Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 530
Alerts This Week
Warning Icon 1 530

Debian GNU/Linux 2.2: 2000-11-21 Critical: Ncurses Local Escalation

debian
Calendar Grey November 22, 2000
Debian Logo
- ---------------------------------------------------------------------------- Debian Security Advis
The version of the ncurses display library shipped with Debian GNU/Linux 2.2is vulnerable to several buffer overflows in the parsing of terminfodatabase files.

Summary

The version of the ncurses display library shipped with Debian GNU/Linux 2.2
is vulnerable to several buffer overflows in the parsing of terminfo
database files. This problem was discovered by Jouko Pynnönen
<jouko@solutions.fi>. The problems are only exploitable in the presence of
setuid binaries linked to ncurses which use these particular functions,
including xmcd versions before 2.5pl1-7.1.

This problem is fixed in ncurses 5.0-6.0potato1 for Debian GNU/Linux 2.2,
and in ncurses 5.0-8 for Debian Unstable.

Debian GNU/Linux 2.1 alias slink

Slink is no longer being supported by the Debian Security Team. We highly
recommend an upgrade to the current stable release.

Debian GNU/Linux 2.2 (stable) alias potato

Fixes are currently available for the Alpha, ARM, Intel ia32, Motorola 680x0,
PowerPC and Sun SPARC architectures, and will be included in 2.2r2.

Source archives:


MD5 checksum: d474ae2d9cfc75191d0460d2fdeeafca


MD5 checksum: d2d53c5c9892ae5918141d9d9aa1f644


MD5 checksum: 0...

Read the Full Advisory

Severity
critical
Lowest
Low
Medium
High
Critical

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.