OVAL Reference oval:org.opensuse.security:def:56749

Oval Definition:

oval:org.opensuse.security:def:56749

Revision Date:	2020-12-01	Version:	1
Title:	Security update for zsh (Important)
Description:	This update for zsh fixes the following issues: - CVE-2014-10070: environment variable injection could lead to local privilege escalation (bnc#1082885) - CVE-2014-10071: buffer overflow in exec.c could lead to denial of service. (bnc#1082977) - CVE-2014-10072: buffer overflow In utils.c when scanning very long directory paths for symbolic links. (bnc#1082975) - CVE-2016-10714: In zsh before 5.3, an off-by-one error resulted in undersized buffers that were intended to support PATH_MAX characters. (bnc#1083250) - CVE-2017-18205: In builtin.c when sh compatibility mode is used, a NULL pointer dereference could lead to denial of service (bnc#1082998) - CVE-2018-1071: exec.c:hashcmd() function vulnerability could lead to denial of service. (bnc#1084656) - CVE-2018-1083: Autocomplete vulnerability could lead to privilege escalation. (bnc#1087026) - CVE-2018-7549: In params.c in zsh through 5.4.2, there is a crash during a copy of an empty hash table, as demonstrated by typeset -p. (bnc#1082991) - CVE-2017-18206: buffer overrun in xsymlinks could lead to denial of service (bnc#1083002) - Autocomplete and REPORTTIME broken (bsc#896914)
Family:	unix	Class:	patch
Status:		Reference(s):	1000345 1001151 1002116 1002550 1002557 1003878 1003893 1003894 1004702 1004707 1004959 1006536 1006538 1007391 1007450 1007454 1007493 1007494 1007495 1011348 1014524 1015567 1022062 1022098 1023988 1026978 1026979 1026980 1026981 1026982 1026983 1026984 1026985 1026986 1026987 1026988 1028744 1029912 1039513 1044016 1050947 1060644 1069591 1072648 1082885 1082975 1082977 1082991 1082998 1083002 1083250 1084632 1084656 1087026 1089811 1090174 1100453 1101506 1116451 1121874 1122319 1123131 1123156 1123455 1124062 1124869 1127760 1127857 1128845 1135189 1135228 1146873 1149811 1159819 1161066 1163018 1166240 1168669 1168994 1169740 1169746 1170908 1170940 1171355 1171978 1172651 1173022 1173334 1173812 1174463 1174519 1174570 1175049 896914 949399 958861 972335 975947 985612 988274 996524 998516 999661 CVE-2010-4530 CVE-2013-1430 CVE-2014-10070 CVE-2014-10071 CVE-2014-10072 CVE-2015-3228 CVE-2015-7747 CVE-2015-8000 CVE-2015-8936 CVE-2016-10714 CVE-2016-3627 CVE-2016-7161 CVE-2016-7170 CVE-2016-7421 CVE-2016-7466 CVE-2016-7908 CVE-2016-7909 CVE-2016-8576 CVE-2016-8577 CVE-2016-8578 CVE-2016-8667 CVE-2016-8669 CVE-2016-8909 CVE-2016-8910 CVE-2016-9101 CVE-2016-9102 CVE-2016-9103 CVE-2016-9104 CVE-2016-9105 CVE-2016-9106 CVE-2017-11671 CVE-2017-16927 CVE-2017-18205 CVE-2017-18206 CVE-2017-6827 CVE-2017-6828 CVE-2017-6829 CVE-2017-6830 CVE-2017-6831 CVE-2017-6832 CVE-2017-6833 CVE-2017-6834 CVE-2017-6835 CVE-2017-6836 CVE-2017-6837 CVE-2017-6838 CVE-2017-6839 CVE-2017-6967 CVE-2018-1071 CVE-2018-1083 CVE-2018-16858 CVE-2018-7549 CVE-2018-8956 CVE-2019-12068 CVE-2019-15890 CVE-2019-17006 CVE-2019-6116 CVE-2019-6778 CVE-2020-10713 CVE-2020-11868 CVE-2020-12399 CVE-2020-12402 CVE-2020-13817 CVE-2020-14308 CVE-2020-14309 CVE-2020-14310 CVE-2020-14311 CVE-2020-15025 CVE-2020-15706 CVE-2020-15707 CVE-2020-1711 CVE-2020-1983 CVE-2020-7039 CVE-2020-8608 SUSE-SU-2015:2359-1 SUSE-SU-2016:1204-1 SUSE-SU-2016:2511-1 SUSE-SU-2016:2988-1 SUSE-SU-2017:0940-1 SUSE-SU-2017:2526-1 SUSE-SU-2018:1072-1 SUSE-SU-2019:0144-1 SUSE-SU-2019:1448-1 SUSE-SU-2019:1860-1 SUSE-SU-2020:1526-1 SUSE-SU-2020:1805-1 SUSE-SU-2020:1839-1
