MDKSA-2001:055-1
- Package name
- xinetd
- Date
- 2001-07-05
- Advisory ID
- MDKSA-2001:055-1
- Affected versions
- 8.0 i586 , SNF7.2 i586 , 7.2 i586
Problem description
A bug exists in xinetd as shipped with Mandrake Linux 8.0 dealing with TCP connections with the WAIT state that prevents linuxconf-web from working properly. As well, xinetd contains a security flaw in which it defaults to a umask of 0. This means that applications using the xinetd umask that do not set permissions themselves (like SWAT, a web configuration tool for Samba), will create world writable files. This update sets the default umask to 022. Update: This update forces the TMPDIR to /tmp instead of obtaining it from the root user by default, which uses /root/tmp. As well, this version of xinetd also fixed a possible buffer overflow in the logging code that was reported by zen-parse on bugtraq, but was not mentioned in the previous advisory.
Updated packages
8.0 i586
d9e1bdc5a29712a75608c4753f6d6490 8.0/RPMS/xinetd-2.3.0-1.1mdk.i586.rpm 9f95def40b777f13fc8339bf321b9547 8.0/RPMS/xinetd-ipv6-2.3.0-1.1mdk.i586.rpm 5820ae84905e550320601fe422a9a1b4 8.0/SRPMS/xinetd-2.3.0-1.1mdk.src.rpm
SNF7.2 i586
681f8a35afdaea2781d4fc32d93993ab snf7.2/RPMS/xinetd-2.3.0-1.2mdk.i586.rpm 1b3650c4d3bf4f110a795639fbf4000b snf7.2/SRPMS/xinetd-2.3.0-1.2mdk.src.rpm
7.2 i586
681f8a35afdaea2781d4fc32d93993ab 7.2/RPMS/xinetd-2.3.0-1.2mdk.i586.rpm 1b3650c4d3bf4f110a795639fbf4000b 7.2/SRPMS/xinetd-2.3.0-1.2mdk.src.rpm