You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa zsh

Sigurnosni nedostaci programskog paketa zsh

  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LFE

Fedora Update Notification
2018-04-17 00:11:16.751389

Name : zsh
Product : Fedora 28
Version : 5.5
Release : 1.fc28
Summary : Powerful interactive shell
Description :
The zsh shell is a command interpreter usable as an interactive login
shell and as a shell script command processor. Zsh resembles the ksh
shell (the Korn shell), but includes many enhancements. Zsh supports
command line editing, built-in spelling correction, programmable
command completion, shell functions (with autoloading), a history
mechanism, and more.

Update Information:

update to latest upstream release, which fixes the following vulnerabilities: –
CVE-2018-1100 – stack-based buffer overflow in utils.c:checkmailpath() –
CVE-2018-1083 – stack-based buffer overflow in compctl.c:gen_matches_files() –
CVE-2018-1071 – stack-based buffer overflow in exec.c:hashcmd()

[ 1 ] Bug #1564936 – zsh-5.5 is available
[ 2 ] Bug #1560696 – CVE-2018-1083 zsh: Stack-based buffer overflow in gen_matches_files() at compctl.c [fedora-all]
[ 3 ] Bug #1553533 – CVE-2018-1071 zsh: Stack-based buffer overflow in exec.c:hashcmd() [fedora-all]
[ 4 ] Bug #1563396 – CVE-2018-1100 zsh: buffer overflow in utils.c:checkmailpath() can lead to local arbitrary code execution [fedora-all]

This update can be installed with the “dnf” update program. Use
su -c ‘dnf upgrade zsh’ at the command line.
For more information, refer to the dnf documentation available at

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list —
To unsubscribe send an email to

AutorPetar Bertok
Cert idNCERT-REF-2018-04-0001-ADV
More in Preporuke
Sigurnosni nedostaci programskog paketa ruby

Otkriveni su sigurnosni nedostaci u programskom paketu ruby za operacijski sustav Ubuntu. Otkriveni nedostaci potencijalnim napadačima omogućuju pristup osjetljivih informacijama,...