Platform(s):	openSUSE Leap 15.0 openSUSE Leap 15.1 SUSE Linux Enterprise Desktop 12 SP3 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server 12 SP1-LTSS SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP3-BCL SUSE Linux Enterprise Server 12 SP3-ESPOS SUSE Linux Enterprise Server 12 SP3-LTSS SUSE Linux Enterprise Server 12 SP4 SUSE OpenStack Cloud 7 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 8	Product(s):
Definition Synopsis
openSUSE Leap 15.0 is installed AND Package Information gdk-pixbuf-lang-2.36.11-lp150.3 is installed OR gdk-pixbuf-query-loaders-2.36.11-lp150.3 is installed OR gdk-pixbuf-thumbnailer-2.36.11-lp150.3 is installed OR libgdk_pixbuf-2_0-0-2.36.11-lp150.3 is installed OR typelib-1_0-GdkPixbuf-2_0-2.36.11-lp150.3 is installed
Definition Synopsis
openSUSE Leap 15.1 is installed AND Package Information fuse-overlayfs-0.4.1-lp151.2 is installed OR fuse3-3.6.1-lp151.2 is installed OR fuse3-devel-3.6.1-lp151.2 is installed OR fuse3-doc-3.6.1-lp151.2 is installed OR libcontainers-common-20190401-lp151.2.3 is installed OR libfuse3-3-3.6.1-lp151.2 is installed OR podman-1.4.4-lp151.3.3 is installed OR podman-cni-config-1.4.4-lp151.3.3 is installed OR slirp4netns-0.3.0-lp151.2.3 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 12 SP3 is installed AND zsh-5.0.5-6.7 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP1 is installed AND Package Information bind-9.9.6P1-32 is installed OR bind-chrootenv-9.9.6P1-32 is installed OR bind-doc-9.9.6P1-32 is installed OR bind-libs-9.9.6P1-32 is installed OR bind-libs-32bit-9.9.6P1-32 is installed OR bind-utils-9.9.6P1-32 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP1-LTSS is installed AND Package Information cpp48-4.8.5-31.3 is installed OR gcc48-4.8.5-31.3 is installed OR gcc48-32bit-4.8.5-31.3 is installed OR gcc48-c++-4.8.5-31.3 is installed OR gcc48-info-4.8.5-31.3 is installed OR gcc48-locale-4.8.5-31.3 is installed OR libasan0-4.8.5-31.3 is installed OR libasan0-32bit-4.8.5-31.3 is installed OR libstdc++48-devel-4.8.5-31.3 is installed OR libstdc++48-devel-32bit-4.8.5-31.3 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2 is installed AND Package Information ghostscript-9.15-6 is installed OR ghostscript-x11-9.15-6 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2-BCL is installed AND Package Information libvirt-2.0.0-27.45 is installed OR libvirt-client-2.0.0-27.45 is installed OR libvirt-daemon-2.0.0-27.45 is installed OR libvirt-daemon-config-network-2.0.0-27.45 is installed OR libvirt-daemon-config-nwfilter-2.0.0-27.45 is installed OR libvirt-daemon-driver-interface-2.0.0-27.45 is installed OR libvirt-daemon-driver-libxl-2.0.0-27.45 is installed OR libvirt-daemon-driver-lxc-2.0.0-27.45 is installed OR libvirt-daemon-driver-network-2.0.0-27.45 is installed OR libvirt-daemon-driver-nodedev-2.0.0-27.45 is installed OR libvirt-daemon-driver-nwfilter-2.0.0-27.45 is installed OR libvirt-daemon-driver-qemu-2.0.0-27.45 is installed OR libvirt-daemon-driver-secret-2.0.0-27.45 is installed OR libvirt-daemon-driver-storage-2.0.0-27.45 