-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ________________________________________________________________________
OpenPKG Security Advisory OpenPKG GmbH http://www.openpkg.org/security/ http://openpkg.com OpenPKG-SA-2006.026 2006-10-26 ________________________________________________________________________ Package: screen Vulnerability: denial of service OpenPKG Specific: no Affected Series: Affected Packages: Corrected Packages: 1.0-ENTERPRISE n.a. >= screen-4.0.3-E1.0.0 2-STABLE-20061018 <= screen-4.0.2-2.20061018 >= screen-4.0.3-2.20061023 2-STABLE <= screen-4.0.2-2.20061018 >= screen-4.0.3-2.20061023 CURRENT <= screen-4.0.2-20061013 >= screen-4.0.3-20061023 Description: According to a vendor release announcement [0], a denial of service vulnerability exists in the virtual terminal application GNU screen [1], version 4.0.2 and earlier. The vulnerabilities exist in the handling of "UTF-8 combining characters" and allow user-assisted attackers to cause a Denial of Service (crash or hang of GNU screen) via certain UTF-8 character sequences. The Common Vulnerabilities and Exposures (CVE) project assigned the id CVE-2006-4573 [2] to the problem. ________________________________________________________________________ References: [0] http://lists.gnu.org/archive/html/screen-users/2006-10/msg00028.html [1] http://www.gnu.org/software/screen/ [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4573 ________________________________________________________________________ For security reasons, this advisory was digitally signed with the OpenPGP public key "OpenPKG <[EMAIL PROTECTED]>" (ID 63C4CB9F) which you can retrieve from http://www.openpkg.org/openpkg.pgp. Follow the instructions on http://www.openpkg.org/security/signatures/ for details on how to verify the integrity of this advisory. ________________________________________________________________________ -----BEGIN PGP SIGNATURE----- Comment: OpenPKG <[EMAIL PROTECTED]> iD8DBQFFQFNOgHWT4GPEy58RAkWTAJ9gxJwcgTQOL0NzAHK9xtLxlbgOtwCgkGwb uu2qkj9SuoBw0Pjv7vI6hFo= =oW1b -----END PGP SIGNATURE-----