klieber
Bodhisattva
Joined: 17 Apr 2002
Posts: 3657
Location: San Francisco, CA
|
 Posted: Thu Aug 15, 2002 3:35 pm Post subject: [gentoo-announce] GLSA: xinetd |
 |
|
| Daniel Ahlberg wrote: | - - --------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT
- - --------------------------------------------------------------------
PACKAGE :xinetd
SUMMARY :pipe exposure
DATE :2002-08-14 08:40 UTC
- - --------------------------------------------------------------------
OVERVIEW
File descriptors introduced in 2.3.4 can be used to crash xinetd=20
resulting in a denial of service.
DETAIL
Solar Designer found a vulnerability in xinetd, a replacement for the
BSD derived inetd. File descriptors for the signal pipe introduced in
version 2.3.4 are leaked into services started from xinetd. The
descriptors could be used to talk to xinetd resulting in crashing it
entirely. This is usually called a denial of service.
SOLUTION
It is recommended that all Gentoo Linux users who are running
sys-apps/xinetd-2.3.5 and earlier update their systems as follows.
emerge rsync
emerge xinetd
emerge clean
xinetd-2.3.7 is currently only available for x86. Sparc and ppc will
be available when it's been tested on these archs.
- - --------------------------------------------------------------------
Daniel Ahlberg
aliz@gentoo.org
- - -------------------------------------------------------------------- |
Mailing List Archive: http://lists.gentoo.org/pipermail/gentoo-announce/2002-August/000192.html
--kurt
_________________
The problem with political jokes is that they get elected |
|
News & Announcements
