Ubuntu Security Notice 3764-1 - It was discovered that Zsh incorrectly handled certain scripts. An attacker could possibly use this issue to execute arbitrary code. Richard Maciel Costa discovered that Zsh incorrectly handled certain scripts. An attacker could possibly use this issue to execute arbitrary code.
89ba063df98e23a09aa7ae98398a759961e064ec95db0c10e5c0223142e0b938
==========================================================================
Ubuntu Security Notice USN-3764-1
September 11, 2018
zsh vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
Zsh could be made to execute arbitrary code if it received
a specially crafted script.
Software Description:
- zsh: shell with lots of features
Details:
It was discovered that Zsh incorrectly handled certain scripts.
An attacker could possibly use this issue to execute arbitrary code.
(CVE-2018-0502, CVE-2018-13259)
Richard Maciel Costa discovered that Zsh incorrectly handled certain
scripts. An attacker could possibly use this issue to execute arbitrary
code. (CVE-2018-1100)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS:
zsh 5.4.2-3ubuntu3.1
Ubuntu 16.04 LTS:
zsh 5.1.1-1ubuntu2.3
Ubuntu 14.04 LTS:
zsh 5.0.2-3ubuntu6.3
After a standard system update you need to restart Zsh to make
all the necessary changes.
References:
https://usn.ubuntu.com/usn/usn-3764-1
CVE-2018-0502, CVE-2018-1100, CVE-2018-13259
Package Information:
https://launchpad.net/ubuntu/+source/zsh/5.4.2-3ubuntu3.1
https://launchpad.net/ubuntu/+source/zsh/5.1.1-1ubuntu2.3
https://launchpad.net/ubuntu/+source/zsh/5.0.2-3ubuntu6.3