Advisories » MGASA-2018-0206

Updated zsh packages fix security vulnerabilities

Publication date: 20 Apr 2018
Modification date: 20 Apr 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-1071 , CVE-2018-1083

Description

Richard Maciel Costa discovered that Zsh incorrectly handled certain
inputs. An attacker could possibly use this to cause a denial of service
(CVE-2018-1071).

It was discovered that Zsh incorrectly handled certain files. An
attacker could possibly use this to execute arbitrary code
(CVE-2018-1083).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=22846
• https://usn.ubuntu.com/3608-1/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1071
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1083

SRPMS

6/core

• zsh-5.5-1.1.mga6