is installed OR libvirt-daemon-hooks-2.0.0-27.45 is installed OR libvirt-daemon-lxc-2.0.0-27.45 is installed OR libvirt-daemon-qemu-2.0.0-27.45 is installed OR libvirt-daemon-xen-2.0.0-27.45 is installed OR libvirt-doc-2.0.0-27.45 is installed OR libvirt-lock-sanlock-2.0.0-27.45 is installed OR libvirt-nss-2.0.0-27.45 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2-ESPOS is installed AND Package Information kgraft-patch-4_4_121-92_80-default-6-2 is installed OR kgraft-patch-SLE12-SP2_Update_22-6-2 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2-LTSS is installed AND Package Information kgraft-patch-4_4_90-92_50-default-10-2 is installed OR kgraft-patch-SLE12-SP2_Update_15-10-2 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3 is installed AND Package Information ghostscript-9.15-22 is installed OR ghostscript-x11-9.15-22 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3-BCL is installed AND Package Information MozillaFirefox-68.9.0-109.123 is installed OR MozillaFirefox-translations-common-68.9.0-109.123 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3-ESPOS is installed AND Package Information libsqlite3-0-3.8.10.2-9.15 is installed OR libsqlite3-0-32bit-3.8.10.2-9.15 is installed OR sqlite3-3.8.10.2-9.15 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3-LTSS is installed AND ppp-2.4.7-4.3 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP4 is installed AND Package Information libdcerpc-binding0-4.6.16+git.124.aee309c5c18-3.32 is installed OR libdcerpc-binding0-32bit-4.6.16+git.124.aee309c5c18-3.32 is installed OR libdcerpc0-4.6.16+git.124.aee309c5c18-3.32 is installed OR libdcerpc0-32bit-4.6.16+git.124.aee309c5c18-3.32 is installed OR libndr-krb5pac0-4.6.16+git.124.aee309c5c18-3.32 is installed OR libndr-krb5pac0-32bit-4.6.16+git.124.aee309c5c18-3.32 is installed OR libndr-nbt0-4.6.16+git.124.aee309c5c18-3.32 is installed OR libndr-nbt0-32bit-4.6.16+git.124.aee309c5c18-3.32 is installed OR libndr-standard0-4.6.16+git.124.aee309c5c18-3.32 is installed OR libndr-standard0-32bit-4.6.16+git.124.aee309c5c18-3.32 is installed OR libndr0-4.6.16+git.124.aee309c5c18-3.32 is installed OR libndr0-32bit-4.6.16+git.124.aee309c5c18-3.32 is installed OR libnetapi0-4.6.16+git.124.aee309c5c18-3.32 is installed OR libnetapi0-32bit-4.6.16+git.124.aee309c5c18-3.32 is installed OR libsamba-credentials0-4.6.16+git.124.aee309c5c18-3.32 is installed OR libsamba-credentials0-32bit-4.6.16+git.124.aee309c5c18-3.32 is installed OR libsamba-errors0-4.6.16+git.124.aee309c5c18-3.32 is installed OR libsamba-errors0-32bit-4.6.16+git.124.aee309c5c18-3.32 is installed OR libsamba-hostconfig0-4.6.16+git.124.aee309c5c18-3.32 is installed OR libsamba-hostconfig0-32bit-4.6.16+git.124.aee309c5c18-3.32 is installed OR libsamba-passdb0-4.6.16+git.124.aee309c5c18-3.32 is installed OR libsamba-passdb0-32bit-4.6.16+git.124.aee309c5c18-3.32 is installed OR libsamba-util0-4.6.16+git.124.aee309c5c18-3.32 is installed OR libsamba-util0-32bit-4.6.16+git.124.aee309c5c18-3.32 is installed OR libsamdb0-4.6.16+git.124.aee309c5c18-3.32 is installed OR libsamdb0-32bit-4.6.16+git.124.aee309c5c18-3.32 is installed OR libsmbclient0-4.6.16+git.124.aee309c5c18-3.32 is installed OR libsmbclient0-32bit-4.6.16+git.124.aee309c5c18-3.32 is installed OR