ESB-2018.0700 - [Debian] zsh: Multiple vulnerabilities 2018-03-12

Printable version
PGP/GPG verifiable version

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2018.0700
                   Debian 7 patches zsh vulnerabilities
                               12 March 2018

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           zsh
Publisher:         Debian
Operating System:  Debian GNU/Linux 7
Impact/Access:     Execute Arbitrary Code/Commands -- Existing Account
                   Increased Privileges            -- Existing Account
                   Denial of Service               -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2017-18206 CVE-2016-10714 CVE-2014-10072
                   CVE-2014-10071 CVE-2014-10070 

Reference:         ESB-2018.0691

Original Bulletin: 
   https://lists.debian.org/debian-lts-announce/2018/03/msg00007.html

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : zsh
Version        : 4.3.17-1+deb7u1
CVE IDs        : CVE-2014-10070 CVE-2014-10071 CVE-2014-10072
                 CVE-2016-10714 CVE-2017-18206

It was discovered that there were multiple vulnerabilities in the
"zsh" shell:

  * CVE-2014-10070: Fix a privilege-elevation issue if the
    environment has not been properly sanitized.

  * CVE-2014-10071: Prevent a buffer overflow for very long file
  * descriptors in the ">& fd" syntax.

  * CVE-2014-10072: Correct a buffer overflow when scanning very long
    directory paths for symbolic links.

  * CVE-2016-10714: Fix an off-by-one error that was resulting in
    undersized buffers that were intended to support PATH_MAX.

  * CVE-2017-18206: Fix a buffer overflow in symlink expansion.


For Debian 7 "Wheezy", this issue has been fixed in zsh version
4.3.17-1+deb7u1.

We recommend that you upgrade your zsh packages.


Regards,

- - -- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-

- -----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlqivesACgkQHpU+J9Qx
HlhTBQ/9HHTv266KYfy8tHjGGPAcg1MnNWp/LebpCAu7biEB6MxcaOXWh1CSyxNF
3FZcJ8oG/5GnMzTgJyAjp9o553NIdO+S/0O57634zM489Ei2unqlYprwaoU2naYF
J+NssrZ8ALvuE4ULQw4dgrCC4kPPX/Kas2cKICmJFcpZlgR349GPbw4Nc9fOj898
NdX+WB2Ou/5SnrgFcRzDWpZSUwPVSunmU2AI48NfEwMvf3DIoLEZBJupY1MGuNSQ
8VXem0Geqo6AgCaNrkz7T3fDcRVzIAWMRjVZRMcwQ/d5XWqEmA9ks2R1XhDUgL//
CGOdy7JquOixJK5BPyhxH+9kcF7IybAxamgAU5kuJLHBS95x99JnO07fDOwgG6JP
0YZyFVHQWMjbb5nXVYTk4MW4I6KSX5ioqElNDaFT/A/rH7Fw0YAAPIH7VAXxxE1K
aRhzzEAf+B09sefBGXtlDq+dX97W88s4Nzr4MWVrfNH0pVLJGMrw4zOpcpV6J4A6
T3NciA/1saXTHd1fKrkFGmB1rv+XKU1nvwQlhySpzbo/D8MKjHh22whdFoPpWWOx
tRyUfUMIjFMBoCQwA3rceuCiqNYwCR83s9Pck+cAG6L39SOvnafZzg2PZh3qxXbj
Ut55l0TX+opysC0l+HLeQaponiH8EzlwcTQOvsCOK4ZsDPvGDhI=
=peC3
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBWqW9D4x+lLeg9Ub1AQicYg/+MZFEe4CQnvLhpkLaobANWRg6MDLKa5jv
e9WucdyYAowc7h4qU2yer0OBHohu6SP723WSmeM/ODlXIZdGBpVhjFyIJuE3pg7z
O7ZXAqhM/n9O41wrljyik9C5y7hdFrKlj9Ein8kDIh2VDA4S5shEW1O53C7uuopF
xcsDJg/rXHQ4sExpO/qVPDxNyLbJQHRDu+ebLQoNoxkSbqgsiFegTNdMsGYJCNJK
ZO8YDT2xfxPMi56a5TOmW52R3vhoE3zi+IQoAzdqe/9uRvjHvVMb01vzSAMmhE+m
zgohLRxO8fSb5zqgn3NaCKfB7OzK9rkoGYRCr3yU0TMsQITKK/KtXDfhu0DOwLVp
JpeVRnrF6VeH36OTeolG1HALncdQCZ8ND8mkcQuqOLK7f8h6l3s3Y/LuGxVPcV3r
pof7H7Y2RdtamfMbks1D6hhjpQfx144gAXb0MlxpmUYZ063pp4r8jirR7IE2TNU7
hddBg/hjFz7B4/x/jtO3/r9FQDZZOBV3a9P7RnQHGDA6cQJXr0SVEZvAqsBn+SiK
akljJ+PjGbVMWKqB96qMLh75wkczWxA/2VCu+gPA6V5NXUqa1say/hThhI2BxcNs
m4Dty7Qx4Y1aSd8P0wz6s8EhV2d7Jgn72mhrOD6Z2iJD9KCjf3Q/ALnA3PqRWq5t
CE4ZE/sExZw=
=tUGl
-----END PGP SIGNATURE-----

« Back to bulletins