Download
| Alert*
oval:org.secpod.oval:def:2103387
zsh before 5.0.7 allows evaluation of the initial values of integer variables imported from the environment (instead of treating them as literal numbers). That could allow local privilege escalation, under some specific and atypical conditions where zsh is being invoked in privilege-elevation contex ... oval:org.secpod.oval:def:89002108 This update for zsh fixes the following issues: - CVE-2014-10070: environment variable injection could lead to local privilege escalation - CVE-2014-10071: buffer overflow in exec.c could lead to denial of service. - CVE-2014-10072: buffer overflow In utils.c when scanning very long directory path ... oval:org.secpod.oval:def:704232 zsh: shell with lots of features Several security issues were fixed in Zsh. oval:org.secpod.oval:def:89046120 This update for zsh fixes the following issues: - CVE-2019-20044: Fixed an insecure dropping of privileges when unsetting the PRIVILEGED option . - CVE-2018-13259: Fixed an unexpected truncation of long shebang lines . - CVE-2018-7549: Fixed a crash when an empty hash table . - CVE-2018-1083: Fixed ... oval:org.secpod.oval:def:52100 zsh: shell with lots of features Several security issues were fixed in Zsh. |