Alerts This Week
Warning Icon 1 681
Alerts This Week
Warning Icon 1 681

RedHat: RHSA-2020:1334-01 Important Telnet Security Update

Calendar Apr 06, 2020 User Avatar LinuxSecurity Advisories
2 - 4 min read
Redhat Large Esm H500
Topics%20covered

Topics Covered

security advisory security update red hat remote access important telnet
An update for telnet is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

====================================================================                   Red Hat Security Advisory

Synopsis:          Important: telnet security update
Advisory ID:       RHSA-2020:1334-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2020:1334
Issue date:        2020-04-06
CVE Names:         CVE-2020-10188 
====================================================================
1. Summary:

An update for telnet is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64
Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 7) - x86_64

3. Description:

Telnet is a popular protocol for logging in to remote systems over the
Internet. The telnet-server packages include a telnet service that supports
remote logins into the host machine. The telnet service is disabled by
default.

Security Fix(es):

* telnet-server: no bounds checks in nextitem() function allows to remotely
execute arbitrary code (CVE-2020-10188)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1811673 - CVE-2020-10188 telnet-server: no bounds checks in nextitem() function allows to remotely execute arbitrary code

6. Package List:

Red Hat Enterprise Linux Client (v. 7):

Source:
telnet-0.17-65.el7_8.src.rpm

x86_64:
telnet-0.17-65.el7_8.x86_64.rpm
telnet-debuginfo-0.17-65.el7_8.x86_64.rpm
telnet-server-0.17-65.el7_8.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source:
telnet-0.17-65.el7_8.src.rpm

x86_64:
telnet-0.17-65.el7_8.x86_64.rpm
telnet-debuginfo-0.17-65.el7_8.x86_64.rpm
telnet-server-0.17-65.el7_8.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source:
telnet-0.17-65.el7_8.src.rpm

ppc64:
telnet-0.17-65.el7_8.ppc64.rpm
telnet-debuginfo-0.17-65.el7_8.ppc64.rpm
telnet-server-0.17-65.el7_8.ppc64.rpm

ppc64le:
telnet-0.17-65.el7_8.ppc64le.rpm
telnet-debuginfo-0.17-65.el7_8.ppc64le.rpm
telnet-server-0.17-65.el7_8.ppc64le.rpm

s390x:
telnet-0.17-65.el7_8.s390x.rpm
telnet-debuginfo-0.17-65.el7_8.s390x.rpm
telnet-server-0.17-65.el7_8.s390x.rpm

x86_64:
telnet-0.17-65.el7_8.x86_64.rpm
telnet-debuginfo-0.17-65.el7_8.x86_64.rpm
telnet-server-0.17-65.el7_8.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:
telnet-0.17-65.el7_8.src.rpm

x86_64:
telnet-0.17-65.el7_8.x86_64.rpm
telnet-debuginfo-0.17-65.el7_8.x86_64.rpm
telnet-server-0.17-65.el7_8.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key

7. References:

https://access.redhat.com/security/cve/CVE-2020-10188
https://access.redhat.com/security/updates/classification#important

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact

Copyright 2020 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBXotSQ9zjgjWX9erEAQjvsQ/6A8FaNnV29JDS5YKv/7wLRBo1pRaeUa4X
PKiHNwQYxyTp9krFaIvmO0Y5CbOQ7j39a+qyUL1mwzsUaDXIgmYEBhDum6l4cuG/
OBdT4WBcVvJOQbaCey99X9lY+gVE9AgClUgfUU+4A6lIqW896n/g+AOLQA9MH8qP
nnGBSerB7TnOzcJGrQ5ojg31ZVurhOar4hB7w7FY4jRsUUVNpseAI9t1CUnwfVxi
tL8IwXxiYov+Ry7Ox8RaOOvn+R2TcG88fkKT5qzsokf2uuIOYPoz38xf8MTwQK2K
WzwI4PPjdKXxW6yuP71zrAZ06BArfEzJYcGqCZ5d885tkQF5SdzFzfD/p35JAE93
3nd1dk0Bb52bjdHPARj2/2kZc3kiQlCy2kSomwI/C88NH5g8+axLH2SrjH3ZqO8Q
RCTtlj/6Kd4SHCndZNNCUU26r3NqyTg7heMeA+DgsvLaRXk+tc532GC+AYfkUPE7
osH71bTHBP3RvLDhXG6WsNRMuFzwLigGtKqdNmaQMdDNR1HMVYimNrNGpqkxieZH
aAglcpfEvedoqKMKRwuGCFl8jn2zCKHHwu6SS0f2srY5LvE5YkqcSopUGyPDy1kg
Oi2+9hBnBsZQ9QsInbbjUIFZ2Dez87AyxGPoKcKzG3rXyHgyRwB5nI4yrOw8qHF3
Or5Ozk9J5nA=8Cf2
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
This email address is being protected from spambots. You need JavaScript enabled to view it.

