Описание
Security update for zsh
This update for zsh fixes the following issues:
- CVE-2021-45444: Fixed a vulnerability where arbitrary shell commands could be executed related to prompt expansion (bsc#1196435).
- CVE-2019-20044: Fixed a vulnerability where shell privileges would not be properly dropped when unsetting the PRIVILEGED option (bsc#1163882).
Список пакетов
Image SLES15-SP1-Azure-BYOS
zsh-5.6-7.5.1
Image SLES15-SP1-Azure-HPC-BYOS
zsh-5.6-7.5.1
Image SLES15-SP1-SAP-Azure-BYOS
zsh-5.6-7.5.1
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production
zsh-5.6-7.5.1
Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production
zsh-5.6-7.5.1
Image SLES15-SP1-SAPCAL-Azure
zsh-5.6-7.5.1
Image SLES15-SP1-SAPCAL-EC2-HVM
zsh-5.6-7.5.1
Image SLES15-SP1-SAPCAL-GCE
zsh-5.6-7.5.1
Image SLES15-SP2-BYOS-Azure
zsh-5.6-7.5.1
Image SLES15-SP2-BYOS-EC2-HVM
zsh-5.6-7.5.1
Image SLES15-SP2-BYOS-GCE
zsh-5.6-7.5.1
Image SLES15-SP2-HPC-BYOS-Azure
zsh-5.6-7.5.1
Image SLES15-SP2-HPC-BYOS-EC2-HVM
zsh-5.6-7.5.1
Image SLES15-SP2-Manager-4-1-Proxy-BYOS-Azure
zsh-5.6-7.5.1
Image SLES15-SP2-Manager-4-1-Proxy-BYOS-EC2-HVM
zsh-5.6-7.5.1
Image SLES15-SP2-Manager-4-1-Proxy-BYOS-GCE
zsh-5.6-7.5.1
Image SLES15-SP2-Manager-4-1-Server-BYOS-Azure
zsh-5.6-7.5.1
Image SLES15-SP2-Manager-4-1-Server-BYOS-EC2-HVM
zsh-5.6-7.5.1
Image SLES15-SP2-Manager-4-1-Server-BYOS-GCE
zsh-5.6-7.5.1
Image SLES15-SP2-SAP-Azure
zsh-5.6-7.5.1
Image SLES15-SP2-SAP-Azure-LI-BYOS-Production
zsh-5.6-7.5.1
Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production
zsh-5.6-7.5.1
Image SLES15-SP2-SAP-BYOS-Azure
zsh-5.6-7.5.1
Image SLES15-SP2-SAP-BYOS-EC2-HVM
zsh-5.6-7.5.1
Image SLES15-SP2-SAP-BYOS-GCE
zsh-5.6-7.5.1
Image SLES15-SP2-SAP-EC2-HVM
zsh-5.6-7.5.1
Image SLES15-SP2-SAP-GCE
zsh-5.6-7.5.1
Image SLES15-SP3-BYOS-Azure
zsh-5.6-7.5.1
Image SLES15-SP3-BYOS-EC2-HVM
zsh-5.6-7.5.1
Image SLES15-SP3-BYOS-GCE
zsh-5.6-7.5.1
Image SLES15-SP3-EC2-HVM
zsh-5.6-7.5.1
Image SLES15-SP3-GCE
zsh-5.6-7.5.1
Image SLES15-SP3-HPC-Azure
zsh-5.6-7.5.1
Image SLES15-SP3-HPC-BYOS-Azure
zsh-5.6-7.5.1
Image SLES15-SP3-HPC-BYOS-EC2-HVM
zsh-5.6-7.5.1
Image SLES15-SP3-HPC-BYOS-GCE
zsh-5.6-7.5.1
Image SLES15-SP3-Manager-4-2-Proxy-BYOS-Azure
zsh-5.6-7.5.1
Image SLES15-SP3-Manager-4-2-Proxy-BYOS-EC2-HVM
zsh-5.6-7.5.1
Image SLES15-SP3-Manager-4-2-Proxy-BYOS-GCE
zsh-5.6-7.5.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-Azure
