Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 9 articles for you...
91
security advisorygentooprivilege escalationGentoo: GLSA-201802-12 Normal: OpenSSH Session Hijacking Vulnerability
A vulnerability in xinetd could lead to privilege escalation.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201611-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: xinetd: Privilege escalation Date: November 15, 2016 Bugs: #488158 ID: 201611-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= A vulnerability in xinetd could lead to privilege escalation. Background ========= xinetd is a secure replacement for inetd. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 sys-apps/xinetd < 2.3.15-r2 > = 2.3.15-r2 Description ========== Xinetd does not enforce the user and group configuration directives for TCPMUX services, which causes these services to be run as root. Impact ===== Attackers could escalate privileges outside of the running process. Workaround ========= There is no known workaround at this time. Resolution ========= All xinetd users should upgrade to the latest version: # emerge --sync # emerge --ask --verbose --oneshot "> =sys-apps/xinetd-2.3.15-r2" References ========= [ 1 ] CVE-2013-4342 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4342 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201611-06 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressedto
Nov 15, 2016
Gentoo
200
security advisorybug fixxinetdScientific Linux SL5.x SLSA-2013:1302-1 Low: xinetd Remote Access Risk
Low: xinetd security and bug fix update. Date: Wed, 9 Oct 2013 13:24:46 +0000 Reply-To: scientific-linux-users@ Sender: Security Errata for Scientific Linux From: Pat Riehecky Subject: Security ERRATA Low: xinetd on SL5.x i386/x86_64 MIME-Version: 1.0 Synopsis: Low: xinetd security and bug fix update Advisory ID: SLSA-2013:1302-1 Issue Date: 2013-09-30 CVE Numbers: CVE-2012-0862 -- When xinetd services are configured with the "TCPMUX" or "TCPMUXPLUS" type, and the tcpmux-server service is enabled, those services are accessible via port 1. It was found that enabling the tcpmux-server service (it is disabled by default) allowed every xinetd service, including those that are not configured with the "TCPMUX" or "TCPMUXPLUS" type, to be accessible via port 1. This could allow a remote attacker to bypass intended firewall restrictions. (CVE-2012-0862) This update also fixes the following bugs: * Prior to this update, a file descriptor array in the service.c source file was not handled as expected. As a consequence, some of the descriptors remained open when xinetd was under heavy load. Additionally, the system log was filled with a large number of messages that took up a lot of disk space over time. This update modifies the xinetd code to handle the file descriptors correctly and messages no longer fill the system log. * Prior to this update, services were disabled permanently when their CPS limit was reached. As a consequence, a failed bind operation could occur when xinetd attempted to restart the service. This update adds additional logic that attempts to restart the service. Now, the service is only disabled if xinetd cannot restart the service after 30 attempts. -- SL5 x86_64 xinetd-2.3.14-19.el5.x86_64.rpm xinetd-debuginfo-2.3.14-19.el5.x86_64.rpm i386 xinetd-2.3.14-19.el5.i386.rpm xinetd-debuginfo-2.3.14-19.el5.i386.rpm - Scientific Linux Development Team . Scientific Linux SL5.x has released a low-severity bug fix for xinetd, enhancing remote access security and correcting service-relatedissues for better performance.. xinetd Update, Scientific Linux, Remote Access Fix, Security Advisory. . Severity: Low. LinuxSecurity.com Team
