SUSE-SU-2019:3094-1

Опубликовано: 28 нояб. 2019

Источник: suse-cvrf

Описание

Security update for ncurses

This update for ncurses fixes the following issues:

Security issue fixed:

CVE-2018-10754: Fixed a denial of service caused by a NULL Pointer Dereference in the _nc_parse_entry() (bsc#1131830).
CVE-2019-17594: Fixed a heap-based buffer over-read in _nc_find_entry function in tinfo/comp_hash.c (bsc#1154036).
CVE-2019-17595: Fixed a heap-based buffer over-read in fmt_entry function in tinfo/comp_hash.c (bsc#1154037).

Bug fixes:

Fixed ppc64le build configuration (bsc#1134550).

Список пакетов

Container caasp/v4/nginx-ingress-controller:beta1

libncurses5-5.9-69.1

libncurses6-5.9-69.1

terminfo-base-5.9-69.1

Container suse/ltss/sle12.5/sles12sp5:latest

libncurses5-5.9-69.1

libncurses6-5.9-69.1

ncurses-utils-5.9-69.1

terminfo-base-5.9-69.1

Container suse/sles12sp3:latest

libncurses5-5.9-69.1

terminfo-base-5.9-69.1

Container suse/sles12sp4:latest

libncurses5-5.9-69.1

ncurses-utils-5.9-69.1

terminfo-base-5.9-69.1

Container suse/sles12sp5:latest

libncurses5-5.9-69.1

libncurses6-5.9-69.1

ncurses-utils-5.9-69.1

terminfo-base-5.9-69.1

Image SLES12-SP4-Azure-BYOS

libncurses5-5.9-69.1

libncurses6-5.9-69.1

ncurses-utils-5.9-69.1

terminfo-5.9-69.1

terminfo-base-5.9-69.1

Image SLES12-SP4-EC2-HVM-BYOS

libncurses5-5.9-69.1

libncurses6-5.9-69.1

ncurses-utils-5.9-69.1

terminfo-5.9-69.1

terminfo-base-5.9-69.1

Image SLES12-SP4-GCE-BYOS

libncurses5-5.9-69.1

libncurses6-5.9-69.1

ncurses-utils-5.9-69.1

terminfo-5.9-69.1

terminfo-base-5.9-69.1

Image SLES12-SP4-OCI-BYOS

libncurses5-5.9-69.1

libncurses6-5.9-69.1

ncurses-utils-5.9-69.1

terminfo-5.9-69.1

terminfo-base-5.9-69.1

Image SLES12-SP4-SAP-Azure

libncurses5-5.9-69.1

libncurses6-5.9-69.1

ncurses-utils-5.9-69.1

terminfo-5.9-69.1

terminfo-base-5.9-69.1

Image SLES12-SP4-SAP-Azure-BYOS

libncurses5-5.9-69.1

libncurses6-5.9-69.1

ncurses-utils-5.9-69.1

terminfo-5.9-69.1

terminfo-base-5.9-69.1

Image SLES12-SP4-SAP-Azure-LI-BYOS-Production

libncurses5-5.9-69.1

libncurses6-5.9-69.1

ncurses-utils-5.9-69.1

terminfo-5.9-69.1

terminfo-base-5.9-69.1

Image SLES12-SP4-SAP-Azure-VLI-BYOS-Production

libncurses5-5.9-69.1

libncurses6-5.9-69.1

ncurses-utils-5.9-69.1

terminfo-5.9-69.1

terminfo-base-5.9-69.1

Image SLES12-SP4-SAP-EC2-HVM

libncurses5-5.9-69.1

libncurses6-5.9-69.1

ncurses-utils-5.9-69.1

terminfo-5.9-69.1

terminfo-base-5.9-69.1

Image SLES12-SP4-SAP-EC2-HVM-BYOS

libncurses5-5.9-69.1

libncurses6-5.9-69.1

ncurses-utils-5.9-69.1

terminfo-5.9-69.1

terminfo-base-5.9-69.1

Image SLES12-SP4-SAP-GCE

libncurses5-5.9-69.1

libncurses6-5.9-69.1

ncurses-utils-5.9-69.1

terminfo-5.9-69.1

terminfo-base-5.9-69.1

Image SLES12-SP4-SAP-GCE-BYOS

libncurses5-5.9-69.1

libncurses6-5.9-69.1

ncurses-utils-5.9-69.1

terminfo-5.9-69.1

terminfo-base-5.9-69.1

Image SLES12-SP4-SAP-OCI-BYOS

