Several security updates were issued for Debian GNU/Linux, including updates for Redis (versions 3:3.2.6-3+deb9u17 for Debian 9, 5:6.0.16-1+deb11u8 for Debian 10, and 5:6.0.16-1+deb11u8 for Debian 11), Chromium (version 141.0.7390.65-1~deb12u1 for Debian 12), and Valkey (version 8.1.1+dfsg1-3+deb13u1 for Debian 13). The updates address multiple vulnerabilities, including CVE-2025-46817, CVE-2025-46819, and CVE-2025-49844, which could allow attackers to execute arbitrary code or create denial-of-service attacks. The Redis updates specifically fix issues with the Lua scripting interface that could lead to remote code execution or denial of service.

ELA-1537-1 redis security update
[DSA 6021-1] chromium security update
[DSA 6022-1] valkey security update
[DLA 4325-1] redis security update

ELA-1537-1 redis security update

Package : redis

Version : 3:3.2.6-3+deb9u17 (stretch), 5:5.0.14-1+deb10u10 (buster)

Related CVEs :
CVE-2025-46817
CVE-2025-46819
CVE-2025-49844

Multiple vulnerabilities were discovered in Redis, a popular key/value
database:

CVE-2025-46817: Fix an issue where an authenticated user could have used a
specially-crafted Lua script to cause an integer overflow and potentially
lead to remote code execution.

CVE-2025-46819: Address a potential vulnerability where an authenticated
user could have used a specially-crafted Lua script to read out-of-bound data
and/or crash the server and thereby create a denial of service attack.

CVE-2025-49844: Fix an issue where authenticated users could have exploited
a specially-crafted Lua script to manipulate the garbage collector, trigger a
use-after-free and potentially lead to remote code execution.

ELA-1537-1 redis security update

[SECURITY] [DSA 6021-1] chromium security update

- -------------------------------------------------------------------------
Debian Security Advisory DSA-6021-1 security@debian.org
https://www.debian.org/security/ Andres Salomon
October 09, 2025 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : chromium
CVE ID : CVE-2025-11211 CVE-2025-11458 CVE-2025-11460

Security issues were discovered in Chromium which could result
in the execution of arbitrary code, denial of service, or information
disclosure.

For the oldstable distribution (bookworm), these problems have been fixed
in version 141.0.7390.65-1~deb12u1.

For the stable distribution (trixie), these problems have been fixed in
version 141.0.7390.65-1~deb13u1.

We recommend that you upgrade your chromium packages.

For the detailed security status of chromium please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/chromium

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

[SECURITY] [DSA 6022-1] valkey security update

- -------------------------------------------------------------------------
Debian Security Advisory DSA-6022-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
October 09, 2025 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : valkey
CVE ID : CVE-2025-46817 CVE-2025-46818 CVE-2025-46819 CVE-2025-49844

Multiple security issues were discovered in the Lua scripting interface
of Valkey, a persistent key-value database, which could result in the
execution of arbitrary code or denial of service.

For the stable distribution (trixie), these problems have been fixed in
version 8.1.1+dfsg1-3+deb13u1.

We recommend that you upgrade your valkey packages.

For the detailed security status of valkey please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/valkey

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

[SECURITY] [DLA 4325-1] redis security update

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4325-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Chris Lamb
October 09, 2025 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package : redis
Version : 5:6.0.16-1+deb11u8
CVE IDs : CVE-2025-46817 CVE-2025-46819 CVE-2025-49844
Debian Bug : 1117553

Multiple vulnerabilities were discovered in Redis, a popular
key/value database:

* CVE-2025-46817: Fix an issue where an authenticated user could have
used a specially-crafted Lua script to cause an integer overflow
and potentially lead to remote code execution.

* CVE-2025-46819: Address a potential vulnerability where an
authenticated user could have used a specially-crafted Lua script
to read out-of-bound data and/or crash the server and thereby
create a denial of service attack.

* CVE-2025-49844: Fix an issue where authenticated users could have
exploited a specially-crafted Lua script to manipulate the garbage
collector, trigger a use-after-free and potentially lead to remote
code execution.

For Debian 11 bullseye, these problems have been fixed in version
5:6.0.16-1+deb11u8.

We recommend that you upgrade your redis packages.

For the detailed security status of redis please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/redis

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS