ncurses: Multiple vulnerabilities Multiple vulnerabilities have been found in ncurses, the worst of which allows remote attackers to execute arbitrary code. ncurses 2018-04-17 2018-04-17 624644 625830 629276 639706 remote 6.1 6.1

Free software emulation of curses in System V.

Multiple vulnerabilities have been discovered in ncurses. Please review the CVE identifiers referenced below for details.

A remote attacker, by enticing the user to process untrusted terminfo or other data, could execute arbitrary code or cause a Denial of Service condition.

There is no known workaround at this time.

All ncurses users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=sys-libs/ncurses-6.1:0" CVE-2017-10684 CVE-2017-10685 CVE-2017-11112 CVE-2017-11113 CVE-2017-13728 CVE-2017-13729 CVE-2017-13730 CVE-2017-13731 CVE-2017-13732 CVE-2017-13733 CVE-2017-13734 CVE-2017-16879 b-man b-man