Описание
Security update for lua53
This update for lua53 fixes the following issues:
Update to version 5.3.6:
- CVE-2020-24371: lgc.c mishandles the interaction between barriers and the sweep phase, leading to a memory access violation involving collectgarbage (bsc#1175449)
- CVE-2020-24370: ldebug.c allows a negation overflow and segmentation fault in getlocal and setlocal (bsc#1175448)
- Long brackets with a huge number of '=' overflow some internal buffer arithmetic.
This update was imported from the SUSE:SLE-15:Update update project.
Список пакетов
openSUSE Leap 15.2
liblua5_3-5-5.3.6-lp152.5.3.1
liblua5_3-5-32bit-5.3.6-lp152.5.3.1
lua53-5.3.6-lp152.5.3.1
lua53-devel-5.3.6-lp152.5.3.1
lua53-doc-5.3.6-lp152.5.3.1
Ссылки
- E-Mail link for openSUSE-SU-2021:0962-1
- SUSE Security Ratings
- SUSE Bug 1175448
- SUSE Bug 1175449
- SUSE CVE CVE-2020-24370 page
- SUSE CVE CVE-2020-24371 page
Описание
ldebug.c in Lua 5.4.0 allows a negation overflow and segmentation fault in getlocal and setlocal, as demonstrated by getlocal(3,2^31).
Затронутые продукты
openSUSE Leap 15.2:liblua5_3-5-32bit-5.3.6-lp152.5.3.1
openSUSE Leap 15.2:liblua5_3-5-5.3.6-lp152.5.3.1
openSUSE Leap 15.2:lua53-5.3.6-lp152.5.3.1
openSUSE Leap 15.2:lua53-devel-5.3.6-lp152.5.3.1
Ссылки
- CVE-2020-24370
- SUSE Bug 1175448
Описание
lgc.c in Lua 5.4.0 mishandles the interaction between barriers and the sweep phase, leading to a memory access violation involving collectgarbage.
Затронутые продукты
openSUSE Leap 15.2:liblua5_3-5-32bit-5.3.6-lp152.5.3.1
openSUSE Leap 15.2:liblua5_3-5-5.3.6-lp152.5.3.1
openSUSE Leap 15.2:lua53-5.3.6-lp152.5.3.1
openSUSE Leap 15.2:lua53-devel-5.3.6-lp152.5.3.1
Ссылки
- CVE-2020-24371
- SUSE Bug 1175449