Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                            CERT-Renater

                Note d'Information No. 2025/VULN299

_____________________________________________________________________

DATE                : 13/05/2025

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running GNU Screen versions prior to
                                       5.0.1.

=====================================================================
https://lists.gnu.org/archive/html/screen-users/2025-05/msg00005.html
_____________________________________________________________________

GNU Screen v.5.0.1 is released


Hi everyone,
I'm glad to announce the new release of GNU screen.

Screen is a full-screen window manager that multiplexes a physical
terminal between several processes, typically interactive shells.

5.0.1 is a security fix release. It includes only a few code fixes,
types and security issues. It doesn't include any new features.

    CVE-2025-46805: do NOT send signals with root privileges
    CVE-2025-46804: avoid file existence test information leaks
    CVE-2025-46803: apply safe PTY default mode of 0620
    CVE-2025-46802: prevent temporary 0666 mode on PTYs in attacher
    CVE-2025-23395: reintroduce lf_secreopen() for logfile
    buffer overflow due bad strncpy()
    uninitialized variables warnings
    typos
    combining char handling that could lead to a segfault 


Release (official tarball) will be available soon for download:
https://ftp.gnu.org/gnu/screen/
Please report any bugs or regressions.
Thanks to everyone who contributed to this release.

Cheers,
Alex 

=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================