[CLSA-2025:1765903458] Fix CVE(s): CVE-2024-31449, CVE-2025-46818

Type:

security

Severity:

Important

Release date:

2025-12-16 16:44:21 UTC

Description:

   * SECURITY UPDATE: integer overflow in Lua bit.tohex function
     - debian/patches/0026-CVE-2024-31449.patch: Fix integer overflow in
       lua_bit.c when INT_MIN is passed as second argument
     - CVE-2024-31449
   * SECURITY UPDATE: lua script execution in wrong user context
     - debian/patches/0027-CVE-2025-46818.patch: Remove unsafe Lua functions
       (getfenv, setfenv, newproxy) and protect basic type metatables
     - CVE-2025-46818

Updated packages:

redis6_6.0.16-1~bookworm+tuxcare.els2_all.deb
sha:b0d644c55ca9abaec67ea842922893062db6d2a6
redis6-sentinel_6.0.16-1~bookworm+tuxcare.els2_amd64.deb
sha:e713027cd7b309a6d69d58745a586fc72739be48
redis6-server_6.0.16-1~bookworm+tuxcare.els2_amd64.deb
sha:da9dd01f815157353c058ccdb9b6e3431ff24dca
redis6-tools_6.0.16-1~bookworm+tuxcare.els2_amd64.deb
sha:6f035fc59acfaf309cd36b261858e4896f9e6197

Notes:

This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.