Issued:: 2020-03-26
Updated:: 2020-03-26

RHSA-2020:0978 - Security Advisory

Overview
Updated Packages

Synopsis

Important: zsh security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for zsh is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The zsh shell is a command interpreter usable as an interactive login shell and as a shell script command processor. Zsh resembles the ksh shell (the Korn shell), but includes many enhancements. Zsh supports command-line editing, built-in spelling correction, programmable command completion, shell functions (with autoloading), a history mechanism, and more.

Security Fix(es):

zsh: insecure dropping of privileges when unsetting PRIVILEGED option (CVE-2019-20044)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.0 ppc64le
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.0 x86_64

Fixes

BZ - 1804859 - CVE-2019-20044 zsh: insecure dropping of privileges when unsetting PRIVILEGED option

CVEs

CVE-2019-20044

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.0

SRPM
zsh-5.5.1-6.el8_0.2.src.rpm	SHA-256: eeaad522862bcb0ca86f8b626ebfe4c2b76e18b5d7929b406e59b95029517b05
ppc64le
zsh-5.5.1-6.el8_0.2.ppc64le.rpm	SHA-256: b9dd78de6664d8dfb4c89ce9d62975d7c689e5cdb7618971d95e93d82f71c296
zsh-debuginfo-5.5.1-6.el8_0.2.ppc64le.rpm	SHA-256: 09f2ab3263a36c20b36dc40445276e7bba5fd4f9f7d4c7e917332b82e7593573
zsh-debugsource-5.5.1-6.el8_0.2.ppc64le.rpm	SHA-256: 62255e938feed393ed7bc28ab1d0b9be35682639c3e1b3f97303f5fc606cd21b
zsh-html-5.5.1-6.el8_0.2.noarch.rpm	SHA-256: 834614a7d79ba78141924f7be07ac211a18e2f44592e34fd77b347f2915e3696

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.0

SRPM
zsh-5.5.1-6.el8_0.2.src.rpm	SHA-256: eeaad522862bcb0ca86f8b626ebfe4c2b76e18b5d7929b406e59b95029517b05
x86_64
zsh-5.5.1-6.el8_0.2.x86_64.rpm	SHA-256: 032122b09d56809ded0a153809b297c45ad8e0a469ff5389f235add9d31eb78e
zsh-debuginfo-5.5.1-6.el8_0.2.x86_64.rpm	SHA-256: 0cf3b2db08203f04117a2403254b5de438f91b26a67d747b2c0d2debb62143b7
zsh-debugsource-5.5.1-6.el8_0.2.x86_64.rpm	SHA-256: dc0e49df5788ca78e67d42e7b00a549dc1928fc34b78352f9ccd23ab42270d93
zsh-html-5.5.1-6.el8_0.2.noarch.rpm	SHA-256: 834614a7d79ba78141924f7be07ac211a18e2f44592e34fd77b347f2915e3696

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation