Synopsis:          Moderate: zsh security update
Advisory ID:       SLSA-2018:1932-1
Issue Date:        2018-06-19
CVE Numbers:       CVE-2014-10072
                   CVE-2017-18206
                   CVE-2018-1083
                   CVE-2018-1100
--

Security Fix(es):

* zsh: Stack-based buffer overflow in gen_matches_files() at compctl.c
(CVE-2018-1083)

* zsh: buffer overflow when scanning very long directory paths for
symbolic links (CVE-2014-10072)

* zsh: buffer overrun in symlinks (CVE-2017-18206)

* zsh: buffer overflow in utils.c:checkmailpath() can lead to local
arbitrary code execution (CVE-2018-1100)
--

SL6
  x86_64
    zsh-4.3.11-8.el6.x86_64.rpm
    zsh-debuginfo-4.3.11-8.el6.x86_64.rpm
    zsh-html-4.3.11-8.el6.x86_64.rpm
  i386
    zsh-4.3.11-8.el6.i686.rpm
    zsh-debuginfo-4.3.11-8.el6.i686.rpm
    zsh-html-4.3.11-8.el6.i686.rpm

- Scientific Linux Development Team