openSUSE alert openSUSE-SU-2014:0494-1 (xinetd)

From:
    	     
 
opensuse-security@opensuse.org 
To:
    	     
 
opensuse-updates@opensuse.org 
Subject:
    	     
 
openSUSE-SU-2014:0494-1: moderate: xinetd for tcpmux service 
Date:
    	     
 
Tue,  8 Apr 2014 21:04:50 +0200 (CEST)
Message-ID:
    	     
 
<20140408190450.33DA2320A0@maintenance.suse.de>
   openSUSE Security Update: xinetd for tcpmux service
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2014:0494-1
Rating:             moderate
References:         #726737 #762294 #844230 #855685 
Cross-References:   CVE-2012-0862 CVE-2013-4342
Affected Products:
                    openSUSE 11.4
______________________________________________________________________________

   An update that solves two vulnerabilities and has two fixes
   is now available.

Description:

   xinetd was updated to receive security fixes and a bug fix.

   Security issues fixed:
   * CVE-2013-4342 (bnc#844230)
   - xinetd ignored user and group directives for tcpmux
   services
   * CVE-2012-0862 (bnc#762294)
   - xinetd enabled all services when tcp multiplexing is
   used

   Also added support for setting maximum number of open files
   (bnc#855685).


Patch Instructions:

   To install this openSUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - openSUSE 11.4:

      zypper in -t patch 2014-43

   To bring your system up-to-date, use "zypper patch".


Package List:

   - openSUSE 11.4 (i586 x86_64):

      xinetd-2.3.14-155.1
      xinetd-debuginfo-2.3.14-155.1
      xinetd-debugsource-2.3.14-155.1


References:

   http://support.novell.com/security/cve/CVE-2012-0862.html
   http://support.novell.com/security/cve/CVE-2013-4342.html
   https://bugzilla.novell.com/726737
   https://bugzilla.novell.com/762294
   https://bugzilla.novell.com/844230
   https://bugzilla.novell.com/855685