azurelinux-security · azurelinux-security · Jan 29, 2026
diff --git a/SPECS/ntopng/CVE-2026-24809.patch b/SPECS/ntopng/CVE-2026-24809.patch
@@ -0,0 +1,57 @@
+From 07ba003ecd236cb274cd6a446a142405e6b78d68 Mon Sep 17 00:00:00 2001
+From: npt-1707 <[email protected]>
+Date: Mon, 21 Apr 2025 23:05:53 +0800
+Subject: [PATCH] Save stack space while handling errors
+
+Signed-off-by: Azure Linux Security Servicing Account <[email protected]>
+Upstream-reference: https://github.com/praydog/REFramework/pull/1320.patch
+---
+ third-party/lua-5.4.3/src/ldebug.c | 5 ++++-
+ third-party/lua-5.4.3/src/lvm.c    | 6 ++++--
+ 2 files changed, 8 insertions(+), 3 deletions(-)
+
+diff --git a/third-party/lua-5.4.3/src/ldebug.c b/third-party/lua-5.4.3/src/ldebug.c
+index ea269db..43d77bb 100644
+--- a/third-party/lua-5.4.3/src/ldebug.c
++++ b/third-party/lua-5.4.3/src/ldebug.c
+@@ -795,8 +795,11 @@ l_noret luaG_runerror (lua_State *L, const char *fmt, ...) {
+   va_start(argp, fmt);
+   msg = luaO_pushvfstring(L, fmt, argp);  /* format message */
+   va_end(argp);
+-  if (isLua(ci))  /* if Lua function, add source:line information */
++  if (isLua(ci)) {  /* if Lua function, add source:line information */
+     luaG_addinfo(L, msg, ci_func(ci)->p->source, getcurrentline(ci));
++    setobjs2s(L, L->top - 2, L->top - 1);  /* remove 'msg' from the stack */
++    L->top--;
++  }
+   luaG_errormsg(L);
+ }
+
+diff --git a/third-party/lua-5.4.3/src/lvm.c b/third-party/lua-5.4.3/src/lvm.c
+index c9729bc..51b9614 100644
+--- a/third-party/lua-5.4.3/src/lvm.c
++++ b/third-party/lua-5.4.3/src/lvm.c
+@@ -656,8 +656,10 @@ void luaV_concat (lua_State *L, int total) {
+       /* collect total length and number of strings */
+       for (n = 1; n < total && tostring(L, s2v(top - n - 1)); n++) {
+         size_t l = vslen(s2v(top - n - 1));
+-        if (l_unlikely(l >= (MAX_SIZE/sizeof(char)) - tl))
++        if (l_unlikely(l >= (MAX_SIZE/sizeof(char)) - tl)) {
++          L->top = top - total;  /* pop strings to avoid wasting stack */
+           luaG_runerror(L, "string length overflow");
++        }
+         tl += l;
+       }
+       if (tl <= LUAI_MAXSHORTLEN) {  /* is result a short string? */
+@@ -672,7 +674,7 @@ void luaV_concat (lua_State *L, int total) {
+       setsvalue2s(L, top - n, ts);  /* create result */
+     }
+     total -= n-1;  /* got 'n' strings to create 1 new */
+-    L->top -= n-1;  /* popped 'n' strings and pushed one */
++    L->top = top - (n - 1);  /* popped 'n' strings and pushed one */
+   } while (total > 1);  /* repeat until only 1 result left */
+ }
+
+-- 
+2.45.4
+
diff --git a/SPECS/ntopng/ntopng.spec b/SPECS/ntopng/ntopng.spec
@@ -2,7 +2,7 @@
 Summary:        Web-based Network Traffic Monitoring Application
 Name:           ntopng
 Version:        5.2.1
-Release:        3%{?dist}
+Release:        4%{?dist}
 License:        GPLv3
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
@@ -14,6 +14,7 @@ Source0:        %{name}-%{version}.tar.gz
 Source1:        nDPI-%{nDPIver}.tar.gz
 Patch1:         CVE-2021-45985.patch
 Patch2:         CVE-2021-44964.patch
+Patch3:         CVE-2026-24809.patch
 BuildRequires:  curl-devel
 BuildRequires:  gcc
 BuildRequires:  glib-devel
@@ -63,6 +64,9 @@ mv nDPI-%{nDPIver} nDPI
 %{_datadir}/ntopng/*
 
 %changelog
+* Thu Jan 29 2026 Azure Linux Security Servicing Account <[email protected]> - 5.2.1-4
+- Patch for CVE-2026-24809
+
 * Wed Apr 16 2025 Jyoti Kanase <[email protected]> - 5.2.1-3
 - Patch CVE-2021-44964