Описание
Recommended update for ncurses
This update for ncurses fixes the following issues:
Security issues fixed:
- CVE-2017-10684: Possible RCE via stack-based buffer overflow in the fmt_entry function. (bsc#1046858)
- CVE-2017-10685: Possible RCE with format string vulnerability in the fmt_entry function. (bsc#1046853)
Bugfixes:
- Drop patch ncurses-5.9-environment.dif as YaST2 ncurses GUI does not need it anymore and as well as it causes bug bsc#1000662
This update was imported from the SUSE:SLE-12:Update update project.
Список пакетов
openSUSE Leap 42.2
libncurses5-5.9-55.3.1
libncurses5-32bit-5.9-55.3.1
libncurses6-5.9-55.3.1
libncurses6-32bit-5.9-55.3.1
ncurses-5.9-55.3.1
ncurses-devel-5.9-55.3.1
ncurses-devel-32bit-5.9-55.3.1
ncurses-utils-5.9-55.3.1
tack-5.9-55.3.1
terminfo-5.9-55.3.1
terminfo-base-5.9-55.3.1
Ссылки
- E-Mail link for openSUSE-SU-2017:1882-1
- SUSE Security Ratings
Описание
In ncurses 6.0, there is a stack-based buffer overflow in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.
Затронутые продукты
openSUSE Leap 42.2:libncurses5-32bit-5.9-55.3.1
openSUSE Leap 42.2:libncurses5-5.9-55.3.1
openSUSE Leap 42.2:libncurses6-32bit-5.9-55.3.1
openSUSE Leap 42.2:libncurses6-5.9-55.3.1
Ссылки
- CVE-2017-10684
- SUSE Bug 1046858
- SUSE Bug 1115932
- SUSE Bug 1175501
Описание
In ncurses 6.0, there is a format string vulnerability in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.
Затронутые продукты
openSUSE Leap 42.2:libncurses5-32bit-5.9-55.3.1
openSUSE Leap 42.2:libncurses5-5.9-55.3.1
openSUSE Leap 42.2:libncurses6-32bit-5.9-55.3.1
openSUSE Leap 42.2:libncurses6-5.9-55.3.1
Ссылки
- CVE-2017-10685
- SUSE Bug 1046853
- SUSE Bug 1115932
- SUSE Bug 1175501