[ubuntu/jammy-security] screen 4.9.0-1ubuntu0.1 (Accepted)
Marc Deslauriers
marc.deslauriers at canonical.com
Mon Jan 26 17:32:51 UTC 2026
screen (4.9.0-1ubuntu0.1) jammy-security; urgency=medium
* SECURITY UPDATE: can send privileged SIGHUP signals to any process
- debian/patches/CVE-2023-24626.patch: fix missing signal sending
permission check on failed query messages in socket.c.
- CVE-2023-24626
* SECURITY UPDATE: incorrect PTY permissions
- debian/patches/CVE-2025-46802.patch: prevent temporary 0666 mode on
PTYs in attacher.c, screen.c.
- CVE-2025-46802
* SECURITY UPDATE: minor information leak
- debian/patches/CVE-2025-46804.patch: avoid file existence test
information leaks in screen.c, socket.c.
- CVE-2025-46804
* SECURITY UPDATE: TOCTOU allowing to send SIGHUP, SIGCONT
- debian/patches/CVE-2025-46805.patch: don't send signals with root
privileges in socket.c.
- CVE-2025-46805
Date: 2026-01-22 20:29:11.364992+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/screen/4.9.0-1ubuntu0.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the jammy-changes
mailing list