Security issues fixed upstream in ncurses have been announced on April 12: https://www.openwall.com/lists/oss-security/2023/04/12/5 It sounds like multiple fixes/vulnerabilities, but just one CVE was requested. The issues are fixed upstream in 20230408. Mageia 8 is also affected.
Status comment: (none) => Fixed upstream in 20230408Whiteboard: (none) => MGA8TOO
Assigning globally as this pkg has no evident maintainer; CC'ing wally who has done most version updates for it.
CC: (none) => jani.valimaaAssignee: bugsquad => pkg-bugs
As noted in the thread linked in Comment 0, the latest upstream ncurses is also causing some issues, two of which are detailed by Gentoo: https://bugs.gentoo.org/904277 https://bugs.gentoo.org/904263
SUSE has issued an advisory for this on May 8: https://lists.suse.com/pipermail/sle-security-updates/2023-May/014766.html
Ubuntu has issued an advisory for this on May 23: https://ubuntu.com/security/notices/USN-6099-1
Blocks: (none) => 30549
Ubuntu has issued an advisory for this: https://lwn.net/Articles/952268/
CC: (none) => nicolas.salguero
Whiteboard: MGA8TOO => MGA9TOO, MGA8TOO
(In reply to Nicolas Salguero from comment #5) > Ubuntu has issued an advisory for this: > https://lwn.net/Articles/952268/ Ooops, I meant: "RedHat has issued an advisory for this"
Suggested advisory: ======================== The updated packages fix a security vulnerability: Local users can trigger security-relevant memory corruption via malformed data. (CVE-2023-29491) References: https://www.openwall.com/lists/oss-security/2023/04/12/5 https://lists.suse.com/pipermail/sle-security-updates/2023-May/014766.html https://ubuntu.com/security/notices/USN-6099-1 https://lwn.net/Articles/952268/ ======================== Updated packages in core/updates_testing: ======================== lib(64)ncurses++6-6.3-20221203.2.1.mga9 lib(64)ncurses-devel-6.3-20221203.2.1.mga9 lib(64)ncurses5-6.3-20221203.2.1.mga9 lib(64)ncurses6-6.3-20221203.2.1.mga9 lib(64)ncursesw++6-6.3-20221203.2.1.mga9 lib(64)ncursesw-devel-6.3-20221203.2.1.mga9 lib(64)ncursesw5-6.3-20221203.2.1.mga9 lib(64)ncursesw6-6.3-20221203.2.1.mga9 ncurses-6.3-20221203.2.1.mga9 ncurses-extraterms-6.3-20221203.2.1.mga9 from SRPM: ncurses-6.3-20221203.2.1.mga9.src.rpm
Status: NEW => ASSIGNEDAssignee: pkg-bugs => qa-bugsCVE: (none) => CVE-2023-29491Version: Cauldron => 9Whiteboard: MGA9TOO, MGA8TOO => (none)Status comment: Fixed upstream in 20230408 => (none)
Keywords: (none) => advisory
RH mageia 9 x86_64 LC_ALL=C urpmi --auto --auto-update medium "QA Testing (32-bit)" is up-to-date medium "QA Testing (64-bit)" is up-to-date medium "Core Release (distrib1)" is up-to-date medium "Core Updates (distrib3)" is up-to-date medium "Nonfree Release (distrib11)" is up-to-date medium "Nonfree Updates (distrib13)" is up-to-date medium "Tainted Release (distrib21)" is up-to-date medium "Tainted Updates (distrib23)" is up-to-date medium "Core 32bit Release (distrib31)" is up-to-date medium "Core 32bit Updates (distrib32)" is up-to-date medium "Nonfree 32bit Release (distrib36)" is up-to-date medium "Tainted 32bit Release (distrib41)" is up-to-date medium "Tainted 32bit Updates (distrib42)" is up-to-date installing lib64ncurses++6-6.3-20221203.2.1.mga9.x86_64.rpm ncurses-extraterms-6.3-20221203.2.1.mga9.x86_64.rpm ncurses-6.3-20221203.2.1.mga9.x86_64.rpm lib64ncurses-devel-6.3-20221203.2.1.mga9.x86_64.rpm lib64ncursesw6-6.3-20221203.2.1.mga9.x86_64.rpm lib64ncurses6-6.3-20221203.2.1.mga9.x86_64.rpm from //home/katnatek/qa-testing/x86_64 Preparing... ################################################################################################## 1/6: lib64ncurses6 ################################################################################################## 2/6: lib64ncurses++6 ################################################################################################## 3/6: ncurses ################################################################################################## 4/6: ncurses-extraterms ################################################################################################## 5/6: lib64ncurses-devel ################################################################################################## 6/6: lib64ncursesw6 ################################################################################################## 1/6: removing lib64ncurses-devel-6.3-20221203.2.mga9.x86_64 ################################################################################################## 2/6: removing ncurses-extraterms-6.3-20221203.2.mga9.x86_64 ################################################################################################## 3/6: removing lib64ncurses++6-6.3-20221203.2.mga9.x86_64 ################################################################################################## 4/6: removing ncurses-6.3-20221203.2.mga9.x86_64 ################################################################################################## 5/6: removing lib64ncursesw6-6.3-20221203.2.mga9.x86_64 ################################################################################################## 6/6: removing lib64ncurses6-6.3-20221203.2.mga9.x86_64 ################################################################################################## Used to test ncurses version of mcc , look good to me
MGA9-64 Plasma Wayland on HP-Pavillion No installation issues. Ref bug 23135, coukd open ettercap, but cann't get any further. More succes with irssi, I could connect to irc.libera.chat and list the available channels. That's enough to demonstrate ncurses.
Whiteboard: (none) => MGA9-64-OKCC: (none) => herman.viaene
CC: (none) => andrewsfarm
Validating.
CC: (none) => sysadmin-bugsKeywords: (none) => validated_update
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2024-0065.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED