[El-errata] ELSA-2018-3073 Moderate: Oracle Linux 7 zsh security and bug fix update

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Tue Nov 6 15:04:57 PST 2018


Oracle Linux Security Advisory ELSA-2018-3073

http://linux.oracle.com/errata/ELSA-2018-3073.html

The following updated rpms for Oracle Linux 7 have been uploaded to the 
Unbreakable Linux Network:

x86_64:
zsh-5.0.2-31.el7.x86_64.rpm
zsh-html-5.0.2-31.el7.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/zsh-5.0.2-31.el7.src.rpm



Description of changes:

[5.0.2-31]
- fix defects detected by Coverity related to CVE-2017-18206 and 
CVE-2018-1083

[5.0.2-30]
- fix stack-based buffer overflow in utils.c:checkmailpath() (CVE-2018-1100)
- fix stack-based buffer overflow in gen_matches_files() (CVE-2018-1083)
- fix stack-based buffer overflow in exec.c:hashcmd() (CVE-2018-1071)
- avoid crash when copying empty hash table (CVE-2018-7549)
- fix buffer overrun in xsymlinks (CVE-2017-18206)
- fix NULL dereference in cd (CVE-2017-18205)
- fix buffer overflow when scanning very long path for symlinks 
(CVE-2014-10072)
- fix buffer overflow for very long fds in >& fd syntax (CVE-2014-10071)

[5.0.2-29]
- fix crash while inputting long multi-line strings (#1492595)




More information about the El-errata mailing list