Alerts This Week
Warning Icon 1 537
Alerts This Week
Warning Icon 1 537

Stay Secure with the Latest Linux Advisories

Debianlts Large Esm H800
Debian LTS

Debian Dovecot High Severity Service Disruption Info Leak Flaw DLA-4617-1

Calendar White Jun 05, 2026
Important
Debianlts Large Esm H900
Debian LTS

Debian 11 gsasl Critical DoS Threat Advisory DLA-4618-1 CVE-2026-48829

Calendar White Jun 05, 2026
Critical
Suse Large Esm H900
SuSE

SUSE MozillaThunderbird Important Memory Safety Fix Advisory 2026-2271-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro 6.0 Ignition Key HTTP Transport Loop Patch 2026-21987-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.0 Important Libzypp Libsolv Security Update 2026-21988-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Google-Guest-Agent Important Security Update 2026-21989-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro Important Salt Multi-Linux Manager Vuln 2026-21990-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro Critical Ignition Patch CVE-2026-33814

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.1 Security Update for libzypp libsolv Key 2026-21992-1

Calendar White Jun 05, 2026
Important
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":548,"type":"x","order":1,"pct":78.51,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.3,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.87,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.32,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found -3 articles for you...
98
Ls Advisories Redhat Esm H240
Price Tag 1security advisorysecurity updateRed Hat

Red Hat Enterprise Linux: RHSA-2020-0978 Critical: zsh Privilege Escalation

An update for zsh is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: zsh security update Advisory ID: RHSA-2020:0978-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:0978 Issue date: 2020-03-26 CVE Names: CVE-2019-20044 ==================================================================== 1. Summary: An update for zsh is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream E4S (v. 8.0) - noarch Red Hat Enterprise Linux BaseOS E4S (v. 8.0) - aarch64, ppc64le, s390x, x86_64 3. Description: The zsh shell is a command interpreter usable as an interactive login shell and as a shell script command processor. Zsh resembles the ksh shell (the Korn shell), but includes many enhancements. Zsh supports command-line editing, built-in spelling correction, programmable command completion, shell functions (with autoloading), a history mechanism, and more. Security Fix(es): * zsh: insecure dropping of privileges when unsetting PRIVILEGED option (CVE-2019-20044) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, whichincludes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1804859 - CVE-2019-20044 zsh: insecure dropping of privileges when unsetting PRIVILEGED option 6. Package List: Red Hat Enterprise Linux AppStream E4S (v. 8.0): noarch: zsh-html-5.5.1-6.el8_0.2.noarch.rpm Red Hat Enterprise Linux BaseOS E4S (v. 8.0): Source: zsh-5.5.1-6.el8_0.2.src.rpm aarch64: zsh-5.5.1-6.el8_0.2.aarch64.rpm zsh-debuginfo-5.5.1-6.el8_0.2.aarch64.rpm zsh-debugsource-5.5.1-6.el8_0.2.aarch64.rpm ppc64le: zsh-5.5.1-6.el8_0.2.ppc64le.rpm zsh-debuginfo-5.5.1-6.el8_0.2.ppc64le.rpm zsh-debugsource-5.5.1-6.el8_0.2.ppc64le.rpm s390x: zsh-5.5.1-6.el8_0.2.s390x.rpm zsh-debuginfo-5.5.1-6.el8_0.2.s390x.rpm zsh-debugsource-5.5.1-6.el8_0.2.s390x.rpm x86_64: zsh-5.5.1-6.el8_0.2.x86_64.rpm zsh-debuginfo-5.5.1-6.el8_0.2.x86_64.rpm zsh-debugsource-5.5.1-6.el8_0.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2019-20044 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBXnxi59zjgjWX9erEAQhO6g/+OHlShHGtKTuYm4KoGcv02raB7tVmrW7t FtiP2VbilHIGQueWSs/OIrbW/kGhQ37nxGRV3sXX24v9meBVUoujfmxmDjjW9kJ8 NdwFOLvCbRIbH2W+6nI7Gw8ZmGJI6umwuSAIWg1vcbB+oDVBbQAIrUf+c2ZVbF/l ozJ92SyqsvvjhE1E8hNpXutaslNH8E9jahsDUNCxMEn3ilivc/FTBRllty4Uw8n0 5q0Jup5+6pOvKBoX1HW802EkilrnO5v27ux0SkP/CqAGPU7dLzkTpk8WS4Fhp+6H ZdHgsTzkFbM0ExJn3WRWW2D8wi2lNyqt1L/cVtl9LN7c+15BBalyPAOL6NLBvH2D aL/9F/QEnbVTS6a8QCifqjx3esmxdAZCHMLeGZOFwJ3yYBuNGdmms5zP+n8XIFpy gYf1jTiapQIVmCS8E+6HGQd28AVzzl9NWoMNxTqshxJgmAewD5M8zvfpSZOLYMhZ TRg8ZKJvD+eyjeBWaZO5eNc0C5WDtE6V931bjpODyJa0jCI2yYjhqqg/sHHVqEnr oLpHkOGFyBHEbVF7tnRHaQ4oYwxwtSC1bixKqxZSsrQ7Y/Hlq010bDbKOslRfMvt 3/HcwSRyDPbL6vZAKPlReG0qBrqDIoJCmmapeSMxWkJ7Pj4d9no2eBRrbxpzELCd HRqLnDDlp64=rr6U -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . A crucial zsh vulnerability patch for Red Hat Enterprise Linux addresses potential privilege escalation risks. Discover further details about it today.. Red Hat Security, zsh Update, Linux Security Fix, Privilege Escalation, Command Interpreter. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Mar 26, 2020 Important Red Hat
98
Ls Advisories Redhat Esm H240
Price Tag 1security advisorysecurity updatered hat

