Overview

File _patchinfo of Package patchinfo.38827

<patchinfo incident="38827">
  <issue tracker="bnc" id="1242269">VUL-0: CVE-2025-46802: screen: temporary chown() of users' TTY to mode 0666 allows PTY hijacking in screen 5.0.0, 4.9.1 and older</issue>
  <issue tracker="cve" id="2025-46802"/>
  <packager>mlschroe</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for screen</summary>
  <description>This update for screen fixes the following issues:

Security issues fixed:
    
- CVE-2025-46802: temporary `chmod` of a user's TTY to mode 0666 when attempting to attach to a multi-user session
  allows for TTY hijacking (bsc#1242269).

Other issues fixed:

- Use TTY file descriptor passing after a suspend (`MSG_CONT`).
- Fix resume after suspend in multi-user mode.
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places