[ GLSA 202003-55 ] Zsh

[GLSA]

Gentoo Linux Security Advisory

Title: Zsh: Privilege escalation (GLSA 202003-55)
Severity: normal
Exploitable: local, remote
Date: 2020-03-25
Bug(s): #711136
ID: 202003-55

Synopsis

A vulnerability in Zsh might allow an attacker to escalate
privileges.


Background

A shell designed for interactive use, although it is also a powerful
scripting language.


Affected Packages

Package: app-shells/zsh
Vulnerable: < 5.8
Unaffected: >= 5.8
Architectures: All supported architectures


Description

It was discovered that Zsh was insecure dropping privileges when
unsetting PRIVILEGED option.


Impact

An attacker could escalate privileges.

Workaround

There is no known workaround at this time.

Resolution

All Zsh users should upgrade to the latest version: