Ubuntu has issued an advisory on July 3: https://ubuntu.com/security/notices/USN-6198-1 It sounds like, like for Ubuntu, this is not actually a security issue for us. It should be easy enough to include the patch in Cauldron anyway, and maybe just check it into SVN for Mageia 8.
No obvious packager for this, so assigning globally. CC'ing DavidG, but it is years since he dealt with it.
Assignee: bugsquad => pkg-bugsCC: (none) => geiger.david68210
Suggested advisory: ======================== The updated package fixes a security vulnerability: socket.c in GNU Screen through 4.9.0, when installed setuid or setgid (the default on platforms such as Arch Linux and FreeBSD), allows local users to send a privileged SIGHUP signal to any PID, causing a denial of service or disruption of the target process. (CVE-2023-24626) References: https://ubuntu.com/security/notices/USN-6198-1 ======================== Updated package in core/updates_testing: ======================== screen-4.9.0-4.1.mga9 from SRPM: screen-4.9.0-4.1.mga9.src.rpm
CC: (none) => nicolas.salgueroAssignee: pkg-bugs => qa-bugsStatus: NEW => ASSIGNEDCVE: (none) => CVE-2023-24626Version: Cauldron => 9
Keywords: (none) => advisory
RH mageia 9 x86_64 LC_ALL=C urpmi --auto --auto-update medium "QA Testing (32-bit)" is up-to-date medium "QA Testing (64-bit)" is up-to-date medium "Core Release (distrib1)" is up-to-date medium "Core Updates (distrib3)" is up-to-date medium "Nonfree Release (distrib11)" is up-to-date medium "Nonfree Updates (distrib13)" is up-to-date medium "Tainted Release (distrib21)" is up-to-date medium "Tainted Updates (distrib23)" is up-to-date medium "Core 32bit Release (distrib31)" is up-to-date medium "Core 32bit Updates (distrib32)" is up-to-date medium "Nonfree 32bit Release (distrib36)" is up-to-date medium "Tainted 32bit Release (distrib41)" is up-to-date medium "Tainted 32bit Updates (distrib42)" is up-to-date installing screen-4.9.0-4.1.mga9.x86_64.rpm from //home/katnatek/qa-testing/x86_64 Preparing... ################################################################################################## 1/1: screen ################################################################################################## 1/1: removing screen-4.9.0-4.mga9.x86_64 ################################################################################################## use screen to run a script without issues, screen have capacities that I don't use, so this is all the test I can do
Installed basic testing completed. It appears to work, though the version reported from screen seems out dated.
CC: (none) => brtians1Whiteboard: (none) => MGA9-64-OK
Validating.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2024-0057.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED