TUX.RE Forum


https://tux.re/forum/

GNU Inetutils 2.8 Security Update

https://tux.re/forum/viewtopic.php?t=189

Page 1 of 1

GNU Inetutils 2.8 Security Update

Posted: Thu Apr 30, 2026 6:39 am
by NetGuru
GNU Inetutils 2.8: Security Update Fixes Telnet-Related Vulnerabilities

GNU has released Inetutils 2.8, a new stable version of its traditional networking utilities package.

Inetutils includes classic network tools and services such as:
  • telnet / telnetd
  • ftp / ftpd
  • inetd
  • rlogin / rsh / rexec
  • tftp
  • ping, traceroute, whois and others
The most important part of this release is security-related. According to the official release announcement, Inetutils 2.8 fixes several telnet and telnetd issues, including critical vulnerabilities affecting versions up to 2.7.

Important fixed vulnerabilities
  • CVE-2026-24061 – telnetd remote authentication bypass. A remote attacker could bypass login checks by abusing the USER environment variable.
  • CVE-2026-32746 – telnetd out-of-bounds write, potentially leading to remote code execution.
  • CVE-2026-28372 – privilege escalation related to environment variables and systemd service credentials.
The release also changes telnetd behavior so that environme…login to view the rest of this post
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited