Lucene search
AmazonALAS2-2023-2023HistoryApr 27, 2023 - 6:36 p.m.
Low: screen
2023-04-2718:36:00
alas.aws.amazon.com
8
Issue Overview:
socket.c in GNU Screen through 4.9.0, when installed setuid or setgid (the default on platforms such as Arch Linux and FreeBSD), allows local users to send a privileged SIGHUP signal to any PID, causing a denial of service or disruption of the target process. (CVE-2023-24626)
Affected Packages:
screen
Note:
This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update screen to update your system.
New Packages:
aarch64:
screen-4.1.0-0.27.20120314git3c2946.amzn2.0.1.aarch64
screen-debuginfo-4.1.0-0.27.20120314git3c2946.amzn2.0.1.aarch64
i686:
screen-4.1.0-0.27.20120314git3c2946.amzn2.0.1.i686
screen-debuginfo-4.1.0-0.27.20120314git3c2946.amzn2.0.1.i686
src:
screen-4.1.0-0.27.20120314git3c2946.amzn2.0.1.src
x86_64:
screen-4.1.0-0.27.20120314git3c2946.amzn2.0.1.x86_64
screen-debuginfo-4.1.0-0.27.20120314git3c2946.amzn2.0.1.x86_64
Additional References
Red Hat: CVE-2023-24626
Mitre: CVE-2023-24626
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Amazon Linux | 2 | aarch64 | screen | < 4.1.0-0.27.20120314git3c2946.amzn2.0.1 | screen-4.1.0-0.27.20120314git3c2946.amzn2.0.1.aarch64.rpm |
| Amazon Linux | 2 | aarch64 | screen-debuginfo | < 4.1.0-0.27.20120314git3c2946.amzn2.0.1 | screen-debuginfo-4.1.0-0.27.20120314git3c2946.amzn2.0.1.aarch64.rpm |
| Amazon Linux | 2 | i686 | screen | < 4.1.0-0.27.20120314git3c2946.amzn2.0.1 | screen-4.1.0-0.27.20120314git3c2946.amzn2.0.1.i686.rpm |
| Amazon Linux | 2 | i686 | screen-debuginfo | < 4.1.0-0.27.20120314git3c2946.amzn2.0.1 | screen-debuginfo-4.1.0-0.27.20120314git3c2946.amzn2.0.1.i686.rpm |
| Amazon Linux | 2 | x86_64 | screen | < 4.1.0-0.27.20120314git3c2946.amzn2.0.1 | screen-4.1.0-0.27.20120314git3c2946.amzn2.0.1.x86_64.rpm |
| Amazon Linux | 2 | x86_64 | screen-debuginfo | < 4.1.0-0.27.20120314git3c2946.amzn2.0.1 | screen-debuginfo-4.1.0-0.27.20120314git3c2946.amzn2.0.1.x86_64.rpm |
Related
nessus
nessus
EulerOS 2.0 SP10 : screen (EulerOS-SA-2023-2393)
2023-07-18 00:00:00
EulerOS 2.0 SP11 : screen (EulerOS-SA-2023-2667)
2024-01-16 00:00:00
EulerOS 2.0 SP8 : screen (EulerOS-SA-2023-3159)
2024-01-16 00:00:00
packetstorm
packetstorm
GNU screen 4.9.0 Privilege Escalation
2023-04-06 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for screen (EulerOS-SA-2023-2367)
2023-07-17 00:00:00
Huawei EulerOS: Security Advisory for screen (EulerOS-SA-2023-2709)
2023-09-05 00:00:00
Huawei EulerOS: Security Advisory for screen (EulerOS-SA-2023-3455)
2023-12-15 00:00:00
ibm
ibm
zdt
zdt
GNU screen v4.9.0 - Privilege Escalation Exploit
2023-04-05 00:00:00
debiancve
debiancve
CVE-2023-24626
2023-04-08 05:15:07
alpinelinux
alpinelinux
CVE-2023-24626
2023-04-08 05:15:07
veracode
veracode
Denial Of Service (DoS)
2023-05-14 08:25:58
ubuntucve
ubuntucve
CVE-2023-24626
2023-04-08 00:00:00
mageia
mageia
Updated screen packages fix security vulnerability
2024-03-14 02:14:37
osv
osv
screen vulnerability
2023-07-03 12:53:20
CVE-2023-24626
2023-04-08 05:15:07
redhatcve
redhatcve
CVE-2023-24626
2023-04-10 06:29:46
prion
prion
Design/Logic Flaw
2023-04-08 05:15:00
cbl_mariner
cbl_mariner
CVE-2023-24626 affecting package screen for versions less than 4.9.1-1
2023-09-28 11:57:58
cvelist
cvelist
CVE-2023-24626
2023-04-08 00:00:00
cve
cve
CVE-2023-24626
2023-04-08 05:15:07
ubuntu
ubuntu
GNU Screen vulnerability
2023-07-03 00:00:00
exploitdb
exploitdb
GNU screen v4.9.0 - Privilege Escalation
2023-04-05 00:00:00