Описание
Security update for zsh
This update for zsh fixes the following issues:
- CVE-2019-20044: Fixed an insecure dropping of privileges when unsetting the PRIVILEGED option (bsc#1163882).
- CVE-2018-13259: Fixed an unexpected truncation of long shebang lines (bsc#1107294).
- CVE-2018-7549: Fixed a crash when an empty hash table (bsc#1082991).
- CVE-2018-1083: Fixed a stack-based buffer overflow when using tab completion on directories with long names (bsc#1087026).
- CVE-2018-1071: Fixed a stack-based buffer overflow when executing certain commands (bsc#1084656).
- CVE-2018-0502: Fixed a mishandling of shebang lines (bsc#1107296).
- CVE-2017-18206: Fixed a buffer overflow related to symlink processing (bsc#1083002).
- CVE-2017-18205: Fixed an application crash when using cd with no arguments (bsc#1082998).
- CVE-2016-10714: Fixed a potential application crash when handling maximum length paths (bsc#1083250).
- CVE-2014-10072: Fixed a buffer overflow when scanning very long directory paths for symbolic links (bsc#1082975).
- CVE-2014-10071: Fixed a buffer overflow when redirecting output to a long file descriptor (bsc#1082977).
- CVE-2014-10070: Fixed a privilege escalation vulnerability via environment variables (bsc#1082885).
Список пакетов
SUSE Linux Enterprise Point of Sale 11 SP3
SUSE Linux Enterprise Server 11 SP4-LTSS
Ссылки
- Link for SUSE-SU-2022:14910-1
- E-Mail link for SUSE-SU-2022:14910-1
- SUSE Security Ratings
- SUSE Bug 1082885
- SUSE Bug 1082975
- SUSE Bug 1082977
- SUSE Bug 1082991
- SUSE Bug 1082998
- SUSE Bug 1083002
- SUSE Bug 1083250
- SUSE Bug 1084656
- SUSE Bug 1087026
- SUSE Bug 1107294
- SUSE Bug 1107296
- SUSE Bug 1163882
- SUSE CVE CVE-2014-10070 page
- SUSE CVE CVE-2014-10071 page
- SUSE CVE CVE-2014-10072 page
- SUSE CVE CVE-2016-10714 page
- SUSE CVE CVE-2017-18205 page
Описание
zsh before 5.0.7 allows evaluation of the initial values of integer variables imported from the environment (instead of treating them as literal numbers). That could allow local privilege escalation, under some specific and atypical conditions where zsh is being invoked in privilege-elevation contexts when the environment has not been properly sanitized, such as when zsh is invoked by sudo on systems where "env_reset" has been disabled.
Затронутые продукты
Ссылки
- CVE-2014-10070
- SUSE Bug 1082885
- SUSE Bug 1200039
- SUSE Bug 1200209
Описание
In exec.c in zsh before 5.0.7, there is a buffer overflow for very long fds in the ">& fd" syntax.
Затронутые продукты
Ссылки
- CVE-2014-10071
- SUSE Bug 1082977
- SUSE Bug 1200039
Описание
In utils.c in zsh before 5.0.6, there is a buffer overflow when scanning very long directory paths for symbolic links.
Затронутые продукты
Ссылки
- CVE-2014-10072
- SUSE Bug 1082975
- SUSE Bug 1200039
Описание
In zsh before 5.3, an off-by-one error resulted in undersized buffers that were intended to support PATH_MAX characters.
Затронутые продукты
Ссылки
- CVE-2016-10714
- SUSE Bug 1083250
- SUSE Bug 1200039
Описание
In builtin.c in zsh before 5.4, when sh compatibility mode is used, there is a NULL pointer dereference during processing of the cd command with no argument if HOME is not set.
Затронутые продукты
Ссылки
- CVE-2017-18205
- SUSE Bug 1082998
- SUSE Bug 1200039
Описание
In utils.c in zsh before 5.4, symlink expansion had a buffer overflow.
Затронутые продукты
Ссылки
- CVE-2017-18206
- SUSE Bug 1083002
- SUSE Bug 1215218
Описание
An issue was discovered in zsh before 5.6. The beginning of a #! script file was mishandled, potentially leading to an execve call to a program named on the second line.
Затронутые продукты
Ссылки
- CVE-2018-0502
- SUSE Bug 1107296
- SUSE Bug 1194009
- SUSE Bug 1194012
- SUSE Bug 1200039
- SUSE Bug 1200209
Описание
zsh through version 5.4.2 is vulnerable to a stack-based buffer overflow in the exec.c:hashcmd() function. A local attacker could exploit this to cause a denial of service.
Затронутые продукты
Ссылки
- CVE-2018-1071
- SUSE Bug 1084656
- SUSE Bug 1200039
Описание
Zsh before version 5.4.2-test-1 is vulnerable to a buffer overflow in the shell autocomplete functionality. A local unprivileged user can create a specially crafted directory path which leads to code execution in the context of the user who tries to use autocomplete to traverse the before mentioned path. If the user affected is privileged, this leads to privilege escalation.
Затронутые продукты
Ссылки
- CVE-2018-1083
- SUSE Bug 1087026
- SUSE Bug 1189668
- SUSE Bug 1200209
Описание
An issue was discovered in zsh before 5.6. Shebang lines exceeding 64 characters were truncated, potentially leading to an execve call to a program name that is a substring of the intended one.
Затронутые продукты
Ссылки
- CVE-2018-13259
- SUSE Bug 1107294
- SUSE Bug 1194009
- SUSE Bug 1194012
- SUSE Bug 1200039
- SUSE Bug 1200209
Описание
In params.c in zsh through 5.4.2, there is a crash during a copy of an empty hash table, as demonstrated by typeset -p.
Затронутые продукты
Ссылки
- CVE-2018-7549
- SUSE Bug 1082991
- SUSE Bug 1200039
Описание
In Zsh before 5.8, attackers able to execute commands can regain privileges dropped by the --no-PRIVILEGED option. Zsh fails to overwrite the saved uid, so the original privileges can be restored by executing MODULE_PATH=/dir/with/module zmodload with a module that calls setuid().
Затронутые продукты
Ссылки
- CVE-2019-20044
- SUSE Bug 1163882
- SUSE Bug 1200039
- SUSE Bug 1200202
- SUSE Bug 1200209