Описание
ELSA-2020-0903: zsh security update (IMPORTANT)
[5.5.1-6.el8_1.2]
- improve printing of error messages introduced by the fix of CVE-2019-20044
[5.5.1-6.el8_1.1]
- drop privileges securely when unsetting PRIVILEGED option (CVE-2019-20044)
Обновленные пакеты
Oracle Linux 8
Oracle Linux aarch64
zsh
5.5.1-6.el8_1.2
zsh-html
5.5.1-6.el8_1.2
Oracle Linux x86_64
zsh
5.5.1-6.el8_1.2
zsh-html
5.5.1-6.el8_1.2
Связанные CVE
Связанные уязвимости
In Zsh before 5.8, attackers able to execute commands can regain privileges dropped by the --no-PRIVILEGED option. Zsh fails to overwrite the saved uid, so the original privileges can be restored by executing MODULE_PATH=/dir/with/module zmodload with a module that calls setuid().
In Zsh before 5.8, attackers able to execute commands can regain privileges dropped by the --no-PRIVILEGED option. Zsh fails to overwrite the saved uid, so the original privileges can be restored by executing MODULE_PATH=/dir/with/module zmodload with a module that calls setuid().
In Zsh before 5.8, attackers able to execute commands can regain privileges dropped by the --no-PRIVILEGED option. Zsh fails to overwrite the saved uid, so the original privileges can be restored by executing MODULE_PATH=/dir/with/module zmodload with a module that calls setuid().
In Zsh before 5.8, attackers able to execute commands can regain privi ...