libsmbconf0-4.6.16+git.124.aee309c5c18-3.32 is installed OR libsmbconf0-32bit-4.6.16+git.124.aee309c5c18-3.32 is installed OR libsmbldap0-4.6.16+git.124.aee309c5c18-3.32 is installed OR libsmbldap0-32bit-4.6.16+git.124.aee309c5c18-3.32 is installed OR libtevent-util0-4.6.16+git.124.aee309c5c18-3.32 is installed OR libtevent-util0-32bit-4.6.16+git.124.aee309c5c18-3.32 is installed OR libwbclient0-4.6.16+git.124.aee309c5c18-3.32 is installed OR libwbclient0-32bit-4.6.16+git.124.aee309c5c18-3.32 is installed OR samba-4.6.16+git.124.aee309c5c18-3.32 is installed OR samba-client-4.6.16+git.124.aee309c5c18-3.32 is installed OR samba-client-32bit-4.6.16+git.124.aee309c5c18-3.32 is installed OR samba-doc-4.6.16+git.124.aee309c5c18-3.32 is installed OR samba-libs-4.6.16+git.124.aee309c5c18-3.32 is installed OR samba-libs-32bit-4.6.16+git.124.aee309c5c18-3.32 is installed OR samba-winbind-4.6.16+git.124.aee309c5c18-3.32 is installed OR samba-winbind-32bit-4.6.16+git.124.aee309c5c18-3.32 is installed
Definition Synopsis
SUSE OpenStack Cloud 7 is installed AND xrdp-0.9.0~git.1456906198.f422461-16.9 is installed
Definition Synopsis
SUSE OpenStack Cloud 8 is installed AND Package Information MozillaFirefox-60.8.0-109.83 is installed OR MozillaFirefox-translations-common-60.8.0-109.83 is installed OR libfreebl3-3.44.1-58.28 is installed OR libfreebl3-32bit-3.44.1-58.28 is installed OR libfreebl3-hmac-3.44.1-58.28 is installed OR libfreebl3-hmac-32bit-3.44.1-58.28 is installed OR libsoftokn3-3.44.1-58.28 is installed OR libsoftokn3-32bit-3.44.1-58.28 is installed OR libsoftokn3-hmac-3.44.1-58.28 is installed OR libsoftokn3-hmac-32bit-3.44.1-58.28 is installed OR mozilla-nss-3.44.1-58.28 is installed OR mozilla-nss-32bit-3.44.1-58.28 is installed OR mozilla-nss-certs-3.44.1-58.28 is installed OR mozilla-nss-certs-32bit-3.44.1-58.28 is installed OR mozilla-nss-sysinit-3.44.1-58.28 is installed OR mozilla-nss-sysinit-32bit-3.44.1-58.28 is installed OR mozilla-nss-tools-3.44.1-58.28 is installed
Definition Synopsis
SUSE OpenStack Cloud 9 is installed AND python-Django1-1.11.20-3.3 is installed
Definition Synopsis
SUSE OpenStack Cloud Crowbar 8 is installed AND Package Information gcc9-9.2.1+r275327-1.3 is installed OR libasan5-9.2.1+r275327-1.3 is installed OR libasan5-32bit-9.2.1+r275327-1.3 is installed OR libatomic1-9.2.1+r275327-1.3 is installed OR libatomic1-32bit-9.2.1+r275327-1.3 is installed OR libgcc_s1-9.2.1+r275327-1.3 is installed OR libgcc_s1-32bit-9.2.1+r275327-1.3 is installed OR libgfortran5-9.2.1+r275327-1.3 is installed OR libgfortran5-32bit-9.2.1+r275327-1.3 is installed OR libgo14-9.2.1+r275327-1.3 is installed OR libgo14-32bit-9.2.1+r275327-1.3 is installed OR libgomp1-9.2.1+r275327-1.3 is installed OR libgomp1-32bit-9.2.1+r275327-1.3 is installed OR libitm1-9.2.1+r275327-1.3 is installed OR libitm1-32bit-9.2.1+r275327-1.3 is installed OR liblsan0-9.2.1+r275327-1.3 is installed OR libquadmath0-9.2.1+r275327-1.3 is installed OR libquadmath0-32bit-9.2.1+r275327-1.3 is installed OR libstdc++6-9.2.1+r275327-1.3 is installed OR libstdc++6-32bit-9.2.1+r275327-1.3 is installed OR libstdc++6-locale-9.2.1+r275327-1.3 is installed OR libtsan0-9.2.1+r275327-1.3 is installed OR libubsan1-9.2.1+r275327-1.3 is installed OR libubsan1-32bit-9.2.1+r275327-1.3 is installed

BACK