Login
Newsletter
Werbung
Sicherheit: Zwei Probleme in Valkey
Aktuelle Meldungen Distributionen
Name: Zwei Probleme in Valkey
ID: USN-7359-1
Distribution: Ubuntu
Plattformen: Ubuntu 24.04 LTS, Ubuntu 24.10
Datum: Fr, 21. März 2025, 06:08
Referenzen: https://ubuntu.com/security/notices/USN-7359-1
https://launchpad.net/ubuntu/+source/valkey/7.2.8+dfsg1-0ubuntu0.24.10.2
https://www.cve.org/CVERecord?id=CVE-2024-51741
https://www.cve.org/CVERecord?id=CVE-2024-46981
https://launchpad.net/ubuntu/+source/valkey/7.2.8+dfsg1-0ubuntu0.24.04.2
Applikationen: Valkey

Originalnachricht

 
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============5086219941904773215==
Content-Language: en-US
Content-Type: multipart/signed; micalg=pgp-sha256;
 protocol="application/pgp-signature";
 boundary="------------ZAFt07NSWyUr20IzH07Xf2ZX"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--------------ZAFt07NSWyUr20IzH07Xf2ZX
Content-Type: multipart/mixed;
 boundary="------------0534MMQOg5HUMUsliM0Uz8iP";
 protected-headers="v1"
From: Julia Sarris <julia.sarris@canonical.com>
Reply-To: security@ubuntu.com
To: ubuntu-security-announce@lists.ubuntu.com
Message-ID: <dc2e288f-56e5-4bef-86ee-8b88740e462e@canonical.com>
Subject: [USN-7359-1] Valkey vulnerabilities

--------------0534MMQOg5HUMUsliM0Uz8iP
Content-Type: multipart/mixed;
 boundary="------------psk0hMZB2wqH7svQ8JIsgxKK"

--------------psk0hMZB2wqH7svQ8JIsgxKK
Content-Type: multipart/alternative;
 boundary="------------06DqLB0BmaDYBZ07xKsX07c8"

--------------06DqLB0BmaDYBZ07xKsX07c8
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: base64

==========================================================================

Ubuntu Security Notice USN-7359-1
March 19, 2025

valkey vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.10
- Ubuntu 24.04 LTS

Summary:

Several security issues were fixed in Valkey.

Software Description:
- valkey: Conversion script and compatibility symlinks for Redis

Details:

It was discovered that Valkey did not properly handle memory
cleanup. An attacker could possibly use this issue to execute
arbitrary code. (CVE-2024-46981)

It was discovered that Valkey did not properly handle resource
access permissions. An authenticated attacker could possibly
use this issue to cause a denial of service. (CVE-2024-51741)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.10
   valkey-redis-compat             7.2.8+dfsg1-0ubuntu0.24.10.2
   valkey-sentinel                 7.2.8+dfsg1-0ubuntu0.24.10.2
   valkey-server                   7.2.8+dfsg1-0ubuntu0.24.10.2
   valkey-tools                    7.2.8+dfsg1-0ubuntu0.24.10.2

Ubuntu 24.04 LTS
   valkey-redis-compat             7.2.8+dfsg1-0ubuntu0.24.04.2
   valkey-sentinel                 7.2.8+dfsg1-0ubuntu0.24.04.2
   valkey-server                   7.2.8+dfsg1-0ubuntu0.24.04.2
   valkey-tools                    7.2.8+dfsg1-0ubuntu0.24.04.2

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7359-1 
<https://ubuntu.com/security/notices/USN-7359-1>
   CVE-2024-46981, CVE-2024-51741

Package Information:
https://launchpad.net/ubuntu/+source/valkey/7.2.8+dfsg1-0ubuntu0.24.10.2 
<https://launchpad.net/ubuntu/+source/valkey/7.2.8+dfsg1-0ubuntu0.24.10.2>
https://launchpad.net/ubuntu/+source/valkey/7.2.8+dfsg1-0ubuntu0.24.04.2 
<https://launchpad.net/ubuntu/+source/valkey/7.2.8+dfsg1-0ubuntu0.24.04.2>

