An update for ncurses is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2024-1125 Final 1.0 1.0 2024-02-02 Initial 2024-02-02 2024-02-02 openEuler SA Tool V1.0 2024-02-02 ncurses security update An update for ncurses is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3. The ncurses (new curses) library is a free software emulation of curses in System V Release 4.0 (SVr4), and more. It uses terminfo format, supports pads and color and multiple highlights and forms characters and function-key mapping, and has all the other SVr4-curses enhancements over BSD curses. SVr4 curses became the basis of X/Open Curses. Security Fix(es): A vulnerability was found in GNU ncurses 6.4-20230610. It has been rated as problematic. This issue affects the function tgetstr. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.(CVE-2023-45918) An update for ncurses is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1,openEuler-22.03-LTS-SP2 and openEuler-22.03-LTS-SP3. openEuler Security has rated this update as having a security impact of low. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Low ncurses https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2024-1125 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-45918 https://nvd.nist.gov/vuln/detail/CVE-2023-45918 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS openEuler-22.03-LTS-SP1 openEuler-22.03-LTS-SP2 openEuler-22.03-LTS-SP3 ncurses-libs-6.2-6.oe1.aarch64.rpm ncurses-debuginfo-6.2-6.oe1.aarch64.rpm ncurses-6.2-6.oe1.aarch64.rpm ncurses-devel-6.2-6.oe1.aarch64.rpm ncurses-help-6.2-6.oe1.aarch64.rpm ncurses-debugsource-6.2-6.oe1.aarch64.rpm ncurses-help-6.2-6.oe2003sp4.aarch64.rpm ncurses-6.2-6.oe2003sp4.aarch64.rpm ncurses-libs-6.2-6.oe2003sp4.aarch64.rpm ncurses-debugsource-6.2-6.oe2003sp4.aarch64.rpm ncurses-devel-6.2-6.oe2003sp4.aarch64.rpm ncurses-debuginfo-6.2-6.oe2003sp4.aarch64.rpm ncurses-devel-6.3-8.oe2203.aarch64.rpm ncurses-libs-6.3-8.oe2203.aarch64.rpm ncurses-compat-libs-6.3-8.oe2203.aarch64.rpm ncurses-debuginfo-6.3-8.oe2203.aarch64.rpm ncurses-debugsource-6.3-8.oe2203.aarch64.rpm ncurses-6.3-8.oe2203.aarch64.rpm ncurses-help-6.3-8.oe2203.aarch64.rpm ncurses-static-6.3-10.oe2203sp1.aarch64.rpm ncurses-debugsource-6.3-10.oe2203sp1.aarch64.rpm ncurses-6.3-10.oe2203sp1.aarch64.rpm ncurses-devel-6.3-10.oe2203sp1.aarch64.rpm ncurses-help-6.3-10.oe2203sp1.aarch64.rpm ncurses-debuginfo-6.3-10.oe2203sp1.aarch64.rpm ncurses-libs-6.3-10.oe2203sp1.aarch64.rpm ncurses-compat-libs-6.3-10.oe2203sp1.aarch64.rpm ncurses-help-6.3-14.oe2203sp2.aarch64.rpm ncurses-compat-libs-6.3-14.oe2203sp2.aarch64.rpm ncurses-debuginfo-6.3-14.oe2203sp2.aarch64.rpm ncurses-static-6.3-14.oe2203sp2.aarch64.rpm ncurses-6.3-14.oe2203sp2.aarch64.rpm ncurses-debugsource-6.3-14.oe2203sp2.aarch64.rpm ncurses-devel-6.3-14.oe2203sp2.aarch64.rpm ncurses-libs-6.3-14.oe2203sp2.aarch64.rpm ncurses-libs-6.3-14.oe2203sp3.aarch64.rpm ncurses-help-6.3-14.oe2203sp3.aarch64.rpm