This bug was fixed in the package valkey - 7.2.7+dfsg1-0ubuntu0.24.04.1
---------------
valkey (7.2.7+dfsg1-0ubuntu0.24.04.1) noble; urgency=medium
* New upstream version 7.2.7 (LP: #2091129)
- Security fixes:
+ CVE-2024-31449: Lua library commands may lead to stack overflow and
potential RCE.
+ CVE-2024-31227: Potential Denial-of-service due to malformed ACL
selectors.
+ CVE-2024-31228: Potential Denial-of-service due to unbounded pattern
matching.
- Bug fixes:
+ Fix re-enable of Append-Only File flag in RdbLoad module.
+ Fix cluster replica failure to establish replication link in race
condition.
+ Fix valkeymodule-rs build issues due to typo in REGISTER_API.
+ Fix crash where command duration is not reset when client is blocked.
+ Fix CLUSTER SHARDS empty array return.
+ Fix client auth block when a cluster is down.
+ Fix MEET request reliability during link failure.
+ Ensure the --count option in redis-cli works correctly even without
--pattern.
+ Fix redis-check-aof misidentifying data in manifest format as MP-AOF.
- Updates:
+ Add clusterNodeIsVotingPrimary concept to fix issue where nodes outside
the quorum group could mark nodes as failed.
+ Add compatibility with redis-sentinel for starting sentinel.
+ Update redis-check-rdb types to replace stream-v2 with stream-v3
* d/watch: Fix repack suffix
-- Lena Voytek <[email protected]> Thu, 05 Dec 2024 14:44:44
-0700
** Changed in: valkey (Ubuntu Noble)
Status: Fix Committed => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-31227
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-31228
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2091129
Title:
Update Valkey to 7.2.7 in noble and oracular
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/valkey/+bug/2091129/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
