"In Zsh before 5.8, attackers able to execute commands can regain privileges dropped by the --no-PRIVILEGED option. Zsh fails to overwrite the saved uid, so the original privileges can be restored by executing MODULE_PATH=/dir/with/module zmodload with a module that calls setuid()." MITRE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20044 Affects: <5.8
amd64 stable
sparc stable
x86 stable
ia64/ppc/ppc64 stable
arm stable
arm64 stable
hppa stable
Thanks arches. Maintainer(s), please drop the vulnerable version(s).
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8a12520a673e400902c64889848cc413746fc87c commit 8a12520a673e400902c64889848cc413746fc87c Author: Lars Wendler <polynomial-c@gentoo.org> AuthorDate: 2020-03-18 20:55:09 +0000 Commit: Lars Wendler <polynomial-c@gentoo.org> CommitDate: 2020-03-18 20:55:09 +0000 app-shells/zsh: Security cleanup Bug: https://bugs.gentoo.org/711136 Package-Manager: Portage-2.3.94, Repoman-2.3.21 Signed-off-by: Lars Wendler <polynomial-c@gentoo.org> app-shells/zsh/Manifest | 2 - app-shells/zsh/zsh-5.7.1-r1.ebuild | 221 ------------------------------------- 2 files changed, 223 deletions(-)
Thanks all.
GLSA Vote: Yes New GLSA request filed.
This issue was resolved and addressed in GLSA 202003-55 at https://security.gentoo.org/glsa/202003-55 by GLSA coordinator Thomas Deutschmann (whissi).