Описание
ELSA-2020-0892: zsh security update (IMPORTANT)
[4.3.11-11]
- improve printing of error messages introduced by the fix of CVE-2019-20044
[4.3.11-10]
- drop privileges securely when unsetting PRIVILEGED option (CVE-2019-20044)
Обновленные пакеты
Oracle Linux 6
Oracle Linux x86_64
zsh
4.3.11-11.el6_10
Oracle Linux i686
zsh
4.3.11-11.el6_10
Связанные CVE
Связанные уязвимости
In Zsh before 5.8, attackers able to execute commands can regain privileges dropped by the --no-PRIVILEGED option. Zsh fails to overwrite the saved uid, so the original privileges can be restored by executing MODULE_PATH=/dir/with/module zmodload with a module that calls setuid().
In Zsh before 5.8, attackers able to execute commands can regain privileges dropped by the --no-PRIVILEGED option. Zsh fails to overwrite the saved uid, so the original privileges can be restored by executing MODULE_PATH=/dir/with/module zmodload with a module that calls setuid().
In Zsh before 5.8, attackers able to execute commands can regain privileges dropped by the --no-PRIVILEGED option. Zsh fails to overwrite the saved uid, so the original privileges can be restored by executing MODULE_PATH=/dir/with/module zmodload with a module that calls setuid().
In Zsh before 5.8, attackers able to execute commands can regain privi ...
