This bug was fixed in the package valkey - 9.0.4-0ubuntu1
---------------
valkey (9.0.4-0ubuntu1) stonking; urgency=medium
* New upstream version 9.0.4 (LP: #2151296)
- Security fixes:
+ CVE-2026-23479: Use-After-Free in unblock client flow.
+ CVE-2026-25243: Invalid Memory Access in RESTORE command.
+ CVE-2026-23631: Use-after-free when full sync occurs during a yielding
Lua/function execution.
-- Lena Voytek <[email protected]> Wed, 06 May 2026 07:49:38
-0400
** Changed in: valkey (Ubuntu Stonking)
Status: In Progress => Fix Released
** CVE added: https://cve.org/CVERecord?id=CVE-2026-23479
** CVE added: https://cve.org/CVERecord?id=CVE-2026-23631
** CVE added: https://cve.org/CVERecord?id=CVE-2026-25243
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2151296
Title:
Update Valkey to 7.2.13 in noble, 8.1.7 in questing, and 9.0.4 in
resolute and stonking
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/valkey/+bug/2151296/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
