Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 433
Alerts This Week
Warning Icon 1 433

Ubuntu 21.10, 20.04 LTS: USN-5325-1 Critical Zsh Security Flaws

ubuntu
Calendar Grey March 14, 2022
Dist Ubuntu Esm H88
Keep updated with the latest Ubuntu Security Notice USN-5325-2 concerning Zsh flaws that impact multiple versions.
Several security issues were fixed in Zsh.

Summary

Several security issues were fixed in Zsh.

Software Description:

- zsh: shell with lots of features

Details:

Sam Foxman discovered that Zsh incorrectly handled certain inputs.

An attacker could possibly use this issue to regain dropped privileges.

(CVE-2019-20044)

It was discovered that Zsh incorrectly handled certain inputs.

An attacker could possibly use this issue to execute arbitrary code.

(CVE-2021-45444)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 21.10:
   zsh                             5.8-6ubuntu0.1
   zsh-static                      5.8-6ubuntu0.1

Ubuntu 20.04 LTS:
   zsh                             5.8-3ubuntu1.1
   zsh-static                      5.8-3ubuntu1.1

Ubuntu 18.04 LTS:
   zsh                             5.4.2-3ubuntu3.2
   zsh-static                      5.4.2-3ubuntu3.2

Ubuntu 16.04 ESM:
   zsh                             5.1.1-1ubuntu2.3+esm1
   zsh-static                      5.1.1-1ubuntu2.3+esm1

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-5325-1

CVE-2019-20044, CVE-2021-45444

Severity
critical
Lowest
Low
Medium
High
Critical

March 14, 2022

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.