[El-errata] ELSA-2018-3073 Moderate: Oracle Linux 7 zsh security and bug fix update
Errata Announcements for Oracle Linux
el-errata at oss.oracle.com
Tue Nov 6 15:04:57 PST 2018
Oracle Linux Security Advisory ELSA-2018-3073
http://linux.oracle.com/errata/ELSA-2018-3073.html
The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:
x86_64:
zsh-5.0.2-31.el7.x86_64.rpm
zsh-html-5.0.2-31.el7.x86_64.rpm
SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/zsh-5.0.2-31.el7.src.rpm
Description of changes:
[5.0.2-31]
- fix defects detected by Coverity related to CVE-2017-18206 and
CVE-2018-1083
[5.0.2-30]
- fix stack-based buffer overflow in utils.c:checkmailpath() (CVE-2018-1100)
- fix stack-based buffer overflow in gen_matches_files() (CVE-2018-1083)
- fix stack-based buffer overflow in exec.c:hashcmd() (CVE-2018-1071)
- avoid crash when copying empty hash table (CVE-2018-7549)
- fix buffer overrun in xsymlinks (CVE-2017-18206)
- fix NULL dereference in cd (CVE-2017-18205)
- fix buffer overflow when scanning very long path for symlinks
(CVE-2014-10072)
- fix buffer overflow for very long fds in >& fd syntax (CVE-2014-10071)
[5.0.2-29]
- fix crash while inputting long multi-line strings (#1492595)
More information about the El-errata
mailing list