Red Hat Product Errata RHSA-2020:1334 - Security Advisory
Issued:
2020-04-06
Updated:
2020-04-06

RHSA-2020:1334 - Security Advisory

Synopsis

Important: telnet security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for telnet is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Telnet is a popular protocol for logging in to remote systems over the Internet. The telnet-server packages include a telnet service that supports remote logins into the host machine. The telnet service is disabled by default.

Security Fix(es):

  • telnet-server: no bounds checks in nextitem() function allows to remotely execute arbitrary code (CVE-2020-10188)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux Server 7 x86_64
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support 7 x86_64
  • Red Hat Enterprise Linux Workstation 7 x86_64
  • Red Hat Enterprise Linux Desktop 7 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 7 s390x
  • Red Hat Enterprise Linux for Power, big endian 7 ppc64
  • Red Hat Enterprise Linux for Scientific Computing 7 x86_64
  • Red Hat Enterprise Linux for Power, little endian 7 ppc64le
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 7 s390x
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, big endian 7 ppc64
  • Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, little endian 7 ppc64le

Fixes

  • BZ - 1811673 - CVE-2020-10188 telnet-server: no bounds checks in nextitem() function allows to remotely execute arbitrary code

Red Hat Enterprise Linux Server 7

SRPM
telnet-0.17-65.el7_8.src.rpm SHA-256: 01fc976811c9b0bb44933461a6618a3b8578f60bd2469d24289ce698e8152131
x86_64
telnet-0.17-65.el7_8.x86_64.rpm SHA-256: 9dde6c260d790c26dc62d18f2fa5e557dbb93a0f4b7f875f7552bb564464c841
telnet-debuginfo-0.17-65.el7_8.x86_64.rpm SHA-256: aaf314938d12a40b92abb6687ec237d0374d1f8f8cb24bcefcf0666d1cb799d6
telnet-server-0.17-65.el7_8.x86_64.rpm SHA-256: b5d34a565abdf9a2b9849c918f02355df0b66f669c4cf49fc7799f7d383d34b9

Red Hat Enterprise Linux Server - Extended Life Cycle Support 7

SRPM
telnet-0.17-65.el7_8.src.rpm SHA-256: 01fc976811c9b0bb44933461a6618a3b8578f60bd2469d24289ce698e8152131
x86_64
telnet-0.17-65.el7_8.x86_64.rpm SHA-256: 9dde6c260d790c26dc62d18f2fa5e557dbb93a0f4b7f875f7552bb564464c841
telnet-debuginfo-0.17-65.el7_8.x86_64.rpm SHA-256: aaf314938d12a40b92abb6687ec237d0374d1f8f8cb24bcefcf0666d1cb799d6
telnet-server-0.17-65.el7_8.x86_64.rpm SHA-256: b5d34a565abdf9a2b9849c918f02355df0b66f669c4cf49fc7799f7d383d34b9

Red Hat Enterprise Linux Workstation 7

SRPM
telnet-0.17-65.el7_8.src.rpm SHA-256: 01fc976811c9b0bb44933461a6618a3b8578f60bd2469d24289ce698e8152131
x86_64
telnet-0.17-65.el7_8.x86_64.rpm SHA-256: 9dde6c260d790c26dc62d18f2fa5e557dbb93a0f4b7f875f7552bb564464c841
telnet-debuginfo-0.17-65.el7_8.x86_64.rpm SHA-256: aaf314938d12a40b92abb6687ec237d0374d1f8f8cb24bcefcf0666d1cb799d6
telnet-server-0.17-65.el7_8.x86_64.rpm SHA-256: b5d34a565abdf9a2b9849c918f02355df0b66f669c4cf49fc7799f7d383d34b9

Red Hat Enterprise Linux Desktop 7

SRPM
telnet-0.17-65.el7_8.src.rpm SHA-256: 01fc976811c9b0bb44933461a6618a3b8578f60bd2469d24289ce698e8152131
x86_64
telnet-0.17-65.el7_8.x86_64.rpm SHA-256: 9dde6c260d790c26dc62d18f2fa5e557dbb93a0f4b7f875f7552bb564464c841
telnet-debuginfo-0.17-65.el7_8.x86_64.rpm SHA-256: aaf314938d12a40b92abb6687ec237d0374d1f8f8cb24bcefcf0666d1cb799d6
telnet-server-0.17-65.el7_8.x86_64.rpm SHA-256: b5d34a565abdf9a2b9849c918f02355df0b66f669c4cf49fc7799f7d383d34b9

Red Hat Enterprise Linux for IBM z Systems 7

SRPM
telnet-0.17-65.el7_8.src.rpm SHA-256: 01fc976811c9b0bb44933461a6618a3b8578f60bd2469d24289ce698e8152131
s390x
telnet-0.17-65.el7_8.s390x.rpm SHA-256: 867c3bf51f6dabd38284631261cd454f55cc20b93fc2bf1962fe4eea6dac3486
telnet-debuginfo-0.17-65.el7_8.s390x.rpm SHA-256: 4282dfc36e9b0b206750d9fbd548494a78166698882c955c1a6474a417f1b20e
telnet-server-0.17-65.el7_8.s390x.rpm SHA-256: d77b708b639451a39010e2e01b7f5765ab144f266e57d062747a78fbc2b75dc0

