Download
| Alert*
oval:org.secpod.oval:def:89044619
This update for ncurses fixes the following issues: Security issues fixed: - CVE-2017-10684: Possible RCE via stack-based buffer overflow in the fmt_entry function. - CVE-2017-10685: Possible RCE with format string vulnerability in the fmt_entry function oval:org.secpod.oval:def:89044760 This update for ncurses fixes the following issues: Security issues fixed: - CVE-2017-10684: Possible RCE via stack-based buffer overflow in the fmt_entry function. - CVE-2017-10685: Possible RCE with format string vulnerability in the fmt_entry function. Bugfixes: - Drop patch ncurses-5.9-environ ... oval:org.secpod.oval:def:89044846 This update for ncurses fixes the following issues: Security issues fixed: - CVE-2017-11112: Illegal address access in append_acs. - CVE-2017-11113: Dereferencing NULL pointer in _nc_parse_entry. - CVE-2017-10684, CVE-2017-10685: Add modified upstream fix from ncurses 6.0 to avoid broken termcap f ... oval:org.secpod.oval:def:89044969 This update for ncurses fixes the following issues: Security issues fixed: - CVE-2017-11112: Illegal address access in append_acs. - CVE-2017-11113: Dereferencing NULL pointer in _nc_parse_entry. - CVE-2017-10684, CVE-2017-10685: Add modified upstream fix from ncurses 6.0 to avoid broken termcap f ... oval:org.secpod.oval:def:1800023 CVE-2017-10684, CVE-2017-10685: In ncurses 6.0, there is a stack-based buffer overflow in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack. oval:org.secpod.oval:def:1800127 CVE-2017-10684, CVE-2017-10685: In ncurses 6.0, there is a stack-based buffer overflow in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack. oval:org.secpod.oval:def:1800854 CVE-2017-10684, CVE-2017-10685: In ncurses 6.0, there is a stack-based buffer overflow in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack. oval:org.secpod.oval:def:1900176 In ncurses-bin 6.0, there is a format string vulnerability in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack. oval:org.secpod.oval:def:1700222 In ncurses 6.0, there is an attempted 0xffffffffffffffff access in the append_acs function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data. In ncurses 6.0, there is a NULL Pointer Dereference in the _n ... |