Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
slackwareSlackware Linux ProjectSSA-2019-013-01
HistoryJan 14, 2019 - 4:33 a.m.

[slackware-security] zsh

2019-01-1404:33:07
Slackware Linux Project
www.slackware.com
102

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.007

Percentile

80.6%

JSON

New zsh packages are available for Slackware 14.0, 14.1, and 14.2 to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:

patches/packages/zsh-5.6.2-i586-1_slack14.2.txz: Upgraded.
This release fixes security issues, including ones that could allow a local
attacker to execute arbitrary code.
For more information, see:
https://vulners.com/cve/CVE-2017-18205
https://vulners.com/cve/CVE-2017-18206
https://vulners.com/cve/CVE-2018-1071
https://vulners.com/cve/CVE-2018-1083
https://vulners.com/cve/CVE-2018-1100
https://vulners.com/cve/CVE-2018-7548
https://vulners.com/cve/CVE-2018-7549
(* Security fix *)

Where to find the new packages:

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)

Also see the “Get Slack” section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/zsh-5.6.2-i486-1_slack14.0.txz

Updated package for Slackware x86_64 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/zsh-5.6.2-x86_64-1_slack14.0.txz

Updated package for Slackware 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/zsh-5.6.2-i486-1_slack14.1.txz

Updated package for Slackware x86_64 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/zsh-5.6.2-x86_64-1_slack14.1.txz

Updated package for Slackware 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/zsh-5.6.2-i586-1_slack14.2.txz

Updated package for Slackware x86_64 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/zsh-5.6.2-x86_64-1_slack14.2.txz

MD5 signatures:

Slackware 14.0 package:
eee31011db16ee065279399d58de4c2b zsh-5.6.2-i486-1_slack14.0.txz

Slackware x86_64 14.0 package:
766df0eb186d95362a78ae523b83f7d2 zsh-5.6.2-x86_64-1_slack14.0.txz

Slackware 14.1 package:
7c376a74372346613fa58296b5a43158 zsh-5.6.2-i486-1_slack14.1.txz

Slackware x86_64 14.1 package:
80cee93fdaa1d7d526c2056b0c374ba5 zsh-5.6.2-x86_64-1_slack14.1.txz

Slackware 14.2 package:
01e67f2f735ffb022890a1adb8318b6b zsh-5.6.2-i586-1_slack14.2.txz

Slackware x86_64 14.2 package:
5e5676c283d4267057eeef2a573dae00 zsh-5.6.2-x86_64-1_slack14.2.txz

Installation instructions:

