==========================================================================
Ubuntu Security Notice USN-7824-2
October 16, 2025

redict vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 25.10
- Ubuntu 25.04

Summary:

Redict could be made to crash or run programs if it received
specially crafted network traffic from an authenticated user.

Software Description:
- redict: Distributed key/value store

Details:

USN-7824-1 fixed several vulnerabilities in Redis. This update provides
the corresponding update for Redict - a fork of Redis.

Original advisory details:

Benny Isaacs, Nir Brakha, and Sagi Tzadik discovered that Redis incorrectly
handled memory when running Lua scripts. An authenticated attacker could use
this vulnerability to trigger a use-after-free condition, and potentially 
achieve remote code execution on the Redis server.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.10
  redict                          7.3.5+ds-1ubuntu0.1
  redict-sentinel                 7.3.5+ds-1ubuntu0.1
  redict-server                   7.3.5+ds-1ubuntu0.1
  redict-tools                    7.3.5+ds-1ubuntu0.1

Ubuntu 25.04
  redict                          7.3.2+ds-1ubuntu0.1
  redict-sentinel                 7.3.2+ds-1ubuntu0.1
  redict-server                   7.3.2+ds-1ubuntu0.1
  redict-tools                    7.3.2+ds-1ubuntu0.1

After a standard system update you need to restart Redict to make
all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-7824-2
  https://ubuntu.com/security/notices/USN-7824-1
  CVE-2025-49844

Package Information:
  https://launchpad.net/ubuntu/+source/redict/7.3.5+ds-1ubuntu0.1
  https://launchpad.net/ubuntu/+source/redict/7.3.2+ds-1ubuntu0.1