Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2020.3317
lua5.3 security update
28 September 2020
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: lua5.3
Publisher: Debian
Operating System: Debian GNU/Linux 9
UNIX variants (UNIX, Linux, OSX)
Impact/Access: Denial of Service -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2020-24370
Original Bulletin:
https://lists.debian.org/debian-lts-announce/2020/09/msg00019.html
- --------------------------BEGIN INCLUDED TEXT--------------------
- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2381-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Roberto C. S=E1nchez
September 26, 2020 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------
Package : lua5.3
Version : 5.3.3-1+deb9u1
CVE ID : CVE-2020-24370
A vulnerability was discovered in lua5.3, a simple, extensible,
embeddable programming language whereby a a negation overflow and
segmentation fault could be triggered in getlocal and setlocal, as
demonstrated by getlocal(3,2^31).
For Debian 9 stretch, this problem has been fixed in version
5.3.3-1+deb9u1.
We recommend that you upgrade your lua5.3 packages.
For the detailed security status of lua5.3 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/lua5.3
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
- -----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEz9ERzDttUsU/BH8iLNd4Xt2nsg8FAl9vSwgACgkQLNd4Xt2n
sg9EcA/9Fezk2sGfY5Yj8B4Fx/AprbQrHzLoTQS3TYYrcN7PNk+JRcG8F0QcB0TQ
ue0iw8GZx6P+DcENiL7iBu1NPoBSRv/pJpQwKNlP0W+usmFCtKrufJWdhjn2rq93
uX+t1YRp2GAE+K6fNqikTg6StIRJ04iuuto/l/y9Pjv00Ya8S3dHOUI7MwIDaT3B
MIMZjzTINLLhOf54xDavTrB3PyzZkv3koewypBv6kjDg6gfo0kojTzn0xqsaO2by
gh5KJ0lAjjldhte8zCJexO9hE9p0pzAWxAl9xSt1hx1/T3E099B8hUtsEKPSNL1s
HxkxUznYLfgnrofpf3v45MpaSl74fMGNE8dj8fSF53fYWR+aiTkwvdmnMMDpWnvi
I/su2Ww97tjWJlnYLnr+2LUuHcufO4NYGlql8omt9s63a34aExOwAYhlNAvJx3mH
JVR9TR2ifmuDrbD1UUPodWSdlnpCfAugSIHidccnSB7c9ROVuSE1SoWjoSLoRaWJ
9Da2eaJNm4qWWjaM08Jbbxyf0xu2NrxOTTpzqCiAB+yvOeRc5n9HyXrEKXZOJauF
6nc0EXk6TUTT5EG3vYq9zgtJNCE0qULXLKHVMitqd2FqIZq1ZX1fJ2qcdWU4v7BQ
y7TFpxgziwvP10bEdrzfF8Mr/MiUDMr8s+RvqCxL3mk+X15AUH0=
=1jxl
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBX3FIRONLKJtyKPYoAQgOfQ//Z5xRY1vW+AxqXaoKajylP7rLDMCsi603
GjkbETiybrph6w/oxR3ZSmD8hEwe9jmTV4e/tt2gvruvUiNTe7xZlosOMxejzODM
ScHwU6AtqlSgvGiW+0ErTrGBJva4n8sohyT40bc/fqH48e27tC/R/Cw22rq2gAwi
/mwXLBJyD6fY6NPFrsddmTH7CuDgvqjb+L6WHdncGl0Gzk79wD+pf+tYue41Io/x
UGEci3+xRrMqrPR4oMDL1GOg50XW1pGR7WBOk9s7EdO/6f3r7OR6Fs3NYwZRuN9T
S6H1ysI0MLFk9tcT5yEzwMWxFLn+FlcbN1btE8yaROhK2sTMWPxDrSM7wNf9KLxS
yoeMU+PpgwzR/8vRrUbJZMgucgLU2qrywXNgqdtcmQahgxBLM+DCP6IkJOh5Y5Ho
K3O9jVZVMAUgbBEtNyvMSn5nsQj7VtwD9s4LWZGNQSxAwq8YLdPJZWmWrT7QNdbn
Eia30DOVo1bEae0xfs7cLBRRZsJl5SaxZQ3n3GkUUH5NY/F9AOpFkAT8abcBF6KF
NbzQbmJSOWl6jBrhmZQ6XFfTAhbRfkP48qZkjsBVgkEY/fRLHbFofETjfIhysjVj
VCjEz5XRQzjCjDDHnC2WVb1PsTQKRYNeJFZ2wEpraigNVq58PsTUDgtXIzDPoPnw
OPZIr4FSPgM=
=6UUW
-----END PGP SIGNATURE-----