{"id":"MGASA-2025-0211","summary":"Updated redis packages fix security vulnerabilities","details":"Updated redis packages to a more recent version to fix security\nvulnerabilities:\nSome vulnerabilities have been discovered and fixed.\nPlease note this update is from 7.0 to 7.2 which brings some potentially\nbreaking changes. In most cases this update could be installed without\nproblems.\nPotentially Breaking / Behavior Changes:\n* Client side tracking for scripts now tracks the keys that are read by\n  the script instead of the keys that are declared by the caller of EVAL /\n  FCALL (#11770)\n* Freeze time sampling during command execution and in scripts (#10300)\n* When a blocked command is being unblocked, checks like ACL, OOM, etc\n  are re-evaluated (#11012)\n* Unify ACL failure error message text and error codes (#11160)\n* Blocked stream command that's released when key no longer exists\n  carries a different error code (#11012)\n* Command stats are updated for blocked commands only when / if the\n  command actually executes (#11012)\n* The way ACL users are stored internally no longer removes redundant\n  command and category rules, which may alter the way those rules are\n  displayed as part of `ACL SAVE`, `ACL GETUSER` and `ACL LIST` (#11224)\n* Client connections created for TLS-based replication use SNI if\n  possible (#11458)\n* Stream consumers: Re-purpose seen-time, add active-time (#11099)\n* XREADGROUP and X[AUTO]CLAIM create the consumer regardless of whether\n  it was able to perform some reading/claiming (#11099)\n* ACL default newly created user set sanitize-payload flag in ACL\n  LIST/GETUSER #11279\n* Fix HELLO command not to affect the client state unless successful\n  (#11659)\n* Normalize `NAN` in replies to a single nan type, like we do with `inf`\n  (#11597)\n* Cluster SHARD IDs are no longer visible in the cluster nodes output,\n  introduced in 7.2-RC1. (#10536, #12166)\n* When calling PUBLISH with a RESP3 client that's also subscribed to the\n  same channel, the order is changed and the reply is sent before the\n  published message (#12326)\n","modified":"2026-04-16T00:11:31.034993563Z","published":"2025-07-19T17:55:11Z","upstream":["CVE-2023-41056","CVE-2025-27151","CVE-2025-32023","CVE-2025-48367"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2025-0211.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=34452"},{"type":"WEB","url":"https://github.com/redis/redis/releases/tag/7.2.10"}],"affected":[{"package":{"name":"redis","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/redis?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"7.2.10-1.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2025-0211.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}