Release date:
2026-05-25 13:15:02 UTC
Description:
* SECURITY UPDATE: Use-after-free via Lua script during fullsync on replica
- debian/patches/CVE-2026-23631.patch: delay fullsync processing in
readSyncBulkPayload until any running timed-out script finishes
- CVE-2026-23631
* SECURITY UPDATE: Invalid memory access in RESTORE command
- debian/patches/CVE-2026-25243.patch: fix double-free in rdbLoadObject
hash-zipmap dup-check and consumer-PEL error path, harden sds overflow
handling, and add missing length-encoding sanity checks in
zipmapValidateIntegrity
- CVE-2026-25243
Updated packages:
-
redis7_7.0.15-1~bookworm+tuxcare.els3_all.deb
sha:3f08ba056111afecbb3cf533802e7ce66dac3213
-
redis7-sentinel_7.0.15-1~bookworm+tuxcare.els3_amd64.deb
sha:52bb0f885f1f9528a57b0eba196442cde63a4a68
-
redis7-server_7.0.15-1~bookworm+tuxcare.els3_amd64.deb
sha:7c106ebc778aa922c8f14d09fb6951ac03983699
-
redis7-tools_7.0.15-1~bookworm+tuxcare.els3_amd64.deb
sha:e4156ceb6e58321bcfd8acd49ff86ddd7952ceb5
-
redis7_7.0.15-1~bookworm+tuxcare.els3_all.deb
sha:3f08ba056111afecbb3cf533802e7ce66dac3213
-
redis7-sentinel_7.0.15-1~bookworm+tuxcare.els3_arm64.deb
sha:d9b4d40b2bd62c54de319a4900bbdb8155d8692b
-
redis7-server_7.0.15-1~bookworm+tuxcare.els3_arm64.deb
sha:af4919504137b54ca4285317dd9ed023b871bd63
-
redis7-tools_7.0.15-1~bookworm+tuxcare.els3_arm64.deb
sha:99d479b76b0bb738261de939a74c517eb81fb305
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
