Security update for zsh
Announcement ID: | SUSE-SU-2018:2686-1 |
---|---|
Rating: | important |
References: | |
Cross-References: | |
CVSS scores: |
|
Affected Products: |
|
An update that solves two vulnerabilities can now be installed.
Description:
This update for zsh to version 5.6 fixes the following security issues:
- CVE-2018-0502: The beginning of a #! script file was mishandled, potentially leading to an execve call to a program named on the second line (bsc#1107296).
- CVE-2018-13259: Shebang lines exceeding 64 characters were truncated, potentially leading to an execve call to a program name that is a substring of the intended one (bsc#1107294).
Patch Instructions:
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
-
Basesystem Module 15
zypper in -t patch SUSE-SLE-Module-Basesystem-15-2018-1880=1
Package List:
-
Basesystem Module 15 (aarch64 ppc64le s390x x86_64)
- zsh-5.6-3.6.1
- zsh-debugsource-5.6-3.6.1
- zsh-debuginfo-5.6-3.6.1