Updated redis packages fix security vulnerabilities
Publication date: 14 May 2026Modification date: 14 May 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-23479 , CVE-2026-23631 , CVE-2026-25243 , CVE-2026-25588 , CVE-2026-25589
Description
(CVE-2026-23479) Use-After-Free in unblock client flow may lead to
Remote Code Execution.
(CVE-2026-25243) Invalid memory access in RESTORE may lead to Remote
Code Execution
(CVE-2026-23631) Lua Use-After-Free may lead to remote code execution
A user can manipulate data read by a connection by injecting \r\n
sequences into a Redis error reply
References
- https://bugs.mageia.org/show_bug.cgi?id=35514
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/CVOEZ7I2TIPXYBFA4UYY5GI5Q4VOAD7C/
- https://github.com/redis/redis/releases/tag/7.2.13
- https://github.com/redis/redis/releases/tag/7.2.14
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23479
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-23631
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25243
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25588
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25589
SRPMS
9/core
- redis-7.2.14-1.mga9