CLSA-2026-1777051205 zsh: Fix of 3 CVEs

CVE-2018-1071: check bounds when copying path in hashcmd - CVE-2018-7549: avoid crash copying empty hash table - CVE-2018-13259: fix shebang line truncation in zexecve...

CLSA-2026-1777051545 zsh: Fix of 3 CVEs

CVE-2018-1071: check bounds when copying path in hashcmd - CVE-2018-7549: avoid crash copying empty hash table - CVE-2018-13259: fix shebang line truncation in zexecve...

Security update for obs-service-set_version (moderate)

openSUSE Security Update: Security update for obs-service-setversion Announcement ID: openSUSE-SU-2026:0108-1 Rating: moderate References: 1072359 1212476 866966 Cross-References: CVE-2014-0593 Affected Products: openSUSE Backports SLE-15-SP7 An update that solves one vulnerability and has two...

Security update for python3

This update for python3 fixes the following issues: Security fixes: CVE-2025-4517: Fixed arbitrary filesystem writes outside the extraction directory during extraction with filter="data" bsc1244032 CVE-2025-4330: Fixed extraction filter bypass for linking outside extraction directory bsc1244060...

MiracleLinux 7 : zsh-5.0.2-33.el7 (AXSA:2019-3997:01)

The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2019-3997:01 advisory. zsh: Improper handling of shebang line longer than 64 CVE-2018-13259 Tenable has extracted the preceding description block directly from the MiracleLinux...

EUVD-2018-5207

Malware in sbrugna...

gimp:2.8 security update

gimp 2:2.28.22-26 - bump spec pygobject2 2.28.7-5 - bump spec to fix NVR pygtk2 2.24.0-25 - Fix shebang mangling for prefix=app 1907579 - disable numpy for flatpak 1907579 python2-pycairo 1.16.3-7 - bump spec for NVR fix...

Oracle Linux 8 : gimp:2.8 (ELSA-2025-0746)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-0746 advisory. gimp 2:2.28.22-26 - bump spec pygobject2 2.28.7-5 - bump spec to fix NVR pygtk2 2.24.0-25 - Fix shebang mangling for prefix=app 1907579 - disable numpy...

CVE-2024-27301

Support App is an opensource application specialized in managing Apple devices. It's possible to abuse a vulnerability inside the postinstall installer script to make the installer execute arbitrary code as root. The cause of the vulnerability is the fact that the shebang !/bin/zsh is being used...

CVE-2024-27301 Privilege Escalation Abusing installer in SupportApp

Support App is an opensource application specialized in managing Apple devices. It's possible to abuse a vulnerability inside the postinstall installer script to make the installer execute arbitrary code as root. The cause of the vulnerability is the fact that the shebang !/bin/zsh is being used...

SUSE CVE-2018-0502

An issue was discovered in zsh before 5.6. The beginning of a ! script file was mishandled, potentially leading to an execve call to a program named on the second line...

SUSE-SU-2022:14910-1 Security update for zsh

This update for zsh fixes the following issues: - CVE-2019-20044: Fixed an insecure dropping of privileges when unsetting the PRIVILEGED option bsc1163882. - CVE-2018-13259: Fixed an unexpected truncation of long shebang lines bsc1107294. - CVE-2018-7549: Fixed a crash when an empty hash table...

Expert Details macOS Bug That Could Let Malware Bypass Gatekeeper Security

Apple recently fixed a security vulnerability in the macOS operating system that could be potentially exploited by a threat actor to "trivially and reliably" bypass a "myriad of foundational macOS security mechanisms" and run arbitrary code. Security researcher Patrick Wardle detailed the discove...

The vulnerability of the UNIX command-line shell script processor Zsh, related to the lack of input validation mechanisms, allows attackers to access sensitive data, compromise its integrity, and cause service failures.

The vulnerability of the UNIX command-line shell script processor Zsh is related to the improper handling of scripts containing !. Exploiting this vulnerability can allow an attacker to gain access to confidential data, compromise its integrity, and cause service failures...

The vulnerability of the Zsh shell script interpreter on UNIX systems arises from the lack of input validation mechanisms. This allows attackers to access sensitive data, compromise its integrity, and cause service failures.

The vulnerability of the Shebang handler in the UNIX command shell Zsh is related to the shortening of the Shebang line that exceeds 64 characters. Exploiting this vulnerability can allow a remote attacker to access confidential data, compromise its integrity, and cause service failures...

Debian DLA-2470-1 : zsh security update

Several security vulnerabilities were found and corrected in zsh, a powerful shell and scripting language. Off-by-one errors, wrong parsing of shebang lines and buffer overflows may lead to unexpected behavior. A local, unprivileged user can create a specially crafted message file or directory...

Huawei EulerOS: Security Advisory for zsh (EulerOS-SA-2019-2684)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

NewStart CGSL CORE 5.05 / MAIN 5.05 : zsh Vulnerability (NS-SA-2019-0247)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has zsh packages installed that are affected by a vulnerability: - An issue was discovered in zsh before 5.6. Shebang lines exceeding 64 characters were truncated, potentially leading to an execve call to a program name that is...

EulerOS 2.0 SP3 : zsh (EulerOS-SA-2019-2684)

According to the versions of the zsh package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in zsh before 5.6. Shebang lines exceeding 64 characters were truncated, potentially leading to an execve call to a program...

EulerOS 2.0 SP2 : zsh (EulerOS-SA-2019-2459)

According to the versions of the zsh package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in zsh before 5.6. The beginning of a ! script file was mishandled, potentially leading to an execve call to a program named...