libncurses5-5.9-69.1

libncurses6-5.9-69.1

ncurses-utils-5.9-69.1

terminfo-5.9-69.1

terminfo-base-5.9-69.1

Image SLES12-SP5-Azure-BYOS

libncurses5-5.9-69.1

libncurses6-5.9-69.1

ncurses-utils-5.9-69.1

terminfo-5.9-69.1

terminfo-base-5.9-69.1

Image SLES12-SP5-Azure-Basic-On-Demand

libncurses5-5.9-69.1

libncurses6-5.9-69.1

ncurses-utils-5.9-69.1

terminfo-5.9-69.1

terminfo-base-5.9-69.1

Image SLES12-SP5-Azure-HPC-BYOS

libncurses5-5.9-69.1

libncurses6-5.9-69.1

ncurses-utils-5.9-69.1

terminfo-5.9-69.1

terminfo-base-5.9-69.1

Image SLES12-SP5-Azure-HPC-On-Demand

libncurses5-5.9-69.1

libncurses6-5.9-69.1

ncurses-utils-5.9-69.1

terminfo-5.9-69.1

terminfo-base-5.9-69.1

Image SLES12-SP5-Azure-SAP-BYOS

libncurses5-5.9-69.1

libncurses6-5.9-69.1

ncurses-utils-5.9-69.1

terminfo-5.9-69.1

terminfo-base-5.9-69.1

Image SLES12-SP5-Azure-SAP-On-Demand

libncurses5-5.9-69.1

libncurses6-5.9-69.1

ncurses-utils-5.9-69.1

terminfo-5.9-69.1

terminfo-base-5.9-69.1

Image SLES12-SP5-Azure-Standard-On-Demand

libncurses5-5.9-69.1

libncurses6-5.9-69.1

ncurses-utils-5.9-69.1

terminfo-5.9-69.1

terminfo-base-5.9-69.1

Image SLES12-SP5-EC2-BYOS

libncurses5-5.9-69.1

libncurses6-5.9-69.1

ncurses-utils-5.9-69.1

terminfo-5.9-69.1

terminfo-base-5.9-69.1

Image SLES12-SP5-EC2-ECS-On-Demand

libncurses5-5.9-69.1

libncurses6-5.9-69.1

ncurses-utils-5.9-69.1

terminfo-base-5.9-69.1

Image SLES12-SP5-EC2-On-Demand

libncurses5-5.9-69.1

libncurses6-5.9-69.1

ncurses-utils-5.9-69.1

terminfo-5.9-69.1

terminfo-base-5.9-69.1

Image SLES12-SP5-EC2-SAP-BYOS

libncurses5-5.9-69.1

libncurses6-5.9-69.1

ncurses-utils-5.9-69.1

terminfo-5.9-69.1

terminfo-base-5.9-69.1

Image SLES12-SP5-EC2-SAP-On-Demand

libncurses5-5.9-69.1

libncurses6-5.9-69.1

ncurses-utils-5.9-69.1

terminfo-5.9-69.1

terminfo-base-5.9-69.1

Image SLES12-SP5-GCE-BYOS

libncurses5-5.9-69.1

libncurses6-5.9-69.1

ncurses-utils-5.9-69.1

terminfo-5.9-69.1

terminfo-base-5.9-69.1

Image SLES12-SP5-GCE-On-Demand

libncurses5-5.9-69.1

libncurses6-5.9-69.1

ncurses-utils-5.9-69.1

terminfo-5.9-69.1

terminfo-base-5.9-69.1

Image SLES12-SP5-GCE-SAP-BYOS

libncurses5-5.9-69.1

libncurses6-5.9-69.1

ncurses-utils-5.9-69.1

terminfo-5.9-69.1

terminfo-base-5.9-69.1

Image SLES12-SP5-GCE-SAP-On-Demand

libncurses5-5.9-69.1

libncurses6-5.9-69.1

ncurses-utils-5.9-69.1

terminfo-5.9-69.1

terminfo-base-5.9-69.1

Image SLES12-SP5-OCI-BYOS-BYOS

libncurses5-5.9-69.1

libncurses6-5.9-69.1

ncurses-utils-5.9-69.1

terminfo-5.9-69.1

terminfo-base-5.9-69.1

Image SLES12-SP5-OCI-BYOS-SAP-BYOS

libncurses5-5.9-69.1

libncurses6-5.9-69.1

ncurses-utils-5.9-69.1

terminfo-5.9-69.1

terminfo-base-5.9-69.1

Image SLES12-SP5-SAP-Azure-LI-BYOS-Production

libncurses5-5.9-69.1

libncurses6-5.9-69.1

ncurses-utils-5.9-69.1

terminfo-5.9-69.1

terminfo-base-5.9-69.1

Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production

