Home > Security > Advisories


Mandriva Advisories

Package name ncurses
Date May 25th, 2001
Advisory ID MDKSA-2001:052
Affected versions 7.1, 7.2, CS1.0
Synopsis Updated ncurses packages fix buffer overflows

Problem Description

An overflowable buffer in the part of the ncurses library that handles
cursor movement existed in versions of ncurses prior to 5.2. Attackers
could force a privileged application to use their own termcap file
containing a special terminal entry which would trigger the overflow,
allowing them to execute arbitrary code with the privileges of the
exploited binary. This vulnerability would only manifest in setuid
applications that use ncurses for cursor movement.

Updated Packages

Mandrakelinux 7.1

 8146eef6e831c0cb3f6bed0e55dbfa3b  7.1/RPMS/ncurses-5.2-12.2mdk.i586.rpm
9c89bd738114316712eb771f43dec2a6  7.1/RPMS/ncurses-devel-5.2-12.2mdk.i586.rpm
fe7b415bf1f9bafad6a3d9b61e77dc11  7.1/RPMS/ncurses-extraterms-5.2-12.2mdk.i586.rpm
49a9c43a6ae0a99000121ba88b4f7731  7.1/SRPMS/ncurses-5.2-12.2mdk.src.rpm

Mandrakelinux 7.2

 d19d5643450c790c62dd12a880e41d7f  7.2/RPMS/ncurses-5.2-12.1mdk.i586.rpm
40105531aee8b8eca6dc7b06290db8ba  7.2/RPMS/ncurses-devel-5.2-12.1mdk.i586.rpm
41bf248f9496afeefb6161a52b6b9291  7.2/RPMS/ncurses-extraterms-5.2-12.1mdk.i586.rpm
48f488bb7d341d2d8099c420c28d46d1  7.2/SRPMS/ncurses-5.2-12.1mdk.src.rpm

Corporate Server 1.0.1

 8146eef6e831c0cb3f6bed0e55dbfa3b  1.0.1/RPMS/ncurses-5.2-12.2mdk.i586.rpm
9c89bd738114316712eb771f43dec2a6  1.0.1/RPMS/ncurses-devel-5.2-12.2mdk.i586.rpm
fe7b415bf1f9bafad6a3d9b61e77dc11  1.0.1/RPMS/ncurses-extraterms-5.2-12.2mdk.i586.rpm
49a9c43a6ae0a99000121ba88b4f7731  1.0.1/SRPMS/ncurses-5.2-12.2mdk.src.rpm


To upgrade automatically, use MandrivaUpdate.


Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :

                rpm --checksig package.rpm

You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.

If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.