Debian 10261 Published by

A zsh security update has been released for Debian GNU/Linux 8 Extended LTS to address an issue where an attacker can execute arbitrary commands into a user's shell.



ELA-565-1 zsh security update

Package zsh
Version 5.0.7-5+deb8u4
Related CVEs CVE-2021-45444

It was discovered that zsh, a powerful shell and scripting language, did not prevent recursive prompt expansion. This would allow an attacker to execute arbitrary commands into a user’s shell, for instance by tricking a vcs_info user into checking out a git branch with a specially crafted name.

For Debian 8 jessie, these problems have been fixed in version 5.0.7-5+deb8u4.

We recommend that you upgrade your zsh packages.

Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/

  ELA-565-1 zsh security update