Security update for valkey
| Announcement ID: | SUSE-SU-2026:0848-1 |
|---|---|
| Release Date: | 2026-03-07T18:18:45Z |
| Rating: | moderate |
| References: | |
| Cross-References: | |
| CVSS scores: |
|
| Affected Products: |
|
An update that solves two vulnerabilities can now be installed.
Description:
This update for valkey fixes the following issues:
Update to version 8.0.7.
Security issues fixed:
- CVE-2025-67733: data tampering and denial of service via improper null character handling in Lua scripts (bsc#1258746).
- CVE-2026-21863: denial of service via invalid clusterbus packet (bsc#1258788).
Other updates and bugfixes:
- ltrim should not call signalModifiedKey when no elements are removed (#2787)
- chained replica crash when doing dual channel replication (#2983)
- used_memory_dataset underflow due to miscalculated used_memory_overhead (#3005)
- avoids crash during MODULE UNLOAD when ACL rules reference a module command and subcommand (#3160)
- server assert on ACL LOAD and resetchannels (#3182)
- bug causing no response flush sometimes when IO threads are busy (#3205)
Patch Instructions:
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
-
Server Applications Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP7-2026-848=1
Package List:
-
Server Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64)
- valkey-devel-8.0.7-150700.3.14.1
- valkey-8.0.7-150700.3.14.1
- valkey-debuginfo-8.0.7-150700.3.14.1
- valkey-debugsource-8.0.7-150700.3.14.1
-
Server Applications Module 15-SP7 (noarch)
- valkey-compat-redis-8.0.7-150700.3.14.1