Headline
RHSA-2023:0957: Red Hat Security Advisory: lua security update
An update for lua is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2021-43519: A stack overflow issue was discovered in Lua in the lua_resume() function of 'ldo.c’. This flaw allows a local attacker to pass a specially crafted file to the Lua Interpreter, causing a crash that leads to a denial of service.
- CVE-2021-44964: A flaw was found in the Lua interpreter. This flaw allows an attacker who can have a malicious script executed by the interpreter, to cause a use-after-free issue that may result in a sandbox escape.
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Virtualization
- Red Hat Identity Management
- Red Hat Directory Server
- Red Hat Certificate System
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Update Infrastructure
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat CloudForms
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Online
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- OpenShift Dev Spaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Thorntail
- Red Hat build of Eclipse Vert.x
- Red Hat build of OpenJDK
- Red Hat build of Quarkus
Integration and Automation
- Red Hat Process Automation
- Red Hat Process Automation Manager
- Red Hat Decision Manager
All Products
Issued:
2023-02-28
Updated:
2023-02-28
RHSA-2023:0957 - Security Advisory
- Overview
- Updated Packages
Synopsis
Moderate: lua security update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for lua is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The lua packages provide support for Lua, a powerful light-weight programming language designed for extending applications. Lua is also frequently used as a general-purpose, stand-alone language.
Security Fix(es):
- lua: use after free allows Sandbox Escape (CVE-2021-44964)
- lua: stack overflow in lua_resume of ldo.c allows a DoS via a crafted script file (CVE-2021-43519)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Products
- Red Hat Enterprise Linux for x86_64 9 x86_64
- Red Hat Enterprise Linux for IBM z Systems 9 s390x
- Red Hat Enterprise Linux for Power, little endian 9 ppc64le
- Red Hat Enterprise Linux for ARM 64 9 aarch64
- Red Hat CodeReady Linux Builder for x86_64 9 x86_64
- Red Hat CodeReady Linux Builder for Power, little endian 9 ppc64le
- Red Hat CodeReady Linux Builder for ARM 64 9 aarch64
- Red Hat CodeReady Linux Builder for IBM z Systems 9 s390x
Fixes
- BZ - 2047672 - CVE-2021-43519 lua: stack overflow in lua_resume of ldo.c allows a DoS via a crafted script file
- BZ - 2064772 - CVE-2021-44964 lua: use after free allows Sandbox Escape
Red Hat Enterprise Linux for x86_64 9
SRPM
lua-5.4.4-2.el9_1.src.rpm
SHA-256: 1f6811db4c0939ab8f64eeba1b9d12d7757e4a65f292e7789efee817e639ef27
x86_64
lua-5.4.4-2.el9_1.x86_64.rpm
SHA-256: 15cee4bf2c60e4e44b84dcfd1dd9f469ea644dc47b70f4cb7480b175da9a2c64
lua-debuginfo-5.4.4-2.el9_1.i686.rpm
SHA-256: f389238b704b7a697c0e7a277348e1796a057076b299e064f02078d0b5ec9301
lua-debuginfo-5.4.4-2.el9_1.x86_64.rpm
