SUSE-SU-2022:14910-1 Security update for zsh

This update for zsh fixes the following issues: - CVE-2019-20044: Fixed an insecure dropping of privileges when unsetting the PRIVILEGED option bsc1163882. - CVE-2018-13259: Fixed an unexpected truncation of long shebang lines bsc1107294. - CVE-2018-7549: Fixed a crash when an empty hash table...

SUSE-SU-2022:0735-1 Security update for zsh

This update for zsh fixes the following issues: - CVE-2021-45444: Fixed a vulnerability where arbitrary shell commands could be executed related to prompt expansion bsc1196435. - CVE-2019-20044: Fixed a vulnerability where shell privileges would not be properly dropped when unsetting the PRIVILEG...

OPENSUSE-SU-2022:0735-1 Security update for zsh

This update for zsh fixes the following issues: - CVE-2021-45444: Fixed a vulnerability where arbitrary shell commands could be executed related to prompt expansion bsc1196435. - CVE-2019-20044: Fixed a vulnerability where shell privileges would not be properly dropped when unsetting the PRIVILEG...

SUSE-SU-2022:0733-1 Security update for zsh

This update for zsh fixes the following issues: - CVE-2021-45444: Fixed a vulnerability where arbitrary shell commands could be executed related to prompt expansion bsc1196435. - CVE-2019-20044: Fixed a vulnerability where shell privileges would not be properly dropped when unsetting the PRIVILEG...

SUSE-SU-2022:0732-1 Security update for zsh

This update for zsh fixes the following issues: - CVE-2021-45444: Fixed a vulnerability where arbitrary shell commands could be executed related to prompt expansion bsc1196435. - CVE-2019-20044: Fixed a vulnerability where shell privileges would not be properly dropped when unsetting the PRIVILEG...

CVE-2021-45444

CVE-2021-45444 affects zsh up to version 5.8.0, where an attacker-controlled command output inside the prompt can trigger code execution due to recursive PROMPT_SUBST expansion (notably via a %F argument). Connected advisories confirm the issue in zsh and state the fix as upgrading to zsh 5.8.1. ...

CVE-2019-20044

In Zsh before 5.8, attackers able to execute commands can regain privileges dropped by the --no-PRIVILEGED option. Zsh fails to overwrite the saved uid, so the original privileges can be restored by executing MODULEPATH=/dir/with/module zmodload with a module that calls setuid...

CVE-2019-20044

In Zsh before 5.8, attackers able to execute commands can regain privileges dropped by the --no-PRIVILEGED option. Zsh fails to overwrite the saved uid, so the original privileges can be restored by executing MODULEPATH=/dir/with/module zmodload with a module that calls setuid...

DLA-2117-1 zsh - security update

Bulletin has no description...

SUSE-SU-2018:2686-1 Security update for zsh

This update for zsh to version 5.6 fixes the following security issues: - CVE-2018-0502: The beginning of a ! script file was mishandled, potentially leading to an execve call to a program named on the second line bsc1107296. - CVE-2018-13259: Shebang lines exceeding 64 characters were truncated,...

CVE-2018-0502

An issue was discovered in zsh before 5.6. The beginning of a ! script file was mishandled, potentially leading to an execve call to a program named on the second line...

CVE-2018-0502

An issue was discovered in zsh before 5.6. The beginning of a ! script file was mishandled, potentially leading to an execve call to a program named on the second line...

openSUSE Security Update : zsh (openSUSE-2018-699)

This update for zsh to version 5.5 fixes the following issues : Security issues fixed : - CVE-2018-1100: Fixes a buffer overflow in utils.c:checkmailpath that can lead to local arbitrary code execution bsc1089030 - CVE-2018-1071: Fixed a stack-based buffer overflow in exec.c:hashcmd bsc1084656 -...

MGASA-2018-0206 Updated zsh packages fix security vulnerabilities

Richard Maciel Costa discovered that Zsh incorrectly handled certain inputs. An attacker could possibly use this to cause a denial of service CVE-2018-1071. It was discovered that Zsh incorrectly handled certain files. An attacker could possibly use this to execute arbitrary code CVE-2018-1083...

DLA-1304-1 zsh - security update

Bulletin has no description...

CVE-2017-18206

In utils.c in zsh before 5.4, symlink expansion had a buffer overflow...

CVE-2016-10714

In zsh before 5.3, an off-by-one error resulted in undersized buffers that were intended to support PATHMAX characters...