Advisories » MGASA-2014-0414

Updated lua and lua5.1 packages fix security vulnerability

Publication date: 23 Oct 2014
Modification date: 23 Oct 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-5461

Description

A heap-based overflow vulnerability was found in the way Lua handles varargs
functions with many fixed parameters called with few arguments, leading to
application crashes or, potentially, arbitrary code execution (CVE-2014-5461).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=14038
• http://www.lua.org/bugs.html#5.2.2-1
• https://www.debian.org/security/2014/dsa-3015
• https://www.debian.org/security/2014/dsa-3016
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5461

SRPMS

4/core

• lua5.1-5.1.5-4.1.mga4
• lua-5.2.2-2.1.mga4

3/core

• lua5.1-5.1.5-2.2.mga3
• lua-5.2.2-1.1.mga3