SUSE-SU-2025:02680-1

Details

This update for redis fixes the following issues:

CVE-2025-32023: Fixed out-of-bounds write when working with HyperLogLog commands can lead to remote code execution. (bsc#1246059)
CVE-2025-48367: Fixed unauthenticated connection causing repeated IP protocol erros can lead to client starvation and DoS. (bsc#1246058)

Affected Packages

redis

SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOSSUSE Linux Enterprise High Performance Computing 15 SP4-LTSSSUSE Linux Enterprise High Performance Computing 15 SP5-ESPOSSUSE Linux Enterprise High Performance Computing 15 SP5-LTSSSUSE Linux Enterprise Server 15 SP4-LTSS

Fixed in:

6.2.6-150400.3.37.1

References

REPORT

https://bugzilla.suse.com/1246058

REPORT

https://bugzilla.suse.com/1246059

WEB

https://www.suse.com/security/cve/CVE-2025-32023

WEB

https://www.suse.com/security/cve/CVE-2025-48367

ADVISORY

https://www.suse.com/support/update/announcement/2025/suse-su-202502680-1/