Multiple vulnerabilities have been found in ncurses, the worst of which allows remote attackers to execute arbitrary code.
|Package||sys-libs/ncurses on all architectures|
|Affected versions||< 6.1|
|Unaffected versions||>= 6.1|
Free software emulation of curses in System V.
Multiple vulnerabilities have been discovered in ncurses. Please review the CVE identifiers referenced below for details.
A remote attacker, by enticing the user to process untrusted terminfo or other data, could execute arbitrary code or cause a Denial of Service condition.
There is no known workaround at this time.
All ncurses users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=sys-libs/ncurses-6.1:0"