RedHat: RHSA-2020-0978:01 Important: zsh security update

    Date 26 Mar 2020
    471
    Posted By LinuxSecurity Advisories
    An update for zsh is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256
    
    =====================================================================
                       Red Hat Security Advisory
    
    Synopsis:          Important: zsh security update
    Advisory ID:       RHSA-2020:0978-01
    Product:           Red Hat Enterprise Linux
    Advisory URL:      https://access.redhat.com/errata/RHSA-2020:0978
    Issue date:        2020-03-26
    CVE Names:         CVE-2019-20044 
    =====================================================================
    
    1. Summary:
    
    An update for zsh is now available for Red Hat Enterprise Linux 8.0 Update
    Services for SAP Solutions.
    
    Red Hat Product Security has rated this update as having a security impact
    of Important. A Common Vulnerability Scoring System (CVSS) base score,
    which gives a detailed severity rating, is available for each vulnerability
    from the CVE link(s) in the References section.
    
    2. Relevant releases/architectures:
    
    Red Hat Enterprise Linux AppStream E4S (v. 8.0) - noarch
    Red Hat Enterprise Linux BaseOS E4S (v. 8.0) - aarch64, ppc64le, s390x, x86_64
    
    3. Description:
    
    The zsh shell is a command interpreter usable as an interactive login shell
    and as a shell script command processor. Zsh resembles the ksh shell (the
    Korn shell), but includes many enhancements. Zsh supports command-line
    editing, built-in spelling correction, programmable command completion,
    shell functions (with autoloading), a history mechanism, and more.
    
    Security Fix(es):
    
    * zsh: insecure dropping of privileges when unsetting PRIVILEGED option
    (CVE-2019-20044)
    
    For more details about the security issue(s), including the impact, a CVSS
    score, acknowledgments, and other related information, refer to the CVE
    page(s) listed in the References section.
    
    4. Solution:
    
    For details on how to apply this update, which includes the changes
    described in this advisory, refer to:
    
    https://access.redhat.com/articles/11258
    
    5. Bugs fixed (https://bugzilla.redhat.com/):
    
    1804859 - CVE-2019-20044 zsh: insecure dropping of privileges when unsetting PRIVILEGED option
    
    6. Package List:
    
    Red Hat Enterprise Linux AppStream E4S (v. 8.0):
    
    noarch:
    zsh-html-5.5.1-6.el8_0.2.noarch.rpm
    
    Red Hat Enterprise Linux BaseOS E4S (v. 8.0):
    
    Source:
    zsh-5.5.1-6.el8_0.2.src.rpm
    
    aarch64:
    zsh-5.5.1-6.el8_0.2.aarch64.rpm
    zsh-debuginfo-5.5.1-6.el8_0.2.aarch64.rpm
    zsh-debugsource-5.5.1-6.el8_0.2.aarch64.rpm
    
    ppc64le:
    zsh-5.5.1-6.el8_0.2.ppc64le.rpm
    zsh-debuginfo-5.5.1-6.el8_0.2.ppc64le.rpm
    zsh-debugsource-5.5.1-6.el8_0.2.ppc64le.rpm
    
    s390x:
    zsh-5.5.1-6.el8_0.2.s390x.rpm
    zsh-debuginfo-5.5.1-6.el8_0.2.s390x.rpm
    zsh-debugsource-5.5.1-6.el8_0.2.s390x.rpm
    
    x86_64:
    zsh-5.5.1-6.el8_0.2.x86_64.rpm
    zsh-debuginfo-5.5.1-6.el8_0.2.x86_64.rpm
    zsh-debugsource-5.5.1-6.el8_0.2.x86_64.rpm
    
    These packages are GPG signed by Red Hat for security.  Our key and
    details on how to verify the signature are available from
    https://access.redhat.com/security/team/key/
    
    7. References:
    
    https://access.redhat.com/security/cve/CVE-2019-20044
    https://access.redhat.com/security/updates/classification/#important
    
    8. Contact:
    
    The Red Hat security contact is . More contact
    details at https://access.redhat.com/security/team/contact/
    
    Copyright 2020 Red Hat, Inc.
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1
    
    iQIVAwUBXnxi59zjgjWX9erEAQhO6g/+OHlShHGtKTuYm4KoGcv02raB7tVmrW7t
    FtiP2VbilHIGQueWSs/OIrbW/kGhQ37nxGRV3sXX24v9meBVUoujfmxmDjjW9kJ8
    NdwFOLvCbRIbH2W+6nI7Gw8ZmGJI6umwuSAIWg1vcbB+oDVBbQAIrUf+c2ZVbF/l
    ozJ92SyqsvvjhE1E8hNpXutaslNH8E9jahsDUNCxMEn3ilivc/FTBRllty4Uw8n0
    5q0Jup5+6pOvKBoX1HW802EkilrnO5v27ux0SkP/CqAGPU7dLzkTpk8WS4Fhp+6H
    ZdHgsTzkFbM0ExJn3WRWW2D8wi2lNyqt1L/cVtl9LN7c+15BBalyPAOL6NLBvH2D
    aL/9F/QEnbVTS6a8QCifqjx3esmxdAZCHMLeGZOFwJ3yYBuNGdmms5zP+n8XIFpy
    gYf1jTiapQIVmCS8E+6HGQd28AVzzl9NWoMNxTqshxJgmAewD5M8zvfpSZOLYMhZ
    TRg8ZKJvD+eyjeBWaZO5eNc0C5WDtE6V931bjpODyJa0jCI2yYjhqqg/sHHVqEnr
    oLpHkOGFyBHEbVF7tnRHaQ4oYwxwtSC1bixKqxZSsrQ7Y/Hlq010bDbKOslRfMvt
    3/HcwSRyDPbL6vZAKPlReG0qBrqDIoJCmmapeSMxWkJ7Pj4d9no2eBRrbxpzELCd
    HRqLnDDlp64=
    =rr6U
    -----END PGP SIGNATURE-----
    
    --
    RHSA-announce mailing list
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.redhat.com/mailman/listinfo/rhsa-announce
    

    LinuxSecurity Poll

    Do you feel that the Lawful Access to Encrypted Data Act, which aims to force encryption backdoors, is a threat to US citizens' privacy?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/30-do-you-feel-that-the-lawful-access-to-encrypted-data-act-which-aims-to-force-encryption-backdoors-is-a-threat-to-privacy?task=poll.vote&format=json
    30
    radio
    [{"id":"106","title":"Yes - I am a privacy advocate and I am strongly opposed to this bill.","votes":"20","type":"x","order":"1","pct":95.24,"resources":[]},{"id":"107","title":"I'm undecided - it has its pros and cons.","votes":"1","type":"x","order":"2","pct":4.76,"resources":[]},{"id":"108","title":"No - I support this bill and feel that it will help protect against crime and threats to our national security. ","votes":"0","type":"x","order":"3","pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
    bottom 200

    Advisories

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.