Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -6 articles for you...
89
security advisoryFedorasecurity fixFedora 41: valkey 8.0.3 security fix advisory for CVE-2025-21605
Valkey 8.0.3 - Released Wed 23 Apr 2025 Upgrade urgency SECURITY: This release includes security fixes we recommend you apply as soon as possible. Bug fixes Optimize RDB load performance and fix cluster mode resizing on replica side. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-d191ee2f9a 2025-05-03 01:10:19.809477+00:00 -------------------------------------------------------------------------------- Name : valkey Product : Fedora 41 Version : 8.0.3 Release : 1.fc41 URL : https://valkey.io Summary : A persistent key-value database Description : Valkey is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing set intersection, union and difference; or getting the member with highest ranking in a sorted set. In order to achieve its outstanding performance, Valkey works with an in-memory dataset. Depending on your use case, you can persist it either by dumping the dataset to disk every once in a while, or by appending each command to a log. Valkey also supports trivial-to-setup master-slave replication, with very fast non-blocking first synchronization, auto-reconnection on net split and so forth. Other features include Transactions, Pub/Sub, Lua scripting, Keys with a limited time-to-live, and configuration settings to make Valkey behave like a cache. You can use Valkey from most programming languages also. -------------------------------------------------------------------------------- Update Information: Valkey 8.0.3 - Released Wed 23 Apr 2025 Upgrade urgency SECURITY: This release includes security fixes we recommend you apply as soon as possible. Bug fixes Optimize RDB load performance and fix cluster mode resizing onreplica side (#1199) Fix memory leak in forgotten node ping ext code path (#1574) Fix cluster info sent stats for message with light header (#1563) Fix module LatencyAddSample still work when latency-monitor-threshold is 0 (#1541) Fix potential crash in radix tree recompression of huge keys (#1722) Fix error "SSL routines::bad length" when connTLSWrite is called second time with smaller buffer (#1737) Fix temp file leak druing replication error handling (#1721) Fix ACL LOAD crash on replica since the primary client don't has a user (#1842) Fix RANDOMKEY infinite loop during CLIENT PAUSE (#1850) fix: add samples to stream object consumer trees (#1825) Fix cluster slot stats assertion during promotion of replica (#1950) Fix panic in primary when blocking shutdown after previous block with timeout (#1948) Ignore stale gossip packets that arrive out of order (#1777) Fix incorrect lag reported in XINFO GROUPS (#1952) Avoid shard id update of replica if not matching with primary shard id (#573) Security fixes CVE-2025-21605 Limit output buffer for unauthenticated clients (#1993) -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 24 2025 Remi Collet - 8.0.3-1 - update to 8.0.3 fixes CVE-2025-21605 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-d191ee2f9a' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
May 03, 2025
•Critical
Fedora
89
security advisoryfedorasecurity fixFedora 37: 2023-5b6510a584 Critical: Redis Authenticated Crash Issue
**Redis 7.0.11** Released Mon Apr 17 16:00:00 IST 2023 Upgrade urgency: SECURITY, contains fixes to security issues. Security Fixes: * (**CVE-2023-28856**) Authenticated users can use the HINCRBYFLOAT command to create an invalid hash field that will crash Redis on access Bug Fixes * Add a missing fsync of AOF file in rare cases (#11973) * Disconnect pub-sub. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2023-5b6510a584 2023-04-27 00:35:44.907244 --------------------------------------------------------------------------------Name : redis Product : Fedora 37 Version : 7.0.11 Release : 1.fc37 URL : https://redis.io Summary : A persistent key-value database Description : Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing set intersection, union and difference; or getting the member with highest ranking in a sorted set. In order to achieve its outstanding performance, Redis works with an in-memory dataset. Depending on your use case, you can persist it either by dumping the dataset to disk every once in a while, or by appending each command to a log. Redis also supports trivial-to-setup master-slave replication, with very fast non-blocking first synchronization, auto-reconnection on net split and so forth. Other features include Transactions, Pub/Sub, Lua scripting, Keys with a limited time-to-live, and configuration settings to make Redis behave like a cache. You can use Redis from most programming languages also. --------------------------------------------------------------------------------Update Information: **Redis 7.0.11** Released Mon Apr 17 16:00:00 IST 2023 Upgrade urgency: