Advisories

Mandriva Advisories

Package name	xinetd
Date	May 14th, 2003
Advisory ID	MDKSA-2003:056
Affected versions	8.2, 9.0, 9.1, MNF8.2, CS2.1
Synopsis	Updated xinetd packages fix DoS vulnerability

Problem Description

A vulnerability was discovered in xinetd where memory was allocated and
never freed if a connection was refused for any reason. Because of
this bug, an attacker could crash the xinetd server, making
unavailable all of the services it controls. Other flaws were also
discovered that could cause incorrect operation in certain strange
configurations.

These issues have been fixed upstream in xinetd version 2.3.11 which
are provided in this update.

Updated Packages

Mandrakelinux 8.2

 b4eff824d68251d41e4bac24cf215a74  8.2/RPMS/xinetd-2.3.11-1.1mdk.i586.rpm
994553078c5caf6853422ad51a08405c  8.2/RPMS/xinetd-ipv6-2.3.11-1.1mdk.i586.rpm
48c1a13b666f519b893f9d36c2d440c4  8.2/SRPMS/xinetd-2.3.11-1.1mdk.src.rpm

Mandrakelinux 8.2/PPC

 7dab7aa553e059299a24ebaab552fd01  ppc/8.2/RPMS/xinetd-2.3.11-1.1mdk.ppc.rpm
ffa308c43027a43b3b050c68841b12e9  ppc/8.2/RPMS/xinetd-ipv6-2.3.11-1.1mdk.ppc.rpm
48c1a13b666f519b893f9d36c2d440c4  ppc/8.2/SRPMS/xinetd-2.3.11-1.1mdk.src.rpm

Mandrakelinux 9.0

 a9121e4a9d10ceae2432619f2b1cb39d  9.0/RPMS/xinetd-2.3.11-1.1mdk.i586.rpm
92bd935f2578bb67f90d9e748a1bb636  9.0/RPMS/xinetd-ipv6-2.3.11-1.1mdk.i586.rpm
48c1a13b666f519b893f9d36c2d440c4  9.0/SRPMS/xinetd-2.3.11-1.1mdk.src.rpm

Mandrakelinux 9.1

 b7ad521d0068d894d3e4255ee628ade8  9.1/RPMS/xinetd-2.3.11-1.1mdk.i586.rpm
2c12b8ae701f10c165244f4ed9e71717  9.1/RPMS/xinetd-ipv6-2.3.11-1.1mdk.i586.rpm
48c1a13b666f519b893f9d36c2d440c4  9.1/SRPMS/xinetd-2.3.11-1.1mdk.src.rpm

Mandrakelinux 9.1/PPC

 273514196962d9ed8065475d865e36ac  ppc/9.1/RPMS/xinetd-2.3.11-1.1mdk.ppc.rpm
82ab5d4c702b234f47f31a64d6874e56  ppc/9.1/RPMS/xinetd-ipv6-2.3.11-1.1mdk.ppc.rpm
48c1a13b666f519b893f9d36c2d440c4  ppc/9.1/SRPMS/xinetd-2.3.11-1.1mdk.src.rpm

Multi Network Firewall 8.2

 b4eff824d68251d41e4bac24cf215a74  mnf8.2/RPMS/xinetd-2.3.11-1.1mdk.i586.rpm
994553078c5caf6853422ad51a08405c  mnf8.2/RPMS/xinetd-ipv6-2.3.11-1.1mdk.i586.rpm
48c1a13b666f519b893f9d36c2d440c4  mnf8.2/SRPMS/xinetd-2.3.11-1.1mdk.src.rpm

Corporate Server 2.1

 a9121e4a9d10ceae2432619f2b1cb39d  corporate/2.1/RPMS/xinetd-2.3.11-1.1mdk.i586.rpm
92bd935f2578bb67f90d9e748a1bb636  corporate/2.1/RPMS/xinetd-ipv6-2.3.11-1.1mdk.i586.rpm
48c1a13b666f519b893f9d36c2d440c4  corporate/2.1/SRPMS/xinetd-2.3.11-1.1mdk.src.rpm

Corporate Server 2.1/X86_64

 c8fe936690c610ce46606822818b4224  x86_64/corporate/2.1/RPMS/xinetd-2.3.11-1.1mdk.x86_64.rpm
f0b2e2495d59c864a6da0970b29044c1  x86_64/corporate/2.1/RPMS/xinetd-ipv6-2.3.11-1.1mdk.x86_64.rpm
48c1a13b666f519b893f9d36c2d440c4  x86_64/corporate/2.1/SRPMS/xinetd-2.3.11-1.1mdk.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0211

Upgrade

To upgrade automatically, use MandrivaUpdate.

Verification

Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :

                rpm --checksig package.rpm

You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.

If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.

URL:

https://mandriva.com/security/advisories

Short link:

https://mandriva.com/content/view/full/1075

Intersites Menu

Mandriva

Tools

Top menu

Advisories

Footer