Red Hat Enterprise Linux 8: RHSA-2020-0903-01 Critical Zsh Privilege Flaw

An update for zsh is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: zsh security update Advisory ID: RHSA-2020:0903-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:0903 Issue date: 2020-03-19 CVE Names: CVE-2019-20044 ==================================================================== 1. Summary: An update for zsh is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 8) - noarch Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64 3. Description: The zsh shell is a command interpreter usable as an interactive login shell and as a shell script command processor. Zsh resembles the ksh shell (the Korn shell), but includes many enhancements. Zsh supports command-line editing, built-in spelling correction, programmable command completion, shell functions (with autoloading), a history mechanism, and more. Security Fix(es): * zsh: insecure dropping of privileges when unsetting PRIVILEGED option (CVE-2019-20044) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includesthe changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1804859 - CVE-2019-20044 zsh: insecure dropping of privileges when unsetting PRIVILEGED option 6. Package List: Red Hat Enterprise Linux AppStream (v. 8): noarch: zsh-html-5.5.1-6.el8_1.2.noarch.rpm Red Hat Enterprise Linux BaseOS (v. 8): Source: zsh-5.5.1-6.el8_1.2.src.rpm aarch64: zsh-5.5.1-6.el8_1.2.aarch64.rpm zsh-debuginfo-5.5.1-6.el8_1.2.aarch64.rpm zsh-debugsource-5.5.1-6.el8_1.2.aarch64.rpm ppc64le: zsh-5.5.1-6.el8_1.2.ppc64le.rpm zsh-debuginfo-5.5.1-6.el8_1.2.ppc64le.rpm zsh-debugsource-5.5.1-6.el8_1.2.ppc64le.rpm s390x: zsh-5.5.1-6.el8_1.2.s390x.rpm zsh-debuginfo-5.5.1-6.el8_1.2.s390x.rpm zsh-debugsource-5.5.1-6.el8_1.2.s390x.rpm x86_64: zsh-5.5.1-6.el8_1.2.x86_64.rpm zsh-debuginfo-5.5.1-6.el8_1.2.x86_64.rpm zsh-debugsource-5.5.1-6.el8_1.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2019-20044 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBXnNXRtzjgjWX9erEAQhpFw/8DpTkNen+6G9706kw0XvfJZGlChbAvZ8D SogdtGRb9QBBCAmF/gkucSy6j8J6prx8So39w2iKLV5WKL/1RK0mXpNmFRfJxYuI rLMk04eccVJiXeFHYPxnh/OOhmGN3WxiUmnop5lkazjYE2CXJ7LXVj5JFibT5oDK hVzgPbEkxhorlzLmwQPDLnFEanw+9N/R5owxgfjksWyjlFSv/xGQM27MOLWyIonk U5IiFO1b+ah++SRT6QgAGjpx1QEebDFwyZs9+E/YBMZrhiiwvaQ9ykZI+MfAAXhT fz85/CNvHFJz9kI7hT1EBGmCBsJ/ZiRdyPmlzY284PsDfwe3i4p3YilFp+gQ0s19 CnET/k7W2HGnBRsxxgDjQyLFzaOYU4/9moQQ0rdDxiVrqgKIf+ATmq/00hu1pddw CqH/+ZD81SvhdGrjxigLhDUbgW0tYirDPOnlKWEn6pJQOqVQGlA6SL7IVc3nuLhE h4P1Nrph+h0PBi3U3QAQ35Tgbqf8oB77gmTuRL5Wiey9yx5QsXdrQ61OeOKXD15/ sIMYYf5V+wSWu0vYCEUqMfHoL562xkfr6PNm1QOIkbMghXeJfNUNP+fiF0PLKIAT ZZW//T9wbOwekhiiLKr26WiRjyy6ZWcGwLCx94DsgUOwrh3YII6YHoB0YZrzKsB5 emNTsUY5VPM=pPnF -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . Critical zsh vulnerability patch released for Red Hat Enterprise Linux 8 fixes escalation problem. Find additional information here.. Red Hat, zsh, security update, command shell, system security. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Mar 19, 2020 Important Red Hat
Banner 3 1028x280 1708121785 1771599793
98
Ls Advisories Redhat Esm H240
Price Tag 1security advisoryRed Hat Enterprise Linuximportant

