Medium: zsh

Issue Overview:

A buffer overflow flaw was found in the zsh shell symbolic link resolver. A local, unprivileged user can create a specially crafted directory path which leads to a buffer overflow in the context of the user trying to do a symbolic link resolution in the aforementioned path. If the user affected is privileged, this leads to privilege escalation.(CVE-2017-18206)

A buffer overflow flaw was found in the zsh shell auto-complete functionality. A local, unprivileged user can create a specially crafted directory path which leads to code execution in the context of the user who tries to use auto-complete to traverse the before mentioned path. If the user affected is privileged, this leads to privilege escalation.(CVE-2018-1083)

A NULL pointer dereference flaw was found in the code responsible for saving hashtables of the zsh package. An attacker could use this flaw to cause a denial of service by crashing the user shell.(CVE-2018-7549)

A NULL pointer dereference flaw was found in the code responsible for the cd builtin command of the zsh package. An attacker could use this flaw to cause a denial of service by crashing the user shell.(CVE-2017-18205)

A buffer overflow flaw was found in the zsh shell symbolic link resolver. A local, unprivileged user can create a specially crafted directory path which leads to a buffer overflow in the context of the user trying to do symbolic link resolution in the aforementioned path. An attacker could exploit this vulnerability to cause a denial of service condition on the target.(CVE-2014-10072)

A buffer overflow flaw was found in the zsh shell check path functionality. A local, unprivileged user can create a specially crafted message file, which, if used to set a custom “you have new mail” message, leads to code execution in the context of the user who receives the message. If the user affected is privileged, this leads to privilege escalation.(CVE-2018-1100)

zsh through version 5.4.2 is vulnerable to a stack-based buffer overflow in the exec.c:hashcmd() function. A local attacker could exploit this to cause a denial of service.(CVE-2018-1071)

A buffer overflow flaw was found in the zsh shell file descriptor redirection functionality. An attacker could use this flaw to cause a denial of service by crashing the user shell.(CVE-2014-10071)

Affected Packages:

zsh

Issue Correction:
Run yum update zsh to update your system.

New Packages:

i686:  
    zsh-5.0.2-31.17.amzn1.i686  
    zsh-html-5.0.2-31.17.amzn1.i686  
    zsh-debuginfo-5.0.2-31.17.amzn1.i686  
  
src:  
    zsh-5.0.2-31.17.amzn1.src  
  
x86_64:  
    zsh-5.0.2-31.17.amzn1.x86_64  
    zsh-debuginfo-5.0.2-31.17.amzn1.x86_64  
    zsh-html-5.0.2-31.17.amzn1.x86_64  

Additional References

Red Hat: CVE-2014-10071, CVE-2014-10072, CVE-2017-18205, CVE-2017-18206, CVE-2018-1071, CVE-2018-1083, CVE-2018-1100, CVE-2018-7549

Mitre: CVE-2014-10071, CVE-2014-10072, CVE-2017-18205, CVE-2017-18206, CVE-2018-1071, CVE-2018-1083, CVE-2018-1100, CVE-2018-7549