Security update for zsh

Announcement ID:	SUSE-SU-2018:1072-1
Rating:	important
References:	bsc#1082885 bsc#1082975 bsc#1082977 bsc#1082991 bsc#1082998 bsc#1083002 bsc#1083250 bsc#1084656 bsc#1087026 bsc#896914
Cross-References:	CVE-2014-10070 CVE-2014-10071 CVE-2014-10072 CVE-2016-10714 CVE-2017-18205 CVE-2017-18206 CVE-2018-1071 CVE-2018-1083 CVE-2018-7549
CVSS scores:	CVE-2014-10070 ( SUSE ): 8.6 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H CVE-2014-10071 ( SUSE ): 5.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2014-10071 ( NVD ): 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2014-10072 ( SUSE ): 5.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2016-10714 ( SUSE ): 5.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2016-10714 ( NVD ): 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2017-18205 ( SUSE ): 2.5 CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2017-18205 ( NVD ): 8.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2017-18206 ( SUSE ): 5.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2017-18206 ( NVD ): 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2018-1071 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2018-1071 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2018-1071 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2018-1083 ( SUSE ): 7.5 CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H CVE-2018-1083 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2018-7549 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2018-7549 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:	SUSE Linux Enterprise Desktop 12 SP3 SUSE Linux Enterprise High Performance Computing 12 SP3 SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server for SAP Applications 12 SP3

An update that solves nine vulnerabilities and has one security fix can now be installed.

Description:

This update for zsh fixes the following issues:

• CVE-2014-10070: environment variable injection could lead to local privilege escalation (bnc#1082885)

• CVE-2014-10071: buffer overflow in exec.c could lead to denial of service. (bnc#1082977)

• CVE-2014-10072: buffer overflow In utils.c when scanning very long directory paths for symbolic links. (bnc#1082975)

• CVE-2016-10714: In zsh before 5.3, an off-by-one error resulted in undersized buffers that were intended to support PATH_MAX characters. (bnc#1083250)

• CVE-2017-18205: In builtin.c when sh compatibility mode is used, a NULL pointer dereference could lead to denial of service (bnc#1082998)

• CVE-2018-1071: exec.c:hashcmd() function vulnerability could lead to denial of service. (bnc#1084656)

• CVE-2018-1083: Autocomplete vulnerability could lead to privilege escalation. (bnc#1087026)

• CVE-2018-7549: In params.c in zsh through 5.4.2, there is a crash during a copy of an empty hash table, as demonstrated by typeset -p. (bnc#1082991)

• CVE-2017-18206: buffer overrun in xsymlinks could lead to denial of service (bnc#1083002)

• Autocomplete and REPORTTIME broken (bsc#896914)

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Linux Enterprise Desktop 12 SP3
  zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-733=1
• SUSE Linux Enterprise Server 12 SP3
  zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-733=1
• SUSE Linux Enterprise High Performance Computing 12 SP3
  zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-733=1
• SUSE Linux Enterprise Server for SAP Applications 12 SP3
  zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-733=1

Package List:

• SUSE Linux Enterprise Desktop 12 SP3 (x86_64)
  • zsh-debuginfo-5.0.5-6.7.2
  • zsh-5.0.5-6.7.2
  • zsh-debugsource-5.0.5-6.7.2
• SUSE Linux Enterprise Server 12 SP3 (aarch64 ppc64le s390x x86_64)
  • zsh-debuginfo-5.0.5-6.7.2
  • zsh-5.0.5-6.7.2
  • zsh-debugsource-5.0.5-6.7.2
• SUSE Linux Enterprise High Performance Computing 12 SP3 (aarch64 x86_64)
  • zsh-debuginfo-5.0.5-6.7.2
  • zsh-5.0.5-6.7.2
  • zsh-debugsource-5.0.5-6.7.2
• SUSE Linux Enterprise Server for SAP Applications 12 SP3 (ppc64le x86_64)
  • zsh-debuginfo-5.0.5-6.7.2
  • zsh-5.0.5-6.7.2
  • zsh-debugsource-5.0.5-6.7.2

References:

• https://www.suse.com/security/cve/CVE-2014-10070.html
• https://www.suse.com/security/cve/CVE-2014-10071.html
• https://www.suse.com/security/cve/CVE-2014-10072.html
• https://www.suse.com/security/cve/CVE-2016-10714.html
• https://www.suse.com/security/cve/CVE-2017-18205.html
• https://www.suse.com/security/cve/CVE-2017-18206.html
• https://www.suse.com/security/cve/CVE-2018-1071.html
• https://www.suse.com/security/cve/CVE-2018-1083.html
• https://www.suse.com/security/cve/CVE-2018-7549.html
• https://bugzilla.suse.com/show_bug.cgi?id=1082885
• https://bugzilla.suse.com/show_bug.cgi?id=1082975
• https://bugzilla.suse.com/show_bug.cgi?id=1082977
• https://bugzilla.suse.com/show_bug.cgi?id=1082991
• https://bugzilla.suse.com/show_bug.cgi?id=1082998
• https://bugzilla.suse.com/show_bug.cgi?id=1083002
• https://bugzilla.suse.com/show_bug.cgi?id=1083250
• https://bugzilla.suse.com/show_bug.cgi?id=1084656
• https://bugzilla.suse.com/show_bug.cgi?id=1087026
• https://bugzilla.suse.com/show_bug.cgi?id=896914