Alerts This Week
Warning Icon 1 666
Alerts This Week
Warning Icon 1 666

Slackware 14.x 2019-013-01 Critical: Zsh Local Code Execution

slackware
Calendar Grey January 14, 2019
Dist Slackware Esm H88
Recent updates for zsh packages have been released for Slackware 14.x to address security vulnerabilities impacting local users.
New zsh packages are available for Slackware 14.0, 14.1, and 14.2 to fix security issues

Summary

Here are the details from the Slackware 14.2 ChangeLog: patches/packages/zsh-5.6.2-i586-1_slack14.2.txz: Upgraded. This release fixes security issues, including ones that could allow a local attacker to execute arbitrary code. For more information, see: https://www.cve.org/CVERecord?id=CVE-2017-18205 https://www.cve.org/CVERecord?id=CVE-2017-18206 https://www.cve.org/CVERecord?id=CVE-2018-1071 https://www.cve.org/CVERecord?id=CVE-2018-1083 https://www.cve.org/CVERecord?id=CVE-2018-1100 https://www.cve.org/CVERecord?id=CVE-2018-7548 https://www.cve.org/CVERecord?id=CVE-2018-7549 (* Security fix *)

Topics%20covered

Topics Covered

security advisory critical issue slackware local code execution zsh package

Where Find New Packages

Thanks to the friendly folks at the OSU Open Source Lab (https://osuosl.org/) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you.
Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/zsh-5.6.2-i486-1_slack14.0.txz
Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/zsh-5.6.2-x86_64-1_slack14.0.txz
Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/zsh-5.6.2-i486-1_slack14.1.txz
Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/zsh-5.6.2-x86_64-1_slack14.1.txz
Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/zsh-5.6.2-i586-1_slack14.2.txz
Updated package for Slackware x86_64 14.2: ftp...

Read the Full Advisory

MD5 Signatures

Slackware 14.0 package: eee31011db16ee065279399d58de4c2b zsh-5.6.2-i486-1_slack14.0.txz
Slackware x86_64 14.0 package: 766df0eb186d95362a78ae523b83f7d2 zsh-5.6.2-x86_64-1_slack14.0.txz
Slackware 14.1 package: 7c376a74372346613fa58296b5a43158 zsh-5.6.2-i486-1_slack14.1.txz
Slackware x86_64 14.1 package: 80cee93fdaa1d7d526c2056b0c374ba5 zsh-5.6.2-x86_64-1_slack14.1.txz
Slackware 14.2 package: 01e67f2f735ffb022890a1adb8318b6b zsh-5.6.2-i586-1_slack14.2.txz
Slackware x86_64 14.2 package: 5e5676c283d4267057eeef2a573dae00 zsh-5.6.2-x86_64-1_slack14.2.txz

Severity
critical
Lowest
Low
Medium
High
Critical

Topics%20covered

Topics Covered

security advisory critical issue slackware local code execution zsh package

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Installation Instructions

Installation instructions: Upgrade the package as root: # upgradepkg zsh-5.6.2-i586-1_slack14.2.txz

Related News

Your message here