Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2018:1072-1

Опубликовано: 25 апр. 2018
Источник: suse-cvrf

Описание

Security update for zsh

This update for zsh fixes the following issues:

  • CVE-2014-10070: environment variable injection could lead to local privilege escalation (bnc#1082885)

  • CVE-2014-10071: buffer overflow in exec.c could lead to denial of service. (bnc#1082977)

  • CVE-2014-10072: buffer overflow In utils.c when scanning very long directory paths for symbolic links. (bnc#1082975)

  • CVE-2016-10714: In zsh before 5.3, an off-by-one error resulted in undersized buffers that were intended to support PATH_MAX characters. (bnc#1083250)

  • CVE-2017-18205: In builtin.c when sh compatibility mode is used, a NULL pointer dereference could lead to denial of service (bnc#1082998)

  • CVE-2018-1071: exec.c:hashcmd() function vulnerability could lead to denial of service. (bnc#1084656)

  • CVE-2018-1083: Autocomplete vulnerability could lead to privilege escalation. (bnc#1087026)

  • CVE-2018-7549: In params.c in zsh through 5.4.2, there is a crash during a copy of an empty hash table, as demonstrated by typeset -p. (bnc#1082991)

  • CVE-2017-18206: buffer overrun in xsymlinks could lead to denial of service (bnc#1083002)

  • Autocomplete and REPORTTIME broken (bsc#896914)

Список пакетов

SUSE Linux Enterprise Desktop 12 SP3
zsh-5.0.5-6.7.2
SUSE Linux Enterprise Server 12 SP3
zsh-5.0.5-6.7.2
SUSE Linux Enterprise Server for SAP Applications 12 SP3
zsh-5.0.5-6.7.2

Ссылки

Описание

zsh before 5.0.7 allows evaluation of the initial values of integer variables imported from the environment (instead of treating them as literal numbers). That could allow local privilege escalation, under some specific and atypical conditions where zsh is being invoked in privilege-elevation contexts when the environment has not been properly sanitized, such as when zsh is invoked by sudo on systems where "env_reset" has been disabled.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP3:zsh-5.0.5-6.7.2
SUSE Linux Enterprise Server 12 SP3:zsh-5.0.5-6.7.2
SUSE Linux Enterprise Server for SAP Applications 12 SP3:zsh-5.0.5-6.7.2
Ссылки

Описание

In exec.c in zsh before 5.0.7, there is a buffer overflow for very long fds in the ">& fd" syntax.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP3:zsh-5.0.5-6.7.2
SUSE Linux Enterprise Server 12 SP3:zsh-5.0.5-6.7.2
SUSE Linux Enterprise Server for SAP Applications 12 SP3:zsh-5.0.5-6.7.2
Ссылки

Описание

In utils.c in zsh before 5.0.6, there is a buffer overflow when scanning very long directory paths for symbolic links.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP3:zsh-5.0.5-6.7.2
SUSE Linux Enterprise Server 12 SP3:zsh-5.0.5-6.7.2
SUSE Linux Enterprise Server for SAP Applications 12 SP3:zsh-5.0.5-6.7.2
Ссылки

Описание

In zsh before 5.3, an off-by-one error resulted in undersized buffers that were intended to support PATH_MAX characters.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP3:zsh-5.0.5-6.7.2
SUSE Linux Enterprise Server 12 SP3:zsh-5.0.5-6.7.2
SUSE Linux Enterprise Server for SAP Applications 12 SP3:zsh-5.0.5-6.7.2
Ссылки

Описание

In builtin.c in zsh before 5.4, when sh compatibility mode is used, there is a NULL pointer dereference during processing of the cd command with no argument if HOME is not set.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP3:zsh-5.0.5-6.7.2
SUSE Linux Enterprise Server 12 SP3:zsh-5.0.5-6.7.2
SUSE Linux Enterprise Server for SAP Applications 12 SP3:zsh-5.0.5-6.7.2
Ссылки

Описание

In utils.c in zsh before 5.4, symlink expansion had a buffer overflow.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP3:zsh-5.0.5-6.7.2
SUSE Linux Enterprise Server 12 SP3:zsh-5.0.5-6.7.2
SUSE Linux Enterprise Server for SAP Applications 12 SP3:zsh-5.0.5-6.7.2
Ссылки

Описание

zsh through version 5.4.2 is vulnerable to a stack-based buffer overflow in the exec.c:hashcmd() function. A local attacker could exploit this to cause a denial of service.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP3:zsh-5.0.5-6.7.2
SUSE Linux Enterprise Server 12 SP3:zsh-5.0.5-6.7.2
SUSE Linux Enterprise Server for SAP Applications 12 SP3:zsh-5.0.5-6.7.2
Ссылки

Описание

Zsh before version 5.4.2-test-1 is vulnerable to a buffer overflow in the shell autocomplete functionality. A local unprivileged user can create a specially crafted directory path which leads to code execution in the context of the user who tries to use autocomplete to traverse the before mentioned path. If the user affected is privileged, this leads to privilege escalation.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP3:zsh-5.0.5-6.7.2
SUSE Linux Enterprise Server 12 SP3:zsh-5.0.5-6.7.2
SUSE Linux Enterprise Server for SAP Applications 12 SP3:zsh-5.0.5-6.7.2
Ссылки

Описание

In params.c in zsh through 5.4.2, there is a crash during a copy of an empty hash table, as demonstrated by typeset -p.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP3:zsh-5.0.5-6.7.2
SUSE Linux Enterprise Server 12 SP3:zsh-5.0.5-6.7.2
SUSE Linux Enterprise Server for SAP Applications 12 SP3:zsh-5.0.5-6.7.2
Ссылки