NS-SA-2024-0057
2024-09-03 09:34:47
Introduction
moderate: ncurses/qemu security update
Severity Level
moderate
Theme
An update for ncurses/qemu is now available for NewStart CGSL MAIN 6.02.
NewStart Security has rated this update as having a security impact of moderate. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
Description
ncurses:
qemu:
Security Fix(es):
ncurses: There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.(CVE-2019-17595)
ncurses: There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.(CVE-2019-17594)
ncurses: bugfix
qemu: A flaw was found in the QEMU virtual crypto device while handling data encryption/decryption requests in virtio_crypto_handle_sym_req. There is no check for the value of `src_len` and `dst_len` in virtio_crypto_sym_op_helper, potentially leading to a heap buffer overflow when the two values differ.(CVE-2023-3180)
qemu: bugfix
Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 6.02.F2B12.
Impact Components
Impact Product
Update Package
{"fix":[{"product":"CGSL MAIN 6.02","pkgs":[{"binary":["ncurses-libs-6.1-9.20180224.el8.x86_64.rpm","ncurses-base-6.1-9.20180224.el8.noarch.rpm","ncurses-6.1-9.20180224.el8.x86_64.rpm","ncurses-devel-6.1-9.20180224.el8.x86_64.rpm","ncurses-compat-libs-6.1-9.20180224.el8.x86_64.rpm","ncurses-c++-libs-6.1-9.20180224.el8.x86_64.rpm"],"source":"ncurses-6.1-9.20180224.el8.src.rpm"},{"binary":["qemu-tools-4.1.0-2.el8.cgslv6_2.318.gebefdecd0.x86_64.rpm","qemu-block-rbd-4.1.0-2.el8.cgslv6_2.318.gebefdecd0.x86_64.rpm","qemu-kvm-4.1.0-2.el8.cgslv6_2.318.gebefdecd0.x86_64.rpm","qemu-common-4.1.0-2.el8.cgslv6_2.318.gebefdecd0.x86_64.rpm","qemu-img-4.1.0-2.el8.cgslv6_2.318.gebefdecd0.x86_64.rpm","qemu-4.1.0-2.el8.cgslv6_2.318.gebefdecd0.x86_64.rpm"],"source":"qemu-4.1.0-2.el8.cgslv6_2.318.gebefdecd0.src.rpm"}]}]}
CGSL MAIN 6.02
- ncurses-6.1-9.20180224.el8.src.rpm
- ncurses-libs-6.1-9.20180224.el8.x86_64.rpm
- ncurses-base-6.1-9.20180224.el8.noarch.rpm
- ncurses-6.1-9.20180224.el8.x86_64.rpm
- ncurses-devel-6.1-9.20180224.el8.x86_64.rpm
- ncurses-compat-libs-6.1-9.20180224.el8.x86_64.rpm
- ncurses-c++-libs-6.1-9.20180224.el8.x86_64.rpm
- qemu-4.1.0-2.el8.cgslv6_2.318.gebefdecd0.src.rpm
- qemu-tools-4.1.0-2.el8.cgslv6_2.318.gebefdecd0.x86_64.rpm
- qemu-block-rbd-4.1.0-2.el8.cgslv6_2.318.gebefdecd0.x86_64.rpm
- qemu-kvm-4.1.0-2.el8.cgslv6_2.318.gebefdecd0.x86_64.rpm
- qemu-common-4.1.0-2.el8.cgslv6_2.318.gebefdecd0.x86_64.rpm
- qemu-img-4.1.0-2.el8.cgslv6_2.318.gebefdecd0.x86_64.rpm
- qemu-4.1.0-2.el8.cgslv6_2.318.gebefdecd0.x86_64.rpm
CVE
Consult