Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -1 articles for you...
202
security advisoryupdatebuffer overflowopenSUSE: luajit Low Severity Buffer Overflow Issues 2025:03378-1
An update that solves three vulnerabilities can now be installed.. # Security update for luajit Announcement ID: SUSE-SU-2025:03378-1 Release Date: 2025-09-26T15:00:52Z Rating: low References: * bsc#1246077 * bsc#1246078 * bsc#1246079 Cross-References: * CVE-2024-25176 * CVE-2024-25177 * CVE-2024-25178 CVSS scores: * CVE-2024-25176 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2024-25176 ( SUSE ): 3.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L * CVE-2024-25176 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2024-25177 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2024-25177 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2024-25177 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-25178 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2024-25178 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2024-25178 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H Affected Products: * Basesystem Module 15-SP6 * Basesystem Module 15-SP7 * openSUSE Leap 15.4 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Package Hub 15 15-SP6 * SUSE Package Hub 15 15-SP7 An update that solves three vulnerabilities can now be installed. ## Description: This update for luajit fixes the following issues: * CVE-2024-25176: Fixed stack-buffer-overflow in lj_strfmt_wfnum in lj_strfmt_num.c (bsc#1246077) * CVE-2024-25177: Fixed unsinking of IR_FSTORE for NULL metatable (bsc#1246078) * CVE-2024-25178: Fixedout-of-bounds read in the stack-overflow handler in lj_state.c (bsc#1246079) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2025-3378=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2025-3378=1 * Basesystem Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-3378=1 * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2025-3378=1 * SUSE Package Hub 15 15-SP6 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-3378=1 * SUSE Package Hub 15 15-SP7 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2025-3378=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * luajit-debuginfo-2.1.0~beta3+git.1624618403.e9577376-150400.4.5.1 * libluajit-5_1-2-debuginfo-2.1.0~beta3+git.1624618403.e9577376-150400.4.5.1 * libluajit-5_1-2-2.1.0~beta3+git.1624618403.e9577376-150400.4.5.1 * luajit-devel-2.1.0~beta3+git.1624618403.e9577376-150400.4.5.1 * luajit-2.1.0~beta3+git.1624618403.e9577376-150400.4.5.1 * luajit-debugsource-2.1.0~beta3+git.1624618403.e9577376-150400.4.5.1 * openSUSE Leap 15.4 (x86_64) * libluajit-5_1-2-32bit-debuginfo-2.1.0~beta3+git.1624618403.e9577376-150400.4.5.1 * libluajit-5_1-2-32bit-2.1.0~beta3+git.1624618403.e9577376-150400.4.5.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libluajit-5_1-2-64bit-2.1.0~beta3+git.1624618403.e9577376-150400.4.5.1 * libluajit-5_1-2-64bit-debuginfo-2.1.0~beta3+git.1624618403.e9577376-150400.4.5.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * luajit-debuginfo-2.1.0~beta3+git.1624618403.e9577376-150400.4.5.1 * libluajit-5_1-2-debuginfo-2.1.0~beta3+git.1624618403.e9577376-150400.4.5.1 *libluajit-5_1-2-2.1.0~beta3+git.1624618403.e9577376-150400.4.5.1 * luajit-devel-2.1.0~beta3+git.1624618403.e9577376-150400.4.5.1 * luajit-2.1.0~beta3+git.1624618403.e9577376-150400.4.5.1 * luajit-debugsource-2.1.0~beta3+git.1624618403.e9577376-150400.4.5.1 * openSUSE Leap 15.6 (x86_64) * libluajit-5_1-2-32bit-debuginfo-2.1.0~beta3+git.1624618403.e9577376-150400.4.5.1 * libluajit-5_1-2-32bit-2.1.0~beta3+git.1624618403.e9577376-150400.4.5.1 * Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64) * libluajit-5_1-2-debuginfo-2.1.0~beta3+git.1624618403.e9577376-150400.4.5.1 * libluajit-5_1-2-2.1.0~beta3+git.1624618403.e9577376-150400.4.5.1 * luajit-debugsource-2.1.0~beta3+git.1624618403.e9577376-150400.4.5.1 * luajit-debuginfo-2.1.0~beta3+git.1624618403.e9577376-150400.4.5.1 * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * libluajit-5_1-2-debuginfo-2.1.0~beta3+git.1624618403.e9577376-150400.4.5.1 * libluajit-5_1-2-2.1.0~beta3+git.1624618403.e9577376-150400.4.5.1 * luajit-debugsource-2.1.0~beta3+git.1624618403.e9577376-150400.4.5.1 * luajit-debuginfo-2.1.0~beta3+git.1624618403.e9577376-150400.4.5.1 * SUSE Package Hub 15 15-SP6 (aarch64 ppc64le s390x) * libluajit-5_1-2-debuginfo-2.1.0~beta3+git.1624618403.e9577376-150400.4.5.1 * libluajit-5_1-2-2.1.0~beta3+git.1624618403.e9577376-150400.4.5.1 * SUSE Package Hub 15 15-SP6 (aarch64 ppc64le s390x x86_64) * luajit-debuginfo-2.1.0~beta3+git.1624618403.e9577376-150400.4.5.1 * luajit-2.1.0~beta3+git.1624618403.e9577376-150400.4.5.1 * luajit-debugsource-2.1.0~beta3+git.1624618403.e9577376-150400.4.5.1 * SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x) * libluajit-5_1-2-debuginfo-2.1.0~beta3+git.1624618403.e9577376-150400.4.5.1 * libluajit-5_1-2-2.1.0~beta3+git.1624618403.e9577376-150400.4.5.1 * SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x x86_64) * luajit-debuginfo-2.1.0~beta3+git.1624618403.e9577376-150400.4.5.1 *luajit-2.1.0~beta3+git.1624618403.e9577376-150400.4.5.1 * luajit-debugsource-2.1.0~beta3+git.1624618403.e9577376-150400.4.5.1 ## References: * https://www.suse.com/security/cve/CVE-2024-25176.html * https://www.suse.com/security/cve/CVE-2024-25177.html * https://www.suse.com/security/cve/CVE-2024-25178.html * https://bugzilla.suse.com/show_bug.cgi?id=1246077 * https://bugzilla.suse.com/show_bug.cgi?id=1246078 * https://bugzilla.suse.com/show_bug.cgi?id=1246079 . Luajit security advisory for openSUSE addressing multiple vulnerabilities has been released. Install updates promptly.. SUSE Security, Luajit Update, Low Severity Advisories. . Severity: Low. LinuxSecurity.com Team
Sep 26, 2025
•Low
OpenSUSE
100
security advisorybuffer overflowSuSESUSE: luajit Low Stack-Buffer Overflow Fix 2025-03378-1 CVE-2024-25176
* bsc#1246077 * bsc#1246078 * bsc#1246079 Cross-References: . # Security update for luajit Announcement ID: SUSE-SU-2025:03378-1 Release Date: 2025-09-26T15:00:52Z Rating: low References: * bsc#1246077 * bsc#1246078 * bsc#1246079 Cross-References: * CVE-2024-25176 * CVE-2024-25177 * CVE-2024-25178 CVSS scores: * CVE-2024-25176 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2024-25176 ( SUSE ): 3.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L * CVE-2024-25176 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2024-25177 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2024-25177 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2024-25177 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-25178 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2024-25178 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2024-25178 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H Affected Products: * Basesystem Module 15-SP6 * Basesystem Module 15-SP7 * openSUSE Leap 15.4 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Package Hub 15 15-SP6 * SUSE Package Hub 15 15-SP7 An update that solves three vulnerabilities can now be installed. ## Description: This update for luajit fixes the following issues: * CVE-2024-25176: Fixed stack-buffer-overflow in lj_strfmt_wfnum in lj_strfmt_num.c (bsc#1246077) * CVE-2024-25177: Fixed unsinking of IR_FSTORE for NULL metatable (bsc#1246078) * CVE-2024-25178: Fixedout-of-bounds read in the stack-overflow handler in lj_state.c (bsc#1246079) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2025-3378=1 * openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2025-3378=1 * Basesystem Module 15-SP6 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-3378=1 * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2025-3378=1 * SUSE Package Hub 15 15-SP6 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-3378=1 * SUSE Package Hub 15 15-SP7 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2025-3378=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * luajit-debuginfo-2.1.0~beta3+git.1624618403.e9577376-150400.4.5.1 * libluajit-5_1-2-debuginfo-2.1.0~beta3+git.1624618403.e9577376-150400.4.5.1 * libluajit-5_1-2-2.1.0~beta3+git.1624618403.e9577376-150400.4.5.1 * luajit-devel-2.1.0~beta3+git.1624618403.e9577376-150400.4.5.1 * luajit-2.1.0~beta3+git.1624618403.e9577376-150400.4.5.1 * luajit-debugsource-2.1.0~beta3+git.1624618403.e9577376-150400.4.5.1 * openSUSE Leap 15.4 (x86_64) * libluajit-5_1-2-32bit-debuginfo-2.1.0~beta3+git.1624618403.e9577376-150400.4.5.1 * libluajit-5_1-2-32bit-2.1.0~beta3+git.1624618403.e9577376-150400.4.5.