[ubuntu/questing-security] inetutils 2:2.6-1ubuntu3.2 (Accepted)
Federico Quattrin
federico.quattrin at canonical.com
Mon Jun 8 12:45:16 UTC 2026
inetutils (2:2.6-1ubuntu3.2) questing-security; urgency=medium
* SECURITY UPDATE: privilege escalation in telnetd
- debian/patches/CVE-2026-28372.patch: prevent authentication
bypass via CREDENTIALS_DIRECTORY environment variable
- CVE-2026-28372
* SECURITY UPDATE: stack-based buffer overflow in telnetd
- debian/patches/CVE-2026-32746.patch: fix out-of-bounds write in
LINEMODE SLC suboption handler by checking buffer bounds in
add_slc
- CVE-2026-32746
* SECURITY UPDATE: information disclosure via environment variables
- debian/patches/CVE-2026-32772.patch: do not send environment
variables not marked for export to telnetd
- CVE-2026-32772
Date: 2026-06-04 16:05:10.613849+00:00
Changed-By: Federico Quattrin <federico.quattrin at canonical.com>
https://launchpad.net/ubuntu/+source/inetutils/2:2.6-1ubuntu3.2
-------------- next part --------------
Sorry, changesfile not available.
More information about the Questing-changes
mailing list