Safety Announcement Details

NS-SA-2024-0057

2024-09-03 09:34:47

Introduction

moderate: ncurses/qemu security update

Severity Level

moderate

Theme

An update for ncurses/qemu is now available for NewStart CGSL MAIN 6.02.
NewStart Security has rated this update as having a security impact of moderate. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.

Description

ncurses:
qemu:


Security Fix(es):
ncurses: There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.(CVE-2019-17595)
ncurses: There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.(CVE-2019-17594)
ncurses: bugfix
qemu: A flaw was found in the QEMU virtual crypto device while handling data encryption/decryption requests in virtio_crypto_handle_sym_req. There is no check for the value of `src_len` and `dst_len` in virtio_crypto_sym_op_helper, potentially leading to a heap buffer overflow when the two values differ.(CVE-2023-3180)
qemu: bugfix


Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 6.02.F2B12.

Impact Components

  • ncurses
  • qemu

Impact Product

  • CGSL MAIN 6.02

Update Package

{"fix":[{"product":"CGSL MAIN 6.02","pkgs":[{"binary":["ncurses-libs-6.1-9.20180224.el8.x86_64.rpm","ncurses-base-6.1-9.20180224.el8.noarch.rpm","ncurses-6.1-9.20180224.el8.x86_64.rpm","ncurses-devel-6.1-9.20180224.el8.x86_64.rpm","ncurses-compat-libs-6.1-9.20180224.el8.x86_64.rpm","ncurses-c++-libs-6.1-9.20180224.el8.x86_64.rpm"],"source":"ncurses-6.1-9.20180224.el8.src.rpm"},{"binary":["qemu-tools-4.1.0-2.el8.cgslv6_2.318.gebefdecd0.x86_64.rpm","qemu-block-rbd-4.1.0-2.el8.cgslv6_2.318.gebefdecd0.x86_64.rpm","qemu-kvm-4.1.0-2.el8.cgslv6_2.318.gebefdecd0.x86_64.rpm","qemu-common-4.1.0-2.el8.cgslv6_2.318.gebefdecd0.x86_64.rpm","qemu-img-4.1.0-2.el8.cgslv6_2.318.gebefdecd0.x86_64.rpm","qemu-4.1.0-2.el8.cgslv6_2.318.gebefdecd0.x86_64.rpm"],"source":"qemu-4.1.0-2.el8.cgslv6_2.318.gebefdecd0.src.rpm"}]}]}
CGSL MAIN 6.02
  • ncurses-6.1-9.20180224.el8.src.rpm
    • ncurses-libs-6.1-9.20180224.el8.x86_64.rpm
    • ncurses-base-6.1-9.20180224.el8.noarch.rpm
    • ncurses-6.1-9.20180224.el8.x86_64.rpm
    • ncurses-devel-6.1-9.20180224.el8.x86_64.rpm
    • ncurses-compat-libs-6.1-9.20180224.el8.x86_64.rpm
    • ncurses-c++-libs-6.1-9.20180224.el8.x86_64.rpm
  • qemu-4.1.0-2.el8.cgslv6_2.318.gebefdecd0.src.rpm
    • qemu-tools-4.1.0-2.el8.cgslv6_2.318.gebefdecd0.x86_64.rpm
    • qemu-block-rbd-4.1.0-2.el8.cgslv6_2.318.gebefdecd0.x86_64.rpm
    • qemu-kvm-4.1.0-2.el8.cgslv6_2.318.gebefdecd0.x86_64.rpm
    • qemu-common-4.1.0-2.el8.cgslv6_2.318.gebefdecd0.x86_64.rpm
    • qemu-img-4.1.0-2.el8.cgslv6_2.318.gebefdecd0.x86_64.rpm
    • qemu-4.1.0-2.el8.cgslv6_2.318.gebefdecd0.x86_64.rpm

CVE

Consult

© 2004-2023 Guangdong ZTE NewStart Technology Co., Ltd Copyright 粤ICP备15061780号-2

Hotline:400-033-0108