[ MDVSA-2015:144 ] lua

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:144
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : lua
 Date    : March 29, 2015
 Affected: Business Server 2.0
 _______________________________________________________________________

 Problem Description:

 Updated lua and lua5.1 packages fix security vulnerability:
 
 A heap-based overflow vulnerability was found in the way Lua handles
 varargs functions with many fixed parameters called with few arguments,
 leading to application crashes or, potentially, arbitrary code
 execution (CVE-2014-5461).
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5461
 http://advisories.mageia.org/MGASA-2014-0414.html
 _________________________________________

007 Software

Leave a Reply Cancel reply

Software and Security Information