Red Hat Product Errata RHSA-2025:7509 - Security Advisory
Issued:
2025-05-13
Updated:
2025-05-13

RHSA-2025:7509 - Security Advisory

Synopsis

Important: valkey security update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for valkey is now available for Red Hat Enterprise Linux 10.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Valkey is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing set intersection, union and difference; or getting the member with highest ranking in a sorted set. In order to achieve its outstanding performance, Valkey works with an in-memory dataset. Depending on your use case, you can persist it either by dumping the dataset to disk every once in a while, or by appending each command to a log. Valkey also supports trivial-to-setup master-slave replication, with very fast non-blocking first synchronization, auto-reconnection on net split and so forth. Other features include Transactions, Pub/Sub, Lua scripting, Keys with a limited time-to-live, and configuration settings to make Valkey behave like a cache. You can use Valkey from most programming languages also.

Security Fix(es):

  • redis: Redis DoS Vulnerability due to unlimited growth of output buffers abused by unauthenticated client (CVE-2025-21605)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 10 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.0 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 10 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.0 s390x
  • Red Hat Enterprise Linux for Power, little endian 10 ppc64le
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.0 ppc64le
  • Red Hat Enterprise Linux for ARM 64 10 aarch64
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.0 aarch64
  • Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.0 aarch64
  • Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.0 s390x
  • Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.0 ppc64le
  • Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.0 x86_64

Fixes

  • BZ - 2361883 - CVE-2025-21605 redis: Redis DoS Vulnerability due to unlimited growth of output buffers abused by unauthenticated client

Red Hat Enterprise Linux for x86_64 10

SRPM
valkey-8.0.3-1.el10_0.src.rpm SHA-256: b35c7377f3035ad2c6cf4186b533441b84cda1a63926214515c3fb442272b79b
x86_64
valkey-8.0.3-1.el10_0.x86_64.rpm SHA-256: 2715aa04502d6dc141b8bba5ef31bf6f95fbfe9641c55989a4d70f1dd99a32d9
valkey-debuginfo-8.0.3-1.el10_0.x86_64.rpm SHA-256: 1a5de6c3817847680f0d95c6a9d5781da6e6877a7a6468834c2ae0af70bb17f0
valkey-debugsource-8.0.3-1.el10_0.x86_64.rpm SHA-256: db82dabc24f8b2271fc5e488cd170956dd96dd50ac29ac50790427446d5bd25d
valkey-devel-8.0.3-1.el10_0.x86_64.rpm SHA-256: ae15938c77017220e05631e7d67bed49b101bc0322b681285c7f4e5c3847afa8

Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.0

SRPM
valkey-8.0.3-1.el10_0.src.rpm SHA-256: b35c7377f3035ad2c6cf4186b533441b84cda1a63926214515c3fb442272b79b
x86_64
valkey-8.0.3-1.el10_0.x86_64.rpm SHA-256: 2715aa04502d6dc141b8bba5ef31bf6f95fbfe9641c55989a4d70f1dd99a32d9
valkey-debuginfo-8.0.3-1.el10_0.x86_64.rpm SHA-256: 1a5de6c3817847680f0d95c6a9d5781da6e6877a7a6468834c2ae0af70bb17f0
valkey-debugsource-8.0.3-1.el10_0.x86_64.rpm SHA-256: db82dabc24f8b2271fc5e488cd170956dd96dd50ac29ac50790427446d5bd25d
valkey-devel-8.0.3-1.el10_0.x86_64.rpm SHA-256: ae15938c77017220e05631e7d67bed49b101bc0322b681285c7f4e5c3847afa8

Red Hat Enterprise Linux for IBM z Systems 10

SRPM
valkey-8.0.3-1.el10_0.src.rpm SHA-256: b35c7377f3035ad2c6cf4186b533441b84cda1a63926214515c3fb442272b79b
s390x
valkey-8.0.3-1.el10_0.s390x.rpm SHA-256: 89d1956244dd00099d0ac6e603cbe8afe7f406de68b20cd75df0fdbd54944a8f
valkey-debuginfo-8.0.3-1.el10_0.s390x.rpm SHA-256: 2fc7f533846e4817e5ec9a959866427dcb3d8ad02f0347db1ebeb04f1a55f818
valkey-debugsource-8.0.3-1.el10_0.s390x.rpm SHA-256: d88fab1dd9555df0bbb08429a480be5d9bd2996647f2b5aea5954bbb5b1f4f45
valkey-devel-8.0.3-1.el10_0.s390x.rpm SHA-256: 27f7e90d4cb33a065dc7e1b2dff8e1bf78b5be19f9a1823b5e6af38516dd5aed