--------------06DqLB0BmaDYBZ07xKsX07c8
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE html>
<html>
  <head>

    <meta http-equiv=3D"Content-Type" content=3D"text/html;
 charset=3DUTF=
-8">
  </head>
  <body>
   
 <p>=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D</p>
    <div id=3D":1mn" class=3D"a3s aiL ">
      Ubuntu Security Notice USN-7359-1<br>
      March 19, 2025<br>
      <br>
      valkey vulnerabilities<br>
      =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D<wbr>=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D<wbr>=3D=3D=3D=3D=3D=3D=3D=3D=3D
=
=3D=3D=3D=3D=3D<br>
      <br>
      A security issue affects these releases of Ubuntu and its
      derivatives:<br>
      <br>
      - Ubuntu 24.10<br>
      - Ubuntu 24.04 LTS<br>
      <br>
      Summary:<br>
      <br>
      Several security issues were fixed in Valkey.<br>
      <br>
      Software Description:<br>
      - valkey: Conversion script and compatibility symlinks for Redis<br=
>
      <br>
      Details:<br>
      <br>
      It was discovered that Valkey did not properly handle memory<br>
      cleanup. An attacker could possibly use this issue to execute<br>
      arbitrary code. (CVE-2024-46981)<br>
      <br>
      It was discovered that Valkey did not properly handle resource<br>
      access permissions. An authenticated attacker could possibly<br>
      use this issue to cause a denial of service. (CVE-2024-51741)<br>
      <br>
      Update instructions:<br>
      <br>
      The problem can be corrected by updating your system to the
      following<br>
      package versions:<br>
      <br>
      Ubuntu 24.10<br>
      =C2=A0 valkey-redis-compat=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0=
 =C2=A07.2.8+dfsg1-0ubuntu0.24.10.2<br>
      =C2=A0 valkey-sentinel=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A07.2.8+dfsg1-0ubuntu0.24.10.2<br>
      =C2=A0 valkey-server=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0=
 =C2=A0 =C2=A0 =C2=A07.2.8+dfsg1-0ubuntu0.24.10.2<br>
      =C2=A0 valkey-tools=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0=
 =C2=A0 =C2=A0 =C2=A0 7.2.8+dfsg1-0ubuntu0.24.10.2<br>
      <br>
      Ubuntu 24.04 LTS<br>
      =C2=A0 valkey-redis-compat=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0=
 =C2=A07.2.8+dfsg1-0ubuntu0.24.04.2<br>
      =C2=A0 valkey-sentinel=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A07.2.8+dfsg1-0ubuntu0.24.04.2<br>
      =C2=A0 valkey-server=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0=
 =C2=A0 =C2=A0 =C2=A07.2.8+dfsg1-0ubuntu0.24.04.2<br>
      =C2=A0 valkey-tools=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0=
 =C2=A0 =C2=A0 =C2=A0 7.2.8+dfsg1-0ubuntu0.24.04.2<br>
      <br>
      In general, a standard system update will make all the necessary
      changes.<br>
      <br>
      References:<br>
      =C2=A0 <a href=3D"https://ubuntu.com/security/notices/USN-7359-1"
        rel=3D"noreferrer" target=3D"_blank"
data-saferedirecturl=3D"https://www.google.com/url?q=3Dhttps://ubuntu.com=
/security/notices/USN-7359-1&amp;source=3Dgmail&amp;ust=3D174248328400300
=
0&amp;usg=3DAOvVaw0B_nFq-tBtV9h7F-2MBuyt">https://ubuntu.com/security/no<=
wbr>tices/USN-7359-1</a><br>
      =C2=A0 CVE-2024-46981, CVE-2024-51741<br>
      <br>
      Package Information:<br>
      =C2=A0 <a
href=3D"https://launchpad.net/ubuntu/+source/valkey/7.2.8+dfsg1-0ubuntu0.=
24.10.2"
        rel=3D"noreferrer" target=3D"_blank"
data-saferedirecturl=3D"https://www.google.com/url?q=3Dhttps://launchpad.=
net/ubuntu/%2Bsource/valkey/7.2.8%2Bdfsg1-0ubuntu0.24.10.2&amp;source=3Dg=
mail&amp;ust=3D1742483284003000&amp;usg=3DAOvVaw2MJJhMDDyKGNstOXXFGRAT">h
=
ttps://launchpad.net/ubuntu/+<wbr>source/valkey/7.2.8+dfsg1-0ubu<wbr>ntu0
=
=2E24.10.2</a><br>
      =C2=A0 <a
href=3D"https://launchpad.net/ubuntu/+source/valkey/7.2.8+dfsg1-0ubuntu0.=
24.04.2"
        rel=3D"noreferrer" target=3D"_blank"
data-saferedirecturl=3D"https://www.google.com/url?q=3Dhttps://launchpad.=
net/ubuntu/%2Bsource/valkey/7.2.8%2Bdfsg1-0ubuntu0.24.04.2&amp;source=3Dg=
mail&amp;ust=3D1742483284003000&amp;usg=3DAOvVaw3Y8L-DFjSctxCw4LxAgnRV">h
=
ttps://launchpad.net/ubuntu/+<wbr>source/valkey/7.2.8+dfsg1-0ubu<wbr>ntu0
=
=2E24.04.2</a>
      <div class=3D"yj6qo"></div>
      <div class=3D"adL"><br>
      </div>
    </div>
  </body>
</html>

