diff options
Diffstat (limited to 'meta/recipes-extended/xinetd/xinetd/xinetd-CVE-2013-4342.patch')
| -rw-r--r-- | meta/recipes-extended/xinetd/xinetd/xinetd-CVE-2013-4342.patch | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/meta/recipes-extended/xinetd/xinetd/xinetd-CVE-2013-4342.patch b/meta/recipes-extended/xinetd/xinetd/xinetd-CVE-2013-4342.patch new file mode 100644 index 0000000000..0542dbe835 --- /dev/null +++ b/meta/recipes-extended/xinetd/xinetd/xinetd-CVE-2013-4342.patch | |||
| @@ -0,0 +1,32 @@ | |||
| 1 | xinetd: CVE-2013-4342 | ||
| 2 | |||
| 3 | xinetd does not enforce the user and group configuration directives | ||
| 4 | for TCPMUX services, which causes these services to be run as root | ||
| 5 | and makes it easier for remote attackers to gain privileges by | ||
| 6 | leveraging another vulnerability in a service. | ||
| 7 | http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4342 | ||
| 8 | |||
| 9 | the patch come from: | ||
| 10 | https://bugzilla.redhat.com/attachment.cgi?id=799732&action=diff | ||
| 11 | |||
| 12 | Signed-off-by: Li Wang <li.wang@windriver.com> | ||
| 13 | --- | ||
| 14 | xinetd/builtins.c | 2 +- | ||
| 15 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
| 16 | |||
| 17 | diff --git a/xinetd/builtins.c b/xinetd/builtins.c | ||
| 18 | index 3b85579..34a5bac 100644 | ||
| 19 | --- a/xinetd/builtins.c | ||
| 20 | +++ b/xinetd/builtins.c | ||
| 21 | @@ -617,7 +617,7 @@ static void tcpmux_handler( const struct server *serp ) | ||
| 22 | if( SC_IS_INTERNAL( scp ) ) { | ||
| 23 | SC_INTERNAL(scp, nserp); | ||
| 24 | } else { | ||
| 25 | - exec_server(nserp); | ||
| 26 | + child_process(nserp); | ||
| 27 | } | ||
| 28 | } | ||
| 29 | |||
| 30 | -- | ||
| 31 | 1.7.9.5 | ||
| 32 | |||