Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 579
Alerts This Week
Warning Icon 1 579

Ubuntu 18.04: USN-6684-1 Moderate: ncurses Denial Of Service Risk

ubuntu
Calendar Grey March 7, 2024
Dist Ubuntu Esm H88
Ubuntu 6684-2 underscores a vulnerability in gnome-shell that may cause arbitrary code execution via specially designed files.
ncurses could be made to crash if it received specially crafted input.

Summary

ncurses could be made to crash if it received specially crafted

input.

Software Description:

- ncurses: shared libraries for terminal handling

Details:

It was discovered that ncurses incorrectly handled certain function return

values, possibly leading to segmentation fault. A local attacker could possibly

use this to cause a denial of service (system crash).

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS (Available with Ubuntu Pro):
  lib32ncurses5                   6.1-1ubuntu1.18.04.1+esm2
  lib32tinfo5                     6.1-1ubuntu1.18.04.1+esm2
  lib64ncurses5                   6.1-1ubuntu1.18.04.1+esm2
  lib64tinfo5                     6.1-1ubuntu1.18.04.1+esm2
  libncurses5                     6.1-1ubuntu1.18.04.1+esm2
  libtinfo5                       6.1-1ubuntu1.18.04.1+esm2
  libx32ncurses5                  6.1-1ubuntu1.18.04.1+esm2
  libx32tinfo5                    6.1-1ubuntu1.18.04.1+esm2

Ubuntu 16.04 LTS (Available with Ubuntu Pro):
  lib32ncurses5                   6.0+20160213-1ubuntu1+esm5
  lib32tinfo5                     6.0+20160213-1ubuntu1+esm5
  lib64ncurses5                   6.0+20160213-1ubuntu1+esm5
  lib64tinfo5                     6.0+20160213-1ubuntu1+esm5
  libncurses5                     6.0+20160213-1ubuntu1+esm5
  libtinfo5                       6.0+20160213-1ubuntu1+esm5
  libx32ncurses5                  6.0+20160213-1ubuntu1+esm5
  libx32tinfo5                    6.0+20160213-1ubuntu1+esm5

Ubuntu 14.04 LTS (Available with Ubuntu Pro):
  lib32ncurses5                   5.9+20140118-1ubuntu1+esm5
  lib32tinfo5                     5.9+20140118-1ubuntu1+esm5
  lib64ncurses5                   5.9+20140118-1ubuntu1+esm5
  lib64tinfo5                     5.9+20140118-1ubuntu1+esm5
  libncurses5                     5.9+20140118-1ubuntu1+esm5
  libtinfo5                       5.9+20140118-1ubuntu1+esm5
  libx32ncurses5                  5.9+20140118-1ubuntu1+esm5
  libx32tinfo5                    5.9+20140118-1ubuntu1+esm5

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-6684-1

CVE-2023-50495

Ubuntu Security Notice USN-6684-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.