Package "libncurses5"
Name: |
libncurses5
|
Description: |
shared libraries for terminal handling (legacy version)
|
Latest version: |
6.3-2ubuntu0.1 |
Release: |
jammy (22.04) |
Level: |
updates |
Repository: |
universe |
Head package: |
ncurses |
Homepage: |
https://invisible-island.net/ncurses/ |
Links
Download "libncurses5"
Other versions of "libncurses5" in Jammy
Changelog
ncurses (6.3-2ubuntu0.1) jammy-security; urgency=medium
* SECURITY UPDATE: out-of-bounds read in the convert_strings function
- debian/patches/CVE-2022-29458.patch:add a limit-check to guard against
corrupt terminfo data.
- CVE-2022-29458
* SECURITY UPDATE: memory corruption when processing malformed terminfo data
entries loaded by setuid/setgid programs
- debian/patches/CVE-2023-29491-mitigation-1.patch: fix copy/paste error
in configure.in.
- debian/patches/CVE-2023-29491-mitigation-2.patch: change the
--disable-root-environ configure option behavior.
- debian/rules: set --disable-root-environ in configuration options.
- debian/libtinfo5.symbols, debian/libtinfo6.symbols: add _nc_env_access
to symbols files.
- CVE-2023-29491
-- Camila Camargo de Matos <email address hidden> Tue, 16 May 2023 15:45:27 -0300
|
CVE-2022-29458 |
ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo libra |
CVE-2023-29491 |
ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data |
|
About
-
Send Feedback to @ubuntu_updates