Описание
Security update for ncurses
This update for ncurses fixes the following issues:
Security issues fixed:
- CVE-2019-17594: Fixed a heap-based buffer over-read in the _nc_find_entry function (bsc#1154036).
- CVE-2019-17595: Fixed a heap-based buffer over-read in the fmt_entry function (bsc#1154037).
Non-security issue fixed:
- Removed screen.xterm from terminfo database (bsc#1103320).
This update was imported from the SUSE:SLE-15:Update update project.
Список пакетов
openSUSE Leap 15.0
libncurses5-6.1-lp150.9.1
libncurses5-32bit-6.1-lp150.9.1
libncurses6-6.1-lp150.9.1
libncurses6-32bit-6.1-lp150.9.1
ncurses-devel-6.1-lp150.9.1
ncurses-devel-32bit-6.1-lp150.9.1
ncurses-utils-6.1-lp150.9.1
ncurses5-devel-6.1-lp150.9.1
ncurses5-devel-32bit-6.1-lp150.9.1
tack-6.1-lp150.9.1
terminfo-6.1-lp150.9.1
terminfo-base-6.1-lp150.9.1
terminfo-iterm-6.1-lp150.9.1
terminfo-screen-6.1-lp150.9.1
Ссылки
- E-Mail link for openSUSE-SU-2019:2550-1
- SUSE Security Ratings
- SUSE Bug 1103320
- SUSE Bug 1154036
- SUSE Bug 1154037
- SUSE CVE CVE-2019-17594 page
- SUSE CVE CVE-2019-17595 page
Описание
There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.
Затронутые продукты
openSUSE Leap 15.0:libncurses5-32bit-6.1-lp150.9.1
openSUSE Leap 15.0:libncurses5-6.1-lp150.9.1
openSUSE Leap 15.0:libncurses6-32bit-6.1-lp150.9.1
openSUSE Leap 15.0:libncurses6-6.1-lp150.9.1
Ссылки
- CVE-2019-17594
- SUSE Bug 1154036
Описание
There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.
Затронутые продукты
openSUSE Leap 15.0:libncurses5-32bit-6.1-lp150.9.1
openSUSE Leap 15.0:libncurses5-6.1-lp150.9.1
openSUSE Leap 15.0:libncurses6-32bit-6.1-lp150.9.1
openSUSE Leap 15.0:libncurses6-6.1-lp150.9.1
Ссылки
- CVE-2019-17595
- SUSE Bug 1154037