Описание
ELSA-2022-2120: zsh security update (MODERATE)
[5.5.1-9]
- do not perform PROMPT_SUBST evaluation on file.file/%K arguments (CVE-2021-45444)
[5.5.1-8]
- improve printing of error messages introduced by the fix of CVE-2019-20044
[5.5.1-7]
- drop privileges securely when unsetting PRIVILEGED option (CVE-2019-20044)
Обновленные пакеты
Oracle Linux 8
Oracle Linux aarch64
zsh
5.5.1-9.el8
zsh-html
5.5.1-9.el8
Oracle Linux x86_64
zsh
5.5.1-9.el8
zsh-html
5.5.1-9.el8
Связанные CVE
Связанные уязвимости
In zsh before 5.8.1, an attacker can achieve code execution if they control a command output inside the prompt, as demonstrated by a %F argument. This occurs because of recursive PROMPT_SUBST expansion.
In zsh before 5.8.1, an attacker can achieve code execution if they control a command output inside the prompt, as demonstrated by a %F argument. This occurs because of recursive PROMPT_SUBST expansion.
In zsh before 5.8.1, an attacker can achieve code execution if they control a command output inside the prompt, as demonstrated by a %F argument. This occurs because of recursive PROMPT_SUBST expansion.
In zsh before 5.8.1, an attacker can achieve code execution if they co ...