-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2021.0654
                          screen security update
                             22 February 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           screen
Publisher:         Debian
Operating System:  Debian GNU/Linux
Impact/Access:     Execute Arbitrary Code/Commands -- Remote/Unauthenticated
                   Denial of Service               -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2021-26937  

Reference:         ESB-2021.0646
                   ESB-2021.0593

Original Bulletin: 
   http://www.debian.org/security/2021/dsa-4861

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- - -------------------------------------------------------------------------
Debian Security Advisory DSA-4861-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
February 21, 2021                     https://www.debian.org/security/faq
- - -------------------------------------------------------------------------

Package        : screen
CVE ID         : CVE-2021-26937
Debian Bug     : 982435

Felix Weinmann reported a flaw in the handling of combining characters
in screen, a terminal multiplexer with VT100/ANSI terminal emulation,
which can result in denial of service, or potentially the execution of
arbitrary code via a specially crafted UTF-8 character sequence.

For the stable distribution (buster), this problem has been fixed in
version 4.6.2-3+deb10u1.

We recommend that you upgrade your screen packages.

For the detailed security status of screen please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/screen

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmAyGg5fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0Q3wA//SGsG25NQXdDvHYwzHmmxFvqYv/FhJAx/2+d14I8rmTU/RffILErbUQWZ
4XTWsi7fMicz5Xbs1mViWhXdhjuHbSXc463zoy6ZH5KGkxdnw/oAAwN3DW+GaD1I
rUStdDcmVtjOYTwK1OZp1t5eBi19CvNoGolKTRdQyePOMi+Q/zjzMOwEq3XnD1r0
84Ju+xPs7cYWV4va7A+jTPrLoYo4ihG1Do2xDy7n+yYbNhsGszVGsNKVXkHT+8C0
zk2NnAuTv/+De3kbLLiZgaYX5/jhT/qw3f7y3o4OOspBFEebmQxFuug/jdsnQsW3
PPY9+G7gIB5b1jh3zVLgOAgeh3K7G70TMqjrw1bOyNPmckop/FukpCbjvQcRdkEx
bMLiJCX6Q8Zrd2wAfCcgzRRY1LOJ9kTlV59y4wNsjfx8KLTuzIO/7hPvEUodMqev
xsGVomNXN0Lst1uWLue4qIZeLLLXtNYNfIP5hZ4jm3d5BEyaVns2PHZlDkXUZbUZ
PJEMNa+QhQajIJ4WqtHraq2UPi9ud3NYk0eJHbBl1dATFML/yWeVXA9+qr4bhK4a
doxQPttCqOWESYWB/RZWGSurfl1WnTA5gP0ezZIcjUpdcOuUQ3fd7Kkyw0Q/i6sm
dWFD9EUBb8QF0Z6+BHamKOW7myjRYpTnVADD0RMD18+Vc22TTNI=
=6/ko
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYDM54+NLKJtyKPYoAQivSA//W00HJahrKsx6cqdriE8wxm13eD1Tqk8d
0+HXo4RIVaKfupvlW1ou5RQWg8+avjGoAA5oXPExNaGvs98tRxKQGvQ6hd3D9tKF
Y1B8SN9JjXfxAuqZTPGUtXeUfAJdEmDkap5NidVCrHDgjaWJjh5l5LwC6VPqEhtr
RVhj0qEGsx9o4a6AnnHxNS7aBY0j6Jxf4AbNeEeGl8NfgCZTisQ3Dsua5vDqWTic
+6GSIi+8hRIJ80R3NmOUpNmxvZvkViGEUXb+u+px93y2R25ePITUEmwlMHvgT8HK
psdvcnn8vb/kTe4luyTJKS8hWttqcgPQ7Ihx/iih22usgy/q2qgyp6YxEKqV9Wnd
QxCbnVmaRp02qPpHYZDcsxjwtienzcQWmDKdwp5ZrUPfGqq//K+QGaO9kX0JlOMF
bCC15k/ee5ShDz8B/pgmtRMm0oOf2zP+J2se8eYd+UNTlit4mthyFnUvyoKBrP49
dsYcJCxUTxg/fuXaAWzF5Fo78s3+/kkoQFO+MvY+SPTa7PVRz96yrvSN9NaNnvW0
1/HsmcY5Oo9Q28DcNhqJ6JwNRbxfL7sPFm4/K2vk5UyAQXMrcIei7CbPSHJAtHFv
B0LtWineDx67JDb9qmZKqWDEWtMugZz1IcUARAVLSxiKTDyEs6aFuuDKm4A5p/ae
9zOiTQ9IpkE=
=dhZD
-----END PGP SIGNATURE-----