Oct 09, 2013
•Low
Scientific Linux
200
security advisorymoderatexinetdScientific Linux SLSA-2013-1409-1: Moderate xinetd Remote Code Exec Risk
Moderate: xinetd security update. Date: Tue, 1 Oct 2013 08:21:05 -0500 Reply-To: Pat Riehecky Sender: Security Errata for Scientific Linux From: Pat Riehecky Subject: FASTBUGS for SL 5x i386, x86_64 now available MIME-Version: 1.0 The following FASTBUGS have been uploaded to i386: ghostscript-8.70-15.el5_9.3.i386.rpm ghostscript-devel-8.70-15.el5_9.3.i386.rpm ghostscript-gtk-8.70-15.el5_9.3.i386.rpm libbdevid-python-5.1.19.6-81.el5_9.i386.rpm mkinitrd-5.1.19.6-81.el5_9.i386.rpm mkinitrd-devel-5.1.19.6-81.el5_9.i386.rpm nash-5.1.19.6-81.el5_9.i386.rpm rgmanager-2.0.52-37.el5_9.5.i386.rpm x86_64: ghostscript-8.70-15.el5_9.3.i386.rpm ghostscript-8.70-15.el5_9.3.x86_64.rpm ghostscript-devel-8.70-15.el5_9.3.i386.rpm ghostscript-devel-8.70-15.el5_9.3.x86_64.rpm ghostscript-gtk-8.70-15.el5_9.3.x86_64.rpm libbdevid-python-5.1.19.6-81.el5_9.x86_64.rpm mkinitrd-5.1.19.6-81.el5_9.i386.rpm mkinitrd-5.1.19.6-81.el5_9.x86_64.rpm mkinitrd-devel-5.1.19.6-81.el5_9.i386.rpm mkinitrd-devel-5.1.19.6-81.el5_9.x86_64.rpm nash-5.1.19.6-81.el5_9.x86_64.rpm rgmanager-2.0.52-37.el5_9.5.x86_64.rpm Date: Tue, 1 Oct 2013 08:30:39 -0500 Reply-To: Pat Riehecky Sender: Security Errata for Scientific Linux From: Pat Riehecky Subject: FASTBUGS for SL 6x i386, x86_64 now available MIME-Version: 1.0 The following FASTBUGS have been uploadedto i386: abrt-2.0.8-16.el6_4.1.i686.rpm abrt-addon-ccpp-2.0.8-16.el6_4.1.i686.rpm abrt-addon-kerneloops-2.0.8-16.el6_4.1.i686.rpm abrt-addon-python-2.0.8-16.el6_4.1.i686.rpm abrt-addon-vmcore-2.0.8-16.el6_4.1.i686.rpm abrt-cli-2.0.8-16.el6_4.1.i686.rpm abrt-desktop-2.0.8-16.el6_4.1.i686.rpm abrt-devel-2.0.8-16.el6_4.1.i686.rpm abrt-gui-2.0.8-16.el6_4.1.i686.rpm abrt-libs-2.0.8-16.el6_4.1.i686.rpm abrt-tui-2.0.8-16.el6_4.1.i686.rpm autofs-5.0.5-75.el6_4.i686.rpm chkconfig-1.3.49.3-2.el6_4.1.i686.rpm iputils-20071127-17.el6_4.2.i686.rpm libipa_hbac-1.9.2-82.10.el6_4.i686.rpm libipa_hbac-devel-1.9.2-82.10.el6_4.i686.rpm libipa_hbac-python-1.9.2-82.10.el6_4.i686.rpm libreport-2.0.9-15.el6_4.1.i686.rpm libreport-cli-2.0.9-15.el6_4.1.i686.rpm libreport-compat-2.0.9-15.el6_4.1.i686.rpm libreport-devel-2.0.9-15.el6_4.1.i686.rpm libreport-filesystem-2.0.9-15.el6_4.1.i686.rpm libreport-gtk-2.0.9-15.el6_4.1.i686.rpm libreport-gtk-devel-2.0.9-15.el6_4.1.i686.rpm libreport-newt-2.0.9-15.el6_4.1.i686.rpm libreport-plugin-bugzilla-2.0.9-15.el6_4.1.i686.rpm libreport-plugin-kerneloops-2.0.9-15.el6_4.1.i686.rpm libreport-plugin-logger-2.0.9-15.el6_4.1.i686.rpm libreport-plugin-mailx-2.0.9-15.el6_4.1.i686.rpm libreport-plugin-reportuploader-2.0.9-15.el6_4.1.i686.rpm libreport-plugin-rhtsupport-2.0.9-15.el6_4.1.i686.rpm libreport-python-2.0.9-15.el6_4.1.i686.rpm libsss_autofs-1.9.2-82.10.el6_4.i686.rpm libsss_idmap-1.9.2-82.10.el6_4.i686.rpm libsss_idmap-devel-1.9.2-82.10.el6_4.i686.rpm libsss_sudo-1.9.2-82.10.el6_4.i686.rpm libsss_sudo-devel-1.9.2-82.10.el6_4.i686.rpm libvirt-cim-0.6.1-4.el6_4.2.i686.rpm ntsysv-1.3.49.3-2.el6_4.1.i686.rpm scl-utils-20120927-8.el6.i686.rpm scl-utils-build-20120927-8.el6.i686.rpm sssd-1.9.2-82.10.el6_4.i686.rpm sssd-client-1.9.2-82.10.el6_4.i686.rpm sssd-tools-1.9.2-82.10.el6_4.i686.rpm x86_64: abrt-2.0.8-16.el6_4.1.x86_64.rpm abrt-addon-ccpp-2.0.8-16.el6_4.1.x86_64.rpm abrt-addon-kerneloops-2.0.8-16.el6_4.1.x86_64.rpm abrt-addon-python-2.0.8-16.el6_4.1.x86_64.rpm abrt-addon-vmcore-2.0.8-16.el6_4.1.x86_64.rpm abrt-cli-2.0.8-16.el6_4.1.x86_64.rpm abrt-desktop-2.0.8-16.el6_4.1.x86_64.rpm abrt-devel-2.0.8-16.el6_4.1.i686.rpm