Debian has issued an advisory today (September 4): https://lists.debian.org/debian-security-announce/2015/msg00251.html The DSA will be posted here: https://www.debian.org/security/2015/dsa-3352 Patched packages uploaded for Mageia 4, Mageia 5, and Cauldron. Advisory: ======================== Updated screen package fixes security vulnerability: A vulnerability was found in screen causing a stack overflow which results in crashing the screen server process, resulting in denial of service (CVE-2015-6806). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6806 https://www.debian.org/security/2015/dsa-3352 ======================== Updated packages in core/updates_testing: ======================== screen-4.0.3-13.1.mga4 screen-4.2.1-3.1.mga5 from SRPMS: screen-4.0.3-13.1.mga4.src.rpm screen-4.2.1-3.1.mga5.src.rpm Reproducible: Steps to Reproduce:
Version: Cauldron => 5Whiteboard: (none) => MGA4TOO
URL: (none) => http://lwn.net/Vulnerabilities/656652/
FYI this came from this oss-security thread: http://openwall.com/lists/oss-security/2015/09/01/1
Tested with running this command inside screen : $ printf '\x1b[10000000T' mga5 x86_64 screen-4.2.1-3.mga5.x86_64 : crash screen-4.2.1-3.1.mga5.x86_64 : clear screen mga4 x86_64 (VM) screen-4.0.3-13.mga4.x86_64 : crash screen-4.0.3-13.1.mga4.x86_64 : clear screen Update OK.
CC: (none) => yann.cantinWhiteboard: MGA4TOO => MGA4TOO MGA5-64-OK MGA4-64-OK
Tested Mageia 4 i586 and Mageia 5 i586. Before the update the printf makes it hang, after the update it clears the screen.
Whiteboard: MGA4TOO MGA5-64-OK MGA4-64-OK => MGA4TOO has_procedure MGA4-32-OK MGA4-64-OK MGA5-32-OK MGA5-64-OK
Validating.
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
Advisory uploaded.
Whiteboard: MGA4TOO has_procedure MGA4-32-OK MGA4-64-OK MGA5-32-OK MGA5-64-OK => MGA4TOO has_procedure advisory MGA4-32-OK MGA4-64-OK MGA5-32-OK MGA5-64-OK
An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2015-0354.html
Status: NEW => RESOLVEDResolution: (none) => FIXED