ALAS2-2018-1053


Amazon Linux 2 Security Advisory: ALAS-2018-1053
Advisory Release Date: 2018-08-09 22:15 Pacific
Severity: Low
References: CVE-2018-10754 

Issue Overview:

A NULL pointer dereference was found in the way the _nc_parse_entry function parses terminfo data for compilation. An attacker able to provide specially crafted terminfo data could use this flaw to crash the application parsing it.(CVE-2018-10754 )


Affected Packages:

ncurses


Issue Correction:
Run yum update ncurses to update your system.

New Packages:
i686:
    ncurses-6.0-8.20170212.amzn2.1.1.i686
    ncurses-libs-6.0-8.20170212.amzn2.1.1.i686
    ncurses-compat-libs-6.0-8.20170212.amzn2.1.1.i686
    ncurses-c++-libs-6.0-8.20170212.amzn2.1.1.i686
    ncurses-devel-6.0-8.20170212.amzn2.1.1.i686
    ncurses-static-6.0-8.20170212.amzn2.1.1.i686
    ncurses-debuginfo-6.0-8.20170212.amzn2.1.1.i686

noarch:
    ncurses-base-6.0-8.20170212.amzn2.1.1.noarch
    ncurses-term-6.0-8.20170212.amzn2.1.1.noarch

src:
    ncurses-6.0-8.20170212.amzn2.1.1.src

x86_64:
    ncurses-6.0-8.20170212.amzn2.1.1.x86_64
    ncurses-libs-6.0-8.20170212.amzn2.1.1.x86_64
    ncurses-compat-libs-6.0-8.20170212.amzn2.1.1.x86_64
    ncurses-c++-libs-6.0-8.20170212.amzn2.1.1.x86_64
    ncurses-devel-6.0-8.20170212.amzn2.1.1.x86_64
    ncurses-static-6.0-8.20170212.amzn2.1.1.x86_64
    ncurses-debuginfo-6.0-8.20170212.amzn2.1.1.x86_64