SUSE-SU-2025:02016-1

Опубликовано: 19 июн. 2025

Источник: suse-cvrf

Описание

Security update for screen

This update for screen fixes the following issues:

Security issues fixed:

CVE-2025-46802: temporary chmod of a user's TTY to mode 0666 when attempting to attach to a multi-user session allows for TTY hijacking (bsc#1242269).

Other issues fixed:

Use TTY file descriptor passing after a suspend (MSG_CONT).
Fix resume after suspend in multi-user mode.

Список пакетов

Container bci/kiwi:latest

screen-4.6.2-150000.5.8.1

Image SLES15-SP7-BYOS-EC2

screen-4.6.2-150000.5.8.1

Image SLES15-SP7-BYOS-GCE

screen-4.6.2-150000.5.8.1

Image SLES15-SP7-EC2

screen-4.6.2-150000.5.8.1

Image SLES15-SP7-GCE

screen-4.6.2-150000.5.8.1

Image SLES15-SP7-HPC-BYOS-EC2

screen-4.6.2-150000.5.8.1

Image SLES15-SP7-Hardened-BYOS-EC2

screen-4.6.2-150000.5.8.1

Image SLES15-SP7-Hardened-BYOS-GCE

screen-4.6.2-150000.5.8.1

Image SLES15-SP7-SAP-BYOS-EC2

screen-4.6.2-150000.5.8.1

Image SLES15-SP7-SAP-BYOS-GCE

screen-4.6.2-150000.5.8.1

Image SLES15-SP7-SAP-EC2

screen-4.6.2-150000.5.8.1

Image SLES15-SP7-SAP-GCE

screen-4.6.2-150000.5.8.1

Image SLES15-SP7-SAP-Hardened-BYOS-EC2

screen-4.6.2-150000.5.8.1

Image SLES15-SP7-SAP-Hardened-BYOS-GCE

screen-4.6.2-150000.5.8.1

Image SLES15-SP7-SAP-Hardened-GCE

screen-4.6.2-150000.5.8.1

Image SLES15-SP7-SAPCAL-EC2

screen-4.6.2-150000.5.8.1

Image SLES15-SP7-SAPCAL-GCE

screen-4.6.2-150000.5.8.1

SUSE Linux Enterprise Micro 5.3

screen-4.6.2-150000.5.8.1

SUSE Linux Enterprise Micro 5.4

screen-4.6.2-150000.5.8.1

SUSE Linux Enterprise Micro 5.5

screen-4.6.2-150000.5.8.1

SUSE Linux Enterprise Module for Basesystem 15 SP6

screen-4.6.2-150000.5.8.1

SUSE Linux Enterprise Module for Basesystem 15 SP7

screen-4.6.2-150000.5.8.1

openSUSE Leap 15.6

screen-4.6.2-150000.5.8.1

Ссылки

https://www.suse.com/support/update/announcement/2025/suse-su-202502016-1/
Link for SUSE-SU-2025:02016-1
https://lists.suse.com/pipermail/sle-updates/2025-June/040374.html
E-Mail link for SUSE-SU-2025:02016-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1242269
SUSE Bug 1242269
https://www.suse.com/security/cve/CVE-2025-46802/
SUSE CVE CVE-2025-46802 page

Описание

For a short time they PTY is set to mode 666, allowing any user on the system to connect to the screen session.

Затронутые продукты

Container bci/kiwi:latest:screen-4.6.2-150000.5.8.1

Image SLES15-SP7-BYOS-EC2:screen-4.6.2-150000.5.8.1

Image SLES15-SP7-BYOS-GCE:screen-4.6.2-150000.5.8.1

Image SLES15-SP7-EC2:screen-4.6.2-150000.5.8.1

Ссылки

https://www.suse.com/security/cve/CVE-2025-46802.html
CVE-2025-46802
https://bugzilla.suse.com/1242269
SUSE Bug 1242269

SUSE-SU-2025:02016-1

Описание

Список пакетов

Container bci/kiwi:latest

Image SLES15-SP7-BYOS-EC2

Image SLES15-SP7-BYOS-GCE

Image SLES15-SP7-EC2

Image SLES15-SP7-GCE

Image SLES15-SP7-HPC-BYOS-EC2

Image SLES15-SP7-Hardened-BYOS-EC2

Image SLES15-SP7-Hardened-BYOS-GCE

Image SLES15-SP7-SAP-BYOS-EC2

Image SLES15-SP7-SAP-BYOS-GCE

Image SLES15-SP7-SAP-EC2

Image SLES15-SP7-SAP-GCE

Image SLES15-SP7-SAP-Hardened-BYOS-EC2

Image SLES15-SP7-SAP-Hardened-BYOS-GCE

Image SLES15-SP7-SAP-Hardened-GCE

Image SLES15-SP7-SAPCAL-EC2

Image SLES15-SP7-SAPCAL-GCE

SUSE Linux Enterprise Micro 5.3

SUSE Linux Enterprise Micro 5.4

SUSE Linux Enterprise Micro 5.5

SUSE Linux Enterprise Module for Basesystem 15 SP6

SUSE Linux Enterprise Module for Basesystem 15 SP7

openSUSE Leap 15.6

Ссылки

Уязвимость: CVE-2025-46802

Описание

Затронутые продукты

Ссылки