SUSE-SU-2017:1815-1

Опубликовано: 07 июл. 2017

Источник: suse-cvrf

Описание

Recommended update for ncurses

This update for ncurses fixes the following issues:

Security issues fixed:

CVE-2017-10684: Possible RCE via stack-based buffer overflow in the fmt_entry function. (bsc#1046858)
CVE-2017-10685: Possible RCE with format string vulnerability in the fmt_entry function. (bsc#1046853)

Bugfixes:

Drop patch ncurses-5.9-environment.dif as YaST2 ncurses GUI does not need it anymore and as well as it causes bug bsc#1000662

Список пакетов

SUSE Linux Enterprise Desktop 12 SP2

libncurses5-5.9-44.1

libncurses5-32bit-5.9-44.1

libncurses6-5.9-44.1

libncurses6-32bit-5.9-44.1

ncurses-devel-5.9-44.1

ncurses-utils-5.9-44.1

tack-5.9-44.1

terminfo-5.9-44.1

terminfo-base-5.9-44.1

SUSE Linux Enterprise Server 12 SP2

libncurses5-5.9-44.1

libncurses5-32bit-5.9-44.1

libncurses6-5.9-44.1

libncurses6-32bit-5.9-44.1

ncurses-devel-5.9-44.1

ncurses-devel-32bit-5.9-44.1

ncurses-utils-5.9-44.1

tack-5.9-44.1

terminfo-5.9-44.1

terminfo-base-5.9-44.1

SUSE Linux Enterprise Server for Raspberry Pi 12 SP2

libncurses5-5.9-44.1

libncurses6-5.9-44.1

ncurses-devel-5.9-44.1

ncurses-utils-5.9-44.1

tack-5.9-44.1

terminfo-5.9-44.1

terminfo-base-5.9-44.1

SUSE Linux Enterprise Server for SAP Applications 12 SP2

libncurses5-5.9-44.1

libncurses5-32bit-5.9-44.1

libncurses6-5.9-44.1

libncurses6-32bit-5.9-44.1

ncurses-devel-5.9-44.1

ncurses-devel-32bit-5.9-44.1

ncurses-utils-5.9-44.1

tack-5.9-44.1

terminfo-5.9-44.1

terminfo-base-5.9-44.1

SUSE Linux Enterprise Software Development Kit 12 SP2

ncurses-devel-5.9-44.1

Ссылки

https://www.suse.com/support/update/announcement/2017/suse-su-20171815-1/
Link for SUSE-SU-2017:1815-1
https://lists.suse.com/pipermail/sle-security-updates/2017-July/003018.html
E-Mail link for SUSE-SU-2017:1815-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1000662
SUSE Bug 1000662
https://bugzilla.suse.com/1046853
SUSE Bug 1046853
https://bugzilla.suse.com/1046858
SUSE Bug 1046858
https://www.suse.com/security/cve/CVE-2017-10684/
SUSE CVE CVE-2017-10684 page
https://www.suse.com/security/cve/CVE-2017-10685/
SUSE CVE CVE-2017-10685 page

Описание

In ncurses 6.0, there is a stack-based buffer overflow in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.

Затронутые продукты

SUSE Linux Enterprise Desktop 12 SP2:libncurses5-32bit-5.9-44.1

SUSE Linux Enterprise Desktop 12 SP2:libncurses5-5.9-44.1

SUSE Linux Enterprise Desktop 12 SP2:libncurses6-32bit-5.9-44.1

SUSE Linux Enterprise Desktop 12 SP2:libncurses6-5.9-44.1

Ссылки

https://www.suse.com/security/cve/CVE-2017-10684.html
CVE-2017-10684
https://bugzilla.suse.com/1046858
SUSE Bug 1046858
https://bugzilla.suse.com/1115932
SUSE Bug 1115932
https://bugzilla.suse.com/1175501
SUSE Bug 1175501

Описание

In ncurses 6.0, there is a format string vulnerability in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.

Затронутые продукты

SUSE Linux Enterprise Desktop 12 SP2:libncurses5-32bit-5.9-44.1

SUSE Linux Enterprise Desktop 12 SP2:libncurses5-5.9-44.1

SUSE Linux Enterprise Desktop 12 SP2:libncurses6-32bit-5.9-44.1

SUSE Linux Enterprise Desktop 12 SP2:libncurses6-5.9-44.1

Ссылки

https://www.suse.com/security/cve/CVE-2017-10685.html
CVE-2017-10685
https://bugzilla.suse.com/1046853
SUSE Bug 1046853
https://bugzilla.suse.com/1115932
SUSE Bug 1115932
https://bugzilla.suse.com/1175501
SUSE Bug 1175501

SUSE-SU-2017:1815-1

Описание

Список пакетов

SUSE Linux Enterprise Desktop 12 SP2

SUSE Linux Enterprise Server 12 SP2

SUSE Linux Enterprise Server for Raspberry Pi 12 SP2

SUSE Linux Enterprise Server for SAP Applications 12 SP2

SUSE Linux Enterprise Software Development Kit 12 SP2

Ссылки

Уязвимость: CVE-2017-10684

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2017-10685

Описание

Затронутые продукты

Ссылки