ZSH Update for Slackware
A new zsh package has been released for Slackware Linux 15.0 to address a significant security vulnerability found in zsh-5.8. The updated version, zsh-5.9, resolves an issue where certain prompt expansion sequences, such as %F, could be manipulated to execute unintended code through PROMPT_SUBST evaluation, compromising user security. This flaw could potentially allow an attacker to trick users into executing arbitrary code by using specially crafted Git branch names.
Details from the Slackware 15.0 ChangeLog indicate that the new package is now available for both i586 and x86_64 architectures. The fix prevents PROMPT_SUBST evaluation from occurring on the prompt-expansion arguments, which may lead to incompatibility for users relying on the previous behavior.
For users interested in updating to the new zsh version, the packages can be found at the following links:
- For Slackware 15.0 (i586): [Download Here](ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/zsh-5.9-i586-1_slack15.0.txz)
- For Slackware x86_64 15.0: [Download Here](ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/zsh-5.9-x86_64-1_slack15.0.txz)
MD5 Signatures:
- i586 Package: 061804a8d52ec3c1492bda4f05748fea
- x86_64 Package: 3d0b84ddbbeedf0d346ef1819bb29e32
Installation Instructions:
To upgrade the package, users should execute the following command as root:
Additional Information:
The Slackware Linux Security Team has expressed gratitude to the OSU Open Source Lab for their support in providing FTP and rsync hosting for the project. For more details on the vulnerability, you can refer to the official CVE record: [CVE-2021-45444](https://www.cve.org/CVERecord?id=CVE-2021-45444).
Conclusion:
It's crucial for Slackware users to update their zsh packages to ensure their systems remain secure against this identified vulnerability. Regularly checking for updates and applying patches is a recommended best practice for maintaining system security and integrity
A new zsh package has been released for Slackware Linux 15.0 to address a significant security vulnerability found in zsh-5.8. The updated version, zsh-5.9, resolves an issue where certain prompt expansion sequences, such as %F, could be manipulated to execute unintended code through PROMPT_SUBST evaluation, compromising user security. This flaw could potentially allow an attacker to trick users into executing arbitrary code by using specially crafted Git branch names.
Details from the Slackware 15.0 ChangeLog indicate that the new package is now available for both i586 and x86_64 architectures. The fix prevents PROMPT_SUBST evaluation from occurring on the prompt-expansion arguments, which may lead to incompatibility for users relying on the previous behavior.
For users interested in updating to the new zsh version, the packages can be found at the following links:
- For Slackware 15.0 (i586): [Download Here](ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/zsh-5.9-i586-1_slack15.0.txz)
- For Slackware x86_64 15.0: [Download Here](ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/zsh-5.9-x86_64-1_slack15.0.txz)
MD5 Signatures:
- i586 Package: 061804a8d52ec3c1492bda4f05748fea
- x86_64 Package: 3d0b84ddbbeedf0d346ef1819bb29e32
Installation Instructions:
To upgrade the package, users should execute the following command as root:
bashupgradepkg zsh-5.9-i586-1_slack15.0.txz
Additional Information:
The Slackware Linux Security Team has expressed gratitude to the OSU Open Source Lab for their support in providing FTP and rsync hosting for the project. For more details on the vulnerability, you can refer to the official CVE record: [CVE-2021-45444](https://www.cve.org/CVERecord?id=CVE-2021-45444).
Conclusion:
It's crucial for Slackware users to update their zsh packages to ensure their systems remain secure against this identified vulnerability. Regularly checking for updates and applying patches is a recommended best practice for maintaining system security and integrity
ZSH Update for Slackware
A new zsh package to address a security flaw in zsh-5.8 has been released for Slackware Linux 15.0. This version has fixed a vulnerability that allowed prompt expansion sequences, like %F, to support 'arguments' that could trigger PROMPT_SUBST evaluation.
zsh (SSA:2025-109-01)
