Mageia 9: 2023-0344 Critical Advisory on Fish Shell CVE-2023-49284

mageia

December 12, 2023

Mageia 9 is updated to version 3.6.4 to fix CVE-2023-49284

Summary

Mageia 9 is updated to version 3.6.4 to fix CVE-2023-49284. Mageia 8 receives an upstream patch to fix CVE-2023-49284. CVE-2023-49284: fish shell uses certain Unicode non-characters internally for marking wildcards and expansions. It will incorrectly allow these markers to be read on command substitution output, rather than transforming them into a safe internal representation.

References

- https://bugs.mageia.org/show_bug.cgi?id=32614

- https://www.cve.org/CVERecord?id=CVE-2023-49284

Topics Covered

security advisory critical update fish shell Mageia Unicode issue command substitution

Resolution

SRPMS

- 8/core/fish-3.4.1-1.1.mga8

- 9/core/fish-3.6.4-1.mga9

Severity

critical

Lowest

Low

Medium

High

Critical

Publication date: 12 Dec 2023

URL: https://advisories.mageia.org/MGASA-2023-0344.html

Type: security

CVE: CVE-2023-49284

Topics Covered

security advisory critical update fish shell Mageia Unicode issue command substitution

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Mageia 9: 2023-0344 Critical Advisory on Fish Shell CVE-2023-49284

Summary

References

Topics Covered

Resolution

SRPMS

Topics Covered

Get the latest News and Insights

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Mageia 9: 2023-0344 Critical Advisory on Fish Shell CVE-2023-49284

Summary

References

Topics Covered

Resolution

SRPMS

Topics Covered

Get the latest News and Insights

Related Articles

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!