Описание
Security update for ncurses
This update for ncurses fixes the following issues:
Security issue fixed:
- CVE-2018-19211: Fixed denial of service issue that was triggered by a NULL pointer dereference at function _nc_parse_entry (bsc#1115929).
Non-security issue fixed:
- Remove scree.xterm from terminfo data base as with this screen uses fallback TERM=screen (bsc#1103320).
Список пакетов
SUSE Linux Enterprise Module for Basesystem 15
libncurses6-6.1-5.3.1
libncurses6-32bit-6.1-5.3.1
ncurses-devel-6.1-5.3.1
ncurses-utils-6.1-5.3.1
tack-6.1-5.3.1
terminfo-6.1-5.3.1
terminfo-base-6.1-5.3.1
terminfo-iterm-6.1-5.3.1
terminfo-screen-6.1-5.3.1
SUSE Linux Enterprise Module for Development Tools 15
ncurses-devel-32bit-6.1-5.3.1
SUSE Linux Enterprise Module for Legacy 15
libncurses5-6.1-5.3.1
libncurses5-32bit-6.1-5.3.1
ncurses5-devel-6.1-5.3.1
Ссылки
- Link for SUSE-SU-2018:4000-1
- E-Mail link for SUSE-SU-2018:4000-1
- SUSE Security Ratings
- SUSE Bug 1103320
- SUSE Bug 1115929
- SUSE CVE CVE-2018-19211 page
Описание
In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a "dubious character `*' in name or alias field" detection.
Затронутые продукты
SUSE Linux Enterprise Module for Basesystem 15:libncurses6-32bit-6.1-5.3.1
SUSE Linux Enterprise Module for Basesystem 15:libncurses6-6.1-5.3.1
SUSE Linux Enterprise Module for Basesystem 15:ncurses-devel-6.1-5.3.1
SUSE Linux Enterprise Module for Basesystem 15:ncurses-utils-6.1-5.3.1
Ссылки
- CVE-2018-19211
- SUSE Bug 1115929
- SUSE Bug 1131830