SUSE-SU-2018:1874-1: moderate: Security update for zsh

sle-security-updates at sle-security-updates at
Tue Jul 3 16:10:33 MDT 2018

   SUSE Security Update: Security update for zsh

Announcement ID:    SUSE-SU-2018:1874-1
Rating:             moderate
References:         #1084656 #1087026 #1089030 
Cross-References:   CVE-2018-1071 CVE-2018-1083 CVE-2018-1100
Affected Products:
                    SUSE Linux Enterprise Module for Basesystem 15

   An update that fixes three vulnerabilities is now available.


   This update for zsh to version 5.5 fixes the following issues:

   Security issues fixed:

   - CVE-2018-1100: Fixes a buffer overflow in utils.c:checkmailpath() that
     can lead to local arbitrary code execution (bsc#1089030)
   - CVE-2018-1071: Fixed a stack-based buffer overflow in exec.c:hashcmd()
   - CVE-2018-1083: Fixed a stack-based buffer overflow in
     gen_matches_files() at compctl.c (bsc#1087026)

   Non-security issues fixed:

   - The effect of the NO_INTERACTIVE_COMMENTS option extends into $(...) and
     `...` command substitutions when used on the command line.
   - The 'exec' and 'command' precommand modifiers, and options to them, are
     now parsed after parameter expansion.
   - Functions executed by ZLE widgets no longer have their standard input
     closed, but redirected from /dev/null instead.
   - There is an option WARN_NESTED_VAR, a companion to the existing
     WARN_CREATE_GLOBAL that causes a warning if a function updates a
     variable from an enclosing scope without using typeset -g.
   - zmodload now has an option -s to be silent on a failure to find a module
     but still print other errors.

Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Module for Basesystem 15:

      zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-1268=1

Package List:

   - SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64):



More information about the sle-security-updates mailing list