RedHat: RHSA-2020:1334-01 Important Telnet Security Update

red hat
Calendar Grey April 6, 2020
Dist Redhat Esm H88
Red Hat issued a security advisory highlighting a crucial telnet update and a key security patch for Enterprise Linux 7 operations.
An update for telnet is now available for Red Hat Enterprise Linux 7

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Summary

Telnet is a popular protocol for logging in to remote systems over the Internet. The telnet-server packages include a telnet service that supports remote logins into the host machine. The telnet service is disabled by default.
Security Fix(es):
* telnet-server: no bounds checks in nextitem() function allows to remotely execute arbitrary code (CVE-2020-10188)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Topics%20covered

Topics Covered

security advisory security update red hat remote access important telnet

References

https://access.redhat.com/security/cve/CVE-2020-10188 https://access.redhat.com/security/updates/classification#important

Package List

Red Hat Enterprise Linux Client (v. 7):
Source: telnet-0.17-65.el7_8.src.rpm
x86_64: telnet-0.17-65.el7_8.x86_64.rpm telnet-debuginfo-0.17-65.el7_8.x86_64.rpm telnet-server-0.17-65.el7_8.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: telnet-0.17-65.el7_8.src.rpm
x86_64: telnet-0.17-65.el7_8.x86_64.rpm telnet-debuginfo-0.17-65.el7_8.x86_64.rpm telnet-server-0.17-65.el7_8.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: telnet-0.17-65.el7_8.src.rpm
ppc64: telnet-0.17-65.el7_8.ppc64.rpm telnet-debuginfo-0.17-65.el7_8.ppc64.rpm telnet-server-0.17-65.el7_8.ppc64.rpm
ppc64le: telnet-0.17-65.el7_8.ppc64le.rpm telnet-debuginfo-0.17-65.el7_8.ppc64le.rpm telnet-server-0.17-65.el7_8.ppc64le.rpm
s390x: telnet-0.17-65.el7_8.s390x.rpm telnet-debuginfo-0.17-65.el7_8.s390x.rpm telnet-server-0.17-65.el7_8.s390x.rpm
x86_64: telnet-0.17-65.el7_8.x86_64.rpm telnet-debuginfo-0.17-65.el7_8.x86_64.rpm telnet-server-0.17-65.el7_8.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: telnet-0.17-65.el7_8.src.rpm
x86_64: telnet-0.17-65.el7_8.x86_64.rpm telnet-debuginfo-0.17-65.el7_8.x86_64.rpm telnet-server-0.17-65.el7_8.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from

Read the Full Advisory


Severity
important
Lowest
Low
Medium
High
Critical

Advisory ID: RHSA-2020:1334-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2020:1334
Issue date: 2020-04-06

Topic

An update for telnet is now available for Red Hat Enterprise Linux 7.Red Hat Product Security has rated this update as having a security impactof Important. A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, is available for each vulnerabilityfrom the CVE link(s) in the References section.

Topics%20covered

Topics Covered

security advisory security update red hat remote access important telnet

Relevant Releases Architectures

Red Hat Enterprise Linux Client (v. 7) - x86_64

Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64

Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64

Red Hat Enterprise Linux Workstation (v. 7) - x86_64

Bugs Fixed

1811673 - CVE-2020-10188 telnet-server: no bounds checks in nextitem() function allows to remotely execute arbitrary code

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here