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libluajit-5_1-2-64bit-2.1.0~beta3+git.1624618403.e9577376-150400.4.5.1 * libluajit-5_1-2-64bit-debuginfo-2.1.0~beta3+git.1624618403.e9577376-150400.4.5.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * luajit-debuginfo-2.1.0~beta3+git.1624618403.e9577376-150400.4.5.1 * libluajit-5_1-2-debuginfo-2.1.0~beta3+git.1624618403.e9577376-150400.4.5.1 *libluajit-5_1-2-2.1.0~beta3+git.1624618403.e9577376-150400.4.5.1 * luajit-devel-2.1.0~beta3+git.1624618403.e9577376-150400.4.5.1 * luajit-2.1.0~beta3+git.1624618403.e9577376-150400.4.5.1 * luajit-debugsource-2.1.0~beta3+git.1624618403.e9577376-150400.4.5.1 * openSUSE Leap 15.6 (x86_64) * libluajit-5_1-2-32bit-debuginfo-2.1.0~beta3+git.1624618403.e9577376-150400.4.5.1 * libluajit-5_1-2-32bit-2.1.0~beta3+git.1624618403.e9577376-150400.4.5.1 * Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64) * libluajit-5_1-2-debuginfo-2.1.0~beta3+git.1624618403.e9577376-150400.4.5.1 * libluajit-5_1-2-2.1.0~beta3+git.1624618403.e9577376-150400.4.5.1 * luajit-debugsource-2.1.0~beta3+git.1624618403.e9577376-150400.4.5.1 * luajit-debuginfo-2.1.0~beta3+git.1624618403.e9577376-150400.4.5.1 * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * libluajit-5_1-2-debuginfo-2.1.0~beta3+git.1624618403.e9577376-150400.4.5.1 * libluajit-5_1-2-2.1.0~beta3+git.1624618403.e9577376-150400.4.5.1 * luajit-debugsource-2.1.0~beta3+git.1624618403.e9577376-150400.4.5.1 * luajit-debuginfo-2.1.0~beta3+git.1624618403.e9577376-150400.4.5.1 * SUSE Package Hub 15 15-SP6 (aarch64 ppc64le s390x) * libluajit-5_1-2-debuginfo-2.1.0~beta3+git.1624618403.e9577376-150400.4.5.1 * libluajit-5_1-2-2.1.0~beta3+git.1624618403.e9577376-150400.4.5.1 * SUSE Package Hub 15 15-SP6 (aarch64 ppc64le s390x x86_64) * luajit-debuginfo-2.1.0~beta3+git.1624618403.e9577376-150400.4.5.1 * luajit-2.1.0~beta3+git.1624618403.e9577376-150400.4.5.1 * luajit-debugsource-2.1.0~beta3+git.1624618403.e9577376-150400.4.5.1 * SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x) * libluajit-5_1-2-debuginfo-2.1.0~beta3+git.1624618403.e9577376-150400.4.5.1 * libluajit-5_1-2-2.1.0~beta3+git.1624618403.e9577376-150400.4.5.1 * SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x x86_64) * luajit-debuginfo-2.1.0~beta3+git.1624618403.e9577376-150400.4.5.1 *luajit-2.1.0~beta3+git.1624618403.e9577376-150400.4.5.1 * luajit-debugsource-2.1.0~beta3+git.1624618403.e9577376-150400.4.5.1 ## References: * https://www.suse.com/security/cve/CVE-2024-25176.html * https://www.suse.com/security/cve/CVE-2024-25177.html * https://www.suse.com/security/cve/CVE-2024-25178.html * https://bugzilla.suse.com/show_bug.cgi?id=1246077 * https://bugzilla.suse.com/show_bug.cgi?id=1246078 * https://bugzilla.suse.com/show_bug.cgi?id=1246079 . SUSE released a security update for luajit addressing three vulnerabilities with low impact ratings. Instructions included.. luajit patch, SUSE advisory, security update, Linux vulnerabilities, software security. . Severity: Low. LinuxSecurity.com Team
Sep 26, 2025
•Low
SuSE
197
security advisorydenial of servicecriticalDebian: luajit Critical Security Update DLA-4283-1 CVE-2019-19391
