Advisories » MGASA-2023-0344

Updated fish packages fix a security vulnerability

Publication date: 12 Dec 2023
Modification date: 12 Dec 2023
Type: security
Affected Mageia releases : 8 , 9
CVE: CVE-2023-49284

Description

Mageia 9 is updated to version 3.6.4 to fix CVE-2023-49284.
Mageia 8 receives an upstream patch to fix CVE-2023-49284.
CVE-2023-49284: fish shell uses certain Unicode non-characters
internally for marking wildcards and expansions. It will incorrectly
allow these markers to be read on command substitution output, rather
than transforming them into a safe internal representation.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=32614
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49284

SRPMS

9/core

• fish-3.6.4-1.mga9

8/core

• fish-3.4.1-1.1.mga8