important: screen/docker-ce security update
important
An update for screen/docker-ce is now available for NewStart CGSL MAIN 5.04/CGSL CORE 5.04.
NewStart Security has rated this update as having a security impact of important. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
screen: The screen utility allows you to have multiple logins on just one terminal. Screen is useful for users who telnet into a machine or are connected via a dumb terminal, but want to use more than just one login. Install the screen package if you need a screen manager that can support multiple logins on one terminal.
docker-ce: This package provides debug information for package docker-ce. Debug information is useful when developing applications that use this package or when debugging this package.
Security Fix(es):
screen: A flaw was found in screen. A specially crafted sequence of combining characters could cause an out of bounds write leading to arbitrary code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2021-26937)
screen: bugfix
docker-ce: A flaw was found in the `userns-remap` feature of Docker. The root user in the remapped namespace can modify files under /var/lib/docker/
docker-ce: bugfix
Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 5.04.F32B3.