Public bug reported: [Impact]
Various bugs exist in the current Ubuntu version of Valkey in Noble, Oracular and Plucky, including a CVE: (CVE-2025-21605) Allocation of Resources Without Limits or Throttling The other bugs listed upstream are: 8.0.3 - https://github.com/valkey-io/valkey/pull/1199 https://github.com/valkey-io/valkey/pull/1574 https://github.com/valkey-io/valkey/pull/1563 https://github.com/valkey-io/valkey/pull/1541 https://github.com/valkey-io/valkey/pull/1722 https://github.com/valkey-io/valkey/pull/1737 https://github.com/valkey-io/valkey/pull/1721 https://github.com/valkey-io/valkey/pull/1842 https://github.com/valkey-io/valkey/pull/1850 https://github.com/valkey-io/valkey/pull/1825 https://github.com/valkey-io/valkey/pull/1950 https://github.com/valkey-io/valkey/pull/1948 https://github.com/valkey-io/valkey/pull/1777 https://github.com/valkey-io/valkey/pull/1952 https://github.com/valkey-io/valkey/pull/573 7.2.9 - https://github.com/valkey-io/valkey/pull/1873 https://github.com/valkey-io/valkey/pull/1576 https://github.com/valkey-io/valkey/pull/1541 https://github.com/valkey-io/valkey/pull/1722 https://github.com/valkey-io/valkey/pull/1737 https://github.com/valkey-io/valkey/pull/1850 https://github.com/valkey-io/valkey/pull/1825 https://github.com/valkey-io/valkey/pull/1948 https://github.com/valkey-io/valkey/pull/1952 These fixes should be added to the stable release to avoid known security vulnerabilities and issues. Ideally, these fixes should be added by updating to 7.2.9, the latest stable release of 7.x, and 8.0.3 as the latest of 8.0.x. Upstream takes care to avoid backwards incompatible changes in this stable release set and matching their version would best match user expectations. [Test Plan] Initial testing should include making sure dep-8 tests all pass. This package includes a large suite of tests that check various runtime configurations and redis compatibility. [Where problems could occur] As this is a full version backport, backwards-incompatible changes may arise from the various changes included. I have mitigated this by checking each individual commit and have noted any minor updates in the changelog entry. [Other Info] Oracular and Noble will differ from Plucky as they will remain on the 7.2.x version track while Plucky is on 8.x. Both differ from Questing which is on 8.1.x Also this release should be sent to both -updates and -security afterward to provide all relevant users with the fixes Previous Backports: (LP: #2097546) (LP: #2091129) ** Affects: valkey (Ubuntu) Importance: Undecided Status: New ** Affects: valkey (Ubuntu Noble) Importance: Undecided Assignee: Lena Voytek (lvoytek) Status: In Progress ** Affects: valkey (Ubuntu Oracular) Importance: Undecided Assignee: Lena Voytek (lvoytek) Status: In Progress ** Affects: valkey (Ubuntu Plucky) Importance: Undecided Assignee: Lena Voytek (lvoytek) Status: In Progress ** Tags: server-todo ** Also affects: valkey (Ubuntu Noble) Importance: Undecided Status: New ** Also affects: valkey (Ubuntu Oracular) Importance: Undecided Status: New ** Also affects: valkey (Ubuntu Plucky) Importance: Undecided Status: New ** Changed in: valkey (Ubuntu Noble) Status: New => In Progress ** Changed in: valkey (Ubuntu Oracular) Status: New => In Progress ** Changed in: valkey (Ubuntu Plucky) Status: New => In Progress ** Changed in: valkey (Ubuntu Noble) Assignee: (unassigned) => Lena Voytek (lvoytek) ** Changed in: valkey (Ubuntu Oracular) Assignee: (unassigned) => Lena Voytek (lvoytek) ** Changed in: valkey (Ubuntu Plucky) Assignee: (unassigned) => Lena Voytek (lvoytek) ** Description changed: [Impact] Various bugs exist in the current Ubuntu version of Valkey in Noble, Oracular and Plucky, including a CVE: (CVE-2025-21605) Allocation of Resources Without Limits or Throttling The other bugs listed upstream are: 8.0.3 - https://github.com/valkey-io/valkey/pull/1199 https://github.com/valkey-io/valkey/pull/1574 https://github.com/valkey-io/valkey/pull/1563 https://github.com/valkey-io/valkey/pull/1541 https://github.com/valkey-io/valkey/pull/1722 https://github.com/valkey-io/valkey/pull/1737 https://github.com/valkey-io/valkey/pull/1721 https://github.com/valkey-io/valkey/pull/1842 https://github.com/valkey-io/valkey/pull/1850 https://github.com/valkey-io/valkey/pull/1825 https://github.com/valkey-io/valkey/pull/1950 https://github.com/valkey-io/valkey/pull/1948 https://github.com/valkey-io/valkey/pull/1777 https://github.com/valkey-io/valkey/pull/1952 https://github.com/valkey-io/valkey/pull/573 7.2.9 - https://github.com/valkey-io/valkey/pull/1873 https://github.com/valkey-io/valkey/pull/1576 https://github.com/valkey-io/valkey/pull/1541 https://github.com/valkey-io/valkey/pull/1722 https://github.com/valkey-io/valkey/pull/1737 https://github.com/valkey-io/valkey/pull/1850 https://github.com/valkey-io/valkey/pull/1825 https://github.com/valkey-io/valkey/pull/1948 https://github.com/valkey-io/valkey/pull/1952 These fixes should be added to the stable release to avoid known security vulnerabilities and issues. Ideally, these fixes should be added by updating to 7.2.9, the latest stable release of 7.x, and 8.0.3 as the latest of 8.0.x. Upstream takes care to avoid backwards incompatible changes in this stable release set and matching their version would best match user expectations. [Test Plan] Initial testing should include making sure dep-8 tests all pass. This package includes a large suite of tests that check various runtime configurations and redis compatibility. [Where problems could occur] As this is a full version backport, backwards-incompatible changes may arise from the various changes included. I have mitigated this by checking each individual commit and have noted any minor updates in the changelog entry. [Other Info] Oracular and Noble will differ from Plucky as they will remain on the 7.2.x version track while Plucky is on 8.x. Both differ from Questing which is on 8.1.x Also this release should be sent to both -updates and -security afterward to provide all relevant users with the fixes + + Previous Backports: + (LP: #2097546) + (LP: #2091129) ** Tags added: server-todo -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2115258 Title: Update Valkey to 7.2.9 in noble and oracular and 8.0.3 in plucky To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/valkey/+bug/2115258/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
