Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2017:2076-1

Опубликовано: 07 авг. 2017
Источник: suse-cvrf

Описание

Security update for ncurses

This update for ncurses fixes the following issues:

Security issues fixed:

  • CVE-2017-11112: Illegal address access in append_acs. (bsc#1047964)
  • CVE-2017-11113: Dereferencing NULL pointer in _nc_parse_entry. (bsc#1047965)
  • CVE-2017-10684, CVE-2017-10685: Add modified upstream fix from ncurses 6.0 to avoid broken termcap format (bsc#1046853, bsc#1046858, bsc#1049344)

Список пакетов

SUSE Linux Enterprise Server 11 SP4
libncurses5-5.6-93.6.1
libncurses5-32bit-5.6-93.6.1
libncurses5-x86-5.6-93.6.1
libncurses6-5.6-93.6.1
libncurses6-32bit-5.6-93.6.1
libncurses6-x86-5.6-93.6.1
ncurses-devel-5.6-93.6.1
ncurses-devel-32bit-5.6-93.6.1
ncurses-utils-5.6-93.6.1
tack-5.6-93.6.1
terminfo-5.6-93.6.1
terminfo-base-5.6-93.6.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4
libncurses5-5.6-93.6.1
libncurses5-32bit-5.6-93.6.1
libncurses5-x86-5.6-93.6.1
libncurses6-5.6-93.6.1
libncurses6-32bit-5.6-93.6.1
libncurses6-x86-5.6-93.6.1
ncurses-devel-5.6-93.6.1
ncurses-devel-32bit-5.6-93.6.1
ncurses-utils-5.6-93.6.1
tack-5.6-93.6.1
terminfo-5.6-93.6.1
terminfo-base-5.6-93.6.1
SUSE Linux Enterprise Software Development Kit 11 SP4
ncurses-devel-5.6-93.6.1
ncurses-devel-32bit-5.6-93.6.1
tack-5.6-93.6.1

Ссылки

Описание

In ncurses 6.0, there is a stack-based buffer overflow in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.

Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:libncurses5-32bit-5.6-93.6.1
SUSE Linux Enterprise Server 11 SP4:libncurses5-5.6-93.6.1
SUSE Linux Enterprise Server 11 SP4:libncurses5-x86-5.6-93.6.1
SUSE Linux Enterprise Server 11 SP4:libncurses6-32bit-5.6-93.6.1
Ссылки

Описание

In ncurses 6.0, there is a format string vulnerability in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.

Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:libncurses5-32bit-5.6-93.6.1
SUSE Linux Enterprise Server 11 SP4:libncurses5-5.6-93.6.1
SUSE Linux Enterprise Server 11 SP4:libncurses5-x86-5.6-93.6.1
SUSE Linux Enterprise Server 11 SP4:libncurses6-32bit-5.6-93.6.1
Ссылки

Описание

In ncurses 6.0, there is an attempted 0xffffffffffffffff access in the append_acs function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.

Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:libncurses5-32bit-5.6-93.6.1
SUSE Linux Enterprise Server 11 SP4:libncurses5-5.6-93.6.1
SUSE Linux Enterprise Server 11 SP4:libncurses5-x86-5.6-93.6.1
SUSE Linux Enterprise Server 11 SP4:libncurses6-32bit-5.6-93.6.1
Ссылки

Описание

In ncurses 6.0, there is a NULL Pointer Dereference in the _nc_parse_entry function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.

Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:libncurses5-32bit-5.6-93.6.1
SUSE Linux Enterprise Server 11 SP4:libncurses5-5.6-93.6.1
SUSE Linux Enterprise Server 11 SP4:libncurses5-x86-5.6-93.6.1
SUSE Linux Enterprise Server 11 SP4:libncurses6-32bit-5.6-93.6.1
Ссылки
Уязвимость SUSE-SU-2017:2076-1