abrt-devel-2.0.8-16.el6_4.1.x86_64.rpm abrt-gui-2.0.8-16.el6_4.1.x86_64.rpm abrt-libs-2.0.8-16.el6_4.1.i686.rpm abrt-libs-2.0.8-16.el6_4.1.x86_64.rpm abrt-tui-2.0.8-16.el6_4.1.x86_64.rpm autofs-5.0.5-75.el6_4.x86_64.rpm chkconfig-1.3.49.3-2.el6_4.1.x86_64.rpm iputils-20071127-17.el6_4.2.x86_64.rpm libipa_hbac-1.9.2-82.10.el6_4.i686.rpm libipa_hbac-1.9.2-82.10.el6_4.x86_64.rpm libipa_hbac-devel-1.9.2-82.10.el6_4.i686.rpm libipa_hbac-devel-1.9.2-82.10.el6_4.x86_64.rpm libipa_hbac-python-1.9.2-82.10.el6_4.x86_64.rpm libreport-2.0.9-15.el6_4.1.i686.rpm libreport-2.0.9-15.el6_4.1.x86_64.rpm libreport-cli-2.0.9-15.el6_4.1.x86_64.rpm libreport-compat-2.0.9-15.el6_4.1.x86_64.rpm libreport-devel-2.0.9-15.el6_4.1.i686.rpm libreport-devel-2.0.9-15.el6_4.1.x86_64.rpm libreport-filesystem-2.0.9-15.el6_4.1.x86_64.rpm libreport-gtk-2.0.9-15.el6_4.1.i686.rpm libreport-gtk-2.0.9-15.el6_4.1.x86_64.rpm libreport-gtk-devel-2.0.9-15.el6_4.1.i686.rpm libreport-gtk-devel-2.0.9-15.el6_4.1.x86_64.rpm libreport-newt-2.0.9-15.el6_4.1.x86_64.rpm libreport-plugin-bugzilla-2.0.9-15.el6_4.1.x86_64.rpm libreport-plugin-kerneloops-2.0.9-15.el6_4.1.x86_64.rpm libreport-plugin-logger-2.0.9-15.el6_4.1.x86_64.rpm libreport-plugin-mailx-2.0.9-15.el6_4.1.x86_64.rpm libreport-plugin-reportuploader-2.0.9-15.el6_4.1.x86_64.rpm libreport-plugin-rhtsupport-2.0.9-15.el6_4.1.x86_64.rpm libreport-python-2.0.9-15.el6_4.1.x86_64.rpm libsss_autofs-1.9.2-82.10.el6_4.x86_64.rpm libsss_idmap-1.9.2-82.10.el6_4.i686.rpm libsss_idmap-1.9.2-82.10.el6_4.x86_64.rpm libsss_idmap-devel-1.9.2-82.10.el6_4.i686.rpm libsss_idmap-devel-1.9.2-82.10.el6_4.x86_64.rpm libsss_sudo-1.9.2-82.10.el6_4.x86_64.rpm libsss_sudo-devel-1.9.2-82.10.el6_4.i686.rpm libsss_sudo-devel-1.9.2-82.10.el6_4.x86_64.rpm libvirt-cim-0.6.1-4.el6_4.2.i686.rpm libvirt-cim-0.6.1-4.el6_4.2.x86_64.rpm ntsysv-1.3.49.3-2.el6_4.1.x86_64.rpm scl-utils-20120927-8.el6.x86_64.rpm scl-utils-build-20120927-8.el6.x86_64.rpm sssd-1.9.2-82.10.el6_4.x86_64.rpm sssd-client-1.9.2-82.10.el6_4.i686.rpm sssd-client-1.9.2-82.10.el6_4.x86_64.rpm sssd-tools-1.9.2-82.10.el6_4.x86_64.rpm Date: Wed, 9 Oct 2013 13:24:44 +0000 Reply-To: scientific-linux-users@ Sender: Security Errata for Scientific Linux From: Pat Riehecky Subject: Security ERRATA Moderate: xinetd on SL5.x, SL6.x i386/x86_64 MIME-Version: 1.0 Synopsis: Moderate: xinetd security update Advisory ID: SLSA-2013:1409-1 Issue Date: 2013-10-07 CVE Numbers: CVE-2013-4342 -- It was found that xinetd ignored the user and group configuration directives for services running under the tcpmux-server service. This flaw could cause the associated services to run as root. If there was a flaw in such a service, a remote attacker could use it to execute arbitrary code with the privileges of the root user. (CVE-2013-4342) -- SL5 x86_64 xinetd-2.3.14-20.el5_10.x86_64.rpm xinetd-debuginfo-2.3.14-20.el5_10.x86_64.rpm i386 xinetd-2.3.14-20.el5_10.i386.rpm xinetd-debuginfo-2.3.14-20.el5_10.i386.rpm SL6 x86_64 xinetd-2.3.14-39.el6_4.x86_64.rpm xinetd-debuginfo-2.3.14-39.el6_4.x86_64.rpm i386 xinetd-2.3.14-39.el6_4.i686.rpm xinetd-debuginfo-2.3.14-39.el6_4.i686.rpm - Scientific Linux Development Team . A patch for xinetd has been released for Scientific Linux addressing a vulnerability that may enable remote code execution.. xinetd Update, Security Advisory, Scientific Linux Patch. . Severity: Important. LinuxSecurity.com Team
Oct 09, 2013
•Important
Scientific Linux
98
security advisorysecurity updateRed Hat Enterprise LinuxRed Hat Enterprise Linux: RHSA-2013:1409-01 Moderate xinetd Security Threat
