Описание
Security update for zsh
This update for zsh fixes the following issues:
- CVE-2018-0502: Fixed execve call vulnerability to program named on the second line when the beginning of a #! script file was mishandled. (bsc#1107296, bsc#1107294)
- CVE-2018-13259: Fixed execve call vulnerability to program name that is a substring of the intended one. (bsc#1107296, bsc#1107294)
Список пакетов
HPE Helion OpenStack 8
zsh-5.0.5-6.12.2
Image SLES12-SP4-Azure-BYOS
zsh-5.0.5-6.12.2
Image SLES12-SP4-EC2-HVM-BYOS
zsh-5.0.5-6.12.2
Image SLES12-SP4-GCE-BYOS
zsh-5.0.5-6.12.2
Image SLES12-SP4-SAP-Azure
zsh-5.0.5-6.12.2
Image SLES12-SP4-SAP-Azure-BYOS
zsh-5.0.5-6.12.2
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production
zsh-5.0.5-6.12.2
Image SLES12-SP4-SAP-Azure-VLI-BYOS-Production
zsh-5.0.5-6.12.2
Image SLES12-SP4-SAP-EC2-HVM
zsh-5.0.5-6.12.2
Image SLES12-SP4-SAP-EC2-HVM-BYOS
zsh-5.0.5-6.12.2
Image SLES12-SP4-SAP-GCE
zsh-5.0.5-6.12.2
Image SLES12-SP4-SAP-GCE-BYOS
zsh-5.0.5-6.12.2
Image SLES12-SP5-Azure-BYOS
zsh-5.0.5-6.12.2
Image SLES12-SP5-Azure-Basic-On-Demand
zsh-5.0.5-6.12.2
Image SLES12-SP5-Azure-HPC-BYOS
zsh-5.0.5-6.12.2
Image SLES12-SP5-Azure-HPC-On-Demand
zsh-5.0.5-6.12.2
Image SLES12-SP5-Azure-SAP-BYOS
zsh-5.0.5-6.12.2
Image SLES12-SP5-Azure-SAP-On-Demand
zsh-5.0.5-6.12.2
Image SLES12-SP5-Azure-Standard-On-Demand
zsh-5.0.5-6.12.2
Image SLES12-SP5-EC2-BYOS
zsh-5.0.5-6.12.2
Image SLES12-SP5-EC2-On-Demand
zsh-5.0.5-6.12.2
Image SLES12-SP5-EC2-SAP-BYOS
zsh-5.0.5-6.12.2
Image SLES12-SP5-EC2-SAP-On-Demand
zsh-5.0.5-6.12.2
Image SLES12-SP5-GCE-BYOS
zsh-5.0.5-6.12.2
Image SLES12-SP5-GCE-On-Demand
zsh-5.0.5-6.12.2
Image SLES12-SP5-GCE-SAP-BYOS
zsh-5.0.5-6.12.2
Image SLES12-SP5-GCE-SAP-On-Demand
zsh-5.0.5-6.12.2
Image SLES12-SP5-SAP-Azure-LI-BYOS-Production
zsh-5.0.5-6.12.2
Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production
zsh-5.0.5-6.12.2
SUSE Linux Enterprise Server 12 SP2-BCL
zsh-5.0.5-6.12.2
SUSE Linux Enterprise Server 12 SP3-BCL
zsh-5.0.5-6.12.2
SUSE Linux Enterprise Server 12 SP3-LTSS
zsh-5.0.5-6.12.2
SUSE Linux Enterprise Server 12 SP4-LTSS
zsh-5.0.5-6.12.2
SUSE Linux Enterprise Server 12 SP5
zsh-5.0.5-6.12.2
SUSE Linux Enterprise Server for SAP Applications 12 SP3
zsh-5.0.5-6.12.2
SUSE Linux Enterprise Server for SAP Applications 12 SP4
zsh-5.0.5-6.12.2
SUSE Linux Enterprise Server for SAP Applications 12 SP5
zsh-5.0.5-6.12.2
SUSE OpenStack Cloud 8
zsh-5.0.5-6.12.2
SUSE OpenStack Cloud 9
zsh-5.0.5-6.12.2
SUSE OpenStack Cloud Crowbar 8
zsh-5.0.5-6.12.2
SUSE OpenStack Cloud Crowbar 9
zsh-5.0.5-6.12.2
Ссылки
- Link for SUSE-SU-2022:0161-1
- E-Mail link for SUSE-SU-2022:0161-1
- SUSE Security Ratings
- SUSE Bug 1107294
- SUSE Bug 1107296
- SUSE CVE CVE-2018-0502 page
- SUSE CVE CVE-2018-13259 page
Описание
An issue was discovered in zsh before 5.6. The beginning of a #! script file was mishandled, potentially leading to an execve call to a program named on the second line.
Затронутые продукты
HPE Helion OpenStack 8:zsh-5.0.5-6.12.2
Image SLES12-SP4-Azure-BYOS:zsh-5.0.5-6.12.2
Image SLES12-SP4-EC2-HVM-BYOS:zsh-5.0.5-6.12.2
Image SLES12-SP4-GCE-BYOS:zsh-5.0.5-6.12.2
Ссылки
- CVE-2018-0502
- SUSE Bug 1107296
- SUSE Bug 1194009
- SUSE Bug 1194012
- SUSE Bug 1200039
- SUSE Bug 1200209
Описание
An issue was discovered in zsh before 5.6. Shebang lines exceeding 64 characters were truncated, potentially leading to an execve call to a program name that is a substring of the intended one.
Затронутые продукты
HPE Helion OpenStack 8:zsh-5.0.5-6.12.2
Image SLES12-SP4-Azure-BYOS:zsh-5.0.5-6.12.2
Image SLES12-SP4-EC2-HVM-BYOS:zsh-5.0.5-6.12.2
Image SLES12-SP4-GCE-BYOS:zsh-5.0.5-6.12.2
Ссылки
- CVE-2018-13259
- SUSE Bug 1107294
- SUSE Bug 1194009
- SUSE Bug 1194012
- SUSE Bug 1200039
- SUSE Bug 1200209