Not a user yet?
Log in Register for free Suggest a product
Update

USN-8169-1: Redis, Lua vulnerabilities

Ubuntu ServerUbuntu Server
Canonical

USN-8169-1: Redis, Lua vulnerabilities

Publication date: 13 April 2026
Overview: Several security issues were fixed in Redis, lua5.1, lua-cjson, lua-bitop.

Packages

  • lua-bitop - fast bit manipulation library for the Lua language
  • lua-cjson - JSON parser/encoder for Lua language
  • lua5.1 - Lua is an embeddable scripting language
  • redis - Persistent key-value database with network interface

Details
It was discovered that Redis incorrectly handled certain specially crafted
Lua scripts. A remote attacker could possibly use this issue to cause a
denial of service or execute arbitrary code. This issue was only addressed in
lua5.1 on Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2025-49844)

It was discovered that Redis incorrectly handled certain specially crafted
Lua scripts. A remote attacker could possibly use this issue to cause a
denial of service or execute arbitrary code. This issue was only addressed in
lua-bitop on Ubuntu 20.04 LTS and Ubuntu 22.04 LTS and in redis on Ubuntu
16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 24.04 LTS. (CVE-2024-31449)

Seiya Nakata and Yudai Fujiwara discovered that Redis incorrectly handled
certain specially crafted Lua scripts. An attacker could possibly use this
issue to cause heap corruption and execute arbitrary code. This issue was only
addressed in lua-cjson on Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-24834)

Update instructions
In general, a standard system update will make all the necessary changes.

The problem can be corrected by updating your system to the following package versions:

24.04 LTS noble

  • redis – 5:7.0.15-1ubuntu0.24.04.4
  • redis-sentinel – 5:7.0.15-1ubuntu0.24.04.4
  • redis-server – 5:7.0.15-1ubuntu0.24.04.4
  • redis-tools – 5:7.0.15-1ubuntu0.24.04.4

22.04 LTS jammy

  • liblua5.1-0 – 5.1.5-8.1ubuntu0.22.04.1~esm1
  • liblua5.1-0-dev – 5.1.5-8.1ubuntu0.22.04.1~esm1
  • liblua5.1-bitop-dev – 1.0.2-5ubuntu0.22.04.1~esm2
  • liblua5.1-bitop0 – 1.0.2-5ubuntu0.22.04.1~esm2
  • lua-bitop – 1.0.2-5ubuntu0.22.04.1~esm2
  • lua-bitop-dev – 1.0.2-5ubuntu0.22.04.1~esm2
  • lua-cjson – 2.1.0+dfsg-2.1ubuntu0.22.04.1~esm2
  • lua-cjson-dev – 2.1.0+dfsg-2.1ubuntu0.22.04.1~esm2
  • lua5.1 – 5.1.5-8.1ubuntu0.22.04.1~esm1

20.04 LTS focal

  • liblua5.1-0 – 5.1.5-8.1ubuntu0.20.04.1~esm1
  • liblua5.1-0-dev – 5.1.5-8.1ubuntu0.20.04.1~esm1
  • liblua5.1-bitop-dev – 1.0.2-5ubuntu0.20.04.1~esm2
  • liblua5.1-bitop0 – 1.0.2-5ubuntu0.20.04.1~esm2
  • lua-bitop – 1.0.2-5ubuntu0.20.04.1~esm2
  • lua-bitop-dev – 1.0.2-5ubuntu0.20.04.1~esm2
  • lua-cjson – 2.1.0+dfsg-2.1ubuntu0.20.04.1~esm2
  • lua-cjson-dev – 2.1.0+dfsg-2.1ubuntu0.20.04.1~esm2
  • lua5.1 – 5.1.5-8.1ubuntu0.20.04.1~esm1

18.04 LTS bionic

  • redis – 5:4.0.9-1ubuntu0.2+esm7
  • redis-sentinel – 5:4.0.9-1ubuntu0.2+esm7
  • redis-server – 5:4.0.9-1ubuntu0.2+esm7
  • redis-tools – 5:4.0.9-1ubuntu0.2+esm7

16.04 LTS

  • xenial redis-sentinel – 2:3.0.6-1ubuntu0.4+esm5
  • redis-server – 2:3.0.6-1ubuntu0.4+esm5
  • redis-tools – 2:3.0.6-1ubuntu0.4+esm5
More updatesTo the product
The manufacturer Canonical has not yet set up its devicebase profile. Content such as updates, compatibilities and support may only be maintained with a delay.
Receive Important Update Messages Stay tuned for upcoming Canonical updates

More from the Operating Systems section

Was the content helpful to you?

Advertisement Advertise here?
Udemy IT certification ad