-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 30 Mar 2026 16:52:10 +0200 Source: inetutils Binary: telnet telnetd Architecture: all Version: 2:2.4-2+deb12u3 Distribution: bookworm-security Urgency: high Maintainer: all / amd64 / i386 Build Daemon (x86-grnet-03) Changed-By: Guillem Jover Description: telnet - transitional dummy package for inetutils-telnet default switch telnetd - transitional dummy package for inetutils-telnetd default switch Closes: 1130741 1130742 Changes: inetutils (2:2.4-2+deb12u3) bookworm-security; urgency=high . * Add patch from upstream: - Prevent privilege escalation via telnetd abusing systemd service credentials support added to the login(1) implementation of util-linux in release 2.40. Reported by Ron Ben Yizhak . Fixes CVE-2026-28372. - Ignore all environment options from clients unless the variable was listed in the new --accept-env telnetd option. This mitigates privilege escalation using environment variables. This is the complete fix for CVE-2026-24061, with its own CVE pending. - Fix stack buffer overflow processing SLC suboption triplets. Reported by Adiel Sol, Arad Inbar, Erez Cohen, Nir Somech, Ben Grinberg, Daniel Lubel at DREAM Security Research Team. Fixes CVE-2026-32746. (Closes: #1130742) * Add the hashcode-string1 module from forky/sid gnulib adapted to bookworm required by the --accept-env patch, and the gl_hash_set, gl_set, gl_xset and gl_anyhash bookworm gnulib modules required by hashcode-string1. Inject new gnulib modules in lib/Makefile.am. * Adapt netkit-telnet patch to not leak unexported environment variables to telnetd. Reported by Justin Swartz . Fixes CVE-2026-32772. (Closes: #1130741) * Prevent user local privilege escalation using --debug, which was susceptible to symlink attacks, or leaking on-wire credentials to a user that had pre-created the file and kept it open. Fix by switching from /tmp/telnet.debug to /run/telnet/debug., and making the setup error checks fatal. Partially reported by Justin Swartz . * Update local telnetd man page to match new --debug behavior. Checksums-Sha1: b5e2b009704d85f40474c9e3f4c9c9ff49c5af8f 6797 inetutils_2.4-2+deb12u3_all-buildd.buildinfo a488733f7e2720f6d6d886930726a72b072c59be 41896 telnet_0.17+2.4-2+deb12u3_all.deb 3e673b4aafee4d53d2d647ef2d20430293169654 41976 telnetd_0.17+2.4-2+deb12u3_all.deb Checksums-Sha256: fb3f563ad87f6e146ae73e3faedaea0645d29a7dd57d50bd0ac8099349354481 6797 inetutils_2.4-2+deb12u3_all-buildd.buildinfo 567fa2e469fa8f7748f4f88f90e95565e0d93e6c7b3f04acc119d42d90dbf677 41896 telnet_0.17+2.4-2+deb12u3_all.deb f42e33571dc42e65d6755738302f9c12250594376c2082f71e48fceda19dcd74 41976 telnetd_0.17+2.4-2+deb12u3_all.deb Files: 2c7b858eae5e23d945d0a42778fd0ec4 6797 net optional inetutils_2.4-2+deb12u3_all-buildd.buildinfo b71168e5348c3a0dba977ebf7cfde747 41896 oldlibs optional telnet_0.17+2.4-2+deb12u3_all.deb cc6f2971f8f6fbcc82e9cce9b0569b55 41976 oldlibs optional telnetd_0.17+2.4-2+deb12u3_all.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE5ZI1lXv5WjhHIVjsN8Ugyu9dQiQFAmnL27oACgkQN8Ugyu9d QiR0rRAAipMgbi/xtT9OcKUGl36dJHWw/ncIgle9AATS+gcywgCiqFdcHTYvKYk2 Wjqy4XAXkcjNqc7DaT4RKD+jw/u+euIn9gPeYz6B+dVJbHOdyFzmMtNzeggIa4kh A7kibcdZNKtaA66Dx4JKdMA+NX/oNScrN3r2kpQkNhc2t1+EjJ/7bXOYK2nF8taf jo0MalLW+Gq4VOu9GHM8xpjt7KPRiyGSb9I7StP2b/GQfqfICZoOpn9jGUnja3AF sqATJG2DdrNr1DPr6swBwJrw1HgozjpJIQIzs8U1IMVptq6gIjkuOg3V8GrH4QwX a1Cg/RxfmOfsYDvgnjOLjdUa3Y3Wilju/gNp7Bc6Er2/vrcUzNYru9ObXOVrC1ep KZy6yivQiNYFIraNao4bAWaIizEyI8G3sReqpIvdH5qzyZ1el/ocLCxw/IlPxmAJ qbwcVfdQVprm+zxFRbjrozK4UhLrUeO1kw9oKnpkxCf1IC2XXDvCqGYJQQIv4SAD k75PhKyLj3U594K/WuLIzNUrmkGt773TPtUuIwm4botezAL5TJ7mIMUz0CWbyPpt Qwm61ciaFPH/2pMqrycJEoz+5Y87gCyCKA3B9p8RAJb20aWaj/AsXGhn96hnO+RT OtSjKl3gAzhkirQrS3GA/KkESJ7WFdXV5rzUsfpK8edtYveC39c= =e9KE -----END PGP SIGNATURE-----