Red Hat Enterprise Linux for Power, big endian 7

SRPM
telnet-0.17-65.el7_8.src.rpm SHA-256: 01fc976811c9b0bb44933461a6618a3b8578f60bd2469d24289ce698e8152131
ppc64
telnet-0.17-65.el7_8.ppc64.rpm SHA-256: 9da4f308bc907371b3d6b5a18432978a2bff44fcf5f0750f7fb3fe5aedca71c1
telnet-debuginfo-0.17-65.el7_8.ppc64.rpm SHA-256: a6f79b94d0ad287cf79b8ac32789d63c6a44be54bd612bc76f8ff78aef010ab3
telnet-server-0.17-65.el7_8.ppc64.rpm SHA-256: 67b5e048886c7ec4c9d2511095c26106d6687b11cd7e681c8d9bb030e816cdbd

Red Hat Enterprise Linux for Scientific Computing 7

SRPM
telnet-0.17-65.el7_8.src.rpm SHA-256: 01fc976811c9b0bb44933461a6618a3b8578f60bd2469d24289ce698e8152131
x86_64
telnet-0.17-65.el7_8.x86_64.rpm SHA-256: 9dde6c260d790c26dc62d18f2fa5e557dbb93a0f4b7f875f7552bb564464c841
telnet-debuginfo-0.17-65.el7_8.x86_64.rpm SHA-256: aaf314938d12a40b92abb6687ec237d0374d1f8f8cb24bcefcf0666d1cb799d6
telnet-server-0.17-65.el7_8.x86_64.rpm SHA-256: b5d34a565abdf9a2b9849c918f02355df0b66f669c4cf49fc7799f7d383d34b9

Red Hat Enterprise Linux for Power, little endian 7

SRPM
telnet-0.17-65.el7_8.src.rpm SHA-256: 01fc976811c9b0bb44933461a6618a3b8578f60bd2469d24289ce698e8152131
ppc64le
telnet-0.17-65.el7_8.ppc64le.rpm SHA-256: 6b1970c80e2946dcb444af9bb860467f12dbdd6815804ac273de566f25d21f1d
telnet-debuginfo-0.17-65.el7_8.ppc64le.rpm SHA-256: fe890358d902f8d1b418b556fd88f6d0944538b0f8796d11c2550cb8e27a8582
telnet-server-0.17-65.el7_8.ppc64le.rpm SHA-256: c9dc3b842bef5db61b7f34a6a44057792d930fe14a17ad7908f11db96529959a

Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 7

SRPM
telnet-0.17-65.el7_8.src.rpm SHA-256: 01fc976811c9b0bb44933461a6618a3b8578f60bd2469d24289ce698e8152131
s390x
telnet-0.17-65.el7_8.s390x.rpm SHA-256: 867c3bf51f6dabd38284631261cd454f55cc20b93fc2bf1962fe4eea6dac3486
telnet-debuginfo-0.17-65.el7_8.s390x.rpm SHA-256: 4282dfc36e9b0b206750d9fbd548494a78166698882c955c1a6474a417f1b20e
telnet-server-0.17-65.el7_8.s390x.rpm SHA-256: d77b708b639451a39010e2e01b7f5765ab144f266e57d062747a78fbc2b75dc0

Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, big endian 7

SRPM
telnet-0.17-65.el7_8.src.rpm SHA-256: 01fc976811c9b0bb44933461a6618a3b8578f60bd2469d24289ce698e8152131
ppc64
telnet-0.17-65.el7_8.ppc64.rpm SHA-256: 9da4f308bc907371b3d6b5a18432978a2bff44fcf5f0750f7fb3fe5aedca71c1
telnet-debuginfo-0.17-65.el7_8.ppc64.rpm SHA-256: a6f79b94d0ad287cf79b8ac32789d63c6a44be54bd612bc76f8ff78aef010ab3
telnet-server-0.17-65.el7_8.ppc64.rpm SHA-256: 67b5e048886c7ec4c9d2511095c26106d6687b11cd7e681c8d9bb030e816cdbd

Red Hat Enterprise Linux Server - Extended Life Cycle Support for IBM Power, little endian 7

SRPM
telnet-0.17-65.el7_8.src.rpm SHA-256: 01fc976811c9b0bb44933461a6618a3b8578f60bd2469d24289ce698e8152131
ppc64le
telnet-0.17-65.el7_8.ppc64le.rpm SHA-256: 6b1970c80e2946dcb444af9bb860467f12dbdd6815804ac273de566f25d21f1d
telnet-debuginfo-0.17-65.el7_8.ppc64le.rpm SHA-256: fe890358d902f8d1b418b556fd88f6d0944538b0f8796d11c2550cb8e27a8582
telnet-server-0.17-65.el7_8.ppc64le.rpm SHA-256: c9dc3b842bef5db61b7f34a6a44057792d930fe14a17ad7908f11db96529959a

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.