CVE-2018-1083 Zsh before version 5.4.2-test-1 is vulnerable to a buffer overflow in the shell autocomplete functionality. A local unprivileged user can create a specially crafted directory path which leads to code execution in the context of the user who tries to use autocomplete to traverse the before mentioned path. If the user affected is privileged, this leads to privilege escalation.
This is not fixed in the upstream 5.4.2 source.
Please set "Package list" field.
(In reply to Rolf Eike Beer from comment #2) > Please set "Package list" field. Rolf, there is no fixed version yet for this, hence no packages can be added to the package list field.
(In reply to Aaron Bauman from comment #3) > (In reply to Rolf Eike Beer from comment #2) > > Please set "Package list" field. > > Rolf, there is no fixed version yet for this, hence no packages can be added > to the package list field. I assume this is fixed in 5.5 which is in the tree now that you could start stabilization for if you wanted to.
(In reply to Tim Harder from comment #4) > (In reply to Aaron Bauman from comment #3) > > (In reply to Rolf Eike Beer from comment #2) > > > Please set "Package list" field. > > > > Rolf, there is no fixed version yet for this, hence no packages can be added > > to the package list field. > > I assume this is fixed in 5.5 which is in the tree now that you could start > stabilization for if you wanted to. Thanks for the bump, Tim! It does indeed contain the fix. @arches, please stabilize.
Stable on alpha.
amd64 stable
x86 stable
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bf003d922e7fab0ed4b5a032fc02ef97cab5e9f3 commit bf003d922e7fab0ed4b5a032fc02ef97cab5e9f3 Author: Rolf Eike Beer <eike@sf-mail.de> AuthorDate: 2018-04-11 21:10:31 +0000 Commit: Sergei Trofimovich <slyfox@gentoo.org> CommitDate: 2018-04-11 21:21:52 +0000 app-shells/zsh: stable 5.5 for sparc Bug: https://bugs.gentoo.org/651860 Package-Manager: Portage-2.3.24, Repoman-2.3.6 RepoMan-Options: --include-arches="sparc" app-shells/zsh/zsh-5.5.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)}
arm64 stable
commit 27df19524709fde3007fdd527e1692e6a95fb158 Author: Jeroen Roovers <jer@gentoo.org> Date: Thu Apr 12 13:08:58 2018 +0200 app-shells/zsh: Stable for HPPA too.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=031aadc8a6caff6a4699bdd6d56bb462df61bc22 commit 031aadc8a6caff6a4699bdd6d56bb462df61bc22 Author: Sergei Trofimovich <slyfox@gentoo.org> AuthorDate: 2018-04-16 20:55:53 +0000 Commit: Sergei Trofimovich <slyfox@gentoo.org> CommitDate: 2018-04-16 21:02:59 +0000 app-shells/zsh: stable 5.5 for ia64, bug #651860 Bug: https://bugs.gentoo.org/651860 Package-Manager: Portage-2.3.28, Repoman-2.3.9 RepoMan-Options: --include-arches="ia64" app-shells/zsh/zsh-5.5.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)}
arm stable
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6d82e71cf188caa351fd4d4864ef12791be71796 commit 6d82e71cf188caa351fd4d4864ef12791be71796 Author: Sergei Trofimovich <slyfox@gentoo.org> AuthorDate: 2018-04-20 21:26:42 +0000 Commit: Sergei Trofimovich <slyfox@gentoo.org> CommitDate: 2018-04-20 21:27:33 +0000 app-shells/zsh: stable 5.5 for ppc64, bug #651860 Bug: https://bugs.gentoo.org/651860 Package-Manager: Portage-2.3.28, Repoman-2.3.9 RepoMan-Options: --include-arches="ppc64" app-shells/zsh/zsh-5.5.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)}
ppc All tests with USE="-unicode" fail (see bug #653704), and rdep mercurial fails (see bug #608720). # cat zsh-651860.report USE tests started on Sa 21. Apr 13:04:07 CEST 2018 USE='caps doc examples -gdbm maildir -pcre -static -unicode' failed for =app-shells/zsh-5.5 USE='caps -doc -examples -gdbm -maildir pcre -static -unicode' failed for =app-shells/zsh-5.5 USE='-caps doc -examples -gdbm -maildir pcre -static -unicode' failed for =app-shells/zsh-5.5 USE='-caps doc examples -gdbm -maildir pcre -static -unicode' failed for =app-shells/zsh-5.5 USE='caps -doc -examples gdbm -maildir -pcre static -unicode' failed for =app-shells/zsh-5.5 USE='caps doc examples -gdbm -maildir pcre static -unicode' failed for =app-shells/zsh-5.5 USE='caps doc examples gdbm -maildir -pcre -static unicode' succeeded for =app-shells/zsh-5.5 USE='caps doc examples -gdbm maildir -pcre -static unicode' succeeded for =app-shells/zsh-5.5 USE='-caps doc -examples -gdbm -maildir pcre -static unicode' succeeded for =app-shells/zsh-5.5 USE='caps -doc -examples gdbm -maildir pcre -static unicode' succeeded for =app-shells/zsh-5.5 USE='-caps -doc examples gdbm -maildir pcre -static unicode' succeeded for =app-shells/zsh-5.5 USE='-caps doc examples -gdbm maildir -pcre static unicode' succeeded for =app-shells/zsh-5.5 FEATURES= test succeeded for =app-shells/zsh-5.5 revdep tests started on Sa 21. Apr 17:24:30 CEST 2018 FEATURES= test USE='' succeeded for app-shells/gentoo-zsh-completions FEATURES= test USE='zsh-completion' succeeded for dev-util/ninja USE='zsh-completion' FEATURES=' test' failed for dev-vcs/mercurial FEATURES= test USE='' succeeded for x11-misc/viewglob
ppc stable
GLSA request filed @maintainer(s), please clean.
This issue was resolved and addressed in GLSA 201805-10 at https://security.gentoo.org/glsa/201805-10 by GLSA coordinator Christopher Diaz Riveros (chrisadr).
Re-open for cleanup. Thanks.
@maintainer(s), please clean vulnerable.
@maintainer(s), please clean vulnerable. Michael Boyle Security Padawan
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e544d4c60f846622daf1fffde0fede19dee03a7e commit e544d4c60f846622daf1fffde0fede19dee03a7e Author: Lars Wendler <polynomial-c@gentoo.org> AuthorDate: 2018-07-02 07:47:58 +0000 Commit: Lars Wendler <polynomial-c@gentoo.org> CommitDate: 2018-07-02 07:48:21 +0000 app-shells/zsh: Security cleanup. Bug: https://bugs.gentoo.org/651860 Package-Manager: Portage-2.3.41, Repoman-2.3.9 app-shells/zsh/Manifest | 4 - app-shells/zsh/files/zprofile-1 | 42 ------- app-shells/zsh/files/zprofile-2 | 41 ------- app-shells/zsh/zsh-5.3.1.ebuild | 217 ------------------------------------- app-shells/zsh/zsh-5.4.2-r1.ebuild | 211 ------------------------------------ 5 files changed, 515 deletions(-)
Everything done, thank you all.
