ELA-316-1 zsh security update

buffer overflow

2020-11-19
Packagezsh
Version5.0.7-5+deb8u3
Related CVEs CVE-2016-10714 CVE-2017-18206 CVE-2018-0502 CVE-2018-1071 CVE-2018-1083 CVE-2018-1100 CVE-2018-13259

Several security vulnerabilities were found and corrected in zsh, a powerful shell and scripting language. Off-by-one errors, wrong parsing of shebang lines and buffer overflows may lead to unexpected behavior. A local, unprivileged user can create a specially crafted message file or directory path. If the receiving user is privileged or traverses the aforementioned path, this leads to privilege escalation.

For Debian 8 jessie, these problems have been fixed in version 5.0.7-5+deb8u3.

We recommend that you upgrade your zsh packages.

Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/