Support Content Notification - Support Portal

USN-6684-1: ncurses vulnerability

Product/Component

Operations Manager

3 more products

Notification Id

24679

Last Updated

07 August 2024

Initial Publication Date

15 July 2024

Status

CLOSED

Severity

LOW

CVSS Base Score

WorkAround

Affected CVE

CVE-2023-50495

Severity

low

Vendor

VMware Tanzu

Versions Affected

Canonical Ubuntu 18.04
Cflinuxfs3

Description

It was discovered that ncurses incorrectly handled certain function return values, possibly leading to segmentation fault. A local attacker could possibly use this to cause a denial of service (system crash). Update Instructions: Run `sudo pro fix USN-6684-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libx32ncurses5 - 6.0+20160213-1ubuntu1+esm5 lib32tinfo-dev - 6.0+20160213-1ubuntu1+esm5 ncurses-examples - 6.0+20160213-1ubuntu1+esm5 ncurses-bin - 6.0+20160213-1ubuntu1+esm5 lib32ncurses5-dev - 6.0+20160213-1ubuntu1+esm5 lib32ncursesw5 - 6.0+20160213-1ubuntu1+esm5 libtinfo-dev - 6.0+20160213-1ubuntu1+esm5 lib32ncursesw5-dev - 6.0+20160213-1ubuntu1+esm5 lib32tinfo5 - 6.0+20160213-1ubuntu1+esm5 libtinfo5 - 6.0+20160213-1ubuntu1+esm5 lib32ncurses5 - 6.0+20160213-1ubuntu1+esm5 lib64tinfo5 - 6.0+20160213-1ubuntu1+esm5 libncurses5-dev - 6.0+20160213-1ubuntu1+esm5 lib64ncurses5 - 6.0+20160213-1ubuntu1+esm5 lib64ncurses5-dev - 6.0+20160213-1ubuntu1+esm5 libncurses5 - 6.0+20160213-1ubuntu1+esm5 libx32ncurses5-dev - 6.0+20160213-1ubuntu1+esm5 libncursesw5 - 6.0+20160213-1ubuntu1+esm5 ncurses-base - 6.0+20160213-1ubuntu1+esm5 libx32tinfo-dev - 6.0+20160213-1ubuntu1+esm5 ncurses-doc - 6.0+20160213-1ubuntu1+esm5 libx32ncursesw5 - 6.0+20160213-1ubuntu1+esm5 libx32ncursesw5-dev - 6.0+20160213-1ubuntu1+esm5 libx32tinfo5 - 6.0+20160213-1ubuntu1+esm5 libncursesw5-dev - 6.0+20160213-1ubuntu1+esm5 ncurses-term - 6.0+20160213-1ubuntu1+esm5 Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro.

Fixed VMware Products and Versions