UbuntuUpdates.org

Package "redis"

Name: redis

Description:

Persistent key-value database with network interface (metapackage)
Latest version: 5:7.0.15-1ubuntu0.24.04.2
Release: noble (24.04)
Level: updates
Repository: universe
Homepage: https://redis.io/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "redis"

All arch deb package
APT INSTALL

Other versions of "redis" in Noble

Repository Area Version
base universe 5:7.0.15-1build2
security universe 5:7.0.15-1ubuntu0.24.04.2

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 5:7.0.15-1ubuntu0.24.04.2 2025-10-15 19:07:13 UTC

  redis (5:7.0.15-1ubuntu0.24.04.2) noble-security; urgency=medium

  * SECURITY UPDATE: remote code execution
    - debian/patches/CVE-2025-49844.patch: protect TString on stack
      during parsing to prevent use-after-free condition in lparser.c
    - CVE-2025-49844

 -- Sudhakar Verma <email address hidden> Mon, 13 Oct 2025 20:52:23 +0530
Source diff to previous version
CVE-2025-49844 Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lu

Version: 5:7.0.15-1ubuntu0.24.04.1 2025-03-05 17:06:50 UTC

  redis (5:7.0.15-1ubuntu0.24.04.1) noble-security; urgency=medium

  * SECURITY UPDATE: denial of service
    - debian/patches/CVE-2024-31228.patch: break out of recursion if the
      value of "nesting" is greater than 1000 in `src/util.c`
    - CVE-2024-31228
  * SECURITY UPDATE: remote code execution
    - debian/patches/CVE-2024-46981.patch: reset GC state before closing
      the lua VM to prevent user data to be wrongly freed while still might
      be used on destructor callbacks.
    - CVE-2024-46981
  * SECURITY UPDATE: denial of service
    - debian/patches/CVE-2024-51741.patch: make '%w' and '%r' only valid
      permissions
    - CVE-2024-51741

 -- Shishir Subedi <email address hidden> Fri, 14 Feb 2025 12:43:06 +0545
CVE-2024-31228 Redis is an open source, in-memory database that persists on disk. Authenticated users can trigger a denial-of-service by using specially crafted, lo
CVE-2024-46981 Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to manipulate the gar
CVE-2024-51741 Redis is an open source, in-memory database that persists on disk. An authenticated with sufficient privileges may create a malformed ACL selector wh


About   -   Send Feedback to @ubuntu_updates