USN-6684-1: ncurses vulnerability

Publication date

7 March 2024

Overview

ncurses could be made to crash if it received specially crafted input.


Packages

  • ncurses - shared libraries for terminal handling

Details

It was discovered that ncurses incorrectly handled certain function return
values, possibly leading to segmentation fault. A local attacker could possibly
use this to cause a denial of service (system crash).

It was discovered that ncurses incorrectly handled certain function return
values, possibly leading to segmentation fault. A local attacker could possibly
use this to cause a denial of service (system crash).

Update instructions

In general, a standard system update will make all the necessary changes.

Learn more about how to get the fixes.

The problem can be corrected by updating your system to the following package versions:

Ubuntu Release Package Version
18.04 bionic lib32ncurses5 –  6.1-1ubuntu1.18.04.1+esm2  
lib32tinfo5 –  6.1-1ubuntu1.18.04.1+esm2  
lib64ncurses5 –  6.1-1ubuntu1.18.04.1+esm2  
lib64tinfo5 –  6.1-1ubuntu1.18.04.1+esm2  
libncurses5 –  6.1-1ubuntu1.18.04.1+esm2  
libtinfo5 –  6.1-1ubuntu1.18.04.1+esm2  
libx32ncurses5 –  6.1-1ubuntu1.18.04.1+esm2  
libx32tinfo5 –  6.1-1ubuntu1.18.04.1+esm2  
16.04 xenial lib32ncurses5 –  6.0+20160213-1ubuntu1+esm5  
lib32tinfo5 –  6.0+20160213-1ubuntu1+esm5  
lib64ncurses5 –  6.0+20160213-1ubuntu1+esm5  
lib64tinfo5 –  6.0+20160213-1ubuntu1+esm5  
libncurses5 –  6.0+20160213-1ubuntu1+esm5  
libtinfo5 –  6.0+20160213-1ubuntu1+esm5  
libx32ncurses5 –  6.0+20160213-1ubuntu1+esm5  
libx32tinfo5 –  6.0+20160213-1ubuntu1+esm5  
14.04 trusty lib32ncurses5 –  5.9+20140118-1ubuntu1+esm5  
lib32tinfo5 –  5.9+20140118-1ubuntu1+esm5  
lib64ncurses5 –  5.9+20140118-1ubuntu1+esm5  
lib64tinfo5 –  5.9+20140118-1ubuntu1+esm5  
libncurses5 –  5.9+20140118-1ubuntu1+esm5  
libtinfo5 –  5.9+20140118-1ubuntu1+esm5  
libx32ncurses5 –  5.9+20140118-1ubuntu1+esm5  
libx32tinfo5 –  5.9+20140118-1ubuntu1+esm5  

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.


Have additional questions?

Talk to a member of the team ›