Security update for lua53 (moderate)

2021-07-02T23:18:03
ID OPENSUSE-SU-2021:0962-1
Type suse
Reporter Suse
Modified 2021-07-02T23:18:03

Description

An update that fixes two vulnerabilities is now available.

Description:

This update for lua53 fixes the following issues:

Update to version 5.3.6:

  • CVE-2020-24371: lgc.c mishandles the interaction between barriers and the sweep phase, leading to a memory access violation involving collectgarbage (bsc#1175449)
  • CVE-2020-24370: ldebug.c allows a negation overflow and segmentation fault in getlocal and setlocal (bsc#1175448)
  • Long brackets with a huge number of '=' overflow some internal buffer arithmetic.

This update was imported from the SUSE:SLE-15:Update update project.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

  • openSUSE Leap 15.2:

    zypper in -t patch openSUSE-2021-962=1