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.0

SRPM
valkey-8.0.3-1.el10_0.src.rpm SHA-256: b35c7377f3035ad2c6cf4186b533441b84cda1a63926214515c3fb442272b79b
s390x
valkey-8.0.3-1.el10_0.s390x.rpm SHA-256: 89d1956244dd00099d0ac6e603cbe8afe7f406de68b20cd75df0fdbd54944a8f
valkey-debuginfo-8.0.3-1.el10_0.s390x.rpm SHA-256: 2fc7f533846e4817e5ec9a959866427dcb3d8ad02f0347db1ebeb04f1a55f818
valkey-debugsource-8.0.3-1.el10_0.s390x.rpm SHA-256: d88fab1dd9555df0bbb08429a480be5d9bd2996647f2b5aea5954bbb5b1f4f45
valkey-devel-8.0.3-1.el10_0.s390x.rpm SHA-256: 27f7e90d4cb33a065dc7e1b2dff8e1bf78b5be19f9a1823b5e6af38516dd5aed

Red Hat Enterprise Linux for Power, little endian 10

SRPM
valkey-8.0.3-1.el10_0.src.rpm SHA-256: b35c7377f3035ad2c6cf4186b533441b84cda1a63926214515c3fb442272b79b
ppc64le
valkey-8.0.3-1.el10_0.ppc64le.rpm SHA-256: c36637ab5be9c629a58b775d7ec4845298f86aa9b9432af07c4cbccb535a33d0
valkey-debuginfo-8.0.3-1.el10_0.ppc64le.rpm SHA-256: c57342e3c9aad7ebd2ad57e0f437f6507b9eb7bf23caa0e1bf46e81fb67bd9be
valkey-debugsource-8.0.3-1.el10_0.ppc64le.rpm SHA-256: 95673e51a3360b4883f356e10225be0546098cc94928dc15eee34e2c166d564d
valkey-devel-8.0.3-1.el10_0.ppc64le.rpm SHA-256: 39c1a6b1762e7d117c3e99763e10c2900f553d67d1e111972b1690545b288f33

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.0

SRPM
valkey-8.0.3-1.el10_0.src.rpm SHA-256: b35c7377f3035ad2c6cf4186b533441b84cda1a63926214515c3fb442272b79b
ppc64le
valkey-8.0.3-1.el10_0.ppc64le.rpm SHA-256: c36637ab5be9c629a58b775d7ec4845298f86aa9b9432af07c4cbccb535a33d0
valkey-debuginfo-8.0.3-1.el10_0.ppc64le.rpm SHA-256: c57342e3c9aad7ebd2ad57e0f437f6507b9eb7bf23caa0e1bf46e81fb67bd9be
valkey-debugsource-8.0.3-1.el10_0.ppc64le.rpm SHA-256: 95673e51a3360b4883f356e10225be0546098cc94928dc15eee34e2c166d564d
valkey-devel-8.0.3-1.el10_0.ppc64le.rpm SHA-256: 39c1a6b1762e7d117c3e99763e10c2900f553d67d1e111972b1690545b288f33

Red Hat Enterprise Linux for ARM 64 10

SRPM
valkey-8.0.3-1.el10_0.src.rpm SHA-256: b35c7377f3035ad2c6cf4186b533441b84cda1a63926214515c3fb442272b79b
aarch64
valkey-8.0.3-1.el10_0.aarch64.rpm SHA-256: 9149ac458737ec4bc2d8c0e65a2bfadfa84b2b3a4045daf44be679bdf15ab17f
valkey-debuginfo-8.0.3-1.el10_0.aarch64.rpm SHA-256: 72fab2835dcf1769d7264b87c9c31461ee4a5056970688e9afc59cae0361dc7e
valkey-debugsource-8.0.3-1.el10_0.aarch64.rpm SHA-256: 1a926cccacb0a67673d4409b7b2d625590216821dc8a63fb4c97479d6d07cb9c
valkey-devel-8.0.3-1.el10_0.aarch64.rpm SHA-256: 77189786e2b4af6c2b1273fbe0cd361ffb962b4e308ef3198731df359e34f39b

