Описание
Moderate: lua security update
The lua packages provide support for Lua, a powerful light-weight programming language designed for extending applications. Lua is also frequently used as a general-purpose, stand-alone language.
Security Fix(es):
-
lua: use after free allows Sandbox Escape (CVE-2021-44964)
-
lua: stack overflow in lua_resume of ldo.c allows a DoS via a crafted script file (CVE-2021-43519)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Затронутые продукты
Rocky Linux 9
Связанные CVE
Исправления
- Red Hat - 2047672
- Red Hat - 2064772
Связанные уязвимости
Use after free in garbage collector and finalizer of lgc.c in Lua interpreter 5.4.0~5.4.3 allows attackers to perform Sandbox Escape via a crafted script file.
Use after free in garbage collector and finalizer of lgc.c in Lua interpreter 5.4.0~5.4.3 allows attackers to perform Sandbox Escape via a crafted script file.
Use after free in garbage collector and finalizer of lgc.c in Lua interpreter 5.4.0~5.4.3 allows attackers to perform Sandbox Escape via a crafted script file.
