Описание
Security update for ncurses
This update for ncurses fixes the following issues:
Security issues fixed:
- CVE-2017-11112: Illegal address access in append_acs. (bsc#1047964)
- CVE-2017-11113: Dereferencing NULL pointer in _nc_parse_entry. (bsc#1047965)
- CVE-2017-10684, CVE-2017-10685: Add modified upstream fix from ncurses 6.0 to avoid broken termcap format (bsc#1046853, bsc#1046858, bsc#1049344)
This update was imported from the SUSE:SLE-12:Update update project.
Список пакетов
openSUSE Leap 42.2
openSUSE Leap 42.3
Ссылки
- E-Mail link for openSUSE-SU-2017:2158-1
- SUSE Security Ratings
Описание
In ncurses 6.0, there is a stack-based buffer overflow in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.
Затронутые продукты
Ссылки
- CVE-2017-10684
- SUSE Bug 1046858
- SUSE Bug 1115932
- SUSE Bug 1175501
Описание
In ncurses 6.0, there is a format string vulnerability in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.
Затронутые продукты
Ссылки
- CVE-2017-10685
- SUSE Bug 1046853
- SUSE Bug 1115932
- SUSE Bug 1175501
Описание
In ncurses 6.0, there is an attempted 0xffffffffffffffff access in the append_acs function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.
Затронутые продукты
Ссылки
- CVE-2017-11112
- SUSE Bug 1046853
- SUSE Bug 1047964
- SUSE Bug 1175501
Описание
In ncurses 6.0, there is a NULL Pointer Dereference in the _nc_parse_entry function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.
Затронутые продукты
Ссылки
- CVE-2017-11113
- SUSE Bug 1046853
- SUSE Bug 1047965
- SUSE Bug 1175501