Advisories ยป MGASA-2018-0002

Updated ncurses packages fix security vulnerabilities

Publication date: 01 Jan 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2017-10684 , CVE-2017-10685 , CVE-2017-11112 , CVE-2017-11113 , CVE-2017-13728 , CVE-2017-13729 , CVE-2017-13730 , CVE-2017-13731 , CVE-2017-13732 , CVE-2017-13733 , CVE-2017-16879

Description

Possible RCE via stack-based buffer overflow in the fmt_entry function
(CVE-2017-10684).

Possible RCE with format string vulnerability in the fmt_entry function
(CVE-2017-10685).

Illegal address access in append_acs (CVE-2017-11112).

Dereferencing NULL pointer in _nc_parse_entry (CVE-2017-11113).

Fix infinite loop in the next_char function in comp_scan.c
(CVE-2017-13728).

Fix illegal address access in the _nc_save_str (CVE-2017-13729).

Fix illegal address access in the function _nc_read_entry_source()
(CVE-2017-13730).

Fix illegal address access in the function postprocess_termcap()
(CVE-2017-13731).

Fix illegal address access in the function dump_uses() (CVE-2017-13732).

Fix illegal address access in the fmt_entry function (CVE-2017-13733).

Fix stack-based buffer overflow in the _nc_write_entry() function
(CVE-2017-16879).

References

SRPMS

6/core