{"schema_version":"1.7.2","id":"OESA-2024-1361","modified":"2024-04-12T11:07:33Z","published":"2024-04-12T11:07:33Z","upstream":["CVE-2022-39028"],"summary":"telnet security update","details":"Telnet is an application protocol used on the Internet or local area network to provide a bidirectional interactive text-oriented communication facility using a virtual terminal connection. The package includes a remote login client program for telnet and a server daemon.\r\n\r\nSecurity Fix(es):\r\n\r\ntelnetd in GNU Inetutils through 2.3, MIT krb5-appl through 1.0.3, and derivative works has a NULL pointer dereference via 0xff 0xf7 or 0xff 0xf8. In a typical installation, the telnetd application would crash but the telnet service would remain available through inetd. However, if the telnetd application has many crashes within a short time interval, the telnet service would become unavailable after inetd logs a \u0026quot;telnet/tcp server failing (looping), service terminated\u0026quot; error. NOTE: MIT krb5-appl is not supported upstream but is shipped by a few Linux distributions. The affected code was removed from the supported MIT Kerberos 5 (aka krb5) product many years ago, at version 1.8.(CVE-2022-39028)","affected":[{"package":{"ecosystem":"openEuler:22.03-LTS-SP2","name":"telnet","purl":"pkg:rpm/openEuler/telnet\u0026distro=openEuler-22.03-LTS-SP2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.17-79.oe2203sp2"}]}],"ecosystem_specific":{"aarch64":["telnet-0.17-79.oe2203sp2.aarch64.rpm","telnet-debugsource-0.17-79.oe2203sp2.aarch64.rpm","telnet-debuginfo-0.17-79.oe2203sp2.aarch64.rpm","telnet-help-0.17-79.oe2203sp2.aarch64.rpm"],"src":["telnet-0.17-79.oe2203sp2.src.rpm"],"x86_64":["telnet-debuginfo-0.17-79.oe2203sp2.x86_64.rpm","telnet-0.17-79.oe2203sp2.x86_64.rpm","telnet-help-0.17-79.oe2203sp2.x86_64.rpm","telnet-debugsource-0.17-79.oe2203sp2.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2024-1361"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-39028"}],"database_specific":{"severity":"High"}}