Ubuntu alert USN-8169-1 (redis, lua5.1, lua-cjson, lua-bitop)
| From: | noreply+usn-bot@canonical.com | |
| To: | ubuntu-security-announce@lists.ubuntu.com | |
| Subject: | [USN-8169-1] Redis, Lua vulnerabilities | |
| Date: | Tue, 14 Apr 2026 06:02:41 +0000 | |
| Message-ID: | <E1wCWrB-0003py-Du@lists.ubuntu.com> |
========================================================================== Ubuntu Security Notice USN-8169-1 April 13, 2026 redis, lua5.1, lua-cjson, lua-bitop vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: Several security issues were fixed in Redis, lua5.1, lua-cjson, lua-bitop. Software Description: - redis: Persistent key-value database with network interface - lua-bitop: fast bit manipulation library for the Lua language - lua-cjson: JSON parser/encoder for Lua language - lua5.1: Lua is an embeddable scripting language Details: It was discovered that Redis incorrectly handled certain specially crafted Lua scripts. A remote attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue was only addressed in lua5.1 on Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2025-49844) It was discovered that Redis incorrectly handled certain specially crafted Lua scripts. A remote attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue was only addressed in lua-bitop on Ubuntu 20.04 LTS and Ubuntu 22.04 LTS and in redis on Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 24.04 LTS. (CVE-2024-31449) Seiya Nakata and Yudai Fujiwara discovered that Redis incorrectly handled certain specially crafted Lua scripts. An attacker could possibly use this issue to cause heap corruption and execute arbitrary code. This issue was only addressed in lua-cjson on Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-24834) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 24.04 LTS redis 5:7.0.15-1ubuntu0.24.04.4 redis-sentinel 5:7.0.15-1ubuntu0.24.04.4 redis-server 5:7.0.15-1ubuntu0.24.04.4 redis-tools 5:7.0.15-1ubuntu0.24.04.4 Ubuntu 22.04 LTS liblua5.1-0 5.1.5-8.1ubuntu0.22.04.1~esm1 Available with Ubuntu Pro liblua5.1-0-dev 5.1.5-8.1ubuntu0.22.04.1~esm1 Available with Ubuntu Pro liblua5.1-bitop-dev 1.0.2-5ubuntu0.22.04.1~esm2 Available with Ubuntu Pro liblua5.1-bitop0 1.0.2-5ubuntu0.22.04.1~esm2 Available with Ubuntu Pro lua-bitop 1.0.2-5ubuntu0.22.04.1~esm2 Available with Ubuntu Pro lua-bitop-dev 1.0.2-5ubuntu0.22.04.1~esm2 Available with Ubuntu Pro lua-cjson 2.1.0+dfsg-2.1ubuntu0.22.04.1~esm2 Available with Ubuntu Pro lua-cjson-dev 2.1.0+dfsg-2.1ubuntu0.22.04.1~esm2 Available with Ubuntu Pro lua5.1 5.1.5-8.1ubuntu0.22.04.1~esm1 Available with Ubuntu Pro Ubuntu 20.04 LTS liblua5.1-0 5.1.5-8.1ubuntu0.20.04.1~esm1 Available with Ubuntu Pro liblua5.1-0-dev 5.1.5-8.1ubuntu0.20.04.1~esm1 Available with Ubuntu Pro liblua5.1-bitop-dev 1.0.2-5ubuntu0.20.04.1~esm2 Available with Ubuntu Pro liblua5.1-bitop0 1.0.2-5ubuntu0.20.04.1~esm2 Available with Ubuntu Pro lua-bitop 1.0.2-5ubuntu0.20.04.1~esm2 Available with Ubuntu Pro lua-bitop-dev 1.0.2-5ubuntu0.20.04.1~esm2 Available with Ubuntu Pro lua-cjson 2.1.0+dfsg-2.1ubuntu0.20.04.1~esm2 Available with Ubuntu Pro lua-cjson-dev 2.1.0+dfsg-2.1ubuntu0.20.04.1~esm2 Available with Ubuntu Pro lua5.1 5.1.5-8.1ubuntu0.20.04.1~esm1 Available with Ubuntu Pro Ubuntu 18.04 LTS redis 5:4.0.9-1ubuntu0.2+esm7 Available with Ubuntu Pro redis-sentinel 5:4.0.9-1ubuntu0.2+esm7 Available with Ubuntu Pro redis-server 5:4.0.9-1ubuntu0.2+esm7 Available with Ubuntu Pro redis-tools 5:4.0.9-1ubuntu0.2+esm7 Available with Ubuntu Pro Ubuntu 16.04 LTS redis-sentinel 2:3.0.6-1ubuntu0.4+esm5 Available with Ubuntu Pro redis-server 2:3.0.6-1ubuntu0.4+esm5 Available with Ubuntu Pro redis-tools 2:3.0.6-1ubuntu0.4+esm5 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8169-1 CVE-2022-24834, CVE-2024-31449, CVE-2025-49844 Package Information: https://launchpad.net/ubuntu/+source/redis/5:7.0.15-1ubun...
Attachment: signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEE+8neBLO2Hp/ppPlOcpJm3tlzhgEFAmndz7YACgkQcpJm3tlz hgErHRAAs41evLN1BAbaryLpYHgKfL4ECFJCwxSzWF3FzURyE34WULsgcisuvWBN TCk7IDGKBHMK+f1d6H7NYSC5FvfT/134W8JHYjRdMQTnbobKh7CRi3RH9/RWmHob SB5gB+a5C3N6YPr8//md2OfhHiyQwHUUtMUxnZQMv5h8XgxRXRTw4RakY8PlUTC1 2URfnXH5Nw/PaazDfRieoMH7X/Anxpbuyhjg4mzkTFZJiZHwnpMXlI+feOblYWi1 oizjvVrV8IBLNU/X5/3L/Ca41B1i0mg3OkZ/tF2pk+NlNrKoAzGON7F7xDRLr/Bw brJbCjT0L7zhqkS9BUgz/wNr1g4CjLhVRpyxuqYnyn7fuE32pDDrmJ/6wWHreMCb NKd3pEKyZrIFyTFMKOAO4b0ZO8///VzGwxF5yuo124vR8FEE/4loXeFiuBPCYGmY WIC6VSZR5oEROb0GaC9guvRskO/7KQjgNZ3BV560AySjMYR76TVZoOqwSodkyB9v 2F5vRjMgnbhbNdNfVW+k+vvEYURO4tYA4x1W1tur7zh2vP1oMCaNqAqPECbcnB/a 48MuVfPJyQVd5hlfKYjwI31P5UmOGkavMhgClUyTH34VUl9ohdPU/S172NV0zz72 9omnvttaEWakKOiyX2gdSB7djNFLOGtxb31dg2fRCbQnv8b5dN4= =PFTc -----END PGP SIGNATURE-----