-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 23 Jul 2025 13:01:37 -0700 Source: redis Binary: redis-sentinel redis-server redis-tools redis-tools-dbgsym Architecture: armhf Version: 5:7.0.15-1~deb12u5 Distribution: bookworm-security Urgency: high Maintainer: arm Build Daemon (arm-ubc-05) Changed-By: Chris Lamb Description: redis-sentinel - Persistent key-value database with network interface (monitoring) redis-server - Persistent key-value database with network interface redis-tools - Persistent key-value database with network interface (client) Closes: 1106822 1108975 1108981 Changes: redis (5:7.0.15-1~deb12u5) bookworm-security; urgency=high . * CVE-2025-27151: Fix an stack-based buffer overflow in redis-check-aof caused by the use of memcpy with strlen(filepath) when copying a user-supplied file path into a fixed-size stack buffer. This allowed an attacker to overflow the stack and potentially achieve arbitrary code execution. (Closes: #1106822) * CVE-2025-32023: An authenticated user may have used a specially-crafted string to trigger a stack/heap out-of-bounds write during hyperloglog operations, potentially leading to remote code execution. Installations that used Redis' ACL system to restrict hyperloglog "HLL" commands are unaffected by this issue. (Closes: #1108975) * CVE-2025-48367: An unauthenticated connection could have caused repeated IP protocol errors, leading to client starvation and ultimately become a Denial of Service (DoS) attack. (Closes: #1108981) Checksums-Sha1: 17a645070ff0f2e07e324c578ee890e39cba3e53 34252 redis-sentinel_7.0.15-1~deb12u5_armhf.deb 1b1680f029742c3c3c1317c0c29ea434d7686dc9 73048 redis-server_7.0.15-1~deb12u5_armhf.deb 43e68786662ff734f43fe4f21170923c87aff0ab 2607656 redis-tools-dbgsym_7.0.15-1~deb12u5_armhf.deb 2a23aae91b9910e02f33f5f81e2c75a1dfaac53e 841488 redis-tools_7.0.15-1~deb12u5_armhf.deb a6b26523b85cbf4e91b9179e65bea77a7e65d3bc 7583 redis_7.0.15-1~deb12u5_armhf-buildd.buildinfo Checksums-Sha256: c1a698c884053a9a6df462f1e0bbed5f8d1561a1e334c4b908c5714c7a85b875 34252 redis-sentinel_7.0.15-1~deb12u5_armhf.deb bc3fbd04e65ea26fb199d74d84c5d5a7be1a5b70254366d2fd6ae79cf63a3fe1 73048 redis-server_7.0.15-1~deb12u5_armhf.deb 91b6b0138e83bdca2eb9929a2edd26a1504fa00339679b4fdc1b36415033839c 2607656 redis-tools-dbgsym_7.0.15-1~deb12u5_armhf.deb 96c6e4811bbcc4e92840cf5bd6c034e30a5017a9884a60d22266da372e78bf32 841488 redis-tools_7.0.15-1~deb12u5_armhf.deb 101014a2e8046be8cfe3248ac84a5df5a5a51b3aaa60bf3baaaf04bb06da1a98 7583 redis_7.0.15-1~deb12u5_armhf-buildd.buildinfo Files: 7490c0ac3488408547723a07dc994a4e 34252 database optional redis-sentinel_7.0.15-1~deb12u5_armhf.deb 0279ace5a214dc3e8d001505469310d8 73048 database optional redis-server_7.0.15-1~deb12u5_armhf.deb cfb5c12f5111d057385cdef9dfa7dfee 2607656 debug optional redis-tools-dbgsym_7.0.15-1~deb12u5_armhf.deb f0b400520752e8eacedaca5895fb2ec7 841488 database optional redis-tools_7.0.15-1~deb12u5_armhf.deb 1c86e59bb5c1a9dee8b59ac91367ba1a 7583 database optional redis_7.0.15-1~deb12u5_armhf-buildd.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEiIG3Q3DxwDgRKKeyLRECdjCZQkcFAmiH/I8ACgkQLRECdjCZ QkcNaA/9E5Cwev2nJRXPlEP20WN15Fye2OuZAxSuRiZGKxsqLR0IlUv5PfOrMxLp BN8hqkdQC0MpQaHOQQCysSdGN5ivFgZSKTT7R5jwIQPfGdIA0WJG1ADJJEKApfMr CkgvE60u3sTzC8SLKqUNxgHMCbWV21zPT88rfTX2GDwubF/+mDtSYB5sOiJImod9 EPbwQeHvznbxsXlC6YND+FcHmdBGKzryVrKvM2f39D+ybksAz0duExDOsYfNid8y u9KoVpnfREtMzdjJGt8RtGNsYVbWWrfbEK5+fwZyaKi8y+fumLQqumbPHqzNMsGl TGNNsgX3UexUpQtN0WFlIC3L1PPq9pP7TOH8RgFZ2CS1nmZE2dcBc5px/fBE72XG ePjoy6JVJtRPfb2RupyIBoDYJMnLN0K/v5ZPfyvHZnt+nL8ySmZ/JcNELrNXJqww 4OEgGLJ/fnm063LgSAPrEFqrFZsY4bxHmekYYuivALj2fl+nZg8ccyc6Q6Nl9zo/ Sah7GqE6pXJ9hmg82l+r6qPaB9djrPMfhwsvabxI9vzwPCTsnvky9CiKcypLjghy GEC/Gq+oZWX0qaPlo2FThhBDfp33h9Lnr5IhYFhg/NJ7gz8kIM0DRz8d8OVIXqCs yLq9NoJ5c+XluVfX28PjrRJHKJB+jQaZJOqEJiUHYBizcy2FliA= =tU4y -----END PGP SIGNATURE-----