{"id":"RLSA-2025:7509","summary":"Important: valkey security update","details":"Valkey is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets.  You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing set intersection, union and difference; or getting the member with highest ranking in a sorted set.  In order to achieve its outstanding performance, Valkey works with an in-memory dataset. Depending on your use case, you can persist it either by dumping the dataset to disk every once in a while, or by appending each command to a log.  Valkey also supports trivial-to-setup master-slave replication, with very fast non-blocking first synchronization, auto-reconnection on net split and so forth.  Other features include Transactions, Pub/Sub, Lua scripting, Keys with a limited time-to-live, and configuration settings to make Valkey behave like a cache.  You can use Valkey from most programming languages also.\n\nSecurity Fix(es):\n\n* redis: Redis DoS Vulnerability due to unlimited growth of output buffers abused by unauthenticated client (CVE-2025-21605)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.","modified":"2026-03-11T06:38:06.482509Z","published":"2025-10-03T19:56:45.270310Z","upstream":["CVE-2025-21605"],"references":[{"type":"ADVISORY","url":"https://errata.rockylinux.org/RLSA-2025:7509"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2361883"}],"affected":[{"package":{"name":"valkey","ecosystem":"Rocky Linux:10","purl":"pkg:rpm/rocky-linux/valkey?distro=rocky-linux-10-0&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:8.0.3-1.el10_0"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2025:7509.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"credits":[{"name":"Rocky Enterprise Software Foundation"},{"name":"Red Hat"}]}