Security update for zsh
This update for zsh to version 5.6 fixes the following security issues:
- CVE-2018-0502: The beginning of a #! script file was mishandled, potentially
leading to an execve call to a program named on the second line (bsc#1107296).
- CVE-2018-13259: Shebang lines exceeding 64 characters were truncated,
potentially leading to an execve call to a program name that is a substring of
the intended one (bsc#1107294).
This update was imported from the SUSE:SLE-15:Update update project.
-
Submitted by
Ismail Dönmez (namtrac)
Fixed bugs
bnc#1107294
VUL-0: CVE-2018-13259: zsh: Shebang lines exceeding 64 characterswere truncated, potentially leading to an execve call to a program name that is a substring of the intended one
bnc#1107296
VUL-0: CVE-2018-0502: zsh: The beginning of a #! script file was mishandled, potentially leading to an execve call to a program named on the second line
