Security update for ncurses
This update for ncurses fixes the following issues:
Security issues fixed:
- CVE-2017-11112: Illegal address access in append_acs. (bsc#1047964)
- CVE-2017-11113: Dereferencing NULL pointer in _nc_parse_entry. (bsc#1047965)
- CVE-2017-10684, CVE-2017-10685: Add modified upstream fix from ncurses 6.0 to avoid broken
termcap format (bsc#1046853, bsc#1046858, bsc#1049344)
This update was imported from the SUSE:SLE-12:Update update project.
-
Submitted by
Dr. Werner Fink (WernerFink)
Fixed bugs
bnc#1046853
VUL-0: CVE-2017-10685: ncurses: possible RCE with format string vulnerability in the fmt_entry function
bnc#1046858
VUL-0: CVE-2017-10684: ncurses: possible RCE via stack-based buffer overflow in the fmt_entry function
bnc#1049344
ncurses: terminfo-base: Wrong file format /etc/termcap
bnc#1047964
VUL-0: CVE-2017-11112: ncurses: Illegal address access in append_acs
bnc#1047965
VUL-0: CVE-2017-11113: ncurses: Dereferencing NULL pointer in _nc_parse_entry
