Summary: | net-misc/netkit-telnetd: Possible RCE via 'netclear' and 'nextitem' functions (CVE-2020-10188) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sam James <sam> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED INVALID | ||
Severity: | normal | CC: | paolo.pedroni, proxy-maint |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://appgateresearch.blogspot.com/2020/02/bravestarr-fedora-31-netkit-telnetd_28.html | ||
Whiteboard: | B2 [upstream/ebuild cve] | ||
Package list: | Runtime testing required: | --- |
Description
Sam James
2020-03-06 21:50:55 UTC
Needs confirmation. Debian links to keep an eye on: * https://security-tracker.debian.org/tracker/CVE-2020-10188 * https://security-tracker.debian.org/tracker/source-package/netkit-telnet (general) Since we use the same patchset that Debian uses we are then not affected by this bug. (In reply to Paolo Pedroni from comment #3) > Since we use the same patchset that Debian uses we are then not affected by > this bug. Right, it looks now like it's been fixed for a while: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=953477 This is Fedora's patch but it looks like we don't need it: https://src.fedoraproject.org/rpms/telnet/raw/master/f/telnet-0.17-overflow-exploit.patch I'll close this given Debian's not affected. Thank you. |