Alerts This Week
Warning Icon 1 609
Alerts This Week
Warning Icon 1 609

openSUSE: 2017:1882-1 Important: Ncurses RCE Threat Fix

opensuse
Calendar Grey July 15, 2017
Dist Opensuse Esm H88
Revise and enhance address security matters involving RCE flaws in ncurses for openSUSE. Urgent measures required.
An update that solves two vulnerabilities and has one An update that solves two vulnerabilities and has one An update that solves two vulnerabilities and has one errata is now avai...

Description

This update for ncurses fixes the following issues:

Security issues fixed:

- CVE-2017-10684: Possible RCE via stack-based buffer overflow in the

fmt_entry function. (bsc#1046858)

- CVE-2017-10685: Possible RCE with format string vulnerability in the

fmt_entry function. (bsc#1046853)

Bugfixes:

- Drop patch ncurses-5.9-environment.dif as YaST2 ncurses GUI does not

need it anymore and as well as it causes bug bsc#1000662

This update was imported from the SUSE:SLE-12:Update update project.

Topics%20covered

Topics Covered

security advisory remote code execution ncurses vulnerability update recommendation openSUSE

Patch

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.2:

zypper in -t patch openSUSE-2017-823=1

To bring your system up-to-date, use "zypper patch".

Package List

- openSUSE Leap 42.2 (i586 x86_64):

libncurses5-5.9-55.3.1

libncurses5-debuginfo-5.9-55.3.1

libncurses6-5.9-55.3.1

libncurses6-debuginfo-5.9-55.3.1

ncurses-debugsource-5.9-55.3.1

ncurses-devel-5.9-55.3.1

ncurses-devel-debuginfo-5.9-55.3.1

ncurses-utils-5.9-55.3.1

ncurses-utils-debuginfo-5.9-55.3.1

tack-5.9-55.3.1

tack-debuginfo-5.9-55.3.1

terminfo-5.9-55.3.1

terminfo-base-5.9-55.3.1

- openSUSE Leap 42.2 (x86_64):

libncurses5-32bit-5.9-55.3.1

libncurses5-debuginfo-32bit-5.9-55.3.1

libncurses6-32bit-5.9-55.3.1

libncurses6-debuginfo-32bit-5.9-55.3.1

ncurses-devel-32bit-5.9-55.3.1

ncurses-devel-debuginfo-32bit-5.9-55.3.1

References

https://www.suse.com/security/cve/CVE-2017-10684.html

https://www.suse.com/security/cve/CVE-2017-10685.html

https://bugzilla.suse.com/1000662

https://bugzilla.suse.com/1046853

https://bugzilla.suse.com/1046858

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2017:1882-1
Rating: important
Affected Products: openSUSE Leap 42.2

Topics%20covered

Topics Covered

security advisory remote code execution ncurses vulnerability update recommendation openSUSE

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here