Summary: | <app-shells/zsh-5.4.2: multiple vulnerabilities | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | polynomial-c, radhermit |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B3 [glsa+ cve] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 651860 | ||
Bug Blocks: |
Description
Agostino Sarubbo
2018-03-05 09:19:29 UTC
CVE-2018-7549 (https://nvd.nist.gov/vuln/detail/CVE-2018-7549): In params.c in zsh through 5.4.2, there is a crash during a copy of an empty hash table, as demonstrated by typeset -p. CVE-2018-7548 (https://nvd.nist.gov/vuln/detail/CVE-2018-7548): In subst.c in zsh through 5.4.2, there is a NULL pointer dereference when using ${(PA)...} on an empty array result. CVE-2018-1071 (https://nvd.nist.gov/vuln/detail/CVE-2018-1071): zsh through version 5.4.2 is vulnerable to a stack-based buffer overflow in the exec.c:hashcmd() function. A local attacker could exploit this to cause a denial of service. CVE-2017-18206 (https://nvd.nist.gov/vuln/detail/CVE-2017-18206): In utils.c in zsh before 5.4, symlink expansion had a buffer overflow. CVE-2017-18205 (https://nvd.nist.gov/vuln/detail/CVE-2017-18205): In builtin.c in zsh before 5.4, when sh compatibility mode is used, there is a NULL pointer dereference during processing of the cd command with no argument if HOME is not set. This issue was resolved and addressed in GLSA 201805-10 at https://security.gentoo.org/glsa/201805-10 by GLSA coordinator Christopher Diaz Riveros (chrisadr). |