Amazon Linux 2 Security Advisory: ALAS-2020-1422
Advisory Release Date: 2020-05-05 01:20 Pacific
Advisory Updated Date: 2020-05-06 22:33 Pacific
Severity:
Important
Issue Overview:
utility.c in telnetd in netkit telnet through 0.17 allows remote attackers to execute arbitrary code via short writes or urgent data, because of a buffer overflow involving the netclear and nextitem functions. (CVE-2020-10188)
Affected Packages:
telnet
Note:
This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update telnet to update your system.
New Packages:
aarch64:
telnet-0.17-65.amzn2.aarch64
telnet-server-0.17-65.amzn2.aarch64
telnet-debuginfo-0.17-65.amzn2.aarch64
i686:
telnet-0.17-65.amzn2.i686
telnet-server-0.17-65.amzn2.i686
telnet-debuginfo-0.17-65.amzn2.i686
src:
telnet-0.17-65.amzn2.src
x86_64:
telnet-0.17-65.amzn2.x86_64
telnet-server-0.17-65.amzn2.x86_64
telnet-debuginfo-0.17-65.amzn2.x86_64