USN-5048-2: Inetutils vulnerability
20 August 2021
Inetutils could be made to crash if it received specially crafted input.
Releases
Packages
- inetutils - GNU network utilities
Details
USN-5048-1 fixed a vulnerability in Inetutils for Ubuntu 18.04 LTS and Ubuntu
20.04 LTS. This update provides the corresponding fixes for Ubuntu 16.04 ESM.
Original advisory details:
It was discovered that Inetutils telnet server allows remote attackers to
execute arbitrary code via short writes or urgent data. An attacker could use
this vulnerability to cause a DoS or possibly execute arbitrary code.
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04
-
inetutils-telnetd
-
2:1.9.4-1ubuntu0.1~esm1
Available with Ubuntu Pro
After a standard system update you need to restart Inetutils telnetd to make
all the necessary changes.
References
Related notices
- USN-5048-1: inetutils-telnetd, inetutils-tools, inetutils-talk, inetutils, inetutils-traceroute, inetutils-telnet, inetutils-ftp, inetutils-ping, inetutils-inetd, inetutils-syslogd, inetutils-ftpd, inetutils-talkd