Upgrade the package as root:
> upgradepkg zsh-5.6.2-i586-1_slack14.2.txz

Related

nessus 56
gentoo 1
openvas 28
fedora 6
mageia 2
amazon 3
oraclelinux 2
redhat 2
centos 2
suse 4
archlinux 2
ubuntu 3
debian 3
osv 10
nvd 7
cvelist 7
ubuntucve 7
redhatcve 7
cve 7
prion 7
debiancve 7
veracode 4
photon 12
alpinelinux 2
rosalinux 1
rapid7blog 1
nessus
nessus
GLSA-201805-10 : Zsh: Multiple vulnerabilities
2018-05-29 00:00:00
Slackware 14.0 / 14.1 / 14.2 : zsh (SSA:2019-013-01)
2019-01-14 00:00:00
Amazon Linux 2 : zsh (ALAS-2018-986)
2018-04-18 00:00:00
gentoo
gentoo
Zsh: Multiple vulnerabilities
2018-05-26 00:00:00
openvas
openvas
Slackware: Security Advisory (SSA:2019-013-01)
2022-04-21 00:00:00
Mageia: Security Advisory (MGASA-2018-0168)
2022-01-28 00:00:00
Fedora Update for zsh FEDORA-2018-9cdf18a850
2018-03-21 00:00:00
fedora
fedora
[SECURITY] Fedora 26 Update: zsh-5.3.1-7.fc26
2018-03-20 17:37:50
[SECURITY] Fedora 27 Update: zsh-5.4.1-3.fc27
2018-05-05 22:28:53
[SECURITY] Fedora 28 Update: zsh-5.5-1.fc28
2018-04-17 00:24:00
mageia
mageia
Updated zsh packages fix security vulnerabilities
2018-03-14 19:21:20
Updated zsh packages fix security vulnerabilities
2018-04-20 20:24:13
amazon
amazon
Low: zsh
2018-04-05 16:13:00
Medium: zsh
2018-12-06 00:20:00
Medium: zsh
2018-05-10 17:23:00
oraclelinux
oraclelinux
zsh security and bug fix update
2018-11-05 00:00:00
zsh security update
2018-06-25 00:00:00
redhat
redhat
(RHSA-2018:3073) Moderate: zsh security and bug fix update
2018-10-30 04:16:11
(RHSA-2018:1932) Moderate: zsh security update
2018-06-19 02:12:48
centos
centos
zsh security update
2018-11-15 18:54:22
zsh security update
2018-06-21 11:56:17
suse
suse
Security update for zsh (moderate)
2018-07-06 00:07:46
Security update for zsh (important)
2018-04-25 18:07:15
Security update for zsh (important)
2018-04-27 00:07:15
archlinux
archlinux
[ASA-201804-7] zsh: denial of service
2018-04-19 00:00:00
[ASA-201804-5] zsh: arbitrary code execution
2018-04-11 00:00:00
ubuntu
ubuntu
Zsh vulnerabilities
2018-03-08 00:00:00
Zsh vulnerabilities
2018-03-27 00:00:00
Zsh vulnerabilities
2018-09-11 00:00:00
debian
debian
[SECURITY] [DLA 2470-1] zsh security update
2020-12-01 03:35:30
[SECURITY] [DLA 1335-1] zsh security update
2018-03-31 22:19:22
[SECURITY] [DLA 1304-1] zsh security update
2018-03-09 17:01:41
osv
osv
zsh - security update
2020-11-30 00:00:00
zsh - security update
2018-03-31 00:00:00
zsh-5.8-7.7 on GA media
2024-06-15 00:00:00
nvd
nvd
CVE-2017-18205
2018-02-27 22:29:00
CVE-2017-18206
2018-02-27 22:29:00
CVE-2018-7549
2018-02-27 22:29:00
cvelist
cvelist
CVE-2017-18205
2018-02-27 22:00:00
CVE-2017-18206
2018-02-27 22:00:00
CVE-2018-7549
2018-02-27 22:00:00
ubuntucve
ubuntucve
CVE-2017-18205
2018-02-27 00:00:00
CVE-2017-18206
2018-02-27 00:00:00
CVE-2018-7549
2018-02-27 00:00:00
redhatcve
redhatcve
CVE-2017-18205
2018-03-02 06:48:52
CVE-2017-18206
2018-03-02 06:19:25
CVE-2018-7549
2019-10-08 06:05:48
cve
cve
CVE-2017-18205
2018-02-27 22:29:00
CVE-2017-18206
2018-02-27 22:29:00
CVE-2018-7549
2018-02-27 22:29:00
prion
prion
Null pointer dereference
2018-02-27 22:29:00
Buffer overflow
2018-02-27 22:29:00
Null pointer dereference
2018-02-27 22:29:00
debiancve
debiancve
CVE-2017-18205
2018-02-27 22:29:00
CVE-2017-18206
2018-02-27 22:29:00
CVE-2018-7549
2018-02-27 22:29:00
veracode
veracode
Privilege Escalation
2019-05-16 03:01:47
Stack-Based Buffer Overflow
2019-05-16 03:01:47
Denial Of Service (DoS)
2020-05-10 23:21:18
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2018-2.0-0028
2018-03-21 00:00:00
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2020-2.0-0222
2020-03-27 00:00:00
Critical Photon OS Security Update - PHSA-2018-0028
2018-03-24 00:00:00
alpinelinux
alpinelinux
CVE-2018-1083
2018-03-28 13:29:00
CVE-2018-1071
2018-03-09 15:29:00
rosalinux
rosalinux
Advisory ROSA-SA-2021-2005
2021-07-02 18:22:15
rapid7blog
rapid7blog
Driver-Based Attacks: Past and Present
2021-12-13 14:00:00

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.007

Percentile

80.6%

JSON
Related for SSA-2019-013-01
nessus56gentoo1openvas28fedora6mageia2amazon3oraclelinux2redhat2centos2suse4archlinux2ubuntu3debian3osv10nvd7cvelist7ubuntucve7redhatcve7cve7prion7debiancve7veracode4photon12alpinelinux2rosalinux1rapid7blog1