--------------06DqLB0BmaDYBZ07xKsX07c8--

--------------psk0hMZB2wqH7svQ8JIsgxKK
Content-Type: application/pgp-keys;
 name="OpenPGP_0x401EFCBCDA0FF1BD.asc"
Content-Disposition: attachment;
 filename="OpenPGP_0x401EFCBCDA0FF1BD.asc"
Content-Description: OpenPGP public key
Content-Transfer-Encoding: quoted-printable

-----BEGIN PGP PUBLIC KEY BLOCK-----

xsBNBGao8McBCAD/mTHpWpp0rMyhX+xQYmuj1DoCiadFZysyAyKIFXODXRSOAQ58
YTf6BEuhPtEamZq+aJEGOTBJmUZxvGMv0Fo5yBN+OGoMA2CJQwxWQCZCptfivOCI
D5p2eANebDVXpZHHgpNwCyFVZR/UfSLMqX/y2wEi1AC4CKc3ihFBWdMJVdDk6zz0
4g/x4w76CZczUpe17QWD1XuAWUxmaVGM/TiKjktq3Lp6yZrb0QSYjCovXAGwfBmz
beludDi+EMDmh76PeKWfqQ38QSPEvN+Lv6OTjPWDfilfuOPpDZA2gsjNj3TaBllL
k9YW98OrqsbegQ0BhPgoPYQ3S15ikv53M8o/ABEBAAHNKUp1bGlhIFNhcnJpcyA8
anVsaWEuc2FycmlzQGNhbm9uaWNhbC5jb20+wsCRBBMBCgA7FiEEOMd9M4Vpc6WH
Yvv+QB78vNoP8b0FAmao8McCGwMFCwkIBwICIgIGFQoJCAsCBBYCAwECHgcCF4AA
CgkQQB78vNoP8b3fXQf6Awx8Nd5FkMMGdrWqBjIPZv1Ogkka2+PiIqwqcIeQGvam
V/bpIKOCb4QOS4kgQ+hNS1mmK+T/aWXRCYhiBIPAOIbo7jcMGxNz7V3+43RxlNVl
zt3feYM/QAJmgK8bjdCzI5ZQHiyX8pgOieCylRrcjroQHa9CxHej4aJGCaPGLFGo
81lYWJm21NP4LJTLk03ncJT8Ss64R28cOWUHujysxftAPHVYpPLdlwuJ3lgC8M5n
eq0qwsv22j62ldd/J7u2psRSczaU1ve/TfX71ZCyZZiw2Tm5HvaskD+CilXOaL2H
+KediuEtkQk5KKQikg2XtjbqCYyIxQT50v1TIu86ss7ATQRmqPDHAQgA5zGDufJq
9MhhDPJqM3Qz4kQXLKDXz2l5EovU5olrYerGmskpUBUSwfgAeBu9gMP5Y24spir3
eMm6O7m8EJsihMPCw4Iblzi9YZZX1TY3wegRXFIiaqW5kELnjhVnRpS9WQi9FDd9
gGPp7X3iQ8/B6+nyHitqhcj2A+Vpk5HaguY8zl3yEOwFnud5TEbSb/xYz7DhX5uv
B/FZ9rgn+j2N0hC/RVN1MpSRHZEbOCfpaYr/teiQexOWBlVVnZgCkHb9F0NiNImv
