Several security issues were fixed in Redis, lua5.1, lua-cjson, lua-bitop.
Software Description:
- redis: Persistent key-value database with network interface
- lua-bitop: fast bit manipulation library for the Lua language
- lua-cjson: JSON parser/encoder for Lua language
- lua5.1: Lua is an embeddable scripting language
Details:
It was discovered that Redis incorrectly handled certain specially crafted
Lua scripts. A remote attacker could possibly use this issue to cause a
denial of service or execute arbitrary code. This issue was only addressed in
lua5.1 on Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2025-49844)
It was discovered that Redis incorrectly handled certain specially crafted
Lua scripts. A remote attacker could possibly use this issue to cause a
denial of service or execute arbitrary code. This issue was only addressed in
lua-bitop on Ubuntu 20.04 LTS and Ubuntu 22.04 LTS and in redis on Ubuntu
16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 24.04 LTS. (CVE-2024-31449)
S...
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.04 LTS
redis 5:7.0.15-1ubuntu0.24.04.4
redis-sentinel 5:7.0.15-1ubuntu0.24.04.4
redis-server 5:7.0.15-1ubuntu0.24.04.4
redis-tools 5:7.0.15-1ubuntu0.24.04.4
Ubuntu 22.04 LTS
liblua5.1-0 5.1.5-8.1ubuntu0.22.04.1~esm1
Available with Ubuntu Pro
liblua5.1-0-dev 5.1.5-8.1ubuntu0.22.04.1~esm1
Available with Ubuntu Pro
liblua5.1-bitop-dev 1.0.2-5ubuntu0.22.04.1~esm2
Available with Ubuntu Pro
liblua5.1-bitop0 1.0.2-5ubuntu0.22.04.1~esm2
Available with Ubuntu Pro
lua-bitop 1.0.2-5ubuntu0.22.04.1~esm2
Available with Ubuntu Pro
lua-bitop-dev 1.0.2-5ubuntu0.22.04.1~esm2
Available with Ubuntu Pro
lua-cjson 2.1.0+dfsg-2.1ubuntu0.22.04.1~esm2
Available with Ubuntu Pro
lua-cjson-dev 2.1.0+dfsg-2.1ubuntu0.22.04.1~esm2
Available with Ubuntu Pro
lua5.1 5.1.5-8.1ubuntu0.22.04.1~esm1
Available with Ubuntu Pro
Ubuntu 20.04 LTS
liblua5.1-0 5.1.5-8.1ubuntu0.20.04.1~esm1
Available with Ubuntu Pro
liblua5.1-0-dev 5.1.5-8.1ubuntu0.20.04.1~esm1
Available with Ubuntu Pro
liblua5.1-bitop-dev 1.0.2-5ubuntu0.20.04.1~esm2
Available with Ubuntu Pro
liblua5.1-bitop0 1.0.2-5ubuntu0.20.04.1~esm2
Available with Ubuntu Pro
lua-bitop 1.0.2-5ubuntu0.20.04.1~esm2
Available with Ubuntu Pro
lua-bitop-dev 1.0.2-5ubuntu0.20.04.1~esm2
Available with Ubuntu Pro
lua-cjson 2.1.0+dfsg-2.1ubuntu0.20.04.1~esm2
Available with Ubuntu Pro
lua-cjson-dev 2.1.0+dfsg-2.1ubuntu0.20.04.1~esm2
Available with Ubuntu Pro
lua5.1 5.1.5-8.1ubuntu0.20.04.1~esm1
Available with Ubuntu Pro
Ubuntu 18.04 LTS
redis 5:4.0.9-1ubuntu0.2+esm7
Available with Ubuntu Pro
redis-sentinel 5:4.0.9-1ubuntu0.2+esm7
Available with Ubuntu Pro
redis-server 5:4.0.9-1ubuntu0.2+esm7
Available with Ubuntu Pro
redis-tools 5:4.0.9-1ubuntu0.2+esm7
Available with Ubuntu Pro
Ubuntu 16.04 LTS
redis-sentinel 2:3.0.6-1ubuntu0.4+esm5
Available with Ubuntu Pro
redis-server 2:3.0.6-1ubuntu0.4+esm5
Available with Ubuntu Pro
redis-tools 2:3.0.6-1ubuntu0.4+esm5
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.https://ubuntu.com/security/notices/USN-8169-1
CVE-2022-24834, CVE-2024-31449, CVE-2025-49844
Get the latest Linux and open source security news straight to your inbox.