Security
Security
A vulnerability in Zsh might allow an attacker to escalate privileges.
| Package | app-shells/zsh on all architectures |
|---|---|
| Affected versions | < 5.8 |
| Unaffected versions | >= 5.8 |
A shell designed for interactive use, although it is also a powerful scripting language.
It was discovered that Zsh was insecure dropping privileges when unsetting PRIVILEGED option.
An attacker could escalate privileges.
There is no known workaround at this time.
All Zsh users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-shells/zsh-5.8"
Release date
March 25, 2020
Latest revision
March 25, 2020: 1
Severity
normal
Exploitable
local, remote
Bugzilla entries