CLSA-2026-1777051205 zsh: Fix of 3 CVEs

CVE-2018-1071: check bounds when copying path in hashcmd - CVE-2018-7549: avoid crash copying empty hash table - CVE-2018-13259: fix shebang line truncation in zexecve...

CLSA-2026-1777051545 zsh: Fix of 3 CVEs

CVE-2018-1071: check bounds when copying path in hashcmd - CVE-2018-7549: avoid crash copying empty hash table - CVE-2018-13259: fix shebang line truncation in zexecve...

Security update for obs-service-set_version (moderate)

openSUSE Security Update: Security update for obs-service-setversion Announcement ID: openSUSE-SU-2026:0108-1 Rating: moderate References: 1072359 1212476 866966 Cross-References: CVE-2014-0593 Affected Products: openSUSE Backports SLE-15-SP7 An update that solves one vulnerability and has two...

Security update for python3

This update for python3 fixes the following issues: Security fixes: CVE-2025-4517: Fixed arbitrary filesystem writes outside the extraction directory during extraction with filter="data" bsc1244032 CVE-2025-4330: Fixed extraction filter bypass for linking outside extraction directory bsc1244060...

MiracleLinux 7 : zsh-5.0.2-33.el7 (AXSA:2019-3997:01)

The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2019-3997:01 advisory. zsh: Improper handling of shebang line longer than 64 CVE-2018-13259 Tenable has extracted the preceding description block directly from the MiracleLinux...

EUVD-2018-5207

Malware in sbrugna...

gimp:2.8 security update

gimp 2:2.28.22-26 - bump spec pygobject2 2.28.7-5 - bump spec to fix NVR pygtk2 2.24.0-25 - Fix shebang mangling for prefix=app 1907579 - disable numpy for flatpak 1907579 python2-pycairo 1.16.3-7 - bump spec for NVR fix...

Oracle Linux 8 : gimp:2.8 (ELSA-2025-0746)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-0746 advisory. gimp 2:2.28.22-26 - bump spec pygobject2 2.28.7-5 - bump spec to fix NVR pygtk2 2.24.0-25 - Fix shebang mangling for prefix=app 1907579 - disable numpy...

CVE-2024-27301

Support App is an opensource application specialized in managing Apple devices. It's possible to abuse a vulnerability inside the postinstall installer script to make the installer execute arbitrary code as root. The cause of the vulnerability is the fact that the shebang !/bin/zsh is being used...

CVE-2024-27301 Privilege Escalation Abusing installer in SupportApp

Support App is an opensource application specialized in managing Apple devices. It's possible to abuse a vulnerability inside the postinstall installer script to make the installer execute arbitrary code as root. The cause of the vulnerability is the fact that the shebang !/bin/zsh is being used...

SUSE CVE-2018-0502

An issue was discovered in zsh before 5.6. The beginning of a ! script file was mishandled, potentially leading to an execve call to a program named on the second line...

SUSE-SU-2022:14910-1 Security update for zsh

This update for zsh fixes the following issues: - CVE-2019-20044: Fixed an insecure dropping of privileges when unsetting the PRIVILEGED option bsc1163882. - CVE-2018-13259: Fixed an unexpected truncation of long shebang lines bsc1107294. - CVE-2018-7549: Fixed a crash when an empty hash table...

Expert Details macOS Bug That Could Let Malware Bypass Gatekeeper Security

Apple recently fixed a security vulnerability in the macOS operating system that could be potentially exploited by a threat actor to "trivially and reliably" bypass a "myriad of foundational macOS security mechanisms" and run arbitrary code. Security researcher Patrick Wardle detailed the discove...

Debian DLA-2470-1 : zsh security update

Several security vulnerabilities were found and corrected in zsh, a powerful shell and scripting language. Off-by-one errors, wrong parsing of shebang lines and buffer overflows may lead to unexpected behavior. A local, unprivileged user can create a specially crafted message file or directory...

Huawei EulerOS: Security Advisory for zsh (EulerOS-SA-2019-2684)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

NewStart CGSL CORE 5.05 / MAIN 5.05 : zsh Vulnerability (NS-SA-2019-0247)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has zsh packages installed that are affected by a vulnerability: - An issue was discovered in zsh before 5.6. Shebang lines exceeding 64 characters were truncated, potentially leading to an execve call to a program name that is...

EulerOS 2.0 SP3 : zsh (EulerOS-SA-2019-2684)

According to the versions of the zsh package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in zsh before 5.6. Shebang lines exceeding 64 characters were truncated, potentially leading to an execve call to a program...

EulerOS 2.0 SP2 : zsh (EulerOS-SA-2019-2459)

According to the versions of the zsh package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in zsh before 5.6. The beginning of a ! script file was mishandled, potentially leading to an execve call to a program named...

lttng-ust bug fix and enhancement update

This update fixes two issues in lttng-ust and subpackages. There was a bad shebang in the /usr/bin/lttng-gen-tp utility that prevented users from executing it. This issue has been fixed. lttng-ust was only available for x8664 architectures. lttng-ust is now available for all architectures support...

ALBA-2019:3411 lttng-ust bug fix and enhancement update

This update fixes two issues in lttng-ust and subpackages. There was a bad shebang in the /usr/bin/lttng-gen-tp utility that prevented users from executing it. This issue has been fixed. lttng-ust was only available for x8664 architectures. lttng-ust is now available for all architectures support...