OESA-2022-1567

See a problem?
Please try reporting it to the source first.

Source

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2022-1567

Import Source

https://repo.openeuler.org/security/data/osv/OESA-2022-1567.json

JSON Data

https://api.osv.dev/v1/vulns/OESA-2022-1567

Upstream

CVE-2021-45444

Published

2022-03-12T11:03:36Z

Modified

2025-09-03T06:17:44.709547Z

Summary

zsh security update

Details

The zsh is a shell designed for interactive use, and it is also a powerful scripting language. Many of the useful features of bash, ksh, and tcsh were incorporated into zsh. It can match files by file extension without running an external program, share command history with any shell, and more.

Security Fix(es):

In zsh before 5.8.1, an attacker can achieve code execution if they control a command output inside the prompt, as demonstrated by a %F argument. This occurs because of recursive PROMPT_SUBST expansion.(CVE-2021-45444)

Database specific

{
    "severity": "High"
}

References

Affected packages

openEuler:20.03-LTS-SP1 / zsh

Package

Name: zsh
Purl: pkg:rpm/openEuler/zsh&distro=openEuler-20.03-LTS-SP1

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.7.1-6.oe1

Ecosystem specific

{
    "aarch64": [
        "zsh-debugsource-5.7.1-6.oe1.aarch64.rpm",
        "zsh-debuginfo-5.7.1-6.oe1.aarch64.rpm",
        "zsh-5.7.1-6.oe1.aarch64.rpm"
    ],
    "noarch": [
        "zsh-help-5.7.1-6.oe1.noarch.rpm"
    ],
    "src": [
        "zsh-5.7.1-6.oe1.src.rpm"
    ],
    "x86_64": [
        "zsh-5.7.1-6.oe1.x86_64.rpm",
        "zsh-debugsource-5.7.1-6.oe1.x86_64.rpm",
        "zsh-debuginfo-5.7.1-6.oe1.x86_64.rpm"
    ]
}

openEuler:20.03-LTS-SP2 / zsh

Package

Name: zsh
Purl: pkg:rpm/openEuler/zsh&distro=openEuler-20.03-LTS-SP2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.7.1-6.oe1

Ecosystem specific

{
    "aarch64": [
        "zsh-5.7.1-6.oe1.aarch64.rpm",
        "zsh-debugsource-5.7.1-6.oe1.aarch64.rpm",
        "zsh-debuginfo-5.7.1-6.oe1.aarch64.rpm"
    ],
    "noarch": [
        "zsh-help-5.7.1-6.oe1.noarch.rpm"
    ],
    "src": [
        "zsh-5.7.1-6.oe1.src.rpm"
    ],
    "x86_64": [
        "zsh-5.7.1-6.oe1.x86_64.rpm",
        "zsh-debugsource-5.7.1-6.oe1.x86_64.rpm",
        "zsh-debuginfo-5.7.1-6.oe1.x86_64.rpm"
    ]
}

openEuler:20.03-LTS-SP3 / zsh

Package

Name: zsh
Purl: pkg:rpm/openEuler/zsh&distro=openEuler-20.03-LTS-SP3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.7.1-6.oe1

Ecosystem specific

{
    "aarch64": [
        "zsh-5.7.1-6.oe1.aarch64.rpm",
        "zsh-debuginfo-5.7.1-6.oe1.aarch64.rpm",
        "zsh-debugsource-5.7.1-6.oe1.aarch64.rpm"
    ],
    "noarch": [
        "zsh-help-5.7.1-6.oe1.noarch.rpm"
    ],
    "src": [
        "zsh-5.7.1-6.oe1.src.rpm"
    ],
    "x86_64": [
        "zsh-5.7.1-6.oe1.x86_64.rpm",
        "zsh-debuginfo-5.7.1-6.oe1.x86_64.rpm",
        "zsh-debugsource-5.7.1-6.oe1.x86_64.rpm"
    ]
}