Explore top 10 tips to secure your open-source projects now. Read More
×
Several security issues were fixed in ncurses.
Software Description:
- ncurses: shared libraries for terminal handling (32-bit)
Details:
It was discovered that ncurses was not properly checking array bounds
when executing the fmt_entry function, which could result in an
out-of-bounds write. An attacker could possibly use this issue to
execute arbitrary code. (CVE-2017-10684)
It was discovered that ncurses was not properly checking user input,
which could result in it being treated as a format argument. An
attacker could possibly use this issue to expose sensitive
information or to execute arbitrary code. (CVE-2017-10685)
It was discovered that ncurses was incorrectly performing memory
management operations and was not blocking access attempts to
illegal memory locations. An attacker could possibly use this issue
to cause a denial of service. (CVE-2017-11112, CVE-2017-13729,
CVE-2017-13730, CVE-2017-13731, CVE-2017-13732, CVE-2017-13733,
CVE-2017-13734)
...
The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 ESM: lib32ncurses5 6.0+20160213-1ubuntu1+esm1 lib32ncursesw5 6.0+20160213-1ubuntu1+esm1 lib32tinfo5 6.0+20160213-1ubuntu1+esm1 lib64ncurses5 6.0+20160213-1ubuntu1+esm1 lib64tinfo5 6.0+20160213-1ubuntu1+esm1 libncurses5 6.0+20160213-1ubuntu1+esm1 libncursesw5 6.0+20160213-1ubuntu1+esm1 libtinfo5 6.0+20160213-1ubuntu1+esm1 libx32ncurses5 6.0+20160213-1ubuntu1+esm1 libx32ncursesw5 6.0+20160213-1ubuntu1+esm1 libx32tinfo5 6.0+20160213-1ubuntu1+esm1 ncurses-base 6.0+20160213-1ubuntu1+esm1 ncurses-bin 6.0+20160213-1ubuntu1+esm1 ncurses-term 6.0+20160213-1ubuntu1+esm1 Ubuntu 14.04 ESM: lib32ncurses5 5.9+20140118-1ubuntu1+esm1 lib32ncursesw5 5.9+20140118-1ubuntu1+esm1 lib32tinfo5 5.9+20140118-1ubuntu1+esm1 lib64ncurses5 5.9+20140118-1ubuntu1+esm1 lib64tinfo5 5.9+20140118-1ubuntu1+esm1 libncurses5 5.9+20140118-1ubuntu1+esm1 libncursesw5 5.9+20140118-1ubuntu1+esm1 libtinfo5 5.9+20140118-1ubuntu1+esm1 libx32ncurses5 5.9+20140118-1ubuntu1+esm1 libx32ncursesw5 5.9+20140118-1ubuntu1+esm1 libx32tinfo5 5.9+20140118-1ubuntu1+esm1 ncurses-base 5.9+20140118-1ubuntu1+esm1 ncurses-bin 5.9+20140118-1ubuntu1+esm1 ncurses-term 5.9+20140118-1ubuntu1+esm1 In general, a standard system update will make all the necessary changes.
https://ubuntu.com/security/notices/USN-5448-1
CVE-2017-10684, CVE-2017-10685, CVE-2017-11112, CVE-2017-11113,
CVE-2017-13728, CVE-2017-13729, CVE-2017-13730, CVE-2017-13731,
CVE-2017-13732, CVE-2017-13733, CVE-2017-13734
Get the latest Linux and open source security news straight to your inbox.