Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#37310 - [xinetd]security patch for CVE-2013-4342
Attached to Project:
Arch Linux
Opened by RbN (RbN) - Saturday, 12 October 2013, 13:29 GMT
Last edited by Tobias Powalowski (tpowa) - Monday, 14 October 2013, 08:01 GMT
Opened by RbN (RbN) - Saturday, 12 October 2013, 13:29 GMT
Last edited by Tobias Powalowski (tpowa) - Monday, 14 October 2013, 08:01 GMT
|
DetailsDescription:
from redhat bugzilla [1]: "If a tcpmux service is enabled, the user and group directives are ignored and the service always runs as root. Verified in the xinetd codebase and affects all active versions of RHEL and Fedora. Without the fix for CVE-2012-0862, previously exposed non-tcpmux services could run as root bypassing their respective user and group restrictions." Fix : redhat patch [2] [1] https://bugzilla.redhat.com/show_bug.cgi?id=1006100#c [2] https://bugzilla.redhat.com/attachment.cgi?id=799732 |
This task depends upon
Closed by Tobias Powalowski (tpowa)
Monday, 14 October 2013, 08:01 GMT
Reason for closing: Fixed
Additional comments about closing: 2.3.15-4
Monday, 14 October 2013, 08:01 GMT
Reason for closing: Fixed
Additional comments about closing: 2.3.15-4