Download
| Alert*
oval:org.secpod.oval:def:1601054
It was discovered that zsh does not properly validate the shebang of input files and it truncates it to the first 64 bytes. A local attacker may use this flaw to make zsh execute a different binary than what is expected, named with a substring of the shebang one. oval:org.secpod.oval:def:89045919 This update for zsh fixes the following issues: - CVE-2018-0502: Fixed execve call vulnerability to program named on the second line when the beginning of a #! script file was mishandled. - CVE-2018-13259: Fixed execve call vulnerability to program name that is a substring of the intended one oval:org.secpod.oval:def:115103 The zsh shell is a command interpreter usable as an interactive login shell and as a shell script command processor. Zsh resembles the ksh shell , but includes many enhancements. Zsh supports command line editing, built-in spelling correction, programmable command completion, shell functions , a his ... oval:org.secpod.oval:def:704311 zsh: shell with lots of features Zsh could be made to execute arbitrary code if it received a specially crafted script. oval:org.secpod.oval:def:115106 The zsh shell is a command interpreter usable as an interactive login shell and as a shell script command processor. Zsh resembles the ksh shell , but includes many enhancements. Zsh supports command line editing, built-in spelling correction, programmable command completion, shell functions , a his ... oval:org.secpod.oval:def:503255 The zsh shell is a command interpreter usable as an interactive login shell and as a shell script command processor. Zsh resembles the ksh shell , but includes many enhancements. Zsh supports command-line editing, built-in spelling correction, programmable command completion, shell functions , a his ... oval:org.secpod.oval:def:51120 zsh: shell with lots of features Zsh could be made to execute arbitrary code if it received a specially crafted script. oval:org.secpod.oval:def:89049628 This update for zsh to version 5.6 fixes the following security issues: - CVE-2018-0502: The beginning of a #! script file was mishandled, potentially leading to an execve call to a program named on the second line . - CVE-2018-13259: Shebang lines exceeding 64 characters were truncated, potentially ... oval:org.secpod.oval:def:205312 The zsh shell is a command interpreter usable as an interactive login shell and as a shell script command processor. Zsh resembles the ksh shell , but includes many enhancements. Zsh supports command-line editing, built-in spelling correction, programmable command completion, shell functions , a his ... oval:org.secpod.oval:def:1504452 [5.0.2-33] - fix regression in oh-my-zsh vcs_info hooks introduced in -30 [5.0.2-32] - fix improper handling of shebang line longer than 64 bytes oval:org.secpod.oval:def:2000801 An issue was discovered in zsh before 5.6. Shebang lines exceeding 64 characters were truncated, potentially leading to an execve call to a program name that is a substring of the intended one. oval:org.secpod.oval:def:1700084 An issue was discovered in zsh before 5.6. The beginning of a #! script file was mishandled, potentially leading to an execve call to a program named on the second line.It was discovered that zsh does not properly validate the shebang of input files and it truncates it to the first 64 bytes. A local ... oval:org.secpod.oval:def:89046120 This update for zsh fixes the following issues: - CVE-2019-20044: Fixed an insecure dropping of privileges when unsetting the PRIVILEGED option . - CVE-2018-13259: Fixed an unexpected truncation of long shebang lines . - CVE-2018-7549: Fixed a crash when an empty hash table . - CVE-2018-1083: Fixed ... |