Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP1:Update
patchinfo.7007
_patchinfo
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _patchinfo of Package patchinfo.7007
<patchinfo incident="7007"> <issue id="896914" tracker="bnc">zsh completion and REPORTTIME broken</issue> <issue id="1083002" tracker="bnc">VUL-0: CVE-2017-18206: zsh: buffer overrun in xsymlinks</issue> <issue id="1082885" tracker="bnc">VUL-0: CVE-2014-10070: zsh: privilege escalation via environment variables</issue> <issue id="1082977" tracker="bnc">VUL-0: CVE-2014-10071: zsh: buffer overflow for very long fds in >& fd syntax</issue> <issue id="1082975" tracker="bnc">VUL-0: CVE-2014-10072: zsh: buffer overflow when scanning very long directory paths for symbolic links</issue> <issue id="1083250" tracker="bnc">VUL-0: CVE-2016-10714: zsh: Off-by-one error resulted in undersized buffers that were intended to support PATH_MAX characters.</issue> <issue id="1082998" tracker="bnc">VUL-1: CVE-2017-18205: zsh: null dereference on cd with no argument if HOME is not set</issue> <issue id="1084656" tracker="bnc">VUL-1: CVE-2018-1071: zsh: Stack-based buffer overflow in exec.c:hashcmd()</issue> <issue id="1087026" tracker="bnc">VUL-0: CVE-2018-1083 zsh: Stack-based buffer overflow in gen_matches_files() at compctl.c</issue> <issue id="1082991" tracker="bnc">VUL-1: CVE-2018-7549: zsh: crash copying empty hash table</issue> <issue id="2017-18205" tracker="cve" /> <issue id="2014-10070" tracker="cve" /> <issue id="2014-10071" tracker="cve" /> <issue id="2014-10072" tracker="cve" /> <issue id="2016-10714" tracker="cve" /> <issue id="2018-1071" tracker="cve" /> <issue id="2018-7549" tracker="cve" /> <issue id="2018-1083" tracker="cve" /> <issue id="2017-18206" tracker="cve" /> <category>security</category> <rating>important</rating> <packager>namtrac</packager> <description>This update for zsh fixes the following issues: - CVE-2014-10070: environment variable injection could lead to local privilege escalation (bnc#1082885) - CVE-2014-10071: buffer overflow in exec.c could lead to denial of service. (bnc#1082977) - CVE-2014-10072: buffer overflow In utils.c when scanning very long directory paths for symbolic links. (bnc#1082975) - CVE-2016-10714: In zsh before 5.3, an off-by-one error resulted in undersized buffers that were intended to support PATH_MAX characters. (bnc#1083250) - CVE-2017-18205: In builtin.c when sh compatibility mode is used, a NULL pointer dereference could lead to denial of service (bnc#1082998) - CVE-2018-1071: exec.c:hashcmd() function vulnerability could lead to denial of service. (bnc#1084656) - CVE-2018-1083: Autocomplete vulnerability could lead to privilege escalation. (bnc#1087026) - CVE-2018-7549: In params.c in zsh through 5.4.2, there is a crash during a copy of an empty hash table, as demonstrated by typeset -p. (bnc#1082991) - CVE-2017-18206: buffer overrun in xsymlinks could lead to denial of service (bnc#1083002) - Autocomplete and REPORTTIME broken (bsc#896914) </description> <summary>Security update for zsh</summary> </patchinfo>
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor