Headline
RHSA-2023:2582: Red Hat Security Advisory: lua security update
An update for lua is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2022-28805: A heap buffer-overflow vulnerability was found in Lua. The flaw occurs due to vulnerable code present in the lparser.c function of Lua that allows the execution of untrusted Lua code into a system, resulting in malicious activity.
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Virtualization
- Red Hat Identity Management
- Red Hat Directory Server
- Red Hat Certificate System
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Update Infrastructure
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat CloudForms
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Online
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- Red Hat CodeReady Workspaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Thorntail
- Red Hat build of Eclipse Vert.x
- Red Hat build of OpenJDK
- Red Hat build of Quarkus
Integration and Automation
- Red Hat Process Automation
- Red Hat Process Automation Manager
- Red Hat Decision Manager
All Products
Issued:
2023-05-09
Updated:
2023-05-09
RHSA-2023:2582 - Security Advisory
- Overview
- Updated Packages
Synopsis
Low: lua security update
Type/Severity
Security Advisory: Low
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for lua is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The lua packages provide support for Lua, a powerful light-weight programming language designed for extending applications. Lua is also frequently used as a general-purpose, stand-alone language.
Security Fix(es):
- lua: heap buffer overread (CVE-2022-28805)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.2 Release Notes linked from the References section.
Affected Products
- Red Hat Enterprise Linux for x86_64 9 x86_64
- Red Hat Enterprise Linux for IBM z Systems 9 s390x
- Red Hat Enterprise Linux for Power, little endian 9 ppc64le
- Red Hat Enterprise Linux for ARM 64 9 aarch64
- Red Hat CodeReady Linux Builder for x86_64 9 x86_64
- Red Hat CodeReady Linux Builder for Power, little endian 9 ppc64le
- Red Hat CodeReady Linux Builder for ARM 64 9 aarch64
- Red Hat CodeReady Linux Builder for IBM z Systems 9 s390x
Fixes
- BZ - 2073884 - CVE-2022-28805 lua: heap buffer overread
References
- https://access.redhat.com/security/updates/classification/#low
- https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.2_release_notes/index
Red Hat Enterprise Linux for x86_64 9
SRPM
lua-5.4.4-3.el9.src.rpm
SHA-256: 1315ce67f7f2f70a4052f1f66fde4a05a831031bc5d0061341bf9c3cc08ff3ca
x86_64
lua-5.4.4-3.el9.x86_64.rpm
SHA-256: e12836fdeda9a66ca1635584ee9269913312395f22cb29cd540c9ddce435863f
lua-debuginfo-5.4.4-3.el9.i686.rpm
SHA-256: 00bd26831bcec314bf203d052ee21700052ef3f62f477c4011a024b957d12ea4
lua-debuginfo-5.4.4-3.el9.x86_64.rpm
SHA-256: b00d6f9907d609e0ebb01ffc82deff73536a10a6186471914c8c46c3f2d7c70d
lua-debuginfo-5.4.4-3.el9.x86_64.rpm
SHA-256: b00d6f9907d609e0ebb01ffc82deff73536a10a6186471914c8c46c3f2d7c70d
lua-debugsource-5.4.4-3.el9.i686.rpm
SHA-256: 9083df303c1530a54d8157280a8239bc09b7bf907fdf00320eeaa8c1d65b5557
lua-debugsource-5.4.4-3.el9.x86_64.rpm
SHA-256: a779fd7ac5065004d9197d513fa7645de5c27c815fcc83d2aee1edd286713df9
lua-debugsource-5.4.4-3.el9.x86_64.rpm
SHA-256: a779fd7ac5065004d9197d513fa7645de5c27c815fcc83d2aee1edd286713df9
lua-libs-5.4.4-3.el9.i686.rpm
SHA-256: c56fb866b9005591deee5abafa811c5425baf90b7a5f5080f28e80651df76b54
lua-libs-5.4.4-3.el9.x86_64.rpm
SHA-256: 7eb92b6d4d7f82aed9136417697e5afaa1ebdd17b21fd6908bf784608db71f71
lua-libs-debuginfo-5.4.4-3.el9.i686.rpm
SHA-256: 0da109e02e248351217b8c72992bfdc5751e3c45eec02d5d4102a062a1a25a22
lua-libs-debuginfo-5.4.4-3.el9.x86_64.rpm
SHA-256: 09c84eb1186f2103f03e8c1ee170b39c7024e4a038e8fc010618711f8ae6c2e1
lua-libs-debuginfo-5.4.4-3.el9.x86_64.rpm
SHA-256: 09c84eb1186f2103f03e8c1ee170b39c7024e4a038e8fc010618711f8ae6c2e1
Red Hat Enterprise Linux for IBM z Systems 9
SRPM
lua-5.4.4-3.el9.src.rpm
SHA-256: 1315ce67f7f2f70a4052f1f66fde4a05a831031bc5d0061341bf9c3cc08ff3ca
s390x
lua-5.4.4-3.el9.s390x.rpm
SHA-256: dbf42aeef34ddd6da76660f24e3cc605b59c1875f33619ece30fe411e9c378f0
lua-debuginfo-5.4.4-3.el9.s390x.rpm
SHA-256: ef05c86ab667ab995cb13f592135986f4de92cbc2c6bc11f3ea837b075e640c1
lua-debuginfo-5.4.4-3.el9.s390x.rpm
SHA-256: ef05c86ab667ab995cb13f592135986f4de92cbc2c6bc11f3ea837b075e640c1
lua-debugsource-5.4.4-3.el9.s390x.rpm
SHA-256: 17ddf606d201ab01f323dc445aab060c6169ffe9c8e7612dd60e547725f70503
lua-debugsource-5.4.4-3.el9.s390x.rpm
SHA-256: 17ddf606d201ab01f323dc445aab060c6169ffe9c8e7612dd60e547725f70503
lua-libs-5.4.4-3.el9.s390x.rpm
SHA-256: 62140a50b53a472dd7629fa9c103313fcdfa3818d4b3e37702d3b4e450d94997
lua-libs-debuginfo-5.4.4-3.el9.s390x.rpm
SHA-256: 9e333bb4d437265dc1487df2e326be7e9bbdc370ff07f5881c3975cd0af11fcb
lua-libs-debuginfo-5.4.4-3.el9.s390x.rpm
SHA-256: 9e333bb4d437265dc1487df2e326be7e9bbdc370ff07f5881c3975cd0af11fcb
Red Hat Enterprise Linux for Power, little endian 9
SRPM
lua-5.4.4-3.el9.src.rpm
SHA-256: 1315ce67f7f2f70a4052f1f66fde4a05a831031bc5d0061341bf9c3cc08ff3ca
ppc64le
lua-5.4.4-3.el9.ppc64le.rpm
SHA-256: 9f5c5e58ac82d850bceec4b84fdc5f0b1c7260e46e8716cafd7b4d2af7dbe25f
lua-debuginfo-5.4.4-3.el9.ppc64le.rpm
SHA-256: 6c3f0cd13fe96c0ce5e3be5314e5e199cdfc36837023808f22ad843df8c1db3c
lua-debuginfo-5.4.4-3.el9.ppc64le.rpm
SHA-256: 6c3f0cd13fe96c0ce5e3be5314e5e199cdfc36837023808f22ad843df8c1db3c
lua-debugsource-5.4.4-3.el9.ppc64le.rpm
SHA-256: 45a47e37153abcad00d7a11c03af065be0f4ee73efe3144300c3b9e687887caf
lua-debugsource-5.4.4-3.el9.ppc64le.rpm
SHA-256: 45a47e37153abcad00d7a11c03af065be0f4ee73efe3144300c3b9e687887caf
lua-libs-5.4.4-3.el9.ppc64le.rpm
SHA-256: 9f0c027aa7d8a3bb4f45d67d61b1309c9585677d76023ebab3803254330855f8
lua-libs-debuginfo-5.4.4-3.el9.ppc64le.rpm
SHA-256: 067863acc8eb4632bd9a1822e6ed494967867ee724cdf057fc7482e197c577e3
lua-libs-debuginfo-5.4.4-3.el9.ppc64le.rpm
SHA-256: 067863acc8eb4632bd9a1822e6ed494967867ee724cdf057fc7482e197c577e3
Red Hat Enterprise Linux for ARM 64 9
SRPM
lua-5.4.4-3.el9.src.rpm
SHA-256: 1315ce67f7f2f70a4052f1f66fde4a05a831031bc5d0061341bf9c3cc08ff3ca
aarch64
lua-5.4.4-3.el9.aarch64.rpm
SHA-256: 3d13aafcb43bae053612758c423efb129187c46fc5a508f14c9eba18887728a8
lua-debuginfo-5.4.4-3.el9.aarch64.rpm
SHA-256: dc5b31e8dc2d8a0214cb00b57b0544c5746d174b095da3b1097bcb9052802837
lua-debuginfo-5.4.4-3.el9.aarch64.rpm
SHA-256: dc5b31e8dc2d8a0214cb00b57b0544c5746d174b095da3b1097bcb9052802837
lua-debugsource-5.4.4-3.el9.aarch64.rpm
SHA-256: fcab65cce70d0858caa01f6f22b1ce789e249e05db27c377954b11221043ae87
lua-debugsource-5.4.4-3.el9.aarch64.rpm
SHA-256: fcab65cce70d0858caa01f6f22b1ce789e249e05db27c377954b11221043ae87
lua-libs-5.4.4-3.el9.aarch64.rpm
SHA-256: b75d0b2cfeb5a90d1747b3b17d35116ce5d0489c85e16ea5da74edad706e2d74
lua-libs-debuginfo-5.4.4-3.el9.aarch64.rpm
SHA-256: 7ed261de24d180b83b04a1493a25689d912e811cc868cdddbef48e7c059f9b57
lua-libs-debuginfo-5.4.4-3.el9.aarch64.rpm
SHA-256: 7ed261de24d180b83b04a1493a25689d912e811cc868cdddbef48e7c059f9b57
Red Hat CodeReady Linux Builder for x86_64 9
SRPM
x86_64
lua-5.4.4-3.el9.i686.rpm
SHA-256: 6e1994881abe2e3ac7893221b27be1024f317a9421557fb0c20281c1f590bdaa
lua-debuginfo-5.4.4-3.el9.i686.rpm
SHA-256: 00bd26831bcec314bf203d052ee21700052ef3f62f477c4011a024b957d12ea4
lua-debuginfo-5.4.4-3.el9.x86_64.rpm
SHA-256: b00d6f9907d609e0ebb01ffc82deff73536a10a6186471914c8c46c3f2d7c70d
lua-debugsource-5.4.4-3.el9.i686.rpm
SHA-256: 9083df303c1530a54d8157280a8239bc09b7bf907fdf00320eeaa8c1d65b5557
lua-debugsource-5.4.4-3.el9.x86_64.rpm
SHA-256: a779fd7ac5065004d9197d513fa7645de5c27c815fcc83d2aee1edd286713df9
lua-devel-5.4.4-3.el9.i686.rpm
SHA-256: ebf633bbe9f07f680185bed418497598aa09eef4c63bb4bfdb3609cf538ae29d
lua-devel-5.4.4-3.el9.x86_64.rpm
SHA-256: ecffb5b38e71c0d4f1e181eaa219fe83dd0ac60d3cf4d14e39f8ade58aa8fc6e
lua-libs-debuginfo-5.4.4-3.el9.i686.rpm
SHA-256: 0da109e02e248351217b8c72992bfdc5751e3c45eec02d5d4102a062a1a25a22
lua-libs-debuginfo-5.4.4-3.el9.x86_64.rpm
SHA-256: 09c84eb1186f2103f03e8c1ee170b39c7024e4a038e8fc010618711f8ae6c2e1
Red Hat CodeReady Linux Builder for Power, little endian 9
SRPM
ppc64le
lua-debuginfo-5.4.4-3.el9.ppc64le.rpm
SHA-256: 6c3f0cd13fe96c0ce5e3be5314e5e199cdfc36837023808f22ad843df8c1db3c
lua-debugsource-5.4.4-3.el9.ppc64le.rpm
SHA-256: 45a47e37153abcad00d7a11c03af065be0f4ee73efe3144300c3b9e687887caf
lua-devel-5.4.4-3.el9.ppc64le.rpm
SHA-256: de9d5a272f47cc1c9ffba3ca11a0b6c4c58107c7f44541a1b1bfec24a539351c
lua-libs-debuginfo-5.4.4-3.el9.ppc64le.rpm
SHA-256: 067863acc8eb4632bd9a1822e6ed494967867ee724cdf057fc7482e197c577e3
Red Hat CodeReady Linux Builder for ARM 64 9
SRPM
aarch64
lua-debuginfo-5.4.4-3.el9.aarch64.rpm
SHA-256: dc5b31e8dc2d8a0214cb00b57b0544c5746d174b095da3b1097bcb9052802837
lua-debugsource-5.4.4-3.el9.aarch64.rpm
SHA-256: fcab65cce70d0858caa01f6f22b1ce789e249e05db27c377954b11221043ae87
lua-devel-5.4.4-3.el9.aarch64.rpm
SHA-256: c2e391df08e90af272cb627195f248a075f3a2244dd3a0335deb930e7e856e0f
lua-libs-debuginfo-5.4.4-3.el9.aarch64.rpm
