Ubuntu Security Notice 5325-1 - Sam Foxman discovered that Zsh incorrectly handled certain inputs. An attacker could possibly use this issue to regain dropped privileges. It was discovered that Zsh incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code.
2815342c4cdaeae4ab9c8827097fde4fdda0fb158320b2765458587fe19ecd13
==========================================================================
Ubuntu Security Notice USN-5325-1
March 14, 2022
zsh vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 21.10
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 ESM
Summary:
Several security issues were fixed in Zsh.
Software Description:
- zsh: shell with lots of features
Details:
Sam Foxman discovered that Zsh incorrectly handled certain inputs.
An attacker could possibly use this issue to regain dropped privileges.
(CVE-2019-20044)
It was discovered that Zsh incorrectly handled certain inputs.
An attacker could possibly use this issue to execute arbitrary code.
(CVE-2021-45444)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 21.10:
zsh 5.8-6ubuntu0.1
zsh-static 5.8-6ubuntu0.1
Ubuntu 20.04 LTS:
zsh 5.8-3ubuntu1.1
zsh-static 5.8-3ubuntu1.1
Ubuntu 18.04 LTS:
zsh 5.4.2-3ubuntu3.2
zsh-static 5.4.2-3ubuntu3.2
Ubuntu 16.04 ESM:
zsh 5.1.1-1ubuntu2.3+esm1
zsh-static 5.1.1-1ubuntu2.3+esm1
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-5325-1
CVE-2019-20044, CVE-2021-45444
Package Information:
https://launchpad.net/ubuntu/+source/zsh/5.8-6ubuntu0.1
https://launchpad.net/ubuntu/+source/zsh/5.8-3ubuntu1.1
https://launchpad.net/ubuntu/+source/zsh/5.4.2-3ubuntu3.2