Package name
zsh
Date
2009-12-03
Advisory ID
MDVSA-2009:108-1
Affected versions
2008.0 i586 , 2008.0 x86_64

Problem description

A stack-based buffer overflow was found in the zsh command
interpreter. An attacker could use this flaw to cause a denial of
service (zsh crash), when providing a specially-crafted string as
input to the zsh shell.

The updated packages have been patched to prevent this.

Update:

Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers

Updated packages

2008.0 i586

 341fdf8d837fd349186b42db36cb6b5d  2008.0/i586/zsh-4.3.4-4.1mdv2008.0.i586.rpm
 1fe0e1d84da10a334c70a9808d4fffd7  2008.0/i586/zsh-doc-4.3.4-4.1mdv2008.0.i586.rpm 
 ca28c7f0b98d79f7f7e7e7c93b9afb2e  2008.0/SRPMS/zsh-4.3.4-4.1mdv2008.0.src.rpm

2008.0 x86_64

 65c003211e382a0059eb61ec7249bff9  2008.0/x86_64/zsh-4.3.4-4.1mdv2008.0.x86_64.rpm
 e784e85b82d32d672e56050972f004c2  2008.0/x86_64/zsh-doc-4.3.4-4.1mdv2008.0.x86_64.rpm 
 ca28c7f0b98d79f7f7e7e7c93b9afb2e  2008.0/SRPMS/zsh-4.3.4-4.1mdv2008.0.src.rpm