FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

fish -- local privilege escalation and remote code execution

Affected packages
1.6.0 <= fish < 2.1.1

Details

VuXML ID 6c083cf8-4830-11e4-ae2c-c80aa9043978
Discovery 2014-09-28
Entry 2014-09-29

Fish developer David Adam reports:

This release fixes a number of local privilege escalation vulnerability and one remote code execution vulnerability.

References

CVE Name CVE-2014-2905
CVE Name CVE-2014-2906
CVE Name CVE-2014-2914
CVE Name CVE-2014-3219
CVE Name CVE-2014-3856
URL http://www.openwall.com/lists/oss-security/2014/09/28/8
URL https://github.com/fish-shell/fish-shell/issues/1436
URL https://github.com/fish-shell/fish-shell/issues/1437
URL https://github.com/fish-shell/fish-shell/issues/1438
URL https://github.com/fish-shell/fish-shell/issues/1440