CVE-2019-20044
First published: Mon Feb 24 2020(Updated: )
zsh. An authorization issue was addressed with improved state management.
Credit: Sam Foxman cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| macOS Catalina | <10.15.5 | 10.15.5 |
| macOS Mojave | ||
| macOS High Sierra | ||
| Z Shell (zsh) | <5.8 | |
| Apple iOS and macOS | ||
| Linux Kernel | ||
| Fedora | =30 | |
| Fedora | =31 | |
| Debian | =8.0 | |
| Debian | =9.0 | |
| Apple iOS, iPadOS, and watchOS | <13.5 | |
| iOS | <13.5 | |
| Apple iOS and macOS | <10.15.5 | |
| Apple iOS and macOS | >=10.13.0<10.13.6 | |
| Apple iOS and macOS | >=10.14.0<10.14.6 | |
| Apple iOS and macOS | >=10.15<10.15.5 | |
| Apple iOS and macOS | =10.13.6 | |
| Apple iOS and macOS | =10.13.6-security_update_2018-002 | |
| Apple iOS and macOS | =10.13.6-security_update_2018-003 | |
| Apple iOS and macOS | =10.13.6-security_update_2019-001 | |
| Apple iOS and macOS | =10.13.6-security_update_2019-002 | |
| Apple iOS and macOS | =10.13.6-security_update_2019-003 | |
| Apple iOS and macOS | =10.13.6-security_update_2019-004 | |
| Apple iOS and macOS | =10.13.6-security_update_2019-005 | |
| Apple iOS and macOS | =10.13.6-security_update_2019-006 | |
| Apple iOS and macOS | =10.13.6-security_update_2019-007 | |
| Apple iOS and macOS | =10.13.6-security_update_2020-001 | |
| Apple iOS and macOS | =10.13.6-security_update_2020-002 | |
| Apple iOS and macOS | =10.14.6 | |
| Apple iOS and macOS | =10.14.6-security_update_2019-001 | |
| Apple iOS and macOS | =10.14.6-security_update_2019-002 | |
| Apple iOS and macOS | =10.14.6-security_update_2019-004 | |
| Apple iOS and macOS | =10.14.6-security_update_2019-005 | |
| Apple iOS and macOS | =10.14.6-security_update_2019-006 | |
| Apple iOS and macOS | =10.14.6-security_update_2019-007 | |
| Apple iOS and macOS | =10.14.6-security_update_2020-001 | |
| Apple iOS and macOS | =10.14.6-security_update_2020-002 | |
| tvOS | <13.4.5 | |
| Apple iOS, iPadOS, and watchOS | <6.2.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://support.apple.com/en-us/HT211170 (Advisory)
- http://seclists.org/fulldisclosure/2020/May/49
- http://seclists.org/fulldisclosure/2020/May/53
- http://seclists.org/fulldisclosure/2020/May/55
- http://seclists.org/fulldisclosure/2020/May/59
- http://zsh.sourceforge.net/releases.html
- https://github.com/XMB5/zsh-privileged-upgrade
- https://lists.debian.org/debian-lts-announce/2020/03/msg00004.html
- https://lists.debian.org/debian-lts-announce/2020/12/msg00000.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FP64FFIZI2CKQOEAOI5A72PVQULE7ZZC/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PN5V7MPHRRP7QNHOEK56S7QGRU53WUN6/
- https://security.gentoo.org/glsa/202003-55
- https://support.apple.com/HT211168
- https://support.apple.com/HT211170
- https://support.apple.com/HT211171
- https://support.apple.com/HT211175
- https://support.apple.com/kb/HT211168
- https://support.apple.com/kb/HT211170
- https://support.apple.com/kb/HT211171
- https://support.apple.com/kb/HT211175
- https://www.zsh.org/mla/zsh-announce/141
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FP64FFIZI2CKQOEAOI5A72PVQULE7ZZC/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PN5V7MPHRRP7QNHOEK56S7QGRU53WUN6/
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2020-9827
- CVE-2020-9772
- CVE-2020-9826
- CVE-2020-9842
- CVE-2020-9804
- CVE-2020-9815
- CVE-2020-9791
