Download
| Alert*
|
oval:org.secpod.oval:def:89002033
This update for ncurses fixes the following issues: Security issues fixed: - CVE-2017-13728: Fix infinite loop in the next_char function in comp_scan.c . - CVE-2017-13730: Fix illegal address access in the function _nc_read_entry_source . - CVE-2017-13733: Fix illegal address access in the fmt_entry ... oval:org.secpod.oval:def:89043623 This update for ncurses fixes several issues. These security issues were fixed: - CVE-2017-13734: Prevent illegal address access in the _nc_safe_strcat function in strings.c that might have lead to a remote denial of service attack . - CVE-2017-13733: Prevent illegal address access in the fmt_entry ... oval:org.secpod.oval:def:89044904 This update for ncurses fixes the following issues: Security issues fixed: - CVE-2017-13728: Fix infinite loop in the next_char function in comp_scan.c . - CVE-2017-13729: Fix illegal address access in the _nc_save_str . - CVE-2017-13730: Fix illegal address access in the function _nc_read_entry_sou ... oval:org.secpod.oval:def:1800195 CVE-2017-11112: In ncurses 6.0, there is an attempted 0xffffffffffffffff access in the append_acs function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data. Fixed In Version: ncurses 6.0-20170701 oval:org.secpod.oval:def:1800284 CVE-2017-11112: In ncurses 6.0, there is an attempted 0xffffffffffffffff access in the append_acs function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data. Fixed In Version: ncurses 6.0-20170701 oval:org.secpod.oval:def:1900244 There is an illegal address access in the function post process_termcap in parse_entry.c in ncurses-bin 6.0 that will lead to a remote denial of service attack. oval:org.secpod.oval:def:2104603 Stack-based buffer overflow in the _nc_write_entry function in tinfo/write_entry.c in ncurses 6.0 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted terminfo file, as demonstrated by tic. oval:org.secpod.oval:def:1800556 CVE-2017-11112: In ncurses 6.0, there is an attempted 0xffffffffffffffff access in the append_acs function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data. Fixed In Version ncurses 6.0-20170701 |
