Joined: 12 May 2004
|Posted: Wed Mar 25, 2020 10:26 pm Post subject: [ GLSA 202003-55 ] Zsh
|Gentoo Linux Security Advisory
Title: Zsh: Privilege escalation (GLSA 202003-55)
Exploitable: local, remote
A vulnerability in Zsh might allow an attacker to escalate
A shell designed for interactive use, although it is also a powerful
Vulnerable: < 5.8
Unaffected: >= 5.8
Architectures: All supported architectures
It was discovered that Zsh was insecure dropping privileges when
unsetting PRIVILEGED option.
An attacker could escalate privileges.
There is no known workaround at this time.
All Zsh users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=app-shells/zsh-5.8"