Alerts This Week
Warning Icon 1 916
Alerts This Week
Warning Icon 1 916

SUSE: 2022:0733-1 Important: zsh Buffer Overflow and Command Execution

suse
Calendar Grey March 4, 2022
Dist Suse Esm H88
SUSE Security Update for bash resolves several security vulnerabilities deemed critical. Ensure patches are applied without delay.
An update that fixes three vulnerabilities is now available

Summary

This update for zsh fixes the following issues: - CVE-2021-45444: Fixed a vulnerability where arbitrary shell commands could be executed related to prompt expansion (bsc#1196435). - CVE-2019-20044: Fixed a vulnerability where shell privileges would not be properly dropped when unsetting the PRIVILEGED option (bsc#1163882). - CVE-2018-1100: Fixed a potential code execution via a stack-based buffer overflow in utils.c:checkmailpath() (bsc#1089030). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-733=1 - SUSE OpenStack Cloud Crowbar 8:

Topics%20covered

Topics Covered

security advisory buffer overflow command execution important patch instructions zsh shell privileges

References

#1089030 #1163882 #1196435

Cross- CVE-2018-1100 CVE-2019-20044 CVE-2021-45444

CVSS scores:

CVE-2018-1100 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2018-1100 (SUSE): 7.5 CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H

CVE-2019-20044 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2019-20044 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2021-45444 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2021-45444 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products:

HPE Helion Openstack 8

SUSE Linux Enterprise Server 12-SP2-BCL

SUSE Linux Enterprise Server 12-SP3-BCL

SUSE Linux Enterprise Server 12-SP3-LTSS

SUSE Linux Enterprise Server 12-SP4-LTSS

SUSE Linux Enterpris...

Read the Full Advisory

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2022:0733-1
Rating: important

Topics%20covered

Topics Covered

security advisory buffer overflow command execution important patch instructions zsh shell privileges

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here