ELSA-2018-1932

ELSA-2018-1932 - zsh security update

Type:SECURITY
Severity:MODERATE
Release Date:2018-06-25

Description


[4.3.11-8]
- fix defects detected by Coverity related to CVE-2017-18206 and CVE-2018-1083

[4.3.11-7]
- fix stack-based buffer overflow in utils.c:checkmailpath() (CVE-2018-1100)
- fix stack-based buffer overflow in gen_matches_files() (CVE-2018-1083)
- fix buffer overrun in xsymlinks (CVE-2017-18206)
- fix buffer overflow when scanning very long path for symlinks (CVE-2014-10072)

[4.3.11-6]
- signal-handling related fixes collected from upstream (#1311166)

[4.3.11-5]
- fix malloc() signal leak in lexsave() (#1267903)


Related CVEs


CVE-2017-18206
CVE-2018-1100
CVE-2014-10072
CVE-2018-1083

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By Advisory
Oracle Linux 6 (i386) zsh-4.3.11-8.el6.src.rpm9557cf7027c6231565e060dc0cf8f67aELSA-2020-0892
zsh-4.3.11-8.el6.i686.rpm3e306cce7e5c410660d3ba4c76e36d58ELSA-2020-0892
zsh-html-4.3.11-8.el6.i686.rpm8cc150a125890bbcbf8663f6a96cfd30ELBA-2018-2897
Oracle Linux 6 (x86_64) zsh-4.3.11-8.el6.src.rpm9557cf7027c6231565e060dc0cf8f67aELSA-2020-0892
zsh-4.3.11-8.el6.x86_64.rpmdadf2725df32eb3fbc61fbd9c40ad35aELSA-2020-0892
zsh-html-4.3.11-8.el6.x86_64.rpm568fa3d749dca6010599244de9f27072ELBA-2018-2897



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete