Advisories » MGASA-2013-0302

Updated xinetd package fixes security vulnerability

Publication date: 09 Oct 2013
Modification date: 09 Oct 2013
Type: security
Affected Mageia releases : 2 , 3
CVE: CVE-2013-4342

Description

It was found that xinetd ignored the user and group configuration
directives for services running under the tcpmux-server service. This flaw
could cause the associated services to run as root. If there was a flaw in
such a service, a remote attacker could use it to execute arbitrary code
with the privileges of the root user (CVE-2013-4342).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=11406
• https://rhn.redhat.com/errata/RHSA-2013-1409.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4342

SRPMS

2/core

• xinetd-2.3.15-1.1.mga2

3/core

• xinetd-2.3.15-3.1.mga3