code.ossystems Code Review - openembedded-core.git/commit

author	Li Wang <li.wang@windriver.com>
	Thu, 5 Dec 2013 23:52:17 +0000 (17:52 -0600)
committer	Richard Purdie <richard.purdie@linuxfoundation.org>
	Tue, 10 Dec 2013 11:36:24 +0000 (11:36 +0000)
commit	c6ccb09cee54a7b9d953f58fbb8849fd7d7de6a9
tree	f6575e66a0d917a10c55245ef008f0cdf265a0ae	tree \| snapshot
parent	47388363f69bfbf5ed1816a9367627182ee10e88	commit \| diff

xinetd: CVE-2013-4342

xinetd does not enforce the user and group configuration directives
for TCPMUX services, which causes these services to be run as root
and makes it easier for remote attackers to gain privileges by
leveraging another vulnerability in a service.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4342

the patch come from:
https://bugzilla.redhat.com/attachment.cgi?id=799732&action=diff

Signed-off-by: Li Wang <li.wang@windriver.com>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

meta/recipes-extended/xinetd/xinetd/xinetd-CVE-2013-4342.patch	[new file with mode: 0644]	blob
meta/recipes-extended/xinetd/xinetd_2.3.15.bb		diff \| blob \| history