USN-8262-1: Lua vulnerability
Publication date
8 May 2026
Overview
Lua could be made to crash or run programs as your login if it opened a specially crafted file.
Releases
Packages
- lua5.1 - Lua is an embeddable scripting language
Details
It was discovered that the Lua parser incorrectly handled garbage collection
when processing specially crafted Lua scripts. A remote attacker could possibly
use this issue to cause a denial of service or execute arbitrary code.
It was discovered that the Lua parser incorrectly handled garbage collection
when processing specially crafted Lua scripts. A remote attacker could possibly
use this issue to cause a denial of service or execute arbitrary code.
Update instructions
In general, a standard system update will make all the necessary changes.
Learn more about how to get the fixes.The problem can be corrected by updating your system to the following package versions:
| Ubuntu Release | Package Version | ||
|---|---|---|---|
| 16.04 LTS xenial | liblua5.1-0 – 5.1.5-8ubuntu1+esm1 | ||
| lua5.1 – 5.1.5-8ubuntu1+esm1 | |||
Reduce your security exposure
Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.