{"affected":[{"ecosystem_specific":{"binaries":[{"redis":"8.2.0-bp160.1.3"}]},"package":{"ecosystem":"openSUSE:Leap 16.0","name":"redis","purl":"pkg:rpm/opensuse/redis&distro=openSUSE%20Leap%2016.0"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"8.2.0-bp160.1.3"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for redis fixes the following issues:\n\n- Updated to 8.2.3 (boo#1252996 CVE-2025-62507)\n  * https://github.com/redis/redis/releases/tag/8.2.3\n  - Security fixes\n    - (CVE-2025-62507) Bug in `XACKDEL` may lead to stack overflow\n      and potential RCE\n  - Bug fixes\n    - `HGETEX`: A missing `numfields` argument when `FIELDS` is\n      used can lead to Redis crash\n    - An overflow in `HyperLogLog` with 2GB+ entries may result in\n      a Redis crash\n    - Cuckoo filter - Division by zero in Cuckoo filter insertion\n    - Cuckoo filter - Counter overflow\n    - Bloom filter - Arbitrary memory read/write with invalid\n      filter\n    - Bloom filter - Out-of-bounds access with empty chain\n    - Top-k - Out-of-bounds access\n    - Bloom filter - Restore invalid filter [We thank AWS security\n      for responsibly disclosing the security bug]\n\n- Updated to 8.2.2 (boo#1250995)\n  * https://github.com/redis/redis/releases/tag/8.2.2\n  * Fixed Lua script may lead to remote code execution (CVE-2025-49844).\n  * Fixed Lua script may lead to integer overflow (CVE-2025-46817).\n  * Fixed Lua script can be executed in the context of another user\n    (CVE-2025-46818).\n  * Fixed LUA out-of-bound read (CVE-2025-46819).\n  * Fixed potential crash on Lua script or streams and HFE defrag.\n  * Fixed potential crash when using ACL rules.\n  * Added VSIM: new EPSILON argument to specify maximum distance.\n  * Added SVS-VAMANA: allow use of BUILD_INTEL_SVS_OPT flag.\n  * Added RESP3 serialization performance.\n  * Added INFO SEARCH: new SVS-VAMANA metrics.\n\n- Updated to 8.2.1\n  * https://github.com/redis/redis/releases/tag/8.2.1\n  - Bug fixes\n    * #14240 INFO KEYSIZES - potential incorrect histogram updates\n      on cluster mode with modules\n    * #14274 Disable Active Defrag during flushing replica\n    * #14276 XADD or XTRIM can crash the server after loading RDB\n    * #Q6601 Potential crash when running FLUSHDB (MOD-10681)\n  * Performance and resource utilization\n    * Query Engine - LeanVec and LVQ proprietary Intel\n      optimizations were removed from Redis Open Source\n    * #Q6621 Fix regression in INFO (MOD-10779)\n","id":"openSUSE-SU-2025-20121-1","modified":"2025-11-27T15:53:18Z","published":"2025-11-27T15:53:18Z","references":[{"type":"ADVISORY","url":null},{"type":"REPORT","url":"https://bugzilla.suse.com/1250995"},{"type":"REPORT","url":"https://bugzilla.suse.com/1252996"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-46817"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-46818"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-46819"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-49844"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-62507"}],"related":["CVE-2025-46817","CVE-2025-46818","CVE-2025-46819","CVE-2025-49844","CVE-2025-62507"],"summary":"Security update for redis","upstream":["CVE-2025-46817","CVE-2025-46818","CVE-2025-46819","CVE-2025-49844","CVE-2025-62507"]}