An updated xinetd package that fixes one security issue is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: xinetd security update Advisory ID: RHSA-2013:1409-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2013:1409.html Issue date: 2013-10-07 Keywords: xinetd CVE Names: CVE-2013-4342 ==================================================================== 1. Summary: An updated xinetd package that fixes one security issue is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: The xinetd package provides a secure replacement for inetd, the Internet services daemon. xinetd provides access control for all services based on the address of the remote host and/or on time of access, and can prevent denial-of-access attacks. It was found that xinetd ignored the user and group configuration directives for services running under the tcpmux-server service. This flaw could cause the associated services to run as root. If there was a flawin such a service, a remote attacker could use it to execute arbitrary code with the privileges of the root user. (CVE-2013-4342) Red Hat would like to thank Thomas Swan of FedEx for reporting this issue. All xinetd users are advised to upgrade to this updated package, which contains a backported patch to correct this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 1006100 - CVE-2013-4342 xinetd: ignores user and group directives for tcpmux services 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: i386: xinetd-2.3.14-20.el5_10.i386.rpm xinetd-debuginfo-2.3.14-20.el5_10.i386.rpm x86_64: xinetd-2.3.14-20.el5_10.x86_64.rpm xinetd-debuginfo-2.3.14-20.el5_10.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: i386: xinetd-2.3.14-20.el5_10.i386.rpm xinetd-debuginfo-2.3.14-20.el5_10.i386.rpm ia64: xinetd-2.3.14-20.el5_10.ia64.rpm xinetd-debuginfo-2.3.14-20.el5_10.ia64.rpm ppc: xinetd-2.3.14-20.el5_10.ppc.rpm xinetd-debuginfo-2.3.14-20.el5_10.ppc.rpm s390x: xinetd-2.3.14-20.el5_10.s390x.rpm xinetd-debuginfo-2.3.14-20.el5_10.s390x.rpm x86_64: xinetd-2.3.14-20.el5_10.x86_64.rpm xinetd-debuginfo-2.3.14-20.el5_10.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: i386: xinetd-2.3.14-39.el6_4.i686.rpm xinetd-debuginfo-2.3.14-39.el6_4.i686.rpm x86_64: xinetd-2.3.14-39.el6_4.x86_64.rpm xinetd-debuginfo-2.3.14-39.el6_4.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: x86_64: xinetd-2.3.14-39.el6_4.x86_64.rpm xinetd-debuginfo-2.3.14-39.el6_4.x86_64.rpm Red Hat Enterprise Linux Server (v.6): Source: i386: xinetd-2.3.14-39.el6_4.i686.rpm xinetd-debuginfo-2.3.14-39.el6_4.i686.rpm ppc64: xinetd-2.3.14-39.el6_4.ppc64.rpm xinetd-debuginfo-2.3.14-39.el6_4.ppc64.rpm s390x: xinetd-2.3.14-39.el6_4.s390x.rpm xinetd-debuginfo-2.3.14-39.el6_4.s390x.rpm x86_64: xinetd-2.3.14-39.el6_4.x86_64.rpm xinetd-debuginfo-2.3.14-39.el6_4.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: i386: xinetd-2.3.14-39.el6_4.i686.rpm xinetd-debuginfo-2.3.14-39.el6_4.i686.rpm x86_64: xinetd-2.3.14-39.el6_4.x86_64.rpm xinetd-debuginfo-2.3.14-39.el6_4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package 7. References: https://access.redhat.com/security/cve/CVE-2013-4342 https://access.redhat.com/security/updates/classification#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFSUu43XlSAg2UNWIIRAhb9AKCsgG1dIkv6K/fD9cvcMVkl7Anl1ACfai6u 3OfLBMpAJrvHeXoBWD179m8=GBdo -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list
Oct 07, 2013
Red Hat
98
security advisorymoderatesecurity updateModerate Security Update RHSA-2013:1409-01 for xinetd Remote Exec
