Debian GNU/Linux 2.2: 2000-11-21 Critical: Ncurses Local Escalation
debian
November 22, 2000
The version of the ncurses display library shipped with Debian GNU/Linux 2.2is vulnerable to several buffer overflows in the parsing of terminfodatabase files.
Topics Covered
Summary
The version of the ncurses display library shipped with Debian GNU/Linux 2.2
is vulnerable to several buffer overflows in the parsing of terminfo
database files. This problem was discovered by Jouko Pynnönen
<jouko@solutions.fi>. The problems are only exploitable in the presence of
setuid binaries linked to ncurses which use these particular functions,
including xmcd versions before 2.5pl1-7.1.
This problem is fixed in ncurses 5.0-6.0potato1 for Debian GNU/Linux 2.2,
and in ncurses 5.0-8 for Debian Unstable.
Debian GNU/Linux 2.1 alias slink
Slink is no longer being supported by the Debian Security Team. We highly
recommend an upgrade to the current stable release.
Debian GNU/Linux 2.2 (stable) alias potato
Fixes are currently available for the Alpha, ARM, Intel ia32, Motorola 680x0,
PowerPC and Sun SPARC architectures, and will be included in 2.2r2.
Source archives:
MD5 checksum: d474ae2d9cfc75191d0460d2fdeeafca
MD5 checksum: d2d53c5c9892ae5918141d9d9aa1f644
MD5 checksum: 0...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!