ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable. https://www.openwall.com/lists/oss-security/2023/04/13/4 https://www.openwall.com/lists/oss-security/2023/04/12/5 http://ncurses.scripts.mit.edu/?p=ncurses.git;a=commit;h=eb51b1ea1f75a0ec17c9c5937cb28df1e8eeec56 http://www.openwall.com/lists/oss-security/2023/04/19/10 http://www.openwall.com/lists/oss-security/2023/04/19/11
*** Bug 2186313 has been marked as a duplicate of this bug. ***
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:5249 https://access.redhat.com/errata/RHSA-2023:5249
Hi Team, Customer reported this CVE affected many openjdk images like ubi8/openjdk-17:1.16-2, ubi8/openjdk-8-runtime:1.16-2. Do we have a plan to fix the CVE in this image? Any update will be appreciated. Image: https://catalog.redhat.com/software/containers/ubi8/openjdk-17/618bdbf34ae3739687568813?tag=1.16-2&push_date=1690216094000 https://catalog.redhat.com/software/containers/ubi8/openjdk-8-runtime/6048ed07dbb14c0b8248bdc4?tag=1.16-2&push_date=1690216094000 Best Regards, Catherine
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:6698 https://access.redhat.com/errata/RHSA-2023:6698
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Extended Update Support Via RHSA-2023:7361 https://access.redhat.com/errata/RHSA-2023:7361
Created ncurses tracking bugs for this issue: Affects: fedora-all [bug 2257956]
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Extended Update Support Via RHSA-2024:0416 https://access.redhat.com/errata/RHSA-2024:0416