CVE-2018-1100

Priority
Description
zsh through version 5.4.2 is vulnerable to a stack-based buffer overflow in
the utils.c:checkmailpath function. A local attacker could exploit this to
execute arbitrary code in the context of another user.
Package
Source: zsh (LP Ubuntu Debian)
Upstream:released (5.5-1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):released (5.0.2-3ubuntu6.3)
Ubuntu 16.04 LTS (Xenial Xerus):released (5.1.1-1ubuntu2.3)
Ubuntu 18.04 LTS (Bionic Beaver):released (5.4.2-3ubuntu3.1)
Ubuntu 18.10 (Cosmic Cuttlefish):not-affected (5.5-1)
Patches:
Upstream:https://sourceforge.net/p/zsh/code/ci/31f72205630687c1cef89347863aab355296a27f/
More Information

Updated: 2018-10-22 14:14:21 UTC (commit 03ef231d584286304e54ae60f0de485bd42f2da8)