Alerts This Week
Warning Icon 1 631
Alerts This Week
Warning Icon 1 631

Ubuntu 18.04 LTS USN-3764-1 Critical Zsh Code Execution Risk

Calendar Sep 11, 2018 User Avatar LinuxSecurity Advisories
1 - 2 min read
Ubuntu Large Esm H500
Topics%20covered

Topics Covered

security advisory critical code execution Ubuntu arbitrary code script issue Zsh
Zsh could be made to execute arbitrary code if it received a specially crafted script. 
=========================================================================Ubuntu Security Notice USN-3764-1
September 11, 2018

zsh vulnerabilities
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS

Summary:

Zsh could be made to execute arbitrary code if it received
a specially crafted script.

Software Description:
- zsh: shell with lots of features

Details:

It was discovered that Zsh incorrectly handled certain scripts.
An attacker could possibly use this issue to execute arbitrary code.
(CVE-2018-0502, CVE-2018-13259)

Richard Maciel Costa discovered that Zsh incorrectly handled certain
scripts. An attacker could possibly use this issue to execute arbitrary
code. (CVE-2018-1100)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
  zsh                             5.4.2-3ubuntu3.1

Ubuntu 16.04 LTS:
  zsh                             5.1.1-1ubuntu2.3

Ubuntu 14.04 LTS:
  zsh                             5.0.2-3ubuntu6.3

After a standard system update you need to restart Zsh to make
all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-3764-1
  CVE-2018-0502, CVE-2018-1100, CVE-2018-13259

Package Information:
  https://launchpad.net/ubuntu/+source/zsh/5.4.2-3ubuntu3.1
  https://launchpad.net/ubuntu/+source/zsh/5.1.1-1ubuntu2.3
  https://launchpad.net/ubuntu/+source/zsh/5.0.2-3ubuntu6.3

Ubuntu 18.04 LTS USN-3764-1 Critical Zsh Code Execution Risk

ubuntu
Calendar Grey September 11, 2018
Dist Ubuntu Esm H88
Exploits in Zsh may lead to unauthorized code execution. Ensure your Ubuntu installations are updated immediately to safeguard against these threats.
Zsh could be made to execute arbitrary code if it received a specially crafted script.

Summary

Topics%20covered

Topics Covered

security advisory critical code execution Ubuntu arbitrary code script issue Zsh

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS:   zsh                             5.4.2-3ubuntu3.1 Ubuntu 16.04 LTS:   zsh                             5.1.1-1ubuntu2.3 Ubuntu 14.04 LTS:   zsh                             5.0.2-3ubuntu6.3 After a standard system update you need to restart Zsh to make all the necessary changes.

References

  https://ubuntu.com/security/notices/USN-3764-1

  CVE-2018-0502, CVE-2018-1100, CVE-2018-13259

Severity
critical
Lowest
Low
Medium
High
Critical

September 11, 2018

Topics%20covered

Topics Covered

security advisory critical code execution Ubuntu arbitrary code script issue Zsh

Package Information

  https://launchpad.net/ubuntu/+source/zsh/5.4.2-3ubuntu3.1   https://launchpad.net/ubuntu/+source/zsh/5.1.1-1ubuntu2.3   https://launchpad.net/ubuntu/+source/zsh/5.0.2-3ubuntu6.3

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here