Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Fedora 2024-96090dafaf: Memory Corruption and Segmentation Flaws in Ncurses

fedora
Calendar Grey January 31, 2024
Dist Fedora Esm H88
Recent enhancements to ncurses for Fedora 38 address vital glitches that led to memory leaks and segmentation errors. Ensure your system's safety!
Update to newer ncurses version, which fixes CVE-2023-29491 and CVE-2023-50495.

Summary

The curses library routines are a terminal-independent method of

updating character screens with reasonable optimization. The ncurses

(new curses) library is a freely distributable replacement for the

discontinued 4.4 BSD classic curses library.

This package contains support utilities, including a terminfo compiler

tic, a decompiler infocmp, clear, tput, tset, and a termcap conversion

tool captoinfo.

Update Information:

Update to newer ncurses version, which fixes CVE-2023-29491 and CVE-2023-50495.

Topics%20covered

Topics Covered

security advisory software update Fedora ncurses memory corruption segmentation fault

Change Log

* Tue Aug 22 2023 Miroslav Lichvar 6.4-7.20230520 - ignore TERMINFO and HOME only if setuid/setgid/capability * Thu Jul 20 2023 Fedora Release Engineering - 6.4-6.20230520 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild * Tue Jun 27 2023 Debarshi Ray 6.4-5.20230520 - move foot entries to -base (#2217982) * Mon May 22 2023 Miroslav Lichvar 6.4-4.20230520 - update to 6.4-20230520 - build with options disabling root file access and environment

References


[ 1 ] Bug #2191704 - CVE-2023-29491 ncurses: Local users can trigger security-relevant memory corruption via malformed data https://bugzilla.redhat.com/show_bug.cgi?id=2191704 [ 2 ] Bug #2254244 - CVE-2023-50495 ncurses: segmentation fault via _nc_wrap_entry() https://bugzilla.redhat.com/show_bug.cgi?id=2254244

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-96090dafaf' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html

Severity
important
Lowest
Low
Medium
High
Critical

Name: ncurses
Product: Fedora 38
Version: 6.4
Release: 7.20230520.fc38
URL: https://invisible-island.net/ncurses/ncurses.html
Summary: Ncurses support utilities

Topics%20covered

Topics Covered

security advisory software update Fedora ncurses memory corruption segmentation fault

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here