This bug was fixed in the package valkey - 8.1.6+dfsg1-0ubuntu0.1
---------------
valkey (8.1.6+dfsg1-0ubuntu0.1) questing; urgency=medium
* New upstream version 8.1.6 (LP: #2142590)
- Security fixes:
+ CVE-2025-67733: RESP Protocol Injection via Lua error_reply.
+ CVE-2026-21863: Remote DoS with malformed Valkey Cluster bus message.
- Bug fixes:
+ Restrict ttl from being negative and avoid crash in import-mode.
+ Fix chained replica crash when doing dual channel replication.
+ Fix used_memory_dataset underflow due to miscalculated
used_memory_overhead.
+ Fix crashing while MODULE UNLOAD when ACL rules reference a module
command or subcommand.
+ Fix server assert on ACL LOAD and resetchannels.
+ Fix bug causing no response flush sometimes when IO threads are busy.
+ Fix Lua VM crash after FUNCTION FLUSH ASYNC + FUNCTION LOAD.
+ Fix invalid memory address caused by hashtable shrinking during safe
iteration.
+ Cluster: Avoid usage of light weight messages to nodes with not ready
bidirectional links.
+ Send duplicate multi meet packet only for node which supports it.
+ Fix loading AOF files from future Valkey versions.
* d/rules: Skip maxmemory unit test during builds as it often times out.
-- Lena Voytek <[email protected]> Tue, 24 Feb 2026 08:49:19
-0500
** Changed in: valkey (Ubuntu Questing)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2142590
Title:
Update Valkey to 7.2.12 in noble, 8.1.6 in questing, and 9.0.3 in
resolute
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/valkey/+bug/2142590/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
