SUSE: 2017:1815-1 Critical: Ncurses RCE Vulnerabilities Resolved
suse
July 7, 2017
An update that solves two vulnerabilities and has one An update that solves two vulnerabilities and has one An update that solves two vulnerabilities and has one errata is now avai...
Summary
This update for ncurses fixes the following issues: Security issues fixed: - CVE-2017-10684: Possible RCE via stack-based buffer overflow in the fmt_entry function. (bsc#1046858) - CVE-2017-10685: Possible RCE with format string vulnerability in the fmt_entry function. (bsc#1046853) Bugfixes: - Drop patch ncurses-5.9-environment.dif as YaST2 ncurses GUI does not need it anymore and as well as it causes bug bsc#1000662 Patch Instructions: To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP2: zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1119=1 - SUSE Linux Enterprise Server for Raspberry Pi 12-SP2: zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1119=1
References
#1000662 #1046853 #1046858
Cross- CVE-2017-10684 CVE-2017-10685
Affected Products:
SUSE Linux Enterprise Software Development Kit 12-SP2
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2
SUSE Linux Enterprise Server 12-SP2
SUSE Linux Enterprise Desktop 12-SP2
OpenStack Cloud Magnum Orchestration 7
https://www.suse.com/security/cve/CVE-2017-10684.html
https://www.suse.com/security/cve/CVE-2017-10685.html
https://bugzilla.suse.com/1000662
https://bugzilla.suse.com/1046853
https://bugzilla.suse.com/1046858
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Announcement ID: SUSE-SU-2017:1815-1
Rating: important
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!