Bugzilla – Bug 1210434
VUL-0: CVE-2023-29491: ncurses: memory corruption issues when processing malformed terminfo data
Last modified: 2024-05-07 16:56:14 UTC
CVE-2023-29491 Posted by Jonathan Bar Or (JBO) on Apr 12 Hello oss-security, Our team has worked with the maintainer of the ncurses library (used by several software packages in Linux) to fix several memory corruption vulnerabilities. They are now fixed at commit 20230408 - see details here (https://invisible-island.net/ncurses/NEWS.html#index-t20230408) A CVE was assigned (CVE-2023-29491) - it's still under a "reserved" status. How can we ensure those fixes get deployed upstream, in major Linux distributions? We've reached out to Arch, RedHat, Canonical and other popular distros independently. Thanks! JBO References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-29491 https://seclists.org/oss-sec/2023/q2/19
This is an autogenerated message for OBS integration: This bug (1210434) was mentioned in https://build.opensuse.org/request/show/1080254 Factory / ncurses
It should be noted that we use a long time the configure option --disable-root-environ for e.g. SLE-11, SLE-12, and SLE-15. From --help of configure this shows restrict root use of ncurses environment variables or from INSTALL --disable-root-environ Compile with environment restriction, so certain environment variables are not available when running as root, or via a setuid/setgid application. These are (for example $TERMINFO) those that allow the search path for the terminfo or termcap entry to be customized. or from NEW/20001007 + add configure option --disable-root-environ, which tells ncurses to disregard $TERMINFO and similar environment variables if the current user is root, or running setuid/setgid (based on discussion with several people). means root is not affected.
This is an autogenerated message for OBS integration: This bug (1210434) was mentioned in https://build.opensuse.org/request/show/1080277 Factory / ncurses
SUSE-SU-2023:2112-1: An update that solves one vulnerability can now be installed. Category: security (moderate) Bug References: 1210434 CVE References: CVE-2023-29491 Sources used: SUSE Linux Enterprise Software Development Kit 12 SP5 (src): ncurses-5.9-81.1 SUSE Linux Enterprise High Performance Computing 12 SP5 (src): ncurses-5.9-81.1 SUSE Linux Enterprise Server 12 SP5 (src): ncurses-5.9-81.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src): ncurses-5.9-81.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2023:2111-1: An update that solves one vulnerability can now be installed. Category: security (moderate) Bug References: 1210434 CVE References: CVE-2023-29491 Sources used: openSUSE Leap Micro 5.3 (src): ncurses-6.1-150000.5.15.1 openSUSE Leap 15.4 (src): ncurses-6.1-150000.5.15.1 SUSE Linux Enterprise Micro for Rancher 5.3 (src): ncurses-6.1-150000.5.15.1 SUSE Linux Enterprise Micro 5.3 (src): ncurses-6.1-150000.5.15.1 SUSE Linux Enterprise Micro for Rancher 5.4 (src): ncurses-6.1-150000.5.15.1 SUSE Linux Enterprise Micro 5.4 (src): ncurses-6.1-150000.5.15.1 Basesystem Module 15-SP4 (src): ncurses-6.1-150000.5.15.1 Development Tools Module 15-SP4 (src): ncurses-6.1-150000.5.15.1 Legacy Module 15-SP4 (src): ncurses-6.1-150000.5.15.1 SUSE Linux Enterprise Real Time 15 SP3 (src): ncurses-6.1-150000.5.15.1 SUSE Linux Enterprise Micro 5.1 (src): ncurses-6.1-150000.5.15.1 SUSE Linux Enterprise Micro 5.2 (src): ncurses-6.1-150000.5.15.1 SUSE Linux Enterprise Micro for Rancher 5.2 (src): ncurses-6.1-150000.5.15.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
*** Bug 1210992 has been marked as a duplicate of this bug. ***