SCIENTIFIC-LINUX-ERRATA Archives

July 2018

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Condense Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Content-Type:
text/plain; charset="utf-8"
Date:
Mon, 2 Jul 2018 18:39:47 -0000
Reply-To:
[log in to unmask]
Subject:
Security ERRATA Moderate: zsh on SL6.x i386/x86_64
MIME-Version:
1.0
Message-ID:
<[log in to unmask]>
Content-Transfer-Encoding:
7bit
Sender:
Security Errata for Scientific Linux <[log in to unmask]>
From:
Scott Reid <[log in to unmask]>
Parts/Attachments:
text/plain (35 lines) 
Synopsis:          Moderate: zsh security update
Advisory ID:       SLSA-2018:1932-1
Issue Date:        2018-06-19
CVE Numbers:       CVE-2014-10072
                   CVE-2017-18206
                   CVE-2018-1083
                   CVE-2018-1100
--

Security Fix(es):

* zsh: Stack-based buffer overflow in gen_matches_files() at compctl.c
(CVE-2018-1083)

* zsh: buffer overflow when scanning very long directory paths for
symbolic links (CVE-2014-10072)

* zsh: buffer overrun in symlinks (CVE-2017-18206)

* zsh: buffer overflow in utils.c:checkmailpath() can lead to local
arbitrary code execution (CVE-2018-1100)
--

SL6
  x86_64
    zsh-4.3.11-8.el6.x86_64.rpm
    zsh-debuginfo-4.3.11-8.el6.x86_64.rpm
    zsh-html-4.3.11-8.el6.x86_64.rpm
  i386
    zsh-4.3.11-8.el6.i686.rpm
    zsh-debuginfo-4.3.11-8.el6.i686.rpm
    zsh-html-4.3.11-8.el6.i686.rpm

- Scientific Linux Development Team

ATOM RSS1 RSS2