Red Hat Bugzilla – Bug 20809
ncurses allows local privilege escalation
Last modified: 2007-03-26 23:37:33 EDT
Please see the corresponding BugTraq posting of the FreeBSD team or when it
Are we also vulnerable to this one?
When Jouko Pynnvnen first reported the ncurses-vulnerability. I had a look
in the ncurses that comes with RH6.2 and AFAIK it is vulnerable to the
(But there are no suid/sgid-ncurses programs in RH6.2????) ... I think the
rawhide ncurses-rpms already have a patch for this.
I still hope that you'll release a fixed ncurses for RH6.2
We're affected and we'll release a fix.
Actually, the package has been built and QAed and is currently waiting for someone with access to our gpg key to sign it.
If you don't want to wait for them, get the SRPM package from rawhide and recompile.
Sorry, but one whole week (up to now) to get someone sign a package and push it
to the FTP server? For a security-relevant update?