==========================================================================

Ubuntu Security Notice USN-7359-1
March 19, 2025

valkey vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.10
- Ubuntu 24.04 LTS

Summary:

Several security issues were fixed in Valkey.

Software Description:
- valkey: Conversion script and compatibility symlinks for Redis

Details:

It was discovered that Valkey did not properly handle memory
cleanup. An attacker could possibly use this issue to execute
arbitrary code. (CVE-2024-46981)

It was discovered that Valkey did not properly handle resource
access permissions. An authenticated attacker could possibly
use this issue to cause a denial of service. (CVE-2024-51741)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.10
  valkey-redis-compat             7.2.8+dfsg1-0ubuntu0.24.10.2
  valkey-sentinel                 7.2.8+dfsg1-0ubuntu0.24.10.2
  valkey-server                   7.2.8+dfsg1-0ubuntu0.24.10.2
  valkey-tools                    7.2.8+dfsg1-0ubuntu0.24.10.2

Ubuntu 24.04 LTS
  valkey-redis-compat             7.2.8+dfsg1-0ubuntu0.24.04.2
  valkey-sentinel                 7.2.8+dfsg1-0ubuntu0.24.04.2
  valkey-server                   7.2.8+dfsg1-0ubuntu0.24.04.2
  valkey-tools                    7.2.8+dfsg1-0ubuntu0.24.04.2

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7359-1 
<https://ubuntu.com/security/notices/USN-7359-1>
  CVE-2024-46981, CVE-2024-51741

Package Information:
https://launchpad.net/ubuntu/+source/valkey/7.2.8+dfsg1-0ubuntu0.24.10.2 
<https://launchpad.net/ubuntu/+source/valkey/7.2.8+dfsg1-0ubuntu0.24.10.2>
https://launchpad.net/ubuntu/+source/valkey/7.2.8+dfsg1-0ubuntu0.24.04.2 
<https://launchpad.net/ubuntu/+source/valkey/7.2.8+dfsg1-0ubuntu0.24.04.2>