Yellow Dog Linux Security Announcement
--------------------------------------

Package:	xinetd
Issue Date: 	October 20, 2002	
Priority:	high
Advisory ID: 	YDU-20021020-9


1. 	Topic:

	Updated xinetd packages are available.


2. 	Problem:

	"Xinetd is a secure replacement for inetd, the Internet services daemon.

	Versions 2.3.4 through 2.3.7 of Xinetd leak file descriptors for the signal
	pipe to services that are launched by xinetd. This could allow an attacker
	to execute a DoS attack via the pipe.


	All users are advised to upgrade to the errata packages containing xinetd
	version 2.3.9 which is not vulnerable to this issue.

	This issue was discovered by Solar Designer."
	(from Red Had advisory)


3. 	Solution:

   	a) Updating via apt...
   	We suggest that you use the apt-get program to keep your
   	system up-to-date. The following command(s) will retrieve
   	and install the fixed version of this update onto your system:

		apt-get update
		apt-get install xinetd

   	b) Updating manually...
	Download the updates below and then run the following rpm command.
   	(Please use a mirror site)

		rpm -Fvh [filenames]
		ftp://ftp.yellowdoglinux.com/pub/yellowdog/updates/yellowdog-2.3/
			ppc/xinetd-2.3.9-0.73.3a.ppc.rpm


4. Verification

MD5 checksum			  Package
--------------------------------  ----------------------------
218b1aa59c80092225f9d14eaf75676e  ppc/xinetd-2.3.9-0.73.3a.ppc.rpm
1de42ffa96d6bdf268da5fc0fdb7c848  SRPMS/xinetd-2.3.9-0.73.3a.src.rpm

I wish to verify that each package has not been corrupted or tampered with,
examine the md5sum with the following command: rpm --checksig --nogpg filename


5. Misc.

Terra Soft has setup a moderated mailing list where these security, bugfix, and package
enhancement announcements will be posted. See http://lists.terrasoftsolutions.com/ for more
information.

For information regarding the usage of apt-get, see:
http://www.yellowdoglinux.com/support/solutions/ydl_general/apt-get.shtml