Debian Security Advisory

DSA-113-1 ncurses -- buffer overflow

Date Reported:

18 Feb 2002

Affected Packages:

ncurses

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2002-0062.

More information:

Several buffer overflows were fixed in the "ncurses" library in November 2000. Unfortunately, one was missed. This can lead to crashes when using ncurses applications in large windows.

The Common Vulnerabilities and Exposures project has assigned the name CAN-2002-0062 to this issue.

This problem has been fixed for the stable release of Debian in version 5.0-6.0potato2. The testing and unstable releases contain ncurses 5.2, which is not affected by this problem.

There are no known exploits for this problem, but we recommend that all users upgrade ncurses immediately.

Fixed in:

Debian GNU/Linux 2.2 (potato)

Source:: http://security.debian.org/dists/potato/updates/main/source/ncurses_5.0-6.0potato2.diff.gz; http://security.debian.org/dists/potato/updates/main/source/ncurses_5.0-6.0potato2.dsc; http://security.debian.org/dists/potato/updates/main/source/ncurses_5.0.orig.tar.gz
Architecture-independent component:: http://security.debian.org/dists/potato/updates/main/binary-all/ncurses-base_5.0-6.0potato2_all.deb; http://security.debian.org/dists/potato/updates/main/binary-all/ncurses-term_5.0-6.0potato2_all.deb
Alpha:: http://security.debian.org/dists/potato/updates/main/binary-alpha/libncurses5-dbg_5.0-6.0potato2_alpha.deb; http://security.debian.org/dists/potato/updates/main/binary-alpha/libncurses5-dev_5.0-6.0potato2_alpha.deb; http://security.debian.org/dists/potato/updates/main/binary-alpha/libncurses5_5.0-6.0potato2_alpha.deb; http://security.debian.org/dists/potato/updates/main/binary-alpha/ncurses-bin_5.0-6.0potato2_alpha.deb
ARM:: http://security.debian.org/dists/potato/updates/main/binary-arm/libncurses5-dbg_5.0-6.0potato2_arm.deb; http://security.debian.org/dists/potato/updates/main/binary-arm/libncurses5-dev_5.0-6.0potato2_arm.deb; http://security.debian.org/dists/potato/updates/main/binary-arm/libncurses5_5.0-6.0potato2_arm.deb; http://security.debian.org/dists/potato/updates/main/binary-arm/ncurses-bin_5.0-6.0potato2_arm.deb
Intel ia32:: http://security.debian.org/dists/potato/updates/main/binary-i386/libncurses5-dbg_5.0-6.0potato2_i386.deb; http://security.debian.org/dists/potato/updates/main/binary-i386/libncurses5-dev_5.0-6.0potato2_i386.deb; http://security.debian.org/dists/potato/updates/main/binary-i386/libncurses5_5.0-6.0potato2_i386.deb; http://security.debian.org/dists/potato/updates/main/binary-i386/ncurses-bin_5.0-6.0potato2_i386.deb
Motorola 680x0:: http://security.debian.org/dists/potato/updates/main/binary-m68k/libncurses5-dbg_5.0-6.0potato2_m68k.deb; http://security.debian.org/dists/potato/updates/main/binary-m68k/libncurses5-dev_5.0-6.0potato2_m68k.deb; http://security.debian.org/dists/potato/updates/main/binary-m68k/libncurses5_5.0-6.0potato2_m68k.deb; http://security.debian.org/dists/potato/updates/main/binary-m68k/ncurses-bin_5.0-6.0potato2_m68k.deb
PowerPC:: http://security.debian.org/dists/potato/updates/main/binary-powerpc/libncurses5-dbg_5.0-6.0potato2_powerpc.deb; http://security.debian.org/dists/potato/updates/main/binary-powerpc/libncurses5-dev_5.0-6.0potato2_powerpc.deb; http://security.debian.org/dists/potato/updates/main/binary-powerpc/libncurses5_5.0-6.0potato2_powerpc.deb; http://security.debian.org/dists/potato/updates/main/binary-powerpc/ncurses-bin_5.0-6.0potato2_powerpc.deb
Sun Sparc:: http://security.debian.org/dists/potato/updates/main/binary-sparc/libncurses5-dbg_5.0-6.0potato2_sparc.deb; http://security.debian.org/dists/potato/updates/main/binary-sparc/libncurses5-dev_5.0-6.0potato2_sparc.deb; http://security.debian.org/dists/potato/updates/main/binary-sparc/libncurses5_5.0-6.0potato2_sparc.deb; http://security.debian.org/dists/potato/updates/main/binary-sparc/ncurses-bin_5.0-6.0potato2_sparc.deb

MD5 checksums of the listed files are available in the original advisory.