Advisories » MGASA-2018-0299

Updated ncurses packages fix security vulnerability

Publication date: 01 Jul 2018
Modification date: 01 Jul 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-10754

Description

A flaw was found in ncurses before 6.1.20180414 where a NULL Pointer
Dereference in the _nc_parse_entry function of tinfo/parse_entry.c could
lead to a remote denial of service if the terminfo library code is used to
process untrusted terminfo data in which a use-name is invalid syntax
(CVE-2018-10754).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=23135
• https://bugzilla.redhat.com/show_bug.cgi?id=1576119
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10754

SRPMS

6/core

• ncurses-6.0-8.3.mga6