diff options
| author | Anthony Sottile <asottile@umich.edu> | 2018-09-03 14:39:25 +0000 |
|---|---|---|
| committer | Daniel Shahaf <d.s@daniel.shahaf.name> | 2018-09-03 15:07:47 +0000 |
| commit | 1c4c7b6a4d17294df028322b70c53803a402233d (patch) | |
| tree | 9017103102c523609b4f3210788a4406a173a19f /NEWS | |
| parent | baef71ccfc9df3221916a4356dafe5d792a509c6 (diff) | |
| download | zsh-1c4c7b6a4d17294df028322b70c53803a402233d.tar.gz zsh-1c4c7b6a4d17294df028322b70c53803a402233d.tar.xz zsh-1c4c7b6a4d17294df028322b70c53803a402233d.zip | |
CVE-2018-0502, CVE-2018-13259: Fix two security issues in shebang line parsing.
See NEWS for more information. Patch by Anthony Sottile and Buck Evan.
Diffstat (limited to 'NEWS')
| -rw-r--r-- | NEWS | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/NEWS b/NEWS index 93d879ce3..7b3e5692c 100644 --- a/NEWS +++ b/NEWS @@ -4,6 +4,27 @@ CHANGES FROM PREVIOUS VERSIONS OF ZSH Note also the list of incompatibilities in the README file. +Changes from 5.5.1-test-2 to 5.6 +-------------------------------- + +CVE-2018-0502: Data from the second line of a #! script file might be passed to +execve(). For example, in the following situation - +. + printf '#!foo\nbar' > baz + ./baz +. +the shell might take "bar" rather than "foo" for the argv[0] to be passed to +execve(). [ Reported by Anthony Sottile and Buck Evan. ] + +CVE-2018-13259: A shebang line longer than 64 characters would be truncated. +For example, in the following situation: +. + ( printf '#!'; repeat 64 printf 'x'; printf 'y' ) > foo + ./foo +. +the shell might execute x...x (64 repetitions) rather than x...xy (64 x's, +one y). [ Reported by Daniel Shahaf. ] + Changes from 5.5.1 to 5.5.1-test-2 ---------------------------------- |