{"affected":[{"ecosystem_specific":{"binaries":[{"valkey":"8.0.6-160000.1.1","valkey-compat-redis":"8.0.6-160000.1.1","valkey-devel":"8.0.6-160000.1.1"}]},"package":{"ecosystem":"openSUSE:Leap 16.0","name":"valkey","purl":"pkg:rpm/opensuse/valkey&distro=openSUSE%20Leap%2016.0"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"8.0.6-160000.1.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for valkey fixes the following issues:\n\nUpdate to 8.0.6:\n\n  - Security fixes:\n\n    - CVE-2025-49844: Fixed that a Lua script may lead to remote code execution (bsc#1250995)\n    - CVE-2025-46817: Fixed that a Lua script may lead to integer overflow and potential RCE (bsc#1250995)\n    - CVE-2025-46818: Fixed that a Lua script can be executed in the context of another user (bsc#1250995)\n    - CVE-2025-46819: Fixed LUA out-of-bound read (bsc#1250995)\n\n  - Bug fixes:\n  \n    * Fix accounting for dual channel RDB bytes in replication stats (#2614)\n    * Fix EVAL to report unknown error when empty error table is provided (#2229)\n    * Fix use-after-free when active expiration triggers hashtable to shrink (#2257)\n    * Fix MEMORY USAGE to account for embedded keys (#2290)\n    * Fix memory leak when shrinking a hashtable without entries (#2288)\n    * Prevent potential assertion in active defrag handling large allocations (#2353)\n    * Prevent bad memory access when NOTOUCH client gets unblocked (#2347)\n    * Converge divergent shard-id persisted in nodes.conf to primary's shard id (#2174)\n    * Fix client tracking memory overhead calculation (#2360)\n    * Fix RDB load per slot memory pre-allocation when loading from RDB snapshot (#2466)\n    * Don't use AVX2 instructions if the CPU doesn't support it (#2571)\n    * Fix bug where active defrag may be unable to defrag sparsely filled pages (#2656)\n\nChanges from 8.0.5:\n\n  https://github.com/valkey-io/valkey/releases/tag/8.0.5\n\n","id":"openSUSE-SU-2026:20003-1","modified":"2026-01-07T09:43:28Z","published":"2026-01-07T09:43:28Z","references":[{"type":"ADVISORY","url":null},{"type":"REPORT","url":"https://bugzilla.suse.com/1250995"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-46817"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-46818"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-46819"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-49844"}],"related":["CVE-2025-46817","CVE-2025-46818","CVE-2025-46819","CVE-2025-49844"],"summary":"Security update of valkey","upstream":["CVE-2025-46817","CVE-2025-46818","CVE-2025-46819","CVE-2025-49844"]}