Here are the details from the Slackware 15.0 ChangeLog: patches/packages/zsh-5.9-i586-1_slack15.0.txz: Upgraded. This release fixes a security issue in zsh-5.8: Some prompt expansion sequences, such as %F, support 'arguments' which are themselves expanded in case they contain colour values, etc. This additional expansion would trigger PROMPT_SUBST evaluation, if enabled. This could be abused to execute code the user didn't expect. e.g., given a certain prompt configuration, an attacker could trick a user into executing arbitrary code by having them check out a Git branch with a specially crafted name. This is fixed in the shell itself by no longer performing PROMPT_SUBST evaluation on these prompt-expansion arguments. Note that this is a potential incompatibilty if you are relying on the previous behavior of PROMPT_SUBST. Thanks to pblsxw for the heads-up on this. For more information, see: https://www.cve.org/CVERecord?id=CVE-2021-45444 (* Security
Read the Full AdvisoryThanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)
Also see the "Get Slack" section on http://www.slackware.com/ for
additional mirror sites near you.
Updated package for Slackware 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/zsh-5.9-i586-1_slack15.0.txz
Updated package for Slackware x86_64 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/zsh-5.9-x86_64-1_slack15.0.txz
Slackware 15.0 package:
061804a8d52ec3c1492bda4f05748fea zsh-5.9-i586-1_slack15.0.txz
Slackware x86_64 15.0 package:
3d0b84ddbbeedf0d346ef1819bb29e32 zsh-5.9-x86_64-1_slack15.0.txz
Get the latest Linux and open source security news straight to your inbox.
Installation instructions: Upgrade the package as root: # upgradepkg zsh-5.9-i586-1_slack15.0.txz