SHA-256: 7ed261de24d180b83b04a1493a25689d912e811cc868cdddbef48e7c059f9b57
Red Hat CodeReady Linux Builder for IBM z Systems 9
SRPM
s390x
lua-debuginfo-5.4.4-3.el9.s390x.rpm
SHA-256: ef05c86ab667ab995cb13f592135986f4de92cbc2c6bc11f3ea837b075e640c1
lua-debugsource-5.4.4-3.el9.s390x.rpm
SHA-256: 17ddf606d201ab01f323dc445aab060c6169ffe9c8e7612dd60e547725f70503
lua-devel-5.4.4-3.el9.s390x.rpm
SHA-256: 661e0922f33c4f66d1fa145805086349a632fc0db58b2358dbd57cd300894347
lua-libs-debuginfo-5.4.4-3.el9.s390x.rpm
SHA-256: 9e333bb4d437265dc1487df2e326be7e9bbdc370ff07f5881c3975cd0af11fcb
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
Ubuntu Security Notice 6916-1 - It was discovered that Lua did not properly generate code when "_ENV" is constant. An attacker could possibly use this issue to cause a denial of service or execute arbitrary unstrusted lua code. It was discovered that Lua did not properly handle C stack overflows during error handling. An attacker could possibly use this issue to cause a denial of service.
cert-manager Operator for Red Hat OpenShift 1.10.3 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests. * CVE-2022-41724: A flaw was found in Golang Go, where it is vulnerable to a denial of service caused when processing large TLS handshake records. By sending specia...
Red Hat Security Advisory 2023-4290-01 - OpenShift sandboxed containers 1.4.1 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated.
OpenShift sandboxed containers 1.4.1 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3089: A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated.
Network Observability 1.3.0 for OpenShift Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-24539: A flaw was found in golang where angle brackets (<>) were not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character could result in unexpectedly closing the CSS context and allowing for the injection of unexpected HMTL if executed with untrusted input. * CVE-2023-24540: A flaw was found in golang,...
Red Hat Security Advisory 2023-3742-02 - Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. Issues addressed include bypass, denial of service, and remote SQL injection vulnerabilities.
Updated images that include numerous enhancements, security, and bug fixes are now available in Red Hat Container Registry for Red Hat OpenShift Data Foundation 4.13.0 on Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-16250: A flaw was found in Vault and Vault Enterprise (“Vault”). In the affected versions of Vault, with the AWS Auth Method configured and under certain circumstances, the values relied upon by Vault to validate AWS IAM ident...
Gentoo Linux Security Advisory 202305-23 - Multiple vulnerabilities have been discovered in Lua, the worst of which could result in arbitrary code execution.
singlevar in lparser.c in Lua through 5.4.4 lacks a certain luaK_exp2anyregup call, leading to a heap-based buffer over-read that might affect a system that compiles untrusted Lua code.