UbuntuUpdates.org

Package "inetutils-inetd"

Name: inetutils-inetd

Description:

internet super server

Latest version: 2:2.2-2ubuntu0.1
Release: jammy (22.04)
Level: security
Repository: universe
Head package: inetutils
Homepage: https://www.gnu.org/software/inetutils/

Links


Download "inetutils-inetd"


Other versions of "inetutils-inetd" in Jammy

Repository Area Version
base universe 2:2.2-2
updates universe 2:2.2-2ubuntu0.1

Changelog

Version: 2:2.2-2ubuntu0.1 2023-08-22 19:06:58 UTC

  inetutils (2:2.2-2ubuntu0.1) jammy-security; urgency=medium

  * SECURITY UPDATE: NULL dereference DoS
    - debian/patches/CVE-2022-39028.patch: fix remote DoS
      in inetutils-telnetd in telnetd/state.c.
    - CVE-2022-39028
  * SECURITY UPDATE: Privilege escalation
    - debian/patches/CVE-2023-40303.patch: check setuid, setguid return values
      in ftpd/ftpd.c, src/rpc.c, src/rlogin.c, src/rsh.c, src/rshd.c,
      src/uucpd.c.
    - CVE-2023-40303

 -- Leonidas Da Silva Barbosa <email address hidden> Tue, 15 Aug 2023 10:13:06 -0300

CVE-2022-39028 telnetd in GNU Inetutils through 2.3, MIT krb5-appl through 1.0.3, and derivative works has a NULL pointer dereference via 0xff 0xf7 or 0xff 0xf8. In
CVE-2023-40303 GNU inetutils through 2.4 may allow privilege escalation because of unchecked return values of set*id() family functions in ftpd, rcp, rlogin, rsh, r



About   -   Send Feedback to @ubuntu_updates