Critical Valkey security update for openSUSE Leap 15.6 fixes CVE-2025-27151 (stack overflow) and CVE-2025-49112 (integer underflow). Learn patch instructions, exploit details, and mitigation steps to secure Linux servers now.
Overview: High-Risk Vulnerabilities Patched in Valkey
The latest SUSE-SU-2025:02231-1 security update addresses two critical vulnerabilities in Valkey (a high-performance Redis-compatible database) for openSUSE Leap 15.6 and Server Applications Module 15-SP6.
These flaws could lead to stack overflow attacks and integer underflow exploits, risking system compromise.
Why This Matters?
CVE-2025-27151: Missing filename size checks enable stack-based buffer overflows, allowing arbitrary code execution.
CVE-2025-49112: Integer underflow in
setDeferredReplymay crash services or trigger remote exploits.
🔴 Severity: Moderate (CVSS scores pending) – Immediate patching recommended for Linux servers.
Patch Instructions: Secure Your System Now
Method 1: Automated Update (Recommended)
# For openSUSE Leap 15.6 zypper in -t patch SUSE-2025-2231=1 openSUSE-SLE-15.6-2025-2231=1 # For Server Applications Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP6-2025-2231=1
Method 2: Manual Patch via YaST
Launch YaST → Online Update.
Search for SUSE-2025-2231.
Apply the patch and restart affected services.
Affected Packages & Architectures
| Package | Architectures (Leap 15.6) | Module 15-SP6 |
|---|---|---|
valkey-8.0.2 | aarch64, ppc64le, x86_64, i586 | aarch64, x86_64 |
valkey-devel | s390x, ppc64le | s390x, ppc64le |
valkey-debuginfo | All supported | All supported |
valkey-compat-redis | noarch | noarch |
Technical Deep Dive: Exploit Analysis
CVE-2025-27151: Stack Overflow Vulnerability
Root Cause: Unbounded filename writes in Valkey’s logging subsystem.
Impact: Attackers could overwrite stack memory, leading to RCE (Remote Code Execution).
Mitigation: Patch enforces 256-byte filename limits.
CVE-2025-49112: Integer Underflow in setDeferredReply
Trigger: Malformed client requests cause a signed/unsigned mismatch.
Risk: Denial-of-Service (DoS) or memory corruption.
References & Official Sources
Valkey Documentation (Third-party resource for best practices)
FAQ: Valkey Security Update
Q: Is this update backward-compatible with Redis?
A: Yes—valkey-compat-redis ensures Redis API compatibility.
Q: How urgent is this patch?
A: Moderate urgency—exploits require specific conditions but are feasible in shared hosting.
Q: Can I verify the patch post-installation?
A: Run zypper patches --grep SUSE-2025-2231 to confirm.
Nenhum comentário:
Postar um comentário