Yellow Dog Linux Security Announcement -------------------------------------- Package: xinetd Issue Date: December 27, 2002 Priority: medium Advisory ID: YDU-20021227-10 1. Topic: Updated xinetd packages are available. 2. Problem: "Xinetd contains a denial-of-service (DoS) vulnerability. Updated packages are available to fix issues encountered with the previous errata packages. Xinetd is a secure replacement for inetd, the Internet services daemon. Versions of Xinetd prior to 2.3.7 leak file descriptors for the signal pipe to services that are launched by xinetd. This could allow an attacker to execute a DoS attack via the pipe. The Common Vulnerabilities and Exposures project has assigned the name CAN-2002-0871 to this issue." (from Red Hat advisory) 3. Solution: a) Updating via apt... We suggest that you use the apt-get program to keep your system up-to-date. The following command(s) will retrieve and install the fixed version of this update onto your system: apt-get update apt-get install xinetd b) Updating manually... Download the updates below and then run the following rpm command. (Please use a mirror site) rpm -Fvh [filenames] ftp://ftp.yellowdoglinux.com/pub/yellowdog/updates/yellowdog-2.3/ ppc/xinetd-2.3.9-0.73.3a.ppc.rpm 4. Verification MD5 checksum Package -------------------------------- ---------------------------- 218b1aa59c80092225f9d14eaf75676e ppc/xinetd-2.3.9-0.73.3a.ppc.rpm 1de42ffa96d6bdf268da5fc0fdb7c848 SRPMS/xinetd-2.3.9-0.73.3a.src.rpm I wish to verify that each package has not been corrupted or tampered with, examine the md5sum with the following command: rpm --checksig --nogpg filename 5. Misc. Terra Soft has setup a moderated mailing list where these security, bugfix, and package enhancement announcements will be posted. See http://lists.terrasoftsolutions.com/ for more information. For information regarding the usage of apt-get, see: http://www.yellowdoglinux.com/support/solutions/ydl_general/apt-get.shtml