========================================================================== Ubuntu Security Notice USN-8169-1 April 13, 2026 redis, lua5.1, lua-cjson, lua-bitop vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: Several security issues were fixed in Redis, lua5.1, lua-cjson, lua-bitop. Software Description: - redis: Persistent key-value database with network interface - lua-bitop: fast bit manipulation library for the Lua language - lua-cjson: JSON parser/encoder for Lua language - lua5.1: Lua is an embeddable scripting language Details: It was discovered that Redis incorrectly handled certain specially crafted Lua scripts. A remote attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue was only addressed in lua5.1 on Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2025-49844) It was discovered that Redis incorrectly handled certain specially crafted Lua scripts. A remote attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue was only addressed in lua-bitop on Ubuntu 20.04 LTS and Ubuntu 22.04 LTS and in redis on Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 24.04 LTS. (CVE-2024-31449) Seiya Nakata and Yudai Fujiwara discovered that Redis incorrectly handled certain specially crafted Lua scripts. An attacker could possibly use this issue to cause heap corruption and execute arbitrary code. This issue was only addressed in lua-cjson on Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-24834) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 24.04 LTS redis 5:7.0.15-1ubuntu0.24.04.4 redis-sentinel 5:7.0.15-1ubuntu0.24.04.4 redis-server 5:7.0.15-1ubuntu0.24.04.4 redis-tools 5:7.0.15-1ubuntu0.24.04.4 Ubuntu 22.04 LTS liblua5.1-0 5.1.5-8.1ubuntu0.22.04.1~esm1 Available with Ubuntu Pro liblua5.1-0-dev 5.1.5-8.1ubuntu0.22.04.1~esm1 Available with Ubuntu Pro liblua5.1-bitop-dev 1.0.2-5ubuntu0.22.04.1~esm2 Available with Ubuntu Pro liblua5.1-bitop0 1.0.2-5ubuntu0.22.04.1~esm2 Available with Ubuntu Pro lua-bitop 1.0.2-5ubuntu0.22.04.1~esm2 Available with Ubuntu Pro lua-bitop-dev 1.0.2-5ubuntu0.22.04.1~esm2 Available with Ubuntu Pro lua-cjson 2.1.0+dfsg-2.1ubuntu0.22.04.1~esm2 Available with Ubuntu Pro lua-cjson-dev 2.1.0+dfsg-2.1ubuntu0.22.04.1~esm2 Available with Ubuntu Pro lua5.1 5.1.5-8.1ubuntu0.22.04.1~esm1 Available with Ubuntu Pro Ubuntu 20.04 LTS liblua5.1-0 5.1.5-8.1ubuntu0.20.04.1~esm1 Available with Ubuntu Pro liblua5.1-0-dev 5.1.5-8.1ubuntu0.20.04.1~esm1 Available with Ubuntu Pro liblua5.1-bitop-dev 1.0.2-5ubuntu0.20.04.1~esm2 Available with Ubuntu Pro liblua5.1-bitop0 1.0.2-5ubuntu0.20.04.1~esm2 Available with Ubuntu Pro lua-bitop 1.0.2-5ubuntu0.20.04.1~esm2 Available with Ubuntu Pro lua-bitop-dev 1.0.2-5ubuntu0.20.04.1~esm2 Available with Ubuntu Pro lua-cjson 2.1.0+dfsg-2.1ubuntu0.20.04.1~esm2 Available with Ubuntu Pro lua-cjson-dev 2.1.0+dfsg-2.1ubuntu0.20.04.1~esm2 Available with Ubuntu Pro lua5.1 5.1.5-8.1ubuntu0.20.04.1~esm1 Available with Ubuntu Pro Ubuntu 18.04 LTS redis 5:4.0.9-1ubuntu0.2+esm7 Available with Ubuntu Pro redis-sentinel 5:4.0.9-1ubuntu0.2+esm7 Available with Ubuntu Pro redis-server 5:4.0.9-1ubuntu0.2+esm7 Available with Ubuntu Pro redis-tools 5:4.0.9-1ubuntu0.2+esm7 Available with Ubuntu Pro Ubuntu 16.04 LTS redis-sentinel 2:3.0.6-1ubuntu0.4+esm5 Available with Ubuntu Pro redis-server 2:3.0.6-1ubuntu0.4+esm5 Available with Ubuntu Pro redis-tools 2:3.0.6-1ubuntu0.4+esm5 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8169-1 CVE-2022-24834, CVE-2024-31449, CVE-2025-49844 Package Information: https://launchpad.net/ubuntu/+source/redis/5:7.0.15-1ubuntu0.24.04.4
No comments:
Post a Comment