Projects
Mega:24.03
telnet
Sign Up
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
Expand all
Collapse all
Changes of Revision 2
View file
_service:tar_scm:telnet.spec
Changed
@@ -1,7 +1,7 @@ Name: telnet Epoch: 1 Version: 0.17 -Release: 79 +Release: 80 Summary: Client and Server programs for the Telnet communication protocol License: BSD Url: http://web.archive.org/web/20070819111735/www.hcs.harvard.edu/~dholland/computers/old-netkit.html @@ -37,6 +37,7 @@ Patch0025: netkit-telnet-0.17-manpage.patch Patch0026: netkit-telnet-0.17-telnetrc.patch Patch0027: CVE-2020-10188.patch +Patch0028: backport-CVE-2022-39028.patch BuildRequires: gcc-c++ ncurses-devel systemd Requires: systemd @@ -100,6 +101,12 @@ %{_mandir}/man1/telnet.1* %changelog +* Mon Apr 01 2024 gaihuiying <eaglegai@163.com> - 1:0.17-80 +- Type:cves +- CVE:CVE-2022-39028 +- SUG:NA +- DESC:fix CVE-2022-39028 + * Wed Aug 30 2023 renyi <977713017@qq.com> - 1:0.17-79 - Type:Feature - ID:NA
View file
_service:tar_scm:backport-CVE-2022-39028.patch
Added
@@ -0,0 +1,48 @@ +Description: Fix remote DoS vulnerability in inetutils-telnetd + This is caused by a crash by a NULL pointer dereference when sending the + byte sequences «0xff 0xf7» or «0xff 0xf8». +Authors: + Pierre Kim (original patch), + Alexandre Torres (original patch), + Erik Auerswald <auerswal@unix-ag.uni-kl.de> (adapted patch), +Reviewed-by: Erik Auerswald <auerswal@unix-ag.uni-kl.de> +Origin: upstream +Ref: https://pierrekim.github.io/blog/2022-08-24-2-byte-dos-freebsd-netbsd-telnetd-netkit-telnetd-inetutils-telnetd-kerberos-telnetd.html +Forwarded: https://lists.gnu.org/archive/html/bug-inetutils/2022-08/msg00002.html +Last-Update: 2022-08-28 + +--- + telnetd/state.c | 14 +++++++++++--- + 1 file changed, 11 insertions(+), 3 deletions(-) + +diff --git a/telnetd/state.c b/telnetd/state.c +index 0dc61a2..befc9d0 100644 +--- a/telnetd/state.c ++++ b/telnetd/state.c +@@ -206,12 +206,20 @@ void telrcv(void) { + case EC: + case EL: + { +- cc_t ch; ++ cc_t ch = (cc_t) (_POSIX_VDISABLE); + DIAG(TD_OPTIONS, printoption("td: recv IAC", c)); + ptyflush(); /* half-hearted */ + init_termbuf(); +- if (c == EC) ch = *slctabSLC_EC.sptr; +- else ch = *slctabSLC_EL.sptr; ++ if (c == EC) ++ { ++ if (slctabSLC_EC.sptr) ++ ch = *slctabSLC_EC.sptr; ++ } ++ else ++ { ++ if (slctabSLC_EL.sptr) ++ ch = *slctabSLC_EL.sptr; ++ } + if (ch != (cc_t)(_POSIX_VDISABLE)) + *pfrontp++ = (unsigned char)ch; + break; +-- +2.33.0 +
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.
浙ICP备2022010568号-2