Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

openSUSE-SU-2018:0159-1

Опубликовано: 20 янв. 2018
Источник: suse-cvrf

Описание

Security update for ncurses

This update for ncurses fixes the following issues:

Security issues fixed:

  • CVE-2017-13728: Fix infinite loop in the next_char function in comp_scan.c (bsc#1056136).
  • CVE-2017-13730: Fix illegal address access in the function _nc_read_entry_source() (bsc#1056131).
  • CVE-2017-13733: Fix illegal address access in the fmt_entry function (bsc#1056127).
  • CVE-2017-13729: Fix illegal address access in the _nc_save_str (bsc#1056132).
  • CVE-2017-13732: Fix illegal address access in the function dump_uses() (bsc#1056128).
  • CVE-2017-13731: Fix illegal address access in the function postprocess_termcap() (bsc#1056129).

This update was imported from the SUSE:SLE-12:Update update project.

Список пакетов

openSUSE Leap 42.2
libncurses5-5.9-62.1
libncurses5-32bit-5.9-62.1
libncurses6-5.9-62.1
libncurses6-32bit-5.9-62.1
ncurses-5.9-62.1
ncurses-devel-5.9-62.1
ncurses-devel-32bit-5.9-62.1
ncurses-utils-5.9-62.1
tack-5.9-62.1
terminfo-5.9-62.1
terminfo-base-5.9-62.1
openSUSE Leap 42.3
libncurses5-5.9-62.1
libncurses5-32bit-5.9-62.1
libncurses6-5.9-62.1
libncurses6-32bit-5.9-62.1
ncurses-5.9-62.1
ncurses-devel-5.9-62.1
ncurses-devel-32bit-5.9-62.1
ncurses-utils-5.9-62.1
tack-5.9-62.1
terminfo-5.9-62.1
terminfo-base-5.9-62.1

Ссылки

Описание

There is an infinite loop in the next_char function in comp_scan.c in ncurses 6.0, related to libtic. A crafted input will lead to a remote denial of service attack.

Затронутые продукты
openSUSE Leap 42.2:libncurses5-32bit-5.9-62.1
openSUSE Leap 42.2:libncurses5-5.9-62.1
openSUSE Leap 42.2:libncurses6-32bit-5.9-62.1
openSUSE Leap 42.2:libncurses6-5.9-62.1
Ссылки

Описание

There is an illegal address access in the _nc_save_str function in alloc_entry.c in ncurses 6.0. It will lead to a remote denial of service attack.

Затронутые продукты
openSUSE Leap 42.2:libncurses5-32bit-5.9-62.1
openSUSE Leap 42.2:libncurses5-5.9-62.1
openSUSE Leap 42.2:libncurses6-32bit-5.9-62.1
openSUSE Leap 42.2:libncurses6-5.9-62.1
Ссылки

Описание

There is an illegal address access in the function _nc_read_entry_source() in progs/tic.c in ncurses 6.0 that might lead to a remote denial of service attack.

Затронутые продукты
openSUSE Leap 42.2:libncurses5-32bit-5.9-62.1
openSUSE Leap 42.2:libncurses5-5.9-62.1
openSUSE Leap 42.2:libncurses6-32bit-5.9-62.1
openSUSE Leap 42.2:libncurses6-5.9-62.1
Ссылки

Описание

There is an illegal address access in the function postprocess_termcap() in parse_entry.c in ncurses 6.0 that will lead to a remote denial of service attack.

Затронутые продукты
openSUSE Leap 42.2:libncurses5-32bit-5.9-62.1
openSUSE Leap 42.2:libncurses5-5.9-62.1
openSUSE Leap 42.2:libncurses6-32bit-5.9-62.1
openSUSE Leap 42.2:libncurses6-5.9-62.1
Ссылки

Описание

There is an illegal address access in the function dump_uses() in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack.

Затронутые продукты
openSUSE Leap 42.2:libncurses5-32bit-5.9-62.1
openSUSE Leap 42.2:libncurses5-5.9-62.1
openSUSE Leap 42.2:libncurses6-32bit-5.9-62.1
openSUSE Leap 42.2:libncurses6-5.9-62.1
Ссылки

Описание

There is an illegal address access in the fmt_entry function in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack.

Затронутые продукты
openSUSE Leap 42.2:libncurses5-32bit-5.9-62.1
openSUSE Leap 42.2:libncurses5-5.9-62.1
openSUSE Leap 42.2:libncurses6-32bit-5.9-62.1
openSUSE Leap 42.2:libncurses6-5.9-62.1
Ссылки
Уязвимость openSUSE-SU-2018:0159-1