redis-6.2.19-1.el9_6
エラータID: AXSA:2025-10646:03
リリース日:
2025/07/30 Wednesday - 10:33
題名:
redis-6.2.19-1.el9_6
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- Redis には、ヒープ領域およびスタック領域への範囲外書き込みの
問題があるため、リモートの攻撃者により、リモートコード実行を可能
とする脆弱性が存在します。 (CVE-2025-32023)
- Redis には、リソースの制限を実施していない問題があるため、
リモートの攻撃者により、サービス拒否攻撃 (リソース枯渇) を
可能とする脆弱性が存在します。(CVE-2025-48367)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2025-32023
Redis is an open source, in-memory database that persists on disk. From 2.8 to before 8.0.3, 7.4.5, 7.2.10, and 6.2.19, an authenticated user may use a specially crafted string to trigger a stack/heap out of bounds write on hyperloglog operations, potentially leading to remote code execution. The bug likely affects all Redis versions with hyperloglog operations implemented. This vulnerability is fixed in 8.0.3, 7.4.5, 7.2.10, and 6.2.19. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from executing hyperloglog operations. This can be done using ACL to restrict HLL commands.
Redis is an open source, in-memory database that persists on disk. From 2.8 to before 8.0.3, 7.4.5, 7.2.10, and 6.2.19, an authenticated user may use a specially crafted string to trigger a stack/heap out of bounds write on hyperloglog operations, potentially leading to remote code execution. The bug likely affects all Redis versions with hyperloglog operations implemented. This vulnerability is fixed in 8.0.3, 7.4.5, 7.2.10, and 6.2.19. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from executing hyperloglog operations. This can be done using ACL to restrict HLL commands.
CVE-2025-48367
Redis is an open source, in-memory database that persists on disk. An unauthenticated connection can cause repeated IP protocol errors, leading to client starvation and, ultimately, a denial of service. This vulnerability is fixed in 8.0.3, 7.4.5, 7.2.10, and 6.2.19.
Redis is an open source, in-memory database that persists on disk. An unauthenticated connection can cause repeated IP protocol errors, leading to client starvation and, ultimately, a denial of service. This vulnerability is fixed in 8.0.3, 7.4.5, 7.2.10, and 6.2.19.
追加情報:
N/A
ダウンロード:
SRPMS
- redis-6.2.19-1.el9_6.src.rpm
MD5: 674b43ca88c295279778db245e1d414c
SHA-256: 3d248e59440e4546a0741af8e0901aed9d441e6aa297dde613a24d7dd24fcd62
Size: 3.01 MB
Asianux Server 9 for x86_64
- redis-6.2.19-1.el9_6.x86_64.rpm
MD5: 4a9aa4f22ab5ab1dfda56d40e2f748d8
SHA-256: ceb43cd48a86619dd0aec247507e3ae2b08311c128dd4778dcab69b2629cd210
Size: 1.30 MB - redis-devel-6.2.19-1.el9_6.i686.rpm
MD5: 75e1a73d92904fd326934ead4693904e
SHA-256: 91dc159860033d7792aceee7373431facf8ccd83745d384834a58ad5ef7faf10
Size: 18.82 kB - redis-devel-6.2.19-1.el9_6.x86_64.rpm
MD5: aec3f2e6d921546ec40f18fd601b2384
SHA-256: b1d5052eb903b2b64b41782806f3678220d568c9d9d07bba9c433f0c49b37399
Size: 18.79 kB - redis-doc-6.2.19-1.el9_6.noarch.rpm
MD5: 11146d93751c4186486991c82313524c
SHA-256: 62d02a379babe3cff3ae68b8007237da714d4e3a0bee80f43c0f8f25125fd2ea
Size: 548.99 kB
English