Multiple vulnerabilities were found in luajit, a just in time compiler for the Lua programming language, which could lead to denial of service. CVE-2019-19391 . ------------------------------------------------------------------------- Debian LTS Advisory DLA-4283-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Guilhem Moulin August 25, 2025 https://wiki.debian.org/LTS ------------------------------------------------------------------------- Package : luajit Version : 2.1.0~beta3+dfsg-5.3+deb11u1 CVE ID : CVE-2019-19391 CVE-2020-15890 CVE-2020-24372 CVE-2024-25176 CVE-2024-25177 CVE-2024-25178 Debian Bug : 946053 966148 Multiple vulnerabilities were found in luajit, a just in time compiler for the Lua programming language, which could lead to denial of service. CVE-2019-19391 It was discovered that debug.getinfo() has a type confusion issue that leads to arbitrary memory write or read operations, because certain cases involving valid stack levels and `> ` options are mishandled. NOTE: The LuaJIT project owner disputes the vulnerability and states that the debug library is unsafe by design. CVE-2020-15890 Yongheng Chen discovered an out-of-bounds read because `__gc` handler frame traversal is mishandled. CVE-2020-24372 Yongheng Chen discovered out-of-bounds read in lj_err_run(). CVE-2024-25176 Kutyavin Maxim discovered a stack-buffer-overflow in lj_strfmt_wfnum(). CVE-2024-25177 Kutyavin Maxim discovered an unsinking of IR_FSTORE for NULL metatable. CVE-2024-25178 Kutyavin Maxim discovered an out-of-bounds read in the stack-overflow handler. For Debian 11 bullseye, these problems have been fixed in version 2.1.0~beta3+dfsg-5.3+deb11u1. We recommend that you upgrade your luajit packages. For the detailed security status of luajit please refer to its security tracker pageat: https://security-tracker.debian.org/tracker/source-package/luajit Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Important notification regarding luajit in Debian addresses several vulnerabilities that could result in service interruptions; users are advised to update promptly.. luajit security. . Severity: Critical. LinuxSecurity.com Team
Aug 25, 2025
•Critical
Debian LTS
89
security advisorysecurity issuefedoraFedora 41: luajit Important CVE-2024-25176 Buffer Overflow Advisory
Fix CVE-2024-25176. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-4430674f97 2025-07-18 01:08:52.312467+00:00 -------------------------------------------------------------------------------- Name : luajit Product : Fedora 41 Version : 2.1.1748459687 Release : 2.fc41 URL : http://luajit.org Summary : Just-In-Time Compiler for Lua Description : LuaJIT implements the full set of language features defined by Lua 5.1. The virtual machine (VM) is API- and ABI-compatible to the standard Lua interpreter and can be deployed as a drop-in replacement. -------------------------------------------------------------------------------- Update Information: Fix CVE-2024-25176 -------------------------------------------------------------------------------- ChangeLog: * Tue Jul 8 2025 Andreas Schneider - 2.1.1748459687-1 - Update to version 2.1.1748459687 - Fixes CVE-2024-25176 - resolves: rhbz#2376988 * Tue Jul 8 2025 Andreas Schneider - 2.1.1744318430-1 - Update to version 2.1.1744318430 * Tue Jul 8 2025 Andreas Schneider - 2.1.1731485912-1 - Update to version 2.1.1731485912 - Fix bcsave assertion on s390x - resolves: rhbz#2323980 * Tue Jul 8 2025 Andreas Schneider - 2.1.1720049189-2 - Update to version 2.1.1724232689 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2376972 - CVE-2024-25178 luajit: Out of bounds read in LuaJIT [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2376972 [ 2 ] Bug #2376988 - CVE-2024-25176 luajit: From CVEorg collector [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2376988 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-4430674f97' at the command line. For more information, refer to the dnf documentationavailable at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Jul 18, 2025
•Important
Fedora
89
security advisoryfedoraimportantFedora 42 FEDORA-2025-b1082e9269 important: luajit out of bounds issue
