Issued:: 2025-10-29
Updated:: 2025-10-29

RHSA-2025:19238 - Security Advisory

Overview
Updated Packages

Synopsis

Important: redis:6 security update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for the redis:6 module is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, or by appending each command to a log.

Security Fix(es):

redis: Lua library commands may lead to integer overflow and potential RCE (CVE-2025-46817)
Redis: Redis: Authenticated users can execute LUA scripts as a different user (CVE-2025-46818)
Redis: Redis is vulnerable to DoS via specially crafted LUA scripts (CVE-2025-46819)
Redis: Redis Lua Use-After-Free may lead to remote code execution (CVE-2025-49844)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux for x86_64 8 x86_64
Red Hat Enterprise Linux for IBM z Systems 8 s390x
Red Hat Enterprise Linux for Power, little endian 8 ppc64le
Red Hat Enterprise Linux for ARM 64 8 aarch64

Fixes

BZ - 2401258 - CVE-2025-46817 redis: Lua library commands may lead to integer overflow and potential RCE
BZ - 2401292 - CVE-2025-46818 Redis: Redis: Authenticated users can execute LUA scripts as a different user
BZ - 2401322 - CVE-2025-46819 Redis: Redis is vulnerable to DoS via specially crafted LUA scripts
BZ - 2401324 - CVE-2025-49844 Redis: Redis Lua Use-After-Free may lead to remote code execution

CVEs

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux for x86_64 8

SRPM
redis-6.2.20-1.module+el8.10.0+23551+d4cd15d7.src.rpm	SHA-256: c7e144dd00412963c6e7201966552dd655c26732f414e998247d5f72bd6decc6
x86_64
redis-doc-6.2.20-1.module+el8.10.0+23551+d4cd15d7.noarch.rpm	SHA-256: 3a0f87657e0b7b81d746f1c301c7b3573961f798af7cfd8c95c7d609c303363b
redis-doc-6.2.20-1.module+el8.10.0+23551+d4cd15d7.noarch.rpm	SHA-256: 3a0f87657e0b7b81d746f1c301c7b3573961f798af7cfd8c95c7d609c303363b
redis-doc-6.2.20-1.module+el8.10.0+23551+d4cd15d7.noarch.rpm	SHA-256: 3a0f87657e0b7b81d746f1c301c7b3573961f798af7cfd8c95c7d609c303363b
redis-6.2.20-1.module+el8.10.0+23551+d4cd15d7.x86_64.rpm	SHA-256: 494c40464a3a0111054b4366b88351a23c7f6cf7291f62d2829ecd9d83aae3c1
redis-debuginfo-6.2.20-1.module+el8.10.0+23551+d4cd15d7.x86_64.rpm	SHA-256: 8d0fed178bb663bfb33e368654e3efdfa3f6397129b06dab034bcf0e9d596fbb
redis-debugsource-6.2.20-1.module+el8.10.0+23551+d4cd15d7.x86_64.rpm	SHA-256: c03fb76ccfe294ff4f969e814856070001f27adbdce6e746c357840e2db69b89
redis-devel-6.2.20-1.module+el8.10.0+23551+d4cd15d7.x86_64.rpm	SHA-256: 0fc396691e36101d7fb4a43f0172f35cfc4117c1e84a75cdb719ad570c3342f2
redis-doc-6.2.20-1.module+el8.10.0+23551+d4cd15d7.noarch.rpm	SHA-256: 3a0f87657e0b7b81d746f1c301c7b3573961f798af7cfd8c95c7d609c303363b

Red Hat Enterprise Linux for IBM z Systems 8

SRPM
redis-6.2.20-1.module+el8.10.0+23551+d4cd15d7.src.rpm	SHA-256: c7e144dd00412963c6e7201966552dd655c26732f414e998247d5f72bd6decc6
s390x
redis-doc-6.2.20-1.module+el8.10.0+23551+d4cd15d7.noarch.rpm	SHA-256: 3a0f87657e0b7b81d746f1c301c7b3573961f798af7cfd8c95c7d609c303363b
redis-6.2.20-1.module+el8.10.0+23551+d4cd15d7.s390x.rpm	SHA-256: 81abb144845bc7b527dc145ed7988aa58ef24deae4b91c5a48447f67e4494754
redis-debuginfo-6.2.20-1.module+el8.10.0+23551+d4cd15d7.s390x.rpm	SHA-256: 4505a6e5ce12ff72d5d48e8af0a607db7945eddec7a7b889dbb7da7691d48265
redis-debugsource-6.2.20-1.module+el8.10.0+23551+d4cd15d7.s390x.rpm	SHA-256: 049959ce86253529a3aa6e634068aba1a373217366a2fd8ef4db707ca3c10118
redis-devel-6.2.20-1.module+el8.10.0+23551+d4cd15d7.s390x.rpm	SHA-256: 693b02c2c7c3091e1f1bb6203cf2ba72d99afa50b5b8403c7fa69ed6182fd91f
redis-doc-6.2.20-1.module+el8.10.0+23551+d4cd15d7.noarch.rpm	SHA-256: 3a0f87657e0b7b81d746f1c301c7b3573961f798af7cfd8c95c7d609c303363b
redis-doc-6.2.20-1.module+el8.10.0+23551+d4cd15d7.noarch.rpm	SHA-256: 3a0f87657e0b7b81d746f1c301c7b3573961f798af7cfd8c95c7d609c303363b
redis-doc-6.2.20-1.module+el8.10.0+23551+d4cd15d7.noarch.rpm	SHA-256: 3a0f87657e0b7b81d746f1c301c7b3573961f798af7cfd8c95c7d609c303363b

