Alerts This Week
Warning Icon 1 1,109
Alerts This Week
Warning Icon 1 1,109

Slackware: 2025-109-01: critical: zsh code execution threat

slackware
Calendar Grey April 19, 2025
Dist Slackware Esm H88
Revised zsh modules for Slackware 15.0 fix a vulnerability allowing potential code execution through prompt expansion.
New zsh packages are available for Slackware 15.0 to fix a security issue

Summary

Here are the details from the Slackware 15.0 ChangeLog: patches/packages/zsh-5.9-i586-1_slack15.0.txz: Upgraded. This release fixes a security issue in zsh-5.8: Some prompt expansion sequences, such as %F, support 'arguments' which are themselves expanded in case they contain colour values, etc. This additional expansion would trigger PROMPT_SUBST evaluation, if enabled. This could be abused to execute code the user didn't expect. e.g., given a certain prompt configuration, an attacker could trick a user into executing arbitrary code by having them check out a Git branch with a specially crafted name. This is fixed in the shell itself by no longer performing PROMPT_SUBST evaluation on these prompt-expansion arguments. Note that this is a potential incompatibilty if you are relying on the previous behavior of PROMPT_SUBST. Thanks to pblsxw for the heads-up on this. For more information, see: https://www.cve.org/CVERecord?id=CVE-2021-45444 (* Security

Read the Full Advisory

Where Find New Packages

Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you.
Updated package for Slackware 15.0: ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/zsh-5.9-i586-1_slack15.0.txz
Updated package for Slackware x86_64 15.0: ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/zsh-5.9-x86_64-1_slack15.0.txz

MD5 Signatures

Slackware 15.0 package: 061804a8d52ec3c1492bda4f05748fea zsh-5.9-i586-1_slack15.0.txz
Slackware x86_64 15.0 package: 3d0b84ddbbeedf0d346ef1819bb29e32 zsh-5.9-x86_64-1_slack15.0.txz

Severity
critical
Lowest
Low
Medium
High
Critical

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Installation Instructions

Installation instructions: Upgrade the package as root: # upgradepkg zsh-5.9-i586-1_slack15.0.txz

Your message here