USN-4507-1: ncmpc vulnerability
16 September 2020
ncmpc could be made to crash if it received a long chat message.
Releases
Packages
- ncmpc - ncurses-based audio player
Details
It was discovered that ncmpc incorrectly handled long chat messages. A remote
attacker could possibly exploit this with a crafted chat message, causing ncmpc
to crash, resulting in a denial of service. (CVE-2018-9240)
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04
After a standard system update you need to restart ncmpc to make all the
necessary changes.