RedHat: RHSA-2020-0853-01 Important: Zsh Security Risk and Update

An update for zsh is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: zsh security update Advisory ID: RHSA-2020:0853-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:0853 Issue date: 2020-03-17 CVE Names: CVE-2019-20044 ==================================================================== 1. Summary: An update for zsh is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The zsh shell is a command interpreter usable as an interactive login shell and as a shell script command processor. Zsh resembles the ksh shell (the Korn shell), but includes many enhancements. Zsh supports command-line editing, built-in spelling correction, programmable command completion, shell functions (with autoloading), a history mechanism, andmore. Security Fix(es): * zsh: insecure dropping of privileges when unsetting PRIVILEGED option (CVE-2019-20044) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1804859 - CVE-2019-20044 zsh: insecure dropping of privileges when unsetting PRIVILEGED option 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: zsh-5.0.2-34.el7_7.2.src.rpm x86_64: zsh-5.0.2-34.el7_7.2.x86_64.rpm zsh-debuginfo-5.0.2-34.el7_7.2.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: zsh-debuginfo-5.0.2-34.el7_7.2.x86_64.rpm zsh-html-5.0.2-34.el7_7.2.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: zsh-5.0.2-34.el7_7.2.src.rpm x86_64: zsh-5.0.2-34.el7_7.2.x86_64.rpm zsh-debuginfo-5.0.2-34.el7_7.2.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: zsh-debuginfo-5.0.2-34.el7_7.2.x86_64.rpm zsh-html-5.0.2-34.el7_7.2.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: zsh-5.0.2-34.el7_7.2.src.rpm ppc64: zsh-5.0.2-34.el7_7.2.ppc64.rpm zsh-debuginfo-5.0.2-34.el7_7.2.ppc64.rpm ppc64le: zsh-5.0.2-34.el7_7.2.ppc64le.rpm zsh-debuginfo-5.0.2-34.el7_7.2.ppc64le.rpm s390x: zsh-5.0.2-34.el7_7.2.s390x.rpm zsh-debuginfo-5.0.2-34.el7_7.2.s390x.rpm x86_64: zsh-5.0.2-34.el7_7.2.x86_64.rpm zsh-debuginfo-5.0.2-34.el7_7.2.x86_64.rpm Red Hat Enterprise Linux Server Optional (v.7): ppc64: zsh-debuginfo-5.0.2-34.el7_7.2.ppc64.rpm zsh-html-5.0.2-34.el7_7.2.ppc64.rpm ppc64le: zsh-debuginfo-5.0.2-34.el7_7.2.ppc64le.rpm zsh-html-5.0.2-34.el7_7.2.ppc64le.rpm s390x: zsh-debuginfo-5.0.2-34.el7_7.2.s390x.rpm zsh-html-5.0.2-34.el7_7.2.s390x.rpm x86_64: zsh-debuginfo-5.0.2-34.el7_7.2.x86_64.rpm zsh-html-5.0.2-34.el7_7.2.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: zsh-5.0.2-34.el7_7.2.src.rpm x86_64: zsh-5.0.2-34.el7_7.2.x86_64.rpm zsh-debuginfo-5.0.2-34.el7_7.2.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: zsh-debuginfo-5.0.2-34.el7_7.2.x86_64.rpm zsh-html-5.0.2-34.el7_7.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2019-20044 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXnD41tzjgjWX9erEAQhgPA/+PgIItb/HJ9YXJomAsdq3APiP7T2hMXTH foaSOYTp5MLH70q43DhF8kFifBn1p3iUNl5M6IHqGHCnRyf+xGKpoMIwQduvMc4c wI+FEwpDU9uPPyOAxtmoc1MnBh0r970b1OOCcCqmehpwP792Q827i54k3fueF0tH mRXcho8mX2TKPY1kTmfkYkj56Tj7OTj7b7A5WR/bmOr/mRCQLHe6QrwQnYx60iJX ocX/vBgsgZKQbdf+vbB3LadkjVwhGByxdQHNifMhA1ce6TtVH3sg8N9Kb6VlOp1n xGB+J/hApDa7DQ7/C6LVfZSB1FIL8URwzFfNDgcScKfAtLNkJ5gd3ujohgyPtO58 f99lLWI9Wo0zz0ZG+rOO2eAwTMpbMj4TLt7vym44BjoZCQ1MTpZ4MiwV6nUSQEtm 3ScJ6d0Ds6MUWWj9gBmtkqSIgVpJzCLrhhOSyiVsf0ZVnX2kTW2qu4+MQQaoHXfr nvtPUOxM4ANjlY4qsujwKGclJdK35H/pQGGVoU34F70iVhoN2QuRg+DsIvZUWRlC OV4GDt3qJFID05jdjZ5Csl2KCPlmh3eR4eXv26JnH5dSiHdTFCRkz0pkf+0W8PS4 gHuLgBkqTQwehzJHpjoZLDGkGGY4BF49TfDCJyfByQb0WR0Rr56+cr2H/haZHu79 49FwaT0V+1Q=3RgJ -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . Crucial zsh security patch for CentOS 7 resolves avulnerability related to improper permissions in the zsh environment.. Red Hat Security, Zsh Update, Shell Security, Linux Advisory, Important Security Update. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Mar 17, 2020 Important Red Hat
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisorysecurity issuecritical

