zsh-5.8-7.7 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:11543-1 Final 1 1 2024-06-15T00:00:00Z current 2024-06-15T00:00:00Z 2024-06-15T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z zsh-5.8-7.7 on GA media These are all security issues fixed in the zsh-5.8-7.7 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-11543 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2018-0502/ SUSE CVE CVE-2018-0502 page https://www.suse.com/security/cve/CVE-2018-1071/ SUSE CVE CVE-2018-1071 page https://www.suse.com/security/cve/CVE-2018-1083/ SUSE CVE CVE-2018-1083 page https://www.suse.com/security/cve/CVE-2018-1100/ SUSE CVE CVE-2018-1100 page https://www.suse.com/security/cve/CVE-2018-13259/ SUSE CVE CVE-2018-13259 page https://www.suse.com/security/cve/CVE-2019-20044/ SUSE CVE CVE-2019-20044 page openSUSE Tumbleweed zsh-5.8-7.7 zsh-htmldoc-5.8-7.7 zsh-5.8-7.7 as a component of openSUSE Tumbleweed zsh-htmldoc-5.8-7.7 as a component of openSUSE Tumbleweed An issue was discovered in zsh before 5.6. The beginning of a #! script file was mishandled, potentially leading to an execve call to a program named on the second line. CVE-2018-0502 openSUSE Tumbleweed:zsh-5.8-7.7 openSUSE Tumbleweed:zsh-htmldoc-5.8-7.7 important 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-0502.html CVE-2018-0502 https://bugzilla.suse.com/1107296 SUSE Bug 1107296 https://bugzilla.suse.com/1194009 SUSE Bug 1194009 https://bugzilla.suse.com/1194012 SUSE Bug 1194012 https://bugzilla.suse.com/1200039 SUSE Bug 1200039 https://bugzilla.suse.com/1200209 SUSE Bug 1200209 zsh through version 5.4.2 is vulnerable to a stack-based buffer overflow in the exec.c:hashcmd() function. A local attacker could exploit this to cause a denial of service. CVE-2018-1071 openSUSE Tumbleweed:zsh-5.8-7.7 openSUSE Tumbleweed:zsh-htmldoc-5.8-7.7 low 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-1071.html CVE-2018-1071 https://bugzilla.suse.com/1084656 SUSE Bug 1084656 https://bugzilla.suse.com/1200039 SUSE Bug 1200039 Zsh before version 5.4.2-test-1 is vulnerable to a buffer overflow in the shell autocomplete functionality. A local unprivileged user can create a specially crafted directory path which leads to code execution in the context of the user who tries to use autocomplete to traverse the before mentioned path. If the user affected is privileged, this leads to privilege escalation. CVE-2018-1083 openSUSE Tumbleweed:zsh-5.8-7.7 openSUSE Tumbleweed:zsh-htmldoc-5.8-7.7 moderate 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-1083.html CVE-2018-1083 https://bugzilla.suse.com/1087026 SUSE Bug 1087026 https://bugzilla.suse.com/1189668 SUSE Bug 1189668 https://bugzilla.suse.com/1200209 SUSE Bug 1200209 zsh through version 5.4.2 is vulnerable to a stack-based buffer overflow in the utils.c:checkmailpath function. A local attacker could exploit this to execute arbitrary code in the context of another user. CVE-2018-1100 openSUSE Tumbleweed:zsh-5.8-7.7 openSUSE Tumbleweed:zsh-htmldoc-5.8-7.7 important 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-1100.html CVE-2018-1100 https://bugzilla.suse.com/1089030 SUSE Bug 1089030 https://bugzilla.suse.com/1189668 SUSE Bug 1189668 An issue was discovered in zsh before 5.6. Shebang lines exceeding 64 characters were truncated, potentially leading to an execve call to a program name that is a substring of the intended one. CVE-2018-13259 openSUSE Tumbleweed:zsh-5.8-7.7 openSUSE Tumbleweed:zsh-htmldoc-5.8-7.7 important 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-13259.html CVE-2018-13259 https://bugzilla.suse.com/1107294 SUSE Bug 1107294 https://bugzilla.suse.com/1194009 SUSE Bug 1194009 https://bugzilla.suse.com/1194012 SUSE Bug 1194012 https://bugzilla.suse.com/1200039 SUSE Bug 1200039 https://bugzilla.suse.com/1200209 SUSE Bug 1200209 In Zsh before 5.8, attackers able to execute commands can regain privileges dropped by the --no-PRIVILEGED option. Zsh fails to overwrite the saved uid, so the original privileges can be restored by executing MODULE_PATH=/dir/with/module zmodload with a module that calls setuid(). CVE-2019-20044 openSUSE Tumbleweed:zsh-5.8-7.7 openSUSE Tumbleweed:zsh-htmldoc-5.8-7.7 moderate 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-20044.html CVE-2019-20044 https://bugzilla.suse.com/1163882 SUSE Bug 1163882 https://bugzilla.suse.com/1200039 SUSE Bug 1200039 https://bugzilla.suse.com/1200202 SUSE Bug 1200202 https://bugzilla.suse.com/1200209 SUSE Bug 1200209