'screen' exploit errata: RHSA-2000:058-03

[Dunnavant Crutcher <crutcher () REDHAT COM>]

Screen allows the user to overload the visual bell with a text message
that
can be set by the user. This text message is handled as a format string,
instead of as a pure string, so maliciously written format strings are
allowed to overwrite the stack. Since screen in Red Hat Linux 5.2 and
earlier releases was setuid root, this security hole could be exploited
to
gain a root shell.

We are pushing an errata on this, that distributes a fixed RPM,
screen-3.7.4-4
The Errata Number is RHSA-2000:058-03
--
"I may be a monkey,     Crutcher Dunnavant
 but I'm a monkey       <crutcher () redhat com>
 with ambition!"        Red Hat OS Development