You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa luajit

Sigurnosni nedostatak programskog paketa luajit

  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LUB

==========================================================================
Ubuntu Security Notice USN-4501-1
September 15, 2020

luajit vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 16.04 LTS

Summary:

LuaJIT could be made crash or expose sensitive information if it received
specially crafted input.

Software Description:
– luajit: Just in time compiler for Lua programming language version 5.1

Details:

It was discovered that an out-of-bounds read existed in LuaJIT. An
attacker could use this to cause a denial of service (application crash)
or possibly expose sensitive information. (CVE-2020-15890)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
libluajit-5.1-2 2.0.4+dfsg-1+deb9u1build0.16.04.1
libluajit-5.1-common 2.0.4+dfsg-1+deb9u1build0.16.04.1
libluajit-5.1-dev 2.0.4+dfsg-1+deb9u1build0.16.04.1
luajit 2.0.4+dfsg-1+deb9u1build0.16.04.1

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4501-1
CVE-2020-15890

Package Information:

https://launchpad.net/ubuntu/+source/luajit/2.0.4+dfsg-1+deb9u1build0.16.04.1

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCgAdFiEE7MowLJorxPNkyBZZW+PTAFZKyRgFAl9hSG4ACgkQW+PTAFZK
yRicSBAAnkiEw8ondc3+xdEU+nHUteEzV+TkHe1HDzk2ZjqSAUKeMXLlGGZatV3C
xHQVoAq6RWEINy1QrCUW85BQmmC9Zo5pR0LRsiw5R92KrcXoTl+EvJ7GfJ6TXl/X
Qdzj1OiajOcLTMZKoKw1uNMOgdfuGSxXqK/t2BGukxPzHD0tw6PamqM9gstqMYYO
yL87/NBwjT0eYuDJp7y2C6cLR/ooG91jYynlq8wd6lvScW9nxL+XVi7G0DPDKJ51
UwZKUhcXCUUgRxsA8i83BZvbhxnQ3MASVQmq4Lz5vOg5jvIidg65hmYD3qYUv7Bi
b64f82VkXi/FUUfWVEp+crYIiYxsfAz974uh9mUqmfFpc9kMgtoDP2mJP1oZEkSy
nYO3AWU6wJg54yp/NWPGbaewpaeL/n5o4cBR3gkEI9fgOD9LQhf6+VLd8b34i/zV
BuYIYjdTbKFTQPiPKMhZ5tYd0OIgLBe1mlYGEy9ZLBJM4sBLTADUqwzOG+s6Q10G
urVMjQFi4YthRjitf3MlIYxjGd+5JHfTtR1oEEKDLW7yR3j6R+JDtyukxh/TQ/+r
XWK7qNXvJ2i3vjwuPCNTDF1J/kahubBrcffRpJ4atqmA/pGrpDjod3ojYQ/Cbffy
kCZ+HiloyEcaITR1aANAyx86ASQxSE/kYf4EVa5EHqO2/4tt8KU=
=dHKt
—–END PGP SIGNATURE—–

AutorBruno Varga
Cert idNCERT-REF-2020-09-0001-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
IzvorAdobe
Top
More in Preporuke
Sigurnosni nedostatak programskog paketa bsdiff

Otkriven je sigurnosni nedostatak u programskom paketu bsdiff za operacijski sustav Ubuntu. Otkriveni nedostatak potencijalnim napadačima omogućuje izazivanje DoS stanja...

Close