FS#69876 - [screen] 4.8.0-2 [Security] arbitrary code execution (CVE-2021-26937)
Attached to Project:
Arch Linux
Opened by Pascal Ernster (hardfalcon) - Wednesday, 03 March 2021, 23:57 GMT
Last edited by Evangelos Foutras (foutrelis) - Thursday, 04 March 2021, 17:04 GMT
Opened by Pascal Ernster (hardfalcon) - Wednesday, 03 March 2021, 23:57 GMT
Last edited by Evangelos Foutras (foutrelis) - Thursday, 04 March 2021, 17:04 GMT
|
Details
Summary
======= screen 4.8.0-2 is vulnerable to arbitrary code execution via CVE-2021-26937. Guidance ======== There's a patch available from Debian which appears to work: https://sources.debian.org/data/main/s/screen/4.8.0-6/debian/patches/99_CVE-2021-26937.patch References ========== https://security.archlinux.org/AVG-1553 https://www.openwall.com/lists/oss-security/2021/02/09/3 https://lists.gnu.org/archive/html/screen-devel/2021-02/msg00000.html https://savannah.gnu.org/bugs/?60030 https://security-tracker.debian.org/tracker/CVE-2021-26937 https://sources.debian.org/patches/screen/4.8.0-6/99_CVE-2021-26937.patch/ |
This task depends upon
Closed by Evangelos Foutras (foutrelis)
Thursday, 04 March 2021, 17:04 GMT
Reason for closing: Fixed
Additional comments about closing: Patch included in screen 4.8.0-3.
Thursday, 04 March 2021, 17:04 GMT
Reason for closing: Fixed
Additional comments about closing: Patch included in screen 4.8.0-3.