Package "ncurses"
Name: |
ncurses
|
Description: |
This package is just an umbrella for a group of other packages,
it has no description. Description samples from packages in group:
- developer's libraries for ncurses (32-bit)
- shared libraries for terminal handling (32-bit)
- shared libraries for terminal handling (wide character support) (32-bit)
- shared low-level terminfo library for terminal handling (32-bit)
|
Latest version: |
6.2-0ubuntu2.1 |
Release: |
focal (20.04) |
Level: |
security |
Repository: |
main |
Links
Other versions of "ncurses" in Focal
Packages in group
Deleted packages are displayed in grey.
Changelog
ncurses (6.2-0ubuntu2.1) focal-security; urgency=medium
* SECURITY UPDATE: heap buffer overflow in the _nc_captoinfo function
- debian/patches/CVE-2021-39537.patch: add a check for end-of-string in
cvtchar to handle a malformed string in infotocap.
- CVE-2021-39537
* SECURITY UPDATE: out-of-bounds read in the convert_strings function
- debian/patches/CVE-2022-29458.patch:add a limit-check to guard against
corrupt terminfo data.
- CVE-2022-29458
* SECURITY UPDATE: memory corruption when processing malformed terminfo data
entries loaded by setuid/setgid programs
- debian/patches/CVE-2023-29491-mitigation.patch: change the
--disable-root-environ configure option behavior.
- debian/rules: set --disable-root-environ in configuration options.
- debian/libtinfo5.symbols, debian/libtinfo6.symbols: add _nc_env_access
to symbols files.
- CVE-2023-29491
* debian/patches/fix-off-by-one-loop-convert-strings.patch: correct an
off-by-one loop-limit in convert_strings function.
-- Camila Camargo de Matos <email address hidden> Tue, 16 May 2023 15:47:48 -0300
|
CVE-2021-39537 |
An issue was discovered in ncurses through v6.2-1. _nc_captoinfo in captoinfo.c has a heap-based buffer overflow. |
CVE-2022-29458 |
ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo libra |
CVE-2023-29491 |
ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data |
|
About
-
Send Feedback to @ubuntu_updates