ELSA-2018-3073 - zsh security and bug fix update
| Type: | SECURITY |
| Severity: | MODERATE |
| Release Date: | 2018-11-05 |
Description
[5.0.2-31]
- fix defects detected by Coverity related to CVE-2017-18206 and CVE-2018-1083
[5.0.2-30]
- fix stack-based buffer overflow in utils.c:checkmailpath() (CVE-2018-1100)
- fix stack-based buffer overflow in gen_matches_files() (CVE-2018-1083)
- fix stack-based buffer overflow in exec.c:hashcmd() (CVE-2018-1071)
- avoid crash when copying empty hash table (CVE-2018-7549)
- fix buffer overrun in xsymlinks (CVE-2017-18206)
- fix NULL dereference in cd (CVE-2017-18205)
- fix buffer overflow when scanning very long path for symlinks (CVE-2014-10072)
- fix buffer overflow for very long fds in >& fd syntax (CVE-2014-10071)
[5.0.2-29]
- fix crash while inputting long multi-line strings (#1492595)
Related CVEs
Updated Packages
| Release/Architecture | Filename | MD5sum | Superseded By Advisory |
|
| Oracle Linux 7 (aarch64) | zsh-5.0.2-31.el7.src.rpm | 0e068e70c3268f3a4df5fa8d1529ce7e | ELBA-2020-1206 |
| zsh-5.0.2-31.el7.aarch64.rpm | 8ebfd9146f9b41accd1e9a2b4e4d352b | ELBA-2020-1206 |
| zsh-html-5.0.2-31.el7.aarch64.rpm | c95b5de0fae9d44714a033c0d7545656 | ELBA-2020-1206 |
|
| Oracle Linux 7 (x86_64) | zsh-5.0.2-31.el7.src.rpm | 0e068e70c3268f3a4df5fa8d1529ce7e | ELBA-2020-1206 |
| zsh-5.0.2-31.el7.x86_64.rpm | 2eec7b80445e81360ce86854ccff62e0 | ELBA-2020-1206 |
| zsh-html-5.0.2-31.el7.x86_64.rpm | 6240e4f318fb736245c8a4cac62aba57 | ELBA-2020-1206 |
This page is generated automatically and has not been checked for errors or omissions. For clarification
or corrections please contact the Oracle Linux ULN team
