An overflowable buffer in the part of the ncurses library that handles
cursor movement existed in versions of ncurses prior to 5.2. Attackers
could force a privileged application to use their own termcap file
containing a special terminal entry which would trigger the overflow,
allowing them to execute arbitrary code with the privileges of the
exploited binary. This vulnerability would only manifest in setuid
applications that use ncurses for cursor movement.
8146eef6e831c0cb3f6bed0e55dbfa3b 7.1/RPMS/ncurses-5.2-12.2mdk.i586.rpm 9c89bd738114316712eb771f43dec2a6 7.1/RPMS/ncurses-devel-5.2-12.2mdk.i586.rpm fe7b415bf1f9bafad6a3d9b61e77dc11 7.1/RPMS/ncurses-extraterms-5.2-12.2mdk.i586.rpm 49a9c43a6ae0a99000121ba88b4f7731 7.1/SRPMS/ncurses-5.2-12.2mdk.src.rpm
d19d5643450c790c62dd12a880e41d7f 7.2/RPMS/ncurses-5.2-12.1mdk.i586.rpm 40105531aee8b8eca6dc7b06290db8ba 7.2/RPMS/ncurses-devel-5.2-12.1mdk.i586.rpm 41bf248f9496afeefb6161a52b6b9291 7.2/RPMS/ncurses-extraterms-5.2-12.1mdk.i586.rpm 48f488bb7d341d2d8099c420c28d46d1 7.2/SRPMS/ncurses-5.2-12.1mdk.src.rpm
Corporate Server 1.0.1
8146eef6e831c0cb3f6bed0e55dbfa3b 1.0.1/RPMS/ncurses-5.2-12.2mdk.i586.rpm 9c89bd738114316712eb771f43dec2a6 1.0.1/RPMS/ncurses-devel-5.2-12.2mdk.i586.rpm fe7b415bf1f9bafad6a3d9b61e77dc11 1.0.1/RPMS/ncurses-extraterms-5.2-12.2mdk.i586.rpm 49a9c43a6ae0a99000121ba88b4f7731 1.0.1/SRPMS/ncurses-5.2-12.2mdk.src.rpm
To upgrade automatically, use MandrivaUpdate.
Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :
rpm --checksig package.rpm
You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.
If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.