Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2017.2573 ncurses -- multiple issues 12 October 2017 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: ncurses Publisher: FreeBSD Operating System: FreeBSD UNIX variants (UNIX, Linux, OSX) Impact/Access: Denial of Service -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2017-13734 CVE-2017-13733 CVE-2017-13732 CVE-2017-13731 CVE-2017-13730 CVE-2017-13729 CVE-2017-13728 Original Bulletin: http://www.vuxml.org/freebsd/b84dbd94-e894-4c91-b8cd-d328537b1b2b.html Comment: This advisory references vulnerabilities in products which run on platforms other than FreeBSD. It is recommended that administrators running ncurses check for an updated version of the software for their operating system. - --------------------------BEGIN INCLUDED TEXT-------------------- ncurses -- multiple issues Affected packages ncurses <= 6.0 Details VuXML ID b84dbd94-e894-4c91-b8cd-d328537b1b2b Discovery 2017-08-29 Entry 2017-10-11 ncurses developers reports: There are multiple illegal address access issues and an infinite loop issue. Please refer to the CVE list for details. References CVE Name CVE-2017-13728 CVE Name CVE-2017-13729 CVE Name CVE-2017-13730 CVE Name CVE-2017-13731 CVE Name CVE-2017-13732 CVE Name CVE-2017-13733 CVE Name CVE-2017-13734 URL https://bugzilla.redhat.com/show_bug.cgi?id=1484274 URL https://bugzilla.redhat.com/show_bug.cgi?id=1484276 URL https://bugzilla.redhat.com/show_bug.cgi?id=1484284 URL https://bugzilla.redhat.com/show_bug.cgi?id=1484285 URL https://bugzilla.redhat.com/show_bug.cgi?id=1484287 URL https://bugzilla.redhat.com/show_bug.cgi?id=1484290 URL https://bugzilla.redhat.com/show_bug.cgi?id=1484291 - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBWd7vgIx+lLeg9Ub1AQi+gg//bpxtyz9R9qXIBUak+t1ku/MXHoGz8vcT r/kKMV4oIwQGgCd41WAieXfUgqpV0oXQ9Ko7OzHfOgTp93oheXbItS3qab79kRkE iECtYMZFytSchwBI+y2IiIqI7oBCHFoQoqZCUfUlMfx0/uJcnECaOIGSPIJhH+pE owJU/RqKvgtrzCYnBdPycHNiTPqOYdTlTjXzlJKehC465oFxdrH7L1nGARbg8eKX wi7TO5lu0z+ipf8yd8iA0LMILPlqYODmtPNSho09FihIqCqdIockFxuxtyymC0Xz NjtGo1r9eNB0WAAaU+/cJP1I2yQoEU/mwT09KPhOIPuMkd7jc028illGEWkoAeS+ bq9laO+33Hnmo3m+lBrLrmdLirNscCrBm70uKCizZPp5MevJNrMQblnmq0BpLFXX QsNtjPMVnRqT6cejy0Eyotlm5DbQIGIHJISxPUHpdJQJCZWCS0NGTzOyUeo1jiyK 1c/cHr5ZY2CAcEWTURxCXSLb3SNMdqcYOEMQO4mNmXNZjMi+NRjpMn85q2Fh6HqA xNhnbKgYFnUylqItWaoOzAVd/nKaRSLO18f6SO/Ilcczdn0BloqFHpajkn1W73R4 Vcd2l/x/+py8Djri6S5olywLf7ZwkInfE/OVIX2At+y0gdF9qqcVTfQL5kkHkoJj fmkhjCe5zHU= =eAaF -----END PGP SIGNATURE-----