dXVZ18jY5wfgxemfgm8l4nDUlSMUIMiwGYekPMEuYvoDNPwfzzlYHKrVoqp54KMd
JALMUar1bVZtxQARAQABwsB2BBgBCgAgFiEEOMd9M4Vpc6WHYvv+QB78vNoP8b0F
Amao8McCGwwACgkQQB78vNoP8b10+ggA8nW+R2g9BDvkpurM0lwpaCtgKbaENIGg
lpxNXEEUEW7AaR4Mme+4PA/SdpWrFzVa0OGhqtZxkovUZXpgiLlx5/eR1Bl+TUuO
rjZkjGBy3r2Ce1JLwKilSZk7Bk45L7QDxA+NOLSFS7ADqzv37J2jhpfczqrYdpSj
kHgUvkapbuB0ONpQ/mhH9UDquY3eMGv3GSrvggVS0mKjR6bMl1plBWcfJ+Y//xQc
6S1bBdjbmwKMZjYbvhTpPbVeUOUdOg/0mYC/3rjSO+2OEn1Q+YIdfGqbLpDAbruG
m7XHtUOXesWorhDMzQGRpj7R+ed/9uJs0Nvg5FqAKTrzh+90ngEGuA=3D=3D
=3DQkbp
-----END PGP PUBLIC KEY BLOCK-----

--------------psk0hMZB2wqH7svQ8JIsgxKK--

--------------0534MMQOg5HUMUsliM0Uz8iP--

--------------ZAFt07NSWyUr20IzH07Xf2ZX
Content-Type: application/pgp-signature; name="OpenPGP_signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="OpenPGP_signature.asc"

-----BEGIN PGP SIGNATURE-----

wsB5BAABCAAjFiEEOMd9M4Vpc6WHYvv+QB78vNoP8b0FAmfcFEUFAwAAAAAACgkQQB78vNoP8b2e
sAf/XRAPrYmblCu1U5Iy8GSdZmPFKAzcAFkAdIFJuwNkfPnmOTzRz9aMbCRRLihtiMbF+ilOaba3
3Ly2TUjstKTAhiDYvyBTr2Q9onZWYhkFohhi7XcF11OeJPUi7DaA52b1QFfJMoTWywxOl3fkfyjA
5hDME4Dcj3iEwbFw26lRlpvTLl87Yuif8260Q+Uny5xxXE666IRfjjcbP7z3m6+jLs3NWPdtyM3s
wqI3nroNa3pj0vavL3V3yvb1RHwbODoYyKLQ8UrwsXXuV0sB0krsZungRTJ8E6KJoLJzG57UN/Z1
ERD7K2KY8V82MbbLp33qCoQ9VspKCEnjoF0/Us3lpw==
=7UI8
-----END PGP SIGNATURE-----

--------------ZAFt07NSWyUr20IzH07Xf2ZX--


--===============5086219941904773215==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

Cg==

--===============5086219941904773215==--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung