Slackware alert SSA:2026-059-02 (telnet)
| From: | Slackware Security Team <security@slackware.com> | |
| To: | slackware-security@slackware.com | |
| Subject: | [slackware-security] telnet (SSA:2026-059-02) | |
| Date: | Sat, 28 Feb 2026 15:29:33 -0800 | |
| Message-ID: | <alpine.LNX.2.02.2602281529150.11991@connie.slackware.com> |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] telnet (SSA:2026-059-02) New telnet packages are available for Slackware 15.0 and -current to fix a security issue. Here are the details from the Slackware 15.0 ChangeLog: +--------------------------+ patches/packages/telnet-0.17-i586-7_slack15.0.txz: Rebuilt. This update fixes a security issue: The nextitem() function in telnetd/utility.c has no bounds checking in the SB (suboption) case. The for(;;) loop scans past nfrontp into uncontrolled memory. This can be exploited by an unauthenticated remote attacker to execute arbitrary code on the server running telnetd. Please note that while telnet itself is a useful utility for network testing, telnetd is a legacy application which should generally not be used. If it is used, it should be used only on isolated networks where there is no expectation of security. Thanks to r1w1s1. For more information, see: https://www.cve.org/CVERecord?id=CVE-2020-10188 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 15.0: ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patc... Updated package for Slackware x86_64 15.0: ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/pa... Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/s... Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current... MD5 signatures: +-------------+ Slackware 15.0 package: 10eb364f2d249ba78d42246d930b3508 telnet-0.17-i586-7_slack15.0.txz Slackware x86_64 15.0 package: ba5efc35508d71ba7b4a6ddddeb6437d telnet-0.17-x86_64-7_slack15.0.txz Slackware -current package: 4ec614b7b2b62d09c7fcd3d06f0534ad n/telnet-0.17-i686-8.txz Slackware x86_64 -current package: 919b8efee781d7ab4b5587d8e0457368 n/telnet-0.17-x86_64-8.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg telnet-0.17-i586-7_slack15.0.txz +-----+ Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com +------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. | +------------------------------------------------------------------------+ -----BEGIN PGP SIGNATURE----- iHkEARECADkWIQTsVknaQB4iq/pnNu9qRGPAQBAiMwUCaaN5rRsUgAAAAAAEAA5t YW51MiwyLjUrMS4xMiwyLDIACgkQakRjwEAQIjNC2QCdG/hu7dgFFl8Hct/fN+av upHagosAnjnkjmdkjiNat7UqGjAOAGNQqK5Q =8qfg -----END PGP SIGNATURE-----