ALAS-2014-402


Amazon Linux AMI Security Advisory: ALAS-2014-402
Advisory Release Date: 2014-09-19 12:01 Pacific
Severity: Medium
References: CVE-2014-5461 

Issue Overview:

Buffer overflow in the vararg functions in ldo.c in Lua 5.1 through 5.2.x before 5.2.3 allows context-dependent attackers to cause a denial of service (crash) via a small number of arguments to a function with a large number of fixed arguments.


Affected Packages:

lua


Issue Correction:
Run yum update lua to update your system.

New Packages:
i686:
    lua-5.1.4-4.1.9.amzn1.i686
    lua-devel-5.1.4-4.1.9.amzn1.i686
    lua-debuginfo-5.1.4-4.1.9.amzn1.i686
    lua-static-5.1.4-4.1.9.amzn1.i686

src:
    lua-5.1.4-4.1.9.amzn1.src

x86_64:
    lua-devel-5.1.4-4.1.9.amzn1.x86_64
    lua-debuginfo-5.1.4-4.1.9.amzn1.x86_64
    lua-static-5.1.4-4.1.9.amzn1.x86_64
    lua-5.1.4-4.1.9.amzn1.x86_64