Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#58196 - [zsh]: CVE-2018-1100: buffer overflow in utils.c:checkmailpath() can lead to local arbitrary code ex
Attached to Project:
Arch Linux
Opened by Karol Babioch (kbabioch) - Wednesday, 11 April 2018, 07:38 GMT
Last edited by Doug Newgard (Scimmia) - Wednesday, 11 April 2018, 14:30 GMT
Opened by Karol Babioch (kbabioch) - Wednesday, 11 April 2018, 07:38 GMT
Last edited by Doug Newgard (Scimmia) - Wednesday, 11 April 2018, 14:30 GMT
|
Detailszsh through version 5.4.2 is vulnerable to a stack-based buffer overflow in the utils.c:checkmailpath function. A local attacker could exploit this to execute arbitrary code in the context of another user.
References: https://bugzilla.redhat.com/show_bug.cgi?id=1563395 https://sourceforge.net/p/zsh/code/ci/31f72205630687c1cef89347863aab355296a27f/ |
This task depends upon
Closed by Doug Newgard (Scimmia)
Wednesday, 11 April 2018, 14:30 GMT
Reason for closing: Not a bug
Additional comments about closing: 5.5 was updated in the repos 2 days ago
Wednesday, 11 April 2018, 14:30 GMT
Reason for closing: Not a bug
Additional comments about closing: 5.5 was updated in the repos 2 days ago