Ubuntu Local Security Checks : Ubuntu Update for zsh USN-3593-1

Anfälligkeitssuche		Suche in 219043 CVE Beschreibungen und 99761 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.843682

Kategorie: Ubuntu Local Security Checks

Titel: Ubuntu Update for zsh USN-3593-1

Zusammenfassung: The remote host is missing an update for the 'zsh'; package(s) announced via the USN-3593-1 advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'zsh'
package(s) announced via the USN-3593-1 advisory.

Vulnerability Insight:
It was discovered that Zsh incorrectly handled certain environment
variables. An attacker could possibly use this issue to gain privileged
access to the system. This issue only affected Ubuntu 14.04 LTS.
(CVE-2014-10070)

It was discovered that Zsh incorrectly handled certain inputs.
An attacker could possibly use this to execute arbitrary code. This
issue only affected Ubuntu 14.04 LTS. (CVE-2014-10071)

It was discovered that Zsh incorrectly handled some symbolic links.
An attacker could possibly use this to execute arbitrary code. This
issue only affected Ubuntu 14.04 LTS. (CVE-2014-10072)

It was discovered that Zsh incorrectly handled certain errors. An
attacker could possibly use this issue to cause a denial of service.
(CVE-2016-10714)

It was discovered that Zsh incorrectly handled certain commands. An
attacker could possibly use this to execute arbitrary code.
(CVE-2017-18205)

It was discovered that Zsh incorrectly handled certain symlinks. An
attacker could possibly use this to execute arbitrary code. This issue
only affected Ubuntu 16.04 LTS and Ubuntu 17.10. (CVE-2017-18206)

It was discovered that Zsh incorrectly handled certain inputs. An
attacker could possible use to execute arbitrary code. This issue only
affected Ubuntu 17.10. (CVE-2018-7548)

It was discovered that Zsh incorrectly handled certain inputs. An
attacker could possibly use this to cause a denial of service.
(CVE-2018-7549)

Affected Software/OS:
zsh on Ubuntu 17.10,
Ubuntu 16.04 LTS,
Ubuntu 14.04 LTS.

Solution:
Please install the updated package(s).

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2018-7548
https://security.gentoo.org/glsa/201805-10
https://sourceforge.net/p/zsh/code/ci/110b13e1090bc31ac1352b28adc2d02b6d25a102
https://usn.ubuntu.com/3593-1/
Common Vulnerability Exposure (CVE) ID: CVE-2018-7549
https://sourceforge.net/p/zsh/code/ci/c2cc8b0fbefc9868fa83537f5b6d90fc1ec438dd
RedHat Security Advisories: RHSA-2018:3073
https://access.redhat.com/errata/RHSA-2018:3073

Copyright Copyright (C) 2018 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.843682
Kategorie:	Ubuntu Local Security Checks
Titel:	Ubuntu Update for zsh USN-3593-1
Zusammenfassung:	The remote host is missing an update for the 'zsh'; package(s) announced via the USN-3593-1 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'zsh' package(s) announced via the USN-3593-1 advisory. Vulnerability Insight: It was discovered that Zsh incorrectly handled certain environment variables. An attacker could possibly use this issue to gain privileged access to the system. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-10070) It was discovered that Zsh incorrectly handled certain inputs. An attacker could possibly use this to execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-10071) It was discovered that Zsh incorrectly handled some symbolic links. An attacker could possibly use this to execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-10072) It was discovered that Zsh incorrectly handled certain errors. An attacker could possibly use this issue to cause a denial of service. (CVE-2016-10714) It was discovered that Zsh incorrectly handled certain commands. An attacker could possibly use this to execute arbitrary code. (CVE-2017-18205) It was discovered that Zsh incorrectly handled certain symlinks. An attacker could possibly use this to execute arbitrary code. This issue only affected Ubuntu 16.04 LTS and Ubuntu 17.10. (CVE-2017-18206) It was discovered that Zsh incorrectly handled certain inputs. An attacker could possible use to execute arbitrary code. This issue only affected Ubuntu 17.10. (CVE-2018-7548) It was discovered that Zsh incorrectly handled certain inputs. An attacker could possibly use this to cause a denial of service. (CVE-2018-7549) Affected Software/OS: zsh on Ubuntu 17.10, Ubuntu 16.04 LTS, Ubuntu 14.04 LTS. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2018-7548 https://security.gentoo.org/glsa/201805-10 https://sourceforge.net/p/zsh/code/ci/110b13e1090bc31ac1352b28adc2d02b6d25a102 https://usn.ubuntu.com/3593-1/ Common Vulnerability Exposure (CVE) ID: CVE-2018-7549 https://sourceforge.net/p/zsh/code/ci/c2cc8b0fbefc9868fa83537f5b6d90fc1ec438dd RedHat Security Advisories: RHSA-2018:3073 https://access.redhat.com/errata/RHSA-2018:3073
Copyright	Copyright (C) 2018 Greenbone Networks GmbH