Release date:
2026-05-21 09:30:57 UTC
Description:
* SECURITY UPDATE: Use-after-free via Lua script during fullsync on replica
- debian/patches/CVE-2026-23631.patch: delay fullsync processing in
readSyncBulkPayload until any running timed-out script finishes
- CVE-2026-23631
* SECURITY UPDATE: Invalid memory access in RESTORE command
- debian/patches/CVE-2026-25243.patch: fix double-free in rdbLoadObject
hash-zipmap dup-check and consumer-PEL error path, harden sds overflow
handling, and add missing length-encoding sanity checks in
zipmapValidateIntegrity
- CVE-2026-25243
Updated packages:
-
redis7_7.0.15-1~trixie+tuxcare.els3_all.deb
sha:58b3a080fc110d2076f54a49e229b00536ef3667
-
redis7-sentinel_7.0.15-1~trixie+tuxcare.els3_amd64.deb
sha:9f67ffc85d4f3ecca948a3e859bd19583858ca15
-
redis7-server_7.0.15-1~trixie+tuxcare.els3_amd64.deb
sha:857a5465297cdc1fcb956b035ff285e2a9937b68
-
redis7-tools_7.0.15-1~trixie+tuxcare.els3_amd64.deb
sha:7b26c072ad7a95a2f2ba59e82b52734573157756
-
redis7_7.0.15-1~trixie+tuxcare.els3_all.deb
sha:58b3a080fc110d2076f54a49e229b00536ef3667
-
redis7-sentinel_7.0.15-1~trixie+tuxcare.els3_arm64.deb
sha:55226125351bc63b923fe3bd6a35c598c1285b35
-
redis7-server_7.0.15-1~trixie+tuxcare.els3_arm64.deb
sha:f8de6c589534d676e7cfd0b91541f3f03da865f0
-
redis7-tools_7.0.15-1~trixie+tuxcare.els3_arm64.deb
sha:e9c3c91ea51be263e943e4c877bb661cff691990
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