Fedora 31: FEDORA-2021-1234567g8h Critical: Bash Security Leak

- drop privileges securely when unsetting PRIVILEGED option (CVE-2019-20044). --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2020-9009363f0f 2020-03-13 02:29:45.056500 --------------------------------------------------------------------------------Name : zsh Product : Fedora 30 Version : 5.7.1 Release : 6.fc30 URL : https://zsh.sourceforge.io/ Summary : Powerful interactive shell Description : The zsh shell is a command interpreter usable as an interactive login shell and as a shell script command processor. Zsh resembles the ksh shell (the Korn shell), but includes many enhancements. Zsh supports command line editing, built-in spelling correction, programmable command completion, shell functions (with autoloading), a history mechanism, and more. --------------------------------------------------------------------------------Update Information: - drop privileges securely when unsetting PRIVILEGED option (CVE-2019-20044) --------------------------------------------------------------------------------ChangeLog: * Tue Mar 3 2020 Kamil Dudka - 5.7.1-6 - improve printing of error messages introduced by the fix of CVE-2019-20044 * Mon Feb 24 2020 Kamil Dudka - 5.7.1-5 - drop privileges securely when unsetting PRIVILEGED option (CVE-2019-20044) * Fri Jul 26 2019 Kamil Dudka - 5.7.1-4 - make failed searches of history in Zle robust (#1722703) * Tue Mar 12 2019 Kamil Dudka - 5.7.1-3 - avoid build failure in case we have working ypcat (#1687574) * Fri Mar 8 2019 Tim Landscheidt - 5.7.1-2 - Remove obsolete requirements for %post/%preun scriptlets --------------------------------------------------------------------------------References: [ 1 ] Bug #1804860 - CVE-2019-20044 zsh: insecure dropping of privileges when unsetting PRIVILEGED option [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1804860 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-9009363f0f' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ . Fedora 30 notification regarding zsh to safely relinquish privileges upon clearing the PRIVILEGED option, tackling potential security vulnerabilities.. Fedora Update,shell security,zsh privileges,threat mitigation,Linux updates. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Mar 12, 2020 Critical Fedora
Banner 3 1028x280 1708121785 1771599793
98
Ls Advisories Redhat Esm H240
Price Tag 1security advisorybuffer overrunsecurity fix

