Fedora has issued an advisory on May 30: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/7HLQEVJFQ247DQ52GYSLVDXINU3BMCXJ/
Status comment: (none) => Patch available from Fedora
Assigning to all packagers collectively, since there is no registered maintainer for this package.
Assignee: bugsquad => pkg-bugsCC: (none) => marja11
Patched package uploaded for Mageia 6. Advisory: ======================== Updated ncurses package fixes security vulnerability: A flaw was found in ncurses before 6.1.20180414 where a NULL Pointer Dereference in the _nc_parse_entry function of tinfo/parse_entry.c could lead to a remote denial of service if the terminfo library code is used to process untrusted terminfo data in which a use-name is invalid syntax (CVE-2018-10754). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10754 https://bugzilla.redhat.com/show_bug.cgi?id=1576119 ======================== Updated packages in core/updates_testing: ======================== lib64ncurses5-6.0-8.2.mga6 lib64ncurses6-6.0-8.2.mga6 lib64ncurses-devel-6.0-8.2.mga6 lib64ncursesw5-6.0-8.2.mga6 lib64ncursesw6-6.0-8.2.mga6 lib64ncursesw-devel-6.0-8.2.mga6 ncurses-6.0-8.2.mga6 ncurses-extraterms-6.0-8.2.mga6 from ncurses-6.0-8.2.mga6.src.rpm Test procedure: https://bugs.mageia.org/show_bug.cgi?id=21197#c12
Assignee: pkg-bugs => qa-bugsCC: (none) => mramboKeywords: (none) => has_procedure
Mageia 6, x86_64 Before updating: CVE-2018-10754 https://bugzilla.redhat.com/show_bug.cgi?id=1566575 $ tic POC "POC", line 1, col 4095: dubious character `[' in name or alias field "POC", line 1, col 4095: invalid entry name "t:@txXt:t[tc=�:tc=t���������������������������������ո��������������������� ������������ڸ������������������������������ڸ����������������������������������bbbbbbbbbbbbbbbbbbbbbbbbbbbb�����������������������������������������ո����������������������������������������������bbbWbbbbbbbbbbbbbbbbbbbbbbbb����������������bbbbbbb�����������������������������������������ո����������������������������������ڸ�����������������C@@:tc=t:cVVVVVVVV=�$C@@@@B��������������������������������������������������������������" "POC", line 1, col 4096, terminal 'invalid': Illegal character (expected alphanumeric or @%&*!#) - 'M-z' "POC", line 2, col 19, terminal 'invalid': Too much data, some is lost: t# "POC", line 2, col 21, terminal 'invalid': Illegal character - '^H' "POC", line 2, col 21, terminal 'invalid': unknown capability 't' "POC", line 2, col 22, terminal 'invalid': Illegal character (expected alphanumeric or @%&*!#) - '^H' "POC", line 3, col 9, terminal 'invalid': Too much data, some is lost: t Segmentation fault (core dumped) ---------------------------------------------------------------------------- Updated the packages: - lib64ncurses-devel-6.0-8.2.mga6.x86_64 - lib64ncurses5-6.0-8.2.mga6.x86_64 - lib64ncurses6-6.0-8.2.mga6.x86_64 - lib64ncursesw-devel-6.0-8.2.mga6.x86_64 - lib64ncursesw5-6.0-8.2.mga6.x86_64 - lib64ncursesw6-6.0-8.2.mga6.x86_64 - ncurses-6.0-8.2.mga6.x86_64 - ncurses-extraterms-6.0-8.2.mga6.x86_64 $ tic POC "POC", line 1, col 4095: dubious character `[' in name or alias field "POC", line 1, col 4095: invalid entry name "t:@txXt:t[tc=�:tc=t���������������������������������ո��������������������� ������������ڸ�������������������������� [...] ��������������������������������������������������������': Too much data, some is lost: Segmentation fault (core dumped) This output resembles that from the pre-update test but is much more verbose which demonstrates that something has changed, like the application of a patch, but the segfault has not been intercepted. Leaving this open for comments. $ urpmq --whatrequires ncurses | sort -u basesystem-minimal cmus eterm gfs2-utils kon2 mindi ncurses ncurses-extraterms nethogs quagga tritonus-fluidsynth Referring to the test procedure linked above: $ strace top 2> top.trace $ grep ncurses top.trace $ urpmq --requires-recursive irssi | sort -u | grep ncurses lib64ncurses6 $ urpmq --requires-recursive ettercap | sort -u | grep ncurses lib64ncurses6 lib64ncursesw6 Installed ettercap and ran $ ettercap -C which showed the interface in a terminal. Set some options from the menus but don't really have a clue about use and no time to investigate but curses is working. irssi I am familiar with. Onto freenode and joined #mageia-qa, gave a shout and left. No problems. Leaving this one hanging. Shall check back in a week or so. Probably OK.
CC: (none) => tarazed25
With the patch from https://patchwork.openembedded.org/patch/150918/, there is no more segmentation fault. Advisory: ======================== Updated ncurses package fixes security vulnerability: A flaw was found in ncurses before 6.1.20180414 where a NULL Pointer Dereference in the _nc_parse_entry function of tinfo/parse_entry.c could lead to a remote denial of service if the terminfo library code is used to process untrusted terminfo data in which a use-name is invalid syntax (CVE-2018-10754). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10754 https://bugzilla.redhat.com/show_bug.cgi?id=1576119 ======================== Updated packages in core/updates_testing: ======================== lib(64)ncurses5-6.0-8.3.mga6 lib(64)ncurses6-6.0-8.3.mga6 lib(64)ncurses-devel-6.0-8.3.mga6 lib(64)ncursesw5-6.0-8.3.mga6 lib(64)ncursesw6-6.0-8.3.mga6 lib(64)ncursesw-devel-6.0-8.3.mga6 ncurses-6.0-8.3.mga6 ncurses-extraterms-6.0-8.3.mga6 from ncurses-6.0-8.3.mga6.src.rpm
Status: NEW => ASSIGNEDCC: (none) => nicolas.salguero
MGA6-32 on IBM Thinkpad R50e MATE No installation issues. Tried ettercap -C, that displayed a menu, I could click on these, but no reaction whatsoever irssi: I could connect to freenode, join #mageia-qa, shouted a bit, but no response , left it. drakdm shows up OK. OK qs far as I am concerned.
Whiteboard: (none) => MGA6-32-OKCC: (none) => herman.viaene
Advisory committed to svn. Validating the update.
Keywords: (none) => advisory, validated_updateCC: (none) => davidwhodgins, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2018-0299.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED
This is the same issue as CVE-2018-19211: https://ubuntu.com/security/CVE-2018-19211