Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2020.3317 lua5.3 security update 28 September 2020 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: lua5.3 Publisher: Debian Operating System: Debian GNU/Linux 9 UNIX variants (UNIX, Linux, OSX) Impact/Access: Denial of Service -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2020-24370 Original Bulletin: https://lists.debian.org/debian-lts-announce/2020/09/msg00019.html - --------------------------BEGIN INCLUDED TEXT-------------------- - ------------------------------------------------------------------------- Debian LTS Advisory DLA-2381-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Roberto C. S=E1nchez September 26, 2020 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package : lua5.3 Version : 5.3.3-1+deb9u1 CVE ID : CVE-2020-24370 A vulnerability was discovered in lua5.3, a simple, extensible, embeddable programming language whereby a a negation overflow and segmentation fault could be triggered in getlocal and setlocal, as demonstrated by getlocal(3,2^31). For Debian 9 stretch, this problem has been fixed in version 5.3.3-1+deb9u1. We recommend that you upgrade your lua5.3 packages. For the detailed security status of lua5.3 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/lua5.3 Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS - -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEz9ERzDttUsU/BH8iLNd4Xt2nsg8FAl9vSwgACgkQLNd4Xt2n sg9EcA/9Fezk2sGfY5Yj8B4Fx/AprbQrHzLoTQS3TYYrcN7PNk+JRcG8F0QcB0TQ ue0iw8GZx6P+DcENiL7iBu1NPoBSRv/pJpQwKNlP0W+usmFCtKrufJWdhjn2rq93 uX+t1YRp2GAE+K6fNqikTg6StIRJ04iuuto/l/y9Pjv00Ya8S3dHOUI7MwIDaT3B MIMZjzTINLLhOf54xDavTrB3PyzZkv3koewypBv6kjDg6gfo0kojTzn0xqsaO2by gh5KJ0lAjjldhte8zCJexO9hE9p0pzAWxAl9xSt1hx1/T3E099B8hUtsEKPSNL1s HxkxUznYLfgnrofpf3v45MpaSl74fMGNE8dj8fSF53fYWR+aiTkwvdmnMMDpWnvi I/su2Ww97tjWJlnYLnr+2LUuHcufO4NYGlql8omt9s63a34aExOwAYhlNAvJx3mH JVR9TR2ifmuDrbD1UUPodWSdlnpCfAugSIHidccnSB7c9ROVuSE1SoWjoSLoRaWJ 9Da2eaJNm4qWWjaM08Jbbxyf0xu2NrxOTTpzqCiAB+yvOeRc5n9HyXrEKXZOJauF 6nc0EXk6TUTT5EG3vYq9zgtJNCE0qULXLKHVMitqd2FqIZq1ZX1fJ2qcdWU4v7BQ y7TFpxgziwvP10bEdrzfF8Mr/MiUDMr8s+RvqCxL3mk+X15AUH0= =1jxl - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBX3FIRONLKJtyKPYoAQgOfQ//Z5xRY1vW+AxqXaoKajylP7rLDMCsi603 GjkbETiybrph6w/oxR3ZSmD8hEwe9jmTV4e/tt2gvruvUiNTe7xZlosOMxejzODM ScHwU6AtqlSgvGiW+0ErTrGBJva4n8sohyT40bc/fqH48e27tC/R/Cw22rq2gAwi /mwXLBJyD6fY6NPFrsddmTH7CuDgvqjb+L6WHdncGl0Gzk79wD+pf+tYue41Io/x UGEci3+xRrMqrPR4oMDL1GOg50XW1pGR7WBOk9s7EdO/6f3r7OR6Fs3NYwZRuN9T S6H1ysI0MLFk9tcT5yEzwMWxFLn+FlcbN1btE8yaROhK2sTMWPxDrSM7wNf9KLxS yoeMU+PpgwzR/8vRrUbJZMgucgLU2qrywXNgqdtcmQahgxBLM+DCP6IkJOh5Y5Ho K3O9jVZVMAUgbBEtNyvMSn5nsQj7VtwD9s4LWZGNQSxAwq8YLdPJZWmWrT7QNdbn Eia30DOVo1bEae0xfs7cLBRRZsJl5SaxZQ3n3GkUUH5NY/F9AOpFkAT8abcBF6KF NbzQbmJSOWl6jBrhmZQ6XFfTAhbRfkP48qZkjsBVgkEY/fRLHbFofETjfIhysjVj VCjEz5XRQzjCjDDHnC2WVb1PsTQKRYNeJFZ2wEpraigNVq58PsTUDgtXIzDPoPnw OPZIr4FSPgM= =6UUW -----END PGP SIGNATURE-----