From the screen-users mailing list: I've just released screen-4.0.3. This is not the promised next version with vertical split and other cool things, but just a security release that fixes two bugs in the utf8 combining characters handling. The bugs could be used to crash/hang screen by writing a special string to a window. The fixed version is (as usual) available via: ftp://ftp.uni-erlangen.de/pub/utilities/screen/screen-4.0.3.tar.gz Credits go to cstone & Rich Felker for finding the bugs. Kees Cook of Ubuntu analysed this issue and determined that it's likely an exploitable issue, but it's non trivial to exploit. This will require a fair amount of user interaction to exploit, thus the low severity. This issue also likely affects RHEL2.1 and RHEL3
Solved in rawhide.
New version, fix bugs from comment#1
Please update on screen-4.0.3 and higher.
Statement: Red Hat no longer plans to fix this issue in Red Hat Enterprise Linux 4.