------------------------------------------------------------------------- Debian LTS Advisory DLA-2470-1 debian-...@lists.debian.org https://www.debian.org/lts/security/ Markus Koschany November 30, 2020 https://wiki.debian.org/LTS -------------------------------------------------------------------------
Package : zsh Version : 5.3.1-4+deb9u4 CVE ID : CVE-2017-18206 CVE-2018-0502 CVE-2018-1071 CVE-2018-1083 CVE-2018-1100 CVE-2018-13259 CVE-2019-20044 Debian Bug : 908000 894044 894043 895225 951458 Several security vulnerabilities were found and corrected in zsh, a powerful shell and scripting language. Off-by-one errors, wrong parsing of shebang lines and buffer overflows may lead to unexpected behavior. A local, unprivileged user can create a specially crafted message file or directory path. If the receiving user is privileged or traverses the aforementioned path, this leads to privilege escalation. For Debian 9 stretch, these problems have been fixed in version 5.3.1-4+deb9u4. We recommend that you upgrade your zsh packages. For the detailed security status of zsh please refer to its security tracker page at: https://security-tracker.debian.org/tracker/zsh Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS
signature.asc
Description: This is a digitally signed message part