{"affected":[{"ecosystem_specific":{"binaries":[{"zsh":"4.3.6-67.9.8.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Point of Sale 11 SP3","name":"zsh","purl":"pkg:rpm/suse/zsh&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.3.6-67.9.8.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"zsh":"4.3.6-67.9.8.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 11 SP4-LTSS","name":"zsh","purl":"pkg:rpm/suse/zsh&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.3.6-67.9.8.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for zsh fixes the following issues:\n\n- CVE-2019-20044: Fixed an insecure dropping of privileges when unsetting\n  the PRIVILEGED option (bsc#1163882).\n- CVE-2018-13259: Fixed an unexpected truncation of long shebang lines (bsc#1107294).\n- CVE-2018-7549: Fixed a crash when an empty hash table (bsc#1082991).\n- CVE-2018-1083: Fixed a stack-based buffer overflow when using tab completion\n  on directories with long names (bsc#1087026).\n- CVE-2018-1071: Fixed a stack-based buffer overflow when executing certain\n  commands (bsc#1084656).\n- CVE-2018-0502: Fixed a mishandling of shebang lines (bsc#1107296).\n- CVE-2017-18206: Fixed a buffer overflow related to symlink processing (bsc#1083002).\n- CVE-2017-18205: Fixed an application crash when using cd with no\n  arguments (bsc#1082998).\n- CVE-2016-10714: Fixed a potential application crash when handling maximum\n  length paths (bsc#1083250).\n- CVE-2014-10072: Fixed a buffer overflow when scanning very long directory\n  paths for symbolic links (bsc#1082975).\n- CVE-2014-10071: Fixed a buffer overflow when redirecting output to a long\n  file descriptor (bsc#1082977).\n- CVE-2014-10070: Fixed a privilege escalation vulnerability via environment\n  variables (bsc#1082885).\n","id":"SUSE-SU-2022:14910-1","modified":"2022-03-14T16:25:48Z","published":"2022-03-14T16:25:48Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2022/suse-su-202214910-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1082885"},{"type":"REPORT","url":"https://bugzilla.suse.com/1082975"},{"type":"REPORT","url":"https://bugzilla.suse.com/1082977"},{"type":"REPORT","url":"https://bugzilla.suse.com/1082991"},{"type":"REPORT","url":"https://bugzilla.suse.com/1082998"},{"type":"REPORT","url":"https://bugzilla.suse.com/1083002"},{"type":"REPORT","url":"https://bugzilla.suse.com/1083250"},{"type":"REPORT","url":"https://bugzilla.suse.com/1084656"},{"type":"REPORT","url":"https://bugzilla.suse.com/1087026"},{"type":"REPORT","url":"https://bugzilla.suse.com/1107294"},{"type":"REPORT","url":"https://bugzilla.suse.com/1107296"},{"type":"REPORT","url":"https://bugzilla.suse.com/1163882"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2014-10070"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2014-10071"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2014-10072"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-10714"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-18205"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-18206"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-0502"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-1071"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-1083"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-13259"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-7549"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-20044"}],"related":["CVE-2014-10070","CVE-2014-10071","CVE-2014-10072","CVE-2016-10714","CVE-2017-18205","CVE-2017-18206","CVE-2018-0502","CVE-2018-1071","CVE-2018-1083","CVE-2018-13259","CVE-2018-7549","CVE-2019-20044"],"summary":"Security update for zsh","upstream":["CVE-2014-10070","CVE-2014-10071","CVE-2014-10072","CVE-2016-10714","CVE-2017-18205","CVE-2017-18206","CVE-2018-0502","CVE-2018-1071","CVE-2018-1083","CVE-2018-13259","CVE-2018-7549","CVE-2019-20044"]}