Stay Secure with the Latest Linux Advisories

security advisorydenial of servicefedora

Fedora 44 Valkey 9.0.3 Critical RESP Injection and DoS Security Advisory

Valkey 9.0.3 - February 23, 2026 Upgrade urgency SECURITY: This release includes security fixes we recommend you apply as soon as possible. Security fixes (CVE-2025-67733) RESP Protocol Injection via Lua error_reply. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-ca1077dd2e 2026-03-07 00:17:58.502085+00:00 -------------------------------------------------------------------------------- Name : valkey Product : Fedora 44 Version : 9.0.3 Release : 1.fc44 URL : https://valkey.io Summary : A persistent key-value database Description : Valkey is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing set intersection, union and difference; or getting the member with highest ranking in a sorted set. In order to achieve its outstanding performance, Valkey works with an in-memory dataset. Depending on your use case, you can persist it either by dumping the dataset to disk every once in a while, or by appending each command to a log. Valkey also supports trivial-to-setup master-slave replication, with very fast non-blocking first synchronization, auto-reconnection on net split and so forth. Other features include Transactions, Pub/Sub, Lua scripting, Keys with a limited time-to-live, and configuration settings to make Valkey behave like a cache. You can use Valkey from most programming languages also. See https://valkey.io/topics/ -------------------------------------------------------------------------------- Update Information: Valkey 9.0.3 - February 23, 2026 Upgrade urgency SECURITY: This release includes security fixes we recommend you apply as soon as possible. Security fixes (CVE-2025-67733) RESP Protocol Injection via Luaerror_reply (CVE-2026-21863) Remote DoS with malformed Valkey Cluster bus message (CVE-2026-27623) Reset request type after handling empty requests Bug fixes Avoids crash during MODULE UNLOAD when ACL rules reference a module command and subcommand (#3160) Fix server assert on ACL LOAD when current user loses permission to channels (#3182) Fix bug causing no response flush sometimes when IO threads are busy (#3205) -------------------------------------------------------------------------------- ChangeLog: * Tue Feb 24 2026 Remi Collet - 9.0.3-1 - Valkey 9.0.3 - February 23, 2026 - Upgrade urgency SECURITY: This release includes security fixes -------------------------------------------------------------------------------- References: [ 1 ] Bug #2442220 - CVE-2025-67733 valkey: Valkey: Data tampering and denial of service via improper null character handling in Lua scripts [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2442220 [ 2 ] Bug #2442222 - CVE-2026-27623 valkey: Valkey: Denial of Service via specially crafted network requests [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2442222 [ 3 ] Bug #2442231 - CVE-2026-21863 valkey: Valkey: Denial of Service via invalid clusterbus packet [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2442231 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-ca1077dd2e' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list-- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Focusing on security fixes for Fedora's Valkey 9.0.3, this advisory addresses critical injections and DoS threats.. Fedora security updates, Valkey 9.0.3, DoS threats, RESP Protocol, security fixes. . Severity: Critical. LinuxSecurity.com Team

Mar 07, 2026 •Critical Fedora