USN-7321-1: Redis vulnerabilities
Ubuntu DesktopCanonical
Update from:USN-7321-1: Redis vulnerabilities
5 March 2025
Several security issues were fixed in Redis.
Releases
Ubuntu 24.10 Ubuntu 24.04 LTS Ubuntu 22.04 LTS Ubuntu 20.04 LTS Ubuntu 18.04 ESM Ubuntu 16.04 ESM Ubuntu 14.04 ESM
Packages
redis - Persistent key-value database with network interface
Details
It was discovered that Redis incorrectly handled certain memory operations
during pattern matching. An attacker could possibly use this issue to cause
a denial of service. (CVE-2024-31228)
It was discovered that Redis incorrectly handled certain specially crafted
Lua scripts. An attacker could possibly use this issue to cause a denial
of service or execute arbitrary code. (CVE-2024-46981)
It was discovered that Redis incorrectly handled some malformed ACL
selectors. An attacker could possibly use this issue to cause a denial of
service. This issue only affected Ubuntu 24.10 and Ubuntu 24.04 LTS.
(CVE-2024-51741)
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 24.10
- redis-server - 5:7.0.15-1ubuntu0.24.10.1
- redis-tools - 5:7.0.15-1ubuntu0.24.10.1
Ubuntu 24.04 - redis-server - 5:7.0.15-1ubuntu0.24.04.1
- redis-tools - 5:7.0.15-1ubuntu0.24.04.1
Ubuntu 22.04 - redis-server - 5:6.0.16-1ubuntu1+esm2
- redis-tools - 5:6.0.16-1ubuntu1+esm2
Ubuntu 20.04
redis-server - 5:5.0.7-2ubuntu0.1+esm3
redis-tools - 5:5.0.7-2ubuntu0.1+esm3
Ubuntu 18.04 - redis-server - 5:4.0.9-1ubuntu0.2+esm5
- redis-tools - 5:4.0.9-1ubuntu0.2+esm5
Ubuntu 16.04 - redis-server - 2:3.0.6-1ubuntu0.4+esm3
- redis-tools - 2:3.0.6-1ubuntu0.4+esm3
Ubuntu 14.04 - redis-server - 2:2.8.4-2ubuntu0.2+esm4
- redis-tools - 2:2.8.4-2ubuntu0.2+esm4
In general, a standard system update will make all the necessary changes.
