Security update for zsh SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2022:0735-1 Final 1 1 2022-03-04T13:50:08Z current 2022-03-04T13:50:08Z 2022-03-04T13:50:08Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for zsh This update for zsh fixes the following issues: - CVE-2021-45444: Fixed a vulnerability where arbitrary shell commands could be executed related to prompt expansion (bsc#1196435). - CVE-2019-20044: Fixed a vulnerability where shell privileges would not be properly dropped when unsetting the PRIVILEGED option (bsc#1163882). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-SLE-15.3-2022-735,openSUSE-SLE-15.4-2022-735 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/BYQO6XCA5HFPKOF2ANXLGSZGFT63LHPA/ E-Mail link for openSUSE-SU-2022:0735-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1163882 SUSE Bug 1163882 https://bugzilla.suse.com/1196435 SUSE Bug 1196435 https://www.suse.com/security/cve/CVE-2019-20044/ SUSE CVE CVE-2019-20044 page https://www.suse.com/security/cve/CVE-2021-45444/ SUSE CVE CVE-2021-45444 page openSUSE Leap 15.3 zsh-5.6-7.5.1 zsh-htmldoc-5.6-7.5.1 zsh-5.6-7.5.1 as a component of openSUSE Leap 15.3 zsh-htmldoc-5.6-7.5.1 as a component of openSUSE Leap 15.3 In Zsh before 5.8, attackers able to execute commands can regain privileges dropped by the --no-PRIVILEGED option. Zsh fails to overwrite the saved uid, so the original privileges can be restored by executing MODULE_PATH=/dir/with/module zmodload with a module that calls setuid(). CVE-2019-20044 openSUSE Leap 15.3:zsh-5.6-7.5.1 openSUSE Leap 15.3:zsh-htmldoc-5.6-7.5.1 moderate 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/BYQO6XCA5HFPKOF2ANXLGSZGFT63LHPA/ https://www.suse.com/security/cve/CVE-2019-20044.html CVE-2019-20044 https://bugzilla.suse.com/1163882 SUSE Bug 1163882 https://bugzilla.suse.com/1200039 SUSE Bug 1200039 https://bugzilla.suse.com/1200202 SUSE Bug 1200202 https://bugzilla.suse.com/1200209 SUSE Bug 1200209 In zsh before 5.8.1, an attacker can achieve code execution if they control a command output inside the prompt, as demonstrated by a %F argument. This occurs because of recursive PROMPT_SUBST expansion. CVE-2021-45444 openSUSE Leap 15.3:zsh-5.6-7.5.1 openSUSE Leap 15.3:zsh-htmldoc-5.6-7.5.1 moderate 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/BYQO6XCA5HFPKOF2ANXLGSZGFT63LHPA/ https://www.suse.com/security/cve/CVE-2021-45444.html CVE-2021-45444 https://bugzilla.suse.com/1196435 SUSE Bug 1196435 https://bugzilla.suse.com/1199097 SUSE Bug 1199097 https://bugzilla.suse.com/1200202 SUSE Bug 1200202