发布：: 2025-11-11
已更新：: 2025-11-11

RHSA-2025:20955 - Security Advisory

概述
更新的软件包

概述

Important: redis:7 security update

类型/严重性

Security Advisory: Important

Red Hat Lightspeed patch analysis

识别并修复受此公告影响的系统。

查看受影响的系统

标题

An update for the redis:7 module is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

描述

Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, or by appending each command to a log.

Security Fix(es):

redis: Lua library commands may lead to integer overflow and potential RCE (CVE-2025-46817)
Redis: Redis: Authenticated users can execute LUA scripts as a different user (CVE-2025-46818)
Redis: Redis is vulnerable to DoS via specially crafted LUA scripts (CVE-2025-46819)
Redis: Redis Lua Use-After-Free may lead to remote code execution (CVE-2025-49844)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

解决方案

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

受影响的产品

Red Hat Enterprise Linux for x86_64 9 x86_64
Red Hat Enterprise Linux for IBM z Systems 9 s390x
Red Hat Enterprise Linux for Power, little endian 9 ppc64le
Red Hat Enterprise Linux for ARM 64 9 aarch64

修复

BZ - 2401258 - CVE-2025-46817 redis: Lua library commands may lead to integer overflow and potential RCE
BZ - 2401292 - CVE-2025-46818 Redis: Redis: Authenticated users can execute LUA scripts as a different user
BZ - 2401322 - CVE-2025-46819 Redis: Redis is vulnerable to DoS via specially crafted LUA scripts
BZ - 2401324 - CVE-2025-49844 Redis: Redis Lua Use-After-Free may lead to remote code execution

CVE

参考

https://access.redhat.com/security/updates/classification/#important

注：: 可能有这些软件包的更新版本。点击软件包名称查看详情。

Red Hat Enterprise Linux for x86_64 9

SRPM
redis-7.2.11-1.module+el9.7.0+23559+d075163a.src.rpm	SHA-256: 06da32cd67ebcf86096fc00e36a58f2f8351ccd88b62f3601035e0d15b1fed94
x86_64
redis-doc-7.2.11-1.module+el9.7.0+23559+d075163a.noarch.rpm	SHA-256: 278e272ace258bda84d56a714f7d01e768c7e58b51f479a0747d772b6936b8bd
redis-7.2.11-1.module+el9.7.0+23559+d075163a.x86_64.rpm	SHA-256: c96b66dcfd877fda02369f53da038cbe30a17657e2d0990d843ace9af8d1e30f
redis-debuginfo-7.2.11-1.module+el9.7.0+23559+d075163a.x86_64.rpm	SHA-256: 2bfb0febccc3de30e8fe76732603a9d58ed7dae28d2a915a0549d0f6b98feede
redis-debugsource-7.2.11-1.module+el9.7.0+23559+d075163a.x86_64.rpm	SHA-256: 71f474c2f0769b199a131be1e4672cb17467caeb68760fb6f3624f161f211fda
redis-devel-7.2.11-1.module+el9.7.0+23559+d075163a.x86_64.rpm	SHA-256: d61fbff1f93caa220cd4faa777d23ae29df41266c01fbc48b3e6431ec02fe05c
redis-doc-7.2.11-1.module+el9.7.0+23559+d075163a.noarch.rpm	SHA-256: 278e272ace258bda84d56a714f7d01e768c7e58b51f479a0747d772b6936b8bd
redis-doc-7.2.11-1.module+el9.7.0+23559+d075163a.noarch.rpm	SHA-256: 278e272ace258bda84d56a714f7d01e768c7e58b51f479a0747d772b6936b8bd
redis-doc-7.2.11-1.module+el9.7.0+23559+d075163a.noarch.rpm	SHA-256: 278e272ace258bda84d56a714f7d01e768c7e58b51f479a0747d772b6936b8bd

Red Hat Enterprise Linux for IBM z Systems 9

SRPM
redis-7.2.11-1.module+el9.7.0+23559+d075163a.src.rpm	SHA-256: 06da32cd67ebcf86096fc00e36a58f2f8351ccd88b62f3601035e0d15b1fed94
s390x
redis-doc-7.2.11-1.module+el9.7.0+23559+d075163a.noarch.rpm	SHA-256: 278e272ace258bda84d56a714f7d01e768c7e58b51f479a0747d772b6936b8bd
redis-doc-7.2.11-1.module+el9.7.0+23559+d075163a.noarch.rpm	SHA-256: 278e272ace258bda84d56a714f7d01e768c7e58b51f479a0747d772b6936b8bd
redis-7.2.11-1.module+el9.7.0+23559+d075163a.s390x.rpm	SHA-256: f19b0e2d78e986267ddb0362b3a6401a13287a5945932a0984f80e6e7f77e961
redis-debuginfo-7.2.11-1.module+el9.7.0+23559+d075163a.s390x.rpm	SHA-256: 3da4437ca4d14ef7e0bf5ad474077658caea691ad31680973c8387b80c94b650
redis-debugsource-7.2.11-1.module+el9.7.0+23559+d075163a.s390x.rpm	SHA-256: 34c311b2d130f873ee0560985cc1437a685a65924bb2ae56fd84bccf7230a800
redis-devel-7.2.11-1.module+el9.7.0+23559+d075163a.s390x.rpm	SHA-256: cbcef3e8e9ca09007b1aaaf557b8ca847caec22cfa309283347c83618ceec45b
redis-doc-7.2.11-1.module+el9.7.0+23559+d075163a.noarch.rpm	SHA-256: 278e272ace258bda84d56a714f7d01e768c7e58b51f479a0747d772b6936b8bd
redis-doc-7.2.11-1.module+el9.7.0+23559+d075163a.noarch.rpm	SHA-256: 278e272ace258bda84d56a714f7d01e768c7e58b51f479a0747d772b6936b8bd

