diff options
-rw-r--r-- | meta/recipes-extended/xinetd/xinetd/xinetd-CVE-2013-4342.patch | 32 | ||||
-rw-r--r-- | meta/recipes-extended/xinetd/xinetd_2.3.15.bb | 1 |
2 files changed, 33 insertions, 0 deletions
diff --git a/meta/recipes-extended/xinetd/xinetd/xinetd-CVE-2013-4342.patch b/meta/recipes-extended/xinetd/xinetd/xinetd-CVE-2013-4342.patch new file mode 100644 index 0000000000..0542dbe835 --- /dev/null +++ b/meta/recipes-extended/xinetd/xinetd/xinetd-CVE-2013-4342.patch | |||
@@ -0,0 +1,32 @@ | |||
1 | xinetd: CVE-2013-4342 | ||
2 | |||
3 | xinetd does not enforce the user and group configuration directives | ||
4 | for TCPMUX services, which causes these services to be run as root | ||
5 | and makes it easier for remote attackers to gain privileges by | ||
6 | leveraging another vulnerability in a service. | ||
7 | http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4342 | ||
8 | |||
9 | the patch come from: | ||
10 | https://bugzilla.redhat.com/attachment.cgi?id=799732&action=diff | ||
11 | |||
12 | Signed-off-by: Li Wang <li.wang@windriver.com> | ||
13 | --- | ||
14 | xinetd/builtins.c | 2 +- | ||
15 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
16 | |||
17 | diff --git a/xinetd/builtins.c b/xinetd/builtins.c | ||
18 | index 3b85579..34a5bac 100644 | ||
19 | --- a/xinetd/builtins.c | ||
20 | +++ b/xinetd/builtins.c | ||
21 | @@ -617,7 +617,7 @@ static void tcpmux_handler( const struct server *serp ) | ||
22 | if( SC_IS_INTERNAL( scp ) ) { | ||
23 | SC_INTERNAL(scp, nserp); | ||
24 | } else { | ||
25 | - exec_server(nserp); | ||
26 | + child_process(nserp); | ||
27 | } | ||
28 | } | ||
29 | |||
30 | -- | ||
31 | 1.7.9.5 | ||
32 | |||
diff --git a/meta/recipes-extended/xinetd/xinetd_2.3.15.bb b/meta/recipes-extended/xinetd/xinetd_2.3.15.bb index 797657083e..0e281722e5 100644 --- a/meta/recipes-extended/xinetd/xinetd_2.3.15.bb +++ b/meta/recipes-extended/xinetd/xinetd_2.3.15.bb | |||
@@ -16,6 +16,7 @@ SRC_URI = "http://www.xinetd.org/xinetd-${PV}.tar.gz \ | |||
16 | file://Various-fixes-from-the-previous-maintainer.patch \ | 16 | file://Various-fixes-from-the-previous-maintainer.patch \ |
17 | file://Disable-services-from-inetd.conf-if-a-service-with-t.patch \ | 17 | file://Disable-services-from-inetd.conf-if-a-service-with-t.patch \ |
18 | file://xinetd-should-be-able-to-listen-on-IPv6-even-in-ine.patch \ | 18 | file://xinetd-should-be-able-to-listen-on-IPv6-even-in-ine.patch \ |
19 | file://xinetd-CVE-2013-4342.patch \ | ||
19 | " | 20 | " |
20 | 21 | ||
21 | SRC_URI[md5sum] = "77358478fd58efa6366accae99b8b04c" | 22 | SRC_URI[md5sum] = "77358478fd58efa6366accae99b8b04c" |