{"id":"OESA-2026-1063","summary":"redis6 security update","details":"Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing set intersection, union and difference; or getting the member with highest ranking in a sorted set. In order to achieve its outstanding performance, Redis works with an in-memory dataset. Depending on your use case, you can persist it either by dumping the dataset to disk every once in a while, or by appending each command to a log. Redis also supports trivial-to-setup master-slave replication, with very fast non-blocking first synchronization, auto-reconnection on net split and so forth. Other features include Transactions, Pub/Sub, Lua scripting, Keys with a limited time-to-live, and configuration settings to make Redis behave like a cache. You can use Redis from most programming languages also.\r\n\r\nSecurity Fix(es):\n\nAn authenticated user may use a specially crafted Lua script to manipulate the garbage collector, trigger a use-after-free and potentially lead to remote code execution. The problem exists in all versions of Redis with Lua scripting.(CVE-2025-49844)","modified":"2026-01-16T12:30:14.634399Z","published":"2026-01-16T11:57:25Z","upstream":["CVE-2025-49844"],"database_specific":{"severity":"Critical"},"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1063"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-49844"}],"affected":[{"package":{"name":"redis6","ecosystem":"openEuler:24.03-LTS-SP2","purl":"pkg:rpm/openEuler/redis6&distro=openEuler-24.03-LTS-SP2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"6.2.7-6.oe2403sp2"}]}],"ecosystem_specific":{"noarch":["redis6-doc-6.2.7-6.oe2403sp2.noarch.rpm"],"aarch64":["redis6-6.2.7-6.oe2403sp2.aarch64.rpm","redis6-debuginfo-6.2.7-6.oe2403sp2.aarch64.rpm","redis6-debugsource-6.2.7-6.oe2403sp2.aarch64.rpm","redis6-devel-6.2.7-6.oe2403sp2.aarch64.rpm"],"x86_64":["redis6-6.2.7-6.oe2403sp2.x86_64.rpm","redis6-debuginfo-6.2.7-6.oe2403sp2.x86_64.rpm","redis6-debugsource-6.2.7-6.oe2403sp2.x86_64.rpm","redis6-devel-6.2.7-6.oe2403sp2.x86_64.rpm"],"src":["redis6-6.2.7-6.oe2403sp2.src.rpm"]},"database_specific":{"source":"https://repo.openeuler.org/security/data/osv/OESA-2026-1063.json"}}],"schema_version":"1.7.3"}