Debian Security Advisory
DLA-1304-1 zsh -- LTS security update
- Date Reported:
- 09 Mar 2018
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2014-10070, CVE-2014-10071, CVE-2014-10072, CVE-2016-10714, CVE-2017-18206.
- More information:
It was discovered that there were multiple vulnerabilities in the
Fix a privilege-elevation issue if the environment has not been properly sanitized.
Prevent a buffer overflow for very long file descriptors in the
Correct a buffer overflow when scanning very long directory paths for symbolic links.
Fix an off-by-one error that was resulting in undersized buffers that were intended to support PATH_MAX.
Fix a buffer overflow in symlink expansion.
For Debian 7
Wheezy, this issue has been fixed in zsh version 4.3.17-1+deb7u1.
We recommend that you upgrade your zsh packages.