{"id":"MGASA-2018-0002","summary":"Updated ncurses packages fix security vulnerabilities","details":"Possible RCE via stack-based buffer overflow in the fmt_entry function\n(CVE-2017-10684).\n\nPossible RCE with format string vulnerability in the fmt_entry function\n(CVE-2017-10685).\n\nIllegal address access in append_acs (CVE-2017-11112).\n\nDereferencing NULL pointer in _nc_parse_entry (CVE-2017-11113).\n\nFix infinite loop in the next_char function in comp_scan.c\n(CVE-2017-13728).\n\nFix illegal address access in the _nc_save_str (CVE-2017-13729).\n\nFix illegal address access in the function _nc_read_entry_source()\n(CVE-2017-13730).\n\nFix illegal address access in the function postprocess_termcap()\n(CVE-2017-13731).\n\nFix illegal address access in the function dump_uses() (CVE-2017-13732).\n\nFix illegal address access in the fmt_entry function (CVE-2017-13733).\n\nFix stack-based buffer overflow in the _nc_write_entry() function\n(CVE-2017-16879).\n","modified":"2026-04-16T06:24:41.529629476Z","published":"2018-01-01T01:17:34Z","upstream":["CVE-2017-10684","CVE-2017-10685","CVE-2017-11112","CVE-2017-11113","CVE-2017-13728","CVE-2017-13729","CVE-2017-13730","CVE-2017-13731","CVE-2017-13732","CVE-2017-13733","CVE-2017-16879"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2018-0002.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=21197"},{"type":"WEB","url":"http://invisible-island.net/ncurses/NEWS.html"},{"type":"WEB","url":"https://lists.opensuse.org/opensuse-updates/2017-07/msg00071.html"},{"type":"WEB","url":"https://lists.opensuse.org/opensuse-updates/2017-08/msg00048.html"},{"type":"WEB","url":"https://lists.opensuse.org/opensuse-security-announce/2017-12/msg00002.html"}],"affected":[{"package":{"name":"ncurses","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/ncurses?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"6.0-8.1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0002.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}