35514 – redis new security issues CVE-2026-23479, CVE-2026-23631, CVE-2026-25243, CVE-2026-25588, CVE-2026-25589

Bug 35514 - redis new security issues CVE-2026-23479, CVE-2026-23631, CVE-2026-25243, CVE-2026-25588, CVE-2026-25589

Summary: redis new security issues CVE-2026-23479, CVE-2026-23631, CVE-2026-25243, CVE...

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	9
Hardware:	All Linux

Priority:	Normal Severity: normal
Target Milestone:	---
Assignee:	QA Team
QA Contact:	Sec team

URL:
Whiteboard:	MGA9-64-OK
Keywords:	advisory, validated_update

Depends on:
Blocks:

Reported:	2026-05-11 16:26 CEST by Nicolas Salguero
Modified:	2026-05-14 04:44 CEST (History)
CC List:	4 users (show)

See Also:
Source RPM:	redis-7.2.12-1.mga9.src.rpm
CVE:	CVE-2026-23479, CVE-2026-23631, CVE-2026-25243, CVE-2026-25588, CVE-2026-25589
Status comment:

Flags:	herman.viaene: test_passed_mga9_64+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Nicolas Salguero 2026-05-11 16:26:17 CEST

Reference:
https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/CVOEZ7I2TIPXYBFA4UYY5GI5Q4VOAD7C/

Nicolas Salguero 2026-05-11 16:27:04 CEST

Status comment: (none) => Fixed upstream in 8.6.3
Flags: (none) => affects_mga9+
CVE: (none) => CVE-2026-23479, CVE-2026-23631, CVE-2026-25243, CVE-2026-25588, CVE-2026-25589
Whiteboard: (none) => MGA9TOO
Source RPM: (none) => redis-8.6.2-1.mga10.src.rpm, redis-8.6.0-1.mga10.src.rpm, redis-7.2.12-1.mga9.src.rpm

Comment 1 Lewis Smith 2026-05-12 21:36:39 CEST

This is definitely for you, Marc.
We have thanks to you 8.6.2 in Cauldron.

Assignee: bugsquad => mageia

Comment 2 Marc Krämer 2026-05-12 23:39:04 CEST

Updated redis package to the latest version which fixes the following issues:


- (CVE-2026-23479) Use-After-Free in unblock client flow may lead to Remote Code Execution.
- (CVE-2026-25243) Invalid memory access in RESTORE may lead to Remote Code Execution
- (CVE-2026-23631) Lua Use-After-Free may lead to remote code execution
- A user can manipulate data read by a connection by injecting \r\n sequences into a Redis error reply

References:
https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/CVOEZ7I2TIPXYBFA4UYY5GI5Q4VOAD7C/

https://github.com/redis/redis/releases/tag/7.2.13
https://github.com/redis/redis/releases/tag/7.2.14


Files in core/updates_testing:
redis-7.2.14-1.mga9
redis-debuginfo-7.2.14-1.mga9
redis-debugsource-7.2.14-1.mga9


SRPM:
redis-7.2.14-1.mga9.src.rpm

Assignee: mageia => qa-bugs

PC LX 2026-05-13 00:04:22 CEST

CC: (none) => mageia

Nicolas Salguero 2026-05-13 08:13:30 CEST

Version: Cauldron => 9
Flags: affects_mga9+ => (none)
Source RPM: redis-8.6.2-1.mga10.src.rpm, redis-8.6.0-1.mga10.src.rpm, redis-7.2.12-1.mga9.src.rpm => redis-7.2.12-1.mga9.src.rpm
Status comment: Fixed upstream in 8.6.3 => (none)
Whiteboard: MGA9TOO => (none)

Comment 3 PC LX 2026-05-13 10:09:46 CEST

Installed and tested without issues.

Tested:
- unix socket only;
- systemd hardening;
- latency test (min: 0, max: 1, avg: 0.17);
- PHP scripts using php-redis extension;
- Qt applications.
All OK. No issues noticed.



System: Mageia 9, x86_64, Intel(R) Core(TM) i5-4590 CPU @ 3.30GHz.



