Overview

File _patchinfo of Package patchinfo.6486

<patchinfo incident="6486">
  <issue id="1056136" tracker="bnc">VUL-0: CVE-2017-13728: ncurses: infinite loop in the next_char function in comp_scan.c</issue>
  <issue id="1056126" tracker="bnc">VUL-0: CVE-2017-13734: ncurses: illegal address access in the _nc_safe_strcat</issue>
  <issue id="1056127" tracker="bnc">VUL-0: CVE-2017-13733: ncurses: illegal address access in the fmt_entry function</issue>
  <issue id="1056132" tracker="bnc">VUL-0: CVE-2017-13729: ncurses: illegal address access in the _nc_save_str</issue>
  <issue id="1056131" tracker="bnc">VUL-0: CVE-2017-13730: ncurses: illegal address access in the function _nc_read_entry_source()</issue>
  <issue id="1056128" tracker="bnc">VUL-0: CVE-2017-13732: ncurses: illegal address access in the function dump_uses()</issue>
  <issue id="1056129" tracker="bnc">VUL-0: CVE-2017-13731: ncurses: illegal address access in the function postprocess_termcap()</issue>
  <issue id="2017-13728" tracker="cve" />
  <issue id="2017-13729" tracker="cve" />
  <issue id="2017-13734" tracker="cve" />
  <issue id="2017-13731" tracker="cve" />
  <issue id="2017-13730" tracker="cve" />
  <issue id="2017-13733" tracker="cve" />
  <issue id="2017-13732" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>WernerFink</packager>
  <description>This update for ncurses fixes several issues.

These security issues were fixed:

- CVE-2017-13734: Prevent illegal address access in the _nc_safe_strcat
  function in strings.c that might have lead to a remote denial of service attack
  (bsc#1056126).
- CVE-2017-13733: Prevent illegal address access in the fmt_entry function in
  progs/dump_entry.c that might have lead to a remote denial of service attack
  (bsc#1056127).
- CVE-2017-13732: Prevent illegal address access in the function dump_uses() in
  progs/dump_entry.c that might have lead to a remote denial of service attack
  (bsc#1056128).
- CVE-2017-13731: Prevent illegal address access in the function
  postprocess_termcap() in parse_entry.c that might have lead to a remote denial
  of service attack (bsc#1056129).
- CVE-2017-13730: Prevent illegal address access in the function
  _nc_read_entry_source() in progs/tic.c that might have lead to a remote denial
  of service attack (bsc#1056131).
- CVE-2017-13729: Prevent illegal address access in the _nc_save_str function
  in alloc_entry.c that might have lead to a remote denial of service attack
  (bsc#1056132).
- CVE-2017-13728: Prevent infinite loop in the next_char function in
  comp_scan.c that might have lead to a remote denial of service attack
  (bsc#1056136).
</description>
  <summary>Security update for ncurses</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places