Ubuntu released two security notices that address critical issues in Lua and NASM across different operating system versions. The first notice targets Ubuntu 16.04 LTS by patching a garbage collection flaw in Lua that could allow attackers to crash the system or run unauthorized programs. Developers also needed to reverse a recent NASM patch for Ubuntu 24.04 LTS after discovering that the initial correction actually caused the assembler to crash unexpectedly. Users on both platforms can resolve these problems by running a standard system update or enabling Ubuntu Pro to pull the corrected package versions.

[USN-8262-1] Lua vulnerability
[USN-8248-2] NASM regression

[USN-8262-1] Lua vulnerability

==========================================================================
Ubuntu Security Notice USN-8262-1
May 08, 2026

lua5.1 vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 LTS

Summary:

Lua could be made to crash or run programs as your login if it
opened a specially crafted file.

Software Description:
- lua5.1: Lua is an embeddable scripting language

Details:

It was discovered that the Lua parser incorrectly handled garbage collection
when processing specially crafted Lua scripts. A remote attacker could possibly
use this issue to cause a denial of service or execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS
liblua5.1-0 5.1.5-8ubuntu1+esm1
Available with Ubuntu Pro
lua5.1 5.1.5-8ubuntu1+esm1
Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-8262-1
CVE-2025-49844

[USN-8248-2] NASM regression

==========================================================================
Ubuntu Security Notice USN-8248-2
May 08, 2026

nasm regression
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS

Summary:

USN-8248-1 introduced a regression in NASM

Software Description:
- nasm: Netwide Assembler

Details:

USN-8248-1 fixed vulnerabilities in NASM. Unfortunately the update
introduced a regression which could cause NASM to crash. This update fixes
the problem by reverting the fix for CVE-2021-33450 and CVE-2021-33452 in
Ubuntu 24.04 LTS.

We apologize for the inconvenience.

Original advisory details:

Daisy Chen discovered that NASM was vulnerable to a heap buffer overflow
when handling certain input. An attacker could possibly use this issue to
cause NASM to crash, resulting in a denial of service, or possibly
execute arbitrary code. (CVE-2023-31722)

It was discovered that NASM incorrectly handled memory allocation. An
attacker could possibly use this issue to cause NASM to use excessive
resources, leading to a denial of service. This issue only affected
Ubuntu 24.04 LTS. (CVE-2021-33452, CVE-2021-33450)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
nasm 2.16.01-1ubuntu0.1~esm2
Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-8248-2
https://ubuntu.com/security/notices/USN-8248-1
CVE-2021-33450, CVE-2021-33452, https://launchpad.net/bugs/2151861