[SECURITY] [DSA 6020-1] redis security update

To: debian-security-announce@lists.debian.org
Subject: [SECURITY] [DSA 6020-1] redis security update
From: Moritz Muehlenhoff <jmm@debian.org>
Date: Wed, 8 Oct 2025 18:19:11 +0000
Message-id: <[🔎] aOarHw-WSZH-O9zf@seger.debian.org>
Reply-to: debian-security-announce-request@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-6020-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
October 08, 2025                      https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : redis
CVE ID         : CVE-2025-46817 CVE-2025-46818 CVE-2025-46819 CVE-2025-49844

Multiple security issues were discovered in the Lua scripting interface
of Redis, a persistent key-value database, which could result in the
execution of arbitrary code or denial of service.

For the oldstable distribution (bookworm), these problems have been fixed
in version 5:7.0.15-1~deb12u6.

For the stable distribution (trixie), these problems have been fixed in
version 5:8.0.2-3+deb13u1.

We recommend that you upgrade your redis packages.

For the detailed security status of redis please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/redis

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmjmqmUACgkQEMKTtsN8
TjaY+g//VPLjh+VVX+QdKTRilOFdZKg5KOkPb47XonS5NzKIBQc7vHmOW8DghO45
IeUAFxucQwD0r3neASoYPsv0xFZUnQZQ3z6jQpOyimL39TlbrCJ15cKZKqPSFfkv
0h0LSfExODriT+wmcPtPSmumRuS/Kpz0s4gUXwtNhgF4QeShJlIF+fMuIP0TZODN
iPdTsNpAxPZ/+ha+xZ4GhRn9pxOLPBfnVuxqZbq6UgFfyrRfBfOZzmm1fD3VfBwT
C7D1lgZarUMtx7AMHpeUzQOrNLPhcMOUDFrcKXbS7o2xf2yUoKMXI30M05Mn3FTw
KGIwJmcV2GLGFhW1NzptrsOnWfRdh2Te3EDIziwnXrAqjYLsrBo6GYtNvf0ONcBJ
AO6SL1mPlJowDTHxnQ5xX/lecPXVo6lWV+ceI4NjAh9WzU7imXYailiYEiyHw79/
qLACg+A7y7MTG2LiOh1bUhK5MQdgUejwZoc/PzjrJS6nuPocEZA/i4wb105sqzdS
edGRanQqA9RIJOP96Zf08hnaTK29CxyhzTDTcWLTRzbnzUTFFx1KJf2i187j1smk
jfZvlP5MbnjTrOMr/ozcBJHgvo1trTAqBXvzSPUbi7TwUzK/IUUNsDnoNzEUlDEE
aMTjybLr6ccsViH6YseDrfGjUh4UMDFMFNUJcqnlc7QGnl46ZhY=
=DNII
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DSA 6019-1] dovecot security update
Previous by thread: [SECURITY] [DSA 6019-1] dovecot security update
Index(es):
- Date
- Thread