Amazon Linux 2023 Security Advisory: ALAS-2023-220
Advisory Release Date: 2023-06-21 19:10 Pacific
Advisory Updated Date: 2023-06-27 20:58 Pacific
Severity:
Important
Issue Overview:
ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable. (CVE-2023-29491)
Affected Packages:
ncurses
Issue Correction:
Run dnf update ncurses --releasever 2023.1.20230628 to update your system.
New Packages:
aarch64:
ncurses-static-6.2-4.20200222.amzn2023.0.4.aarch64
ncurses-compat-libs-debuginfo-6.2-4.20200222.amzn2023.0.4.aarch64
ncurses-c++-libs-6.2-4.20200222.amzn2023.0.4.aarch64
ncurses-6.2-4.20200222.amzn2023.0.4.aarch64
ncurses-c++-libs-debuginfo-6.2-4.20200222.amzn2023.0.4.aarch64
ncurses-libs-debuginfo-6.2-4.20200222.amzn2023.0.4.aarch64
ncurses-debugsource-6.2-4.20200222.amzn2023.0.4.aarch64
ncurses-compat-libs-6.2-4.20200222.amzn2023.0.4.aarch64
ncurses-libs-6.2-4.20200222.amzn2023.0.4.aarch64
ncurses-debuginfo-6.2-4.20200222.amzn2023.0.4.aarch64
ncurses-devel-6.2-4.20200222.amzn2023.0.4.aarch64
noarch:
ncurses-base-6.2-4.20200222.amzn2023.0.4.noarch
ncurses-term-6.2-4.20200222.amzn2023.0.4.noarch
src:
ncurses-6.2-4.20200222.amzn2023.0.4.src
x86_64:
ncurses-static-6.2-4.20200222.amzn2023.0.4.x86_64
ncurses-compat-libs-debuginfo-6.2-4.20200222.amzn2023.0.4.x86_64
ncurses-c++-libs-debuginfo-6.2-4.20200222.amzn2023.0.4.x86_64
ncurses-debugsource-6.2-4.20200222.amzn2023.0.4.x86_64
ncurses-libs-debuginfo-6.2-4.20200222.amzn2023.0.4.x86_64
ncurses-c++-libs-6.2-4.20200222.amzn2023.0.4.x86_64
ncurses-debuginfo-6.2-4.20200222.amzn2023.0.4.x86_64
ncurses-compat-libs-6.2-4.20200222.amzn2023.0.4.x86_64
ncurses-6.2-4.20200222.amzn2023.0.4.x86_64
ncurses-libs-6.2-4.20200222.amzn2023.0.4.x86_64
ncurses-devel-6.2-4.20200222.amzn2023.0.4.x86_64