{"id":"OESA-2024-1361","summary":"telnet security update","details":"Telnet is an application protocol used on the Internet or local area network to provide a bidirectional interactive text-oriented communication facility using a virtual terminal connection. The package includes a remote login client program for telnet and a server daemon.\r\n\r\nSecurity Fix(es):\r\n\r\ntelnetd in GNU Inetutils through 2.3, MIT krb5-appl through 1.0.3, and derivative works has a NULL pointer dereference via 0xff 0xf7 or 0xff 0xf8. In a typical installation, the telnetd application would crash but the telnet service would remain available through inetd. However, if the telnetd application has many crashes within a short time interval, the telnet service would become unavailable after inetd logs a "telnet/tcp server failing (looping), service terminated" error. NOTE: MIT krb5-appl is not supported upstream but is shipped by a few Linux distributions. The affected code was removed from the supported MIT Kerberos 5 (aka krb5) product many years ago, at version 1.8.(CVE-2022-39028)","modified":"2025-09-03T06:18:25.396716Z","published":"2024-04-12T11:07:33Z","upstream":["CVE-2022-39028"],"database_specific":{"severity":"High"},"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2024-1361"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-39028"}],"affected":[{"package":{"name":"telnet","ecosystem":"openEuler:22.03-LTS-SP2","purl":"pkg:rpm/openEuler/telnet&distro=openEuler-22.03-LTS-SP2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.17-79.oe2203sp2"}]}],"ecosystem_specific":{"aarch64":["telnet-0.17-79.oe2203sp2.aarch64.rpm","telnet-debugsource-0.17-79.oe2203sp2.aarch64.rpm","telnet-debuginfo-0.17-79.oe2203sp2.aarch64.rpm","telnet-help-0.17-79.oe2203sp2.aarch64.rpm"],"x86_64":["telnet-debuginfo-0.17-79.oe2203sp2.x86_64.rpm","telnet-0.17-79.oe2203sp2.x86_64.rpm","telnet-help-0.17-79.oe2203sp2.x86_64.rpm","telnet-debugsource-0.17-79.oe2203sp2.x86_64.rpm"],"src":["telnet-0.17-79.oe2203sp2.src.rpm"]},"database_specific":{"source":"https://repo.openeuler.org/security/data/osv/OESA-2024-1361.json"}}],"schema_version":"1.7.3"}