Bugzilla – Bug 1154037
VUL-0: CVE-2019-17595: ncurses: heap-based buffer over-read in fmt_entry function in tinfo/comp_hash.c
Last modified: 2020-04-28 12:58:49 UTC
CVE-2019-17595 There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-17595 http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-17595.html http://www.cvedetails.com/cve/CVE-2019-17595/ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17595 https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00013.html https://lists.gnu.org/archive/html/bug-ncurses/2019-10/msg00045.html
Created attachment 821521 [details] CVE-2019-17595.patch The question rises if this one fits all previous versions
An update workflow for this issue was started. This issue was rated as moderate. Please submit fixed packages until 2019-10-30. When done, reassign the bug to security-team@suse.de. https://swamp.suse.de/webswamp/wf/64389
done
SUSE-SU-2019:2997-1: An update that solves two vulnerabilities and has one errata is now available. Category: security (moderate) Bug References: 1103320,1154036,1154037 CVE References: CVE-2019-17594,CVE-2019-17595 Sources used: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (src): ncurses-6.1-5.6.2 SUSE Linux Enterprise Module for Legacy Software 15-SP1 (src): ncurses-6.1-5.6.2 SUSE Linux Enterprise Module for Legacy Software 15 (src): ncurses-6.1-5.6.2 SUSE Linux Enterprise Module for Development Tools 15-SP1 (src): ncurses-6.1-5.6.2 SUSE Linux Enterprise Module for Development Tools 15 (src): ncurses-6.1-5.6.2 SUSE Linux Enterprise Module for Basesystem 15-SP1 (src): ncurses-6.1-5.6.2 SUSE Linux Enterprise Module for Basesystem 15 (src): ncurses-6.1-5.6.2 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-SU-2019:2551-1: An update that solves two vulnerabilities and has one errata is now available. Category: security (moderate) Bug References: 1103320,1154036,1154037 CVE References: CVE-2019-17594,CVE-2019-17595 Sources used: openSUSE Leap 15.1 (src): ncurses-6.1-lp151.6.3.1
openSUSE-SU-2019:2550-1: An update that solves two vulnerabilities and has one errata is now available. Category: security (moderate) Bug References: 1103320,1154036,1154037 CVE References: CVE-2019-17594,CVE-2019-17595 Sources used: openSUSE Leap 15.0 (src): ncurses-6.1-lp150.9.1
SUSE-SU-2019:3094-1: An update that solves three vulnerabilities and has one errata is now available. Category: security (moderate) Bug References: 1131830,1134550,1154036,1154037 CVE References: CVE-2018-10754,CVE-2019-17594,CVE-2019-17595 Sources used: SUSE Linux Enterprise Software Development Kit 12-SP5 (src): ncurses-5.9-69.1 SUSE Linux Enterprise Software Development Kit 12-SP4 (src): ncurses-5.9-69.1 SUSE Linux Enterprise Server 12-SP5 (src): ncurses-5.9-69.1 SUSE Linux Enterprise Server 12-SP4 (src): ncurses-5.9-69.1 SUSE Linux Enterprise Desktop 12-SP4 (src): ncurses-5.9-69.1 SUSE CaaS Platform 3.0 (src): ncurses-5.9-69.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Done