A security update for Redis has been released for Debian GNU/Linux 11 LTS, identified as Debian LTS Advisory DLA-4240-1. The update addresses two significant vulnerabilities that were discovered in the Redis key-value database.
The specific issues addressed in this update include:
1. CVE-2025-32023: An authenticated user could exploit a specially-crafted string to perform a stack or heap out-of-bounds write during hyperloglog operations. This vulnerability could potentially allow for remote code execution. However, installations that employ Redis' Access Control List (ACL) system to restrict hyperloglog HLL commands are not affected.
2. CVE-2025-48367: An unauthenticated connection could cause repeated IP protocol errors. This issue could lead to client starvation and potentially result in a Denial of Service (DoS) attack.
The vulnerabilities have been resolved in version 5:6.0.16-1+deb11u7 of the Redis package. Users are strongly advised to upgrade their Redis packages to ensure their systems are secure.
For more information on the security status of Redis, users can visit the security tracker page. Additional resources regarding Debian LTS security advisories, update instructions, and frequently asked questions are available on the Debian wiki.
In conclusion, maintaining up-to-date software is crucial for safeguarding systems against potential vulnerabilities. Users should prioritize applying security updates not only for Redis but for all software to mitigate risks associated with unpatched vulnerabilities
The specific issues addressed in this update include:
1. CVE-2025-32023: An authenticated user could exploit a specially-crafted string to perform a stack or heap out-of-bounds write during hyperloglog operations. This vulnerability could potentially allow for remote code execution. However, installations that employ Redis' Access Control List (ACL) system to restrict hyperloglog HLL commands are not affected.
2. CVE-2025-48367: An unauthenticated connection could cause repeated IP protocol errors. This issue could lead to client starvation and potentially result in a Denial of Service (DoS) attack.
The vulnerabilities have been resolved in version 5:6.0.16-1+deb11u7 of the Redis package. Users are strongly advised to upgrade their Redis packages to ensure their systems are secure.
For more information on the security status of Redis, users can visit the security tracker page. Additional resources regarding Debian LTS security advisories, update instructions, and frequently asked questions are available on the Debian wiki.
In conclusion, maintaining up-to-date software is crucial for safeguarding systems against potential vulnerabilities. Users should prioritize applying security updates not only for Redis but for all software to mitigate risks associated with unpatched vulnerabilities
Redis security update for Debian
A Redis security update has been released for Debian GNU/Linux 11 LTS:
[DLA 4240-1] redis security update
