stable

valkey-8.0.6-1.fc42

FEDORA-2025-3055a5b407 created by remi a month ago for Fedora 42

Valkey 8.0.6 - Released Fri 03 October 2025

Upgrade urgency SECURITY: This release includes security fixes we recommend you apply as soon as possible.

Security fixes

  • CVE-2025-49844 A Lua script may lead to remote code execution
  • CVE-2025-46817 A Lua script may lead to integer overflow and potential RCE
  • CVE-2025-46818 A Lua script can be executed in the context of another user
  • CVE-2025-46819 LUA out-of-bound read

Bug fixes

  • Fix accounting for dual channel RDB bytes in replication stats (#2616)
  • Minor fix for dual rdb channel connection conn error log (#2658)
  • Fix unsigned difference expression compared to zero (#2101)

Valkey 8.0.5 - Released Thu 22 Aug 2025

Upgrade urgency SECURITY: This release includes security fixes we recommend you apply as soon as possible.

Bug fixes

  • Fix clients remaining blocked when reprocessing commands after certain blocking operations (#2109)
  • Fix a memory corruption issue in the sharded pub/sub unsubscribe logic (#2137)
  • Fix potential memory leak by ensuring module context is freed when aux_save2 callback writes no data (#2132)
  • Fix CLIENT UNBLOCK triggering unexpected errors when used on paused clients (#2117)
  • Fix missing NULL check on SSL_new() when creating outgoing TLS connections (#2140)
  • Fix incorrect casting of ping extension lengths to prevent silent packet drops (#2144)
  • Fix replica failover stall due to outdated config epoch (#2178)
  • Fix incorrect port/tls-port info in CLUSTER SLOTS/CLUSTER NODES after dynamic config change (#2186)
  • Ensure empty error tables in Lua scripts don't crash Valkey (#2229)
  • Fix client tracking memory overhead calculation (#2360)
  • Handle divergent shard-id from nodes.conf and reconcile to the primary node's shard-id (#2174)
  • Fix pre-size hashtables per slot when reading RDB files (#2466)

Behavior changes

  • Trigger election immediately during a forced manual failover (CLUSTER FAILOVER FORCE) to avoid delay (#1067)
  • Reset ongoing election state when initiating a new manual failover (#1274)

Logging and Tooling Improvements

  • Add support to drop all cluster packets (#1252)
  • Improve log clarity in failover auth denial message (#1341)

Security fixes

  • CVE-2025-27151: Check length of AOF file name in valkey-check-aof and reject paths longer than PATH_MAX (#2146)

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2025-3055a5b407

This update has been submitted for testing by remi.

a month ago

This update's test gating status has been changed to 'ignored'.

a month ago

remi edited this update.

a month ago

This update has been pushed to testing.

a month ago

remi edited this update.

a month ago
User Icon sshambar commented & provided feedback a month ago
karma

Install works as expected (didn't test if exploit fixed though)

This update can be pushed to stable now if the maintainer wishes

a month ago

This update has been submitted for stable by bodhi.

a month ago

This update has been pushed to stable.

a month ago

Please log in to add feedback.

Metadata
Type
security
Severity
medium
Karma
1
Signed
Content Type
RPM
Test Gating
Autopush Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
7 days
Dates
submitted
a month ago
in testing
a month ago
in stable
a month ago
modified
a month ago
approved
a month ago
Builds
1
valkey-8.0.6-1.fc42
BZ#2402051 CVE-2025-49844 valkey: Redis Lua Use-After-Free may lead to remote code execution [fedora-42]
0
0
valkey-8.0.6-1.fc42

Automated Test Results

Copyright © 2007-2025 Red Hat, Inc. and others.

Running bodhi-server 25.5.1 on bodhi-web-10-qgq4l.

bodhi is Free Software. Please file issues if you have any problems. Read the documentation.

Composes Legal Privacy policy