2 files changed, 33 insertions, 0 deletions
diff --git a/meta/recipes-extended/xinetd/xinetd/xinetd-CVE-2013-4342.patch b/meta/recipes-extended/xinetd/xinetd/xinetd-CVE-2013-4342.patch
new file mode 100644
index 0000000000..0542dbe835
--- /dev/null
+++ b/meta/recipes-extended/xinetd/xinetd/xinetd-CVE-2013-4342.patch
@@ -0,0 +1,32 @@
+xinetd: CVE-2013-4342
+xinetd does not enforce the user and group configuration directives
+for TCPMUX services, which causes these services to be run as root
+and makes it easier for remote attackers to gain privileges by
+leveraging another vulnerability in a service.
+http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4342
+the patch come from:
+https://bugzilla.redhat.com/attachment.cgi?id=799732&action=diff
+Signed-off-by: Li Wang <li.wang@windriver.com>
+---
+ xinetd/builtins.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+diff --git a/xinetd/builtins.c b/xinetd/builtins.c
+index 3b85579..34a5bac 100644
+--- a/xinetd/builtins.c
+++ b/xinetd/builtins.c
+@@ -617,7 +617,7 @@ static void tcpmux_handler( const struct server *serp )
+    if( SC_IS_INTERNAL( scp ) ) {
+       SC_INTERNAL(scp, nserp);
+    } else {
+-      exec_server(nserp);
+      child_process(nserp);
+    }
+ }
+ 
+-- 
+1.7.9.5
diff --git a/meta/recipes-extended/xinetd/xinetd_2.3.15.bb b/meta/recipes-extended/xinetd/xinetd_2.3.15.bb
index 797657083e..0e281722e5 100644
--- a/meta/recipes-extended/xinetd/xinetd_2.3.15.bb
+++ b/meta/recipes-extended/xinetd/xinetd_2.3.15.bb
@@ -16,6 +16,7 @@ SRC_URI = "http://www.xinetd.org/xinetd-${PV}.tar.gz \
      file://Various-fixes-from-the-previous-maintainer.patch \
      file://Disable-services-from-inetd.conf-if-a-service-with-t.patch \
      file://xinetd-should-be-able-to-listen-on-IPv6-even-in-ine.patch \
+      file://xinetd-CVE-2013-4342.patch \
      "
 SRC_URI[md5sum] = "77358478fd58efa6366accae99b8b04c"

diff --git a/meta/recipes-extended/xinetd/xinetd/xinetd-CVE-2013-4342.patch b/meta/recipes-extended/xinetd/xinetd/xinetd-CVE-2013-4342.patch new file mode 100644 index 0000000000..0542dbe835 --- /dev/null +++ b/meta/recipes-extended/xinetd/xinetd/xinetd-CVE-2013-4342.patch
@@ -0,0 +1,32 @@
		1	xinetd: CVE-2013-4342
		2
		3	xinetd does not enforce the user and group configuration directives
		4	for TCPMUX services, which causes these services to be run as root
		5	and makes it easier for remote attackers to gain privileges by
		6	leveraging another vulnerability in a service.
		7	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4342
		8
		9	the patch come from:
		10	https://bugzilla.redhat.com/attachment.cgi?id=799732&action=diff
		11
		12	Signed-off-by: Li Wang <li.wang@windriver.com>
		13	---
		14	xinetd/builtins.c \| 2 +-
		15	1 file changed, 1 insertion(+), 1 deletion(-)
		16
		17	diff --git a/xinetd/builtins.c b/xinetd/builtins.c
		18	index 3b85579..34a5bac 100644
		19	--- a/xinetd/builtins.c
		20	+++ b/xinetd/builtins.c
		21	@@ -617,7 +617,7 @@ static void tcpmux_handler( const struct server *serp )
		22	if( SC_IS_INTERNAL( scp ) ) {
		23	SC_INTERNAL(scp, nserp);
		24	} else {
		25	- exec_server(nserp);
		26	+ child_process(nserp);
		27	}
		28	}
		29
		30	--
		31	1.7.9.5
		32


diff --git a/meta/recipes-extended/xinetd/xinetd_2.3.15.bb b/meta/recipes-extended/xinetd/xinetd_2.3.15.bb index 797657083e..0e281722e5 100644 --- a/meta/recipes-extended/xinetd/xinetd_2.3.15.bb +++ b/meta/recipes-extended/xinetd/xinetd_2.3.15.bb
@@ -16,6 +16,7 @@ SRC_URI = "http://www.xinetd.org/xinetd-${PV}.tar.gz \
16	file://Various-fixes-from-the-previous-maintainer.patch \	16	file://Various-fixes-from-the-previous-maintainer.patch \
17	file://Disable-services-from-inetd.conf-if-a-service-with-t.patch \	17	file://Disable-services-from-inetd.conf-if-a-service-with-t.patch \
18	file://xinetd-should-be-able-to-listen-on-IPv6-even-in-ine.patch \	18	file://xinetd-should-be-able-to-listen-on-IPv6-even-in-ine.patch \
		19	file://xinetd-CVE-2013-4342.patch \
19	"	20	"
20		21
21	SRC_URI[md5sum] = "77358478fd58efa6366accae99b8b04c"	22	SRC_URI[md5sum] = "77358478fd58efa6366accae99b8b04c"