Issued:
2018-10-30
Updated:
2018-10-30

RHSA-2018:3073 - Security Advisory

Synopsis

Moderate: zsh security and bug fix update

Type/Severity

Security Advisory: Moderate

Topic

An update for zsh is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The zsh shell is a command interpreter usable as an interactive login shell and as a shell script command processor. Zsh resembles the ksh shell (the Korn shell), but includes many enhancements. Zsh supports command-line editing, built-in spelling correction, programmable command completion, shell functions (with autoloading), a history mechanism, and more.

Security Fix(es):

  • zsh: Stack-based buffer overflow in gen_matches_files() at compctl.c (CVE-2018-1083)
  • zsh: buffer overflow for very long fds in >& fd syntax (CVE-2014-10071)
  • zsh: buffer overflow when scanning very long directory paths for symbolic links (CVE-2014-10072)
  • zsh: NULL dereference in cd in sh compatibility mode under given circumstances (CVE-2017-18205)
  • zsh: buffer overrun in symlinks (CVE-2017-18206)
  • zsh: Stack-based buffer overflow in exec.c:hashcmd() (CVE-2018-1071)
  • zsh: buffer overflow in utils.c:checkmailpath() can lead to local arbitrary code execution (CVE-2018-1100)
  • zsh: crash on copying empty hash table (CVE-2018-7549)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

The CVE-2018-1083, CVE-2018-1071, and CVE-2018-1100 issues were discovered by Richard Maciel Costa (Red Hat).

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux Server 7 x86_64
  • Red Hat Enterprise Linux Workstation 7 x86_64
  • Red Hat Enterprise Linux Desktop 7 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 7 s390x
  • Red Hat Enterprise Linux for Power, big endian 7 ppc64
  • Red Hat Enterprise Linux for Scientific Computing 7 x86_64
  • Red Hat Enterprise Linux for Power, little endian 7 ppc64le
  • Red Hat Enterprise Linux for ARM 64 7 aarch64
  • Red Hat Enterprise Linux for Power 9 7 ppc64le
  • Red Hat Enterprise Linux for IBM System z (Structure A) 7 s390x

Fixes

  • BZ - 1549836 - CVE-2014-10072 zsh: buffer overflow when scanning very long directory paths for symbolic links
  • BZ - 1549855 - CVE-2014-10071 zsh: buffer overflow for very long fds in >& fd syntax
  • BZ - 1549858 - CVE-2018-7549 zsh: crash on copying empty hash table
  • BZ - 1549861 - CVE-2017-18206 zsh: buffer overrun in symlinks
  • BZ - 1549862 - CVE-2017-18205 zsh: NULL dereference in cd in sh compatibility mode under given circumstances
  • BZ - 1553531 - CVE-2018-1071 zsh: Stack-based buffer overflow in exec.c:hashcmd()
  • BZ - 1557382 - CVE-2018-1083 zsh: Stack-based buffer overflow in gen_matches_files() at compctl.c
  • BZ - 1563395 - CVE-2018-1100 zsh: buffer overflow in utils.c:checkmailpath() can lead to local arbitrary code execution

CVEs

References

Red Hat Enterprise Linux Server 7

SRPM
zsh-5.0.2-31.el7.src.rpm SHA-256: 08120a99d3b0947866173c80fc00742bf71c115fe7a9e96041bd5223f33bd24b
x86_64
zsh-5.0.2-31.el7.x86_64.rpm SHA-256: 2cf2e20690699967f7cfad8c1f0a7f90d89d59356276741aa0e4d765e6f059c9
zsh-debuginfo-5.0.2-31.el7.x86_64.rpm SHA-256: 079bdf551a927b782647841f1d7ec316b32c99292d032681f4dce04d64e94b01
zsh-debuginfo-5.0.2-31.el7.x86_64.rpm SHA-256: 079bdf551a927b782647841f1d7ec316b32c99292d032681f4dce04d64e94b01
zsh-html-5.0.2-31.el7.x86_64.rpm SHA-256: 7b7a33a2e2fe2e3c5c6e95a340c8096b12a824202c6631caef0adfd711b0f8aa

