Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-announce

From: Daniel Ahlberg <aliz@g.o>
To: gentoo-announce@g.o
Subject: GLSA: xinetd (200305-08)
Date: Mon, 19 May 2003 18:19:56
Message-Id: 20030519140040.578993374F@mail1.tamperd.net
1 -----BEGIN PGP SIGNED MESSAGE-----
2 Hash: SHA1
3
4 - - - ---------------------------------------------------------------------
5 GENTOO LINUX SECURITY ANNOUNCEMENT 200305-08
6 - - - ---------------------------------------------------------------------
7
8 PACKAGE : xinetd
9 SUMMARY : memory leak
10 DATE : 2003-05-19 14:00 UTC
11 EXPLOIT : remote
12 VERSIONS AFFECTED : <xinetd-2.3.11
13 FIXED VERSION : >=xinetd-2.3.11
14 CVE : CAN-2003-0211
15
16 - - - ---------------------------------------------------------------------
17
18 Steve Stubb has discovered that xinetd leaks 144 bytes for every
19 connection it rejects.
20
21 Read the full advisory at:
22 http://marc.theaimsgroup.com/?l=bugtraq&m=105068673220605&w=2
23
24 SOLUTION
25
26 It is recommended that all Gentoo Linux users who are running
27 sys-apps/xinetd upgrade to xinetd-2.3.11 as follows
28
29 emerge sync
30 emerge xinetd
31 emerge clean
32
33 - - - ---------------------------------------------------------------------
34 aliz@g.o - GnuPG key is available at http://cvs.gentoo.org/~aliz
35 - - - ---------------------------------------------------------------------
36 -----BEGIN PGP SIGNATURE-----
37 Version: GnuPG v1.2.2 (GNU/Linux)
38
39 iD8DBQE+yOOHfT7nyhUpoZMRAnTpAKCsBFYvZwq5I9I4byMVbX6YCYQSYwCgtwlf
40 aHqwq36onDu5Suhc6C1vuvQ=
41 =Lq47
42 -----END PGP SIGNATURE-----
Report Message
Find on MARC Find on Google Groups