-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 23 Jul 2025 13:01:37 -0700 Source: redis Binary: redis redis-sentinel redis-server redis-tools redis-tools-dbgsym Built-For-Profiles: nocheck Architecture: source amd64 all Version: 5:7.0.15-1~deb12u5 Distribution: bookworm-security Urgency: high Maintainer: Chris Lamb Changed-By: Chris Lamb Description: redis - Persistent key-value database with network interface (metapackage redis-sentinel - Persistent key-value database with network interface (monitoring) redis-server - Persistent key-value database with network interface redis-tools - Persistent key-value database with network interface (client) Closes: 1106822 1108975 1108981 Changes: redis (5:7.0.15-1~deb12u5) bookworm-security; urgency=high . * CVE-2025-27151: Fix an stack-based buffer overflow in redis-check-aof caused by the use of memcpy with strlen(filepath) when copying a user-supplied file path into a fixed-size stack buffer. This allowed an attacker to overflow the stack and potentially achieve arbitrary code execution. (Closes: #1106822) * CVE-2025-32023: An authenticated user may have used a specially-crafted string to trigger a stack/heap out-of-bounds write during hyperloglog operations, potentially leading to remote code execution. Installations that used Redis' ACL system to restrict hyperloglog "HLL" commands are unaffected by this issue. (Closes: #1108975) * CVE-2025-48367: An unauthenticated connection could have caused repeated IP protocol errors, leading to client starvation and ultimately become a Denial of Service (DoS) attack. (Closes: #1108981) Checksums-Sha1: 18a4842a7e7edcb2cce74bfdc44339b9599fd01f 2305 redis_7.0.15-1~deb12u5.dsc acb9e167a849f2e52c11c119b3f6d075a155a8db 35752 redis_7.0.15-1~deb12u5.debian.tar.xz 47746ad01601dd8792d776b2f1cee0e48c8cfb3f 34244 redis-sentinel_7.0.15-1~deb12u5_amd64.deb f927d303f747c43a64d99c78b629e2967135d42c 73036 redis-server_7.0.15-1~deb12u5_amd64.deb 734a4248e4bd09ccb1e876831488ca42e723c39c 2781548 redis-tools-dbgsym_7.0.15-1~deb12u5_amd64.deb 58110254c908802e75aa3c5c2110e1dd10b2dc04 990064 redis-tools_7.0.15-1~deb12u5_amd64.deb 32bfb234b609f856eb8b93752a86c79ce066861d 25188 redis_7.0.15-1~deb12u5_all.deb d1d314a4c5f5e2b951868e67f66f6139ad30f93b 8054 redis_7.0.15-1~deb12u5_amd64.buildinfo Checksums-Sha256: 3757314faf89ff571d4a4231fd37980e1eaec31077aa2ecf8d7edcefd3b7d65d 2305 redis_7.0.15-1~deb12u5.dsc e1702e67e26fe8635031e0bb1f4c70715ef977f305bedc49cc8638fae4605871 35752 redis_7.0.15-1~deb12u5.debian.tar.xz 9112e1810c451d9723b6c797f702e526984ad40b14c2d5475dfb96c941c04697 34244 redis-sentinel_7.0.15-1~deb12u5_amd64.deb 6e97c13c2af60a74e0e8bd636c04a6bc20645e2712b40ff9bf147fc43732b1e3 73036 redis-server_7.0.15-1~deb12u5_amd64.deb 10b41e16f485d28b00f81f06302d1756329d18aa0a2a2e74f5a3ab8c5f3d8b95 2781548 redis-tools-dbgsym_7.0.15-1~deb12u5_amd64.deb 64999150bd1227846578f80af90a4a900eab024fb004162dd120b7b70fc5a893 990064 redis-tools_7.0.15-1~deb12u5_amd64.deb ad610f5b96e4f96dd1808b130bd30c102c2f134e5a45f5759f543e15f2ee3d5f 25188 redis_7.0.15-1~deb12u5_all.deb 9a4144e1da161678c66382f52799533807f75b96023a1774f4f77050c1472356 8054 redis_7.0.15-1~deb12u5_amd64.buildinfo Files: 30ee6f3fbd0ff5f7b44985fd7cbe59fd 2305 database optional redis_7.0.15-1~deb12u5.dsc c864385b8633652a2c3b8df6594db0a7 35752 database optional redis_7.0.15-1~deb12u5.debian.tar.xz 189f7807dec379075ef1c8b89099c8ef 34244 database optional redis-sentinel_7.0.15-1~deb12u5_amd64.deb e478c38b1eb489df52f6c1385476a285 73036 database optional redis-server_7.0.15-1~deb12u5_amd64.deb 6c8b52b219e7174b1e5c02f0191e174b 2781548 debug optional redis-tools-dbgsym_7.0.15-1~deb12u5_amd64.deb 1936a64d0a30b8dd45708d3ee38ea9c3 990064 database optional redis-tools_7.0.15-1~deb12u5_amd64.deb 1189a4b72239d7457477053ee649aee2 25188 database optional redis_7.0.15-1~deb12u5_all.deb 2b1158a73915a7ff0cad39448d26ad92 8054 database optional redis_7.0.15-1~deb12u5_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmiH5uAACgkQHpU+J9Qx Hljwdg//dPLtuOpLyK9C/fxAwUIOqQrPfplxUPyPTCEgDtxpoqJgY5wttaiIM+ye k0m7HZA95QZjLNLCYYQDNuFTsOgCUiJTWo5YipHs/HpApuv9VohZ/eBcVrrpZ9Dq qfQNdjZhJ5Od9ifA6ZS6UQT8XiARN5GvYl5H0tW2UndkhTqwOaR4IgEoxbmSeaw9 wUqBDqqk1kd7VCT83f8KcsIsSzvDjuJrirpNaB+HY211450IgKXLDCB34AeXH+6Q LJfQj0lTwNo09NzHNgqVTpU+644N2IfVpjMhPEoLXqshFhHkpDyjqe86WuRXlpIr nFZ0M502uhdCwhyk2RI+jwQojeudyeaV6D0eUQwWpsM9cOjOFYbCNjAUWiYs9mc+ FMA3N9bYwbL09FUfAkKxQeFnftrb/aaJOwD5dCFoD4mfI4As5Jij5Eh4cJkakZFi Q/UiFVT0EOh0618pohD3cnrbEFhbX/qZOk+OrvEBxiOF8IazFKEr1wl/Y8UkqErQ LCzsAO0TqWJEPNeaaoi7yH34JOhN8vTPGCa0bJE71UObBxcuUTVNPZQ/Ihz9RO6Q gBgSEvpBxC+VyVnmDQ60kZ+79i1GytYu0jOmkqb+EoPMVuSihmfKGq5d/mcPn5Fv DXIAfzslpfGAI0D4Hj2ZvafJXmaYNIhyWsIy72GlZHwrFhJDZNA= =bTh8 -----END PGP SIGNATURE-----