zsh-5.6-7.5.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-EC2-HVM
zsh-5.6-7.5.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-GCE
zsh-5.6-7.5.1
Image SLES15-SP3-SAP-Azure
zsh-5.6-7.5.1
Image SLES15-SP3-SAP-Azure-LI-BYOS-Production
zsh-5.6-7.5.1
Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production
zsh-5.6-7.5.1
Image SLES15-SP3-SAP-BYOS-Azure
zsh-5.6-7.5.1
Image SLES15-SP3-SAP-BYOS-EC2-HVM
zsh-5.6-7.5.1
Image SLES15-SP3-SAP-BYOS-GCE
zsh-5.6-7.5.1
Image SLES15-SP3-SAP-EC2-HVM
zsh-5.6-7.5.1
Image SLES15-SP3-SAP-GCE
zsh-5.6-7.5.1
Image SLES15-SP3-SAPCAL-Azure
zsh-5.6-7.5.1
Image SLES15-SP3-SAPCAL-EC2-HVM
zsh-5.6-7.5.1
Image SLES15-SP3-SAPCAL-GCE
zsh-5.6-7.5.1
Image SLES15-SP4
zsh-5.6-7.5.1
Image SLES15-SP4-Azure-Basic
zsh-5.6-7.5.1
Image SLES15-SP4-Azure-Standard
zsh-5.6-7.5.1
Image SLES15-SP4-BYOS
zsh-5.6-7.5.1
Image SLES15-SP4-BYOS-Azure
zsh-5.6-7.5.1
Image SLES15-SP4-BYOS-EC2
zsh-5.6-7.5.1
Image SLES15-SP4-BYOS-GCE
zsh-5.6-7.5.1
Image SLES15-SP4-EC2
zsh-5.6-7.5.1
Image SLES15-SP4-GCE
zsh-5.6-7.5.1
Image SLES15-SP4-HPC
zsh-5.6-7.5.1
Image SLES15-SP4-HPC-Azure
zsh-5.6-7.5.1
Image SLES15-SP4-HPC-BYOS
zsh-5.6-7.5.1
Image SLES15-SP4-HPC-BYOS-Azure
zsh-5.6-7.5.1
Image SLES15-SP4-HPC-BYOS-EC2
zsh-5.6-7.5.1
Image SLES15-SP4-HPC-BYOS-GCE
zsh-5.6-7.5.1
Image SLES15-SP4-HPC-EC2
zsh-5.6-7.5.1
Image SLES15-SP4-HPC-GCE
zsh-5.6-7.5.1
Image SLES15-SP4-Hardened-BYOS
zsh-5.6-7.5.1
Image SLES15-SP4-Hardened-BYOS-Azure
zsh-5.6-7.5.1
Image SLES15-SP4-Hardened-BYOS-EC2
zsh-5.6-7.5.1
Image SLES15-SP4-Hardened-BYOS-GCE
zsh-5.6-7.5.1
Image SLES15-SP4-Manager-Proxy-4-3-BYOS
zsh-5.6-7.5.1
Image SLES15-SP4-Manager-Proxy-4-3-BYOS-Azure
zsh-5.6-7.5.1
Image SLES15-SP4-Manager-Proxy-4-3-BYOS-EC2
zsh-5.6-7.5.1
Image SLES15-SP4-Manager-Proxy-4-3-BYOS-GCE
zsh-5.6-7.5.1
Image SLES15-SP4-Manager-Server-4-3
zsh-5.6-7.5.1
Image SLES15-SP4-Manager-Server-4-3-Azure-llc
zsh-5.6-7.5.1
Image SLES15-SP4-Manager-Server-4-3-Azure-ltd
zsh-5.6-7.5.1
Image SLES15-SP4-Manager-Server-4-3-BYOS
zsh-5.6-7.5.1
Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure
zsh-5.6-7.5.1
Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2
zsh-5.6-7.5.1
Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE
zsh-5.6-7.5.1
Image SLES15-SP4-Manager-Server-4-3-EC2-llc
zsh-5.6-7.5.1
Image SLES15-SP4-Manager-Server-4-3-EC2-ltd
zsh-5.6-7.5.1