libncurses5-5.9-69.1

libncurses6-5.9-69.1

ncurses-utils-5.9-69.1

terminfo-5.9-69.1

terminfo-base-5.9-69.1

SUSE Linux Enterprise Desktop 12 SP4

libncurses5-5.9-69.1

libncurses5-32bit-5.9-69.1

libncurses6-5.9-69.1

libncurses6-32bit-5.9-69.1

ncurses-devel-5.9-69.1

ncurses-utils-5.9-69.1

tack-5.9-69.1

terminfo-5.9-69.1

terminfo-base-5.9-69.1

SUSE Linux Enterprise Server 12 SP4

libncurses5-5.9-69.1

libncurses5-32bit-5.9-69.1

libncurses6-5.9-69.1

libncurses6-32bit-5.9-69.1

ncurses-devel-5.9-69.1

ncurses-devel-32bit-5.9-69.1

ncurses-utils-5.9-69.1

tack-5.9-69.1

terminfo-5.9-69.1

terminfo-base-5.9-69.1

SUSE Linux Enterprise Server 12 SP5

libncurses5-5.9-69.1

libncurses5-32bit-5.9-69.1

libncurses6-5.9-69.1

libncurses6-32bit-5.9-69.1

ncurses-devel-5.9-69.1

ncurses-devel-32bit-5.9-69.1

ncurses-utils-5.9-69.1

tack-5.9-69.1

terminfo-5.9-69.1

terminfo-base-5.9-69.1

SUSE Linux Enterprise Server for SAP Applications 12 SP4

libncurses5-5.9-69.1

libncurses5-32bit-5.9-69.1

libncurses6-5.9-69.1

libncurses6-32bit-5.9-69.1

ncurses-devel-5.9-69.1

ncurses-devel-32bit-5.9-69.1

ncurses-utils-5.9-69.1

tack-5.9-69.1

terminfo-5.9-69.1

terminfo-base-5.9-69.1

SUSE Linux Enterprise Server for SAP Applications 12 SP5

libncurses5-5.9-69.1

libncurses5-32bit-5.9-69.1

libncurses6-5.9-69.1

libncurses6-32bit-5.9-69.1

ncurses-devel-5.9-69.1

ncurses-devel-32bit-5.9-69.1

ncurses-utils-5.9-69.1

tack-5.9-69.1

terminfo-5.9-69.1

terminfo-base-5.9-69.1

SUSE Linux Enterprise Software Development Kit 12 SP4

ncurses-devel-5.9-69.1

SUSE Linux Enterprise Software Development Kit 12 SP5

ncurses-devel-5.9-69.1

Ссылки

https://www.suse.com/support/update/announcement/2019/suse-su-20193094-1/
Link for SUSE-SU-2019:3094-1
https://lists.suse.com/pipermail/sle-security-updates/2019-November/006199.html
E-Mail link for SUSE-SU-2019:3094-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1131830
SUSE Bug 1131830
https://bugzilla.suse.com/1134550
SUSE Bug 1134550
https://bugzilla.suse.com/1154036
SUSE Bug 1154036
https://bugzilla.suse.com/1154037
SUSE Bug 1154037
https://www.suse.com/security/cve/CVE-2018-10754/
SUSE CVE CVE-2018-10754 page
https://www.suse.com/security/cve/CVE-2019-17594/
SUSE CVE CVE-2019-17594 page
https://www.suse.com/security/cve/CVE-2019-17595/
SUSE CVE CVE-2019-17595 page

Описание

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

Затронутые продукты

Container caasp/v4/nginx-ingress-controller:beta1:libncurses5-5.9-69.1

Container caasp/v4/nginx-ingress-controller:beta1:libncurses6-5.9-69.1

Container caasp/v4/nginx-ingress-controller:beta1:terminfo-base-5.9-69.1

Container suse/ltss/sle12.5/sles12sp5:latest:libncurses5-5.9-69.1

Ссылки

https://www.suse.com/security/cve/CVE-2018-10754.html
CVE-2018-10754
https://bugzilla.suse.com/1131830
SUSE Bug 1131830

Описание

There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.

