Download
| Alert*
oval:org.secpod.oval:def:2103387
zsh before 5.0.7 allows evaluation of the initial values of integer variables imported from the environment (instead of treating them as literal numbers). That could allow local privilege escalation, under some specific and atypical conditions where zsh is being invoked in privilege-elevation contex ... oval:org.secpod.oval:def:89002108 This update for zsh fixes the following issues: - CVE-2014-10070: environment variable injection could lead to local privilege escalation - CVE-2014-10071: buffer overflow in exec.c could lead to denial of service. - CVE-2014-10072: buffer overflow In utils.c when scanning very long directory path ... oval:org.secpod.oval:def:1600947 A buffer overflow flaw was found in the zsh shell symbolic link resolver. A local, unprivileged user can create a specially crafted directory path which leads to a buffer overflow in the context of the user trying to do a symbolic link resolution in the aforementioned path. If the user affected is p ... oval:org.secpod.oval:def:115103 The zsh shell is a command interpreter usable as an interactive login shell and as a shell script command processor. Zsh resembles the ksh shell , but includes many enhancements. Zsh supports command line editing, built-in spelling correction, programmable command completion, shell functions , a his ... oval:org.secpod.oval:def:114344 The zsh shell is a command interpreter usable as an interactive login shell and as a shell script command processor. Zsh resembles the ksh shell , but includes many enhancements. Zsh supports command line editing, built-in spelling correction, programmable command completion, shell functions , a his ... oval:org.secpod.oval:def:704232 zsh: shell with lots of features Several security issues were fixed in Zsh. oval:org.secpod.oval:def:205110 The zsh shell is a command interpreter usable as an interactive login shell and as a shell script command processor. Zsh resembles the ksh shell , but includes many enhancements. Zsh supports command-line editing, built-in spelling correction, programmable command completion, shell functions , a his ... oval:org.secpod.oval:def:52100 zsh: shell with lots of features Several security issues were fixed in Zsh. oval:org.secpod.oval:def:114122 The zsh shell is a command interpreter usable as an interactive login shell and as a shell script command processor. Zsh resembles the ksh shell , but includes many enhancements. Zsh supports command line editing, built-in spelling correction, programmable command completion, shell functions , a his ... oval:org.secpod.oval:def:114166 The zsh shell is a command interpreter usable as an interactive login shell and as a shell script command processor. Zsh resembles the ksh shell , but includes many enhancements. Zsh supports command line editing, built-in spelling correction, programmable command completion, shell functions , a his ... oval:org.secpod.oval:def:502510 The zsh shell is a command interpreter usable as an interactive login shell and as a shell script command processor. Zsh resembles the ksh shell , but includes many enhancements. Zsh supports command-line editing, built-in spelling correction, programmable command completion, shell functions , a his ... oval:org.secpod.oval:def:1700019 NULL dereference in cd in sh compatibility mode under given circumstancesIn builtin.c in zsh before 5.4, when sh compatibility mode is used, there is a NULL pointer dereference during processing of the cd command with no argument if HOME is not set. Null-pointer deref when using ${...} on an empty a ... oval:org.secpod.oval:def:2000864 In params.c in zsh through 5.4.2, there is a crash during a copy of an empty hash table, as demonstrated by typeset -p. oval:org.secpod.oval:def:89046120 This update for zsh fixes the following issues: - CVE-2019-20044: Fixed an insecure dropping of privileges when unsetting the PRIVILEGED option . - CVE-2018-13259: Fixed an unexpected truncation of long shebang lines . - CVE-2018-7549: Fixed a crash when an empty hash table . - CVE-2018-1083: Fixed ... oval:org.secpod.oval:def:1502359 The advisory is missing the security advisory description. For more information please visit the reference link |