[CLSA-2026:1779356004] Fix CVE(s): CVE-2026-25243
Type:
security
Severity:
Important
Release date:
2026-05-21 09:33:28 UTC
Description:
* SECURITY UPDATE: Invalid memory access in RESTORE command allows authenticated attacker to trigger heap corruption via crafted payload - debian/patches/CVE-2026-25243.patch: protect _sdsnewlen trymalloc path against size_t overflow, add length-encoding sanity checks in zipmapValidateIntegrity, fix ziplist leak and stream NACK double-free in rdbLoadObject error paths - CVE-2026-25243
Updated packages:
  • redis6.2_6.2.21-1~trixie+tuxcare.els4_all.deb
    sha:d278f12cf3aa2e346979ac13cd918237c38928fd
  • redis6.2-sentinel_6.2.21-1~trixie+tuxcare.els4_amd64.deb
    sha:4e6a8e841f08a9cf68f7ffdd19aa8665b56ece8f
  • redis6.2-server_6.2.21-1~trixie+tuxcare.els4_amd64.deb
    sha:41a8658e2328107de9d268c27830359ccc8d3ea7
  • redis6.2-tools_6.2.21-1~trixie+tuxcare.els4_amd64.deb
    sha:9ee58c6452b795c65633e9fb208ced7c6d3874c3
  • redis6.2_6.2.21-1~trixie+tuxcare.els4_all.deb
    sha:d278f12cf3aa2e346979ac13cd918237c38928fd
  • redis6.2-sentinel_6.2.21-1~trixie+tuxcare.els4_arm64.deb
    sha:183384ce783a8a9bf08ce8cfdbd472ae66ea21f2
  • redis6.2-server_6.2.21-1~trixie+tuxcare.els4_arm64.deb
    sha:4f0d4aa52bc31206e8b92fc8b06158989751a545
  • redis6.2-tools_6.2.21-1~trixie+tuxcare.els4_arm64.deb
    sha:4928224c58eb68165525cf6263805e22c4cae402
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.