Fix CVE-2024-25176. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-b1082e9269 2025-07-12 01:44:29.847211+00:00 -------------------------------------------------------------------------------- Name : luajit Product : Fedora 42 Version : 2.1.1748459687 Release : 2.fc42 URL : http://luajit.org Summary : Just-In-Time Compiler for Lua Description : LuaJIT implements the full set of language features defined by Lua 5.1. The virtual machine (VM) is API- and ABI-compatible to the standard Lua interpreter and can be deployed as a drop-in replacement. -------------------------------------------------------------------------------- Update Information: Fix CVE-2024-25176 -------------------------------------------------------------------------------- ChangeLog: * Tue Jul 8 2025 Andreas Schneider - 2.1.1748459687-1 - Update to version 2.1.1748459687 - Fixes CVE-2024-25176 - resolves: rhbz#2376990 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2376974 - CVE-2024-25178 luajit: Out of bounds read in LuaJIT [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2376974 [ 2 ] Bug #2376990 - CVE-2024-25176 luajit: From CVEorg collector [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2376990 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-b1082e9269' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Jul 12, 2025
•Important
Fedora
172
security advisoryDoSUbuntuUbuntu 16.04 LTS: USN-4501-1 Critical Issue with LuaJIT DoS Threat
LuaJIT could be made crash or expose sensitive information if it received specially crafted input.. =========================================================================Ubuntu Security Notice USN-4501-1 September 15, 2020 luajit vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 LTS Summary: LuaJIT could be made crash or expose sensitive information if it received specially crafted input. Software Description: - luajit: Just in time compiler for Lua programming language version 5.1 Details: It was discovered that an out-of-bounds read existed in LuaJIT. An attacker could use this to cause a denial of service (application crash) or possibly expose sensitive information. (CVE-2020-15890) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS: libluajit-5.1-2 2.0.4+dfsg-1+deb9u1build0.16.04.1 libluajit-5.1-common 2.0.4+dfsg-1+deb9u1build0.16.04.1 libluajit-5.1-dev 2.0.4+dfsg-1+deb9u1build0.16.04.1 luajit 2.0.4+dfsg-1+deb9u1build0.16.04.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-4501-1 CVE-2020-15890 Package Information: https://launchpad.net/ubuntu/+source/luajit/2.0.4+dfsg-1+deb9u1build0.16.04.1 . Explore the security flaw in LuaJIT that impacts Ubuntu 16.04 LTS and discover effective strategies to reduce potential threats.. LuaJIT, Ubuntu, security issue, application crash, sensitive data exposure. . Severity: Critical. LinuxSecurity.com Team
Sep 15, 2020
•Critical
Ubuntu
203
security advisorysecurity issuecriticalMageia 7 MGASA-2020-0342 Critical: luajit Out-Of-Bounds Read
An issue has been found in luajit, a just in time compiler for Lua. An out-of-bounds read could happen because __gc handler frame traversal is mishandled (CVE-2020-15890). References: . MGASA-2020-0342 - Updated luajit packages fix security vulnerability Publication date: 25 Aug 2020 URL: https://advisories.mageia.org/MGASA-2020-0342.html Type: security Affected Mageia releases: 7 CVE: CVE-2020-15890 An issue has been found in luajit, a just in time compiler for Lua. An out-of-bounds read could happen because __gc handler frame traversal is mishandled (CVE-2020-15890). References: - https://bugs.mageia.org/show_bug.cgi?id=27021 - https://lists.debian.org/debian-lts-announce/2020/07/msg00026.html - https://www.cve.org/CVERecord?id=CVE-2020-15890 SRPMS: - 7/core/luajit-2.1.0-0.beta3.5.mga7 . Latest luajit updates resolve a critical security flaw affecting Mageia. Users are advised to review the specifics of the issue for informed action.. luajit security, Mageia update, critical security issue, out-of-bounds read. . Severity: Critical. LinuxSecurity.com Team
Aug 25, 2020
•Critical
Mageia
197
security advisorysecurity issuecriticalDebian: DLA-2296-1 Security Advisory: Luajit Out-Of-Bounds Read Issue
An issue has been found in luajit, a just in time compiler for Lua. An out-of-bounds read could happen because __gc handler frame traversal is . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-2296-1
Jul 28, 2020
•Critical
Debian LTS
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!