|
|
Subscribe / Log in / New account

Fedora alert FEDORA-2025-f055a0d751 (screen)



From:
              updates--- via package-announce <package-announce@lists.fedoraproject.org>


To:
              package-announce@lists.fedoraproject.org


Subject:
              [SECURITY] Fedora 42 Update: screen-5.0.1-4.fc42


Date:
              Sat, 19 Jul 2025 21:33:10 +0000


Message-ID:
              <20250719213310.00DA48D394@bastion01.rdu3.fedoraproject.org>


Archive-link:
              Article


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-f055a0d751
2025-07-19 21:31:40.396395+00:00
--------------------------------------------------------------------------------

Name        : screen
Product     : Fedora 42
Version     : 5.0.1
Release     : 4.fc42
URL         : http://www.gnu.org/software/screen
Summary     : A screen manager that supports multiple logins on one terminal
Description :
The screen utility allows you to have multiple logins on just one
terminal. Screen is useful for users who telnet into a machine or are
connected via a dumb terminal, but want to use more than just one
login.

Install the screen package if you need a screen manager that can
support multiple logins on one terminal.

--------------------------------------------------------------------------------
Update Information:

Update default config options for build.
New upstream release 5.0.1
--------------------------------------------------------------------------------
ChangeLog:

* Mon Jun 30 2025 Josef Ridky <jridky@redhat.com> - 5.0.1-4
- Modify configuration options to reflect changes in version 5.0.1
* Sat Jun 28 2025 Charles R. Anderson <cra@alum.wpi.edu> - 5.0.1-3
- Add --enable-socket-dir
- Resolves: rhbz#2375347
* Wed Jun 25 2025 Josef Ridky <jridky@redhat.com> - 5.0.1-2
- Unify patch name
* Thu May 29 2025 Dick Marinus <dick@mrns.nl> - 5.0.1-1
- New upstream release 5.0.1 (#2366507)
* Tue Feb 11 2025 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 5.0.0-4
- Add sysusers.d config file to allow rpm to create users/groups automatically
* Sat Feb  1 2025 Björn Esser <besser82@fedoraproject.org> - 5.0.0-3
- Add explicit BR: libxcrypt-devel
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2362065 - [abrt] screen: strncpy(): screen killed by SIGABRT
        https://bugzilla.redhat.com/show_bug.cgi?id=2362065
  [ 2 ] Bug #2366507 - screen-5.0.1 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=2366507
  [ 3 ] Bug #2367169 - Backport to F42: Add sysusers.d config file to allow rpm to create
users/groups automatically
        https://bugzilla.redhat.com/show_bug.cgi?id=2367169
  [ 4 ] Bug #2368500 - CVE-2025-46803 screen: Screen by Default Creates World Writable PTYs
[fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2368500
  [ 5 ] Bug #2368501 - CVE-2025-46803 screen: Screen by Default Creates World Writable PTYs
[fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2368501
  [ 6 ] Bug #2368503 - CVE-2025-46802 screen: TTY Hijacking while Attaching to a Multiuser Session
[epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2368503
  [ 7 ] Bug #2368504 - CVE-2025-46802 screen: TTY Hijacking while Attaching to a Multiuser Session
[fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2368504
  [ 8 ] Bug #2374606 - CVE-2025-23395 screen: Local Root Exploit via `logfile_reopen()`
[fedora-42]
        https://bugzilla.redhat.com/show_bug.cgi?id=2374606
  [ 9 ] Bug #2375347 - screen changed location of sockets--now in $HOME/.screen rather than
/run/screen
        https://bugzilla.redhat.com/show_bug.cgi?id=2375347
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-f055a0d751' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgr...

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------





Attachment: None (type=text/plain)

-- 
_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-cond...
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/package-ann...
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds