CVE-2018-1100

Priority
Description
zsh through version 5.4.2 is vulnerable to a stack-based buffer overflow in
the utils.c:checkmailpath function. A local attacker could exploit this to
execute arbitrary code in the context of another user.
Notes
Package
Source: zsh (LP Ubuntu Debian)
Upstream:released (5.5-1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was released [5.0.2-3ubuntu6.3])
Ubuntu 16.04 LTS (Xenial Xerus):released (5.1.1-1ubuntu2.3)
Ubuntu 18.04 LTS (Bionic Beaver):released (5.4.2-3ubuntu3.1)
Patches:
Upstream:https://sourceforge.net/p/zsh/code/ci/31f72205630687c1cef89347863aab355296a27f/
More Information

Updated: 2020-01-29 20:01:31 UTC (commit 768ceb2fdee6790d707d0f681e1b54916744af1e)