-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-8e2eddc063 2025-07-25 01:03:41.741398+00:00 -------------------------------------------------------------------------------- Name : valkey Product : Fedora 42 Version : 8.0.4 Release : 1.fc42 URL : https://valkey.io Summary : A persistent key-value database Description : Valkey is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing set intersection, union and difference; or getting the member with highest ranking in a sorted set. In order to achieve its outstanding performance, Valkey works with an in-memory dataset. Depending on your use case, you can persist it either by dumping the dataset to disk every once in a while, or by appending each command to a log. Valkey also supports trivial-to-setup master-slave replication, with very fast non-blocking first synchronization, auto-reconnection on net split and so forth. Other features include Transactions, Pub/Sub, Lua scripting, Keys with a limited time-to-live, and configuration settings to make Valkey behave like a cache. You can use Valkey from most programming languages also. -------------------------------------------------------------------------------- Update Information: Valkey 8.0.4 - Released Mon 07 July 2025 Upgrade urgency SECURITY: This release includes security fixes we recommend you apply as soon as possible. Security fixes CVE-2025-32023 prevent out-of-bounds write during hyperloglog operations (#2146) CVE-2025-48367 retry accept on transient errors (#2315) Security fixes backported from 8.1.2 CVE-2025-27151 Check length of AOF file name in valkey-check-aof (#2146) -------------------------------------------------------------------------------- ChangeLog: * Wed Jul 16 2025 Remi Collet <remi@xxxxxxxxxxxxxxxxx> - 8.0.4-1 - update to 8.0.4 fixes CVE-2025-27151 CVE-2025-48367 and CVE-2025-32023 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2380113 - CVE-2025-27151 valkey: Redis Stack Buffer Overflow [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2380113 [ 2 ] Bug #2380116 - CVE-2025-48367 valkey: Redis Unauthenticated Denial of Service [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2380116 [ 3 ] Bug #2380118 - CVE-2025-32023 valkey: Redis Hyperloglog Out-of-Bounds Write Vulnerability [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2380118 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-8e2eddc063' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- package-announce@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to package-announce-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-announce@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
