2 matches found
SUSE SLES12 Security Update : zsh (SUSE-SU-2022:0733-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0733-1 advisory. - zsh through version 5.4.2 is vulnerable to a stack-based buffer overflow in the utils.c:checkmailpath function. A local attacker...
zsh: insecure dropping of privileges when unsetting PRIVILEGED option
A flaw was found in zsh. When unsetting the PRIVILEGED option, the shell sets its effective user and group IDs to match their respective real IDs. When the RUID and EUID were both non-zero, it is possible to regain the shell's former privileges. Also, the setopt built-in did not correctly report...