zsh is vulnerable to stack-based buffer overflow. A local authenticated attacker could exploit this to execute arbitrary code in the context of another user. Affected by this issue is the function checkmailpath
of the file utils.c
.
access.redhat.com/documentation/en-US/red_hat_enterprise_linux/6/html/6.10_release_notes/index.html
access.redhat.com/documentation/en-US/red_hat_enterprise_linux/6/html/6.10_technical_notes/index.html
access.redhat.com/errata/RHSA-2018:1932
access.redhat.com/errata/RHSA-2018:3073
access.redhat.com/security/cve/CVE-2018-1100
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=1563395
lists.debian.org/debian-lts-announce/2020/12/msg00000.html
security.gentoo.org/glsa/201805-10
sourceforge.net/p/zsh/code/ci/31f72205630687c1cef89347863aab355296a27f/
usn.ubuntu.com/3764-1/