis also supports trivial-to-setup master-slave replication, with very fast non-blocking first synchronization, auto-reconnection on net split and so forth. Other features include Transactions, Pub/Sub, Lua scripting, Keys with a limited time-to-live, and configuration settings to make Redis behave like a cache. You can use Redis from most programming languages also. -------------------------------------------------------------------------------- Update Information: **Redis 7.0.13** Released Wed 06 Sep 2023 15:00:00 IDT Upgrade urgency SECURITY: Seesecurity fixes below. Security Fixes * (**CVE-2023-41053**) Redis does not correctly identify keys accessed by SORT_RO and as a result may grant users executing this command access to keys that are not explicitly authorized by the ACL configuration. Bug Fixes * Cluster: fix a race condition where a slot migration may revert on a subsequent failover or node joining (#12344) * Ensure that the function load timeout is disabled during loading from RDB/AOF and on replicas. (#12451) * Fix the assertion when script timeout occurs after it signaled a blocked client (#12459) -------------------------------------------------------------------------------- ChangeLog: * Thu Sep 7 2023 Remi Collet - 7.0.13-1 - Upstream 7.0.13 release -------------------------------------------------------------------------------- References: [ 1 ] Bug #2237826 - CVE-2023-41053 redis: Redis SORT_RO may bypass ACL configuration https://bugzilla.redhat.com/show_bug.cgi?id=2237826 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-0e9e7544df' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Sep 16, 2023 •Critical Fedora 89
security advisorycriticalFedoraFedora 38: 2023-03422cb8de Critical: Redis Access Control Bypass
**Redis 7.0.13** Released Wed 06 Sep 2023 15:00:00 IDT Upgrade urgency SECURITY: See security fixes below. Security Fixes * (**CVE-2023-41053**) Redis does not correctly identify keys accessed by SORT_RO and as a result may grant users executing this command access to keys that are not explicitly authorized by the ACL configuration. Bug Fixes * Cluster: fix a race condition. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2023-03422cb8de 2023-09-16 01:28:00.682356 -------------------------------------------------------------------------------- Name : redis Product : Fedora 38 Version : 7.0.13 Release : 1.fc38 URL : https://redis.io Summary : A persistent key-value database Description : Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing set intersection, union and difference; or getting the member with highest ranking in a sorted set. In order to achieve its outstanding performance, Redis works with an in-memory dataset. Depending on your use case, you can persist it either by dumping the dataset to disk every once in a while, or by appending each command to a log. Redis also supports trivial-to-setup master-slave replication, with very fast non-blocking first synchronization, auto-reconnection on net split and so forth. Other features include Transactions, Pub/Sub, Lua scripting, Keys with a limited time-to-live, and configuration settings to make Redis behave like a cache. You can use Redis from most programming languages also. -------------------------------------------------------------------------------- Update Information: **Redis 7.0.13** Released Wed 06 Sep 2023 15:00:00 IDT Upgrade urgency SECURITY: Seesecurity fixes below. Security Fixes * (**CVE-2023-41053**) Redis does not correctly identify keys accessed by SORT_RO and as a result may grant users executing this command access to keys that are not explicitly authorized by the ACL configuration. Bug Fixes * Cluster: fix a race condition where a slot migration may revert on a subsequent failover or node joining (#12344) * Ensure that the function load timeout is disabled during loading from RDB/AOF and on replicas. (#12451) * Fix the assertion when script timeout occurs after it signaled a blocked client (#12459) -------------------------------------------------------------------------------- ChangeLog: * Thu Sep 7 2023 Remi Collet - 7.0.13-1 - Upstream 7.0.13 release -------------------------------------------------------------------------------- References: [ 1 ] Bug #2237826 - CVE-2023-41053 redis: Redis SORT_RO may bypass ACL configuration https://bugzilla.redhat.com/show_bug.cgi?id=2237826 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-03422cb8de' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Sep 16, 2023 •Critical Fedora 
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!