Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 496
Alerts This Week
Warning Icon 1 496

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 170 articles for you...
197

Debian LTS Redis Remote Code Execution Issues DLA-4682-1

It was discovered that there were two issues in Redis, the in-memory key/value database: CVE-2026-23631 An authenticated attacker could have exploited the master-replica synchronization mechanism to trigger a use-after-free on replicas. Debian LTS Advisory DLA-4682-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Chris Lamb July 13, 2026 https://wiki.debian.org/LTS Package : redis Version : 5:7.0.15-1~deb12u8 CVE ID : CVE-2026-23631 CVE-2026-25243 It was discovered that there were two issues in Redis, the in-memory key/value database: CVE-2026-23631 An authenticated attacker could have exploited the master-replica synchronization mechanism to trigger a use-after-free on replicas where "replica-read-only" is disabled (or could be disabled), which may have led to remote code execution. Installations that prevent users from executing Lua scripts were unaffected. CVE-2026-25243 The RESTORE command did not properly validate serialized values. An authenticated attacker with permission to execute RESTORE could have suppled a crafted serialized payload that triggers invalid memory access and this could have led to remote code execution. For Debian 12 bookworm, these problems have been fixed in version 5:7.0.15-1~deb12u8. We recommend that you upgrade your redis packages. For the detailed security status of redis please refer to its security tracker page at: https://security-tracker.debian.org/tracker/redis Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Redis for Debian LTS updated to fix two critical issues that could lead to remote code execution if exploited. Upgrade recommended.. Debian LTS, Redis security, Debian advisory, remote code execution. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jul 13, 2026 Important Debian LTS
217

Oracle Linux 9 Redis Important Update CVE-2026-25243 ELSA-2026-23229

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-23229 http://linux.oracle.com/errata/ELSA-2026-23229.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: redis-6.2.22-1.el9_8.x86_64.rpm redis-devel-6.2.22-1.el9_8.i686.rpm redis-devel-6.2.22-1.el9_8.x86_64.rpm redis-doc-6.2.22-1.el9_8.noarch.rpm aarch64: redis-6.2.22-1.el9_8.aarch64.rpm redis-devel-6.2.22-1.el9_8.aarch64.rpm redis-doc-6.2.22-1.el9_8.noarch.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates/redis-6.2.22-1.el9_8.src.rpm Related CVEs: CVE-2026-25243 Description of changes: [6.2.22-1] - rebase to 6.2.22 for CVE-2026-25243 _______________________________________________ El-errata mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. https://oss.oracle.com/mailman/listinfo/el-errata . Updated RPMs for Oracle Linux 9 include important security fixes for Redis, addressing CVE-2026-25243.. Oracle Linux, Security Advisory, Redis Update, CVE-2026-25243. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jun 26, 2026 Important Oracle
217

Oracle Linux 9 Redis Important Security Advisory ELSA-2026-25219

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-25219 http://linux.oracle.com/errata/ELSA-2026-25219.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: redis-7.2.14-1.0.1.module+el9.8.0+90920+b17784e3.x86_64.rpm redis-devel-7.2.14-1.0.1.module+el9.8.0+90920+b17784e3.x86_64.rpm redis-doc-7.2.14-1.0.1.module+el9.8.0+90920+b17784e3.noarch.rpm aarch64: redis-7.2.14-1.0.1.module+el9.8.0+90920+b17784e3.aarch64.rpm redis-devel-7.2.14-1.0.1.module+el9.8.0+90920+b17784e3.aarch64.rpm redis-doc-7.2.14-1.0.1.module+el9.8.0+90920+b17784e3.noarch.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates/redis-7.2.14-1.0.1.module+el9.8.0+90920+b17784e3.src.rpm Related CVEs: CVE-2026-23479 CVE-2026-23631 CVE-2026-25243 Description of changes: [7.2.14-1.0.1] - Build with 64k pages to support redis on UEK on aarch64 [7.2.14-1] - rebase to 7.2.14 for CVE-2026-23479 CVE-2026-25243 CVE-2026-23631 _______________________________________________ El-errata mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. https://oss.oracle.com/mailman/listinfo/el-errata . Critical updates for Oracle Linux 9 addressing important security issues in Redis packages to enhance system integrity.. Oracle Linux, Redis, security updates, system integrity, important advisory. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jun 25, 2026 Important Oracle
217

