diff -up genwqe-user-4.0.18/lib/software.c.orig genwqe-user-4.0.18/lib/software.c
--- genwqe-user-4.0.18/lib/software.c.orig	2017-11-17 20:53:26.736854418 +0100
+++ genwqe-user-4.0.18/lib/software.c	2017-11-17 20:55:34.200032915 +0100
@@ -594,6 +594,9 @@ const z_crc_t *get_crc_table()
 void zedc_sw_init(void)
 {
 	char *error;
+
+/* potential arbitrary code execution issue */
+#if 0
 	const char *zlib_path = getenv("ZLIB_PATH");
 
 	/* User has setup environment variable to find libz.so.1 */
@@ -604,6 +607,7 @@ void zedc_sw_init(void)
 		if (handle != NULL)
 			goto load_syms;
 	}
+#endif
 
 	/* We saw dlopen returning non NULL value in case of passing ""! */
 	if (strcmp(CONFIG_ZLIB_PATH, "") == 0) {