Security
Security
Multiple vulnerabilities have been found in fish, the worst of which could result in local privilege escalation or remote arbitrary code execution.
| Package | app-shells/fish on all architectures |
|---|---|
| Affected versions | < 2.1.1 |
| Unaffected versions | >= 2.1.1 |
fish is the Friendly Interactive SHell.
Multiple vulnerabilities have been discovered in fish. Please review the CVE identifiers referenced below for details.
A local attacker may be able to gain escalated privileges or overwrite arbitrary files. Furthermore, a remote attacker may be able to execute arbitrary code.
There is no known workaround at this time.
All fish users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-shells/fish-2.1.1"
Release date
December 28, 2014
Latest revision
December 28, 2014: 1
Severity
high
Exploitable
local, remote
Bugzilla entries