Release date:
2026-05-05 10:18:02 UTC
Description:
* SECURITY UPDATE: Integer overflow in Lua cmsgpack library
- debian/patches/CVE-2022-24834.patch: partial backport hardening
deps/lua/src/lua_cmsgpack.c against integer overflows in mp_buf_append
and the encode/decode helpers (cmsgpack-only; the cjson half of the
upstream fix is dead code under USE_SYSTEM_LUA=yes and is tracked via
the lua-cjson source package)
- CVE-2022-24834
Updated packages:
-
redis_5.0.14-1+deb10u5+tuxcare.els2_all.deb
sha:3d414a33a9448f7dcd04d2111dd90d033f2fda8b
-
redis-sentinel_5.0.14-1+deb10u5+tuxcare.els2_amd64.deb
sha:2bf31d2893d764d1156aa90970846679532bfbe6
-
redis-server_5.0.14-1+deb10u5+tuxcare.els2_amd64.deb
sha:bc09494cb766e09fe3fb2663bdbb8fdd3fc96a62
-
redis-tools_5.0.14-1+deb10u5+tuxcare.els2_amd64.deb
sha:8265e6fdf63f5b7d7f55cefdf8e49b5a57aefd02
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
