| Package | redis |
|---|---|
| Version | 2:2.8.17-1+deb8u14 (jessie), 3:3.2.6-3+deb9u14 (stretch), 5:5.0.14-1+deb10u7 (buster) |
| Related CVEs | CVE-2024-46981 |
Possible code execution with Lua scripting due to a missing call to the garbage collector has been fixed in the key–value database Redis.
For Debian 10 buster, these problems have been fixed in version 5:5.0.14-1+deb10u7.
For Debian 8 jessie, these problems have been fixed in version 2:2.8.17-1+deb8u14.
For Debian 9 stretch, these problems have been fixed in version 3:3.2.6-3+deb9u14.
We recommend that you upgrade your redis packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.