This bug was fixed in the package valkey - 8.0.4+dfsg1-0ubuntu0.1
---------------
valkey (8.0.4+dfsg1-0ubuntu0.1) plucky; urgency=medium
* New upstream version 8.0.4 (LP: #2115258)
- Security fixes:
+ CVE-2025-21605: Allocation of Resources Without Limits or Throttling.
+ CVE-2025-32023: Out-of-bounds write during hyperloglog operations
+ CVE-2025-48367: IP Protocol errors resulting in DoS
- Bug fixes:
+ Optimize RDB Load Performance and Fix Cluster Mode Resizing.
+ Fix memory leak in forgotten node ping ext code path.
+ Fix cluster info sent stats for message with light header.
+ Fix module LatencyAddSample still work when latency-monitor-threshold
is 0.
+ Fix raxRemove crash at memcpy() due to key size exceeds max Rax size.
+ Fix error "SSL routines::bad length" when connTLSWrite is called
second time with smaller buffer.
+ Fix temp file leak druing replication error handling.
+ Fix ACL LOAD crash on replica since the primary client don't has a
user.
+ Fix RANDOMKEY infinite loop during CLIENT PAUSE.
+ Fix adding samples to stream object consumer trees.
+ Fix cluster slot stats assertion during promotion of replica.
+ Fix panic in primary when blocking shutdown after previous block with
timeout.
+ Ignore stale gossip packets that arrive out of order.
+ Fix incorrect lag reported in XINFO GROUPS.
+ Avoid shard id update of replica if not matching with primary shard id.
-- Lena Voytek <[email protected]> Tue, 24 Jun 2025 14:45:07
-0400
** Changed in: valkey (Ubuntu Plucky)
Status: Fix Committed => Fix Released
** CVE added: https://cve.org/CVERecord?id=CVE-2025-21605
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2115258
Title:
Update Valkey to 7.2.10 in noble, 8.0.4 in plucky, and 8.1.3 in
questing
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/valkey/+bug/2115258/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