Red Hat 7: RHSA-2018-3073 Moderate zsh Buffer Overflow Threat

An update for zsh is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: zsh security and bug fix update Advisory ID: RHSA-2018:3073-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:3073 Issue date: 2018-10-30 CVE Names: CVE-2014-10071 CVE-2014-10072 CVE-2017-18205 CVE-2017-18206 CVE-2018-1071 CVE-2018-1083 CVE-2018-1100 CVE-2018-7549 ==================================================================== 1. Summary: An update for zsh is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, ppc64le, s390x Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, ppc64le, s390x 3. Description: Thezsh shell is a command interpreter usable as an interactive login shell and as a shell script command processor. Zsh resembles the ksh shell (the Korn shell), but includes many enhancements. Zsh supports command-line editing, built-in spelling correction, programmable command completion, shell functions (with autoloading), a history mechanism, and more. Security Fix(es): * zsh: Stack-based buffer overflow in gen_matches_files() at compctl.c (CVE-2018-1083) * zsh: buffer overflow for very long fds in > & fd syntax (CVE-2014-10071) * zsh: buffer overflow when scanning very long directory paths for symbolic links (CVE-2014-10072) * zsh: NULL dereference in cd in sh compatibility mode under given circumstances (CVE-2017-18205) * zsh: buffer overrun in symlinks (CVE-2017-18206) * zsh: Stack-based buffer overflow in exec.c:hashcmd() (CVE-2018-1071) * zsh: buffer overflow in utils.c:checkmailpath() can lead to local arbitrary code execution (CVE-2018-1100) * zsh: crash on copying empty hash table (CVE-2018-7549) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. The CVE-2018-1083, CVE-2018-1071, and CVE-2018-1100 issues were discovered by Richard Maciel Costa (Red Hat). Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1549836 - CVE-2014-10072 zsh: buffer overflow when scanning very long directory paths for symbolic links 1549855 - CVE-2014-10071 zsh: buffer overflow for very long fds in > & fd syntax 1549858 - CVE-2018-7549 zsh: crash on copying empty hash table 1549861 - CVE-2017-18206 zsh: buffer overrun in symlinks 1549862 - CVE-2017-18205 zsh: NULL dereference in cdin sh compatibility mode under given circumstances 1553531 - CVE-2018-1071 zsh: Stack-based buffer overflow in exec.c:hashcmd() 1557382 - CVE-2018-1083 zsh: Stack-based buffer overflow in gen_matches_files() at compctl.c 1563395 - CVE-2018-1100 zsh: buffer overflow in utils.c:checkmailpath() can lead to local arbitrary code execution 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: zsh-5.0.2-31.el7.src.rpm x86_64: zsh-5.0.2-31.el7.x86_64.rpm zsh-debuginfo-5.0.2-31.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: zsh-debuginfo-5.0.2-31.el7.x86_64.rpm zsh-html-5.0.2-31.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: zsh-5.0.2-31.el7.src.rpm x86_64: zsh-5.0.2-31.el7.x86_64.rpm zsh-debuginfo-5.0.2-31.