Описание
Security update for zsh
This update for zsh fixes the following issues:
- CVE-2014-10070: environment variable injection could lead to local privilege escalation (bnc#1082885)
- CVE-2014-10071: buffer overflow in exec.c could lead to denial of service. (bnc#1082977)
- CVE-2014-10072: buffer overflow In utils.c when scanning very long directory paths for symbolic links. (bnc#1082975)
- CVE-2016-10714: In zsh before 5.3, an off-by-one error resulted in undersized buffers that were intended to support PATH_MAX characters. (bnc#1083250)
- CVE-2017-18205: In builtin.c when sh compatibility mode is used, a NULL pointer dereference could lead to denial of service (bnc#1082998)
- CVE-2018-1071: exec.c:hashcmd() function vulnerability could lead to denial of service. (bnc#1084656)
- CVE-2018-1083: Autocomplete vulnerability could lead to privilege escalation. (bnc#1087026)
- CVE-2018-7549: In params.c in zsh through 5.4.2, there is a crash during a copy of an empty hash table, as demonstrated by typeset -p. (bnc#1082991)
- CVE-2017-18206: buffer overrun in xsymlinks could lead to denial of service (bnc#1083002)
- Autocomplete and REPORTTIME broken (bsc#896914)
This update was imported from the SUSE:SLE-12:Update update project.
Список пакетов
openSUSE Leap 42.3
Ссылки
- E-Mail link for openSUSE-SU-2018:1093-1
- SUSE Security Ratings
Описание
zsh before 5.0.7 allows evaluation of the initial values of integer variables imported from the environment (instead of treating them as literal numbers). That could allow local privilege escalation, under some specific and atypical conditions where zsh is being invoked in privilege-elevation contexts when the environment has not been properly sanitized, such as when zsh is invoked by sudo on systems where "env_reset" has been disabled.
Затронутые продукты
Ссылки
- CVE-2014-10070
- SUSE Bug 1082885
Описание
In exec.c in zsh before 5.0.7, there is a buffer overflow for very long fds in the ">& fd" syntax.
Затронутые продукты
Ссылки
- CVE-2014-10071
- SUSE Bug 1082977
Описание
In utils.c in zsh before 5.0.6, there is a buffer overflow when scanning very long directory paths for symbolic links.
Затронутые продукты
Ссылки
- CVE-2014-10072
- SUSE Bug 1082975
Описание
In zsh before 5.3, an off-by-one error resulted in undersized buffers that were intended to support PATH_MAX characters.
Затронутые продукты
Ссылки
- CVE-2016-10714
- SUSE Bug 1083250
Описание
In builtin.c in zsh before 5.4, when sh compatibility mode is used, there is a NULL pointer dereference during processing of the cd command with no argument if HOME is not set.
Затронутые продукты
Ссылки
- CVE-2017-18205
- SUSE Bug 1082998
Описание
In utils.c in zsh before 5.4, symlink expansion had a buffer overflow.
Затронутые продукты
Ссылки
- CVE-2017-18206
- SUSE Bug 1083002
Описание
zsh through version 5.4.2 is vulnerable to a stack-based buffer overflow in the exec.c:hashcmd() function. A local attacker could exploit this to cause a denial of service.
Затронутые продукты
Ссылки
- CVE-2018-1071
- SUSE Bug 1084656
Описание
Zsh before version 5.4.2-test-1 is vulnerable to a buffer overflow in the shell autocomplete functionality. A local unprivileged user can create a specially crafted directory path which leads to code execution in the context of the user who tries to use autocomplete to traverse the before mentioned path. If the user affected is privileged, this leads to privilege escalation.
Затронутые продукты
Ссылки
- CVE-2018-1083
- SUSE Bug 1087026
Описание
In params.c in zsh through 5.4.2, there is a crash during a copy of an empty hash table, as demonstrated by typeset -p.
Затронутые продукты
Ссылки
- CVE-2018-7549
- SUSE Bug 1082991