The following updates has been released for Arch Linux:
ASA-201804-5: zsh: arbitrary code execution
ASA-201804-6: lib32-openssl: private key recovery
ASA-201804-5: zsh: arbitrary code execution
ASA-201804-6: lib32-openssl: private key recovery
ASA-201804-5: zsh: arbitrary code execution
Arch Linux Security Advisory ASA-201804-5
=========================================
Severity: High
Date : 2018-04-11
CVE-ID : CVE-2018-1100
Package : zsh
Type : arbitrary code execution
Remote : No
Link : https://security.archlinux.org/AVG-669
Summary
=======
The package zsh before version 5.5-1 is vulnerable to arbitrary code
execution.
Resolution
==========
Upgrade to 5.5-1.
# pacman -Syu "zsh>=5.5-1"
The problem has been fixed upstream in version 5.5.
Workaround
==========
None.
Description
===========
A stack-based buffer overflow has been found in zsh