From Mageia wiki
MGASA-2012-0123
| Date: | June 20th, 2012 |
| Affected releases: | 1, 2 |
Description:
Updated xinetd packages fix security vulnerability:
builtins.c in Xinetd before 2.3.15 does not check the service type
when the tcpmux-server service is enabled, which exposes all enabled
services and allows remote attackers to bypass intended access
restrictions via a request to tcpmux port 1 (CVE-2012-0862).
Updated Packages:
Mageia 1:
xinetd-2.3.15-1.mga1
xinetd-simple-services-2.3.15-1.mga1
Mageia 2:
xinetd-2.3.15-1.mga2
xinetd-simple-services-2.3.15-1.mga2
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0862
http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081428.html
https://bugs.mageia.org/show_bug.cgi?id=6163
