Red Hat Bugzilla – Bug 4538
buffer overflow in libtermcap
Last modified: 2008-05-01 11:37:51 EDT
libtermcap's tgetent() function's bounds-checking is
incomplete, which can result in a buffer overflow from
a bogus termcap file.
I haven't yet come across any real-world security problems
resulting from this, but it should be fixed in any event.
I have a patch which I can supply you with. Thanks!
fixed in errata release...