Arch Linux 804 Published by

The following updates has been released for Arch Linux:

ASA-201804-5: zsh: arbitrary code execution
ASA-201804-6: lib32-openssl: private key recovery



ASA-201804-5: zsh: arbitrary code execution


Arch Linux Security Advisory ASA-201804-5
=========================================

Severity: High
Date : 2018-04-11
CVE-ID : CVE-2018-1100
Package : zsh
Type : arbitrary code execution
Remote : No
Link : https://security.archlinux.org/AVG-669

Summary
=======

The package zsh before version 5.5-1 is vulnerable to arbitrary code
execution.

Resolution
==========

Upgrade to 5.5-1.

# pacman -Syu "zsh>=5.5-1"

The problem has been fixed upstream in version 5.5.

Workaround
==========

None.

Description
===========

A stack-based buffer overflow has been found in zsh