Your submission was sent successfully! Close

USN-5316-1: Redis vulnerability

8 March 2022

Redis could be made to run programs if it received specially crafted network traffic from an authenticated user.

Releases

Packages

  • redis - Persistent key-value database with network interface

Details

Reginaldo Silva discovered that due to a packaging issue, a remote attacker
with the ability to execute arbitrary Lua scripts could possibly escape the
Lua sandbox and execute arbitrary code on the host.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 21.10
Ubuntu 20.04

In general, a standard system update will make all the necessary changes.

References