USN-4507-1: ncmpc vulnerability

16 September 2020

ncmpc could be made to crash if it received a long chat message.

Releases

Packages

  • ncmpc - ncurses-based audio player

Details

It was discovered that ncmpc incorrectly handled long chat messages. A remote
attacker could possibly exploit this with a crafted chat message, causing ncmpc
to crash, resulting in a denial of service. (CVE-2018-9240)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 16.04

After a standard system update you need to restart ncmpc to make all the
necessary changes.

References