ALAS-2024-554

Amazon Linux 2023 Security Advisory: ALAS-2024-554
Advisory Release Date: 2024-02-29 10:29 Pacific
Advisory Updated Date: 2024-03-05 12:00 Pacific
Severity: Medium
Issue Overview:

ncurses 6.4-20230610 has a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c. (CVE-2023-45918)


Affected Packages:

ncurses


Issue Correction:
Run dnf update ncurses --releasever 2023.3.20240304 to update your system.

New Packages:
aarch64:
    ncurses-static-6.2-4.20200222.amzn2023.0.6.aarch64
    ncurses-libs-debuginfo-6.2-4.20200222.amzn2023.0.6.aarch64
    ncurses-compat-libs-debuginfo-6.2-4.20200222.amzn2023.0.6.aarch64
    ncurses-debuginfo-6.2-4.20200222.amzn2023.0.6.aarch64
    ncurses-libs-6.2-4.20200222.amzn2023.0.6.aarch64
    ncurses-c++-libs-debuginfo-6.2-4.20200222.amzn2023.0.6.aarch64
    ncurses-6.2-4.20200222.amzn2023.0.6.aarch64
    ncurses-c++-libs-6.2-4.20200222.amzn2023.0.6.aarch64
    ncurses-compat-libs-6.2-4.20200222.amzn2023.0.6.aarch64
    ncurses-debugsource-6.2-4.20200222.amzn2023.0.6.aarch64
    ncurses-devel-6.2-4.20200222.amzn2023.0.6.aarch64

noarch:
    ncurses-base-6.2-4.20200222.amzn2023.0.6.noarch
    ncurses-term-6.2-4.20200222.amzn2023.0.6.noarch

src:
    ncurses-6.2-4.20200222.amzn2023.0.6.src

x86_64:
    ncurses-static-6.2-4.20200222.amzn2023.0.6.x86_64
    ncurses-c++-libs-6.2-4.20200222.amzn2023.0.6.x86_64
    ncurses-c++-libs-debuginfo-6.2-4.20200222.amzn2023.0.6.x86_64
    ncurses-libs-6.2-4.20200222.amzn2023.0.6.x86_64
    ncurses-debuginfo-6.2-4.20200222.amzn2023.0.6.x86_64
    ncurses-libs-debuginfo-6.2-4.20200222.amzn2023.0.6.x86_64
    ncurses-compat-libs-debuginfo-6.2-4.20200222.amzn2023.0.6.x86_64
    ncurses-6.2-4.20200222.amzn2023.0.6.x86_64
    ncurses-compat-libs-6.2-4.20200222.amzn2023.0.6.x86_64
    ncurses-debugsource-6.2-4.20200222.amzn2023.0.6.x86_64
    ncurses-devel-6.2-4.20200222.amzn2023.0.6.x86_64

Additional References

Red Hat: CVE-2023-45918

Mitre: CVE-2023-45918