[Secure-testing-team] Bug#873723: ncurses: multiple vulnerabilities on tic, captoinfo, infotocap (CVE-2017-13728 to CVE-2017-13734)

[Raphael Hertzog]

Source: ncurses
X-Debbugs-CC: team at security.debian.org secure-testing-team at lists.alioth.debian.org
Severity: important
Tags: security

Hi,

the following vulnerabilities were published for ncurses.

CVE-2017-13728[0]:
| There is an infinite loop in the next_char function in comp_scan.c in
| ncurses 6.0, related to libtic. A crafted input will lead to a remote
| denial of service attack.

CVE-2017-13729[1]:
| There is an illegal address access in the _nc_save_str function in
| alloc_entry.c in ncurses 6.0. It will lead to a remote denial of
| service attack.

CVE-2017-13730[2]:
| There is an illegal address access in the function
| _nc_read_entry_source() in progs/tic.c in ncurses 6.0 that might lead
| to a remote denial of service attack.

CVE-2017-13731[3]:
| There is an illegal address access in the function
| postprocess_termcap() in parse_entry.c in ncurses 6.0 that will lead to
| a remote denial of service attack.

CVE-2017-13732[4]:
| There is an illegal address access in the function dump_uses() in
| progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of
| service attack.

CVE-2017-13733[5]:
| There is an illegal address access in the fmt_entry function in
| progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of
| service attack.

CVE-2017-13734[6]:
| There is an illegal address access in the _nc_safe_strcat function in
| strings.c in ncurses 6.0 that will lead to a remote denial of service
| attack.

If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-13728
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13728
[1] https://security-tracker.debian.org/tracker/CVE-2017-13729
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13729
[2] https://security-tracker.debian.org/tracker/CVE-2017-13730
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13730
[3] https://security-tracker.debian.org/tracker/CVE-2017-13731
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13731
[4] https://security-tracker.debian.org/tracker/CVE-2017-13732
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13732
[5] https://security-tracker.debian.org/tracker/CVE-2017-13733
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13733
[6] https://security-tracker.debian.org/tracker/CVE-2017-13734
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13734

Please adjust the affected versions in the BTS as needed.

Cheers,
-- 
Raphaël Hertzog ◈ Debian Developer

Support Debian LTS: https://www.freexian.com/services/debian-lts.html
Learn to master Debian: https://debian-handbook.info/get/