$ uname -a
Linux marte 6.6.138-server-1.mga9 #1 SMP PREEMPT_DYNAMIC Fri May  8 16:15:17 UTC 2026 x86_64 GNU/Linux
$ rpm -q redis
redis-7.2.14-1.mga9
$ systemctl status redis
● redis.service - Redis persistent key-value database
     Loaded: loaded (/etc/systemd/system/redis.service; enabled; preset: disabled)
    Drop-In: /usr/lib/systemd/system/redis.service.d
             └─limit.conf
             /etc/systemd/system/redis.service.d
             └─override.conf
     Active: active (running) since Tue 2026-05-12 23:05:17 WEST; 10h ago
   Main PID: 920255 (redis-server)
      Tasks: 6 (limit: 18732)
     Memory: 5.9M
        CPU: 1min 25.878s
     CGroup: /system.slice/redis.service
             └─920255 "/usr/bin/redis-server unixsocket:/run/redis/redis.sock"

<SNIP>
$ cat /etc/systemd/system/redis.service.d/override.conf 
[Service]
Restart=always
RestartSec=5

PrivateNetwork=yes
PrivateUsers=yes
PrivateTmp=yes
PrivateDevices=yes
DevicePolicy=closed
DeviceAllow=

UMask=0007
NoNewPrivileges=yes
LockPersonality=yes
MemoryDenyWriteExecute=true
RemoveIPC=yes

RestrictRealtime=yes
RestrictSUIDSGID=yes
RestrictNamespaces=yes
RestrictAddressFamilies=AF_UNIX
IPAddressDeny=any

SystemCallArchitectures=native
SystemCallFilter=@known
SystemCallFilter=~ @chown @clock @cpu-emulation @keyring @module @mount @obsolete @pkey @reboot @resources @setuid @swap @debug @privileged

ProcSubset=pid
ProtectProc=invisible
ProtectHome=yes
ProtectHostname=yes
ProtectKernelLogs=yes
ProtectClock=yes
ProtectControlGroups=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
ProtectSystem=strict

AmbientCapabilities=
CapabilityBoundingSet=

StateDirectory=redis
RuntimeDirectory=redis
LogsDirectory=redis

Comment 4 Herman Viaene 2026-05-13 16:04:46 CEST

MGA9-64  server Plasma Wayland on Compaq H000SB.
No installation issues. 
Ref bug 34650
# systemctl start redis
[root@mach3 ~]# systemctl -l status redis
● redis.service - Redis persistent key-value database
     Loaded: loaded (/usr/lib/systemd/system/redis.service; disabled; preset: disabled)
    Drop-In: /usr/lib/systemd/system/redis.service.d
             └─limit.conf
     Active: active (running) since Wed 2026-05-13 15:40:13 CEST; 24s ago
   Main PID: 40138 (redis-server)
      Tasks: 6 (limit: 8728)
     Memory: 2.8M
        CPU: 137ms
     CGroup: /system.slice/redis.service
             └─40138 "/usr/bin/redis-server 127.0.0.1:6379"

May 13 15:40:13 mach3.hviaene.thuis systemd[1]: Started redis.service.
Similar results with ntopng as in bug 34650

$ cd Documents/
$ redis-cli < redistutorial
OK
"pluto"
OK
(integer) 8
(integer) 9
"9"
(integer) 1
(integer) 1
OK
(integer) 1
(integer) 40
(integer) 40
(integer) 40
OK
(integer) 7
(integer) 8
(integer) 9
1) "David"
2) "David"
3) "David"
4) "Suzy"
5) "Zack"
6) "Suzy"
7) "Zack"
8) "Suzy"
9) "Zack"
1) "David"
2) "David"
1) "David"
2) "David"
Looks all OK

Flags: (none) => test_passed_mga9_64+
CC: (none) => herman.viaene
Whiteboard: (none) => MGA9-64-OK

katnatek 2026-05-14 01:09:39 CEST

Keywords: (none) => advisory

Comment 5 Thomas Andrews 2026-05-14 02:57:56 CEST

Validating.

CC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => validated_update

Comment 6 Mageia Robot 2026-05-14 04:44:41 CEST

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2026-0134.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED

Note You need to log in before you can comment on or make changes to this bug.