|
|
Log in / Subscribe / Register

Ubuntu alert USN-7824-3 (redis)



From:
              noreply+usn-bot@canonical.com


To:
              ubuntu-security-announce@lists.ubuntu.com


Subject:
              [USN-7824-3] Redis vulnerability


Date:
              Thu, 16 Oct 2025 13:39:18 +0000


Message-ID:
              <E1v9OCM-0006xD-G8@lists.ubuntu.com>


==========================================================================
Ubuntu Security Notice USN-7824-3
October 16, 2025

redis vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS

Summary:

Redis could be made to crash or run programs if it received
specially crafted network traffic from an authenticated user.

Software Description:
- redis: Persistent key-value database with network interface

Details:

USN-7824-1 fixed several vulnerabilities in Redis. This update provides
the corresponding update for Ubuntu 22.04 LTS.

Original advisory details:

Benny Isaacs, Nir Brakha, and Sagi Tzadik discovered that Redis incorrectly
handled memory when running Lua scripts. An authenticated attacker could use
this vulnerability to trigger a use-after-free condition, and potentially 
achieve remote code execution on the Redis server.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS
  redis                           5:6.0.16-1ubuntu1.1
  redis-sentinel                  5:6.0.16-1ubuntu1.1
  redis-server                    5:6.0.16-1ubuntu1.1
  redis-tools                     5:6.0.16-1ubuntu1.1

After a standard system update you need to restart Redis to make
all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-7824-3
  https://ubuntu.com/security/notices/USN-7824-2
  https://ubuntu.com/security/notices/USN-7824-1
  CVE-2025-49844

Package Information:
  https://launchpad.net/ubuntu/+source/redis/5:6.0.16-1ubun...




Attachment: signature.asc (type=application/pgp-signature)

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEE+8neBLO2Hp/ppPlOcpJm3tlzhgEFAmjwtKkACgkQcpJm3tlz
hgEU/Q//QEwX+HeNn953gCXM36c6XRJ9zfocR+K21lbYMGSOp6dUfNK42X8iUtjE
rdMbpxyBoXtR/X9+tmqy0W9i3hJz3SHXgku9ZKLaXpXfAinQ+QPOlwCcsBllnZdQ
0dGPogVw/kfYEgo75s7bP9DtCt3G9eawq8gKUsmGnWKNn8KTqBsFyXVLOQ4Doosh
J65egCJCAMyp5E9Q/ntq6zu7ji8y1fSgu71pXgci6jqEbGNOHFZmLlzYj4R/gmhr
AX+Uy2vXakyunVo4thu9InxJ64cGch3C0DLkzpnn6uXXaOyoDY8OT3tax95FO7Wj
+B+/5R25nC7k8m68ZNZAywiqx3cLiARLPrf2SkiJ7h0dFTOG8DD6NCGqwbJoNfCa
Pk2mHXHj4QDPD75W1cerKpQTFJOid8BvlyLf37w4a8+4zg7N8wnCiAHUY3hNHFa2
KzF9SonloM2Yy9bt4yboCBFNN1WfwXqZkHG/v4ucembD8Ms0hBaTg2M72u+wWGOo
p2m9ozx9EpTki15gDlosYZ1iv45upkVLsJ6O32hi2Cbr3CJvH0U7IjMjFeijUZ+5
CWNs9OoeQYrOB1/BNXH8rXTnm1yDfnQJr5953CO5d9kfzDuIsstzl1tgUWqkbmIK
TLwL1VG/qi3S44khT1YCBRVtuL+gubMJAoPFE0r5FKkCiYcXGZ4=
=20uk
-----END PGP SIGNATURE-----
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds