Описание
Security update for zsh
This update for zsh fixes the following issues:
- CVE-2021-45444: Fixed a vulnerability where arbitrary shell commands could be executed related to prompt expansion (bsc#1196435).
- CVE-2019-20044: Fixed a vulnerability where shell privileges would not be properly dropped when unsetting the PRIVILEGED option (bsc#1163882).
Список пакетов
openSUSE Leap 15.3
zsh-5.6-7.5.1
zsh-htmldoc-5.6-7.5.1
Ссылки
- E-Mail link for openSUSE-SU-2022:0735-1
- SUSE Security Ratings
- SUSE Bug 1163882
- SUSE Bug 1196435
- SUSE CVE CVE-2019-20044 page
- SUSE CVE CVE-2021-45444 page
Описание
In Zsh before 5.8, attackers able to execute commands can regain privileges dropped by the --no-PRIVILEGED option. Zsh fails to overwrite the saved uid, so the original privileges can be restored by executing MODULE_PATH=/dir/with/module zmodload with a module that calls setuid().
Затронутые продукты
openSUSE Leap 15.3:zsh-5.6-7.5.1
openSUSE Leap 15.3:zsh-htmldoc-5.6-7.5.1
Ссылки
- CVE-2019-20044
- SUSE Bug 1163882
- SUSE Bug 1200039
- SUSE Bug 1200202
- SUSE Bug 1200209
Описание
In zsh before 5.8.1, an attacker can achieve code execution if they control a command output inside the prompt, as demonstrated by a %F argument. This occurs because of recursive PROMPT_SUBST expansion.
Затронутые продукты
openSUSE Leap 15.3:zsh-5.6-7.5.1
openSUSE Leap 15.3:zsh-htmldoc-5.6-7.5.1
Ссылки
- CVE-2021-45444
- SUSE Bug 1196435
- SUSE Bug 1199097
- SUSE Bug 1200202