UbuntuUpdates.org

Package "redis-server"

Name: redis-server

Description:

Persistent key-value database with network interface
Latest version: 5:7.0.15-1ubuntu0.24.10.1
Release: oracular (24.10)
Level: security
Repository: universe
Head package: redis
Homepage: https://redis.io/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "redis-server"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "redis-server" in Oracular

Repository Area Version
base universe 5:7.0.15-1build2
updates universe 5:7.0.15-1ubuntu0.24.10.1

Changelog

Version: 5:7.0.15-1ubuntu0.24.10.1 2025-03-05 14:06:53 UTC

  redis (5:7.0.15-1ubuntu0.24.10.1) oracular-security; urgency=medium

  * SECURITY UPDATE: denial of service
    - debian/patches/CVE-2024-31228.patch: break out of recursion if the
      value of "nesting" is greater than 1000 in `src/util.c`
    - CVE-2024-31228
  * SECURITY UPDATE: remote code execution
    - debian/patches/CVE-2024-46981.patch: reset GC state before closing
      the lua VM to prevent user data to be wrongly freed while still might
      be used on destructor callbacks.
    - CVE-2024-46981
  * SECURITY UPDATE: denial of service
    - debian/patches/CVE-2024-51741.patch: make '%w' and '%r' only valid
      permissions
    - CVE-2024-51741

 -- Shishir Subedi <email address hidden> Fri, 14 Feb 2025 10:39:58 +0545
CVE-2024-31228 Redis is an open source, in-memory database that persists on disk. Authenticated users can trigger a denial-of-service by using specially crafted, lo
CVE-2024-46981 Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to manipulate the gar
CVE-2024-51741 Redis is an open source, in-memory database that persists on disk. An authenticated with sufficient privileges may create a malformed ACL selector wh


About   -   Send Feedback to @ubuntu_updates