Package "screen"
| Name: |
screen
|
Description: |
terminal multiplexer with VT100/ANSI terminal emulation
|
| Latest version: |
4.9.0-1ubuntu0.1 |
| Release: |
jammy (22.04) |
| Level: |
security |
| Repository: |
main |
| Homepage: |
https://savannah.gnu.org/projects/screen |
Links
Download "screen"
Other versions of "screen" in Jammy
Changelog
|
screen (4.9.0-1ubuntu0.1) jammy-security; urgency=medium
* SECURITY UPDATE: can send privileged SIGHUP signals to any process
- debian/patches/CVE-2023-24626.patch: fix missing signal sending
permission check on failed query messages in socket.c.
- CVE-2023-24626
* SECURITY UPDATE: incorrect PTY permissions
- debian/patches/CVE-2025-46802.patch: prevent temporary 0666 mode on
PTYs in attacher.c, screen.c.
- CVE-2025-46802
* SECURITY UPDATE: minor information leak
- debian/patches/CVE-2025-46804.patch: avoid file existence test
information leaks in screen.c, socket.c.
- CVE-2025-46804
* SECURITY UPDATE: TOCTOU allowing to send SIGHUP, SIGCONT
- debian/patches/CVE-2025-46805.patch: don't send signals with root
privileges in socket.c.
- CVE-2025-46805
-- Marc Deslauriers <email address hidden> Thu, 22 Jan 2026 15:14:32 -0500
|
| CVE-2023-24626 |
socket.c in GNU Screen through 4.9.0, when installed setuid or setgid (the default on platforms such as Arch Linux and FreeBSD), allows local users t |
| CVE-2025-46802 |
For a short time they PTY is set to mode 666, allowing any user on the system to connect to the screen session. |
| CVE-2025-46804 |
A minor information leak when running Screen with setuid-root privileges allows unprivileged users to deduce information about a path that would othe |
| CVE-2025-46805 |
Screen version 5.0.0 and older version 4 releases have a TOCTOU race potentially allowing to send SIGHUP, SIGCONT to privileged processes when insta |
|
About
-
Send Feedback to @ubuntu_updates
