Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -5 articles for you...
91
security advisoryGentooarbitrary code executionGentoo: redict, redis High Risk Multiple Vulnerabilities GLSA-202511-05
Multiple vulnerabilities have been discovered in redis and redict, the worst of which could lead to execution of arbitrary code.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202511-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: redict, redis: Multiple Vulnerabilities Date: November 24, 2025 Bugs: #940609, #947749, #954265, #959657 ID: 202511-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been discovered in redis and redict, the worst of which could lead to execution of arbitrary code. Background ========== Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache and message broker. Affected packages ================= Package Vulnerable Unaffected ------------- ------------ ------------ dev-db/redict < 7.3.5 > = 7.3.5 dev-db/redis < 8.0.3 > = 8.0.3 Description =========== Multiple vulnerabilities have been discovered in Redis. Please review the CVE identifiers referenced below for details. Impact ====== Please review the referenced CVE identifiers for details. Workaround ========== There is no known workaround at this time. Resolution ========== All Redis users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =dev-db/redis-8.0.3" All Redict users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =dev-db/redict-7.3.5" References ========== [ 1 ] CVE-2024-31227 https://nvd.nist.gov/vuln/detail/CVE-2024-31227 [ 2 ] CVE-2024-31228 https://nvd.nist.gov/vuln/detail/CVE-2024-31228 [ 3 ] CVE-2024-31449 https://nvd.nist.gov/vuln/detail/CVE-2024-31449 [ 4 ] CVE-2024-46981 https://nvd.nist.gov/vuln/detail/CVE-2024-46981 [ 5 ] CVE-2024-51741 https://nvd.nist.gov/vuln/detail/CVE-2024-51741 [ 6 ] CVE-2025-21605 https://nvd.nist.gov/vuln/detail/CVE-2025-21605 [ 7 ] CVE-2025-32023 https://nvd.nist.gov/vuln/detail/CVE-2025-32023 [ 8 ] CVE-2025-48367 https://nvd.nist.gov/vuln/detail/CVE-2025-48367 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202511-05 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to
Nov 24, 2025
•Critical
Gentoo
172
security advisorycriticalremote code executionUbuntu 25.10 Redict Critical Remote Code Execution Risk USN-7824-2
Redict could be made to crash or run programs if it received specially crafted network traffic from an authenticated user.. ========================================================================== Ubuntu Security Notice USN-7824-2 October 16, 2025 redict vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 25.10 - Ubuntu 25.04 Summary: Redict could be made to crash or run programs if it received specially crafted network traffic from an authenticated user. Software Description: - redict: Distributed key/value store Details: USN-7824-1 fixed several vulnerabilities in Redis. This update provides the corresponding update for Redict - a fork of Redis. Original advisory details: Benny Isaacs, Nir Brakha, and Sagi Tzadik discovered that Redis incorrectly handled memory when running Lua scripts. An authenticated attacker could use this vulnerability to trigger a use-after-free condition, and potentially achieve remote code execution on the Redis server. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 25.10 redict 7.3.5+ds-1ubuntu0.1 redict-sentinel 7.3.5+ds-1ubuntu0.1 redict-server 7.3.5+ds-1ubuntu0.1 redict-tools 7.3.5+ds-1ubuntu0.1 Ubuntu 25.04 redict 7.3.2+ds-1ubuntu0.1 redict-sentinel 7.3.2+ds-1ubuntu0.1 redict-server 7.3.2+ds-1ubuntu0.1 redict-tools 7.3.2+ds-1ubuntu0.1 After a standard system update you need to restart Redict to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7824-2 https://ubuntu.com/security/notices/USN-7824-1 CVE-2025-49844 Package Information: https://launchpad.net/ubuntu/+source/redict/7.3.5+ds-1ubuntu0.1 https://launchpad.net/ubuntu/+source/redict/7.3.2+ds-1ubuntu0.1 .Redict for Ubuntu could crash or execute commands due to crafted network traffic from authenticated users. Immediate update is recommended.. redict Ubuntu security update, remote code execution risk, network traffic vulnerabilities. . Severity: Critical. LinuxSecurity.com Team
Oct 16, 2025
•Critical
Ubuntu
89
security advisoryupdatebuffer overflowFedora 40: 2025-282df7372b critical: redict buffer overflow
update to 7.3.2 fixes CVE-2024-46981 fixes CVE-2024-51741 fixes CVE-2024-31449 fixes CVE-2024-31227. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-282df7372b 2025-01-17 01:35:26.873184+00:00 -------------------------------------------------------------------------------- Name : redict Product : Fedora 40 Version : 7.3.2 Release : 1.fc40 URL : https://redict.io Summary : A persistent key-value database Description : Redict is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing set intersection, union and difference; or getting the member with highest ranking in a sorted set. In order to achieve its outstanding performance, Redict works with an in-memory dataset. Depending on your use case, you can persist it either by dumping the dataset to disk every once in a while, or by appending each command to a log. Redict also supports trivial-to-setup master-slave replication, with very fast non-blocking first synchronization, auto-reconnection on net split and so forth. Other features include Transactions, Pub/Sub, Lua scripting, Keys with a limited time-to-live, and configuration settings to make Redict behave like a cache. You can use Redict from most programming languages also. -------------------------------------------------------------------------------- Update Information: update to 7.3.2 fixes CVE-2024-46981 fixes CVE-2024-51741 fixes CVE-2024-31449 fixes CVE-2024-31227 fixes CVE-2024-31228 -------------------------------------------------------------------------------- ChangeLog: * Wed Jan 8 2025 Jonathan Wright - 7.3.2-1 - update to 7.3.2 rhbz#2315906 fixes CVE-2024-46981 fixes CVE-2024-51741 fixes CVE-2024-31449 fixes CVE-2024-31227 fixes CVE-2024-31228 * Fri Jul 19 2024 Fedora Release Engineering - 7.3.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-282df7372b' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Jan 17, 2025
•Critical
Fedora
89
security advisoryupdatecriticalFedora 41 redict update 2025-d6c0319427 critical: multiple CVE fixes
update to 7.3.2 fixes CVE-2024-46981 fixes CVE-2024-51741 fixes CVE-2024-31449 fixes CVE-2024-31227. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-d6c0319427 2025-01-17 01:25:27.857344+00:00 -------------------------------------------------------------------------------- Name : redict Product : Fedora 41 Version : 7.3.2 Release : 1.fc41 URL : https://redict.io Summary : A persistent key-value database Description : Redict is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing set intersection, union and difference; or getting the member with highest ranking in a sorted set. In order to achieve its outstanding performance, Redict works with an in-memory dataset. Depending on your use case, you can persist it either by dumping the dataset to disk every once in a while, or by appending each command to a log. Redict also supports trivial-to-setup master-slave replication, with very fast non-blocking first synchronization, auto-reconnection on net split and so forth. Other features include Transactions, Pub/Sub, Lua scripting, Keys with a limited time-to-live, and configuration settings to make Redict behave like a cache. You can use Redict from most programming languages also. -------------------------------------------------------------------------------- Update Information: update to 7.3.2 fixes CVE-2024-46981 fixes CVE-2024-51741 fixes CVE-2024-31449 fixes CVE-2024-31227 fixes CVE-2024-31228 -------------------------------------------------------------------------------- ChangeLog: * Wed Jan 8 2025 Jonathan Wright - 7.3.2-1 - update to 7.3.2 rhbz#2315906 fixes CVE-2024-46981 fixes CVE-2024-51741 fixes CVE-2024-31449 fixes CVE-2024-31227 fixes CVE-2024-31228 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-d6c0319427' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Jan 17, 2025
•Critical
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!