[ubuntu/questing-updates] valkey 8.1.4+dfsg1-0ubuntu0.1 (Accepted)
Nick Rosbrook
nick.rosbrook at canonical.com
Wed Nov 12 20:38:20 UTC 2025
valkey (8.1.4+dfsg1-0ubuntu0.1) questing; urgency=medium
* New upstream version 8.1.4 (LP: #2127122)
- Security fixes:
+ CVE-2025-49844: Lua script may lead to remote code execution.
+ CVE-2025-46817: Lua script may lead to int overflow and potential RCE.
+ CVE-2025-46818: Lua script can be executed in context of another user.
+ CVE-2025-46819: LUA out-of-bound read
+ CVE-2025-49112: Integer underflow in setDeferredReply networking.c.
- Bug fixes:
+ Fix accounting for dual channel RDB bytes in replication stats.
+ Ensure empty error tables in scripts don't crash Valkey.
+ Fix use-after-free when active expiration triggers hashtable to shrink.
+ Fix memory usage to consider embedded keys.
+ Fix leak when shrinking a hashtable without entries.
+ Fix large allocations crashing Valkey during active defrag.
+ Prevent bad memory access when NOTOUCH client gets unblocked.
+ Converge shard-id persisted in nodes.conf to primary's shard id.
+ Fix client tracking memory overhead calculation.
+ Fix pre-size hashtables per slot when reading RDB files.
+ Don't use AVX2 instructions if the CPU don't support it.
+ Defrag if slab 1/8 full to fix defrag didn't stop issue.
* Remove patches fixed upstream:
- d/p/CVE-2025-49112.patch
- d/p/fix-8.1.x-multi-unit-test.patch
Date: 2025-10-15 19:14:11.942541+00:00
Changed-By: Lena Voytek <lena.voytek at canonical.com>
Signed-By: Nick Rosbrook <nick.rosbrook at canonical.com>
https://launchpad.net/ubuntu/+source/valkey/8.1.4+dfsg1-0ubuntu0.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the Questing-changes
mailing list