Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 955907 (CVE-2025-23395, CVE-2025-46802, CVE-2025-46803, CVE-2025-46804, CVE-2025-46805) - app-misc/screen: multiple security issues
Summary: app-misc/screen: multiple security issues
Status: CONFIRMED
Alias: CVE-2025-23395, CVE-2025-46802, CVE-2025-46803, CVE-2025-46804, CVE-2025-46805
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High critical
Assignee: Gentoo Security
URL: https://security.opensuse.org/2025/05...
Whiteboard: B3 [ebuild]
Keywords: PATCH, PMASKED, PullRequest
Depends on:
Blocks:
 
Reported: 2025-05-13 07:20 UTC by Holger Hoffstätte
Modified: 2025-05-18 19:52 UTC (History)
5 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Holger Hoffstätte 2025-05-13 07:20:43 UTC 
See $URL for the report by SUSE. The article links to patches.


Reproducible: Always
Comment 1 Holger Hoffstätte 2025-05-13 07:33:22 UTC 
The patches apply cleanly, at least for my version of 5.0.0.
Comment 2 Holger Hoffstätte 2025-05-13 09:36:01 UTC 
5.0.1 released: https://savannah.gnu.org/news/?id=10771
Comment 3 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2025-05-14 02:08:28 UTC 
Security bugs belong in the Security product and Vulnerabilities component.

The 5.0.x issues cannot be critical for us, because screen-5 isn't in ~arch even (it's masked and has been since it was added).
Comment 4 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2025-05-14 02:09:56 UTC 
(In reply to Sam James from comment #3)
> The 5.0.x issues cannot be critical for us, because screen-5 isn't in ~arch
> even (it's masked and has been since it was added).

Per https://security.opensuse.org/2025/05/12/screen-security-issues.html#7-affectedness-matrix, we're only "partly" affected by https://security.opensuse.org/2025/05/12/screen-security-issues.html#3b-tty-hijacking-while-attaching-to-a-multi-user-session-cve-2025-46802.