[lug] security of xinetd

D. Stimits stimits at idcomm.com
Fri Jul 13 14:47:56 MDT 2001


There seem to have been a few people lately that have been bitten by
security woes, and I have seen several port 21 tests lately, so I
thought I'd pass this along...it is RH specific, but probably something
similar for other distros exists (slightly edited down from actual
notice):


Subject: 
            [RHSA-2001:092-02] Updated xinetd package available for Red
Hat Linux 7 and 7.1
      Date: 
            Fri, 6 Jul 2001 15:15 -0400
     From: 
            redhat-announce-list-admin at redhat.com
 Reply-To: 
            redhat-announce-list at redhat.com
        To: 
            redhat-watch-list at redhat.com
       CC: 
            bugtraq at securityfocus.com, linux-security at redhat.com




---------------------------------------------------------------------
                   Red Hat, Inc. Red Hat Security Advisory

Synopsis:          Updated xinetd package available for Red Hat Linux 7
and 7.1
Advisory ID:       RHSA-2001:092-02
Issue date:        2001-07-03
Updated on:        2001-07-06
Product:           Red Hat Linux
Keywords:          xinetd umask 2.4 kernel identd
Cross references:  
Obsoletes:         RHSA-2001:075
---------------------------------------------------------------------

1. Topic:

A vulnerability has been found in xinetd's string handling.

2. Relevant releases/architectures:

Red Hat Linux 7.0 - alpha, i386

Red Hat Linux 7.1 - alpha, i386

3. Problem description:

A boundary checking case in xinetd's string handling was fixed in the
2.3.0
release of xinetd.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade.  Only those
RPMs which are currently installed will be updated.  Those RPMs which
are
not installed but included in the list will not be updated.  Note that
you
can also use wildcards (*.rpm) if your current directory *only* contains
the
desired RPMs.

Please note that this update is also available via Red Hat Network. 
Many
people find this an easier way to apply updates.  To use Red Hat
Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the
appropriate
RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info):



6. RPMs required:
See xinetd-2.3.0-1.71,
ftp://updates.redhat.com/




D. Stimits, stimits at idcomm.com



More information about the LUG mailing list