Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
38872a14 by Salvatore Bonaccorso at 2020-04-14T05:31:47+02:00
Track CVE-2020-10188/inetutils as fixed via unstable
Note though, that Guillem Jover is adding:
* Add patch from Red Hat / Fedora:
- Fix arbitrary remote code execution in telnetd via short writes or
urgent data. Fixes CVE-2020-10188. Closes: #956084
Thanks to Michal Ruprich <[email protected]>.
Note: While the PoC exploit does not work on inetutils due to the
different codebases, the adapted patch was close enough to apply almost
directly, even though the information leak might appear to still remain.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3976,7 +3976,7 @@ CVE-2020-10190 (An issue was discovered in MunkiReport
before 5.3.0. An authenti
CVE-2020-10189 (Zoho ManageEngine Desktop Central before 10.0.474 allows
remote code e ...)
NOT-FOR-US: Zoho ManageEngine
CVE-2020-10188 (utility.c in telnetd in netkit telnet through 0.17 allows
remote attac ...)
- - inetutils <unfixed> (bug #956084)
+ - inetutils 2:1.9.4-12 (bug #956084)
- netkit-telnet 0.17-18woody2 (bug #953477)
- netkit-telnet-ssl 0.17.17+0.1-2woody3 (bug #953478)
NOTE:
https://appgateresearch.blogspot.com/2020/02/bravestarr-fedora-31-netkit-telnetd_28.html
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/38872a147214d15583a37bfe5771e3910c14b40d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/38872a147214d15583a37bfe5771e3910c14b40d
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
