February 19, 2002

Security update to ncurses

Author: JT Smith

Posted on LWN.net: "Several buffer overflows were fixed in the "ncurses" library in November
2000. Unfortunately, one was missed. This can lead to crashes when using
ncurses applications in large windows.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2002-0062 to this issue.

This problem has been fixed for the stable release of Debian in version
5.0-6.0potato2. The testing and unstable releases contain ncurses 5.2,
which is not affected by this problem.

There are no known exploits for this problem, but we recommend that all
users upgrade ncurses immediately.


  • Linux
Click Here!