ALAS2023-2025-1025

Amazon Linux 2023 Security Advisory: ALAS2023-2025-1025
Advisory Released Date: 2025-06-23
Advisory Updated Date: 2025-06-23

Severity: Low

References: CVE-2025-49112
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

setDeferredReply in networking.c in Valkey through 8.1.1 has an integer underflow for prev->size - prev->used. (CVE-2025-49112)

Affected Packages:

valkey

Issue Correction:
Run dnf update valkey --releasever 2023.7.20250623 to update your system.

New Packages:

aarch64:
    valkey-devel-8.0.3-3.amzn2023.0.2.aarch64
    valkey-debuginfo-8.0.3-3.amzn2023.0.2.aarch64
    valkey-8.0.3-3.amzn2023.0.2.aarch64
    valkey-debugsource-8.0.3-3.amzn2023.0.2.aarch64

src:
    valkey-8.0.3-3.amzn2023.0.2.src

x86_64:
    valkey-devel-8.0.3-3.amzn2023.0.2.x86_64
    valkey-debuginfo-8.0.3-3.amzn2023.0.2.x86_64
    valkey-8.0.3-3.amzn2023.0.2.x86_64
    valkey-debugsource-8.0.3-3.amzn2023.0.2.x86_64

Additional References

Release Notes: Amazon Linux 2023 Release Notes

Red Hat: CVE-2025-49112

Mitre: CVE-2025-49112