fish: Multiple vulnerabilities — GLSA 201412-49

Multiple vulnerabilities have been found in fish, the worst of which could result in local privilege escalation or remote arbitrary code execution.

Affected Packages

app-shells/fish on all architectures
Affected versions < 2.1.1
Unaffected versions >= 2.1.1

Background

fish is the Friendly Interactive SHell.

Description

Multiple vulnerabilities have been discovered in fish. Please review the CVE identifiers referenced below for details.

Impact

A local attacker may be able to gain escalated privileges or overwrite arbitrary files. Furthermore, a remote attacker may be able to execute arbitrary code.

Workaround

There is no known workaround at this time.

Resolution

All fish users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=app-shells/fish-2.1.1"
 

References

Release Date
December 28, 2014

Latest Revision
December 28, 2014: 1

Severity
high

Exploitable
local, remote

Bugzilla entries