[Bug 2127122] Re: Update Valkey to 7.2.11 in noble, 8.0.6 in plucky, and 8.1.4 in questing + resolute

Wed, 12 Nov 2025 12:45:57 -0800 

This bug was fixed in the package valkey - 8.1.4+dfsg1-0ubuntu0.1

---------------
valkey (8.1.4+dfsg1-0ubuntu0.1) questing; urgency=medium

  * New upstream version 8.1.4 (LP: #2127122)
    - Security fixes:
      + CVE-2025-49844: Lua script may lead to remote code execution.
      + CVE-2025-46817: Lua script may lead to int overflow and potential RCE.
      + CVE-2025-46818: Lua script can be executed in context of another user.
      + CVE-2025-46819: LUA out-of-bound read
      + CVE-2025-49112: Integer underflow in setDeferredReply networking.c.
    - Bug fixes:
      + Fix accounting for dual channel RDB bytes in replication stats.
      + Ensure empty error tables in scripts don't crash Valkey.
      + Fix use-after-free when active expiration triggers hashtable to shrink.
      + Fix memory usage to consider embedded keys.
      + Fix leak when shrinking a hashtable without entries.
      + Fix large allocations crashing Valkey during active defrag.
      + Prevent bad memory access when NOTOUCH client gets unblocked.
      + Converge shard-id persisted in nodes.conf to primary's shard id.
      + Fix client tracking memory overhead calculation.
      + Fix pre-size hashtables per slot when reading RDB files.
      + Don't use AVX2 instructions if the CPU don't support it.
      + Defrag if slab 1/8 full to fix defrag didn't stop issue.
  * Remove patches fixed upstream:
    - d/p/CVE-2025-49112.patch
    - d/p/fix-8.1.x-multi-unit-test.patch

 -- Lena Voytek <[email protected]>  Sat, 11 Oct 2025 22:37:19
-0400

** Changed in: valkey (Ubuntu Questing)
       Status: Fix Committed => Fix Released

** Changed in: valkey (Ubuntu Plucky)
       Status: Fix Committed => Fix Released

** CVE added: https://cve.org/CVERecord?id=CVE-2025-27151

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2127122

Title:
  Update Valkey to 7.2.11 in noble, 8.0.6 in plucky, and 8.1.4 in
  questing + resolute

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/valkey/+bug/2127122/+subscriptions


-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to