A vulnerability in Zsh might allow an attacker to escalate privileges.
|Package||app-shells/zsh on all architectures|
|Affected versions||< 5.8|
|Unaffected versions||>= 5.8|
A shell designed for interactive use, although it is also a powerful scripting language.
It was discovered that Zsh was insecure dropping privileges when unsetting PRIVILEGED option.
An attacker could escalate privileges.
There is no known workaround at this time.
All Zsh users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-shells/zsh-5.8"
March 25, 2020
March 25, 2020: 1