An updated xinetd package that fixes one security issue is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate [More...]. ==================================================================== Red Hat Security Advisory Synopsis: Moderate: xinetd security update Advisory ID: RHSA-2013:1409-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2013:1409.html Issue date: 2013-10-07 Keywords: xinetd CVE Names: CVE-2013-4342 ==================================================================== 1. Summary: An updated xinetd package that fixes one security issue is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: The xinetd package provides a secure replacement for inetd, the Internet services daemon. xinetd provides access control for all services based on the address of the remote host and/or on time of access, and can prevent denial-of-access attacks. It was found that xinetd ignored the user and group configuration directives for services running under the tcpmux-server service. This flaw could cause the associated services to run as root. If there was a flaw in such a service, a remote attacker could use it to execute arbitrary code with the privileges of the root user.(CVE-2013-4342) Red Hat would like to thank Thomas Swan of FedEx for reporting this issue. All xinetd users are advised to upgrade to this updated package, which contains a backported patch to correct this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 1006100 - CVE-2013-4342 xinetd: ignores user and group directives for tcpmux services 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: i386: xinetd-2.3.14-20.el5_10.i386.rpm xinetd-debuginfo-2.3.14-20.el5_10.i386.rpm x86_64: xinetd-2.3.14-20.el5_10.x86_64.rpm xinetd-debuginfo-2.3.14-20.el5_10.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: i386: xinetd-2.3.14-20.el5_10.i386.rpm xinetd-debuginfo-2.3.14-20.el5_10.i386.rpm ia64: xinetd-2.3.14-20.el5_10.ia64.rpm xinetd-debuginfo-2.3.14-20.el5_10.ia64.rpm ppc: xinetd-2.3.14-20.el5_10.ppc.rpm xinetd-debuginfo-2.3.14-20.el5_10.ppc.rpm s390x: xinetd-2.3.14-20.el5_10.s390x.rpm xinetd-debuginfo-2.3.14-20.el5_10.s390x.rpm x86_64: xinetd-2.3.14-20.el5_10.x86_64.rpm xinetd-debuginfo-2.3.14-20.el5_10.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: i386: xinetd-2.3.14-39.el6_4.i686.rpm xinetd-debuginfo-2.3.14-39.el6_4.i686.rpm x86_64: xinetd-2.3.14-39.el6_4.x86_64.rpm xinetd-debuginfo-2.3.14-39.el6_4.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: x86_64: xinetd-2.3.14-39.el6_4.x86_64.rpm xinetd-debuginfo-2.3.14-39.el6_4.x86_64.rpm Red Hat Enterprise Linux Server (v.6): Source: i386: xinetd-2.3.14-39.el6_4.i686.rpm xinetd-debuginfo-2.3.14-39.el6_4.i686.rpm ppc64: xinetd-2.3.14-39.el6_4.ppc64.rpm xinetd-debuginfo-2.3.14-39.el6_4.ppc64.rpm s390x: xinetd-2.3.14-39.el6_4.s390x.rpm xinetd-debuginfo-2.3.14-39.el6_4.s390x.rpm x86_64: xinetd-2.3.14-39.el6_4.x86_64.rpm xinetd-debuginfo-2.3.14-39.el6_4.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: i386: xinetd-2.3.14-39.el6_4.i686.rpm xinetd-debuginfo-2.3.14-39.el6_4.i686.rpm x86_64: xinetd-2.3.14-39.el6_4.x86_64.rpm xinetd-debuginfo-2.3.14-39.el6_4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package 7. References: https://access.redhat.com/security/cve/CVE-2013-4342 https://access.redhat.com/security/updates/classification#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2013 Red Hat, Inc. . Cautionary security notification for xinetd targets elevated execution vulnerability, applicable for CentOS Linux versions 5 and 6.. Red Hat Advisory, xinetd Update, Remote Execution Risk, Linux Security Update. . LinuxSecurity.com Team
Oct 07, 2013
Red Hat
98
security advisorysecurity issueRed HatRed Hat Security Advisory: RHSA-2013-1302 Addresses xinetd Vulnerabilities
An updated xinetd package that fixes one security issue and two bugs is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Low: xinetd security and bug fix update Advisory ID: RHSA-2013:1302-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2013:1302.html Issue date: 2013-09-30 Keywords: xinetd CVE Names: CVE-2012-0862 ==================================================================== 1. Summary: An updated xinetd package that fixes one security issue and two bugs is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: The xinetd package provides a secure replacement for inetd, the Internet services daemon. xinetd provides access control for all services based on the address of the remote host and/or on time of access, and can prevent denial-of-access attacks. When xinetd services are configured with the "TCPMUX" or "TCPMUXPLUS" type, and the tcpmux-server service is enabled, those services are accessible via port 1. It was found that enabling the tcpmux-server service (it is disabled by default) allowed every xinetd service, including those that are not configured with the "TCPMUX" or "TCPMUXPLUS" type, to be accessible via port 1. This could allow a remote attacker to bypass intendedfirewall restrictions. (CVE-2012-0862) Red Hat would like to thank Thomas Swan of FedEx for reporting this issue. This update also fixes the following bugs: * Prior to this update, a file descriptor array in the service.c source file was not handled as expected. As a consequence, some of the descriptorsremained open when xinetd was under heavy load. Additionally, the system log was filled with a large number of messages that took up a lot of disk space over time. This update modifies the xinetd code to handle the file descriptors correctly and messages no longer fill the system log. (BZ#852274) * Prior to this update, services were disabled permanently when their CPS limit was reached. As a consequence, a failed bind operation could occur when xinetd attempted to restart the service. This update adds additional logic that attempts to restart the service. Now, the service is only disabled if xinetd cannot restart the service after 30 attempts. (BZ#811000) All users of xinetd are advised to upgrade to this updated package, which contains backported patches to correct these issues. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 790940 - CVE-2012-0862 xinetd: enables unintentional services over tcpmux port 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: i386: xinetd-2.3.14-19.el5.i386.rpm xinetd-debuginfo-2.3.14-19.el5.i386.rpm x86_64: xinetd-2.3.14-19.el5.x86_64.rpm xinetd-debuginfo-2.3.14-19.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5server): Source: i386: xinetd-2.3.14-19.el5.i386.rpm xinetd-debuginfo-2.3.14-19.el5.i386.rpm ia64: xinetd-2.3.14-19.el5.ia64.rpm xinetd-debuginfo-2.3.14-19.el5.ia64.rpm ppc: xinetd-2.3.14-19.el5.ppc.rpm xinetd-debuginfo-2.3.14-19.el5.ppc.rpm s390x: xinetd-2.3.14-19.el5.s390x.rpm xinetd-debuginfo-2.3.14-19.el5.s390x.rpm x86_64: xinetd-2.3.14-19.el5.x86_64.rpm xinetd-debuginfo-2.3.14-19.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package 7. References: https://access.redhat.com/security/cve/CVE-2012-0862 https://access.redhat.com/security/updates/classification#low 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFSSgpqXlSAg2UNWIIRAvpLAKCbKbjE5Ply5EtEBPXTPPxHFrIxRwCgrg3J ttoX9ugY0CfQfNkr1AiTFF0=edRB -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list
Sep 30, 2013
•Low
Red Hat
98
security advisorysecurity issueRed HatRed Hat 5: RHSA-2013:1302-01 Low: xinetd Security Issue
