733466 – (CVE-2020-15890) <dev-lang/luajit-{2.0.5-r2, 2.1.0_beta3-r1}: DoS via Out of bounds read vulnerability (CVE-2020-15890)

Bug 733466 (CVE-2020-15890) - <dev-lang/luajit-{2.0.5-r2, 2.1.0_beta3-r1}: DoS via Out of bounds read vulnerability (CVE-2020-15890)

Summary: <dev-lang/luajit-{2.0.5-r2, 2.1.0_beta3-r1}: DoS via Out of bounds read vulne...

Status:	RESOLVED FIXED

Alias:	CVE-2020-15890

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal minor (vote)
Assignee:	Gentoo Security

URL:	https://github.com/LuaJIT/LuaJIT/issu...
Whiteboard:	B3 [noglsa cve]
Keywords:

Depends on:
Blocks:

Reported:	2020-07-22 02:49 UTC by John Helmert III
Modified:	2020-07-27 20:46 UTC (History)
CC List:	1 user (show)

See Also:
Package list:	=dev-lang/luajit-2.0.5-r2
Runtime testing required:	---

Flags:	nattka: sanity-check+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description John Helmert III archtester

2020-07-22 02:49:48 UTC

CVE-2020-15890:

LuaJit through 2.1.0-beta3 has an out-of-bounds read because __gc handler frame traversal is mishandled.



Maintainer, please bump.

Comment 1 Larry the Git Cow gentoo-dev

2020-07-22 19:41:16 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a2a054ce465da2fd25ff354c875024011b9fd2c9

commit a2a054ce465da2fd25ff354c875024011b9fd2c9
Author:     Rafael Martins <rafaelmartins@gentoo.org>
AuthorDate: 2020-07-22 19:38:50 +0000
Commit:     Rafael Martins <rafaelmartins@gentoo.org>
CommitDate: 2020-07-22 19:40:24 +0000

    dev-lang/luajit: apply fix for CVE-2020-15890
    
    Bug: https://bugs.gentoo.org/733466
    Package-Manager: Portage-2.3.99, Repoman-2.3.22
    Signed-off-by: Rafael Martins <rafaelmartins@gentoo.org>

 dev-lang/luajit/files/CVE-2020-15890.patch   | 22 +++++++++
 dev-lang/luajit/luajit-2.0.5-r2.ebuild       | 67 ++++++++++++++++++++++++++++
 dev-lang/luajit/luajit-2.1.0_beta3-r1.ebuild | 56 +++++++++++++++++++++++
 3 files changed, 145 insertions(+)

Comment 2 Rafael Martins (RETIRED) gentoo-dev

2020-07-22 19:42:04 UTC

bumped

Comment 3 John Helmert III archtester

2020-07-22 20:07:14 UTC

Thanks. Let's stable 2.0.5-r2 when ready?

Comment 4 Rafael Martins (RETIRED) gentoo-dev

2020-07-22 21:15:36 UTC

yes, please stabilize

Comment 5 Sam James archtester

2020-07-23 20:36:30 UTC

amd64 stable

Comment 6 Sam James archtester

2020-07-23 21:53:13 UTC

x86 stable

Comment 7 Sam James archtester

2020-07-23 23:45:54 UTC

ppc stable

Comment 8 Sam James archtester

2020-07-25 11:17:37 UTC

arm stable. Please cleanup.

Comment 9 Larry the Git Cow gentoo-dev

2020-07-25 15:14:51 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a1d37420e54b9cbe771e1ad21a11ea1dd06a6be3

commit a1d37420e54b9cbe771e1ad21a11ea1dd06a6be3
Author:     Rafael Martins <rafaelmartins@gentoo.org>
AuthorDate: 2020-07-25 15:14:30 +0000
Commit:     Rafael Martins <rafaelmartins@gentoo.org>
CommitDate: 2020-07-25 15:14:41 +0000

    dev-lang/luajit: remove vulnerable ebuilds
    
    Bug: https://bugs.gentoo.org/733466
    Package-Manager: Portage-2.3.99, Repoman-2.3.22
    Signed-off-by: Rafael Martins <rafaelmartins@gentoo.org>

 dev-lang/luajit/luajit-2.0.5-r1.ebuild    | 64 -------------------------------
 dev-lang/luajit/luajit-2.1.0_beta3.ebuild | 53 -------------------------
 2 files changed, 117 deletions(-)

Comment 10 John Helmert III archtester

2020-07-25 16:35:33 UTC

Thanks.