Debian has issued an advisory today (September 4):
The DSA will be posted here:
Patched packages uploaded for Mageia 4, Mageia 5, and Cauldron.
Updated screen package fixes security vulnerability:
A vulnerability was found in screen causing a stack overflow which results in
crashing the screen server process, resulting in denial of service
Updated packages in core/updates_testing:
Steps to Reproduce:
FYI this came from this oss-security thread:
Tested with running this command inside screen :
$ printf '\x1b[10000000T'
screen-4.2.1-3.mga5.x86_64 : crash
screen-4.2.1-3.1.mga5.x86_64 : clear screen
mga4 x86_64 (VM)
screen-4.0.3-13.mga4.x86_64 : crash
screen-4.0.3-13.1.mga4.x86_64 : clear screen
MGA4TOO MGA5-64-OK MGA4-64-OK
Tested Mageia 4 i586 and Mageia 5 i586. Before the update the printf makes it hang, after the update it clears the screen.
MGA4TOO MGA5-64-OK MGA4-64-OK =>
MGA4TOO has_procedure MGA4-32-OK MGA4-64-OK MGA5-32-OK MGA5-64-OK
MGA4TOO has_procedure MGA4-32-OK MGA4-64-OK MGA5-32-OK MGA5-64-OK =>
MGA4TOO has_procedure advisory MGA4-32-OK MGA4-64-OK MGA5-32-OK MGA5-64-OK
An update for this issue has been pushed to Mageia Updates repository.