An updated xinetd package that fixes one security issue and two bugs is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low [More...]. ==================================================================== Red Hat Security Advisory Synopsis: Low: xinetd security and bug fix update Advisory ID: RHSA-2013:1302-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2013:1302.html Issue date: 2013-09-30 Keywords: xinetd CVE Names: CVE-2012-0862 ==================================================================== 1. Summary: An updated xinetd package that fixes one security issue and two bugs is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: The xinetd package provides a secure replacement for inetd, the Internet services daemon. xinetd provides access control for all services based on the address of the remote host and/or on time of access, and can prevent denial-of-access attacks. When xinetd services are configured with the "TCPMUX" or "TCPMUXPLUS" type, and the tcpmux-server service is enabled, those services are accessible via port 1. It was found that enabling the tcpmux-server service (it is disabled by default) allowed every xinetd service, including those that are not configured with the "TCPMUX" or "TCPMUXPLUS" type, to be accessible via port 1. This could allow a remote attacker to bypass intended firewall restrictions. (CVE-2012-0862) Red Hat would like to thank Thomas Swan of FedEx for reporting thisissue. This update also fixes the following bugs: * Prior to this update, a file descriptor array in the service.c source file was not handled as expected. As a consequence, some of the descriptorsremained open when xinetd was under heavy load. Additionally, the system log was filled with a large number of messages that took up a lot of disk space over time. This update modifies the xinetd code to handle the file descriptors correctly and messages no longer fill the system log. (BZ#852274) * Prior to this update, services were disabled permanently when their CPS limit was reached. As a consequence, a failed bind operation could occur when xinetd attempted to restart the service. This update adds additional logic that attempts to restart the service. Now, the service is only disabled if xinetd cannot restart the service after 30 attempts. (BZ#811000) All users of xinetd are advised to upgrade to this updated package, which contains backported patches to correct these issues. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 790940 - CVE-2012-0862 xinetd: enables unintentional services over tcpmux port 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: i386: xinetd-2.3.14-19.el5.i386.rpm xinetd-debuginfo-2.3.14-19.el5.i386.rpm x86_64: xinetd-2.3.14-19.el5.x86_64.rpm xinetd-debuginfo-2.3.14-19.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5server): Source: i386: xinetd-2.3.14-19.el5.i386.rpm xinetd-debuginfo-2.3.14-19.el5.i386.rpm ia64: xinetd-2.3.14-19.el5.ia64.rpm xinetd-debuginfo-2.3.14-19.el5.ia64.rpm ppc: xinetd-2.3.14-19.el5.ppc.rpm xinetd-debuginfo-2.3.14-19.el5.ppc.rpm s390x: xinetd-2.3.14-19.el5.s390x.rpm xinetd-debuginfo-2.3.14-19.el5.s390x.rpm x86_64: xinetd-2.3.14-19.el5.x86_64.rpm xinetd-debuginfo-2.3.14-19.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package 7. References: https://access.redhat.com/security/cve/CVE-2012-0862 https://access.redhat.com/security/updates/classification#low 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2013 Red Hat, Inc. . The xinetd package update for Red Hat resolves a security vulnerability and rectifies two minor bugs that have been evaluated as having low impact.. xinetd Update, Red Hat Advisory, Low Severity Fix, Security Patch. . Severity: Low. LinuxSecurity.com Team
Sep 30, 2013
•Low
Red Hat
98
security advisorysecurity updateRed HatRed Hat 6 RHSA-2013:0499-02 Low Severity Access Control Issue