SHA-256: 31f804b84febd7d37745ed2d82926473c7ec1a0741378678bbfe065f6350c15c
lua-debuginfo-5.4.4-2.el9_1.x86_64.rpm
SHA-256: 31f804b84febd7d37745ed2d82926473c7ec1a0741378678bbfe065f6350c15c
lua-debugsource-5.4.4-2.el9_1.i686.rpm
SHA-256: 38a2f3bb7204b67ae7728c490fee732e4d0885ab35d206e3069af8696b1dfc3d
lua-debugsource-5.4.4-2.el9_1.x86_64.rpm
SHA-256: 8ea5f5411262fabedc27d37a910f03ed423855da0e062a1d106141c13b812af8
lua-debugsource-5.4.4-2.el9_1.x86_64.rpm
SHA-256: 8ea5f5411262fabedc27d37a910f03ed423855da0e062a1d106141c13b812af8
lua-libs-5.4.4-2.el9_1.i686.rpm
SHA-256: f017bc98a4f20ed17692a566a05f49e144d843c12bc5725d9d341b4615319fcf
lua-libs-5.4.4-2.el9_1.x86_64.rpm
SHA-256: 6af19e3e51b9266569e3f5a9381881c0b4160d0ed7f7e4f9003eb5627a0ced8d
lua-libs-debuginfo-5.4.4-2.el9_1.i686.rpm
SHA-256: 49b01e29869188b103c23752a5c802a0946160590d868449e7006338126cdf92
lua-libs-debuginfo-5.4.4-2.el9_1.x86_64.rpm
SHA-256: 0edf0955b05efdd7beb1fdd6275911c8d52fbfa1a4c483bf194b259517dbef20
lua-libs-debuginfo-5.4.4-2.el9_1.x86_64.rpm
SHA-256: 0edf0955b05efdd7beb1fdd6275911c8d52fbfa1a4c483bf194b259517dbef20
Red Hat Enterprise Linux for IBM z Systems 9
SRPM
lua-5.4.4-2.el9_1.src.rpm
SHA-256: 1f6811db4c0939ab8f64eeba1b9d12d7757e4a65f292e7789efee817e639ef27
s390x
lua-5.4.4-2.el9_1.s390x.rpm
SHA-256: e22d40515e3e57ff2ac6a0ff55d910e558e5b2e4148986baa26d9858a0f587ef
lua-debuginfo-5.4.4-2.el9_1.s390x.rpm
SHA-256: 5ec7aef5a76005f2db63785c783920531861a902700b9b1271de827ef997dcf3
lua-debuginfo-5.4.4-2.el9_1.s390x.rpm
SHA-256: 5ec7aef5a76005f2db63785c783920531861a902700b9b1271de827ef997dcf3
lua-debugsource-5.4.4-2.el9_1.s390x.rpm
SHA-256: b5049b55e8e0b16373726b34fd5e58f3b2627c6a092f55f8f0c4128137ad4192
lua-debugsource-5.4.4-2.el9_1.s390x.rpm
SHA-256: b5049b55e8e0b16373726b34fd5e58f3b2627c6a092f55f8f0c4128137ad4192
lua-libs-5.4.4-2.el9_1.s390x.rpm
SHA-256: c42995a14bcfacce9ba927eaf6b45ee1f2522830cbba310b825b559797019d0a
lua-libs-debuginfo-5.4.4-2.el9_1.s390x.rpm
SHA-256: 897460d224493b0099c668f4854e4bd1ed98d40a786f927cce40f06a0a76d954
lua-libs-debuginfo-5.4.4-2.el9_1.s390x.rpm
SHA-256: 897460d224493b0099c668f4854e4bd1ed98d40a786f927cce40f06a0a76d954
Red Hat Enterprise Linux for Power, little endian 9
SRPM
lua-5.4.4-2.el9_1.src.rpm
SHA-256: 1f6811db4c0939ab8f64eeba1b9d12d7757e4a65f292e7789efee817e639ef27
ppc64le
lua-5.4.4-2.el9_1.ppc64le.rpm
SHA-256: 318469c95654231bcee9f188c45be7d630ba72ba5ff6eb039c8806a5c1d21aaa
lua-debuginfo-5.4.4-2.el9_1.ppc64le.rpm
SHA-256: f37e268f8d94849c546793f94041ab6378455d030c0a27349f1c821e753c2cf7
lua-debuginfo-5.4.4-2.el9_1.ppc64le.rpm
SHA-256: f37e268f8d94849c546793f94041ab6378455d030c0a27349f1c821e753c2cf7
lua-debugsource-5.4.4-2.el9_1.ppc64le.rpm
SHA-256: 4f84a957c0cebf5828862d416d67bb3057a37823164a7d6338fdfd1a7bcdee9a
lua-debugsource-5.4.4-2.el9_1.ppc64le.rpm
SHA-256: 4f84a957c0cebf5828862d416d67bb3057a37823164a7d6338fdfd1a7bcdee9a
lua-libs-5.4.4-2.el9_1.ppc64le.rpm
SHA-256: 3332d54a9f2c558e993bb8eaaffbee6d5bffe9cadcca6ebc0fbd2ef3b461b9ac
lua-libs-debuginfo-5.4.4-2.el9_1.ppc64le.rpm
