UbuntuUpdates.org

Package "zsh"

Name: zsh

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • shell with lots of features (static link)

Latest version: 5.8-3ubuntu1.1
Release: focal (20.04)
Level: security
Repository: universe

Links



Other versions of "zsh" in Focal

Repository Area Version
base main 5.8-3ubuntu1
base universe 5.8-3ubuntu1
security main 5.8-3ubuntu1.1
updates main 5.8-3ubuntu1.1
updates universe 5.8-3ubuntu1.1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 5.8-3ubuntu1.1 2022-03-14 17:06:26 UTC

  zsh (5.8-3ubuntu1.1) focal-security; urgency=medium

  * SECURITY UPDATE: Arbitrary code execution
    - debian/patches/CVE-2021-45444.patch: save PROMPTSUBST option before
      the call to promptexpand() in b/Src/prompt.c and restore after it is
      executed.
    - CVE-2021-45444

 -- Rodrigo Figueiredo Zaiden <email address hidden> Fri, 11 Mar 2022 13:38:26 -0300

CVE-2021-45444 In zsh before 5.8.1, an attacker can achieve code execution if they control a command output inside the prompt, as demonstrated by a %F argument. Thi



About   -   Send Feedback to @ubuntu_updates