Red Hat Enterprise Linux Workstation 7

SRPM
zsh-5.0.2-31.el7.src.rpm SHA-256: 08120a99d3b0947866173c80fc00742bf71c115fe7a9e96041bd5223f33bd24b
x86_64
zsh-5.0.2-31.el7.x86_64.rpm SHA-256: 2cf2e20690699967f7cfad8c1f0a7f90d89d59356276741aa0e4d765e6f059c9
zsh-debuginfo-5.0.2-31.el7.x86_64.rpm SHA-256: 079bdf551a927b782647841f1d7ec316b32c99292d032681f4dce04d64e94b01
zsh-debuginfo-5.0.2-31.el7.x86_64.rpm SHA-256: 079bdf551a927b782647841f1d7ec316b32c99292d032681f4dce04d64e94b01
zsh-html-5.0.2-31.el7.x86_64.rpm SHA-256: 7b7a33a2e2fe2e3c5c6e95a340c8096b12a824202c6631caef0adfd711b0f8aa

Red Hat Enterprise Linux Desktop 7

SRPM
zsh-5.0.2-31.el7.src.rpm SHA-256: 08120a99d3b0947866173c80fc00742bf71c115fe7a9e96041bd5223f33bd24b
x86_64
zsh-5.0.2-31.el7.x86_64.rpm SHA-256: 2cf2e20690699967f7cfad8c1f0a7f90d89d59356276741aa0e4d765e6f059c9
zsh-debuginfo-5.0.2-31.el7.x86_64.rpm SHA-256: 079bdf551a927b782647841f1d7ec316b32c99292d032681f4dce04d64e94b01
zsh-debuginfo-5.0.2-31.el7.x86_64.rpm SHA-256: 079bdf551a927b782647841f1d7ec316b32c99292d032681f4dce04d64e94b01
zsh-html-5.0.2-31.el7.x86_64.rpm SHA-256: 7b7a33a2e2fe2e3c5c6e95a340c8096b12a824202c6631caef0adfd711b0f8aa

Red Hat Enterprise Linux for IBM z Systems 7

SRPM
zsh-5.0.2-31.el7.src.rpm SHA-256: 08120a99d3b0947866173c80fc00742bf71c115fe7a9e96041bd5223f33bd24b
s390x
zsh-5.0.2-31.el7.s390x.rpm SHA-256: bae201dc75805dc8c4ad4a0aa55dd39a941e5055b22cea76cafba3bc53a15a07
zsh-debuginfo-5.0.2-31.el7.s390x.rpm SHA-256: ac87f2151ce0fb12e5ef10bc91f57a1ae8bc2683569bf19e6cd4928280c7644d
zsh-debuginfo-5.0.2-31.el7.s390x.rpm SHA-256: ac87f2151ce0fb12e5ef10bc91f57a1ae8bc2683569bf19e6cd4928280c7644d
zsh-html-5.0.2-31.el7.s390x.rpm SHA-256: 8a4f862e088b2a5ae34b74619faac58a79e8d8c164ed44827c2213edfc7d7486

Red Hat Enterprise Linux for Power, big endian 7

SRPM
zsh-5.0.2-31.el7.src.rpm SHA-256: 08120a99d3b0947866173c80fc00742bf71c115fe7a9e96041bd5223f33bd24b
ppc64
zsh-5.0.2-31.el7.ppc64.rpm SHA-256: 78be33f032fd942ae334950c4a275dd485ace1a5b95c8561c6c42f887c37a896
zsh-debuginfo-5.0.2-31.el7.ppc64.rpm SHA-256: 5ac5a1a22266f9c305f47e39f1bda488382019c2691a712e7bb0014627b0b9f7
zsh-debuginfo-5.0.2-31.el7.ppc64.rpm SHA-256: 5ac5a1a22266f9c305f47e39f1bda488382019c2691a712e7bb0014627b0b9f7
zsh-html-5.0.2-31.el7.ppc64.rpm SHA-256: b3b2c1db6de26d459c266608084f9f1b31c4a165a51d62b135a55cffe13349e0

Red Hat Enterprise Linux for Scientific Computing 7

SRPM
zsh-5.0.2-31.el7.src.rpm SHA-256: 08120a99d3b0947866173c80fc00742bf71c115fe7a9e96041bd5223f33bd24b
x86_64
zsh-5.0.2-31.el7.x86_64.rpm SHA-256: 2cf2e20690699967f7cfad8c1f0a7f90d89d59356276741aa0e4d765e6f059c9
zsh-debuginfo-5.0.2-31.el7.x86_64.rpm SHA-256: 079bdf551a927b782647841f1d7ec316b32c99292d032681f4dce04d64e94b01
zsh-debuginfo-5.0.2-31.el7.x86_64.rpm SHA-256: 079bdf551a927b782647841f1d7ec316b32c99292d032681f4dce04d64e94b01
zsh-html-5.0.2-31.el7.x86_64.rpm SHA-256: 7b7a33a2e2fe2e3c5c6e95a340c8096b12a824202c6631caef0adfd711b0f8aa

