Security Information / 2014 / Security Information -- DSA-3016-1 lua5.2

Debian Security Advisory

DSA-3016-1 lua5.2 -- security update

Date Reported:

01 Sep 2014

Affected Packages:

lua5.2

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2014-5461.

More information:

A heap-based overflow vulnerability was found in the way Lua, a simple, extensible, embeddable programming language, handles varargs functions with many fixed parameters called with few arguments, leading to application crashes or, potentially, arbitrary code execution.

For the stable distribution (wheezy), this problem has been fixed in version 5.2.1-3+deb7u1.

For the testing distribution (jessie), this problem has been fixed in version 5.2.3-1.

For the unstable distribution (sid), this problem has been fixed in version 5.2.3-1.

We recommend that you upgrade your lua5.2 packages.