mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-03-25 19:02:23 +01:00
Code Issues Packages Projects Releases Wiki Activity

inetutils: Fix CVE-2026-32746

Browse Source 
Pick patch according to [1]

[1] https://security-tracker.debian.org/tracker/CVE-2026-32746
[2] https://lists.gnu.org/archive/html/bug-inetutils/2026-03/msg00031.html
[3] https://codeberg.org/inetutils/inetutils/pulls/17/files

(From OE-Core rev: 53a3cdf7b55b76ec64a314f5fafced4a803ac12f)

Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
This commit is contained in:
Vijay Anusuri
2026-03-18 13:39:10 +05:30
committed by Paul Barker
parent 5cc40d3e64
commit ba6c5d8069
2 changed files with 41 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

40
meta/recipes-connectivity/inetutils/inetutils/CVE-2026-32746.patch Normal file
View File

@@ -0,0 +1,40 @@
From 6864598a29b652a6b69a958f5cd1318aa2b258af Mon Sep 17 00:00:00 2001
From: Collin Funk <collin.funk1@gmail.com>
Date: Wed, 11 Mar 2026 23:06:46 -0700
Subject: [PATCH] telnetd: fix stack buffer overflow processing SLC suboption triplets
Previously a client could write past the end of an internal buffer using
an SLC suboption with many triplets using function octets greater than
18, possibly leading to remote code execution. Reported by Adiel Sol,
Arad Inbar, Erez Cohen, Nir Somech, Ben Grinberg, Daniel Lubel at DREAM
Security Research Team at:
<https://lists.gnu.org/r/bug-inetutils/2026-03/msg00031.html>.
* telnetd/slc.c (add_slc): Return early if writing the tuple would lead
us to writing past the end of the buffer.
* NEWS.md: Mention the fix.
Upstream-Status: Backport [https://cgit.git.savannah.gnu.org/cgit/inetutils.git/commit/?id=6864598a29b652a6b69a958f5cd1318aa2b258af]
CVE: CVE-2026-32746
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
---
telnetd/slc.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/telnetd/slc.c b/telnetd/slc.c
index b3cc117..9d6bad1 100644
--- a/telnetd/slc.c
+++ b/telnetd/slc.c
@@ -162,6 +162,9 @@ get_slc_defaults (void)
void
add_slc (register char func, register char flag, register cc_t val)
{
+ /* Do nothing if the entire triplet cannot fit in the buffer. */
+ if (slcbuf + sizeof slcbuf - slcptr <= 6)
+ return;
if ((*slcptr++ = (unsigned char) func) == 0xff)
*slcptr++ = 0xff;
--
2.43.0

1
meta/recipes-connectivity/inetutils/inetutils_2.5.bb
View File

@@ -21,6 +21,7 @@ SRC_URI = "${GNU_MIRROR}/inetutils/inetutils-${PV}.tar.xz \
file://CVE-2026-24061-1.patch \
file://CVE-2026-24061-2.patch \
file://CVE-2026-28372.patch \
file://CVE-2026-32746.patch \
"
inherit autotools gettext update-alternatives texinfo