mirror of
https://git.yoctoproject.org/poky
synced 2026-05-08 17:19:20 +00:00
Ovidiu Panait
455877548e
There is an illegal address access in the function dump_uses() in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack. There is an illegal address access in the _nc_safe_strcat function in strings.c in ncurses 6.0 that will lead to a remote denial of service attack. There is an illegal address access in the function _nc_read_entry_source() in progs/tic.c in ncurses 6.0 that might lead to a remote denial of service attack. There is an illegal address access in the _nc_save_str function in alloc_entry.c in ncurses 6.0. It will lead to a remote denial of service attack. There is an infinite loop in the next_char function in comp_scan.c in ncurses 6.0, related to libtic. A crafted input will lead to a remote denial of service attack. There is an illegal address access in the function postprocess_termcap() in parse_entry.c in ncurses 6.0 that will lead to a remote denial of service attack. References: https://nvd.nist.gov/vuln/detail/CVE-2017-13734 https://nvd.nist.gov/vuln/detail/CVE-2017-13732 https://nvd.nist.gov/vuln/detail/CVE-2017-13731 https://nvd.nist.gov/vuln/detail/CVE-2017-13730 https://nvd.nist.gov/vuln/detail/CVE-2017-13729 https://nvd.nist.gov/vuln/detail/CVE-2017-13728 Upstream patch: https://anonscm.debian.org/cgit/collab-maint/ncurses.git/commit/?id=129aac80802d997b86ab0663836b7fdafb8e3926 (From OE-Core rev: 52d0f351062da730055ffc6b953ff4e68ddb437f) Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
QEMU Emulation Targets ====================== To simplify development, the build system supports building images to work with the QEMU emulator in system emulation mode. Several architectures are currently supported in 32 and 64 bit variants: * ARM (qemuarm + qemuarm64) * x86 (qemux86 + qemux86-64) * PowerPC (qemuppc + qemuppc64) * MIPS (qemumips + qemumips64) Use of the QEMU images is covered in the Yocto Project Reference Manual. The appropriate MACHINE variable value corresponding to the target is given in brackets.