Need an update on the rpm package lua vulnerable by CVE-2014-5461.

Solution Verified - Updated -

Environment

  • Red Hat Enterprise Linux 6

Issue

  • RHEL 6.4 has bundled lua-5.1.4-4.1.el6.x86_64 rpmwhich is vulnerable to the CVE-2014-5461 (Bugzilla_id : 1132304).
  • We have one customer case reported for this and require the update for lua rpm package.
  • Please let us know the probable date on which the new update will be available for download.
  • Stack overflow in vararg functions with many fixed parameters called with few arguments.

Resolution

  • This issue affects the versions of lua as shipped with Red Hat Enterprise Linux 6 and 7.
  • Red Hat Product Security has rated this issue as having Moderate security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.
  • To request current status on bug please open a case with support.

Root Cause

  • Closed due to low severity
  • Component
  • lua

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.

Comments