ASA-201804-7 generated external raw

[ASA-201804-7] zsh: denial of service
Arch Linux Security Advisory ASA-201804-7 ========================================= Severity: Medium Date : 2018-04-19 CVE-ID : CVE-2018-7548 CVE-2018-7549 Package : zsh Type : denial of service Remote : No Link : Summary ======= The package zsh before version 5.5-1 is vulnerable to denial of service. Resolution ========== Upgrade to 5.5-1. # pacman -Syu "zsh>=5.5-1" The problems have been fixed upstream in version 5.5. Workaround ========== None. Description =========== - CVE-2018-7548 (denial of service) In subst.c in zsh through 5.4.2, there is a NULL pointer dereference when using ${(PA)...} on an empty array result. - CVE-2018-7549 (denial of service) In params.c in zsh through 5.4.2, there is a crash during a copy of an empty hash table, as demonstrated by typeset -p. Impact ====== A local attacker can cause a denial of service via a specially input. References ==========