diff options
author | Ovidiu Panait <ovidiu.panait@windriver.com> | 2017-09-20 13:13:49 +0300 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2017-09-21 09:24:25 +0100 |
commit | 455877548e7a685f0dacf3b10056ff85c7aeedf2 (patch) | |
tree | cb53bf66b49a2df64ecee67b5fa2933fdee3addf /scripts/verify-bashisms | |
parent | 59106e5dce83abfd3d5c58883df4cee028cea5e0 (diff) | |
download | poky-455877548e7a685f0dacf3b10056ff85c7aeedf2.tar.gz |
ncurses: CVE-2017-13732, CVE-2017-13734, CVE-2017-13730, CVE-2017-13729, CVE-2017-13728, CVE-2017-13731
There is an illegal address access in the function dump_uses() in progs/dump_entry.c
in ncurses 6.0 that might lead to a remote denial of service attack.
There is an illegal address access in the _nc_safe_strcat function in
strings.c in ncurses 6.0 that will lead to a remote denial of service attack.
There is an illegal address access in the function _nc_read_entry_source()
in progs/tic.c in ncurses 6.0 that might lead to a remote denial of service attack.
There is an illegal address access in the _nc_save_str function in
alloc_entry.c in ncurses 6.0. It will lead to a remote denial of service attack.
There is an infinite loop in the next_char function in comp_scan.c in
ncurses 6.0, related to libtic. A crafted input will lead to a remote denial of service attack.
There is an illegal address access in the function postprocess_termcap()
in parse_entry.c in ncurses 6.0 that will lead to a remote denial of service attack.
References:
https://nvd.nist.gov/vuln/detail/CVE-2017-13734
https://nvd.nist.gov/vuln/detail/CVE-2017-13732
https://nvd.nist.gov/vuln/detail/CVE-2017-13731
https://nvd.nist.gov/vuln/detail/CVE-2017-13730
https://nvd.nist.gov/vuln/detail/CVE-2017-13729
https://nvd.nist.gov/vuln/detail/CVE-2017-13728
Upstream patch:
https://anonscm.debian.org/cgit/collab-maint/ncurses.git/commit/?id=129aac80802d997b86ab0663836b7fdafb8e3926
(From OE-Core rev: 52d0f351062da730055ffc6b953ff4e68ddb437f)
Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'scripts/verify-bashisms')
0 files changed, 0 insertions, 0 deletions