An updated xinetd package that fixes one security issue and two bugs is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Low: xinetd security and bug fix update Advisory ID: RHSA-2013:0499-02 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2013:0499.html Issue date: 2013-02-21 CVE Names: CVE-2012-0862 ==================================================================== 1. Summary: An updated xinetd package that fixes one security issue and two bugs is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: The xinetd package provides a secure replacement for inetd, the Internet services daemon. xinetd provides access control for all services based on the address of the remote host and/or on time of access, and can prevent denial-of-access attacks. When xinetd services are configured with the "TCPMUX" or "TCPMUXPLUS" type, and the tcpmux-server service is enabled, those services are accessible via port 1. It was found that enabling the tcpmux-server service (it is disabled by default) allowed every xinetd service, including those that are not configured with the "TCPMUX" or "TCPMUXPLUS" type, to beaccessible via port 1. This could allow a remote attacker to bypass intended firewall restrictions. (CVE-2012-0862) Red Hat would like to thank Thomas Swan of FedEx for reporting this issue. This update also fixes the following bugs: * Prior to this update, a file descriptor array in the service.c source file was not handled as expected. As a consequence, some of the descriptorsremained open when xinetd was under heavy load. Additionally, the system log was filled with a large number of messages that took up a lot of disk space over time. This update modifies the xinetd code to handle the file descriptors correctly and messages no longer fill the system log. (BZ#790036) * Prior to this update, services were disabled permanently when their CPS limit was reached. As a consequence, a failed bind operation could occur when xinetd attempted to restart the service. This update adds additional logic that attempts to restart the service. Now, the service is only disabled if xinetd cannot restart the service after 30 attempts. (BZ#809271) All users of xinetd are advised to upgrade to this updated package, which contains backported patches to correct these issues. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 790036 - xinetd leaking file descriptors790940 - CVE-2012-0862 xinetd: enables unintentional services over tcpmux port 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: i386: xinetd-2.3.14-38.el6.i686.rpm xinetd-debuginfo-2.3.14-38.el6.i686.rpm x86_64: xinetd-2.3.14-38.el6.x86_64.rpm xinetd-debuginfo-2.3.14-38.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: x86_64: xinetd-2.3.14-38.el6.x86_64.rpm xinetd-debuginfo-2.3.14-38.el6.x86_64.rpm Red Hat Enterprise LinuxServer (v. 6): Source: i386: xinetd-2.3.14-38.el6.i686.rpm xinetd-debuginfo-2.3.14-38.el6.i686.rpm ppc64: xinetd-2.3.14-38.el6.ppc64.rpm xinetd-debuginfo-2.3.14-38.el6.ppc64.rpm s390x: xinetd-2.3.14-38.el6.s390x.rpm xinetd-debuginfo-2.3.14-38.el6.s390x.rpm x86_64: xinetd-2.3.14-38.el6.x86_64.rpm xinetd-debuginfo-2.3.14-38.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: i386: xinetd-2.3.14-38.el6.i686.rpm xinetd-debuginfo-2.3.14-38.el6.i686.rpm x86_64: xinetd-2.3.14-38.el6.x86_64.rpm xinetd-debuginfo-2.3.14-38.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://access.redhat.com/security/cve/CVE-2012-0862 https://access.redhat.com/security/updates/classification/#low 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFRJbzuXlSAg2UNWIIRAiqwAKCIMTRNajpTwaGc8JVOXikLgC7/dwCff9B4 Hekn6Edp1r5FzlzMFj7pElQ=8fGn -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list
Feb 21, 2013
•Low
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!