redis-6.2.19-1.el9_6

エラータID: AXSA:2025-10646:03

Release date: 
Wednesday, July 30, 2025 - 10:33
Subject: 
redis-6.2.19-1.el9_6
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
High
Description: 

Redis is an advanced key-value store. It is often referred to as a
data-structure server since keys can contain strings, hashes, lists, sets, and
sorted sets. For performance, Redis works with an in-memory data set. You can
persist it either by dumping the data set to disk every once in a while, or by
appending each command to a log.

Security Fix(es):

redis: Redis Unauthenticated Denial of Service (CVE-2025-48367)
redis: Redis Hyperloglog Out-of-Bounds Write Vulnerability (CVE-2025-32023)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.

CVE(s):
CVE-2025-32023
CVE-2025-48367

Solution: 

Update packages.

CVEs: 
CVE-2025-32023
Redis is an open source, in-memory database that persists on disk. From 2.8 to before 8.0.3, 7.4.5, 7.2.10, and 6.2.19, an authenticated user may use a specially crafted string to trigger a stack/heap out of bounds write on hyperloglog operations, potentially leading to remote code execution. The bug likely affects all Redis versions with hyperloglog operations implemented. This vulnerability is fixed in 8.0.3, 7.4.5, 7.2.10, and 6.2.19. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from executing hyperloglog operations. This can be done using ACL to restrict HLL commands.
CVE-2025-48367
Redis is an open source, in-memory database that persists on disk. An unauthenticated connection can cause repeated IP protocol errors, leading to client starvation and, ultimately, a denial of service. This vulnerability is fixed in 8.0.3, 7.4.5, 7.2.10, and 6.2.19.
Additional Info: 

N/A

Download: 

SRPMS
  1. redis-6.2.19-1.el9_6.src.rpm
    MD5: 674b43ca88c295279778db245e1d414c
    SHA-256: 3d248e59440e4546a0741af8e0901aed9d441e6aa297dde613a24d7dd24fcd62
    Size: 3.01 MB

Asianux Server 9 for x86_64
  1. redis-6.2.19-1.el9_6.x86_64.rpm
    MD5: 4a9aa4f22ab5ab1dfda56d40e2f748d8
    SHA-256: ceb43cd48a86619dd0aec247507e3ae2b08311c128dd4778dcab69b2629cd210
    Size: 1.30 MB
  2. redis-devel-6.2.19-1.el9_6.i686.rpm
    MD5: 75e1a73d92904fd326934ead4693904e
    SHA-256: 91dc159860033d7792aceee7373431facf8ccd83745d384834a58ad5ef7faf10
    Size: 18.82 kB
  3. redis-devel-6.2.19-1.el9_6.x86_64.rpm
    MD5: aec3f2e6d921546ec40f18fd601b2384
    SHA-256: b1d5052eb903b2b64b41782806f3678220d568c9d9d07bba9c433f0c49b37399
    Size: 18.79 kB
  4. redis-doc-6.2.19-1.el9_6.noarch.rpm
    MD5: 11146d93751c4186486991c82313524c
    SHA-256: 62d02a379babe3cff3ae68b8007237da714d4e3a0bee80f43c0f8f25125fd2ea
    Size: 548.99 kB