HomeFreeBSD

LUA: Fix CVE-2014-5461

Description

LUA: Fix CVE-2014-5461

Apply the fix from upstream.

http://www.lua.org/bugs.html#5.2.2-1
https://www.opencve.io/cve/CVE-2014-5461

It should be noted that exploiting this requires the SYS_CONFIG
privilege, and anyone with that privilege likely has other opportunities
to do exploits, so it is unlikely that bad actors could exploit this
unless system administrators are executing untrusted ZFS Channel
Programs.

Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Richard Yao <richard.yao@alumni.stonybrook.edu>
Closes #13949

Details

Provenance
Richard Yao <richard.yao@alumni.stonybrook.edu>Authored on Sep 27 2022, 11:44 PM
GitHub <noreply@github.com>Committed on Sep 27 2022, 11:44 PM
Parents
rGfdc2d3037104: Cleanup: Specify unsignedness on things that should not be signed
Branches
Unknown
Tags
Unknown

Event Timeline

GitHub <noreply@github.com> committed rG31b4e008f13f: LUA: Fix CVE-2014-5461 (authored by Richard Yao <richard.yao@alumni.stonybrook.edu>).Sep 27 2022, 11:44 PM