zsh-4.3.11-11.AXS4
エラータID: AXSA:2020-4504:01
The zsh shell is a command interpreter usable as an interactive login shell and as a shell script command processor. Zsh resembles the ksh shell (the Korn shell), but includes many enhancements. Zsh supports command-line editing, built-in spelling correction, programmable command completion, shell functions (with autoloading), a history mechanism, and more.
Security Fix(es):
* zsh: insecure dropping of privileges when unsetting PRIVILEGED option (CVE-2019-20044)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2019-20044
In Zsh before 5.8, attackers able to execute commands can regain privileges dropped by the --no-PRIVILEGED option. Zsh fails to overwrite the saved uid, so the original privileges can be restored by executing MODULE_PATH=/dir/with/module zmodload with a module that calls setuid().
Update packages.
In Zsh before 5.8, attackers able to execute commands can regain privileges dropped by the --no-PRIVILEGED option. Zsh fails to overwrite the saved uid, so the original privileges can be restored by executing MODULE_PATH=/dir/with/module zmodload with a module that calls setuid().
N/A
SRPMS
- zsh-4.3.11-11.AXS4.src.rpm
MD5: 962aa1e40b552680323c6bd3ae398995
SHA-256: e437b0bbef66fa5b6222ccc248cba90880d3d28df20c9e348f158e73a954b1aa
Size: 2.80 MB
Asianux Server 4 for x86
- zsh-4.3.11-11.AXS4.i686.rpm
MD5: 688e6e644141a3e4d6b27a4221516f9a
SHA-256: 5cddfdc851ad1459108e57dea32a23ec6ce66048c477b38659c9fc979312570e
Size: 2.21 MB
Asianux Server 4 for x86_64
- zsh-4.3.11-11.AXS4.x86_64.rpm
MD5: bfd19830854113602565879ec7b8393e
SHA-256: c28c718b18797a377f86d7a508acb22b49d0ff9ccba08f425e069a7b385624f0
Size: 2.24 MB