SHA-256: c915b34ce4f7624d89f329889e90fe68d4342ea202f9b10fc09fa0747f977d3d
lua-libs-debuginfo-5.4.4-2.el9_1.ppc64le.rpm
SHA-256: c915b34ce4f7624d89f329889e90fe68d4342ea202f9b10fc09fa0747f977d3d
Red Hat Enterprise Linux for ARM 64 9
SRPM
lua-5.4.4-2.el9_1.src.rpm
SHA-256: 1f6811db4c0939ab8f64eeba1b9d12d7757e4a65f292e7789efee817e639ef27
aarch64
lua-5.4.4-2.el9_1.aarch64.rpm
SHA-256: 572929030370a99f037d87a017af8eacf25f8237eeda049435bc6ef42447c711
lua-debuginfo-5.4.4-2.el9_1.aarch64.rpm
SHA-256: 6d517f74d85db9fcbfb9434abb19784c1721050b26947a6f4d28d3c5defff07b
lua-debuginfo-5.4.4-2.el9_1.aarch64.rpm
SHA-256: 6d517f74d85db9fcbfb9434abb19784c1721050b26947a6f4d28d3c5defff07b
lua-debugsource-5.4.4-2.el9_1.aarch64.rpm
SHA-256: 803177bc8c79dc2c82179e9db57ade0df34ee633c98435807367a8efc4e4d8f1
lua-debugsource-5.4.4-2.el9_1.aarch64.rpm
SHA-256: 803177bc8c79dc2c82179e9db57ade0df34ee633c98435807367a8efc4e4d8f1
lua-libs-5.4.4-2.el9_1.aarch64.rpm
SHA-256: d628100cffe51facf9ae117d2d6e6a937b1ad2b63f205a4985b81bb86381e237
lua-libs-debuginfo-5.4.4-2.el9_1.aarch64.rpm
SHA-256: 5b1652162555fb1a528a9f994ba20041f52558b778bf8497bae7883fecf57c5f
lua-libs-debuginfo-5.4.4-2.el9_1.aarch64.rpm
SHA-256: 5b1652162555fb1a528a9f994ba20041f52558b778bf8497bae7883fecf57c5f
Red Hat CodeReady Linux Builder for x86_64 9
SRPM
x86_64
lua-5.4.4-2.el9_1.i686.rpm
SHA-256: 0111e107d39bfb0761a00229ac5d0b8c2cc8fc02af10c5e3c958d8106f8049f6
lua-debuginfo-5.4.4-2.el9_1.i686.rpm
SHA-256: f389238b704b7a697c0e7a277348e1796a057076b299e064f02078d0b5ec9301
lua-debuginfo-5.4.4-2.el9_1.x86_64.rpm
SHA-256: 31f804b84febd7d37745ed2d82926473c7ec1a0741378678bbfe065f6350c15c
lua-debugsource-5.4.4-2.el9_1.i686.rpm
SHA-256: 38a2f3bb7204b67ae7728c490fee732e4d0885ab35d206e3069af8696b1dfc3d
lua-debugsource-5.4.4-2.el9_1.x86_64.rpm
SHA-256: 8ea5f5411262fabedc27d37a910f03ed423855da0e062a1d106141c13b812af8
lua-devel-5.4.4-2.el9_1.i686.rpm
SHA-256: cbb0c05c07377463095f25f584748ad0bd03b19486e7f6986a223824b138c061
lua-devel-5.4.4-2.el9_1.x86_64.rpm
SHA-256: cb868042943430af135a6567111fb30c7c36bd2b3a00f79bd5724794322b682b
lua-libs-debuginfo-5.4.4-2.el9_1.i686.rpm
SHA-256: 49b01e29869188b103c23752a5c802a0946160590d868449e7006338126cdf92
lua-libs-debuginfo-5.4.4-2.el9_1.x86_64.rpm
SHA-256: 0edf0955b05efdd7beb1fdd6275911c8d52fbfa1a4c483bf194b259517dbef20
Red Hat CodeReady Linux Builder for Power, little endian 9
SRPM
ppc64le
lua-debuginfo-5.4.4-2.el9_1.ppc64le.rpm
SHA-256: f37e268f8d94849c546793f94041ab6378455d030c0a27349f1c821e753c2cf7
lua-debugsource-5.4.4-2.el9_1.ppc64le.rpm
SHA-256: 4f84a957c0cebf5828862d416d67bb3057a37823164a7d6338fdfd1a7bcdee9a
lua-devel-5.4.4-2.el9_1.ppc64le.rpm
SHA-256: 5cfea117cd55015b46da8d5c5f42d2baed37e26396e38a9bc6a857c627060ed2
lua-libs-debuginfo-5.4.4-2.el9_1.ppc64le.rpm
SHA-256: c915b34ce4f7624d89f329889e90fe68d4342ea202f9b10fc09fa0747f977d3d
Red Hat CodeReady Linux Builder for ARM 64 9
SRPM
aarch64
lua-debuginfo-5.4.4-2.el9_1.aarch64.rpm
SHA-256: 6d517f74d85db9fcbfb9434abb19784c1721050b26947a6f4d28d3c5defff07b
lua-debugsource-5.4.4-2.el9_1.aarch64.rpm
