-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 23 Jul 2025 13:01:37 -0700 Source: redis Binary: redis-sentinel redis-server redis-tools redis-tools-dbgsym Architecture: s390x Version: 5:7.0.15-1~deb12u5 Distribution: bookworm-security Urgency: high Maintainer: s390x Build Daemon (zandonai) Changed-By: Chris Lamb Description: redis-sentinel - Persistent key-value database with network interface (monitoring) redis-server - Persistent key-value database with network interface redis-tools - Persistent key-value database with network interface (client) Closes: 1106822 1108975 1108981 Changes: redis (5:7.0.15-1~deb12u5) bookworm-security; urgency=high . * CVE-2025-27151: Fix an stack-based buffer overflow in redis-check-aof caused by the use of memcpy with strlen(filepath) when copying a user-supplied file path into a fixed-size stack buffer. This allowed an attacker to overflow the stack and potentially achieve arbitrary code execution. (Closes: #1106822) * CVE-2025-32023: An authenticated user may have used a specially-crafted string to trigger a stack/heap out-of-bounds write during hyperloglog operations, potentially leading to remote code execution. Installations that used Redis' ACL system to restrict hyperloglog "HLL" commands are unaffected by this issue. (Closes: #1108975) * CVE-2025-48367: An unauthenticated connection could have caused repeated IP protocol errors, leading to client starvation and ultimately become a Denial of Service (DoS) attack. (Closes: #1108981) Checksums-Sha1: d5a212ab016fe0ba182c3c6f30a7de13869d73b4 34252 redis-sentinel_7.0.15-1~deb12u5_s390x.deb c5100b054def31acd630f5e21eaeaa77f20b7bde 73048 redis-server_7.0.15-1~deb12u5_s390x.deb ed4fe77041337b333afd3b8364f76bf039dd605d 2572536 redis-tools-dbgsym_7.0.15-1~deb12u5_s390x.deb bb58c0d9872c5d3a79397be926400ca7ef546be3 888760 redis-tools_7.0.15-1~deb12u5_s390x.deb cdaff6e3d79dafa67f2e0a16976c3c4ba37c4ea7 7611 redis_7.0.15-1~deb12u5_s390x-buildd.buildinfo Checksums-Sha256: ab9c631e7095330adc174b91ea095ba022e81820c3ee5d92ef941483ae150cad 34252 redis-sentinel_7.0.15-1~deb12u5_s390x.deb 3996805793b4bd95ccef9e57e1a022ca6fe917355d99eef7cbc2ffffa43d2838 73048 redis-server_7.0.15-1~deb12u5_s390x.deb 3b75a3601e00459bccf03a4a6cb201f5e3769dffc42b6e5a691230c44862c602 2572536 redis-tools-dbgsym_7.0.15-1~deb12u5_s390x.deb 92b38a70a00efb067cb00be0c768fde83799d119e8abb12e48f1089bcff3376c 888760 redis-tools_7.0.15-1~deb12u5_s390x.deb 3bf542d8d398b8f060e55e67492c05c864fa54eaef5220f4de652c5be1179ebb 7611 redis_7.0.15-1~deb12u5_s390x-buildd.buildinfo Files: 0d168750ff777f9ed71ebdccf83a62d6 34252 database optional redis-sentinel_7.0.15-1~deb12u5_s390x.deb c144741bd3f49fd187a7673d0f3356e7 73048 database optional redis-server_7.0.15-1~deb12u5_s390x.deb 79370a5341503f7972188dbd7a96ebea 2572536 debug optional redis-tools-dbgsym_7.0.15-1~deb12u5_s390x.deb 76678115a6c306ff7f4db91747bd6cc7 888760 database optional redis-tools_7.0.15-1~deb12u5_s390x.deb b0e41d703fc1141172981acf0cd5c859 7611 database optional redis_7.0.15-1~deb12u5_s390x-buildd.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEu0D/YpnnSxv8epH9AKOyQzsWVasFAmiH8EsACgkQAKOyQzsW VavQYBAAnm9OeV22VC5raLQNLlep9o8zsZes4AT5Fi4U/ci5RNA5JDikdGRouMWn krm0ZCAhmT2liLGeZcDHy1VTkvSj6sCDSMwch8mv2EvYrVzjuZMO/6JJYWnsuya+ QyY0dTG+PMJcEl16dOIsbGJ1J/W1wkIILbjOPsxf18H6oYU7GTc1+PhbO3MC0MSa yynly8uMBHWLR2V57rA6XuR15wpvh+IfaDJUVzDZpG7ZZ+eLxWSdKIe+ryrZ2FAr +R08VPiHuhLEkLLB9KZ96iaw6r84Lhwg3k84uDCrnstiMfc63lhZGTRjhidtbQ4/ 9SIikUYg9Xf6kReQRCjqxJLtpqFRGUu0uCG5Aiqf58j2OZL1lJOAo2pqX/wOrGcB 1vmgKASVgCjuGdMS/ExurC85sOYqfpfk3AAo/0CNEt1O+CyIpC04Cu06o257fYrg QSDO7/ArYkddkof+X6mFZbN9JQc90ulQucRmmcLaKLissWmScYmPiuaH9tBD65WN zHhf4cv0kAxRpsdUgY1/WzgWPVA2s2zBb/o3i6oZyTbu9pqUYmie/vGWw0SujpeN wW3Ez1/Y2inIQsMvemFHoKRFLzKAJaBN/DIrkoZF5DRC6kJdvuh5A3fG/am2Zk42 bmzakeyFUT/pNiT0SbBQohdlq+BWvP9cusrE1fSd2YMwOVCJ43M= =B6PD -----END PGP SIGNATURE-----