ALSA-2021:4426

[ALSA-2021:4426] Moderate: ncurses security update

Type:

security

Severity:

moderate

Release date:

2023-03-13

Description:

The ncurses (new curses) library routines are a terminal-independent method of updating character screens with reasonable optimization. The ncurses packages contain support utilities including a terminfo compiler tic, a decompiler infocmp, clear, tput, tset, and a termcap conversion tool captoinfo.

Security Fix(es):

* ncurses: heap-based buffer overflow in the _nc_find_entry function in tinfo/comp_hash.c (CVE-2019-17594)

* ncurses: heap-based buffer overflow in the fmt_entry function in tinfo/comp_hash.c (CVE-2019-17595)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	ncurses-libs-6.1-9.20180224.el8.aarch64.rpm	1db3a780b8cc0e2fa0b836fe736a34f1b4836e86c4753afd4ba5e1096246f1bc
aarch64	ncurses-c++-libs-6.1-9.20180224.el8.aarch64.rpm	2d09c7810b1a74bd020fa5e9709a09ff928ae57ab778b181fe8cd96bce1e5c3d
aarch64	ncurses-devel-6.1-9.20180224.el8.aarch64.rpm	5ee89972c397ba8567b0f57b967eab0e9992c0d7169684c5de0da099a0193961
aarch64	ncurses-compat-libs-6.1-9.20180224.el8.aarch64.rpm	70cbe7cb528ff29abd6888074c20460fbc6b110e99ca068499d816c4c157f049
aarch64	ncurses-6.1-9.20180224.el8.aarch64.rpm	9dce9d78069693f419bb83ff245a6623d5b924cf963b39fa12553acc79e416f8
i686	ncurses-compat-libs-6.1-9.20180224.el8.i686.rpm	00b4db4a85e0b8f7acd514d7ae985de547201d7cfca4a670b217abf81d60b5c7
i686	ncurses-libs-6.1-9.20180224.el8.i686.rpm	041cef48db4d419ec5b27581ac9a088f5dcdacf5c7f3df4ba879548efe199902
i686	ncurses-devel-6.1-9.20180224.el8.i686.rpm	e3686f893399fa3aefa92f5619a5c6dfae8bf004a9103f204ce17c6ed8011d43
i686	ncurses-c++-libs-6.1-9.20180224.el8.i686.rpm	f6b5576e5e162ba8767736ff17cfe6994f0155d6819aeef6006270f3a1405677
noarch	ncurses-base-6.1-9.20180224.el8.noarch.rpm	3a6bf123e3269fde1da217c8d914ef53e88a3fdaeda5efd009fd3d385004ea62
noarch	ncurses-term-6.1-9.20180224.el8.noarch.rpm	b9491dab8e29411dcf22fefd4093ec631dc7268612b9ef7ad2ea8e1e8d8f9372
ppc64le	ncurses-compat-libs-6.1-9.20180224.el8.ppc64le.rpm	0961981d514713829dbf2a730831a1dfbd3bbb61e622b6f6a15aea2f7053e718
ppc64le	ncurses-6.1-9.20180224.el8.ppc64le.rpm	6be92a474cf73d2717632881d7f8fd7848c19718c1e064ab24979e294ba6e71b
ppc64le	ncurses-c++-libs-6.1-9.20180224.el8.ppc64le.rpm	b84aceb575c762b7511f60fb2c42f3cef9a02306186194df4d5419a51af76da2
ppc64le	ncurses-devel-6.1-9.20180224.el8.ppc64le.rpm	bf31b59c31ec8a9d32ac25a84baba83b61d94ce1de48c081b1a6f4d5659317a5
ppc64le	ncurses-libs-6.1-9.20180224.el8.ppc64le.rpm	dde3fbc9fe698a0f5f09bfea28c6056ac161e8484b631f50a9d197ab62d95a7c
x86_64	ncurses-6.1-9.20180224.el8.x86_64.rpm	080093fd19d2f37bf82e8d4121fd130f5ba40445789e82ff1a23526ab82d93f0
x86_64	ncurses-compat-libs-6.1-9.20180224.el8.x86_64.rpm	3f4a4259899e391dc2487073f4952d229b643b5f05f274c3f2ae5a92de50540d
x86_64	ncurses-compat-libs-6.1-9.20180224.el8.x86_64.rpm	3f4a4259899e391dc2487073f4952d229b643b5f05f274c3f2ae5a92de50540d
x86_64	ncurses-devel-6.1-9.20180224.el8.x86_64.rpm	4309ddfd6a0aae4af6b96d7c5f66e395eec3c888ba22818cd29aacb614731925
x86_64	ncurses-devel-6.1-9.20180224.el8.x86_64.rpm	4309ddfd6a0aae4af6b96d7c5f66e395eec3c888ba22818cd29aacb614731925
x86_64	ncurses-c++-libs-6.1-9.20180224.el8.x86_64.rpm	6788f7416de9a03413c6ea206f8539ac93704bca34c2183b2c55cbdb9cf1aaad
x86_64	ncurses-c++-libs-6.1-9.20180224.el8.x86_64.rpm	6788f7416de9a03413c6ea206f8539ac93704bca34c2183b2c55cbdb9cf1aaad
x86_64	ncurses-libs-6.1-9.20180224.el8.x86_64.rpm	de7d3fef2b420025f993efb273cfc98a654a7edf605fce7f9ad8c5a3d20bfc03
x86_64	ncurses-libs-6.1-9.20180224.el8.x86_64.rpm	de7d3fef2b420025f993efb273cfc98a654a7edf605fce7f9ad8c5a3d20bfc03

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.