Ubuntu alert USN-7978-1 (screen)
| From: | noreply+usn-bot@canonical.com | |
| To: | ubuntu-security-announce@lists.ubuntu.com | |
| Subject: | [USN-7978-1] GNU Screen vulnerabilities | |
| Date: | Mon, 26 Jan 2026 23:37:28 +0000 | |
| Message-ID: | <E1vkW9A-0005cz-BQ@lists.ubuntu.com> |
========================================================================== Ubuntu Security Notice USN-7978-1 January 26, 2026 screen vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS Summary: Several security issues were fixed in GNU Screen. Software Description: - screen: terminal multiplexer with VT100/ANSI terminal emulation Details: It was discovered that GNU Screen incorrectly handled signals when setuid or setgid privileges were being used, which is not the default in Ubuntu. A local attacker could use this issue to send privileged signals, possibly leading to a denial of service. This issue only affected Ubuntu 22.04 LTS. (CVE-2023-24626) It was discovered that GNU Screen incorrectly handled PTY permissions. A local attacker could possibly use this issue to connect to an unauthorized screen session. (CVE-2025-46802) It was discovered that GNU Screen incorrectly handled file access when setuid privileges were being used, which is not the default in Ubuntu. A local attacker could use this issue to deduce information about certain file paths. (CVE-2025-46804) It was discovered that GNU Screen incorrectly handled signals when setuid privileges were being used, which is not the default in Ubuntu. A local attacker could use this issue to send privileged signals, possibly leading to a denial of service. (CVE-2025-46805) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 24.04 LTS screen 4.9.1-1ubuntu1 Ubuntu 22.04 LTS screen 4.9.0-1ubuntu0.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7978-1 CVE-2023-24626, CVE-2025-46802, CVE-2025-46804, CVE-2025-46805 Package Information: https://launchpad.net/ubuntu/+source/screen/4.9.1-1ubuntu1 https://launchpad.net/ubuntu/+source/screen/4.9.0-1ubuntu0.1
Attachment: signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEE+8neBLO2Hp/ppPlOcpJm3tlzhgEFAml3+nAACgkQcpJm3tlz hgHh9xAAiFJS96i90sdU1jCKoKB/xwoZ20/qUZfkBF0dX0XKG14zGTvk75xqcCUR QLlxFhvjc3lx8m7/d40CCBFvdvFy61IMtmwBgl/mV10NJXCBUPXCJohvjDlxDtLS W4q/TzJNn4Qv0awwtNhFCRmep3UWkGj66TZt0j/UDo7ks1/moP6KoYsRaC0EPV/E kvHnQxM4UPyEeYcKuLV2PipAo+WkOZ5wSF2ofmbIQ+MR0W8b01P3Zhih4TZ6bBr1 xrgY/7NpOzv92AH8+zEPxwNQufPgOQM2nlKsd1IlTfZ23vt1l/9SXqeMqm81+YJW 4d9w8LhjYWIzOFyFvuivTXd6CdfEvet029OwDYqKp1XmwoFFncpma0b99i8FbTzl 78bHm87UzePiKySFB97xM5v5c9uCaUiftFpTC2TBNv1GLJLx2rSaRUeYESfOC1z9 XbrXzyzNiayWlwTWPFSZRmR3us7NEr2iQMBWEvBt5LtOFrrlq9tYGK5oEKCm6xHT IKCOu0fZRsnOzOYbafT9Ayf2z3K/Yxt8B6aPjEj2j3X0HuWp+AqS8YBnidq/Fnsp GScVfqludtrc6Ci/dd/6/wX5Po3It8FNfOi+QuQ6NBjh7cuXbor146bLcVk09Tx9 qFkw1hE3WKQw3je2piuHB2JwmSro0plzOUrN307nERlgGDUcJXc= =5N6m -----END PGP SIGNATURE-----