|
|
Subscribe / Log in / New account

Ubuntu alert USN-7824-2 (redict)



From:
              noreply+usn-bot@canonical.com


To:
              ubuntu-security-announce@lists.ubuntu.com


Subject:
              [USN-7824-2] Redict vulnerability


Date:
              Thu, 16 Oct 2025 13:39:11 +0000


Message-ID:
              <E1v9OCF-0006uU-97@lists.ubuntu.com>


==========================================================================
Ubuntu Security Notice USN-7824-2
October 16, 2025

redict vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 25.10
- Ubuntu 25.04

Summary:

Redict could be made to crash or run programs if it received
specially crafted network traffic from an authenticated user.

Software Description:
- redict: Distributed key/value store

Details:

USN-7824-1 fixed several vulnerabilities in Redis. This update provides
the corresponding update for Redict - a fork of Redis.

Original advisory details:

Benny Isaacs, Nir Brakha, and Sagi Tzadik discovered that Redis incorrectly
handled memory when running Lua scripts. An authenticated attacker could use
this vulnerability to trigger a use-after-free condition, and potentially 
achieve remote code execution on the Redis server.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.10
  redict                          7.3.5+ds-1ubuntu0.1
  redict-sentinel                 7.3.5+ds-1ubuntu0.1
  redict-server                   7.3.5+ds-1ubuntu0.1
  redict-tools                    7.3.5+ds-1ubuntu0.1

Ubuntu 25.04
  redict                          7.3.2+ds-1ubuntu0.1
  redict-sentinel                 7.3.2+ds-1ubuntu0.1
  redict-server                   7.3.2+ds-1ubuntu0.1
  redict-tools                    7.3.2+ds-1ubuntu0.1

After a standard system update you need to restart Redict to make
all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-7824-2
  https://ubuntu.com/security/notices/USN-7824-1
  CVE-2025-49844

Package Information:
  https://launchpad.net/ubuntu/+source/redict/7.3.5+ds-1ubu...
  https://launchpad.net/ubuntu/+source/redict/7.3.2+ds-1ubu...




Attachment: signature.asc (type=application/pgp-signature)

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEE+8neBLO2Hp/ppPlOcpJm3tlzhgEFAmjwhTgACgkQcpJm3tlz
hgE3DA/+Pm107/6K8CGAfmdvrHodRUAcUUP9/e6dsCgYNBBvfWQgEBE7RzR0o00m
GBJMMUPOo+1IYVEUQDmvE5I8t0+X2VNyb+6PmQrDxWszNOGnKa0j2Sh/FD4zuSLd
HZmTEQV0JGQgrlucHmQdkevmcKsBUPNfsV7F639J9L4MF6Ajfgl6rsSbOtQUJpEc
O6N+k/qBwVFydYKmpY2emL8fINIjq+FnCEM9XTPAMOAwXRlzfvCK6cuvcRmP1bXX
vL9RJ34iQlQ3lHG2n/ITWPvOQjpyH/TdHFPAFAkJl5DLZN10dZ3mWQF9F/xqeoFw
oqG89fpGBJMo8bxqvWcpjUT40t2zAoZC4RT9WETJ5zUFfGvGgHwcd/lYSotGj+Vd
6xcOrcpW22c/2Ncf6QV9hnDDg2YHKy6kbQt/PGm1c2ddUNc3oiopQgVmHN9nqEF0
hmwly4iDJ4A/7j8N2VRRYX4xVj+l3ycskBV4gNpPUj/7keoik+OM7KA4GxIyzr1D
aT6z8mmy+ovtGpm6OCTVa82mfh1siCf8J4OArDP5gBKkdsw8jdddgil6+Tk48S9Z
BJAcBnbVnJBvgFjKMjj6eUlheCfS3xIs9Yzhdh3m3vpAvFGIecbxHfg8LA6r5NUy
JiiLy+rA+ky49bv2j5QRni9Wu5AqfNqQrNSWL0miWUuw7Dd6HRI=
=9Q85
-----END PGP SIGNATURE-----
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds