Multiple vulnerabilities have been found in fish, the worst of which could result in local privilege escalation or remote arbitrary code execution.
|Package||app-shells/fish on all architectures|
|Affected versions||< 2.1.1|
|Unaffected versions||>= 2.1.1|
fish is the Friendly Interactive SHell.
Multiple vulnerabilities have been discovered in fish. Please review the CVE identifiers referenced below for details.
A local attacker may be able to gain escalated privileges or overwrite arbitrary files. Furthermore, a remote attacker may be able to execute arbitrary code.
There is no known workaround at this time.
All fish users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-shells/fish-2.1.1"
December 28, 2014
December 28, 2014: 1