Public bug reported: Valkey should be updated from 7.2.5 to 7.2.7 in noble to fix the following security issues and other bugs:
(CVE-2024-31449) Lua library commands may lead to stack overflow and potential RCE. (CVE-2024-31227) Potential Denial-of-service due to malformed ACL selectors. (CVE-2024-31228) Potential Denial-of-service due to unbounded pattern matching. https://github.com/valkey-io/valkey/pull/1001 https://github.com/valkey-io/valkey/pull/965 https://github.com/valkey-io/valkey/pull/608 https://github.com/valkey-io/valkey/pull/526 https://github.com/valkey-io/valkey/issues/784 https://github.com/valkey-io/valkey/issues/619 https://github.com/valkey-io/valkey/pull/634 https://github.com/valkey-io/valkey/pull/461 https://github.com/valkey-io/valkey/issues/719 ** Affects: valkey (Ubuntu) Importance: Undecided Status: Fix Released ** Affects: valkey (Ubuntu Noble) Importance: Undecided Assignee: Lena Voytek (lvoytek) Status: In Progress ** Affects: valkey (Ubuntu Oracular) Importance: Undecided Assignee: Lena Voytek (lvoytek) Status: In Progress ** Also affects: valkey (Ubuntu Noble) Importance: Undecided Status: New ** Changed in: valkey (Ubuntu Noble) Status: New => In Progress ** Changed in: valkey (Ubuntu Noble) Assignee: (unassigned) => Lena Voytek (lvoytek) ** Changed in: valkey (Ubuntu) Status: New => Fix Released ** Summary changed: - Update Valkey to 7.2.7 in noble + Update Valkey to 7.2.7 in noble and oracular ** Also affects: valkey (Ubuntu Oracular) Importance: Undecided Status: New ** Changed in: valkey (Ubuntu Oracular) Status: New => In Progress ** Changed in: valkey (Ubuntu Oracular) Assignee: (unassigned) => Lena Voytek (lvoytek) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2091129 Title: Update Valkey to 7.2.7 in noble and oracular To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/valkey/+bug/2091129/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
