CLSA-2022-1653507443 Update of copy-jdk-configs

commented out requires lua-posix, it was always commented out in el8, never in fedora. IDK...

SUSE-SU-2022:1842-1 Security update for redis

This update for redis fixes the following issues: - CVE-2022-24735: Fixed Lua code injection bsc1198952. - CVE-2022-24736: Fixed Lua NULL pointer dereference bsc1198953...

Apache 2.4.x < 2.4.52 mod_lua Buffer Overflow

The version of Apache httpd installed on the remote host is prior to 2.4.52. It is, therefore, affected by a flaw related to modlua when handling multipart content. A carefully crafted request body can cause a buffer overflow in the modlua multipart parser r:parsebody called from Lua scripts. The...

CVE-2021-32918

An issue was discovered in Prosody before 0.11.9. Default settings are susceptible to remote unauthenticated denial-of-service DoS attacks via memory exhaustion when running under Lua 5.2 or Lua 5.3...

CVE-2021-32921

An issue was discovered in Prosody before 0.11.9. It does not use a constant-time algorithm for comparing certain secret strings when running under Lua 5.2 or later. This can potentially be used in a timing attack to reveal the contents of secret strings to an attacker...

CVE-2020-11722

Dungeon Crawl Stone Soup aka DCSS or crawl before 0.25 allows remote attackers to execute arbitrary code via Lua bytecode embedded in an uploaded .crawlrc file...

new packages: lua

An update is available for lua. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Enterprise...

new packages: lua-rpm-macros

An update is available for lua-rpm-macros. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...

new packages: lua-posix

An update is available for lua-posix. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linux 9....

The vulnerability of the Redis database management system, related to pointer assignment errors, allows attackers to trigger a service failure.

The vulnerability of the Redis database management system is related to errors in pointer assignment. Exploiting this vulnerability can allow an attacker to trigger a service failure using a specially crafted Lua script...

yii2-redis Potential Remote code execution

Potential remote code execution in LUA context of the redis server via methods yii\redis\ActiveRecord::findOne and yii\redis\ActiveRecord::findAll in yiisoft/yii2-redis. Attackers could probably manipulate data on the redis server...

GHSA-4HX3-M8W5-G5QH yii2-redis Potential Remote code execution

Potential remote code execution in LUA context of the redis server via methods yii\redis\ActiveRecord::findOne and yii\redis\ActiveRecord::findAll in yiisoft/yii2-redis. Attackers could probably manipulate data on the redis server...

CVE-2022-28805 affecting package lua 5.3.5-8

CVE-2022-28805 affecting package lua 5.3.5-8. A patched version of the package is available...

A Malformed Lua script can crash Redis

...

Lua scripts can be manipulated to overcome ACL rules in Redis

...

Fedora: Security Advisory for redis (FEDORA-2022-44373f6778)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 34 Update: redis-6.2.7-1.fc34

Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing se...

[SECURITY] Fedora 36 Update: redis-6.2.7-1.fc36

Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing se...

Remote Code Execution (RCE)

redis is vulnerable to remote code execution. The vulnerability exists because the users are not properly restricted which allows an attacker with access to Redis can inject arbitrary Lua code...

Denial Of Service (DoS)

Redis is vulnerable to denial of service. An attacker can load a specially crafted Lua script can cause NULL pointer dereference which will result with a crash of the redis-server process...