oss-sec mailing list archives
Re: screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations)
From: Stuart Henderson <stu () spacehopper org>
Date: Thu, 15 May 2025 16:09:51 +0100
On 2025/05/14 13:26, Matthias Gerstner wrote:
Hi, On Tue, May 13, 2025 at 03:48:31PM -0700, Mark Esler wrote:Cheers for the report Matthias and SUSE Security!thanks!Could you please comment on the affectedness of upstream screen 5.0.1? https://git.savannah.gnu.org/cgit/screen.git/commit/?h=screen-v5&id=464c8d8f945f53f8cbb854517279349e09d74756 This version was released ~an hour before your initial oss post. It appears that upstream landed the patches, which may be worth mentioning in your timeline.Indeed, this is the bugfix release announced by upstream here: https://lists.gnu.org/archive/html/screen-users/2025-05/msg00005.html
There are two different versions of the tar.gz; at present, some of the gnu.org mirrors have one, some have another. The earlier one includes .o and other generated files, also there are differences to some source and headers around WINESC_WIN_CARET. It would probably be helpful to make a 5.0.2 release to make it a little more clear.
Current thread:
- screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations) Matthias Gerstner (May 12)
- Re: screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations) Dr. Thomas Orgis (May 13)
- Re: screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations) Mark Esler (May 13)
- Re: screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations) Matthias Gerstner (May 14)
- Re: screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations) Stuart Henderson (May 15)
- Re: screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations) Matthias Gerstner (May 16)
- Re: screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations) Matthias Gerstner (May 14)
- Re: screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations) Jan Schaumann (May 16)
- Re: screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations) Eli Schwartz (May 16)
- Re: screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations) Taylor R Campbell (May 16)
- Re: screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations) Eli Schwartz (May 16)
- Re: describing affected systems (was: screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations)) Jacob Bachmeyer (May 16)
- Re: describing affected systems (was: screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations)) Jan Schaumann (May 17)
- Re: describing affected systems (was: screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations)) Taylor R Campbell (May 17)
- Re: describing affected systems Eli Schwartz (May 18)
- Re: screen: Multiple Security Issues in Screen (mostly affecting release 5.0.0 and setuid-root installations) Eli Schwartz (May 16)