Advisories » MGASA-2024-0057

Updated screen packages fix security vulnerability

Publication date: 13 Mar 2024
Modification date: 13 Mar 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2023-24626

Description

The updated package fixes a security vulnerability:
socket.c in GNU Screen through 4.9.0, when installed setuid or setgid
(the default on platforms such as Arch Linux and FreeBSD), allows local
users to send a privileged SIGHUP signal to any PID, causing a denial of
service or disruption of the target process. (CVE-2023-24626)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=32074
• https://ubuntu.com/security/notices/USN-6198-1
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24626

SRPMS

9/core

• screen-4.9.0-4.1.mga9