Advisories » MGASA-2019-0387

Updated ncurses packages fix security vulnerabilities

Publication date: 14 Dec 2019
Modification date: 14 Dec 2019
Type: security
Affected Mageia releases : 7
CVE: CVE-2019-17594 , CVE-2019-17595

Description

Updated ncurses packages fix security vulnerabilities:

Heap-based buffer over-read in the _nc_find_entry function
(CVE-2019-17594).

Heap-based buffer over-read in the fmt_entry function
(CVE-2019-17595).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=25814
• https://lists.opensuse.org/opensuse-updates/2019-11/msg00126.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17594
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17595

SRPMS

7/core

• ncurses-6.1-20181117.3.1.mga7