- CVE-2020-9831
- CVE-2020-9779
- CVE-2020-3882
- CVE-2020-9828
- CVE-2020-9856
- CVE-2020-9847
- CVE-2020-9855
- CVE-2020-9816
- CVE-2020-3878
- CVE-2020-9789
- CVE-2020-9790
- CVE-2020-9822
- CVE-2020-9796
- CVE-2020-9837
- CVE-2020-9821
- CVE-2020-9797
- CVE-2020-9852
- CVE-2020-9795
- CVE-2020-9808
- CVE-2020-9811
- CVE-2020-9812
- CVE-2020-9813
- CVE-2020-9814
- CVE-2020-9809
- CVE-2019-14868
- CVE-2020-9994
- CVE-2020-9857
- CVE-2020-9817
- CVE-2020-9851
- CVE-2020-9793
- CVE-2014-9512
- CVE-2020-9825
- CVE-2020-9771
- CVE-2020-9788
- CVE-2020-9854
- CVE-2020-9824
- CVE-2020-9810
- CVE-2020-9794
- CVE-2020-9839
- CVE-2020-9792
- CVE-2020-9844
- CVE-2020-9830
- CVE-2020-9834
- CVE-2020-9833
- CVE-2020-9832
- CVE-2020-9841
- CVE-2019-20044
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2019-20044.
What is the affected software?
The affected software includes Apple macOS Catalina (up to version 10.15.5), Apple Mojave, and Apple High Sierra.
What was the issue addressed in zsh?
The issue addressed in zsh was an authorization issue.
How was the issue addressed?
The issue was addressed with improved state management.
Where can I find more information about this vulnerability?
More information about this vulnerability can be found at the following reference: https://support.apple.com/en-us/HT211170
- agent/type
- agent/weakness
- agent/author
- agent/severity
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/trending
- agent/source
- collector/apple-support
- agent/software-canonical-lookup-request
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- vendor/apple
- canonical/macos catalina
- canonical/macos mojave
- canonical/macos high sierra
- vendor/zsh
- canonical/z shell (zsh)
- canonical/apple ios and macos
- vendor/linux
- canonical/linux kernel
- vendor/fedoraproject
- canonical/fedora
- version/fedora/30
- version/fedora/31
- vendor/debian
- canonical/debian
- version/debian/8.0
- version/debian/9.0
- canonical/apple ios, ipados, and watchos
- canonical/ios
- version/apple ios and macos/10.13.0
- version/apple ios and macos/10.14.0
- version/apple ios and macos/10.15
- version/apple ios and macos/10.13.6
- version/apple ios and macos/10.13.6-security_update_2018-002
- version/apple ios and macos/10.13.6-security_update_2018-003
- version/apple ios and macos/10.13.6-security_update_2019-001
- version/apple ios and macos/10.13.6-security_update_2019-002
- version/apple ios and macos/10.13.6-security_update_2019-003
- version/apple ios and macos/10.13.6-security_update_2019-004
- version/apple ios and macos/10.13.6-security_update_2019-005
- version/apple ios and macos/10.13.6-security_update_2019-006
- version/apple ios and macos/10.13.6-security_update_2019-007
- version/apple ios and macos/10.13.6-security_update_2020-001
- version/apple ios and macos/10.13.6-security_update_2020-002
- version/apple ios and macos/10.14.6
- version/apple ios and macos/10.14.6-security_update_2019-001
- version/apple ios and macos/10.14.6-security_update_2019-002
- version/apple ios and macos/10.14.6-security_update_2019-004
- version/apple ios and macos/10.14.6-security_update_2019-005
- version/apple ios and macos/10.14.6-security_update_2019-006
- version/apple ios and macos/10.14.6-security_update_2019-007
- version/apple ios and macos/10.14.6-security_update_2020-001
- version/apple ios and macos/10.14.6-security_update_2020-002
- canonical/tvos