Затронутые продукты

Container caasp/v4/nginx-ingress-controller:beta1:libncurses5-5.9-69.1

Container caasp/v4/nginx-ingress-controller:beta1:libncurses6-5.9-69.1

Container caasp/v4/nginx-ingress-controller:beta1:terminfo-base-5.9-69.1

Container suse/ltss/sle12.5/sles12sp5:latest:libncurses5-5.9-69.1

Ссылки

https://www.suse.com/security/cve/CVE-2019-17594.html
CVE-2019-17594
https://bugzilla.suse.com/1154036
SUSE Bug 1154036

Описание

There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.

Затронутые продукты

Container caasp/v4/nginx-ingress-controller:beta1:libncurses5-5.9-69.1

Container caasp/v4/nginx-ingress-controller:beta1:libncurses6-5.9-69.1

Container caasp/v4/nginx-ingress-controller:beta1:terminfo-base-5.9-69.1

Container suse/ltss/sle12.5/sles12sp5:latest:libncurses5-5.9-69.1

Ссылки

https://www.suse.com/security/cve/CVE-2019-17595.html
CVE-2019-17595
https://bugzilla.suse.com/1154037
SUSE Bug 1154037

SUSE-SU-2019:3094-1

Описание

Список пакетов

Container caasp/v4/nginx-ingress-controller:beta1

Container suse/ltss/sle12.5/sles12sp5:latest

Container suse/sles12sp3:latest

Container suse/sles12sp4:latest

Container suse/sles12sp5:latest

Image SLES12-SP4-Azure-BYOS

Image SLES12-SP4-EC2-HVM-BYOS

Image SLES12-SP4-GCE-BYOS

Image SLES12-SP4-OCI-BYOS

Image SLES12-SP4-SAP-Azure

Image SLES12-SP4-SAP-Azure-BYOS

Image SLES12-SP4-SAP-Azure-LI-BYOS-Production

Image SLES12-SP4-SAP-Azure-VLI-BYOS-Production

Image SLES12-SP4-SAP-EC2-HVM

Image SLES12-SP4-SAP-EC2-HVM-BYOS

Image SLES12-SP4-SAP-GCE

Image SLES12-SP4-SAP-GCE-BYOS

Image SLES12-SP4-SAP-OCI-BYOS

Image SLES12-SP5-Azure-BYOS

Image SLES12-SP5-Azure-Basic-On-Demand

Image SLES12-SP5-Azure-HPC-BYOS

Image SLES12-SP5-Azure-HPC-On-Demand

Image SLES12-SP5-Azure-SAP-BYOS

Image SLES12-SP5-Azure-SAP-On-Demand

Image SLES12-SP5-Azure-Standard-On-Demand

Image SLES12-SP5-EC2-BYOS

Image SLES12-SP5-EC2-ECS-On-Demand

Image SLES12-SP5-EC2-On-Demand

Image SLES12-SP5-EC2-SAP-BYOS

Image SLES12-SP5-EC2-SAP-On-Demand

Image SLES12-SP5-GCE-BYOS

Image SLES12-SP5-GCE-On-Demand

Image SLES12-SP5-GCE-SAP-BYOS

Image SLES12-SP5-GCE-SAP-On-Demand

Image SLES12-SP5-OCI-BYOS-BYOS

Image SLES12-SP5-OCI-BYOS-SAP-BYOS

Image SLES12-SP5-SAP-Azure-LI-BYOS-Production

Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production

SUSE Linux Enterprise Desktop 12 SP4

SUSE Linux Enterprise Server 12 SP4

SUSE Linux Enterprise Server 12 SP5

SUSE Linux Enterprise Server for SAP Applications 12 SP4

SUSE Linux Enterprise Server for SAP Applications 12 SP5

SUSE Linux Enterprise Software Development Kit 12 SP4

SUSE Linux Enterprise Software Development Kit 12 SP5

Ссылки

Уязвимость: CVE-2018-10754

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2019-17594

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2019-17595

Описание

Затронутые продукты

Ссылки