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: zsh-debuginfo-5.0.2-31.el7.x86_64.rpm zsh-html-5.0.2-31.el7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: zsh-5.0.2-31.el7.src.rpm ppc64: zsh-5.0.2-31.el7.ppc64.rpm zsh-debuginfo-5.0.2-31.el7.ppc64.rpm ppc64le: zsh-5.0.2-31.el7.ppc64le.rpm zsh-debuginfo-5.0.2-31.el7.ppc64le.rpm s390x: zsh-5.0.2-31.el7.s390x.rpm zsh-debuginfo-5.0.2-31.el7.s390x.rpm x86_64: zsh-5.0.2-31.el7.x86_64.rpm zsh-debuginfo-5.0.2-31.el7.x86_64.rpm Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7): Source: zsh-5.0.2-31.el7.src.rpm aarch64: zsh-5.0.2-31.el7.aarch64.rpm zsh-debuginfo-5.0.2-31.el7.aarch64.rpm ppc64le: zsh-5.0.2-31.el7.ppc64le.rpm zsh-debuginfo-5.0.2-31.el7.ppc64le.rpm s390x: zsh-5.0.2-31.el7.s390x.rpm zsh-debuginfo-5.0.2-31.el7.s390x.rpm Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7): aarch64: zsh-debuginfo-5.0.2-31.el7.aarch64.rpm zsh-html-5.0.2-31.el7.aarch64.rpm ppc64le: zsh-debuginfo-5.0.2-31.el7.ppc64le.rpm zsh-html-5.0.2-31.el7.ppc64le.rpm s390x: zsh-debuginfo-5.0.2-31.el7.s390x.rpm zsh-html-5.0.2-31.el7.s390x.rpm Red Hat Enterprise Linux Server Optional (v.7): ppc64: zsh-debuginfo-5.0.2-31.el7.ppc64.rpm zsh-html-5.0.2-31.el7.ppc64.rpm ppc64le: zsh-debuginfo-5.0.2-31.el7.ppc64le.rpm zsh-html-5.0.2-31.el7.ppc64le.rpm s390x: zsh-debuginfo-5.0.2-31.el7.s390x.rpm zsh-html-5.0.2-31.el7.s390x.rpm x86_64: zsh-debuginfo-5.0.2-31.el7.x86_64.rpm zsh-html-5.0.2-31.el7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: zsh-5.0.2-31.el7.src.rpm x86_64: zsh-5.0.2-31.el7.x86_64.rpm zsh-debuginfo-5.0.2-31.el7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: zsh-debuginfo-5.0.2-31.el7.x86_64.rpm zsh-html-5.0.2-31.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-10071 https://access.redhat.com/security/cve/CVE-2014-10072 https://access.redhat.com/security/cve/CVE-2017-18205 https://access.redhat.com/security/cve/CVE-2017-18206 https://access.redhat.com/security/cve/CVE-2018-1071 https://access.redhat.com/security/cve/CVE-2018-1083 https://access.redhat.com/security/cve/CVE-2018-1100 https://access.redhat.com/security/cve/CVE-2018-7549 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.6_release_notes/index 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBW9gQX9zjgjWX9erEAQh1qA/8CMRBCVsTdrIazIusStWGh4y0f/MvKgXt N482h1RZXn6wuYuWhmDp74nCloTuxyhwoztV7kuchtrouGJK8dmnM/xlQQflSmG5 5dsIIZdGhs0BfIUHRTeUYGrNlPxe12eOHW3n9vjLjMUIscaAa9EnFVowISKTJnK0 MtK3h9pZRGDIvFuxtMBhPD67UPuv99b/fNXhbTFu4eXYuH2YOsiG9/Dj8OvA1GLe FGRE+8HI5o9zxPVt7MV69kpyd8NeiHLxybt2ERTz7eDtXXdbu8+o2o2ZuKqN4H6N /WMG1L3aPPqQ8wVex6lbYZUknPL3LOFYIWMvmkFD3vLGcG2W4ZlaU4j9B7WlgfXd 7GLfrTWfxS3/rz65w5xNOVfAKaXZ12K3Yy0U/ugnyNxqx/mDzcs6HfBiC8ztdwEB XDvhgtTFoyAoLEVkJSM5JczT+gxgnKv/NhQbL5VP7j+dXa5DI7teHhIsAr8WneXu 6P5fMuuFuWSgxoQiJQ/LeP1T+yl6JcQqU0gweCWpWM/9GqftQtNuTYGAkF5QOvqJ pFBeLujL55DD029NYgAlFEbrx4pthbnqHuWjAldPt90ObWVJ3VbTZ7ljoxfa6gGk uAL/Ox+JsXbYCNNRvrS/UDVctE3099lLvJTbgOLKiv39MxVTLdrsgeBKQoLNBqzH yhXa6A/3UUU=dOMJ -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . A noteworthy zsh patch for Red Hat Enterprise Linux 7 brings essential enhancements and protective actions.. zsh Security Update, Red Hat Linux, Buffer Overflow Fix. . LinuxSecurity.com Team

