An OpenSource VooDoo cIRCle - security advisory 20091012-02

Persistent URL of this advisory is available at


In Win32/64 binary releases of XTelnet sub-project there are vulnerable GnuTLS DLL files. All users ar encouraged to upgrade to the latest version.


All versions of XTelnet sub-project prior to 0.4.4 are affected by these security vulnerabilities. XTelnet 0.4.4 binary relase for Win32 is not affected by known security vulnerabilities. Versions using older GnuTLS library, though on any platform, or custom builds, are vulnerable, that is, both all binary-distributed versions of XTelnet prior to 0.4.4, and those linked against vulnerable GnuTLS library are affected by these vulnerabilities.


There is no known workaround at this time.


Update to the latest version, XTelnet 0.4.4, which is not vulnerable.
All Windows users using binary build are strongly encouraged to download the latest version of XTelnet sub-project.

Time line

2009-10-12 - Release of XTelnet 0.4.4, public disclosure - this advisory.


2009-10-12 - Initial revision

Legal notice

Some names used in this document may be registered trademarks of their respective owners.

Get VooDoo cIRCle at Fast, secure and Free Open Source software downloads