Download
| Alert*
oval:org.secpod.oval:def:602222
A vulnerability was found in screen causing a stack overflow which results in crashing the screen server process, resulting in denial of service. oval:org.secpod.oval:def:89001020 screen is installed oval:org.secpod.oval:def:602223 screen is installed oval:org.secpod.oval:def:69355 screen is installed oval:org.secpod.oval:def:1800684 Commit f86a374 The check opens the logfile with full root privileges. This allows us to truncate any file or create a root-owned file with any contents in any directory and can be easily exploited to full root access in several ways. Affects screen 4.4.0 to and inclusive 4.5.0 oval:org.secpod.oval:def:1800685 screen is installed oval:org.secpod.oval:def:1800762 Commit f86a374 The check opens the logfile with full root privileges. This allows us to truncate any file or create a root-owned file with any contents in any directory and can be easily exploited to full root access in several ways. Affects: screen 4.4.0 to and inclusive 4.5.0 oval:org.secpod.oval:def:70394 screen: terminal multiplexer with VT100/ANSI terminal emulation GNU Screen could be made to crash or run programs if it processed specially crafted character sequences. oval:org.secpod.oval:def:89003305 This update for screen fixes the following issues: Security issue fixed: - CVE-2015-6806: Fixed a stack overflow due to deep recursion . Non-security issue fixed: - Fixed segmentation faults related to altscreen and resizing screen . oval:org.secpod.oval:def:69879 Felix Weinmann reported a flaw in the handling of combining characters in screen, a terminal multiplexer with VT100/ANSI terminal emulation, which can result in denial of service, or potentially the execution of arbitrary code via a specially crafted UTF-8 character sequence. oval:org.secpod.oval:def:605449 Felix Weinmann reported a flaw in the handling of combining characters in screen, a terminal multiplexer with VT100/ANSI terminal emulation, which can result in denial of service, or potentially the execution of arbitrary code via a specially crafted UTF-8 character sequence. oval:org.secpod.oval:def:705909 screen: terminal multiplexer with VT100/ANSI terminal emulation GNU Screen could be made to crash or run programs if it processed specially crafted character sequences. oval:org.secpod.oval:def:1504723 [4.1.0-0.27.2012314git3c2946] - fix CVE-2021-26937 oval:org.secpod.oval:def:89047098 This update for screen fixes the following issues: - CVE-2021-26937: Fixed double width combining char handling that could lead to a denial of service or code execution . oval:org.secpod.oval:def:1701291 socket.c in GNU Screen through 4.9.0, when installed setuid or setgid , allows local users to send a privileged SIGHUP signal to any PID, causing a denial of service or disruption of the target process oval:org.secpod.oval:def:19500253 socket.c in GNU Screen through 4.9.0, when installed setuid or setgid , allows local users to send a privileged SIGHUP signal to any PID, causing a denial of service or disruption of the target process oval:org.secpod.oval:def:97535 [CLSA-2021:1618497131] Fixed CVE-2021-26937 in screen |