zsh: CVE-2018-0502 CVE-2018-13259 #1377

l2dy · 2018-09-12T09:47:48Z

CVE IDs (if any)

CVE-2018-0502, CVE-2018-13259

Other security advisory IDs (if any)

USN-3764-1

Patches (if any)

From Ubuntu.

PoC(s) (if any)

N/A

Additional descriptions (if applicable)

Both fixed in zsh 5.6. https://www.zsh.org/mla/zsh-announce/136

This is a security release, fixing CVE-2018-0502 and CVE-2018-13259.
All sites are encouraged to upgrade from 5.5.1 as soon as possible.

It was discovered that Zsh incorrectly handled certain scripts.
An attacker could possibly use this issue to execute arbitrary code.
(CVE-2018-0502, CVE-2018-13259)

Architectural progress

Please remove any architecture to which the security vulnerabilities do not apply.

The text was updated successfully, but these errors were encountered:

- Changing source link as 5.5.x are now archived as "old" releases.

MingcongBai · 2018-10-06T05:29:12Z

Fixed with 9023d3b. Closing.

l2dy · 2018-10-06T05:35:46Z

Use AOSA-2018-0413.

l2dy added the security Topic/issue involves a security issue/fixed label Sep 12, 2018

MingcongBai added a commit that referenced this issue Sep 26, 2018

zsh: fix #1377

9023d3b

- Changing source link as 5.5.x are now archived as "old" releases.

MingcongBai added the to-stable label Sep 26, 2018

MingcongBai closed this as completed Oct 6, 2018

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

zsh: CVE-2018-0502 CVE-2018-13259 #1377

zsh: CVE-2018-0502 CVE-2018-13259 #1377

l2dy commented Sep 12, 2018 •

edited

Loading

MingcongBai commented Oct 6, 2018

l2dy commented Oct 6, 2018

zsh: CVE-2018-0502 CVE-2018-13259 #1377

zsh: CVE-2018-0502 CVE-2018-13259 #1377

Comments

l2dy commented Sep 12, 2018 • edited Loading

CVE IDs (if any)

Other security advisory IDs (if any)

Patches (if any)

PoC(s) (if any)

Additional descriptions (if applicable)

Architectural progress

MingcongBai commented Oct 6, 2018

l2dy commented Oct 6, 2018

l2dy commented Sep 12, 2018 •

edited

Loading