Security
Headlines
HeadlinesLatestCVEs

Headline

Ubuntu Security Notice USN-6451-1

Ubuntu Security Notice 6451-1 - It was discovered that ncurses could be made to read out of bounds. An attacker could possibly use this issue to cause a denial of service.

Packet Storm
#vulnerability#ubuntu#dos

==========================================================================
Ubuntu Security Notice USN-6451-1
October 24, 2023

ncurses vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 18.04 LTS (Available with Ubuntu Pro)
  • Ubuntu 16.04 LTS (Available with Ubuntu Pro)
  • Ubuntu 14.04 LTS (Available with Ubuntu Pro)

Summary:

ncurses could be made to crash if it opened a specially crafted
file.

Software Description:

  • ncurses: shared libraries for terminal handling

Details:

It was discovered that ncurses could be made to read out of bounds.
An attacker could possibly use this issue to cause a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS (Available with Ubuntu Pro):
lib32ncurses5 6.1-1ubuntu1.18.04.1+esm1
lib32ncursesw5 6.1-1ubuntu1.18.04.1+esm1
lib32tinfo5 6.1-1ubuntu1.18.04.1+esm1
lib64ncurses5 6.1-1ubuntu1.18.04.1+esm1
lib64tinfo5 6.1-1ubuntu1.18.04.1+esm1
libncurses5 6.1-1ubuntu1.18.04.1+esm1
libncursesw5 6.1-1ubuntu1.18.04.1+esm1
libtinfo5 6.1-1ubuntu1.18.04.1+esm1
libx32ncurses5 6.1-1ubuntu1.18.04.1+esm1
libx32ncursesw5 6.1-1ubuntu1.18.04.1+esm1
libx32tinfo5 6.1-1ubuntu1.18.04.1+esm1
ncurses-bin 6.1-1ubuntu1.18.04.1+esm1

Ubuntu 16.04 LTS (Available with Ubuntu Pro):
lib32ncurses5 6.0+20160213-1ubuntu1+esm4
lib32ncursesw5 6.0+20160213-1ubuntu1+esm4
lib32tinfo5 6.0+20160213-1ubuntu1+esm4
lib64ncurses5 6.0+20160213-1ubuntu1+esm4
lib64tinfo5 6.0+20160213-1ubuntu1+esm4
libncurses5 6.0+20160213-1ubuntu1+esm4
libncursesw5 6.0+20160213-1ubuntu1+esm4
libtinfo5 6.0+20160213-1ubuntu1+esm4
libx32ncurses5 6.0+20160213-1ubuntu1+esm4
libx32ncursesw5 6.0+20160213-1ubuntu1+esm4
libx32tinfo5 6.0+20160213-1ubuntu1+esm4
ncurses-bin 6.0+20160213-1ubuntu1+esm4

Ubuntu 14.04 LTS (Available with Ubuntu Pro):
lib32ncurses5 5.9+20140118-1ubuntu1+esm4
lib32ncursesw5 5.9+20140118-1ubuntu1+esm4
lib32tinfo5 5.9+20140118-1ubuntu1+esm4
lib64ncurses5 5.9+20140118-1ubuntu1+esm4
lib64tinfo5 5.9+20140118-1ubuntu1+esm4
libncurses5 5.9+20140118-1ubuntu1+esm4
libncursesw5 5.9+20140118-1ubuntu1+esm4
libtinfo5 5.9+20140118-1ubuntu1+esm4
libx32ncurses5 5.9+20140118-1ubuntu1+esm4
libx32ncursesw5 5.9+20140118-1ubuntu1+esm4
libx32tinfo5 5.9+20140118-1ubuntu1+esm4
ncurses-bin 5.9+20140118-1ubuntu1+esm4

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-6451-1
CVE-2020-19189

Related news

Apple Security Advisory 12-11-2023-6

Apple Security Advisory 12-11-2023-6 - macOS Monterey 12.7.2 addresses code execution and out of bounds read vulnerabilities.

Apple Security Advisory 12-11-2023-5

Apple Security Advisory 12-11-2023-5 - macOS Ventura 13.6.3 addresses code execution and out of bounds read vulnerabilities.

Apple Security Advisory 12-11-2023-4

Apple Security Advisory 12-11-2023-4 - macOS Sonoma 14.2 addresses code execution, out of bounds read, and spoofing vulnerabilities.

CVE-2023-42932: About the security content of macOS Ventura 13.6.3

A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.2, macOS Ventura 13.6.3, macOS Monterey 12.7.2. An app may be able to access protected user data.

CVE-2023-42926: About the security content of macOS Sonoma 14.2

Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Sonoma 14.2. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution.

CVE-2020-19189: fuzzpoc/infotocap_poc5.md at master · zjuchenyuan/fuzzpoc

Buffer Overflow vulnerability in postprocess_terminfo function in tinfo/parse_entry.c:997 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.

Packet Storm: Latest News

CUPS IPP Attributes LAN Remote Code Execution