Advisories » MGASA-2020-0362

Updated lua and lua5.3 packages fix security vulnerability

Publication date: 04 Sep 2020
Modification date: 04 Sep 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2020-24370

Description

ldebug.c in Lua 5.4.0 allows a negation overflow and segmentation fault
in getlocal and setlocal, as demonstrated by getlocal(3,2^31).
(CVE-2020-24370)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=27213
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/QXYMCIUNGK26VHAYHGP5LPW56G2KWOHQ/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24370

SRPMS

7/core

• lua-5.2.4-3.1.mga7
• lua5.3-5.3.5-2.1.mga7