code.ossystems Code Review - openembedded-core.git/commit

author	Li Wang <li.wang@windriver.com>
	Thu, 5 Dec 2013 23:52:17 +0000 (17:52 -0600)
committer	Robert Yang <liezhi.yang@windriver.com>
	Sun, 26 Jan 2014 06:08:15 +0000 (14:08 +0800)
commit	478b7f533c6664f1e4cab9950f257d927d32bb28
tree	06d5abdd587f2bea9e6c0d52d23f14de72cd943d	tree \| snapshot
parent	5748342f445d4233af838a6a65449a5d1baeb3c2	commit \| diff

xinetd: CVE-2013-4342

xinetd does not enforce the user and group configuration directives
for TCPMUX services, which causes these services to be run as root
and makes it easier for remote attackers to gain privileges by
leveraging another vulnerability in a service.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4342

the patch come from:
https://bugzilla.redhat.com/attachment.cgi?id=799732&action=diff

(From OE-Core master rev: c6ccb09cee54a7b9d953f58fbb8849fd7d7de6a9)

Signed-off-by: Li Wang <li.wang@windriver.com>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>

meta/recipes-extended/xinetd/xinetd/xinetd-CVE-2013-4342.patch	[new file with mode: 0644]	blob
meta/recipes-extended/xinetd/xinetd_2.3.15.bb		diff \| blob \| history