openSUSE-SU-2025:20121-1

Details

This update for redis fixes the following issues:

Updated to 8.2.3 (boo#1252996 CVE-2025-62507)
- https://github.com/redis/redis/releases/tag/8.2.3
- Security fixes
  - (CVE-2025-62507) Bug in XACKDEL may lead to stack overflow and potential RCE
- Bug fixes
  - HGETEX: A missing numfields argument when FIELDS is used can lead to Redis crash
  - An overflow in HyperLogLog with 2GB+ entries may result in a Redis crash
  - Cuckoo filter - Division by zero in Cuckoo filter insertion
  - Cuckoo filter - Counter overflow
  - Bloom filter - Arbitrary memory read/write with invalid filter
  - Bloom filter - Out-of-bounds access with empty chain
  - Top-k - Out-of-bounds access
  - Bloom filter - Restore invalid filter [We thank AWS security for responsibly disclosing the security bug]
Updated to 8.2.2 (boo#1250995)
- https://github.com/redis/redis/releases/tag/8.2.2
- Fixed Lua script may lead to remote code execution (CVE-2025-49844).
- Fixed Lua script may lead to integer overflow (CVE-2025-46817).
- Fixed Lua script can be executed in the context of another user (CVE-2025-46818).
- Fixed LUA out-of-bound read (CVE-2025-46819).
- Fixed potential crash on Lua script or streams and HFE defrag.
- Fixed potential crash when using ACL rules.
- Added VSIM: new EPSILON argument to specify maximum distance.
- Added SVS-VAMANA: allow use of BUILD_INTEL_SVS_OPT flag.
- Added RESP3 serialization performance.
- Added INFO SEARCH: new SVS-VAMANA metrics.
Updated to 8.2.1
- https://github.com/redis/redis/releases/tag/8.2.1
- Bug fixes
  - #14240 INFO KEYSIZES - potential incorrect histogram updates on cluster mode with modules
  - #14274 Disable Active Defrag during flushing replica
  - #14276 XADD or XTRIM can crash the server after loading RDB
  - #Q6601 Potential crash when running FLUSHDB (MOD-10681)
- Performance and resource utilization
  - Query Engine - LeanVec and LVQ proprietary Intel optimizations were removed from Redis Open Source
  - #Q6621 Fix regression in INFO (MOD-10779)

Affected Packages

openSUSE:Leap 16.0redis

Fixed in:

8.2.3-bp160.1.1

References

ADVISORY REPORThttps://bugzilla.suse.com/1250995 REPORThttps://bugzilla.suse.com/1252996 WEBhttps://www.suse.com/security/cve/CVE-2025-46817 WEBhttps://www.suse.com/security/cve/CVE-2025-46818 WEBhttps://www.suse.com/security/cve/CVE-2025-46819 WEBhttps://www.suse.com/security/cve/CVE-2025-49844 WEBhttps://www.suse.com/security/cve/CVE-2025-62507

openSUSE-SU-2025:20121-1

Details

Affected Packages

References

Upstream

Related

Ecosystems

Timeline