Red Hat Enterprise Linux for Power, little endian 9

SRPM
redis-7.2.11-1.module+el9.7.0+23559+d075163a.src.rpm	SHA-256: 06da32cd67ebcf86096fc00e36a58f2f8351ccd88b62f3601035e0d15b1fed94
ppc64le
redis-doc-7.2.11-1.module+el9.7.0+23559+d075163a.noarch.rpm	SHA-256: 278e272ace258bda84d56a714f7d01e768c7e58b51f479a0747d772b6936b8bd
redis-doc-7.2.11-1.module+el9.7.0+23559+d075163a.noarch.rpm	SHA-256: 278e272ace258bda84d56a714f7d01e768c7e58b51f479a0747d772b6936b8bd
redis-doc-7.2.11-1.module+el9.7.0+23559+d075163a.noarch.rpm	SHA-256: 278e272ace258bda84d56a714f7d01e768c7e58b51f479a0747d772b6936b8bd
redis-7.2.11-1.module+el9.7.0+23559+d075163a.ppc64le.rpm	SHA-256: b9364d52dd2f7539e34769fa17bf2a04f1993810548f93f4091a1fa6cb062c68
redis-debuginfo-7.2.11-1.module+el9.7.0+23559+d075163a.ppc64le.rpm	SHA-256: a5558c5d38665ceff4613f574476c505dbb01ed3c6fdbd35b0d2c6ea5ad59310
redis-debugsource-7.2.11-1.module+el9.7.0+23559+d075163a.ppc64le.rpm	SHA-256: 80808cad37dcce9bb0884c13539e312e81c76534fb30233bb264b991bd76f3c1
redis-devel-7.2.11-1.module+el9.7.0+23559+d075163a.ppc64le.rpm	SHA-256: 803ff3191dd3b88d36e778e244e5918615b66e04722818a3fbc2b29dd4d8e2b3
redis-doc-7.2.11-1.module+el9.7.0+23559+d075163a.noarch.rpm	SHA-256: 278e272ace258bda84d56a714f7d01e768c7e58b51f479a0747d772b6936b8bd

Red Hat Enterprise Linux for ARM 64 9

SRPM
redis-7.2.11-1.module+el9.7.0+23559+d075163a.src.rpm	SHA-256: 06da32cd67ebcf86096fc00e36a58f2f8351ccd88b62f3601035e0d15b1fed94
aarch64
redis-7.2.11-1.module+el9.7.0+23559+d075163a.aarch64.rpm	SHA-256: af99d3d811dc6aee97e5ac315a18e3ba84a976e00d74174653ec477910e2f672
redis-debuginfo-7.2.11-1.module+el9.7.0+23559+d075163a.aarch64.rpm	SHA-256: 5958cbd5f1c89cdb1c3192011fd6a5a2af420160951272a0078165ac41d7e934
redis-debugsource-7.2.11-1.module+el9.7.0+23559+d075163a.aarch64.rpm	SHA-256: 1031aeefc01975feae62a6269e42e6dce8426590775fc6e1e960c688f4b7fd1b
redis-devel-7.2.11-1.module+el9.7.0+23559+d075163a.aarch64.rpm	SHA-256: bc29e4ab7155f31bf9624fbc30a1f64efcf55d5f6ef09c6aee1d1c42b6b441c3
redis-doc-7.2.11-1.module+el9.7.0+23559+d075163a.noarch.rpm	SHA-256: 278e272ace258bda84d56a714f7d01e768c7e58b51f479a0747d772b6936b8bd
redis-doc-7.2.11-1.module+el9.7.0+23559+d075163a.noarch.rpm	SHA-256: 278e272ace258bda84d56a714f7d01e768c7e58b51f479a0747d772b6936b8bd
redis-doc-7.2.11-1.module+el9.7.0+23559+d075163a.noarch.rpm	SHA-256: 278e272ace258bda84d56a714f7d01e768c7e58b51f479a0747d772b6936b8bd
redis-doc-7.2.11-1.module+el9.7.0+23559+d075163a.noarch.rpm	SHA-256: 278e272ace258bda84d56a714f7d01e768c7e58b51f479a0747d772b6936b8bd

Red Hat 安全团队联络方式为 secalert@redhat.com。更多联络细节请参考 https://access.redhat.com/security/team/contact/。

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation

RHSA-2025:20955 - Security Advisory

概述

类型/严重性

Red Hat Lightspeed patch analysis

标题

描述

解决方案

受影响的产品

修复

CVE

参考

Red Hat Enterprise Linux for x86_64 9

Red Hat Enterprise Linux for IBM z Systems 9

Red Hat Enterprise Linux for Power, little endian 9

Red Hat Enterprise Linux for ARM 64 9

Quick Links

Help

Site Info

Related Sites

Red Hat legal and privacy links

Red Hat legal and privacy links