openSUSE-SU-2018:4034-1

Опубликовано: 07 дек. 2018

Источник: suse-cvrf

Описание

Security update for ncurses

This update for ncurses fixes the following issue:

Security issue fixed:

CVE-2018-19211: Fixed denial of service issue that was triggered by a NULL pointer dereference at function _nc_parse_entry (bsc#1115929).

This update was imported from the SUSE:SLE-12:Update update project.

Список пакетов

openSUSE Leap 42.3

libncurses5-5.9-66.1

libncurses5-32bit-5.9-66.1

libncurses6-5.9-66.1

libncurses6-32bit-5.9-66.1

ncurses-5.9-66.1

ncurses-devel-5.9-66.1

ncurses-devel-32bit-5.9-66.1

ncurses-utils-5.9-66.1

tack-5.9-66.1

terminfo-5.9-66.1

terminfo-base-5.9-66.1

Ссылки

https://lists.opensuse.org/opensuse-security-announce/2018-12/msg00011.html
E-Mail link for openSUSE-SU-2018:4034-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings

Описание

In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a "dubious character `*' in name or alias field" detection.

Затронутые продукты

openSUSE Leap 42.3:libncurses5-32bit-5.9-66.1

openSUSE Leap 42.3:libncurses5-5.9-66.1

openSUSE Leap 42.3:libncurses6-32bit-5.9-66.1

openSUSE Leap 42.3:libncurses6-5.9-66.1

Ссылки

https://www.suse.com/security/cve/CVE-2018-19211.html
CVE-2018-19211
https://bugzilla.suse.com/1115929
SUSE Bug 1115929
https://bugzilla.suse.com/1131830
SUSE Bug 1131830

openSUSE-SU-2018:4034-1

Описание

Список пакетов

openSUSE Leap 42.3

Ссылки

Уязвимость: CVE-2018-19211

Описание

Затронутые продукты

Ссылки