An update for redis is now available for openEuler-24.03-LTS-SP2,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS-SP3,openEuler-22.03-LTS-SP4,openEuler-24.03-LTS,openEuler-24.03-LTS-SP1 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2025-1850 Final 1.0 1.0 2025-07-18 Initial 2025-07-18 2025-07-18 openEuler SA Tool V1.0 2025-07-18 redis security update An update for redis is now available for openEuler-24.03-LTS-SP2,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS-SP3,openEuler-22.03-LTS-SP4,openEuler-24.03-LTS,openEuler-24.03-LTS-SP1 Redis is an advanced key-value store. It is often referred to as a dattructure server since keys can contain strings, hashes ,lists, sets anorted sets. Security Fix(es): Redis is an open source, in-memory database that persists on disk. From 2.8 to before 8.0.3, 7.4.5, 7.2.10, and 6.2.19, an authenticated user may use a specially crafted string to trigger a stack/heap out of bounds write on hyperloglog operations, potentially leading to remote code execution. The bug likely affects all Redis versions with hyperloglog operations implemented. This vulnerability is fixed in 8.0.3, 7.4.5, 7.2.10, and 6.2.19. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from executing hyperloglog operations. This can be done using ACL to restrict HLL commands.(CVE-2025-32023) Redis is an open source, in-memory database that persists on disk. An unauthenticated connection can cause repeated IP protocol errors, leading to client starvation and, ultimately, a denial of service. This vulnerability is fixed in 8.0.3, 7.4.5, 7.2.10, and 6.2.19.(CVE-2025-48367) An update for redis is now available for master/openEuler-20.03-LTS-SP4/openEuler-22.03-LTS-SP3/openEuler-22.03-LTS-SP4/openEuler-24.03-LTS/openEuler-24.03-LTS-Next/openEuler-24.03-LTS-SP1/openEuler-24.03-LTS-SP2. openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. High redis https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1850 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-32023 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-48367 https://nvd.nist.gov/vuln/detail/CVE-2025-32023 https://nvd.nist.gov/vuln/detail/CVE-2025-48367 openEuler-24.03-LTS-SP2 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS-SP3 openEuler-22.03-LTS-SP4 openEuler-24.03-LTS openEuler-24.03-LTS-SP1 redis-7.2.10-1.oe2403sp2.aarch64.rpm redis-debuginfo-7.2.10-1.oe2403sp2.aarch64.rpm redis-debugsource-7.2.10-1.oe2403sp2.aarch64.rpm redis-7.2.10-1.oe2003sp4.aarch64.rpm redis-debuginfo-7.2.10-1.oe2003sp4.aarch64.rpm redis-debugsource-7.2.10-1.oe2003sp4.aarch64.rpm redis-7.2.10-1.oe2203sp3.aarch64.rpm redis-debuginfo-7.2.10-1.oe2203sp3.aarch64.rpm redis-debugsource-7.2.10-1.oe2203sp3.aarch64.rpm redis-7.2.10-1.oe2203sp4.aarch64.rpm redis-debuginfo-7.2.10-1.oe2203sp4.aarch64.rpm redis-debugsource-7.2.10-1.oe2203sp4.aarch64.rpm redis-7.2.10-1.oe2403.aarch64.rpm redis-debuginfo-7.2.10-1.oe2403.aarch64.rpm redis-debugsource-7.2.10-1.oe2403.aarch64.rpm redis-7.2.10-1.oe2403sp1.aarch64.rpm redis-debuginfo-7.2.10-1.oe2403sp1.aarch64.rpm redis-debugsource-7.2.10-1.oe2403sp1.aarch64.rpm redis-7.2.10-1.oe2403sp2.src.rpm redis-7.2.10-1.oe2003sp4.src.rpm redis-7.2.10-1.oe2203sp3.src.rpm redis-7.2.10-1.oe2203sp4.src.rpm redis-7.2.10-1.oe2403.src.rpm redis-7.2.10-1.oe2403sp1.src.rpm redis-7.2.10-1.oe2403sp2.x86_64.rpm redis-debuginfo-7.2.10-1.oe2403sp2.x86_64.rpm redis-debugsource-7.2.10-1.oe2403sp2.x86_64.rpm redis-7.2.10-1.oe2003sp4.x86_64.rpm redis-debuginfo-7.2.10-1.oe2003sp4.x86_64.rpm redis-debugsource-7.2.10-1.oe2003sp4.x86_64.rpm redis-7.2.10-1.oe2203sp3.x86_64.rpm redis-debuginfo-7.2.10-1.oe2203sp3.x86_64.rpm redis-debugsource-7.2.10-1.oe2203sp3.x86_64.rpm redis-7.2.10-1.oe2203sp4.x86_64.rpm redis-debuginfo-7.2.10-1.oe2203sp4.x86_64.rpm redis-debugsource-7.2.10-1.oe2203sp4.x86_64.rpm redis-7.2.10-1.oe2403.x86_64.rpm redis-debuginfo-7.2.10-1.oe2403.x86_64.rpm redis-debugsource-7.2.10-1.oe2403.x86_64.rpm redis-7.2.10-1.oe2403sp1.x86_64.rpm redis-debuginfo-7.2.10-1.oe2403sp1.x86_64.rpm redis-debugsource-7.2.10-1.oe2403sp1.x86_64.rpm Redis is an open source, in-memory database that persists on disk. From 2.8 to before 8.0.3, 7.4.5, 7.2.10, and 6.2.19, an authenticated user may use a specially crafted string to trigger a stack/heap out of bounds write on hyperloglog operations, potentially leading to remote code execution. The bug likely affects all Redis versions with hyperloglog operations implemented. This vulnerability is fixed in 8.0.3, 7.4.5, 7.2.10, and 6.2.19. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from executing hyperloglog operations. This can be done using ACL to restrict HLL commands. 2025-07-18 CVE-2025-32023 openEuler-24.03-LTS-SP2 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS-SP3 openEuler-22.03-LTS-SP4 openEuler-24.03-LTS openEuler-24.03-LTS-SP1 High 7.0 AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H redis security update 2025-07-18 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1850 Redis is an open source, in-memory database that persists on disk. An unauthenticated connection can cause repeated IP protocol errors, leading to client starvation and, ultimately, a denial of service. This vulnerability is fixed in 8.0.3, 7.4.5, 7.2.10, and 6.2.19. 2025-07-18 CVE-2025-48367 openEuler-24.03-LTS-SP2 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS-SP3 openEuler-22.03-LTS-SP4 openEuler-24.03-LTS openEuler-24.03-LTS-SP1 High 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H redis security update 2025-07-18 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1850