{"affected":[{"ecosystem_specific":{"binaries":[{"ncurses-devel":"5.6-93.12.1","ncurses-devel-32bit":"5.6-93.12.1","tack":"5.6-93.12.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Software Development Kit 11 SP4","name":"ncurses","purl":"pkg:rpm/suse/ncurses&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"5.6-93.12.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libncurses5":"5.6-93.12.1","libncurses5-32bit":"5.6-93.12.1","libncurses5-x86":"5.6-93.12.1","libncurses6":"5.6-93.12.1","libncurses6-32bit":"5.6-93.12.1","libncurses6-x86":"5.6-93.12.1","ncurses-devel":"5.6-93.12.1","ncurses-devel-32bit":"5.6-93.12.1","ncurses-utils":"5.6-93.12.1","tack":"5.6-93.12.1","terminfo":"5.6-93.12.1","terminfo-base":"5.6-93.12.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 11 SP4","name":"ncurses","purl":"pkg:rpm/suse/ncurses&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"5.6-93.12.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libncurses5":"5.6-93.12.1","libncurses5-32bit":"5.6-93.12.1","libncurses5-x86":"5.6-93.12.1","libncurses6":"5.6-93.12.1","libncurses6-32bit":"5.6-93.12.1","libncurses6-x86":"5.6-93.12.1","ncurses-devel":"5.6-93.12.1","ncurses-devel-32bit":"5.6-93.12.1","ncurses-utils":"5.6-93.12.1","tack":"5.6-93.12.1","terminfo":"5.6-93.12.1","terminfo-base":"5.6-93.12.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 11 SP4","name":"ncurses","purl":"pkg:rpm/suse/ncurses&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"5.6-93.12.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for ncurses fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2017-13728: Fix infinite loop in the next_char function in comp_scan.c (bsc#1056136).\n- CVE-2017-13729: Fix illegal address access in the _nc_save_str (bsc#1056132).\n- CVE-2017-13730: Fix illegal address access in the function _nc_read_entry_source() (bsc#1056131).\n- CVE-2017-13731: Fix illegal address access in the function postprocess_termcap() (bsc#1056129).\n- CVE-2017-13732: Fix illegal address access in the function dump_uses() (bsc#1056128).\n- CVE-2017-13733: Fix illegal address access in the fmt_entry function (bsc#1056127).\n- CVE-2017-16879: Fix stack-based buffer overflow in the _nc_write_entry() function (bsc#1069530).\n","id":"SUSE-SU-2017:3183-1","modified":"2017-12-01T14:06:18Z","published":"2017-12-01T14:06:18Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2017/suse-su-20173183-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1056127"},{"type":"REPORT","url":"https://bugzilla.suse.com/1056128"},{"type":"REPORT","url":"https://bugzilla.suse.com/1056129"},{"type":"REPORT","url":"https://bugzilla.suse.com/1056131"},{"type":"REPORT","url":"https://bugzilla.suse.com/1056132"},{"type":"REPORT","url":"https://bugzilla.suse.com/1056136"},{"type":"REPORT","url":"https://bugzilla.suse.com/1069530"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-13728"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-13729"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-13730"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-13731"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-13732"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-13733"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-16879"}],"related":["CVE-2017-13728","CVE-2017-13729","CVE-2017-13730","CVE-2017-13731","CVE-2017-13732","CVE-2017-13733","CVE-2017-16879"],"summary":"Security update for ncurses","upstream":["CVE-2017-13728","CVE-2017-13729","CVE-2017-13730","CVE-2017-13731","CVE-2017-13732","CVE-2017-13733","CVE-2017-16879"]}