SECURITY, contains fixes to security issues. Security Fixes: * (**CVE-2023-28856**) Authenticated users can use the HINCRBYFLOAT command to create an invalid hash field that will crash Redis on access Bug Fixes * Add a missing fsync of AOF file in rare cases (#11973) * Disconnect pub-sub subscribers when revoking allchannels permission (#11992) --------------------------------------------------------------------------------ChangeLog: * Tue Apr 18 2023 Remi Collet - 7.0.11-1 - Upstream 7.0.11 release. --------------------------------------------------------------------------------References: [ 1 ] Bug #2187525 - CVE-2023-28856 redis: Insufficient validation of HINCRBYFLOAT command https://bugzilla.redhat.com/show_bug.cgi?id=2187525 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-5b6510a584' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Apr 27, 2023
•Critical
Fedora
89
security advisoryFedoraremote code executionFedora 34: FEDORA-2021-3b267a756c Critical: Redis Integer Overflow Exploit
**Redis 6.2.3** Released Mon May 3 19:00:00 IST 2021 Upgrade urgency: SECURITY, Contains fixes to security issues that affect authenticated client connections. LOW otherwise. Integer overflow in STRALGO LCS command (**CVE-2021-29477**): An integer overflow bug in Redis version 6.0 or newer could be exploited using the STRALGO LCS command to corrupt the heap and potentially result in remote code. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2021-3b267a756c 2021-05-12 05:41:31.252210 --------------------------------------------------------------------------------Name : redis Product : Fedora 34 Version : 6.2.3 Release : 1.fc34 URL : https://redis.io Summary : A persistent key-value database Description : Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing set intersection, union and difference; or getting the member with highest ranking in a sorted set. In order to achieve its outstanding performance, Redis works with an in-memory dataset. Depending on your use case, you can persist it either by dumping the dataset to disk every once in a while, or by appending each command to a log. Redis also supports trivial-to-setup master-slave replication, with very fast non-blocking first synchronization, auto-reconnection on net split and so forth. Other features include Transactions, Pub/Sub, Lua scripting, Keys with a limited time-to-live, and configuration settings to make Redis behave like a cache. You can use Redis from most programming languages also. --------------------------------------------------------------------------------Update Information: **Redis 6.2.3** Released Mon May 3 19:00:00 IST 2021 Upgrade urgency:SECURITY, Contains fixes to security issues that affect authenticated client connections. LOW otherwise. Integer overflow in STRALGO LCS command (**CVE-2021-29477**): An integer overflow bug in Redis version 6.0 or newer could be exploited using the STRALGO LCS command to corrupt the heap and potentially result in remote code execution. The integer overflow bug exists in all versions of Redis starting with 6.0. Integer overflow in COPY command for large intsets (**CVE-2021-29478**): An integer overflow bug in Redis 6.2 could be exploited to corrupt the heap and potentially result with remote code execution. The vulnerability involves changing the default set-max-intset-entries configuration value, creating a large set key that consists of integer values and using the COPY command to duplicate it. The integer overflow bug exists in all versions of Redis starting with 2.6, where it could result with a corrupted RDB or DUMP payload, but not exploited through COPY (which did not exist before 6.2). Bug fixes that are only applicable to previous releases of Redis 6.2: * Fix memory leak in moduleDefragGlobals (#8853) * Fix memory leak when doing lazy freeing client tracking table (#8822) * Block abusive replicas from sending command that could assert and crash redis (#8868) Other bug fixes: * Use a monotonic clock to check for Lua script timeout (#8812) * redis-cli: Do not use unix socket when we got redirected in cluster mode (#8870) Modules: * Fix RM_GetClusterNodeInfo() to correctly populate master id (#8846) --------------------------------------------------------------------------------ChangeLog: * Tue May 4 2021 Remi Collet - 6.2.3-1 - Upstream 6.2.3 release --------------------------------------------------------------------------------References: [ 1 ] Bug #1957410 - CVE-2021-29477 redis: Integer overflow via STRALGO LCS command https://bugzilla.redhat.com/show_bug.cgi?id=1957410 [ 2 ] Bug #1957414 - CVE-2021-29478 redis: Integer overflow via COPY commandfor large intsets https://bugzilla.redhat.com/show_bug.cgi?id=1957414 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2021-3b267a756c' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
May 12, 2021
•Critical
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!