Alerts This Week
Warning Icon 1 687
Alerts This Week
Warning Icon 1 687

openSUSE Leap 42.3 Security Advisory 2018:1093-1 Important Zsh Update

opensuse
Calendar Grey April 27, 2018
Dist Opensuse Esm H88
Fedora issues an important patch for bash, resolving seven vulnerabilities, boosting security measures against numerous threats.
An update that solves 9 vulnerabilities and has one errata is now available.

Description

This update for zsh fixes the following issues:

- CVE-2014-10070: environment variable injection could lead to local

privilege escalation (bnc#1082885)

- CVE-2014-10071: buffer overflow in exec.c could lead to denial of

service. (bnc#1082977)

- CVE-2014-10072: buffer overflow In utils.c when scanning very long

directory paths for symbolic links. (bnc#1082975)

- CVE-2016-10714: In zsh before 5.3, an off-by-one error resulted in

undersized buffers that were intended to support PATH_MAX characters.

(bnc#1083250)

- CVE-2017-18205: In builtin.c when sh compatibility mode is used, a NULL

pointer dereference could lead to denial of service (bnc#1082998)

- CVE-2018-1071: exec.c:hashcmd() function vulnerability could lead to

denial of service. (bnc#1084656)

- CVE-2018-1083: Autocomplete vulnerability could lead to privilege

escalation. (bnc#1087026)

- CVE-2018-7549: In params.c in zsh through 5.4.2, there is a crash during

...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory denial of service privilege escalation critical threat important issue openSUSE Leap zsh update

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.3:

zypper in -t patch openSUSE-2018-399=1

Package List

- openSUSE Leap 42.3 (x86_64):

zsh-5.0.5-9.3.1

zsh-debuginfo-5.0.5-9.3.1

zsh-debugsource-5.0.5-9.3.1

zsh-htmldoc-5.0.5-9.3.1

References

https://www.suse.com/security/cve/CVE-2014-10070.html

https://www.suse.com/security/cve/CVE-2014-10071.html

https://www.suse.com/security/cve/CVE-2014-10072.html

https://www.suse.com/security/cve/CVE-2016-10714.html

https://www.suse.com/security/cve/CVE-2017-18205.html

https://www.suse.com/security/cve/CVE-2017-18206.html

https://www.suse.com/security/cve/CVE-2018-1071.html

https://www.suse.com/security/cve/CVE-2018-1083.html

https://www.suse.com/security/cve/CVE-2018-7549.html

https://bugzilla.suse.com/1082885

https://bugzilla.suse.com/1082975

https://bugzilla.suse.com/1082977

https://bugzilla.suse.com/1082991

https://bugzilla.suse.com/1082998

https://bugzilla.suse.com/1083002

https://bugzilla.suse.com/1083250

https://bugzilla.suse.com/1084656

https://bugzilla.suse.com/1087026

https://bugzilla.suse.com/896914

--

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2018:1093-1
Rating: important
Affected Products: openSUSE Leap 42.3 le.

Topics%20covered

Topics Covered

security advisory denial of service privilege escalation critical threat important issue openSUSE Leap zsh update

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here