Sicherheit: Ausführen beliebiger Kommandos in GNU Screen

Lesezeichen hinzufügen

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============6102897127499727456==
Content-Type: multipart/signed; micalg=pgp-sha256;
protocol="application/pgp-signature";
boundary="HeDD0LyarmIGH9aWnzN3MsvTfpznzWniX"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--HeDD0LyarmIGH9aWnzN3MsvTfpznzWniX
Content-Type: multipart/mixed;
boundary="Xzq0T30EONQmLrcxVS0XrATH3io9DB604";
protected-headers="v1"
From: Marc Deslauriers <marc.deslauriers@canonical.com>
Reply-To: Ubuntu Security <security@ubuntu.com>
To: "ubuntu-security-announce@lists.ubuntu.com"
<ubuntu-security-announce@lists.ubuntu.com>
Message-ID: <a0b669b3-5a1a-e200-c0cb-e2f7509b72b8@canonical.com>
Subject: [USN-4747-1] GNU Screen vulnerability

--Xzq0T30EONQmLrcxVS0XrATH3io9DB604
Content-Type: text/plain; charset=utf-8
Content-Language: en-C
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-4747-1
February 24, 2021

screen vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.10
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS

Summary:

GNU Screen could be made to crash or run programs if it processed specially
crafted character sequences.

Software Description:
- screen: terminal multiplexer with VT100/ANSI terminal emulation

Details:

Felix Weinmann discovered that GNU Screen incorrectly handled certain
character sequences. A remote attacker could use this issue to cause GNU
Screen to crash, resulting in a denial of service, or possibly execute
arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.10:
screen 4.8.0-2ubuntu0.1

Ubuntu 20.04 LTS:
screen 4.8.0-1ubuntu0.1

Ubuntu 18.04 LTS:
screen 4.6.2-1ubuntu1.1

Ubuntu 16.04 LTS:
screen 4.3.1-2ubuntu0.1

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4747-1
CVE-2021-26937

Package Information:
https://launchpad.net/ubuntu/+source/screen/4.8.0-2ubuntu0.1
https://launchpad.net/ubuntu/+source/screen/4.8.0-1ubuntu0.1
https://launchpad.net/ubuntu/+source/screen/4.6.2-1ubuntu1.1
https://launchpad.net/ubuntu/+source/screen/4.3.1-2ubuntu0.1

--Xzq0T30EONQmLrcxVS0XrATH3io9DB604--

--HeDD0LyarmIGH9aWnzN3MsvTfpznzWniX
Content-Type: application/pgp-signature; name="OpenPGP_signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="OpenPGP_signature"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAmA2aGsACgkQZWnYVadE
vpP8hg/+LXnNEorGiDyTCQX4NoRKars5OW4cetMY+v3ofAmqKNVUuxORhjtjvkgH
9vdRufxfKWtVGAtMDZMFStd2VTDLgIiq9v85Oq4deiP3h8fSGaKgiXJI8LFvYrv4
TBGcn7Gmg7mb42gQsxiAwLBmVR6sbN51yl34H031srphzUmVo0x+5uXSc1JzeWS2
MEwIrnfZp58kHgHzs0yHdt5yJ/3tTcyZtMTdYLEVNf7/ONx6GIlLUCS5tytCf4w0
EWM8ZwVtCUh1sl8PsiTNVwoETuttVfpGH7EsY3/xxBLXm5IniFcSfQUacD29WA/+
1tcM8+c4bOeyNnzflgRZ26mUTlivg+trVMgpZ7IdUFt7xuFoaVaICo5ro1Iy07nQ
DeLYkpEsehI4DeLEbkNhjmlPxqaegPjGTZ4n0OLOmmuRMt08PA2IMc23qaOFjrC8
aRw9u7iGu5H3GnfztLgjKZHe/k7iaAhZoAI5Efvau49nPjpu1tHP+9BRH2+IkW/U
LZ1JUQIma4lVxTTHqvp1DTi70cXqDvkeOhlpG5jy0999A3mBnzD8BWrLFp5MuNZM
l1PP7Kg6aVkVaR+Y9HdlG3jCrIOOOPUfToPSIdBF150vh/KFlT/IhbwfPjvop3zR
plc83GFkc8eY8z94V5G8Ll2Kws9ykoQZomepruct7+4rdqLbpR4=
=tWWP
-----END PGP SIGNATURE-----

--HeDD0LyarmIGH9aWnzN3MsvTfpznzWniX--

--===============6102897127499727456==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

LS0gCnVidW50dS1zZWN1cml0eS1hbm5vdW5jZSBtYWlsaW5nIGxpc3QKdWJ1bnR1LXNlY3VyaXR5
LWFubm91bmNlQGxpc3RzLnVidW50dS5jb20KTW9kaWZ5IHNldHRpbmdzIG9yIHVuc3Vic2NyaWJl
IGF0OiBodHRwczovL2xpc3RzLnVidW50dS5jb20vbWFpbG1hbi9saXN0aW5mby91YnVudHUtc2Vj
dXJpdHktYW5ub3VuY2UK

--===============6102897127499727456==--