{"id":"USN-3593-1","summary":"zsh vulnerabilities","details":"It was discovered that Zsh incorrectly handled certain enviroment variables.\nAn attacker could possibly use this issue to gain privileged access to the\nsystem. This issue only affected Ubuntu 14.04 LTS. (CVE-2014-10070)\n\nIt was discovered that Zsh incorrectly handled certain inputs.\nAn attacker could possibly use this to execute arbitrary code. This\nissue only affected Ubuntu 14.04 LTS. (CVE-2014-10071)\n\nIt was discovered that Zsh incorrectly handled some symbolic links.\nAn attacker could possibly use this to execute arbitrary code. This issue\nonly affected Ubuntu 14.04 LTS. (CVE-2014-10072)\n\nIt was discovered that Zsh incorrectly handled certain errors. An attacker\ncould possibly use this issue to cause a denial of service. (CVE-2016-10714)\n\nIt was discovered that Zsh incorrectly handled certain commands. An attacker\ncould possibly use this to execute arbitrary code. (CVE-2017-18205)\n\nIt was discovered that Zsh incorrectly handled certain symlinks. An attacker\ncould possibly use this to execute arbitrary code. This issue only affected\nUbuntu 16.04 LTS and Ubuntu 17.10. (CVE-2017-18206)\n\nIt was discovered that Zsh incorrectly handled certain inputs. An attacker could\npossible use to execute arbitrary code. This issue only affected Ubuntu 17.10.\n(CVE-2018-7548)\n\nIt was discovered that Zsh incorrectly handled certain inputs. An attacker\ncould possibly use this to cause a denial of service. (CVE-2018-7549)\n","modified":"2026-02-10T04:41:17Z","published":"2018-03-08T14:27:49Z","related":["UBUNTU-CVE-2014-10070","UBUNTU-CVE-2014-10071","UBUNTU-CVE-2014-10072","UBUNTU-CVE-2016-10714","UBUNTU-CVE-2017-18205","UBUNTU-CVE-2017-18206","UBUNTU-CVE-2018-7549"],"upstream":["CVE-2014-10070","CVE-2014-10071","CVE-2014-10072","CVE-2016-10714","CVE-2017-18205","CVE-2017-18206","CVE-2018-7549","UBUNTU-CVE-2014-10070","UBUNTU-CVE-2014-10071","UBUNTU-CVE-2014-10072","UBUNTU-CVE-2016-10714","UBUNTU-CVE-2017-18205","UBUNTU-CVE-2017-18206","UBUNTU-CVE-2018-7548","UBUNTU-CVE-2018-7549"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-3593-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2014-10070"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2014-10071"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2014-10072"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-10714"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-18205"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-18206"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-7548"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-7549"}],"affected":[{"package":{"name":"zsh","ecosystem":"Ubuntu:14.04:LTS","purl":"pkg:deb/ubuntu/zsh@5.0.2-3ubuntu6.1?arch=source&distro=trusty"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.0.2-3ubuntu6.1"}]}],"versions":["5.0.2-3ubuntu6"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_name":"zsh","binary_version":"5.0.2-3ubuntu6.1"},{"binary_name":"zsh-beta","binary_version":"5.0.2-3ubuntu6.1"},{"binary_name":"zsh-common","binary_version":"5.0.2-3ubuntu6.1"},{"binary_name":"zsh-dev","binary_version":"5.0.2-3ubuntu6.1"},{"binary_name":"zsh-static","binary_version":"5.0.2-3ubuntu6.1"}]},"database_specific":{"cves_map":{"cves":[{"severity":[{"score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2014-10070"},{"severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2014-10071"},{"severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2014-10072"},{"severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2016-10714"},{"severity":[{"score":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2017-18205"},{"severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2018-7549"}],"ecosystem":"Ubuntu:14.04:LTS"},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-3593-1.json"}},{"package":{"name":"zsh","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/zsh@5.1.1-1ubuntu2.1?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.1.1-1ubuntu2.1"}]}],"versions":["5.1.1-1ubuntu1","5.1.1-1ubuntu2"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_name":"zsh","binary_version":"5.1.1-1ubuntu2.1"},{"binary_name":"zsh-common","binary_version":"5.1.1-1ubuntu2.1"},{"binary_name":"zsh-dev","binary_version":"5.1.1-1ubuntu2.1"},{"binary_name":"zsh-static","binary_version":"5.1.1-1ubuntu2.1"}]},"database_specific":{"cves_map":{"cves":[{"severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2016-10714"},{"severity":[{"score":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2017-18205"},{"severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2017-18206"},{"severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2018-7549"}],"ecosystem":"Ubuntu:16.04:LTS"},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-3593-1.json"}}],"schema_version":"1.7.3"}