[RndTbl] [SECURITY] Fedora 38 Update: ncurses-6.4-7.20230520.fc38

Wow, this bug must have been in ncurses for decades. Yikes.

However, I'm at a loss to think of any setuid ncurses program?? Seems to have warranted a 7.8 severity though.

https://nvd.nist.gov/vuln/detail/CVE-2023-29491

ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.

Begin forwarded message:

Date: Wed, 31 Jan 2024 01:42:30 +0000 (UTC) From: updates@fedoraproject.org To: package-announce@lists.fedoraproject.org Subject: [SECURITY] Fedora 38 Update: ncurses-6.4-7.20230520.fc38

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-96090dafaf 2024-01-31 01:41:22.934193 --------------------------------------------------------------------------------

Name : ncurses -------------------------------------------------------------------------------- Update Information:

Update to newer ncurses version, which fixes CVE-2023-29491 and CVE-2023-50495. -------------------------------------------------------------------------------- ChangeLog:

* Tue Aug 22 2023 Miroslav Lichvar mlichvar@redhat.com 6.4-7.20230520 - ignore TERMINFO and HOME only if setuid/setgid/capability * Thu Jul 20 2023 Fedora Release Engineering releng@fedoraproject.org - 6.4-6.20230520 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild * Tue Jun 27 2023 Debarshi Ray rishi@fedoraproject.org 6.4-5.20230520 - move foot entries to -base (#2217982) * Mon May 22 2023 Miroslav Lichvar mlichvar@redhat.com 6.4-4.20230520 - update to 6.4-20230520 - build with options disabling root file access and environment -------------------------------------------------------------------------------- References:

[ 1 ] Bug #2191704 - CVE-2023-29491 ncurses: Local users can trigger security-relevant memory corruption via malformed data https://bugzilla.redhat.com/show_bug.cgi?id=2191704 [ 2 ] Bug #2254244 - CVE-2023-50495 ncurses: segmentation fault via _nc_wrap_entry() https://bugzilla.redhat.com/show_bug.cgi?id=2254244