ncurses-debugsource-6.3-14.oe2203sp3.aarch64.rpm ncurses-static-6.3-14.oe2203sp3.aarch64.rpm ncurses-6.3-14.oe2203sp3.aarch64.rpm ncurses-debuginfo-6.3-14.oe2203sp3.aarch64.rpm ncurses-compat-libs-6.3-14.oe2203sp3.aarch64.rpm ncurses-devel-6.3-14.oe2203sp3.aarch64.rpm ncurses-base-6.2-6.oe1.noarch.rpm ncurses-base-6.2-6.oe2003sp4.noarch.rpm ncurses-base-6.3-8.oe2203.noarch.rpm ncurses-base-6.3-10.oe2203sp1.noarch.rpm ncurses-base-6.3-14.oe2203sp2.noarch.rpm ncurses-base-6.3-14.oe2203sp3.noarch.rpm ncurses-6.2-6.oe1.src.rpm ncurses-6.2-6.oe2003sp4.src.rpm ncurses-6.3-8.oe2203.src.rpm ncurses-6.3-10.oe2203sp1.src.rpm ncurses-6.3-14.oe2203sp2.src.rpm ncurses-6.3-14.oe2203sp3.src.rpm ncurses-help-6.2-6.oe1.x86_64.rpm ncurses-devel-6.2-6.oe1.x86_64.rpm ncurses-debuginfo-6.2-6.oe1.x86_64.rpm ncurses-libs-6.2-6.oe1.x86_64.rpm ncurses-debugsource-6.2-6.oe1.x86_64.rpm ncurses-6.2-6.oe1.x86_64.rpm ncurses-devel-6.2-6.oe2003sp4.x86_64.rpm ncurses-debugsource-6.2-6.oe2003sp4.x86_64.rpm ncurses-debuginfo-6.2-6.oe2003sp4.x86_64.rpm ncurses-6.2-6.oe2003sp4.x86_64.rpm ncurses-help-6.2-6.oe2003sp4.x86_64.rpm ncurses-libs-6.2-6.oe2003sp4.x86_64.rpm ncurses-libs-6.3-8.oe2203.x86_64.rpm ncurses-6.3-8.oe2203.x86_64.rpm ncurses-compat-libs-6.3-8.oe2203.x86_64.rpm ncurses-debuginfo-6.3-8.oe2203.x86_64.rpm ncurses-debugsource-6.3-8.oe2203.x86_64.rpm ncurses-devel-6.3-8.oe2203.x86_64.rpm ncurses-help-6.3-8.oe2203.x86_64.rpm ncurses-debuginfo-6.3-10.oe2203sp1.x86_64.rpm ncurses-6.3-10.oe2203sp1.x86_64.rpm ncurses-help-6.3-10.oe2203sp1.x86_64.rpm ncurses-static-6.3-10.oe2203sp1.x86_64.rpm ncurses-devel-6.3-10.oe2203sp1.x86_64.rpm ncurses-compat-libs-6.3-10.oe2203sp1.x86_64.rpm ncurses-debugsource-6.3-10.oe2203sp1.x86_64.rpm ncurses-libs-6.3-10.oe2203sp1.x86_64.rpm ncurses-static-6.3-14.oe2203sp2.x86_64.rpm ncurses-debuginfo-6.3-14.oe2203sp2.x86_64.rpm ncurses-libs-6.3-14.oe2203sp2.x86_64.rpm ncurses-debugsource-6.3-14.oe2203sp2.x86_64.rpm ncurses-help-6.3-14.oe2203sp2.x86_64.rpm ncurses-6.3-14.oe2203sp2.x86_64.rpm ncurses-devel-6.3-14.oe2203sp2.x86_64.rpm ncurses-compat-libs-6.3-14.oe2203sp2.x86_64.rpm ncurses-6.3-14.oe2203sp3.x86_64.rpm ncurses-compat-libs-6.3-14.oe2203sp3.x86_64.rpm ncurses-libs-6.3-14.oe2203sp3.x86_64.rpm ncurses-debuginfo-6.3-14.oe2203sp3.x86_64.rpm ncurses-devel-6.3-14.oe2203sp3.x86_64.rpm ncurses-debugsource-6.3-14.oe2203sp3.x86_64.rpm ncurses-help-6.3-14.oe2203sp3.x86_64.rpm ncurses-static-6.3-14.oe2203sp3.x86_64.rpm A vulnerability was found in GNU ncurses 6.4-20230610. It has been rated as problematic. This issue affects the function tgetstr. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product. 2024-02-02 CVE-2023-45918 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS openEuler-22.03-LTS-SP1 openEuler-22.03-LTS-SP2 openEuler-22.03-LTS-SP3 Low 3.5 AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L ncurses security update 2024-02-02 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2024-1125