-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2013:248 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : xinetd Date : October 10, 2013 Affected: Business Server 1.0, Enterprise Server 5.0 _______________________________________________________________________ Problem Description: Updated xinetd package fixes security vulnerability: It was found that xinetd ignored the user and group configuration directives for services running under the tcpmux-server service. This flaw could cause the associated services to run as root. If there was a flaw in such a service, a remote attacker could use it to execute arbitrary code with the privileges of the root user (CVE-2013-4342). _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4342 http://advisories.mageia.org/MGASA-2013-0302.html _______________________________________________________________________ Updated Packages: Mandriva Enterprise Server 5: 7976fe68c2fbf71a2df62a39f2128fe2 mes5/i586/xinetd-2.3.14-9.2mdvmes5.2.i586.rpm 5cf2234e84b17e0a281523cab4a5c7d5 mes5/i586/xinetd-simple-services-2.3.14-9.2mdvmes5.2.i586.rpm b6b4f88ddde0c620305f561e0763e062 mes5/SRPMS/xinetd-2.3.14-9.2mdvmes5.2.src.rpm Mandriva Enterprise Server 5/X86_64: 56b91a23fb44b3464e1d7efa852211a1 mes5/x86_64/xinetd-2.3.14-9.2mdvmes5.2.x86_64.rpm 81cfdaeae19dc5c65572147fc054c092 mes5/x86_64/xinetd-simple-services-2.3.14-9.2mdvmes5.2.x86_64.rpm b6b4f88ddde0c620305f561e0763e062 mes5/SRPMS/xinetd-2.3.14-9.2mdvmes5.2.src.rpm Mandriva Business Server 1/X86_64: 71c6525d8fd04f94fcf6bfc9fefd5ead mbs1/x86_64/xinetd-2.3.15-1.1.mbs1.x86_64.rpm 386144202dbe1cd6f4a3cab2cbce77c1 mbs1/x86_64/xinetd-simple-services-2.3.15-1.1.mbs1.x86_64.rpm d36307cca323809a2af5903761acccd2 mbs1/SRPMS/xinetd-2.3.15-1.1.mbs1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFSVom8mqjQ0CJFipgRAuiwAKC+inrDgN2oEvpG4qZQjL0W8g48gQCdGSjd FcITRUBzVmGhwlzn3W1T9XQ= =VyVe -----END PGP SIGNATURE-----