Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2022:3735-1

Опубликовано: 26 окт. 2022
Источник: suse-cvrf

Описание

Security update for telnet

This update for telnet fixes the following issues:

  • CVE-2022-39028: Fixed NULL pointer dereference in telnetd (bsc#1203759).

Список пакетов

Image SLES12-SP4-SAP-Azure-LI-BYOS-Production
telnet-1.2-167.10.1
Image SLES12-SP4-SAP-Azure-VLI-BYOS-Production
telnet-1.2-167.10.1
Image SLES12-SP5-Azure-BYOS
telnet-1.2-167.10.1
Image SLES12-SP5-Azure-Basic-On-Demand
telnet-1.2-167.10.1
Image SLES12-SP5-Azure-HPC-BYOS
telnet-1.2-167.10.1
Image SLES12-SP5-Azure-HPC-On-Demand
telnet-1.2-167.10.1
Image SLES12-SP5-Azure-SAP-BYOS
telnet-1.2-167.10.1
Image SLES12-SP5-Azure-SAP-On-Demand
telnet-1.2-167.10.1
Image SLES12-SP5-Azure-Standard-On-Demand
telnet-1.2-167.10.1
Image SLES12-SP5-EC2-BYOS
telnet-1.2-167.10.1
Image SLES12-SP5-EC2-On-Demand
telnet-1.2-167.10.1
Image SLES12-SP5-EC2-SAP-BYOS
telnet-1.2-167.10.1
Image SLES12-SP5-EC2-SAP-On-Demand
telnet-1.2-167.10.1
Image SLES12-SP5-GCE-BYOS
telnet-1.2-167.10.1
Image SLES12-SP5-GCE-On-Demand
telnet-1.2-167.10.1
Image SLES12-SP5-GCE-SAP-BYOS
telnet-1.2-167.10.1
Image SLES12-SP5-GCE-SAP-On-Demand
telnet-1.2-167.10.1
Image SLES12-SP5-SAP-Azure-LI-BYOS-Production
telnet-1.2-167.10.1
Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production
telnet-1.2-167.10.1
SUSE Linux Enterprise Server 12 SP2-BCL
telnet-1.2-167.10.1
telnet-server-1.2-167.10.1
SUSE Linux Enterprise Server 12 SP3-BCL
telnet-1.2-167.10.1
telnet-server-1.2-167.10.1
SUSE Linux Enterprise Server 12 SP4-LTSS
telnet-1.2-167.10.1
telnet-server-1.2-167.10.1
SUSE Linux Enterprise Server 12 SP5
telnet-1.2-167.10.1
telnet-server-1.2-167.10.1
SUSE Linux Enterprise Server for SAP Applications 12 SP4
telnet-1.2-167.10.1
telnet-server-1.2-167.10.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5
telnet-1.2-167.10.1
telnet-server-1.2-167.10.1
SUSE OpenStack Cloud 9
telnet-1.2-167.10.1
telnet-server-1.2-167.10.1
SUSE OpenStack Cloud Crowbar 9
telnet-1.2-167.10.1
telnet-server-1.2-167.10.1

Ссылки

Описание

telnetd in GNU Inetutils through 2.3, MIT krb5-appl through 1.0.3, and derivative works has a NULL pointer dereference via 0xff 0xf7 or 0xff 0xf8. In a typical installation, the telnetd application would crash but the telnet service would remain available through inetd. However, if the telnetd application has many crashes within a short time interval, the telnet service would become unavailable after inetd logs a "telnet/tcp server failing (looping), service terminated" error. NOTE: MIT krb5-appl is not supported upstream but is shipped by a few Linux distributions. The affected code was removed from the supported MIT Kerberos 5 (aka krb5) product many years ago, at version 1.8.

Затронутые продукты
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production:telnet-1.2-167.10.1
Image SLES12-SP4-SAP-Azure-VLI-BYOS-Production:telnet-1.2-167.10.1
Image SLES12-SP5-Azure-BYOS:telnet-1.2-167.10.1
Image SLES12-SP5-Azure-Basic-On-Demand:telnet-1.2-167.10.1
Ссылки