Описание
ELSA-2023-6698: ncurses security and bug fix update (MODERATE)
[6.2-10.20210508]
- ignore TERMINFO and HOME only if setuid/setgid/capability (#2211666)
[6.2-9.20210508]
- fix buffer overflow on terminfo with too many capabilities (CVE-2023-29491)
- ignore TERMINFO and HOME environment variables if running as root (#2211666)
Обновленные пакеты
Oracle Linux 9
Oracle Linux aarch64
ncurses
6.2-10.20210508.el9
ncurses-base
6.2-10.20210508.el9
ncurses-c++-libs
6.2-10.20210508.el9
ncurses-devel
6.2-10.20210508.el9
ncurses-libs
6.2-10.20210508.el9
ncurses-term
6.2-10.20210508.el9
Oracle Linux x86_64
ncurses
6.2-10.20210508.el9
ncurses-base
6.2-10.20210508.el9
ncurses-c++-libs
6.2-10.20210508.el9
ncurses-devel
6.2-10.20210508.el9
ncurses-libs
6.2-10.20210508.el9
ncurses-term
6.2-10.20210508.el9
Связанные CVE
Связанные уязвимости
ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.
ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.
ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.
ncurses before 6.4 20230408, when used by a setuid application, allows ...