Fedora Update Notification
2018-04-17 00:11:16.751389

Name        : zsh
Product     : Fedora 28
Version     : 5.5
Release     : 1.fc28
URL         : http://zsh.sourceforge.net/
Summary     : Powerful interactive shell
Description :
The zsh shell is a command interpreter usable as an interactive login
shell and as a shell script command processor.  Zsh resembles the ksh
shell (the Korn shell), but includes many enhancements.  Zsh supports
command line editing, built-in spelling correction, programmable
command completion, shell functions (with autoloading), a history
mechanism, and more.

Update Information:

update to latest upstream release, which fixes the following vulnerabilities:  -
CVE-2018-1100 - stack-based buffer overflow in utils.c:checkmailpath() -
CVE-2018-1083 - stack-based buffer overflow in compctl.c:gen_matches_files()  -
CVE-2018-1071 - stack-based buffer overflow in exec.c:hashcmd()

  [ 1 ] Bug #1564936 - zsh-5.5 is available
  [ 2 ] Bug #1560696 - CVE-2018-1083 zsh: Stack-based buffer overflow in 
gen_matches_files() at compctl.c [fedora-all]
  [ 3 ] Bug #1553533 - CVE-2018-1071 zsh: Stack-based buffer overflow in 
exec.c:hashcmd() [fedora-all]
  [ 4 ] Bug #1563396 - CVE-2018-1100 zsh: buffer overflow in 
utils.c:checkmailpath() can lead to local arbitrary code execution [fedora-all]

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade zsh' at the command line.
For more information, refer to the dnf documentation available at

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-le...@lists.fedoraproject.org

Reply via email to