Headline
Ubuntu Security Notice USN-6451-1
Ubuntu Security Notice 6451-1 - It was discovered that ncurses could be made to read out of bounds. An attacker could possibly use this issue to cause a denial of service.
==========================================================================
Ubuntu Security Notice USN-6451-1
October 24, 2023
ncurses vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)
- Ubuntu 14.04 LTS (Available with Ubuntu Pro)
Summary:
ncurses could be made to crash if it opened a specially crafted
file.
Software Description:
- ncurses: shared libraries for terminal handling
Details:
It was discovered that ncurses could be made to read out of bounds.
An attacker could possibly use this issue to cause a denial of service.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS (Available with Ubuntu Pro):
lib32ncurses5 6.1-1ubuntu1.18.04.1+esm1
lib32ncursesw5 6.1-1ubuntu1.18.04.1+esm1
lib32tinfo5 6.1-1ubuntu1.18.04.1+esm1
lib64ncurses5 6.1-1ubuntu1.18.04.1+esm1
lib64tinfo5 6.1-1ubuntu1.18.04.1+esm1
libncurses5 6.1-1ubuntu1.18.04.1+esm1
libncursesw5 6.1-1ubuntu1.18.04.1+esm1
libtinfo5 6.1-1ubuntu1.18.04.1+esm1
libx32ncurses5 6.1-1ubuntu1.18.04.1+esm1
libx32ncursesw5 6.1-1ubuntu1.18.04.1+esm1
libx32tinfo5 6.1-1ubuntu1.18.04.1+esm1
ncurses-bin 6.1-1ubuntu1.18.04.1+esm1
Ubuntu 16.04 LTS (Available with Ubuntu Pro):
lib32ncurses5 6.0+20160213-1ubuntu1+esm4
lib32ncursesw5 6.0+20160213-1ubuntu1+esm4
lib32tinfo5 6.0+20160213-1ubuntu1+esm4
lib64ncurses5 6.0+20160213-1ubuntu1+esm4
lib64tinfo5 6.0+20160213-1ubuntu1+esm4
libncurses5 6.0+20160213-1ubuntu1+esm4
libncursesw5 6.0+20160213-1ubuntu1+esm4
libtinfo5 6.0+20160213-1ubuntu1+esm4
libx32ncurses5 6.0+20160213-1ubuntu1+esm4
libx32ncursesw5 6.0+20160213-1ubuntu1+esm4
libx32tinfo5 6.0+20160213-1ubuntu1+esm4
ncurses-bin 6.0+20160213-1ubuntu1+esm4
Ubuntu 14.04 LTS (Available with Ubuntu Pro):
lib32ncurses5 5.9+20140118-1ubuntu1+esm4
lib32ncursesw5 5.9+20140118-1ubuntu1+esm4
lib32tinfo5 5.9+20140118-1ubuntu1+esm4
lib64ncurses5 5.9+20140118-1ubuntu1+esm4
lib64tinfo5 5.9+20140118-1ubuntu1+esm4
libncurses5 5.9+20140118-1ubuntu1+esm4
libncursesw5 5.9+20140118-1ubuntu1+esm4
libtinfo5 5.9+20140118-1ubuntu1+esm4
libx32ncurses5 5.9+20140118-1ubuntu1+esm4
libx32ncursesw5 5.9+20140118-1ubuntu1+esm4
libx32tinfo5 5.9+20140118-1ubuntu1+esm4
ncurses-bin 5.9+20140118-1ubuntu1+esm4
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6451-1
CVE-2020-19189
Related news
Apple Security Advisory 12-11-2023-6 - macOS Monterey 12.7.2 addresses code execution and out of bounds read vulnerabilities.
Apple Security Advisory 12-11-2023-5 - macOS Ventura 13.6.3 addresses code execution and out of bounds read vulnerabilities.
Apple Security Advisory 12-11-2023-4 - macOS Sonoma 14.2 addresses code execution, out of bounds read, and spoofing vulnerabilities.
A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.2, macOS Ventura 13.6.3, macOS Monterey 12.7.2. An app may be able to access protected user data.
Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Sonoma 14.2. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution.
Buffer Overflow vulnerability in postprocess_terminfo function in tinfo/parse_entry.c:997 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.