lua-5.4.4-2.el9

エラータID: AXSA:2023-5175:02

Release date: 
Wednesday, March 1, 2023 - 00:17
Subject: 
lua-5.4.4-2.el9
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
Moderate
Description: 

The lua packages provide support for Lua, a powerful light-weight programming language designed for extending applications. Lua is also frequently used as a general-purpose, stand-alone language.

Security Fix(es):

* lua: use after free allows Sandbox Escape (CVE-2021-44964)
* lua: stack overflow in lua_resume of ldo.c allows a DoS via a crafted script file (CVE-2021-43519)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2021-43519
Stack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4 allows attackers to perform a Denial of Service via a crafted script file.
CVE-2021-44964
Use after free in garbage collector and finalizer of lgc.c in Lua interpreter 5.4.0~5.4.3 allows attackers to perform Sandbox Escape via a crafted script file.

Solution: 

Update packages.

CVEs: 
CVE-2021-43519
Stack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4 allows attackers to perform a Denial of Service via a crafted script file.
CVE-2021-44964
Use after free in garbage collector and finalizer of lgc.c in Lua interpreter 5.4.0~5.4.3 allows attackers to perform Sandbox Escape via a crafted script file.
Additional Info: 

N/A

Download: 

SRPMS
  1. lua-5.4.4-2.el9.src.rpm
    MD5: 862e3bfc03d5a9f3fba1bf27821e0b9d
    SHA-256: 6f824c607330ba40b62d532819960308dd5c1ef456a9934fcebcf3969615d0c1
    Size: 804.23 kB

Asianux Server 9 for x86_64
  1. lua-5.4.4-2.el9.i686.rpm
    MD5: e30cab8276ca2d7aa2db6142b62de463
    SHA-256: 50bcb4bdf707455e8fe6541cbf56da3265e9a617b41544c975a05ad253493995
    Size: 193.39 kB
  2. lua-5.4.4-2.el9.x86_64.rpm
    MD5: a1dc58cab1e94a9a4269a0a74c5116ec
    SHA-256: 7be44d55bc0cc69d4e5d1cf5a0298b19e805e6739b468b0cd0b127a95ec89e50
    Size: 186.58 kB
  3. lua-devel-5.4.4-2.el9.i686.rpm
    MD5: 8e50a5ab7ddeee4f4f2eddf6f94dd0d9
    SHA-256: 8a3a8e3386cf2b0da2e6e8c50993c5dd342fdb5a96a6ac4c89f2d760862c5031
    Size: 21.18 kB
  4. lua-devel-5.4.4-2.el9.x86_64.rpm
    MD5: a2405aca46294f9c62710aaeb23d04ac
    SHA-256: f52d0b3c167538ee8013c794908beb45ab7317f07d17e7e2a24317ec1bb1884a
    Size: 21.16 kB
  5. lua-libs-5.4.4-2.el9.i686.rpm
    MD5: 5612f9da79dd057fc0ce3eb5ba7d00f4
    SHA-256: 9eea9100b74fa3371cf95e065657253318a72650709dd9921a15824c76c33636
    Size: 238.19 kB
  6. lua-libs-5.4.4-2.el9.x86_64.rpm
    MD5: 3d0cfd943e8c54f172459b226795fd7e
    SHA-256: 4793910ab764d75cc3c0420fd8afe961e417dbf72a92bfb29511419cccbfa736
    Size: 214.11 kB