Red Hat Enterprise Linux for Power, little endian 7

SRPM
zsh-5.0.2-31.el7.src.rpm SHA-256: 08120a99d3b0947866173c80fc00742bf71c115fe7a9e96041bd5223f33bd24b
ppc64le
zsh-5.0.2-31.el7.ppc64le.rpm SHA-256: 1120300c8624351ca3cb9b5085df6dd0224aaa92b9ceb12036f4e3cff49dd617
zsh-debuginfo-5.0.2-31.el7.ppc64le.rpm SHA-256: 589c8bc37084cb69df2ebaf56756f949ab79ee38f61013f6f8d0eb7fad98a8bf
zsh-debuginfo-5.0.2-31.el7.ppc64le.rpm SHA-256: 589c8bc37084cb69df2ebaf56756f949ab79ee38f61013f6f8d0eb7fad98a8bf
zsh-html-5.0.2-31.el7.ppc64le.rpm SHA-256: 995e16677f18aedd2d2bec1408cd84fe8646bb582380c915b074938b149bac6e

Red Hat Enterprise Linux for ARM 64 7

SRPM
zsh-5.0.2-31.el7.src.rpm SHA-256: 08120a99d3b0947866173c80fc00742bf71c115fe7a9e96041bd5223f33bd24b
aarch64
zsh-5.0.2-31.el7.aarch64.rpm SHA-256: fcf1b888bda4933070ac8825006a1eaebc4aca8c5c9a7eda40673d079246d4b1
zsh-5.0.2-31.el7.aarch64.rpm SHA-256: fcf1b888bda4933070ac8825006a1eaebc4aca8c5c9a7eda40673d079246d4b1
zsh-5.0.2-31.el7.aarch64.rpm SHA-256: fcf1b888bda4933070ac8825006a1eaebc4aca8c5c9a7eda40673d079246d4b1
zsh-debuginfo-5.0.2-31.el7.aarch64.rpm SHA-256: 4f9802022a2a269cf96025cdb82ccbb5af0fb0809f3563d63d3330b60ca71aba
zsh-debuginfo-5.0.2-31.el7.aarch64.rpm SHA-256: 4f9802022a2a269cf96025cdb82ccbb5af0fb0809f3563d63d3330b60ca71aba
zsh-debuginfo-5.0.2-31.el7.aarch64.rpm SHA-256: 4f9802022a2a269cf96025cdb82ccbb5af0fb0809f3563d63d3330b60ca71aba
zsh-debuginfo-5.0.2-31.el7.aarch64.rpm SHA-256: 4f9802022a2a269cf96025cdb82ccbb5af0fb0809f3563d63d3330b60ca71aba
zsh-debuginfo-5.0.2-31.el7.aarch64.rpm SHA-256: 4f9802022a2a269cf96025cdb82ccbb5af0fb0809f3563d63d3330b60ca71aba
zsh-debuginfo-5.0.2-31.el7.aarch64.rpm SHA-256: 4f9802022a2a269cf96025cdb82ccbb5af0fb0809f3563d63d3330b60ca71aba
zsh-html-5.0.2-31.el7.aarch64.rpm SHA-256: 3d2844edc0d39df9c9dc183cdf75df83e0e3e57520d9dd0bbb18f52f2ee20613
zsh-html-5.0.2-31.el7.aarch64.rpm SHA-256: 3d2844edc0d39df9c9dc183cdf75df83e0e3e57520d9dd0bbb18f52f2ee20613
zsh-html-5.0.2-31.el7.aarch64.rpm SHA-256: 3d2844edc0d39df9c9dc183cdf75df83e0e3e57520d9dd0bbb18f52f2ee20613