Oracle Linux 8 Redis Important Update CVE-2026-25243 ELSA-2026-26008

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-26008 http://linux.oracle.com/errata/ELSA-2026-26008.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: redis-6.2.22-1.0.1.module+el8.10.0+90916+da0c6127.x86_64.rpm redis-devel-6.2.22-1.0.1.module+el8.10.0+90916+da0c6127.x86_64.rpm redis-doc-6.2.22-1.0.1.module+el8.10.0+90916+da0c6127.noarch.rpm aarch64: redis-6.2.22-1.0.1.module+el8.10.0+90916+da0c6127.aarch64.rpm redis-devel-6.2.22-1.0.1.module+el8.10.0+90916+da0c6127.aarch64.rpm redis-doc-6.2.22-1.0.1.module+el8.10.0+90916+da0c6127.noarch.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates/redis-6.2.22-1.0.1.module+el8.10.0+90916+da0c6127.src.rpm Related CVEs: CVE-2026-25243 Description of changes: [6.2.22-1.0.1] - Build with 64k pages to support redis on both UEK6 and UEK7 on aarch64 [6.2.22-1] - rebase to 6.2.22 for CVE-2026-25243 _______________________________________________ El-errata mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. https://oss.oracle.com/mailman/listinfo/el-errata . Oracle Linux 8 Redis Important Security Advisory ELSA-2026-26008 with update details and CVE-2026-25243.. Oracle Linux Redis Security Advisory Important. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jun 23, 2026 Important Oracle
89

Fedora 44 Coturn Memory Leak Fix and Format-String Advisory 2026-3b3139882c

Coturn 4.11.0 Fix prometheus response memory leak introduced in 4.10.0 Use constant-time compare for STUN MESSAGE-INTEGRITY HMAC Fix format-string injection in Redis DB driver Abort on malformed allowed/denied-peer-ip at startup. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-3b3139882c 2026-05-18 00:40:49.529034+00:00 -------------------------------------------------------------------------------- Name : coturn Product : Fedora 44 Version : 4.11.0 Release : 1.fc44 URL : https://github.com/coturn/coturn/ Summary : TURN/STUN & ICE Server Description : The Coturn TURN Server is a VoIP media traffic NAT traversal server and gateway. It can be used as a general-purpose network traffic TURN server/gateway, too. This implementation also includes some extra features. Supported RFCs: TURN specs: - RFC 5766 - base TURN specs - RFC 6062 - TCP relaying TURN extension - RFC 6156 - IPv6 extension for TURN - Experimental DTLS support as client protocol. STUN specs: - RFC 3489 - "classic" STUN - RFC 5389 - base "new" STUN specs - RFC 5769 - test vectors for STUN protocol testing - RFC 5780 - NAT behavior discovery support The implementation fully supports the following client-to-TURN-server protocols: - UDP (per RFC 5766) - TCP (per RFC 5766 and RFC 6062) - TLS (per RFC 5766 and RFC 6062); TLS1.0/TLS1.1/TLS1.2 - DTLS (experimental non-standard feature) Supported relay protocols: - UDP (per RFC 5766) - TCP (per RFC 6062) Supported user databases (for user repository, with passwords or keys, if authentication is required): - SQLite - MySQL - PostgreSQL - Redis Redis can also be used for status and statistics storage and notification. Supported TURN authentication mechanisms: - long-term - TURN REST API (a modification of the long-term mechanism, for time-limited secret-based authentication, for WebRTC applications) The load balancing can be implemented withthe following tools (either one or a combination of them): - network load-balancer server - DNS-based load balancing - built-in ALTERNATE-SERVER mechanism. -------------------------------------------------------------------------------- Update Information: Coturn 4.11.0 Fix prometheus response memory leak introduced in 4.10.0 Use constant-time compare for STUN MESSAGE-INTEGRITY HMAC Fix format-string injection in Redis DB driver Abort on malformed allowed/denied-peer-ip at startup Pin session origin only after MESSAGE-INTEGRITY validates Fix build failure: define _GNU_SOURCE for recvmmsg() on Linux Drop udp_relay_servers_number config and clean up dead UDP id-space Add Unity-based unit test scaffolding Delete log line per relay thread on start Out of bound HTTP detection in parser Extend STUN client fuzz builder coverage Extend fuzzing coverage and enable local fuzzing in a container Cover all public stun_buffer.c wrappers in FuzzStunClient HTTP parsing fixes Unblock fuzz coverage for is_http and rare STUN attributes Seed address-mapping table in fuzz initializer Add deterministic challenge-response builder to FuzzStun Add fuzz coverage for integrity helpers Hoist turn_server_get_engine() out of per-packet hot path Inline addr_cpy() in the header Trim two redundant checks from per-packet relay hot path Inline get_ioa_addr_len() in the header Cache hot lookups in TURN data-path handlers Load generator mode in turnutils_uclient Filc harness and pointer typedefs -------------------------------------------------------------------------------- ChangeLog: * Sat May 9 2026 Robert Scheck - 4.11.0-1 - Upgrade to 4.11.0 (#2466643) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2466643 - coturn-4.11.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2466643 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program.Use su -c 'dnf upgrade --advisory FEDORA-2026-3b3139882c' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Fix for Coturn 4.11.0 includes addressing memory leak and security improvements for Redis handling.. Coturn Update, Fedora Security, Redis Injection, VoIP NAT Traversal, TURN Server Fixes. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 May 18, 2026 Critical Fedora
87

Debian DSA-6279-1 Redis Important CVE-2025-67733 DoS Risk

Brief introduction CVE-2025-67733 A flaw in the Lua scripting error path allowed an authenticated user to embed CR/LF byte sequences in an error reply produced via redis.error_reply() or the Lua error() function. Because RESP uses. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6279-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Aron Xu May 17, 2026 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : redis CVE ID : CVE-2025-67733 CVE-2026-21863 Debian Bug : Brief introduction CVE-2025-67733 A flaw in the Lua scripting error path allowed an authenticated user to embed CR/LF byte sequences in an error reply produced via redis.error_reply() or the Lua error() function. Because RESP uses CRLF as a frame delimiter, an injected sequence could be interpreted by the client as the start of an unrelated reply, allowing an attacker to inject arbitrary content into the response stream and tamper with data read by other commands on the same connection. CVE-2026-21863 The cluster bus packet validation in clusterProcessPacket() did not verify that the gossip-section count and per-extension header declared by an incoming PING, PONG or MEET message actually fit within the received packet. A peer with access to the cluster bus port could send a specially crafted message whose declared lengths exceed the packet size, causing the server to read out of bounds and potentially crash, resulting in a denial of service. For the oldstable distribution (bookworm), these problems have been fixed in version 5:7.0.15-1~deb12u7. For the stable distribution (trixie), these problems have been fixed in version 8.0.2-3+deb13u2. We recommend that you upgrade your redis packages. For the detailed security status of redis please refer to its securitytracker page at: https://security-tracker.debian.org/tracker/redis Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . A denial of service and injection risk in redis affects Debian users, requiring immediate updates for security.. Redis Security, Debian Redis Advisory, DoS Threat, CVE-2025-67733, Redis Update. . Severity: Important. LinuxSecurity.com Team

Calendar%202 May 17, 2026 Important Debian
203

Mageia 9 Redis Medium Remote Code Execution Vulnerabilities MGASA-2026-0134

MGASA-2026-0134 - Updated redis packages fix security vulnerabilities. MGASA-2026-0134 - Updated redis packages fix security vulnerabilities Publication date: 14 May 2026 URL: https://advisories.mageia.org/MGASA-2026-0134.html Type: security Affected Mageia releases: 9 CVE: CVE-2026-23479, CVE-2026-23631, CVE-2026-25243, CVE-2026-25588, CVE-2026-25589 Description: (CVE-2026-23479) Use-After-Free in unblock client flow may lead to Remote Code Execution. (CVE-2026-25243) Invalid memory access in RESTORE may lead to Remote Code Execution (CVE-2026-23631) Lua Use-After-Free may lead to remote code execution A user can manipulate data read by a connection by injecting \r\n sequences into a Redis error reply References: - https://bugs.mageia.org/show_bug.cgi?id=35514 - https://lists.opensuse.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./message/CVOEZ7I2TIPXYBFA4UYY5GI5Q4VOAD7C/ - https://github.com/redis/redis/releases/tag/7.2.13 - https://github.com/redis/redis/releases/tag/7.2.14 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23479 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23631 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25243 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25588 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25589 SRPMS: - 9/core/redis-7.2.14-1.mga9 . Updated redis packages for Mageia resolve multiple security flaws leading to remote code execution. Critical patches encouraged.. Mageia redis security patches, remote execution flaws, Redis vulnerabilities. . Severity: Medium. LinuxSecurity.com Team

Calendar%202 May 14, 2026 Medium Mageia
202

openSUSE Tumbleweed redis Moderate Security Issue 10711-1

An update that solves 5 vulnerabilities can now be installed.. # redis-8.6.3-1.1 on GA media Announcement ID: openSUSE-SU-2026:10711-1 Rating: moderate Cross-References: * CVE-2026-23479 * CVE-2026-23631 * CVE-2026-25243 * CVE-2026-25588 * CVE-2026-25589 CVSS scores: * CVE-2026-23479 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23479 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-23631 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23631 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-25243 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-25243 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-25588 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-25588 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-25589 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-25589 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Affected Products: * openSUSE Tumbleweed An update that solves 5 vulnerabilities can now be installed. ## Description: These are all security issues fixed in the redis-8.6.3-1.1 package on the GA media of openSUSE Tumbleweed. ## Package List: * openSUSE Tumbleweed: * redis 8.6.3-1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-23479.html * https://www.suse.com/security/cve/CVE-2026-23631.html * https://www.suse.com/security/cve/CVE-2026-25243.html * https://www.suse.com/security/cve/CVE-2026-25588.html * https://www.suse.com/security/cve/CVE-2026-25589.html . An update for openSUSE addresses five important vulnerabilities in redis-8.6.3-1.1, enhancing system security.. redis security fixes, openSUSE redisvulnerabilities, security patches for redis. . LinuxSecurity.com Team

Calendar%202 May 09, 2026 OpenSUSE
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200