Bugzilla – Bug 1084656
VUL-1: CVE-2018-1071: zsh: Stack-based buffer overflow in exec.c:hashcmd()
Last modified: 2024-05-23 19:28:26 UTC
rh#1553531 zsh through version 5.4.2 is vulnerable to a stack-based buffer overflow in the exec.c:hashcmd() function. A local attacker could exploit this to cause a denial of service. References: https://bugzilla.redhat.com/show_bug.cgi?id=1553531 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1071
Upstream fix: https://github.com/zsh-users/zsh/commit/679b71ec4d852037fe5f73d35bf557b0f406c8d4
SUSE-SU-2018:1072-1: An update that solves 9 vulnerabilities and has one errata is now available. Category: security (important) Bug References: 1082885,1082975,1082977,1082991,1082998,1083002,1083250,1084656,1087026,896914 CVE References: CVE-2014-10070,CVE-2014-10071,CVE-2014-10072,CVE-2016-10714,CVE-2017-18205,CVE-2017-18206,CVE-2018-1071,CVE-2018-1083,CVE-2018-7549 Sources used: SUSE Linux Enterprise Server 12-SP3 (src): zsh-5.0.5-6.7.2 SUSE Linux Enterprise Desktop 12-SP3 (src): zsh-5.0.5-6.7.2
releasing for leap, done
openSUSE-SU-2018:1093-1: An update that solves 9 vulnerabilities and has one errata is now available. Category: security (important) Bug References: 1082885,1082975,1082977,1082991,1082998,1083002,1083250,1084656,1087026,896914 CVE References: CVE-2014-10070,CVE-2014-10071,CVE-2014-10072,CVE-2016-10714,CVE-2017-18205,CVE-2017-18206,CVE-2018-1071,CVE-2018-1083,CVE-2018-7549 Sources used: openSUSE Leap 42.3 (src): zsh-5.0.5-9.3.1
SUSE-SU-2018:1874-1: An update that fixes three vulnerabilities is now available. Category: security (moderate) Bug References: 1084656,1087026,1089030 CVE References: CVE-2018-1071,CVE-2018-1083,CVE-2018-1100 Sources used: SUSE Linux Enterprise Module for Basesystem 15 (src): zsh-5.5-3.3.15
openSUSE-SU-2018:1893-1: An update that fixes three vulnerabilities is now available. Category: security (moderate) Bug References: 1084656,1087026,1089030 CVE References: CVE-2018-1071,CVE-2018-1083,CVE-2018-1100 Sources used: openSUSE Leap 15.0 (src): zsh-5.5-lp150.2.3.1
openSUSE-SU-2018:2966-1: An update that solves 5 vulnerabilities and has four fixes is now available. Category: security (important) Bug References: 1019130,1084656,1087026,1089030,1107294,1107296,900424,934175,998858 CVE References: CVE-2018-0502,CVE-2018-1071,CVE-2018-1083,CVE-2018-1100,CVE-2018-13259 Sources used: openSUSE Leap 42.3 (src): zsh-5.6.2-9.6.1
SUSE-SU-2022:14910-1: An update that fixes 12 vulnerabilities is now available. Category: security (important) Bug References: 1082885,1082975,1082977,1082991,1082998,1083002,1083250,1084656,1087026,1107294,1107296,1163882 CVE References: CVE-2014-10070,CVE-2014-10071,CVE-2014-10072,CVE-2016-10714,CVE-2017-18205,CVE-2017-18206,CVE-2018-0502,CVE-2018-1071,CVE-2018-1083,CVE-2018-13259,CVE-2018-7549,CVE-2019-20044 JIRA References: Sources used: SUSE Linux Enterprise Server 11-SP4-LTSS (src): zsh-4.3.6-67.9.8.1 SUSE Linux Enterprise Point of Sale 11-SP3 (src): zsh-4.3.6-67.9.8.1 SUSE Linux Enterprise Debuginfo 11-SP4 (src): zsh-4.3.6-67.9.8.1 SUSE Linux Enterprise Debuginfo 11-SP3 (src): zsh-4.3.6-67.9.8.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.