Recommended update for ncurses
SUSE Patch
security@suse.de
SUSE Security Team
openSUSE-SU-2017:1882-1
Final
1
1
2017-07-14T18:44:45Z
current
2017-07-14T18:44:45Z
2017-07-14T18:44:45Z
cve-database/bin/generate-cvrf.pl
2017-02-24T01:00:00Z
Recommended update for ncurses
This update for ncurses fixes the following issues:
Security issues fixed:
- CVE-2017-10684: Possible RCE via stack-based buffer overflow in the fmt_entry function. (bsc#1046858)
- CVE-2017-10685: Possible RCE with format string vulnerability in the fmt_entry function. (bsc#1046853)
Bugfixes:
- Drop patch ncurses-5.9-environment.dif as YaST2 ncurses GUI does
not need it anymore and as well as it causes bug bsc#1000662
This update was imported from the SUSE:SLE-12:Update update project.
The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0)
https://lists.opensuse.org/opensuse-security-announce/2017-07/msg00024.html
E-Mail link for openSUSE-SU-2017:1882-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
openSUSE Leap 42.2
libncurses5-5.9-55.3.1
libncurses5-32bit-5.9-55.3.1
libncurses6-5.9-55.3.1
libncurses6-32bit-5.9-55.3.1
ncurses-5.9-55.3.1
ncurses-devel-5.9-55.3.1
ncurses-devel-32bit-5.9-55.3.1
ncurses-utils-5.9-55.3.1
tack-5.9-55.3.1
terminfo-5.9-55.3.1
terminfo-base-5.9-55.3.1
libncurses5-5.9-55.3.1 as a component of openSUSE Leap 42.2
libncurses5-32bit-5.9-55.3.1 as a component of openSUSE Leap 42.2
libncurses6-5.9-55.3.1 as a component of openSUSE Leap 42.2
libncurses6-32bit-5.9-55.3.1 as a component of openSUSE Leap 42.2
ncurses-5.9-55.3.1 as a component of openSUSE Leap 42.2
ncurses-devel-5.9-55.3.1 as a component of openSUSE Leap 42.2
ncurses-devel-32bit-5.9-55.3.1 as a component of openSUSE Leap 42.2
ncurses-utils-5.9-55.3.1 as a component of openSUSE Leap 42.2
tack-5.9-55.3.1 as a component of openSUSE Leap 42.2
terminfo-5.9-55.3.1 as a component of openSUSE Leap 42.2
terminfo-base-5.9-55.3.1 as a component of openSUSE Leap 42.2
In ncurses 6.0, there is a stack-based buffer overflow in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.
CVE-2017-10684
openSUSE Leap 42.2:libncurses5-32bit-5.9-55.3.1
openSUSE Leap 42.2:libncurses5-5.9-55.3.1
openSUSE Leap 42.2:libncurses6-32bit-5.9-55.3.1
openSUSE Leap 42.2:libncurses6-5.9-55.3.1
openSUSE Leap 42.2:ncurses-5.9-55.3.1
openSUSE Leap 42.2:ncurses-devel-32bit-5.9-55.3.1
openSUSE Leap 42.2:ncurses-devel-5.9-55.3.1
openSUSE Leap 42.2:ncurses-utils-5.9-55.3.1
openSUSE Leap 42.2:tack-5.9-55.3.1
openSUSE Leap 42.2:terminfo-5.9-55.3.1
openSUSE Leap 42.2:terminfo-base-5.9-55.3.1
moderate
6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Please Install the update.
https://lists.opensuse.org/opensuse-security-announce/2017-07/msg00024.html
https://www.suse.com/security/cve/CVE-2017-10684.html
CVE-2017-10684
https://bugzilla.suse.com/1046858
SUSE Bug 1046858
https://bugzilla.suse.com/1115932
SUSE Bug 1115932
https://bugzilla.suse.com/1175501
SUSE Bug 1175501
In ncurses 6.0, there is a format string vulnerability in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.
CVE-2017-10685
openSUSE Leap 42.2:libncurses5-32bit-5.9-55.3.1
openSUSE Leap 42.2:libncurses5-5.9-55.3.1
openSUSE Leap 42.2:libncurses6-32bit-5.9-55.3.1
openSUSE Leap 42.2:libncurses6-5.9-55.3.1
openSUSE Leap 42.2:ncurses-5.9-55.3.1
openSUSE Leap 42.2:ncurses-devel-32bit-5.9-55.3.1
openSUSE Leap 42.2:ncurses-devel-5.9-55.3.1
openSUSE Leap 42.2:ncurses-utils-5.9-55.3.1
openSUSE Leap 42.2:tack-5.9-55.3.1
openSUSE Leap 42.2:terminfo-5.9-55.3.1
openSUSE Leap 42.2:terminfo-base-5.9-55.3.1
moderate
6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Please Install the update.
https://lists.opensuse.org/opensuse-security-announce/2017-07/msg00024.html
https://www.suse.com/security/cve/CVE-2017-10685.html
CVE-2017-10685
https://bugzilla.suse.com/1046853
SUSE Bug 1046853
https://bugzilla.suse.com/1115932
SUSE Bug 1115932
https://bugzilla.suse.com/1175501
SUSE Bug 1175501