Описание
Security update for ncurses
This update for ncurses fixes the following issues:
Security issues fixed:
- CVE-2017-11112: Illegal address access in append_acs. (bsc#1047964)
- CVE-2017-11113: Dereferencing NULL pointer in _nc_parse_entry. (bsc#1047965)
- CVE-2017-10684, CVE-2017-10685: Add modified upstream fix from ncurses 6.0 to avoid broken termcap format (bsc#1046853, bsc#1046858, bsc#1049344)
Список пакетов
SUSE Linux Enterprise Desktop 12 SP2
libncurses5-5.9-50.1
libncurses5-32bit-5.9-50.1
libncurses6-5.9-50.1
libncurses6-32bit-5.9-50.1
ncurses-devel-5.9-50.1
ncurses-utils-5.9-50.1
tack-5.9-50.1
terminfo-5.9-50.1
terminfo-base-5.9-50.1
SUSE Linux Enterprise Desktop 12 SP3
libncurses5-5.9-50.1
libncurses5-32bit-5.9-50.1
libncurses6-5.9-50.1
libncurses6-32bit-5.9-50.1
ncurses-devel-5.9-50.1
ncurses-utils-5.9-50.1
tack-5.9-50.1
terminfo-5.9-50.1
terminfo-base-5.9-50.1
SUSE Linux Enterprise Server 12 SP2
libncurses5-5.9-50.1
libncurses5-32bit-5.9-50.1
libncurses6-5.9-50.1
libncurses6-32bit-5.9-50.1
ncurses-devel-5.9-50.1
ncurses-devel-32bit-5.9-50.1
ncurses-utils-5.9-50.1
tack-5.9-50.1
terminfo-5.9-50.1
terminfo-base-5.9-50.1
SUSE Linux Enterprise Server 12 SP3
libncurses5-5.9-50.1
libncurses5-32bit-5.9-50.1
libncurses6-5.9-50.1
libncurses6-32bit-5.9-50.1
ncurses-devel-5.9-50.1
ncurses-devel-32bit-5.9-50.1
ncurses-utils-5.9-50.1
tack-5.9-50.1
terminfo-5.9-50.1
terminfo-base-5.9-50.1
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
libncurses5-5.9-50.1
libncurses6-5.9-50.1
ncurses-devel-5.9-50.1
ncurses-utils-5.9-50.1
tack-5.9-50.1
terminfo-5.9-50.1
terminfo-base-5.9-50.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2
libncurses5-5.9-50.1
libncurses5-32bit-5.9-50.1
libncurses6-5.9-50.1
libncurses6-32bit-5.9-50.1
ncurses-devel-5.9-50.1
ncurses-devel-32bit-5.9-50.1
ncurses-utils-5.9-50.1
tack-5.9-50.1
terminfo-5.9-50.1
terminfo-base-5.9-50.1
SUSE Linux Enterprise Server for SAP Applications 12 SP3
libncurses5-5.9-50.1
libncurses5-32bit-5.9-50.1
libncurses6-5.9-50.1
libncurses6-32bit-5.9-50.1
ncurses-devel-5.9-50.1
ncurses-devel-32bit-5.9-50.1
ncurses-utils-5.9-50.1
tack-5.9-50.1
terminfo-5.9-50.1
terminfo-base-5.9-50.1
SUSE Linux Enterprise Software Development Kit 12 SP2
ncurses-devel-5.9-50.1
SUSE Linux Enterprise Software Development Kit 12 SP3
ncurses-devel-5.9-50.1
Ссылки
- Link for SUSE-SU-2017:2075-1
- E-Mail link for SUSE-SU-2017:2075-1
- SUSE Security Ratings
- SUSE Bug 1046853
- SUSE Bug 1046858
- SUSE Bug 1047964
- SUSE Bug 1047965
- SUSE Bug 1049344
- SUSE CVE CVE-2017-10684 page
- SUSE CVE CVE-2017-10685 page
- SUSE CVE CVE-2017-11112 page
- SUSE CVE CVE-2017-11113 page
Описание
In ncurses 6.0, there is a stack-based buffer overflow in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP2:libncurses5-32bit-5.9-50.1
SUSE Linux Enterprise Desktop 12 SP2:libncurses5-5.9-50.1
SUSE Linux Enterprise Desktop 12 SP2:libncurses6-32bit-5.9-50.1
SUSE Linux Enterprise Desktop 12 SP2:libncurses6-5.9-50.1
Ссылки
- CVE-2017-10684
- SUSE Bug 1046858
- SUSE Bug 1115932
- SUSE Bug 1175501
Описание
In ncurses 6.0, there is a format string vulnerability in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP2:libncurses5-32bit-5.9-50.1
SUSE Linux Enterprise Desktop 12 SP2:libncurses5-5.9-50.1
SUSE Linux Enterprise Desktop 12 SP2:libncurses6-32bit-5.9-50.1
SUSE Linux Enterprise Desktop 12 SP2:libncurses6-5.9-50.1
Ссылки
- CVE-2017-10685
- SUSE Bug 1046853
- SUSE Bug 1115932
- SUSE Bug 1175501
Описание
In ncurses 6.0, there is an attempted 0xffffffffffffffff access in the append_acs function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP2:libncurses5-32bit-5.9-50.1
SUSE Linux Enterprise Desktop 12 SP2:libncurses5-5.9-50.1
SUSE Linux Enterprise Desktop 12 SP2:libncurses6-32bit-5.9-50.1
SUSE Linux Enterprise Desktop 12 SP2:libncurses6-5.9-50.1
Ссылки
- CVE-2017-11112
- SUSE Bug 1046853
- SUSE Bug 1047964
- SUSE Bug 1175501
Описание
In ncurses 6.0, there is a NULL Pointer Dereference in the _nc_parse_entry function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP2:libncurses5-32bit-5.9-50.1
SUSE Linux Enterprise Desktop 12 SP2:libncurses5-5.9-50.1
SUSE Linux Enterprise Desktop 12 SP2:libncurses6-32bit-5.9-50.1
SUSE Linux Enterprise Desktop 12 SP2:libncurses6-5.9-50.1
Ссылки
- CVE-2017-11113
- SUSE Bug 1046853
- SUSE Bug 1047965
- SUSE Bug 1175501