Security update for zsh

Announcement ID: SUSE-SU-2018:1072-1
Rating: important
References:
Cross-References:
CVSS scores:
  • CVE-2014-10070 ( SUSE ): 8.6 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
  • CVE-2014-10071 ( SUSE ): 5.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
  • CVE-2014-10071 ( NVD ): 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • CVE-2014-10072 ( SUSE ): 5.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
  • CVE-2016-10714 ( SUSE ): 5.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
  • CVE-2016-10714 ( NVD ): 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • CVE-2017-18205 ( SUSE ): 2.5 CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
  • CVE-2017-18205 ( NVD ): 8.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
  • CVE-2017-18206 ( SUSE ): 5.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
  • CVE-2017-18206 ( NVD ): 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • CVE-2018-1071 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
  • CVE-2018-1071 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2018-1071 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2018-1083 ( SUSE ): 7.5 CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
  • CVE-2018-1083 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2018-7549 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
  • CVE-2018-7549 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
  • SUSE Linux Enterprise Desktop 12 SP3
  • SUSE Linux Enterprise High Performance Computing 12 SP3
  • SUSE Linux Enterprise Server 12 SP3
  • SUSE Linux Enterprise Server for SAP Applications 12 SP3

An update that solves nine vulnerabilities and has one security fix can now be installed.

Description:

This update for zsh fixes the following issues:

  • CVE-2014-10070: environment variable injection could lead to local privilege escalation (bnc#1082885)

  • CVE-2014-10071: buffer overflow in exec.c could lead to denial of service. (bnc#1082977)

  • CVE-2014-10072: buffer overflow In utils.c when scanning very long directory paths for symbolic links. (bnc#1082975)

  • CVE-2016-10714: In zsh before 5.3, an off-by-one error resulted in undersized buffers that were intended to support PATH_MAX characters. (bnc#1083250)

  • CVE-2017-18205: In builtin.c when sh compatibility mode is used, a NULL pointer dereference could lead to denial of service (bnc#1082998)

  • CVE-2018-1071: exec.c:hashcmd() function vulnerability could lead to denial of service. (bnc#1084656)

  • CVE-2018-1083: Autocomplete vulnerability could lead to privilege escalation. (bnc#1087026)

  • CVE-2018-7549: In params.c in zsh through 5.4.2, there is a crash during a copy of an empty hash table, as demonstrated by typeset -p. (bnc#1082991)

  • CVE-2017-18206: buffer overrun in xsymlinks could lead to denial of service (bnc#1083002)

  • Autocomplete and REPORTTIME broken (bsc#896914)

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  • SUSE Linux Enterprise Desktop 12 SP3
    zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-733=1
  • SUSE Linux Enterprise Server 12 SP3
    zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-733=1
  • SUSE Linux Enterprise High Performance Computing 12 SP3
    zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-733=1
  • SUSE Linux Enterprise Server for SAP Applications 12 SP3
    zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-733=1

Package List:

  • SUSE Linux Enterprise Desktop 12 SP3 (x86_64)
    • zsh-debuginfo-5.0.5-6.7.2
    • zsh-5.0.5-6.7.2
    • zsh-debugsource-5.0.5-6.7.2
  • SUSE Linux Enterprise Server 12 SP3 (aarch64 ppc64le s390x x86_64)
    • zsh-debuginfo-5.0.5-6.7.2
    • zsh-5.0.5-6.7.2
    • zsh-debugsource-5.0.5-6.7.2
  • SUSE Linux Enterprise High Performance Computing 12 SP3 (aarch64 x86_64)
    • zsh-debuginfo-5.0.5-6.7.2
    • zsh-5.0.5-6.7.2
    • zsh-debugsource-5.0.5-6.7.2
  • SUSE Linux Enterprise Server for SAP Applications 12 SP3 (ppc64le x86_64)
    • zsh-debuginfo-5.0.5-6.7.2
    • zsh-5.0.5-6.7.2
    • zsh-debugsource-5.0.5-6.7.2

References: