Updated ncurses packages fix security vulnerabilities
Publication date: 01 Jan 2018Type: security
Affected Mageia releases : 5
CVE: CVE-2017-10684 , CVE-2017-10685 , CVE-2017-11112 , CVE-2017-11113
Description
Possible RCE via stack-based buffer overflow in the fmt_entry function (CVE-2017-10684). Possible RCE with format string vulnerability in the fmt_entry function (CVE-2017-10685). Illegal address access in append_acs (CVE-2017-11112). Dereferencing NULL pointer in _nc_parse_entry (CVE-2017-11113).
References
- https://bugs.mageia.org/show_bug.cgi?id=21197
- https://lists.opensuse.org/opensuse-updates/2017-07/msg00071.html
- https://lists.opensuse.org/opensuse-updates/2017-08/msg00048.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10684
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10685
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11112
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11113
SRPMS
5/core
- ncurses-5.9-21.1.mga5