Gentoo Archives: gentoo-announce

From: "Christopher Díaz Riveros" <chrisadr@g.o>
To: gentoo-announce@l.g.o
Subject: [gentoo-announce] [ GLSA 201805-10 ] Zsh: Multiple vulnerabilities
Date: Sat, 26 May 2018 15:41:33
Message-Id: 1527349216.2509.32.camel@gentoo.org
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 201805-10
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 https://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: Normal
8 Title: Zsh: Multiple vulnerabilities
9 Date: May 26, 2018
10 Bugs: #649614, #651860, #655708
11 ID: 201805-10
12
13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15 Synopsis
16 ========
17
18 Multiple vulnerabilities have been found in Zsh, the worst of which
19 could allow local attackers to execute arbitrary code.
20
21 Background
22 ==========
23
24 A shell designed for interactive use, although it is also a powerful
25 scripting language.
26
27 Affected packages
28 =================
29
30 -------------------------------------------------------------------
31 Package / Vulnerable / Unaffected
32 -------------------------------------------------------------------
33 1 app-shells/zsh < 5.5 >= 5.5
34
35 Description
36 ===========
37
38 Multiple vulnerabilities have been discovered in Zsh. Please review the
39 CVE identifiers referenced below for details.
40
41 Impact
42 ======
43
44 A local attacker could execute arbitrary code, escalate privileges, or
45 cause a Denial of Service condition.
46
47 Workaround
48 ==========
49
50 There is no known workaround at this time.
51
52 Resolution
53 ==========
54
55 All Zsh users should upgrade to the latest version:
56
57 # emerge --sync
58 # emerge --ask --oneshot --verbose ">=app-shells/zsh-5.5"
59
60 References
61 ==========
62
63 [ 1 ] CVE-2017-18205
64 https://nvd.nist.gov/vuln/detail/CVE-2017-18205
65 [ 2 ] CVE-2017-18206
66 https://nvd.nist.gov/vuln/detail/CVE-2017-18206
67 [ 3 ] CVE-2018-1071
68 https://nvd.nist.gov/vuln/detail/CVE-2018-1071
69 [ 4 ] CVE-2018-1083
70 https://nvd.nist.gov/vuln/detail/CVE-2018-1083
71 [ 5 ] CVE-2018-1100
72 https://nvd.nist.gov/vuln/detail/CVE-2018-1100
73 [ 6 ] CVE-2018-7548
74 https://nvd.nist.gov/vuln/detail/CVE-2018-7548
75 [ 7 ] CVE-2018-7549
76 https://nvd.nist.gov/vuln/detail/CVE-2018-7549
77
78 Availability
79 ============
80
81 This GLSA and any updates to it are available for viewing at
82 the Gentoo Security Website:
83
84 https://security.gentoo.org/glsa/201805-10
85
86 Concerns?
87 =========
88
89 Security is a primary focus of Gentoo Linux and ensuring the
90 confidentiality and security of our users' machines is of utmost
91 importance to us. Any security concerns should be addressed to
92 security@g.o or alternatively, you may file a bug at
93 https://bugs.gentoo.org.
94
95 License
96 =======
97
98 Copyright 2018 Gentoo Foundation, Inc; referenced text
99 belongs to its owner(s).
100
101 The contents of this document are licensed under the
102 Creative Commons - Attribution / Share Alike license.
103
104 https://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature