Ubuntu alert USN-7824-1 (redis)
| From: | noreply+usn-bot@canonical.com | |
| To: | ubuntu-security-announce@lists.ubuntu.com | |
| Subject: | [USN-7824-1] Redis vulnerability | |
| Date: | Thu, 16 Oct 2025 13:39:02 +0000 | |
| Message-ID: | <E1v9OC6-0006sh-DO@lists.ubuntu.com> |
========================================================================== Ubuntu Security Notice USN-7824-1 October 15, 2025 redis vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 25.10 - Ubuntu 25.04 - Ubuntu 24.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: Redis could be made to crash or run programs if it received specially crafted network traffic from an authenticated user. Software Description: - redis: Persistent key-value database with network interface Details: Benny Isaacs, Nir Brakha, and Sagi Tzadik discovered that Redis incorrectly handled memory when running Lua scripts. An authenticated attacker could use this vulnerability to trigger a use-after-free condition, and potentially achieve remote code execution on the Redis server. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 25.10 redis 5:8.0.2-3ubuntu0.25.10.1 redis-sentinel 5:8.0.2-3ubuntu0.25.10.1 redis-server 5:8.0.2-3ubuntu0.25.10.1 redis-tools 5:8.0.2-3ubuntu0.25.10.1 Ubuntu 25.04 redis 5:7.0.15-3ubuntu0.1 redis-sentinel 5:7.0.15-3ubuntu0.1 redis-server 5:7.0.15-3ubuntu0.1 redis-tools 5:7.0.15-3ubuntu0.1 Ubuntu 24.04 LTS redis 5:7.0.15-1ubuntu0.24.04.2 redis-sentinel 5:7.0.15-1ubuntu0.24.04.2 redis-server 5:7.0.15-1ubuntu0.24.04.2 redis-tools 5:7.0.15-1ubuntu0.24.04.2 Ubuntu 20.04 LTS redis 5:5.0.7-2ubuntu0.1+esm4 Available with Ubuntu Pro redis-sentinel 5:5.0.7-2ubuntu0.1+esm4 Available with Ubuntu Pro redis-server 5:5.0.7-2ubuntu0.1+esm4 Available with Ubuntu Pro redis-tools 5:5.0.7-2ubuntu0.1+esm4 Available with Ubuntu Pro Ubuntu 18.04 LTS redis 5:4.0.9-1ubuntu0.2+esm6 Available with Ubuntu Pro redis-sentinel 5:4.0.9-1ubuntu0.2+esm6 Available with Ubuntu Pro redis-server 5:4.0.9-1ubuntu0.2+esm6 Available with Ubuntu Pro redis-tools 5:4.0.9-1ubuntu0.2+esm6 Available with Ubuntu Pro Ubuntu 16.04 LTS redis-sentinel 2:3.0.6-1ubuntu0.4+esm4 Available with Ubuntu Pro redis-server 2:3.0.6-1ubuntu0.4+esm4 Available with Ubuntu Pro redis-tools 2:3.0.6-1ubuntu0.4+esm4 Available with Ubuntu Pro Ubuntu 14.04 LTS redis-server 2:2.8.4-2ubuntu0.2+esm5 Available with Ubuntu Pro redis-tools 2:2.8.4-2ubuntu0.2+esm5 Available with Ubuntu Pro After a standard system update you need to restart Redis to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7824-1 CVE-2025-49844 Package Information: https://launchpad.net/ubuntu/+source/redis/5:8.0.2-3ubunt... https://launchpad.net/ubuntu/+source/redis/5:7.0.15-3ubun... https://launchpad.net/ubuntu/+source/redis/5:7.0.15-1ubun...
Attachment: signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEE+8neBLO2Hp/ppPlOcpJm3tlzhgEFAmjv4MUACgkQcpJm3tlz hgGj1hAAtvHtrUN9xHQpsXiWBqVxhOgXSFyGXSVskhplYENxAJBOKpogw28vECiO a2UpIWBf8qMuAZoU9BuU2koJVvxLEb42y24P60rQHqiCEo55m3NVVcN5a6gvQTC7 b233F8osl44SJeOo2TV0FqZgVShHp5pIgnDQ3PX2HnLXnaO8Um5hIlstT/bl2m2R 6wKMTzOKY8fg+ahrcayg4EIG6rxjp5DXpE85pi2MYCXWAvFNHAf0IPC8vZroms6r S1UrZ81FIGcHS0LP2so0+Ef5LgNkmcv+kJr7YCPTcz8lBesThlApmV+LoPaP1k47 rqTGk0ejZrIKAo8a7owAUYIFJP+GVLBhHeMS1mE4qYlDdzcqdVKMNIyqawxTTIJn CmdxH5tKfeZUUboa8+KDLpfOyvLvCS/5IsDqScPraiw4QTzGDThpyoFSLaunvaIe vLrsCdz8yU8/Lx/WQ06bl1TJO/b/yJXHLZ2Lj4Iavd8Z6KfA0dUj+1NyHRij0FHP LHMyqHpLcnPItRDMsPefH6Q7/Dimzi2Y3d+RkuWKvfCE70tbklxl1V5sPPSE4M5s 8YY2+HzepkhvT2+SIxm5nWmYeuOxKZYMp7YjV7iPt4k7KsCrrxq78gHfLQh1HewC UgN1ivbAU/qYCqTc45yjTBEGQTUGBKXREj7wDMynn5nHyd+QCfw= =xA4i -----END PGP SIGNATURE-----