Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Fedora 27 FEDORA-2018-ac1d9c2777 Critical: Zsh Buffer Overflow Fix

fedora
Calendar Grey May 5, 2018
Dist Fedora Esm H88
Patch addresses heap overflow vulnerabilities in zsh for Fedora 27, improving security protocols with essential updates.
- fix stack-based buffer overflow in utils.c:checkmailpath() (CVE-2018-1100) - fix stack-based buffer overflow in gen_matches_files() (CVE-2018-1083) - fix stack-based buffer overf...

Summary

The zsh shell is a command interpreter usable as an interactive login

shell and as a shell script command processor. Zsh resembles the ksh

shell (the Korn shell), but includes many enhancements. Zsh supports

command line editing, built-in spelling correction, programmable

command completion, shell functions (with autoloading), a history

mechanism, and more.

- fix stack-based buffer overflow in utils.c:checkmailpath() (CVE-2018-1100) -fix stack-based buffer overflow in gen_matches_files() (CVE-2018-1083) - fix

stack-based buffer overflow in exec.c:hashcmd() (CVE-2018-1071)

* Wed Apr 18 2018 Kamil Dudka - 5.4.1-3

- fix stack-based buffer overflow in utils.c:checkmailpath() (CVE-2018-1100)

- fix stack-based buffer overflow in gen_matches_files() (CVE-2018-1083)

- fix stack-based buffer overflow in exec.c:hashcmd() (CVE-2018-1071)

* Tue Mar 6 2018 Kamil Dudka - 5.4.1-2

- avoid crash when copying empty hash table (CVE-2018-7549)

- avoid NULL dereference when using ${(PA)...} on an empty array (CVE-2018-7548)

[ 1 ] Bug #1563396 - CVE-2018-1100 zsh: buffer overflow in utils.c:checkmailpath() can lead to local arbitrary code execution [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1563396

[ 2 ] Bug #1560696 - CVE-2018-1083 zsh: Stack-based buffer overflow in gen_matches_files() at compctl.c [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1560696

[ 3 ] Bug #1553533 - CVE-2018-1071 zsh: Stack-based buffer overflow in exec.c:hashcmd() [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1553533

su -c 'dnf upgrade --advisory FEDORA-2018-ac1d9c2777' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Topics%20covered

Topics Covered

security advisory fedora buffer overflow critical software update exploit risk zsh

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora 27
Version: 5.4.1
Release: 3.fc27
URL: https://zsh.sourceforge.io/
Summary: Powerful interactive shell

Topics%20covered

Topics Covered

security advisory fedora buffer overflow critical software update exploit risk zsh

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here