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.0

SRPM
valkey-8.0.3-1.el10_0.src.rpm SHA-256: b35c7377f3035ad2c6cf4186b533441b84cda1a63926214515c3fb442272b79b
aarch64
valkey-8.0.3-1.el10_0.aarch64.rpm SHA-256: 9149ac458737ec4bc2d8c0e65a2bfadfa84b2b3a4045daf44be679bdf15ab17f
valkey-debuginfo-8.0.3-1.el10_0.aarch64.rpm SHA-256: 72fab2835dcf1769d7264b87c9c31461ee4a5056970688e9afc59cae0361dc7e
valkey-debugsource-8.0.3-1.el10_0.aarch64.rpm SHA-256: 1a926cccacb0a67673d4409b7b2d625590216821dc8a63fb4c97479d6d07cb9c
valkey-devel-8.0.3-1.el10_0.aarch64.rpm SHA-256: 77189786e2b4af6c2b1273fbe0cd361ffb962b4e308ef3198731df359e34f39b

Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.0

SRPM
valkey-8.0.3-1.el10_0.src.rpm SHA-256: b35c7377f3035ad2c6cf4186b533441b84cda1a63926214515c3fb442272b79b
aarch64
valkey-8.0.3-1.el10_0.aarch64.rpm SHA-256: 9149ac458737ec4bc2d8c0e65a2bfadfa84b2b3a4045daf44be679bdf15ab17f
valkey-debuginfo-8.0.3-1.el10_0.aarch64.rpm SHA-256: 72fab2835dcf1769d7264b87c9c31461ee4a5056970688e9afc59cae0361dc7e
valkey-debugsource-8.0.3-1.el10_0.aarch64.rpm SHA-256: 1a926cccacb0a67673d4409b7b2d625590216821dc8a63fb4c97479d6d07cb9c
valkey-devel-8.0.3-1.el10_0.aarch64.rpm SHA-256: 77189786e2b4af6c2b1273fbe0cd361ffb962b4e308ef3198731df359e34f39b

Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.0

SRPM
valkey-8.0.3-1.el10_0.src.rpm SHA-256: b35c7377f3035ad2c6cf4186b533441b84cda1a63926214515c3fb442272b79b
s390x
valkey-8.0.3-1.el10_0.s390x.rpm SHA-256: 89d1956244dd00099d0ac6e603cbe8afe7f406de68b20cd75df0fdbd54944a8f
valkey-debuginfo-8.0.3-1.el10_0.s390x.rpm SHA-256: 2fc7f533846e4817e5ec9a959866427dcb3d8ad02f0347db1ebeb04f1a55f818
valkey-debugsource-8.0.3-1.el10_0.s390x.rpm SHA-256: d88fab1dd9555df0bbb08429a480be5d9bd2996647f2b5aea5954bbb5b1f4f45
valkey-devel-8.0.3-1.el10_0.s390x.rpm SHA-256: 27f7e90d4cb33a065dc7e1b2dff8e1bf78b5be19f9a1823b5e6af38516dd5aed

Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.0

SRPM
valkey-8.0.3-1.el10_0.src.rpm SHA-256: b35c7377f3035ad2c6cf4186b533441b84cda1a63926214515c3fb442272b79b
ppc64le
valkey-8.0.3-1.el10_0.ppc64le.rpm SHA-256: c36637ab5be9c629a58b775d7ec4845298f86aa9b9432af07c4cbccb535a33d0
valkey-debuginfo-8.0.3-1.el10_0.ppc64le.rpm SHA-256: c57342e3c9aad7ebd2ad57e0f437f6507b9eb7bf23caa0e1bf46e81fb67bd9be
valkey-debugsource-8.0.3-1.el10_0.ppc64le.rpm SHA-256: 95673e51a3360b4883f356e10225be0546098cc94928dc15eee34e2c166d564d
valkey-devel-8.0.3-1.el10_0.ppc64le.rpm SHA-256: 39c1a6b1762e7d117c3e99763e10c2900f553d67d1e111972b1690545b288f33

Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.0

SRPM
valkey-8.0.3-1.el10_0.src.rpm SHA-256: b35c7377f3035ad2c6cf4186b533441b84cda1a63926214515c3fb442272b79b
x86_64
valkey-8.0.3-1.el10_0.x86_64.rpm SHA-256: 2715aa04502d6dc141b8bba5ef31bf6f95fbfe9641c55989a4d70f1dd99a32d9
valkey-debuginfo-8.0.3-1.el10_0.x86_64.rpm SHA-256: 1a5de6c3817847680f0d95c6a9d5781da6e6877a7a6468834c2ae0af70bb17f0
valkey-debugsource-8.0.3-1.el10_0.x86_64.rpm SHA-256: db82dabc24f8b2271fc5e488cd170956dd96dd50ac29ac50790427446d5bd25d
valkey-devel-8.0.3-1.el10_0.x86_64.rpm SHA-256: ae15938c77017220e05631e7d67bed49b101bc0322b681285c7f4e5c3847afa8

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.