Security update for ncurses

SUSE Security Update: Security update for ncurses
Announcement ID: SUSE-SU-2019:2997-1
Rating: moderate
References: #1103320 #1154036 #1154037
Cross-References:CVE-2019-17594 CVE-2019-17595
Affected Products:
  • SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1
  • SUSE Linux Enterprise Module for Legacy Software 15-SP1
  • SUSE Linux Enterprise Module for Legacy Software 15
  • SUSE Linux Enterprise Module for Development Tools 15-SP1
  • SUSE Linux Enterprise Module for Development Tools 15
  • SUSE Linux Enterprise Module for Basesystem 15-SP1
  • SUSE Linux Enterprise Module for Basesystem 15

An update that solves two vulnerabilities and has one errata is now available.

Description:

This update for ncurses fixes the following issues:
Security issues fixed:

  • CVE-2019-17594: Fixed a heap-based buffer over-read in the _nc_find_entry function (bsc#1154036).
  • CVE-2019-17595: Fixed a heap-based buffer over-read in the fmt_entry function (bsc#1154037).

Non-security issue fixed:
  • Removed screen.xterm from terminfo database (bsc#1103320).

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  • SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1:
    zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2997=1
  • SUSE Linux Enterprise Module for Legacy Software 15-SP1:
    zypper in -t patch SUSE-SLE-Module-Legacy-15-SP1-2019-2997=1
  • SUSE Linux Enterprise Module for Legacy Software 15:
    zypper in -t patch SUSE-SLE-Module-Legacy-15-2019-2997=1
  • SUSE Linux Enterprise Module for Development Tools 15-SP1:
    zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2019-2997=1
  • SUSE Linux Enterprise Module for Development Tools 15:
    zypper in -t patch SUSE-SLE-Module-Development-Tools-15-2019-2997=1
  • SUSE Linux Enterprise Module for Basesystem 15-SP1:
    zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-2997=1
  • SUSE Linux Enterprise Module for Basesystem 15:
    zypper in -t patch SUSE-SLE-Module-Basesystem-15-2019-2997=1

Package List:

  • SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (x86_64):
    • ncurses-debugsource-6.1-5.6.2
    • ncurses5-devel-32bit-6.1-5.6.2
  • SUSE Linux Enterprise Module for Legacy Software 15-SP1 (aarch64 ppc64le s390x x86_64):
    • libncurses5-6.1-5.6.2
    • libncurses5-debuginfo-6.1-5.6.2
    • ncurses-debugsource-6.1-5.6.2
    • ncurses5-devel-6.1-5.6.2
  • SUSE Linux Enterprise Module for Legacy Software 15-SP1 (x86_64):
    • libncurses5-32bit-6.1-5.6.2
    • libncurses5-32bit-debuginfo-6.1-5.6.2
  • SUSE Linux Enterprise Module for Legacy Software 15 (aarch64 ppc64le s390x x86_64):
    • libncurses5-6.1-5.6.2
    • libncurses5-debuginfo-6.1-5.6.2
    • ncurses-debugsource-6.1-5.6.2
    • ncurses5-devel-6.1-5.6.2
  • SUSE Linux Enterprise Module for Legacy Software 15 (x86_64):
    • libncurses5-32bit-6.1-5.6.2
    • libncurses5-32bit-debuginfo-6.1-5.6.2
  • SUSE Linux Enterprise Module for Development Tools 15-SP1 (x86_64):
    • ncurses-debugsource-6.1-5.6.2
    • ncurses-devel-32bit-6.1-5.6.2
    • ncurses-devel-32bit-debuginfo-6.1-5.6.2
  • SUSE Linux Enterprise Module for Development Tools 15 (x86_64):
    • ncurses-debugsource-6.1-5.6.2
    • ncurses-devel-32bit-6.1-5.6.2
    • ncurses-devel-32bit-debuginfo-6.1-5.6.2
  • SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x x86_64):
    • libncurses6-6.1-5.6.2
    • libncurses6-debuginfo-6.1-5.6.2
    • ncurses-debugsource-6.1-5.6.2
    • ncurses-devel-6.1-5.6.2
    • ncurses-devel-debuginfo-6.1-5.6.2
    • ncurses-utils-6.1-5.6.2
    • ncurses-utils-debuginfo-6.1-5.6.2
    • tack-6.1-5.6.2
    • tack-debuginfo-6.1-5.6.2
    • terminfo-6.1-5.6.2
    • terminfo-base-6.1-5.6.2
    • terminfo-iterm-6.1-5.6.2
    • terminfo-screen-6.1-5.6.2
  • SUSE Linux Enterprise Module for Basesystem 15-SP1 (x86_64):
    • libncurses6-32bit-6.1-5.6.2
    • libncurses6-32bit-debuginfo-6.1-5.6.2
  • SUSE Linux Enterprise Module for Basesystem 15 (aarch64 ppc64le s390x x86_64):
    • libncurses6-6.1-5.6.2
    • libncurses6-debuginfo-6.1-5.6.2
    • ncurses-debugsource-6.1-5.6.2
    • ncurses-devel-6.1-5.6.2
    • ncurses-devel-debuginfo-6.1-5.6.2
    • ncurses-utils-6.1-5.6.2
    • ncurses-utils-debuginfo-6.1-5.6.2
    • tack-6.1-5.6.2
    • tack-debuginfo-6.1-5.6.2
    • terminfo-6.1-5.6.2
    • terminfo-base-6.1-5.6.2
    • terminfo-iterm-6.1-5.6.2
    • terminfo-screen-6.1-5.6.2
  • SUSE Linux Enterprise Module for Basesystem 15 (x86_64):
    • libncurses6-32bit-6.1-5.6.2
    • libncurses6-32bit-debuginfo-6.1-5.6.2

References: