[CLSA-2025:1765903533] Fix CVE(s): CVE-2024-31449, CVE-2025-46818

Type:

security

Severity:

Important

Release date:

2025-12-16 16:45:37 UTC

Description:

   * SECURITY UPDATE: integer overflow in Lua bit.tohex function
     - debian/patches/0026-CVE-2024-31449.patch: Fix integer overflow in
       lua_bit.c when INT_MIN is passed as second argument
     - CVE-2024-31449
   * SECURITY UPDATE: lua script execution in wrong user context
     - debian/patches/0027-CVE-2025-46818.patch: Remove unsafe Lua functions
       (getfenv, setfenv, newproxy) and protect basic type metatables
     - CVE-2025-46818

Updated packages:

redis6_6.0.16-1~trixie+tuxcare.els2_all.deb
sha:1ab68f9c75e4ae7196749c73266d0c0545b734e1
redis6-sentinel_6.0.16-1~trixie+tuxcare.els2_amd64.deb
sha:7482cb324cfb096cdf2edb785114d42841f791cb
redis6-server_6.0.16-1~trixie+tuxcare.els2_amd64.deb
sha:ee3a0dfc86757a91e0ee0465c01e7829279b1613
redis6-tools_6.0.16-1~trixie+tuxcare.els2_amd64.deb
sha:d96e1ca3dd4b5849a92442da95e924e9aa92af25

Notes:

This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.