Red Hat Enterprise Linux for Power, little endian 8

SRPM
redis-6.2.20-1.module+el8.10.0+23551+d4cd15d7.src.rpm	SHA-256: c7e144dd00412963c6e7201966552dd655c26732f414e998247d5f72bd6decc6
ppc64le
redis-doc-6.2.20-1.module+el8.10.0+23551+d4cd15d7.noarch.rpm	SHA-256: 3a0f87657e0b7b81d746f1c301c7b3573961f798af7cfd8c95c7d609c303363b
redis-doc-6.2.20-1.module+el8.10.0+23551+d4cd15d7.noarch.rpm	SHA-256: 3a0f87657e0b7b81d746f1c301c7b3573961f798af7cfd8c95c7d609c303363b
redis-doc-6.2.20-1.module+el8.10.0+23551+d4cd15d7.noarch.rpm	SHA-256: 3a0f87657e0b7b81d746f1c301c7b3573961f798af7cfd8c95c7d609c303363b
redis-6.2.20-1.module+el8.10.0+23551+d4cd15d7.ppc64le.rpm	SHA-256: 84f01c9b6eb5e0e3fb2f88487814697c5749a4e6bdebfa71f1d706cdacf17ddb
redis-debuginfo-6.2.20-1.module+el8.10.0+23551+d4cd15d7.ppc64le.rpm	SHA-256: 56004c0541b97a92c914d4d2e9b5e5c6940e338987b7e660ac1ea47af1a3647f
redis-debugsource-6.2.20-1.module+el8.10.0+23551+d4cd15d7.ppc64le.rpm	SHA-256: 2c4161a7fd2f6fef0e026fcbf55f20e24fd186dd0f23aef4b004d9549d7890ca
redis-devel-6.2.20-1.module+el8.10.0+23551+d4cd15d7.ppc64le.rpm	SHA-256: f84808d6facc5ba954b9d8eea8d793d1c9d27fc6c69e8fd0eff5184eb95443a3
redis-doc-6.2.20-1.module+el8.10.0+23551+d4cd15d7.noarch.rpm	SHA-256: 3a0f87657e0b7b81d746f1c301c7b3573961f798af7cfd8c95c7d609c303363b

Red Hat Enterprise Linux for ARM 64 8

SRPM
redis-6.2.20-1.module+el8.10.0+23551+d4cd15d7.src.rpm	SHA-256: c7e144dd00412963c6e7201966552dd655c26732f414e998247d5f72bd6decc6
aarch64
redis-doc-6.2.20-1.module+el8.10.0+23551+d4cd15d7.noarch.rpm	SHA-256: 3a0f87657e0b7b81d746f1c301c7b3573961f798af7cfd8c95c7d609c303363b
redis-doc-6.2.20-1.module+el8.10.0+23551+d4cd15d7.noarch.rpm	SHA-256: 3a0f87657e0b7b81d746f1c301c7b3573961f798af7cfd8c95c7d609c303363b
redis-6.2.20-1.module+el8.10.0+23551+d4cd15d7.aarch64.rpm	SHA-256: b793d6c7972f27d8d08fad83c8030637e479df0145389839111cca0503b182ea
redis-debuginfo-6.2.20-1.module+el8.10.0+23551+d4cd15d7.aarch64.rpm	SHA-256: 76d6b24128ab11cf614702390dfe005f1603592646e95b1c079764b981bb814d
redis-debugsource-6.2.20-1.module+el8.10.0+23551+d4cd15d7.aarch64.rpm	SHA-256: 452a6e912ad195d1f19e10d4889a4e2960e11ec9291559b0f473f1f7d64e9a79
redis-devel-6.2.20-1.module+el8.10.0+23551+d4cd15d7.aarch64.rpm	SHA-256: 16ee88325482fbe0ab704c7111dee784b31134a8eba3075694a476f769612b64
redis-doc-6.2.20-1.module+el8.10.0+23551+d4cd15d7.noarch.rpm	SHA-256: 3a0f87657e0b7b81d746f1c301c7b3573961f798af7cfd8c95c7d609c303363b
redis-doc-6.2.20-1.module+el8.10.0+23551+d4cd15d7.noarch.rpm	SHA-256: 3a0f87657e0b7b81d746f1c301c7b3573961f798af7cfd8c95c7d609c303363b

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation