MGASA-2026-0134

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2026-0134.html

Import Source

https://advisories.mageia.org/MGASA-2026-0134.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2026-0134

Upstream

CVE-2026-23479

CVE-2026-23631

CVE-2026-25243

CVE-2026-25588

CVE-2026-25589

Published

2026-05-14T02:43:25Z

Modified

2026-05-14T02:45:27.416872Z

Summary

Updated redis packages fix security vulnerabilities

Details

(CVE-2026-23479) Use-After-Free in unblock client flow may lead to Remote Code Execution. (CVE-2026-25243) Invalid memory access in RESTORE may lead to Remote Code Execution (CVE-2026-23631) Lua Use-After-Free may lead to remote code execution A user can manipulate data read by a connection by injecting \r\n sequences into a Redis error reply

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:9 / redis

Package

Name: redis
Purl: pkg:rpm/mageia/redis?arch=source&distro=mageia-9

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.2.14-1.mga9

Ecosystem specific

{
    "section": "core"
}

Database specific

source

"https://advisories.mageia.org/MGASA-2026-0134.json"