AXSA:2020-158:03

Release date: 
Thursday, June 18, 2020 - 04:24
Subject: 
telnet-0.17-73.el8.1
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

Telnet is a popular protocol for logging in to remote systems over the Internet. The telnet-server packages include a telnet service that supports remote logins into the host machine. The telnet service is disabled by default.

Security Fix(es):

* telnet-server: no bounds checks in nextitem() function allows to remotely execute arbitrary code (CVE-2020-10188)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2020-10188
utility.c in telnetd in netkit telnet through 0.17 allows remote attackers to execute arbitrary code via short writes or urgent data, because of a buffer overflow involving the netclear and nextitem functions.

Solution: 

Update packages.

Additional Info: 

N/A

Download: 

SRPMS
  1. telnet-0.17-73.el8.1.src.rpm
    MD5: f2717dc973a96359fe20fb61f0a2e6b3
    SHA-256: 76cf6c9e82a5be54e7db7f03c0172644e403c9ee518ac4310da7f96dbc308707
    Size: 293.33 kB

Asianux Server 8 for x86_64
  1. telnet-0.17-73.el8.1.x86_64.rpm
    MD5: 929ee58ace1825de7cae82cca8d01eac
    SHA-256: 6e68498bd2ea0944323d0aaca443395594a078c454539880185c99e1ed7cf618
    Size: 70.83 kB
  2. telnet-server-0.17-73.el8.1.x86_64.rpm
    MD5: 801517196ef84e6e927a9a9d8bcecb71
    SHA-256: 94c007528b0b6ea55232359a2a299f121c53035cc09e319bf8dcac2db21479a2
    Size: 46.88 kB
Copyright© 2007-2015 Asianux. All rights reserved.