Image SLES15-SP4-SAP
zsh-5.6-7.5.1
Image SLES15-SP4-SAP-Azure
zsh-5.6-7.5.1
Image SLES15-SP4-SAP-Azure-LI-BYOS
zsh-5.6-7.5.1
Image SLES15-SP4-SAP-Azure-LI-BYOS-Production
zsh-5.6-7.5.1
Image SLES15-SP4-SAP-Azure-VLI-BYOS
zsh-5.6-7.5.1
Image SLES15-SP4-SAP-Azure-VLI-BYOS-Production
zsh-5.6-7.5.1
Image SLES15-SP4-SAP-BYOS
zsh-5.6-7.5.1
Image SLES15-SP4-SAP-BYOS-Azure
zsh-5.6-7.5.1
Image SLES15-SP4-SAP-BYOS-EC2
zsh-5.6-7.5.1
Image SLES15-SP4-SAP-BYOS-GCE
zsh-5.6-7.5.1
Image SLES15-SP4-SAP-EC2
zsh-5.6-7.5.1
Image SLES15-SP4-SAP-GCE
zsh-5.6-7.5.1
Image SLES15-SP4-SAP-Hardened
zsh-5.6-7.5.1
Image SLES15-SP4-SAP-Hardened-Azure
zsh-5.6-7.5.1
Image SLES15-SP4-SAP-Hardened-BYOS
zsh-5.6-7.5.1
Image SLES15-SP4-SAP-Hardened-BYOS-Azure
zsh-5.6-7.5.1
Image SLES15-SP4-SAP-Hardened-BYOS-EC2
zsh-5.6-7.5.1
Image SLES15-SP4-SAP-Hardened-BYOS-GCE
zsh-5.6-7.5.1
Image SLES15-SP4-SAP-Hardened-EC2
zsh-5.6-7.5.1
Image SLES15-SP4-SAP-Hardened-GCE
zsh-5.6-7.5.1
Image SLES15-SP4-SAPCAL
zsh-5.6-7.5.1
Image SLES15-SP4-SAPCAL-Azure
zsh-5.6-7.5.1
Image SLES15-SP4-SAPCAL-EC2
zsh-5.6-7.5.1
Image SLES15-SP4-SAPCAL-GCE
zsh-5.6-7.5.1
Image SLES15-SP5-Azure-3P
zsh-5.6-7.5.1
Image SLES15-SP5-Azure-Basic
zsh-5.6-7.5.1
Image SLES15-SP5-Azure-Standard
zsh-5.6-7.5.1
Image SLES15-SP5-BYOS-Azure
zsh-5.6-7.5.1
Image SLES15-SP5-BYOS-EC2
zsh-5.6-7.5.1
Image SLES15-SP5-BYOS-GCE
zsh-5.6-7.5.1
Image SLES15-SP5-EC2
zsh-5.6-7.5.1
Image SLES15-SP5-GCE
zsh-5.6-7.5.1
Image SLES15-SP5-HPC-Azure
zsh-5.6-7.5.1
Image SLES15-SP5-HPC-BYOS-Azure
zsh-5.6-7.5.1
Image SLES15-SP5-HPC-BYOS-EC2
zsh-5.6-7.5.1
Image SLES15-SP5-HPC-BYOS-GCE
zsh-5.6-7.5.1
Image SLES15-SP5-HPC-EC2
zsh-5.6-7.5.1
Image SLES15-SP5-HPC-GCE
zsh-5.6-7.5.1
Image SLES15-SP5-Hardened-BYOS-Azure
zsh-5.6-7.5.1
Image SLES15-SP5-Hardened-BYOS-EC2
zsh-5.6-7.5.1
Image SLES15-SP5-Hardened-BYOS-GCE
zsh-5.6-7.5.1
Image SLES15-SP5-SAP-Azure
zsh-5.6-7.5.1
Image SLES15-SP5-SAP-Azure-3P
zsh-5.6-7.5.1
Image SLES15-SP5-SAP-Azure-LI-BYOS
zsh-5.6-7.5.1
Image SLES15-SP5-SAP-Azure-LI-BYOS-Production
zsh-5.6-7.5.1
Image SLES15-SP5-SAP-Azure-VLI-BYOS
zsh-5.6-7.5.1
Image SLES15-SP5-SAP-Azure-VLI-BYOS-Production
zsh-5.6-7.5.1
Image SLES15-SP5-SAP-BYOS-Azure
zsh-5.6-7.5.1
Image SLES15-SP5-SAP-BYOS-EC2
zsh-5.6-7.5.1
Image SLES15-SP5-SAP-BYOS-GCE
zsh-5.6-7.5.1
Image SLES15-SP5-SAP-EC2
zsh-5.6-7.5.1
Image SLES15-SP5-SAP-GCE
zsh-5.6-7.5.1
Image SLES15-SP5-SAP-Hardened-Azure
zsh-5.6-7.5.1
Image SLES15-SP5-SAP-Hardened-BYOS-Azure
zsh-5.6-7.5.1
Image SLES15-SP5-SAP-Hardened-BYOS-EC2
zsh-5.6-7.5.1
Image SLES15-SP5-SAP-Hardened-BYOS-GCE
zsh-5.6-7.5.1
Image SLES15-SP5-SAP-Hardened-EC2
zsh-5.6-7.5.1
Image SLES15-SP5-SAP-Hardened-GCE
zsh-5.6-7.5.1
Image SLES15-SP5-SAPCAL-Azure
zsh-5.6-7.5.1
Image SLES15-SP5-SAPCAL-EC2
zsh-5.6-7.5.1
Image SLES15-SP5-SAPCAL-GCE
zsh-5.6-7.5.1
Image SLES15-SP6
zsh-5.6-7.5.1
Image SLES15-SP6-Azure-Basic
zsh-5.6-7.5.1
Image SLES15-SP6-Azure-Standard
zsh-5.6-7.5.1
Image SLES15-SP6-BYOS
zsh-5.6-7.5.1
Image SLES15-SP6-BYOS-Azure
zsh-5.6-7.5.1
Image SLES15-SP6-BYOS-EC2
zsh-5.6-7.5.1
Image SLES15-SP6-BYOS-GCE
zsh-5.6-7.5.1
Image SLES15-SP6-EC2
zsh-5.6-7.5.1
Image SLES15-SP6-GCE
zsh-5.6-7.5.1
Image SLES15-SP6-HPC
zsh-5.6-7.5.1
Image SLES15-SP6-HPC-Azure
zsh-5.6-7.5.1
Image SLES15-SP6-HPC-BYOS
zsh-5.6-7.5.1
Image SLES15-SP6-HPC-BYOS-Azure
zsh-5.6-7.5.1
Image SLES15-SP6-HPC-BYOS-EC2
zsh-5.6-7.5.1
Image SLES15-SP6-HPC-BYOS-GCE
zsh-5.6-7.5.1
Image SLES15-SP6-HPC-EC2
zsh-5.6-7.5.1
Image SLES15-SP6-HPC-GCE
zsh-5.6-7.5.1
Image SLES15-SP6-Hardened-BYOS
zsh-5.6-7.5.1
Image SLES15-SP6-Hardened-BYOS-Azure
zsh-5.6-7.5.1
Image SLES15-SP6-Hardened-BYOS-EC2
zsh-5.6-7.5.1
Image SLES15-SP6-Hardened-BYOS-GCE
zsh-5.6-7.5.1
Image SLES15-SP6-SAP
zsh-5.6-7.5.1
Image SLES15-SP6-SAP-Azure
zsh-5.6-7.5.1
Image SLES15-SP6-SAP-Azure-LI-BYOS
zsh-5.6-7.5.1
Image SLES15-SP6-SAP-Azure-LI-BYOS-Production
zsh-5.6-7.5.1
Image SLES15-SP6-SAP-Azure-VLI-BYOS
zsh-5.6-7.5.1
Image SLES15-SP6-SAP-Azure-VLI-BYOS-Production
zsh-5.6-7.5.1
Image SLES15-SP6-SAP-BYOS
zsh-5.6-7.5.1
Image SLES15-SP6-SAP-BYOS-Azure
zsh-5.6-7.5.1
Image SLES15-SP6-SAP-BYOS-EC2
zsh-5.6-7.5.1
Image SLES15-SP6-SAP-BYOS-GCE
zsh-5.6-7.5.1
Image SLES15-SP6-SAP-EC2
zsh-5.6-7.5.1
Image SLES15-SP6-SAP-GCE
zsh-5.6-7.5.1
Image SLES15-SP6-SAP-Hardened
zsh-5.6-7.5.1
Image SLES15-SP6-SAP-Hardened-Azure
zsh-5.6-7.5.1
Image SLES15-SP6-SAP-Hardened-BYOS
zsh-5.6-7.5.1
Image SLES15-SP6-SAP-Hardened-BYOS-Azure
zsh-5.6-7.5.1
Image SLES15-SP6-SAP-Hardened-BYOS-EC2
zsh-5.6-7.5.1
Image SLES15-SP6-SAP-Hardened-BYOS-GCE
zsh-5.6-7.5.1
Image SLES15-SP6-SAP-Hardened-EC2
zsh-5.6-7.5.1
Image SLES15-SP6-SAP-Hardened-GCE
zsh-5.6-7.5.1
Image SLES15-SP6-SAPCAL
zsh-5.6-7.5.1
Image SLES15-SP6-SAPCAL-Azure
zsh-5.6-7.5.1
Image SLES15-SP6-SAPCAL-EC2
zsh-5.6-7.5.1
Image SLES15-SP6-SAPCAL-GCE
zsh-5.6-7.5.1
SUSE Enterprise Storage 6
zsh-5.6-7.5.1
SUSE Enterprise Storage 7
zsh-5.6-7.5.1
SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS
zsh-5.6-7.5.1
SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS
zsh-5.6-7.5.1
SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS
zsh-5.6-7.5.1
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS
zsh-5.6-7.5.1
SUSE Linux Enterprise Module for Basesystem 15 SP3
zsh-5.6-7.5.1
SUSE Linux Enterprise Real Time 15 SP2
zsh-5.6-7.5.1
SUSE Linux Enterprise Server 15 SP1-BCL
zsh-5.6-7.5.1
SUSE Linux Enterprise Server 15 SP1-LTSS
zsh-5.6-7.5.1
SUSE Linux Enterprise Server 15 SP2-BCL
zsh-5.6-7.5.1
SUSE Linux Enterprise Server 15 SP2-LTSS
zsh-5.6-7.5.1
SUSE Linux Enterprise Server for SAP Applications 15 SP1
zsh-5.6-7.5.1
SUSE Linux Enterprise Server for SAP Applications 15 SP2
zsh-5.6-7.5.1
SUSE Manager Proxy 4.1
zsh-5.6-7.5.1
SUSE Manager Retail Branch Server 4.1
zsh-5.6-7.5.1
SUSE Manager Server 4.1
zsh-5.6-7.5.1
Ссылки
- Link for SUSE-SU-2022:0735-1
- E-Mail link for SUSE-SU-2022:0735-1
- SUSE Security Ratings
- SUSE Bug 1163882
- SUSE Bug 1196435
- SUSE CVE CVE-2019-20044 page
- SUSE CVE CVE-2021-45444 page
Описание
In Zsh before 5.8, attackers able to execute commands can regain privileges dropped by the --no-PRIVILEGED option. Zsh fails to overwrite the saved uid, so the original privileges can be restored by executing MODULE_PATH=/dir/with/module zmodload with a module that calls setuid().
Затронутые продукты
Image SLES15-SP1-Azure-BYOS:zsh-5.6-7.5.1
Image SLES15-SP1-Azure-HPC-BYOS:zsh-5.6-7.5.1
Image SLES15-SP1-SAP-Azure-BYOS:zsh-5.6-7.5.1
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production:zsh-5.6-7.5.1
Ссылки
- CVE-2019-20044
- SUSE Bug 1163882
- SUSE Bug 1200039
- SUSE Bug 1200202
- SUSE Bug 1200209
Описание
In zsh before 5.8.1, an attacker can achieve code execution if they control a command output inside the prompt, as demonstrated by a %F argument. This occurs because of recursive PROMPT_SUBST expansion.
Затронутые продукты
Image SLES15-SP1-Azure-BYOS:zsh-5.6-7.5.1
Image SLES15-SP1-Azure-HPC-BYOS:zsh-5.6-7.5.1
Image SLES15-SP1-SAP-Azure-BYOS:zsh-5.6-7.5.1
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production:zsh-5.6-7.5.1
Ссылки
- CVE-2021-45444
- SUSE Bug 1196435
- SUSE Bug 1199097
- SUSE Bug 1200202