Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

ALAS-2023-1778

Related Vulnerabilities: CVE-2023-29491  

ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable. (CVE-2023-29491)

Source

ALAS-2023-1778

Amazon Linux AMI Security Advisory: ALAS-2023-1778
Advisory Release Date: 2023-07-05 21:44 Pacific
Advisory Updated Date: 2023-07-19 21:50 Pacific
Severity: Important
Issue Overview:

ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable. (CVE-2023-29491)


Affected Packages:

ncurses


Issue Correction:
Run yum update ncurses to update your system.

New Packages:
i686:
    ncurses-devel-5.7-4.20090207.15.amzn1.i686
    ncurses-libs-5.7-4.20090207.15.amzn1.i686
    ncurses-debuginfo-5.7-4.20090207.15.amzn1.i686
    ncurses-static-5.7-4.20090207.15.amzn1.i686
    ncurses-base-5.7-4.20090207.15.amzn1.i686
    ncurses-term-5.7-4.20090207.15.amzn1.i686
    ncurses-5.7-4.20090207.15.amzn1.i686

src:
    ncurses-5.7-4.20090207.15.amzn1.src

x86_64:
    ncurses-term-5.7-4.20090207.15.amzn1.x86_64
    ncurses-base-5.7-4.20090207.15.amzn1.x86_64
    ncurses-debuginfo-5.7-4.20090207.15.amzn1.x86_64
    ncurses-5.7-4.20090207.15.amzn1.x86_64
    ncurses-static-5.7-4.20090207.15.amzn1.x86_64
    ncurses-libs-5.7-4.20090207.15.amzn1.x86_64
    ncurses-devel-5.7-4.20090207.15.amzn1.x86_64

Additional References

Red Hat: CVE-2023-29491

Mitre: CVE-2023-29491

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started