14 May
2025
14 May
'25
1:44 p.m.
'In July 2024, the upstream Screen maintainer asked us [2] if we could have a look at the current Screen code base. We treated this request with lower priority, since we already had a cursory look at Screen a few years earlier, without finding any problems. When we actually found time to look into it again, we were surprised to find a local root exploit in the Screen 5.0.0 major version update affecting distributions that ship it as setuid-root (Arch Linux and NetBSD). We also found a number of additional, less severe issues that partly also affect older Screen versions still found in the majority of distributions.' -- source: https://www.openwall.com/lists/oss-security/2025/05/12/1 Cheers, Peter