+++ This bug was initially created as a clone of Bug #30918 +++ SUSE has issued an advisory on September 29: https://lists.suse.com/pipermail/sle-security-updates/2022-September/012454.html Mageia 8 is also affected. The netkit-telnet package is also affected: https://pierrekim.github.io/blog/2022-08-24-2-byte-dos-freebsd-netbsd-telnetd-netkit-telnetd-inetutils-telnetd-kerberos-telnetd.html as FreeBSD fixed here: https://cgit.freebsd.org/src/commit/?id=f2aa49e7fda515163da188ec75dba223e2e52216
Status comment: (none) => Patch available from FreeBSDWhiteboard: (none) => MGA8TOO
Assigning this globally becaus different packagers have worked on this SRPM.
Assignee: bugsquad => pkg-bugs
Suggested advisory: ======================== The updated packages fix a security vulnerability: 2-byte DoS in freebsd-telnetd / netbsd-telnetd / netkit-telnetd / inetutils-telnetd / telnetd in Kerberos Version 5 Applications. (CVE-2022-39028) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39028 https://pierrekim.github.io/blog/2022-08-24-2-byte-dos-freebsd-netbsd-telnetd-netkit-telnetd-inetutils-telnetd-kerberos-telnetd.html ======================== Updated packages in core/updates_testing: ======================== netkit-telnet-0.17-20.1.mga8 netkit-telnet-server-0.17-20.1.mga8 from SRPM: netkit-telnet-0.17-20.1.mga8.src.rpm
Assignee: pkg-bugs => qa-bugsCC: (none) => nicolas.salgueroStatus comment: Patch available from FreeBSD => (none)Version: Cauldron => 8Whiteboard: MGA8TOO => (none)Status: NEW => ASSIGNED
Source RPM: netkit-telnet-0.17-21.mga9.src.rpm => netkit-telnet-0.17-20.mga8.src.rpm
MGA8-64 MATE on Acer Aspire 5253 No installation issues. MCC mentions on netkit-telnet-server: "because telnetd is unsecure you have to manually activate it" As in bug 26296, I chased around to find some way of getting this server running, but to no avail. So as in that bug, the only thing I could do was provoking a time-out to my desktop which does not let it in, and in the laptop itself, open the firewall for the webserver, run the webserver and then $ telnet mach7 80 Trying 192.168.2.7... Connected to mach7. Escape character is '^]'. I go no further. OK for me as in the above bug.
Whiteboard: (none) => MGA8-64-OKCC: (none) => herman.viaene
https://bugs.mageia.org/show_bug.cgi?id=26296#c7 still applies.
Validating. Advisory in comment 2.
CC: (none) => andrewsfarm, sysadmin-bugsKeywords: (none) => validated_update
Keywords: (none) => advisoryCC: (none) => davidwhodgins
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2022-0460.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED