zsh-5.5.1-9.el8

エラータID: AXSA:2022-3376:01

Release date: 
Monday, July 4, 2022 - 13:24
Subject: 
zsh-5.5.1-9.el8
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
Moderate
Description: 

The zsh shell is a command interpreter usable as an interactive login shell and as a shell script command processor. Zsh resembles the ksh shell (the Korn shell), but includes many enhancements. Zsh supports command-line editing, built-in spelling correction, programmable command completion, shell functions (with autoloading), a history mechanism, and more.

Security Fix(es):

* zsh: Prompt expansion vulnerability (CVE-2021-45444)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Asianux Server 8.6 Release Notes linked from the References section.

CVE-2021-45444
In zsh before 5.8.1, an attacker can achieve code execution if they control a command output inside the prompt, as demonstrated by a %F argument. This occurs because of recursive PROMPT_SUBST expansion.

Solution: 

Update packages.

CVEs: 
CVE-2021-45444
In zsh before 5.8.1, an attacker can achieve code execution if they control a command output inside the prompt, as demonstrated by a %F argument. This occurs because of recursive PROMPT_SUBST expansion.
Additional Info: 

N/A

Download: 

SRPMS
  1. zsh-5.5.1-9.el8.src.rpm
    MD5: 85517ef95d2b0c78f8c02198b6c8f06a
    SHA-256: e373ece2dd9dd628d7025fa492f847d695034202030fbc3a195c3c3466089a9d
    Size: 2.95 MB

Asianux Server 8 for x86_64
  1. zsh-5.5.1-9.el8.x86_64.rpm
    MD5: 39e5d912e173e59412fe893bf09dfbd7
    SHA-256: 4ece5b21e21dfa04e0ee3db5e9826677ff2941c722845a74567d8687b0438e88
    Size: 2.89 MB
  2. zsh-html-5.5.1-9.el8.noarch.rpm
    MD5: 02ab76a39253bed983275e5a75e91903
    SHA-256: 158326d947268a5d49ada6bf991b279b60ee5014c5b1c1c9761a2d63087ed7b3
    Size: 518.65 kB