exploitDog

SUSE-SU-2025:02186-1

Опубликовано: 01 июл. 2025

Источник: suse-cvrf

Описание

Security update for screen

This update for screen fixes the following issues:

Security issues fixed:

CVE-2025-46802: temporary chmod of a user's TTY to mode 0666 when attempting to attach to a multi-user session allows for TTY hijacking (bsc#1242269).

Other issues fixed:

Use TTY file descriptor passing after a suspend (MSG_CONT).

Список пакетов

SUSE Linux Enterprise Server LTSS Extended Security 12 SP5

screen-4.0.4-23.9.1

Ссылки

https://www.suse.com/support/update/announcement/2025/suse-su-202502186-1/
Link for SUSE-SU-2025:02186-1
https://lists.suse.com/pipermail/sle-updates/2025-July/040573.html
E-Mail link for SUSE-SU-2025:02186-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1242269
SUSE Bug 1242269
https://www.suse.com/security/cve/CVE-2025-46802/
SUSE CVE CVE-2025-46802 page

Описание

For a short time they PTY is set to mode 666, allowing any user on the system to connect to the screen session.

Затронутые продукты

SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:screen-4.0.4-23.9.1

Ссылки

https://www.suse.com/security/cve/CVE-2025-46802.html
CVE-2025-46802
https://bugzilla.suse.com/1242269
SUSE Bug 1242269

Уязвимость SUSE-SU-2025:02186-1