Amazon Linux 2023: CVE-2025-21605: Important priority package update for valkey (Multiple Advisories)
Description
A flaw was found in the Redis server. This flaw allows an unauthenticated client to cause an unlimited growth of output buffers until the server runs out of memory or is killed. By default, the Redis configuration does not limit the output buffer of normal clients (see client-output-buffer-limit). Therefore, the output buffer can grow unlimitedly over time. As a result, the service is exhausted, and the memory is unavailable. When password authentication is enabled on the Redis server but no password is provided, the client can still cause the output buffer to grow from "NOAUTH" responses until the system runs out of memory.
Solution(s)
- amazon-linux-2023-upgrade-redis6
- amazon-linux-2023-upgrade-redis6-debuginfo
- amazon-linux-2023-upgrade-redis6-debugsource
- amazon-linux-2023-upgrade-redis6-devel
- amazon-linux-2023-upgrade-redis6-doc
- amazon-linux-2023-upgrade-valkey
- amazon-linux-2023-upgrade-valkey-debuginfo
- amazon-linux-2023-upgrade-valkey-debugsource
- amazon-linux-2023-upgrade-valkey-devel
- Lightweight Endpoint Agent
- Live Dashboards
- Real Risk Prioritization
- IT-Integrated Remediation Projects
- Cloud, Virtual, and Container Assessment
- Integrated Threat Feeds
- Easy-to-Use RESTful API
- Automation-Assisted Patching
- Automated Containment
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center