-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 23 Jul 2025 13:01:37 -0700 Source: redis Binary: redis-sentinel redis-server redis-tools redis-tools-dbgsym Architecture: armel Version: 5:7.0.15-1~deb12u5 Distribution: bookworm-security Urgency: high Maintainer: arm Build Daemon (arm-ubc-03) Changed-By: Chris Lamb Description: redis-sentinel - Persistent key-value database with network interface (monitoring) redis-server - Persistent key-value database with network interface redis-tools - Persistent key-value database with network interface (client) Closes: 1106822 1108975 1108981 Changes: redis (5:7.0.15-1~deb12u5) bookworm-security; urgency=high . * CVE-2025-27151: Fix an stack-based buffer overflow in redis-check-aof caused by the use of memcpy with strlen(filepath) when copying a user-supplied file path into a fixed-size stack buffer. This allowed an attacker to overflow the stack and potentially achieve arbitrary code execution. (Closes: #1106822) * CVE-2025-32023: An authenticated user may have used a specially-crafted string to trigger a stack/heap out-of-bounds write during hyperloglog operations, potentially leading to remote code execution. Installations that used Redis' ACL system to restrict hyperloglog "HLL" commands are unaffected by this issue. (Closes: #1108975) * CVE-2025-48367: An unauthenticated connection could have caused repeated IP protocol errors, leading to client starvation and ultimately become a Denial of Service (DoS) attack. (Closes: #1108981) Checksums-Sha1: 3818db2782768c9207ff6316a134d0644391af51 34252 redis-sentinel_7.0.15-1~deb12u5_armel.deb f788b616b920f0f73a507f95d4bae7940ea39ecb 73048 redis-server_7.0.15-1~deb12u5_armel.deb 020bc4119958fb731eece953471c556dadb94b40 2587736 redis-tools-dbgsym_7.0.15-1~deb12u5_armel.deb d3365de3d834d3a720cf9a08ae776f9f3709bd7c 834152 redis-tools_7.0.15-1~deb12u5_armel.deb 6ea7b45b636d95f2888b92e2ee35aed802d24c69 7581 redis_7.0.15-1~deb12u5_armel-buildd.buildinfo Checksums-Sha256: 55a4220f40155e84ddfd2dac920aaef721c6896d3c07d1470c78e9f3df3f5c43 34252 redis-sentinel_7.0.15-1~deb12u5_armel.deb f0fa5aa1caa966d869fa4643e3e3cc832faec80ffef6953689d01342bb32dc0d 73048 redis-server_7.0.15-1~deb12u5_armel.deb bd6e55039d44cb97673ce398b6a81469bab243703b2d0d137aca76c85c4b1af0 2587736 redis-tools-dbgsym_7.0.15-1~deb12u5_armel.deb cd9163fd13754e2a9838cd145cfe6603fe6f3a420b36dd7cc6eaa6ae0accde4e 834152 redis-tools_7.0.15-1~deb12u5_armel.deb 5fdb5e20696b2bbeb96a7c0879679c7c42cc0ee959df1a60f697994181f0b2df 7581 redis_7.0.15-1~deb12u5_armel-buildd.buildinfo Files: 7377a7c5b4bf295205dcbcb095524e61 34252 database optional redis-sentinel_7.0.15-1~deb12u5_armel.deb 9d5680bde346589b203a7f756f397bc6 73048 database optional redis-server_7.0.15-1~deb12u5_armel.deb e77cdcb625463303c3de56f28c6d63b4 2587736 debug optional redis-tools-dbgsym_7.0.15-1~deb12u5_armel.deb 531505d140be5f6d804961c7cc955520 834152 database optional redis-tools_7.0.15-1~deb12u5_armel.deb 79100c7cdbd886c607d37eaad7cfd48d 7581 database optional redis_7.0.15-1~deb12u5_armel-buildd.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEENsdrABvTD8MQ0UffVza3l394K2AFAmiIAGwACgkQVza3l394 K2BNRg/+KoVlOMLUbC1D7ryRi4VMwWMC1LOTdvOk9le6PCLqEipvY55YyWQbIIJM v/PWuXvmrX6iqEJqR4F0gIxX0qGEPN8GPELjdRmKXLT8k8E09IEWrZkY//5KojXL q+doRsLXLel9Vw84xAM5YXYKwQv2nT81EJUY/uCIa5lD+LyjwblzHcLGO4SVscUW kxGYJNwqmS60X6mhKraomFmdxRebz8vcaiCLciETD5/GI1l5FuOmiqngFfyi1bwt F60ttXvquIt5KRObhrPD4/ujEEYa77FWaVKk/czUCio7yOALOaUuD1xqteXQRlfp fkh+2pUsifRnXPM3dLBWYTVbDhAcRHJQv9ugIgeFSm6IFnSrpakSerERDASa0FnT jY3Gf4CIzL1QQTT2wcja7lwIJHTxoA7DZYcX72VAMqzk9fZOU/uyEKBQ5Yn28yZO E7CjcHaUewm1pG02OZt6UN6lDs5Rc93egtN2ljTQoccfGBxCEbOgz50GvO+5ntIs rVbCkhy/c38oO5x1FS/qJl6t5XxgjgJhmR/cyYteOcv0zxodg2IIzUBgU8H1y6QE uNXmqKPayHdYokQvjdEG1wSsA8I9/AQeIqXjJ9Y5pDawOoioVNEo9nheOREeB3xu MX7hertcHhCLjB+mLmiC+w0vwZzQGZ0BxB2GbnvXcuTQLJKZvxM= =MuiV -----END PGP SIGNATURE-----