SHA-256: 803177bc8c79dc2c82179e9db57ade0df34ee633c98435807367a8efc4e4d8f1
lua-devel-5.4.4-2.el9_1.aarch64.rpm
SHA-256: ff2ff035d1c4036b3f3648031b05885f314fc3e8d0b9abf5ea3649699674f4fb
lua-libs-debuginfo-5.4.4-2.el9_1.aarch64.rpm
SHA-256: 5b1652162555fb1a528a9f994ba20041f52558b778bf8497bae7883fecf57c5f
Red Hat CodeReady Linux Builder for IBM z Systems 9
SRPM
s390x
lua-debuginfo-5.4.4-2.el9_1.s390x.rpm
SHA-256: 5ec7aef5a76005f2db63785c783920531861a902700b9b1271de827ef997dcf3
lua-debugsource-5.4.4-2.el9_1.s390x.rpm
SHA-256: b5049b55e8e0b16373726b34fd5e58f3b2627c6a092f55f8f0c4128137ad4192
lua-devel-5.4.4-2.el9_1.s390x.rpm
SHA-256: b5333db9aa3a97b4e9648427026d8d77eb37b69810c104dc77e33cfe2e37872f
lua-libs-debuginfo-5.4.4-2.el9_1.s390x.rpm
SHA-256: 897460d224493b0099c668f4854e4bd1ed98d40a786f927cce40f06a0a76d954
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
Red Hat Security Advisory 2023-3742-02 - Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. Issues addressed include bypass, denial of service, and remote SQL injection vulnerabilities.
Updated images that include numerous enhancements, security, and bug fixes are now available in Red Hat Container Registry for Red Hat OpenShift Data Foundation 4.13.0 on Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-16250: A flaw was found in Vault and Vault Enterprise (“Vault”). In the affected versions of Vault, with the AWS Auth Method configured and under certain circumstances, the values relied upon by Vault to validate AWS IAM ident...
Red Hat Security Advisory 2023-1326-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.0. Issues addressed include bypass, denial of service, information leakage, out of bounds read, and remote SQL injection vulnerabilities.
Red Hat OpenShift Container Platform release 4.13.0 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4235: A flaw was found in go-yaml. This issue occurs due to unbounded alias chasing, where a maliciously crafted YAML file can cause the system to consume significant system resources. If p...
Dell Streaming Data Platform prior to 1.4 contains Open Redirect vulnerability. An attacker with privileges same as a legitimate user can phish the legitimate the user to redirect to malicious website leading to information disclosure and launch of phishing attacks.
Red Hat Security Advisory 2023-1211-01 - The lua packages provide support for Lua, a powerful light-weight programming language designed for extending applications. Lua is also frequently used as a general-purpose, stand-alone language. Issues addressed include denial of service and use-after-free vulnerabilities.
An update for lua is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-43519: A stack overflow issue was discovered in Lua in the lua_resume() function of 'ldo.c'. This flaw allows a local attacker to pass a specially crafted file to the Lua Interpreter, causing a crash that leads to a denial of service. * CVE-2021-44964: A flaw was found in the Lua interpreter. This flaw allows an attacker who can ha...