]> git.proxmox.com Git - mirror_zfs.git/commit
projects / mirror_zfs.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 835e036) | patch
LUA: Fix CVE-2014-5461
authorRichard Yao <richard.yao@alumni.stonybrook.edu>
Tue, 27 Sep 2022 23:44:13 +0000 (19:44 -0400)
committerTony Hutter <hutter2@llnl.gov>
Tue, 27 Sep 2022 23:49:02 +0000 (16:49 -0700)
commitc973929b29bb945d1a1fd9f54a5238360f0e1029
tree3c9a577c5a0dfc69e8dd60c693046c30858b5ed5tree
parent835e03682c22f95a774f1a21d6e96e00f063fef9commit | diff
LUA: Fix CVE-2014-5461

Apply the fix from upstream.

http://www.lua.org/bugs.html#5.2.2-1
https://www.opencve.io/cve/CVE-2014-5461

It should be noted that exploiting this requires the `SYS_CONFIG`
privilege, and anyone with that privilege likely has other opportunities
to do exploits, so it is unlikely that bad actors could exploit this
unless system administrators are executing untrusted ZFS Channel
Programs.

Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Richard Yao <richard.yao@alumni.stonybrook.edu>
Closes #13949
module/lua/ldo.c diff | blob | blame | history
ZFS On Linux mirror for PVE