Red Hat Product Errata RHSA-2025:0689 - Security Advisory
Issued:
2025-01-27
Updated:
2025-01-27

RHSA-2025:0689 - Security Advisory

Synopsis

Important: redis:6 security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for the redis:6 module is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, or by appending each command to a log.

Security Fix(es):

  • redis: Redis' Lua library commands may lead to remote code execution (CVE-2024-46981)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux Server - AUS 8.6 x86_64
  • Red Hat Enterprise Linux Server - TUS 8.6 x86_64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.6 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.6 x86_64

Fixes

  • BZ - 2336004 - CVE-2024-46981 redis: Redis' Lua library commands may lead to remote code execution

Red Hat Enterprise Linux Server - AUS 8.6

SRPM
redis-6.0.9-5.module+el8.6.0+22735+5bedcf81.1.src.rpm SHA-256: ae6310073a1ecd41de9915d154a9e39139ebeec0f860e21ac009c162c36eeb4f
x86_64
redis-doc-6.0.9-5.module+el8.6.0+22735+5bedcf81.1.noarch.rpm SHA-256: 458fd153953edaa231c9371e3d946620ebbe03289963ffdbbeecf6f3a6633be0
redis-6.0.9-5.module+el8.6.0+22735+5bedcf81.1.x86_64.rpm SHA-256: 9dcf220fa8043b8061f7d99535a03c8842f0abc65e4a3f0921b639f21621a576
redis-debuginfo-6.0.9-5.module+el8.6.0+22735+5bedcf81.1.x86_64.rpm SHA-256: 27eb5c24c150b2c1824be3a3bc87d978e0cd9eb6efc25c31ebae7b4809200f0b
redis-debugsource-6.0.9-5.module+el8.6.0+22735+5bedcf81.1.x86_64.rpm SHA-256: b617999bc4c16fb0043b9ae7479078e141efd33d808ed13d027d43069f430016
redis-devel-6.0.9-5.module+el8.6.0+22735+5bedcf81.1.x86_64.rpm SHA-256: 829bb1fb5bdd8599467457b22836cb49c2e4b1b7ee575635f6ffe2456a036849

Red Hat Enterprise Linux Server - TUS 8.6

SRPM
redis-6.0.9-5.module+el8.6.0+22735+5bedcf81.1.src.rpm SHA-256: ae6310073a1ecd41de9915d154a9e39139ebeec0f860e21ac009c162c36eeb4f
x86_64
redis-doc-6.0.9-5.module+el8.6.0+22735+5bedcf81.1.noarch.rpm SHA-256: 458fd153953edaa231c9371e3d946620ebbe03289963ffdbbeecf6f3a6633be0
redis-6.0.9-5.module+el8.6.0+22735+5bedcf81.1.x86_64.rpm SHA-256: 9dcf220fa8043b8061f7d99535a03c8842f0abc65e4a3f0921b639f21621a576
redis-debuginfo-6.0.9-5.module+el8.6.0+22735+5bedcf81.1.x86_64.rpm SHA-256: 27eb5c24c150b2c1824be3a3bc87d978e0cd9eb6efc25c31ebae7b4809200f0b
redis-debugsource-6.0.9-5.module+el8.6.0+22735+5bedcf81.1.x86_64.rpm SHA-256: b617999bc4c16fb0043b9ae7479078e141efd33d808ed13d027d43069f430016
redis-devel-6.0.9-5.module+el8.6.0+22735+5bedcf81.1.x86_64.rpm SHA-256: 829bb1fb5bdd8599467457b22836cb49c2e4b1b7ee575635f6ffe2456a036849

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.6

SRPM
redis-6.0.9-5.module+el8.6.0+22735+5bedcf81.1.src.rpm SHA-256: ae6310073a1ecd41de9915d154a9e39139ebeec0f860e21ac009c162c36eeb4f
ppc64le
redis-doc-6.0.9-5.module+el8.6.0+22735+5bedcf81.1.noarch.rpm SHA-256: 458fd153953edaa231c9371e3d946620ebbe03289963ffdbbeecf6f3a6633be0
redis-6.0.9-5.module+el8.6.0+22735+5bedcf81.1.ppc64le.rpm SHA-256: f82e0a952b9a1c883d791199fcba6e01098b7cf6f270761fe88614e0d9c93dd0
redis-debuginfo-6.0.9-5.module+el8.6.0+22735+5bedcf81.1.ppc64le.rpm SHA-256: 33e98fce8777974e98bd8946e821bb4372c36fcd8ec8fa690556959d77f9359a
redis-debugsource-6.0.9-5.module+el8.6.0+22735+5bedcf81.1.ppc64le.rpm SHA-256: 13852d66507e8361f38b6c02d1df76dcf93803b0e26c499e0c270535bc82a0bd
redis-devel-6.0.9-5.module+el8.6.0+22735+5bedcf81.1.ppc64le.rpm SHA-256: bb5397f2b09bd7146322296ff38354dce0d05c23f5554422a53331022ea9a1e0

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.6

SRPM
redis-6.0.9-5.module+el8.6.0+22735+5bedcf81.1.src.rpm SHA-256: ae6310073a1ecd41de9915d154a9e39139ebeec0f860e21ac009c162c36eeb4f
x86_64
redis-doc-6.0.9-5.module+el8.6.0+22735+5bedcf81.1.noarch.rpm SHA-256: 458fd153953edaa231c9371e3d946620ebbe03289963ffdbbeecf6f3a6633be0
redis-6.0.9-5.module+el8.6.0+22735+5bedcf81.1.x86_64.rpm SHA-256: 9dcf220fa8043b8061f7d99535a03c8842f0abc65e4a3f0921b639f21621a576
redis-debuginfo-6.0.9-5.module+el8.6.0+22735+5bedcf81.1.x86_64.rpm SHA-256: 27eb5c24c150b2c1824be3a3bc87d978e0cd9eb6efc25c31ebae7b4809200f0b
redis-debugsource-6.0.9-5.module+el8.6.0+22735+5bedcf81.1.x86_64.rpm SHA-256: b617999bc4c16fb0043b9ae7479078e141efd33d808ed13d027d43069f430016
redis-devel-6.0.9-5.module+el8.6.0+22735+5bedcf81.1.x86_64.rpm SHA-256: 829bb1fb5bdd8599467457b22836cb49c2e4b1b7ee575635f6ffe2456a036849

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.