Release date:
2026-05-21 09:36:05 UTC
Description:
* SECURITY UPDATE: Invalid memory access in RESTORE command allows
authenticated attacker to trigger heap corruption via crafted payload
- debian/patches/CVE-2026-25243.patch: protect _sdsnewlen trymalloc
path against size_t overflow, add length-encoding sanity checks in
zipmapValidateIntegrity, fix ziplist leak and stream NACK double-free
in rdbLoadObject error paths
- CVE-2026-25243
Updated packages:
-
redis6.2_6.2.21-1~bookworm+tuxcare.els4_all.deb
sha:ae722984554f48927b8edc8953b3c6223dc5199f
-
redis6.2-sentinel_6.2.21-1~bookworm+tuxcare.els4_amd64.deb
sha:ba69d12f553bd93177e66a8fb3ca3fb2287199eb
-
redis6.2-server_6.2.21-1~bookworm+tuxcare.els4_amd64.deb
sha:4efa7b61d151d1032309833aa16c9e6cf554e3f5
-
redis6.2-tools_6.2.21-1~bookworm+tuxcare.els4_amd64.deb
sha:ffb92799983a25ce551f6fbf3ce67eef139fdf77
-
redis6.2_6.2.21-1~bookworm+tuxcare.els4_all.deb
sha:ae722984554f48927b8edc8953b3c6223dc5199f
-
redis6.2-sentinel_6.2.21-1~bookworm+tuxcare.els4_arm64.deb
sha:512bd433660ec3c51a0e1cf6134c365d9542795c
-
redis6.2-server_6.2.21-1~bookworm+tuxcare.els4_arm64.deb
sha:851ef5dde62367a6c2fe836b6a25a2e2ddbcfb41
-
redis6.2-tools_6.2.21-1~bookworm+tuxcare.els4_arm64.deb
sha:57dadf616a3e0939bbea192fb72e4a99de5e1220
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
