]> CyberLeo.Net >> Repos - FreeBSD/FreeBSD.git/commit
projects / FreeBSD / FreeBSD.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: fdc2d30) | patch
LUA: Fix CVE-2014-5461
authorRichard Yao <richard.yao@alumni.stonybrook.edu>
Tue, 27 Sep 2022 23:44:13 +0000 (19:44 -0400)
committerGitHub <noreply@github.com>
Tue, 27 Sep 2022 23:44:13 +0000 (16:44 -0700)
commit31b4e008f13fe00c5619fee06c6502d417448bd5
tree0b60549ac39f74bb15208340f91942f9c331c4fetree | snapshot
parentfdc2d303710416868a05084e984fd8f231e948bdcommit | diff
LUA: Fix CVE-2014-5461

Apply the fix from upstream.

http://www.lua.org/bugs.html#5.2.2-1
https://www.opencve.io/cve/CVE-2014-5461

It should be noted that exploiting this requires the `SYS_CONFIG`
privilege, and anyone with that privilege likely has other opportunities
to do exploits, so it is unlikely that bad actors could exploit this
unless system administrators are executing untrusted ZFS Channel
Programs.

Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Richard Yao <richard.yao@alumni.stonybrook.edu>
Closes #13949
module/lua/ldo.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.