Stay Secure with the Latest Linux Advisories

security advisoryGentoocode execution

Gentoo: GLSA-202407-01 Normal Severity: Zsh Prompt Expansion Risk

A vulnerability has been discovered in Zsh, which can lead to execution of arbitrary code.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202407-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Zsh: Prompt Expansion Vulnerability Date: July 01, 2024 Bugs: #833252 ID: 202407-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A vulnerability has been discovered in Zsh, which can lead to execution of arbitrary code. Background ========== A shell designed for interactive use, although it is also a powerful scripting language. Affected packages ================= Package Vulnerable Unaffected -------------- ------------ ------------ app-shells/zsh < 5.8.1 > = 5.8.1 Description =========== Multiple vulnerabilities have been discovered in Zsh. Please review the CVE identifiers referenced below for details. Impact ====== A vulnerability in prompt expansion could be exploited through e.g. VCS_Info to execute arbitrary shell commands without a user's knowledge. Workaround ========== There is no known workaround at this time. Resolution ========== All Zsh users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =app-shells/zsh-5.8.1" References ========== [ 1 ] CVE-2021-45444 https://nvd.nist.gov/vuln/detail/CVE-2021-45444 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202407-01 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressedto This email address is being protected from spambots. You need JavaScript enabled to view it. or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2024 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . Gentoo Linux Security Advisory GLSA 202407-02 highlights a vulnerability in OpenSSH that could allow an unauthorized access breach.. Gentoo, Zsh, Prompt Expansion, Security Advisory, Code Execution. . LinuxSecurity.com Team

Jul 01, 2024 Gentoo