Detections
Analytics

openSUSE Security Update : zsh (openSUSE-2018-399)

critical Nessus Plugin ID 109384

Language:

Synopsis

The remote openSUSE host is missing a security update.

Description

This update for zsh fixes the following issues :

 - CVE-2014-10070: environment variable injection could lead to local privilege escalation (bnc#1082885)

 - CVE-2014-10071: buffer overflow in exec.c could lead to denial of service. (bnc#1082977)

 - CVE-2014-10072: buffer overflow In utils.c when scanning very long directory paths for symbolic links.
 (bnc#1082975)

 - CVE-2016-10714: In zsh before 5.3, an off-by-one error resulted in undersized buffers that were intended to support PATH_MAX characters. (bnc#1083250)

 - CVE-2017-18205: In builtin.c when sh compatibility mode is used, a NULL pointer dereference could lead to denial of service (bnc#1082998)

 - CVE-2018-1071: exec.c:hashcmd() function vulnerability could lead to denial of service. (bnc#1084656)

 - CVE-2018-1083: Autocomplete vulnerability could lead to privilege escalation. (bnc#1087026)

 - CVE-2018-7549: In params.c in zsh through 5.4.2, there is a crash during a copy of an empty hash table, as demonstrated by typeset -p. (bnc#1082991)

 - CVE-2017-18206: buffer overrun in xsymlinks could lead to denial of service (bnc#1083002)

 - Autocomplete and REPORTTIME broken (bsc#896914)

This update was imported from the SUSE:SLE-12:Update update project.

Solution

Update the affected zsh packages.

See Also

https://bugzilla.opensuse.org/show_bug.cgi?id=1082885

https://bugzilla.opensuse.org/show_bug.cgi?id=1082975

https://bugzilla.opensuse.org/show_bug.cgi?id=1082977

https://bugzilla.opensuse.org/show_bug.cgi?id=1082991

https://bugzilla.opensuse.org/show_bug.cgi?id=1082998

https://bugzilla.opensuse.org/show_bug.cgi?id=1083002

https://bugzilla.opensuse.org/show_bug.cgi?id=1083250

https://bugzilla.opensuse.org/show_bug.cgi?id=1084656

https://bugzilla.opensuse.org/show_bug.cgi?id=1087026

https://bugzilla.opensuse.org/show_bug.cgi?id=896914

Plugin Details

Severity: Critical

ID: 109384

File Name: openSUSE-2018-399.nasl

Version: 1.4

Type: local

Agent: unix

Published: 4/27/2018

Updated: 10/22/2024

Supported Sensors: Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2017-18206

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:zsh, p-cpe:/a:novell:opensuse:zsh-debugsource, p-cpe:/a:novell:opensuse:zsh-debuginfo, p-cpe:/a:novell:opensuse:zsh-htmldoc, cpe:/o:novell:opensuse:42.3

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Exploit Ease: No known exploits are available

Patch Publication Date: 4/26/2018

Reference Information

CVE: CVE-2014-10070, CVE-2014-10071, CVE-2014-10072, CVE-2016-10714, CVE-2017-18205, CVE-2017-18206, CVE-2018-1071, CVE-2018-1083, CVE-2018-7549