fish: Multiple vulnerabilities Multiple vulnerabilities have been found in fish, the worst of which could result in local privilege escalation or remote arbitrary code execution. fish December 28, 2014 December 28, 2014: 1 509044 local, remote 2.1.1 2.1.1

fish is the Friendly Interactive SHell.

Multiple vulnerabilities have been discovered in fish. Please review the CVE identifiers referenced below for details.

A local attacker may be able to gain escalated privileges or overwrite arbitrary files. Furthermore, a remote attacker may be able to execute arbitrary code.

There is no known workaround at this time.

All fish users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=app-shells/fish-2.1.1" CVE-2014-2905 CVE-2014-2906 CVE-2014-2914 CVE-2014-3219 Zlogene Zlogene