Calendar 2 Oct 30, 2018 Red Hat
98
Ls Advisories Redhat Esm H240
Price Tag 1security advisorysecurity updateRed Hat

Red Hat 6 RHSA-2018:1932-01 Moderate: Zsh Buffer Overflow Risks

An update for zsh is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: zsh security update Advisory ID: RHSA-2018:1932-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:1932 Issue date: 2018-06-19 CVE Names: CVE-2014-10072 CVE-2017-18206 CVE-2018-1083 CVE-2018-1100 ==================================================================== 1. Summary: An update for zsh is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The zsh shell is a command interpreter usable as an interactive login shell and as a shell script command processor. Zsh resembles the ksh shell (the Korn shell), but includes many enhancements. Zsh supports command-line editing, built-in spelling correction, programmable commandcompletion, shell functions (with autoloading), a history mechanism, and more. Security Fix(es): * zsh: Stack-based buffer overflow in gen_matches_files() at compctl.c (CVE-2018-1083) * zsh: buffer overflow when scanning very long directory paths for symbolic links (CVE-2014-10072) * zsh: buffer overrun in symlinks (CVE-2017-18206) * zsh: buffer overflow in utils.c:checkmailpath() can lead to local arbitrary code execution (CVE-2018-1100) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. The CVE-2018-1083 and CVE-2018-1100 issues were discovered by Richard Maciel Costa (Red Hat). Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 6.10 Release Notes and Red Hat Enterprise Linux 6.10 Technical Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1549836 - CVE-2014-10072 zsh: buffer overflow when scanning very long directory paths for symbolic links 1549861 - CVE-2017-18206 zsh: buffer overrun in symlinks 1557382 - CVE-2018-1083 zsh: Stack-based buffer overflow in gen_matches_files() at compctl.c 1563395 - CVE-2018-1100 zsh: buffer overflow in utils.c:checkmailpath() can lead to local arbitrary code execution 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: zsh-4.3.11-8.el6.src.rpm i386: zsh-4.3.11-8.el6.i686.rpm zsh-debuginfo-4.3.11-8.el6.i686.rpm x86_64: zsh-4.3.11-8.el6.x86_64.rpm zsh-debuginfo-4.3.11-8.el6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: zsh-debuginfo-4.3.11-8.el6.i686.rpm zsh-html-4.3.11-8.el6.i686.rpm x86_64: zsh-debuginfo-4.3.11-8.el6.x86_64.rpm zsh-html-4.3.11-8.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v.6): Source: zsh-4.3.11-8.el6.src.rpm x86_64: zsh-4.3.11-8.el6.x86_64.rpm zsh-debuginfo-4.3.11-8.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: zsh-debuginfo-4.3.11-8.el6.x86_64.rpm zsh-html-4.3.11-8.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: zsh-4.3.11-8.el6.src.rpm i386: zsh-4.3.11-8.el6.i686.rpm zsh-debuginfo-4.3.11-8.el6.i686.rpm ppc64: zsh-4.3.11-8.el6.ppc64.rpm zsh-debuginfo-4.3.11-8.el6.ppc64.rpm s390x: zsh-4.3.11-8.el6.s390x.rpm zsh-debuginfo-4.3.11-8.el6.s390x.rpm x86_64: zsh-4.3.11-8.el6.x86_64.rpm zsh-debuginfo-4.3.11-8.