Red Hat Enterprise Linux for Power 9 7

SRPM
zsh-5.0.2-31.el7.src.rpm SHA-256: 08120a99d3b0947866173c80fc00742bf71c115fe7a9e96041bd5223f33bd24b
ppc64le
zsh-5.0.2-31.el7.ppc64le.rpm SHA-256: 1120300c8624351ca3cb9b5085df6dd0224aaa92b9ceb12036f4e3cff49dd617
zsh-5.0.2-31.el7.ppc64le.rpm SHA-256: 1120300c8624351ca3cb9b5085df6dd0224aaa92b9ceb12036f4e3cff49dd617
zsh-5.0.2-31.el7.ppc64le.rpm SHA-256: 1120300c8624351ca3cb9b5085df6dd0224aaa92b9ceb12036f4e3cff49dd617
zsh-debuginfo-5.0.2-31.el7.ppc64le.rpm SHA-256: 589c8bc37084cb69df2ebaf56756f949ab79ee38f61013f6f8d0eb7fad98a8bf
zsh-debuginfo-5.0.2-31.el7.ppc64le.rpm SHA-256: 589c8bc37084cb69df2ebaf56756f949ab79ee38f61013f6f8d0eb7fad98a8bf
zsh-debuginfo-5.0.2-31.el7.ppc64le.rpm SHA-256: 589c8bc37084cb69df2ebaf56756f949ab79ee38f61013f6f8d0eb7fad98a8bf
zsh-debuginfo-5.0.2-31.el7.ppc64le.rpm SHA-256: 589c8bc37084cb69df2ebaf56756f949ab79ee38f61013f6f8d0eb7fad98a8bf
zsh-debuginfo-5.0.2-31.el7.ppc64le.rpm SHA-256: 589c8bc37084cb69df2ebaf56756f949ab79ee38f61013f6f8d0eb7fad98a8bf
zsh-debuginfo-5.0.2-31.el7.ppc64le.rpm SHA-256: 589c8bc37084cb69df2ebaf56756f949ab79ee38f61013f6f8d0eb7fad98a8bf
zsh-html-5.0.2-31.el7.ppc64le.rpm SHA-256: 995e16677f18aedd2d2bec1408cd84fe8646bb582380c915b074938b149bac6e
zsh-html-5.0.2-31.el7.ppc64le.rpm SHA-256: 995e16677f18aedd2d2bec1408cd84fe8646bb582380c915b074938b149bac6e
zsh-html-5.0.2-31.el7.ppc64le.rpm SHA-256: 995e16677f18aedd2d2bec1408cd84fe8646bb582380c915b074938b149bac6e

Red Hat Enterprise Linux for IBM System z (Structure A) 7

SRPM
zsh-5.0.2-31.el7.src.rpm SHA-256: 08120a99d3b0947866173c80fc00742bf71c115fe7a9e96041bd5223f33bd24b
s390x
zsh-5.0.2-31.el7.s390x.rpm SHA-256: bae201dc75805dc8c4ad4a0aa55dd39a941e5055b22cea76cafba3bc53a15a07
zsh-5.0.2-31.el7.s390x.rpm SHA-256: bae201dc75805dc8c4ad4a0aa55dd39a941e5055b22cea76cafba3bc53a15a07
zsh-5.0.2-31.el7.s390x.rpm SHA-256: bae201dc75805dc8c4ad4a0aa55dd39a941e5055b22cea76cafba3bc53a15a07
zsh-debuginfo-5.0.2-31.el7.s390x.rpm SHA-256: ac87f2151ce0fb12e5ef10bc91f57a1ae8bc2683569bf19e6cd4928280c7644d
zsh-debuginfo-5.0.2-31.el7.s390x.rpm SHA-256: ac87f2151ce0fb12e5ef10bc91f57a1ae8bc2683569bf19e6cd4928280c7644d
zsh-debuginfo-5.0.2-31.el7.s390x.rpm SHA-256: ac87f2151ce0fb12e5ef10bc91f57a1ae8bc2683569bf19e6cd4928280c7644d
zsh-debuginfo-5.0.2-31.el7.s390x.rpm SHA-256: ac87f2151ce0fb12e5ef10bc91f57a1ae8bc2683569bf19e6cd4928280c7644d
zsh-debuginfo-5.0.2-31.el7.s390x.rpm SHA-256: ac87f2151ce0fb12e5ef10bc91f57a1ae8bc2683569bf19e6cd4928280c7644d
zsh-debuginfo-5.0.2-31.el7.s390x.rpm SHA-256: ac87f2151ce0fb12e5ef10bc91f57a1ae8bc2683569bf19e6cd4928280c7644d
zsh-html-5.0.2-31.el7.s390x.rpm SHA-256: 8a4f862e088b2a5ae34b74619faac58a79e8d8c164ed44827c2213edfc7d7486
zsh-html-5.0.2-31.el7.s390x.rpm SHA-256: 8a4f862e088b2a5ae34b74619faac58a79e8d8c164ed44827c2213edfc7d7486
zsh-html-5.0.2-31.el7.s390x.rpm SHA-256: 8a4f862e088b2a5ae34b74619faac58a79e8d8c164ed44827c2213edfc7d7486

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.