CLSA-2026:1778845249

[CLSA-2026:1778845249] redis: Fix of 2 CVEs

Type:

security

Severity:

Important

Release date:

2026-05-15 12:19:27 UTC

Description:

- CVE-2026-23631: fix use-after-free in readSyncBulkPayload when fullsync happens
  while a Lua script is timed out on the replica
- CVE-2026-25243: fix invalid memory access in RESTORE on crafted zipmap, listpack
  and stream PEL payloads

Updated packages:

redis-6.2.21-1.el9_2.tuxcare.els3.x86_64.rpm
sha:1d9c66cc8cf42856c61a99800501b992e549e605df99e920644356ba243a3735
redis-devel-6.2.21-1.el9_2.tuxcare.els3.i686.rpm
sha:bf97e5d416f13d76ac3e30d35d353307f33d97bc5ae662d7a0dee55af5e2fee5
redis-devel-6.2.21-1.el9_2.tuxcare.els3.x86_64.rpm
sha:e8f8bba5debba3270aec9a133e2471654da7a2afb0c9c15fe392a9775c71f86e
redis-doc-6.2.21-1.el9_2.tuxcare.els3.noarch.rpm
sha:0fe0f91282426c0472a86f7b30372bd8c59ba30c28f40146ca647ac1e1cfcb8b

Notes:

This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.