kekepower is the active maintainer of this package, so assigning this update to you. You did version 6.2.6 and loads of previous ones.

Assignee: bugsquad => smelror

openSUSE has issued an advisory for this on May 25:
https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NERGELOQ43TXPK5SCGTMYFI4KDXITL74/

Suggested advisory:
========================

The updated package fixes security vulnerabilities:

Redis is an in-memory database that persists on disk. By exploiting weaknesses in the Lua script execution environment, an attacker with access to Redis prior to version 7.0.0 or 6.2.7 can inject Lua code that will execute with the (potentially higher) privileges of another Redis user. The Lua script execution environment in Redis provides some measures that prevent a script from creating side effects that persist and can affect the execution of the same, or different script, at a later time. Several weaknesses of these measures have been publicly known for a long time, but they had no security impact as the Redis security model did not endorse the concept of users or privileges. With the introduction of ACLs in Redis 6.0, these weaknesses can be exploited by a less privileged users to inject Lua code that will execute at a later time, when a privileged user executes a Lua script. The problem is fixed in Redis versions 7.0.0 and 6.2.7. An additional workaround to mitigate this problem without patching the redis-server executable, if Lua scripting is not being used, is to block access to `SCRIPT LOAD` and `EVAL` commands using ACL rules. (CVE-2022-24735)

Redis is an in-memory database that persists on disk. Prior to versions 6.2.7 and 7.0.0, an attacker attempting to load a specially crafted Lua script can cause NULL pointer dereference which will result with a crash of the redis-server process. The problem is fixed in Redis versions 7.0.0 and 6.2.7. An additional workaround to mitigate this problem without patching the redis-server executable, if Lua scripting is not being used, is to block access to `SCRIPT LOAD` and `EVAL` commands using ACL rules. (CVE-2022-24736)

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24735
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24736
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/VPYKSG7LKUJGVM2P72EHXKVRVRWHLORX/
https://github.com/redis/redis/security/advisories/GHSA-647m-2wmq-qmvq
https://github.com/redis/redis/security/advisories/GHSA-3qpw-7686-5984
https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NERGELOQ43TXPK5SCGTMYFI4KDXITL74/
========================

Updated package in core/updates_testing:
========================
redis-6.0.16-1.1.mga8

from SRPM:
redis-6.0.16-1.1.mga8.src.rpm

Assignee: smelror => qa-bugs
Whiteboard: MGA8TOO => (none)
CC: (none) => nicolas.salguero
Source RPM: redis-6.2.6-2.mga9.src.rpm => redis-6.0.16-1.mga8.src.rpm
Status comment: Fixed upstream in 6.2.7 => (none)
Status: NEW => ASSIGNED
Version: Cauldron => 8

mga8, x64
Installed current version and started the redis service:
status = Started Redis persistent key-value database.

There is some analysis of the problems covered by the CVEs at https://github.com/redis/redis/pull/10651.  It looks like somebody with knowledge of lua could run the tests in interactive mode.
Referred to tutorial script on bug 24042.
$ cat tutorial
GET server:name
set connections 7
incr connections 
incr connections
get connections
del connections
incr connections
set resource:lock "Redis Demo 1"
expire resource:lock 40
ttl resource:lock
ttl resource:lock
ttl resource:lock
set resource:lock "Demo 2"
rpush friends "Sukie"
rpush friends "Zack"
lpush friends "Polly"
lrange friends 0 -1
lrange friends 0 1
lrange friends 1 2
exit

$ redis-cli < tutorial
That returned expected results.
Updated the redis package from testing and restarted the server.
$ redis-cli < tutorial
OK
"rapunzel"
OK
(integer) 8
(integer) 9
"9"
(integer) 1
(integer) 1
OK
(integer) 1
(integer) 40
(integer) 40
(integer) 40
OK
(integer) 4
(integer) 5
(integer) 6
1) "Polly"
2) "Polly"
3) "Sukie"
4) "Zack"
5) "Sukie"
6) "Zack"
1) "Polly"
2) "Polly"
1) "Polly"
2) "Sukie"

As before.  Another minimal test but hope it serves.
$ urpmq --whatrequires redis
ntopng
redis

Installed ntopng and ran it in the simplest way possible to monitor the local ethernet connection.
$ ntopng -i enp3s0
<specimen output>
18/Sep/2022 17:09:27 [startup.lua:144] [lists_utils.lua:411] Updating list 'Emerging Threats' [https://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt]... OK
18/Sep/2022 17:09:27 [startup.lua:144] [lists_utils.lua:411] Updating list 'Feodo Tracker Botnet C2 IP Blocklist' [https://feodotracker.abuse.ch/downloads/ipblocklist.txt]... OK
18/Sep/2022 17:09:28 [startup.lua:144] [lists_utils.lua:411] Updating list 'NoCoin Filter List' [https://raw.githubusercontent.com/hoshsadiq/adblock-nocoin-list/master/hosts.txt]... OK
18/Sep/2022 17:09:28 [startup.lua:144] [lists_utils.lua:411] Updating list 'SSLBL Botnet C2 IP Blacklist' [https://sslbl.abuse.ch/blacklist/sslipblacklist.txt]... OK

Closed down using Ctrl-C.
# strace -o ntopng.trace ntopng -i enp3s0
# grep redis ntopng.trace
openat(AT_FDCWD, "/lib64/libhiredis.so.0.13", O_RDONLY|O_CLOEXEC) = 3
read(8, "$3707\r\n# Server\r\nredis_version:6"..., 16384) = 3716
read(9, "$3708\r\n# Server\r\nredis_version:6"..., 16384) = 3717
read(10, " inconsistent redis state as:\n  "..., 4096) = 2666
stat("/var/lib/ntopng/plugins0/callbacks/system/system/redis_monitor.lua", {st_mode=S_IFREG|0600, st_size=3639, ...}) = 0
.........

resis is being used successfully by the looks of  that.

Whiteboard: (none) => MGA8-64-OK
CC: (none) => tarazed25

Validating. Advisory in Comment 3.

CC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => validated_update

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2022-0339.html

Resolution: (none) => FIXED
Status: ASSIGNED => RESOLVED