LUA: Fix CVE-2014-5461
c973929b29bb
Actions

Description

LUA: Fix CVE-2014-5461

Apply the fix from upstream.

http://www.lua.org/bugs.html#5.2.2-1
https://www.opencve.io/cve/CVE-2014-5461

It should be noted that exploiting this requires the SYS_CONFIG
privilege, and anyone with that privilege likely has other opportunities
to do exploits, so it is unlikely that bad actors could exploit this
unless system administrators are executing untrusted ZFS Channel
Programs.

Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Richard Yao <richard.yao@alumni.stonybrook.edu>
Closes #13949

Details

Provenance

Richard Yao <richard.yao@alumni.stonybrook.edu>	Authored on Sep 27 2022, 11:44 PM
Tony Hutter <hutter2@llnl.gov>	Committed on Sep 27 2022, 11:49 PM

Parents

rG835e03682c22: Linux: Fix uninitialized variable usage in zio_do_crypt_data()

Branches

Unknown

Tags

Unknown

Event Timeline

Tony Hutter <hutter2@llnl.gov> committed rGc973929b29bb: LUA: Fix CVE-2014-5461 (authored by Richard Yao <richard.yao@alumni.stonybrook.edu>).Sep 27 2022, 11:49 PM

Changes (1)

Path

Size

module/

lua/

ldo.c

rGc973929b29bb

View Options