Amazon Linux 2023 Security Advisory: ALAS-2025-818
Advisory Release Date: 2025-01-21 23:11 Pacific
Advisory Updated Date: 2025-01-24 13:15 Pacific
Severity:
Important
Issue Overview:
Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to manipulate the garbage collector and potentially lead to remote code execution. The problem is fixed in 7.4.2, 7.2.7, and 6.2.17. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from executing Lua scripts. This can be done using ACL to restrict EVAL and EVALSHA commands. (CVE-2024-46981)
Affected Packages:
redis6
Issue Correction:
Run dnf update redis6 --releasever 2023.6.20250123 to update your system.
New Packages:
aarch64:
redis6-devel-6.2.14-2.amzn2023.0.2.aarch64
redis6-debuginfo-6.2.14-2.amzn2023.0.2.aarch64
redis6-debugsource-6.2.14-2.amzn2023.0.2.aarch64
redis6-6.2.14-2.amzn2023.0.2.aarch64
noarch:
redis6-doc-6.2.14-2.amzn2023.0.2.noarch
src:
redis6-6.2.14-2.amzn2023.0.2.src
x86_64:
redis6-debuginfo-6.2.14-2.amzn2023.0.2.x86_64
redis6-devel-6.2.14-2.amzn2023.0.2.x86_64
redis6-6.2.14-2.amzn2023.0.2.x86_64
redis6-debugsource-6.2.14-2.amzn2023.0.2.x86_64