ELA-1420-1 redis security update

remote DoS

2025-05-12
Packageredis
Version2:2.8.17-1+deb8u15 (jessie), 3:3.2.6-3+deb9u15 (stretch), 5:5.0.14-1+deb10u8 (buster)
Related CVEs CVE-2025-21605


Unlimited output buffer for unauthenticated clients has been fixed in the key–value database Redis.



For Debian 10 buster, these problems have been fixed in version 5:5.0.14-1+deb10u8.

For Debian 8 jessie, these problems have been fixed in version 2:2.8.17-1+deb8u15.

For Debian 9 stretch, these problems have been fixed in version 3:3.2.6-3+deb9u15.

We recommend that you upgrade your redis packages.

Further information about Extended LTS security advisories can be found in the dedicated section of our website.