I'm glad to announce the new release of GNU screen.
Screen is a full-screen window manager that multiplexes a physical
terminal between several processes, typically interactive shells.
5.0.1 is a security fix release. It includes only a few code fixes,
types and security issues. It doesn't include any new features.
- CVE-2025-46805: do NOT send signals with root privileges
- CVE-2025-46804: avoid file existence test information leaks
- CVE-2025-46803: apply safe PTY default mode of 0620
- CVE-2025-46802: prevent temporary 0666 mode on PTYs in attacher
- CVE-2025-23395: reintroduce lf_secreopen() for logfile
- buffer overflow due bad strncpy()
- uninitialized variables warnings
- typos
- combining char handling that could lead to a segfault
Release (official tarball) will be available soon for download:
https://ftp.gnu.org/gnu/screen/
Please report any bugs or regressions.
Thanks to everyone who contributed to this release.
Cheers,
Alex