Low: zsh

Issue Overview:

NULL dereference in cd in sh compatibility mode under given circumstances
In builtin.c in zsh before 5.4, when sh compatibility mode is used, there is a NULL pointer dereference during processing of the cd command with no argument if HOME is not set. (CVE-2017-18205)

Null-pointer deref when using ${(PA)…} on an empty array result:
In subst.c in zsh through 5.4.2, there is a NULL pointer dereference when using ${(PA)…} on an empty array result. (CVE-2018-7548)

Buffer overrun in xsymlinks
In utils.c in zsh before 5.4, symlink expansion had a buffer overflow. (CVE-2017-18206)

Crash on copying empty hash table
In params.c in zsh through 5.4.2, there is a crash during a copy of an empty hash table, as demonstrated by typeset -p. (CVE-2018-7549)

Affected Packages:

zsh

Note:

This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.

Issue Correction:
Run yum update zsh to update your system.

New Packages:

src:  
    zsh-5.3.1-7.amzn2.src  
  
x86_64:  
    zsh-5.3.1-7.amzn2.x86_64  
    zsh-html-5.3.1-7.amzn2.x86_64  
    zsh-debuginfo-5.3.1-7.amzn2.x86_64  

Additional References

Red Hat: CVE-2017-18205, CVE-2017-18206, CVE-2018-7548, CVE-2018-7549

Mitre: CVE-2017-18205, CVE-2017-18206, CVE-2018-7548, CVE-2018-7549