Fedora: 2005-274 Urgent Security Alert: Telnet Buffer Overflow Issue

Telnet is a popular protocol for logging into remote systems over the

Internet. The telnet package provides a command line telnet client.

Two buffer overflow flaws were discovered in the way the telnet client

handles messages from a server. An attacker may be able to execute

arbitrary code on a victim's machine if the victim can be tricked into

connecting to a malicious telnet server. The Common Vulnerabilities and

Exposures project (cve.mitre.org) has assigned the names CAN-2005-0468

and CAN-2005-0469 to these issues.

Red Hat would like to thank iDEFENSE for their responsible disclosure of

this issue.

- fixed CAN-2005-468 and CAN-2005-469

* Thu Jan 13 2005 Jason Vas Dias - 1:0.17-31

- bug 143929 / 145004 : fix race condition in telnetd on wtmp lock

- when cleanup() is entered from main process and in signal

- handler

89834e05dfaaf87030241f12a8d43622 SRPMS/telnet-0.17-32.FC3.2.src.rpm

9ffe815c3d82132847f6f243662d8689 x86_64/telnet-0.17-32.FC3.2.x86_64.rpm

70c70de3253e43c621e1bd753ad85ac8 x86_64/telnet-server-0.17-32.FC3.2.x86_64.rpm

299a0a1ddc2f575b14509757a8e352fa x86_64/debug/telnet-debuginfo-0.17-32.FC3.2.x86_64.rpm

317a655b172288cfc0615b1a06fd2e07 i386/telnet-0.17-32.FC3.2.i386.rpm

a51075465fe35429b26f83df4e1888b5 i386/telnet-server-0.17-32.FC3.2.i386.rpm

0f90b3b223e4a5286882f29d2ddc39dc i386/debug/telnet-debuginfo-0.17-32.FC3.2.i386.rpm

This update can also be installed with the Update Agent; you can

launch the Update Agent with the 'up2date' command.

fedora-announce-list@redhat.com