ALAS-2020-1387

Amazon Linux 1 Security Advisory: ALAS-2020-1387
Advisory Release Date: 2020-06-23 06:42 Pacific
Advisory Updated Date: 2020-06-26 04:47 Pacific

Severity: Important

References: CVE-2020-10188
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

utility.c in telnetd in netkit telnet through 0.17 allows remote attackers to execute arbitrary code via short writes or urgent data, because of a buffer overflow involving the netclear and nextitem functions. (CVE-2020-10188)

Affected Packages:

telnet

Issue Correction:
Run yum update telnet to update your system.

New Packages:

i686:
    telnet-0.17-49.9.amzn1.i686
    telnet-server-0.17-49.9.amzn1.i686
    telnet-debuginfo-0.17-49.9.amzn1.i686

src:
    telnet-0.17-49.9.amzn1.src

x86_64:
    telnet-debuginfo-0.17-49.9.amzn1.x86_64
    telnet-server-0.17-49.9.amzn1.x86_64
    telnet-0.17-49.9.amzn1.x86_64

Additional References

Red Hat: CVE-2020-10188

Mitre: CVE-2020-10188