SUSE-SU-2022:14910-1
- Source
- https://www.suse.com/support/update/announcement/2022/suse-su-202214910-1/
- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2022:14910-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/SUSE-SU-2022:14910-1
- Related
- Published
- 2022-03-14T16:25:48Z
- Modified
- 2022-03-14T16:25:48Z
- Summary
- Security update for zsh
- Details
-
This update for zsh fixes the following issues:
- CVE-2019-20044: Fixed an insecure dropping of privileges when unsetting the PRIVILEGED option (bsc#1163882).
- CVE-2018-13259: Fixed an unexpected truncation of long shebang lines (bsc#1107294).
- CVE-2018-7549: Fixed a crash when an empty hash table (bsc#1082991).
- CVE-2018-1083: Fixed a stack-based buffer overflow when using tab completion on directories with long names (bsc#1087026).
- CVE-2018-1071: Fixed a stack-based buffer overflow when executing certain commands (bsc#1084656).
- CVE-2018-0502: Fixed a mishandling of shebang lines (bsc#1107296).
- CVE-2017-18206: Fixed a buffer overflow related to symlink processing (bsc#1083002).
- CVE-2017-18205: Fixed an application crash when using cd with no arguments (bsc#1082998).
- CVE-2016-10714: Fixed a potential application crash when handling maximum length paths (bsc#1083250).
- CVE-2014-10072: Fixed a buffer overflow when scanning very long directory paths for symbolic links (bsc#1082975).
- CVE-2014-10071: Fixed a buffer overflow when redirecting output to a long file descriptor (bsc#1082977).
- CVE-2014-10070: Fixed a privilege escalation vulnerability via environment variables (bsc#1082885).
- References
-
- https://www.suse.com/support/update/announcement/2022/suse-su-202214910-1/
- https://bugzilla.suse.com/1082885
- https://bugzilla.suse.com/1082975
- https://bugzilla.suse.com/1082977
- https://bugzilla.suse.com/1082991
- https://bugzilla.suse.com/1082998
- https://bugzilla.suse.com/1083002
- https://bugzilla.suse.com/1083250
- https://bugzilla.suse.com/1084656
- https://bugzilla.suse.com/1087026
- https://bugzilla.suse.com/1107294
- https://bugzilla.suse.com/1107296
- https://bugzilla.suse.com/1163882
- https://www.suse.com/security/cve/CVE-2014-10070
- https://www.suse.com/security/cve/CVE-2014-10071
- https://www.suse.com/security/cve/CVE-2014-10072
- https://www.suse.com/security/cve/CVE-2016-10714
- https://www.suse.com/security/cve/CVE-2017-18205
- https://www.suse.com/security/cve/CVE-2017-18206
- https://www.suse.com/security/cve/CVE-2018-0502
- https://www.suse.com/security/cve/CVE-2018-1071
- https://www.suse.com/security/cve/CVE-2018-1083
- https://www.suse.com/security/cve/CVE-2018-13259
- https://www.suse.com/security/cve/CVE-2018-7549
- https://www.suse.com/security/cve/CVE-2019-20044
Affected packages
SUSE:Linux Enterprise Point of Sale 11 SP3 / zsh
Package
- Name
- zsh
- Purl
- pkg:rpm/suse/zsh&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3