Amazon Linux 2 Security Advisory: ALAS-2018-986
Advisory Release Date: 2018-04-05 16:13 Pacific
Advisory Updated Date: 2018-04-05 23:25 Pacific
FAQs regarding Amazon Linux ALAS/CVE Severity
NULL dereference in cd in sh compatibility mode under given circumstances
In builtin.c in zsh before 5.4, when sh compatibility mode is used, there is a NULL pointer dereference during processing of the cd command with no argument if HOME is not set. (CVE-2017-18205)
Null-pointer deref when using ${(PA)...} on an empty array result:
In subst.c in zsh through 5.4.2, there is a NULL pointer dereference when using ${(PA)...} on an empty array result. (CVE-2018-7548)
Buffer overrun in xsymlinks
In utils.c in zsh before 5.4, symlink expansion had a buffer overflow. (CVE-2017-18206)
Crash on copying empty hash table
In params.c in zsh through 5.4.2, there is a crash during a copy of an empty hash table, as demonstrated by typeset -p. (CVE-2018-7549)
Affected Packages:
zsh
Note:
This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update zsh to update your system.
src:
zsh-5.3.1-7.amzn2.src
x86_64:
zsh-5.3.1-7.amzn2.x86_64
zsh-html-5.3.1-7.amzn2.x86_64
zsh-debuginfo-5.3.1-7.amzn2.x86_64