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: zsh-debuginfo-4.3.11-8.el6.i686.rpm zsh-html-4.3.11-8.el6.i686.rpm ppc64: zsh-debuginfo-4.3.11-8.el6.ppc64.rpm zsh-html-4.3.11-8.el6.ppc64.rpm s390x: zsh-debuginfo-4.3.11-8.el6.s390x.rpm zsh-html-4.3.11-8.el6.s390x.rpm x86_64: zsh-debuginfo-4.3.11-8.el6.x86_64.rpm zsh-html-4.3.11-8.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: zsh-4.3.11-8.el6.src.rpm i386: zsh-4.3.11-8.el6.i686.rpm zsh-debuginfo-4.3.11-8.el6.i686.rpm x86_64: zsh-4.3.11-8.el6.x86_64.rpm zsh-debuginfo-4.3.11-8.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: zsh-debuginfo-4.3.11-8.el6.i686.rpm zsh-html-4.3.11-8.el6.i686.rpm x86_64: zsh-debuginfo-4.3.11-8.el6.x86_64.rpm zsh-html-4.3.11-8.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7.References: https://access.redhat.com/security/cve/CVE-2014-10072 https://access.redhat.com/security/cve/CVE-2017-18206 https://access.redhat.com/security/cve/CVE-2018-1083 https://access.redhat.com/security/cve/CVE-2018-1100 https://access.redhat.com/security/updates/classification#moderate https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/6/html/6.10_release_notes/index.html https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/6/html/6.10_technical_notes/index.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBWyiNJtzjgjWX9erEAQgjEA/+NcGyPUo1AjP74CjZZh1jK/ykYAD8Vshj psC01Fuh3EXoOsKANqJl7/h/VzWDIMwdS9RzdPWAzxRSYkyOya+qiZnhUp31fu19 TnNDN/z9sffe7w0I0YNVbcAFlhZ7Rd483Sa5sfm+vJTWuS0qcJMYLuLlNd7sJ1lG Ax46/cEGPc5VX1Li0pSg+ApjRYaq3NjXwR9Krha+TLnOn/wu2bb6HE3YNpGGj1sP pbGSyqfZwbQEtq6qbRZG4bm7pTUPSlxtN7R9a2plouh1ZDyfvnoK8pGTxPT6P11I KxAYZOV0DzfBkpjcEWpgcBIFyJmbgy/QIYtkGugsOoubDRCQp5o1DARla+vq/nAP 5LYuxALeThL0bz4hk6nvBtYuR+YH1DMhnUAlExDPfAZO5DNB4SBHZLSyqiSLsHge qCTYn6D8ZDLOHdMyCtTaP42bwLKUvWvu6bBP0Ld5le79wYJ/E8l2jJ52qg/oYeR1 iOl/Qq7g+DQ4d2gRRVWB2xA0di7vFMd6EG5+56PKqunsBF+QHHkAa4lojifiPV8b vNRqo0FxdhINFHZ3SpT5SuJtA+8HTta0Ndtqkm5EHmjFsSijF+/kHCiBKDJFiCo1 kpvSIJMoLWHqOveP3I8hZjKDw0u7Vv9GyknNWXsdZbIO+xAViVL1oq52ozD4eWyi 0cCdzZ4mRHk=V3D4 -----END PGP SIGNATURE----- -- RHSA-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . Explore the recent zsh security patch for Red Hat that includes essential remedies for several critical buffer overflow vulnerabilities.. zsh security patch, Red Hat update, command-line shell security, buffer overflow risk. . LinuxSecurity.com Team

Calendar 2 Jun 19, 2018 Red Hat
Banner 3 1028x280 1708121785 1771599793
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":548,"type":"x","order":1,"pct":78.51,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.3,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.87,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.32,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here