Debian-LTS has issued an advisory today (February 24): https://www.debian.org/lts/security/2020/dla-2117 The issue is fixed upstream in 5.8. Mageia 7 is also affected.
Status comment: (none) => Fixed upstream in 5.8Whiteboard: (none) => MGA7TOO
Various committers, so assigning globally; CC Shlomi as the registered maintainer.
Assignee: bugsquad => pkg-bugsCC: (none) => shlomif
Done for both Cauldron and mga7!
CC: (none) => geiger.david68210
Advisory: ======================== Updated zsh packages fix security vulnerability: A privilege escalation vulnerability was discovered in zsh, whereby a user could regain a formerly elevated privelege level even when such an action should not be permitted (CVE-2019-20044). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20044 https://www.debian.org/lts/security/2020/dla-2117 ======================== Updated packages in core/updates_testing: ======================== zsh-5.7.1-1.1.mga7 zsh-doc-5.7.1-1.1.mga7 from zsh-5.7.1-1.1.mga7.src.rpm
Assignee: pkg-bugs => qa-bugsVersion: Cauldron => 7Status comment: Fixed upstream in 5.8 => (none)Whiteboard: MGA7TOO => (none)
MGA7-64 Plasma on Lenovo B50 No installation issues ref bug 22846 for testing: changed the user's shell to zsh, logged off and on again. Run konsole and fill out the options for history and completion. $ more .zshrc # Lines configured by zsh-newuser-install HISTFILE=~/.histfile HISTSIZE=1000 SAVEHIST=1000 # End of lines configured by zsh-newuser-install # The following lines were added by compinstall zstyle :compinstall filename '/home/tester7/.zshrc' autoload -Uz compinit compinit # End of lines added by compinstall $ echo $SHELL /bin/zsh Run a series of ls and cd commands using history an completion, all OK
CC: (none) => herman.viaeneWhiteboard: (none) => MGA7-64-OK
Validating. Advisory in Comment 3.
CC: (none) => andrewsfarm, sysadmin-bugsKeywords: (none) => validated_update
CC: (none) => tmbKeywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2020-0107.html
Status: NEW => RESOLVEDResolution: (none) => FIXED