USN-6198-1: GNU Screen vulnerability
3 July 2023
GNU Screen could be made to crash applications if it received specially crafted input.
- screen - terminal multiplexer with VT100/ANSI terminal emulation
It was discovered that GNU Screen was not properly checking user
identifiers before sending certain signals to target processes. If GNU
Screen was installed as setuid or setgid, a local attacker could possibly
use this issue to cause a denial of service on a target application.
The problem can be corrected by updating your system to the following package versions:
- screen - 4.6.2-1ubuntu1.1+esm1
- screen - 4.3.1-2ubuntu0.1+esm1
- screen - 4.1.0~20120320gitdb59704-9ubuntu0.1~esm3
In general, a standard system update will make all the necessary changes.