| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 29 Mar 2015 13:37:00 +0200 From: security@...driva.com To: bugtraq@...urityfocus.com Subject: [ MDVSA-2015:144 ] lua -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2015:144 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : lua Date : March 29, 2015 Affected: Business Server 2.0 _______________________________________________________________________ Problem Description: Updated lua and lua5.1 packages fix security vulnerability: A heap-based overflow vulnerability was found in the way Lua handles varargs functions with many fixed parameters called with few arguments, leading to application crashes or, potentially, arbitrary code execution (CVE-2014-5461). _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5461 http://advisories.mageia.org/MGASA-2014-0414.html _______________________________________________________________________ Updated Packages: Mandriva Business Server 2/X86_64: bb42501e1dbd41fbcb19c44b1801e0aa mbs2/x86_64/lib64lua5.1-5.1.5-5.1.mbs2.x86_64.rpm 82566ffd4f1a523f9920f7c7ea268225 mbs2/x86_64/lib64lua5.1-devel-5.1.5-5.1.mbs2.x86_64.rpm d38271efc06cb8dcf85f23698f79b877 mbs2/x86_64/lib64lua5.1-devel-static-5.1.5-5.1.mbs2.x86_64.rpm 213699dcab64f6e285d642b14b1e1e3a mbs2/x86_64/lib64lua5.2-5.2.2-3.1.mbs2.x86_64.rpm e65095af93af2b83bcb2b50aafb4d6ac mbs2/x86_64/lib64lua-devel-5.2.2-3.1.mbs2.x86_64.rpm b9ca538560a2f5d86bdd422d59933d21 mbs2/x86_64/lib64lua-static-devel-5.2.2-3.1.mbs2.x86_64.rpm 48a5eb26542ebaa76175e2cf3782ec57 mbs2/x86_64/lua5.1-5.1.5-5.1.mbs2.x86_64.rpm 12d531e8d4496f0b9e1e1bd7f1a2968f mbs2/x86_64/lua-5.2.2-3.1.mbs2.x86_64.rpm 7794bc510fe812d044f0c8b3f0d2164c mbs2/SRPMS/lua5.1-5.1.5-5.1.mbs2.src.rpm 48f1de7ca16ca5f70e767cf6037f277b mbs2/SRPMS/lua-5.2.2-3.1.mbs2.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFVF9XimqjQ0CJFipgRAqR3AKDU9NqRGegrYbiyIGDVfCm69efQmgCffbrR Sj+FQ2xkhciiVN+03TRowIA= =WkLG -----END PGP SIGNATURE-----
Powered by blists - more mailing lists