Amazon Linux 2022 Security Advisory: ALAS-2022-031
Advisory Release Date: 2022-02-22 22:14 Pacific
Advisory Updated Date: 2022-02-25 20:37 Pacific
A stack overflow issue was discovered in Lua in the lua_resume() function of ldo.c. This flaw allows a local attacker to pass a specially crafted file to the Lua Interpreter, causing a crash that leads to a denial of service. (CVE-2021-43519)
A flaw was found in Lua. An SEGV crash in the funcnamefromcode() function in ldebug.c during error handling occurs in __close metamethods. This flaw allows an attacker to cause a denial of service. (CVE-2021-44647)
Affected Packages:
lua
Issue Correction:
Run dnf update --releasever=2022.0.20220222 lua to update your system.
aarch64:
lua-libs-debuginfo-5.4.4-1.amzn2022.aarch64
lua-static-5.4.4-1.amzn2022.aarch64
lua-devel-5.4.4-1.amzn2022.aarch64
lua-libs-5.4.4-1.amzn2022.aarch64
lua-debuginfo-5.4.4-1.amzn2022.aarch64
lua-5.4.4-1.amzn2022.aarch64
lua-debugsource-5.4.4-1.amzn2022.aarch64
src:
lua-5.4.4-1.amzn2022.src
x86_64:
lua-libs-debuginfo-5.4.4-1.amzn2022.x86_64
lua-5.4.4-1.amzn2022.x86_64
lua-debuginfo-5.4.4-1.amzn2022.x86_64
lua-devel-5.4.4-1.amzn2022.x86_64
lua-static-5.4.4-1.amzn2022.x86_64
lua-libs-5.4.4-1.amzn2022.x86_64
lua-debugsource-5.4.4-1.amzn2022.x86_64