xinetd-2.3.15-11.3 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:10323-1 Final 1 1 2024-06-15T00:00:00Z current 2024-06-15T00:00:00Z 2024-06-15T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z xinetd-2.3.15-11.3 on GA media These are all security issues fixed in the xinetd-2.3.15-11.3 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-10323 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2012-0862/ SUSE CVE CVE-2012-0862 page https://www.suse.com/security/cve/CVE-2013-4342/ SUSE CVE CVE-2013-4342 page openSUSE Tumbleweed xinetd-2.3.15-11.3 xinetd-2.3.15-11.3 as a component of openSUSE Tumbleweed builtins.c in Xinetd before 2.3.15 does not check the service type when the tcpmux-server service is enabled, which exposes all enabled services and allows remote attackers to bypass intended access restrictions via a request to tcpmux port 1. CVE-2012-0862 openSUSE Tumbleweed:xinetd-2.3.15-11.3 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-0862.html CVE-2012-0862 https://bugzilla.suse.com/762294 SUSE Bug 762294 https://bugzilla.suse.com/844230 SUSE Bug 844230 https://bugzilla.suse.com/855685 SUSE Bug 855685 xinetd does not enforce the user and group configuration directives for TCPMUX services, which causes these services to be run as root and makes it easier for remote attackers to gain privileges by leveraging another vulnerability in a service. CVE-2013-4342 openSUSE Tumbleweed:xinetd-2.3.15-11.3 moderate 7.6 AV:N/AC:H/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-4342.html CVE-2013-4342 https://bugzilla.suse.com/844230 SUSE Bug 844230 https://bugzilla.suse.com/855685 SUSE Bug 855685 https://bugzilla.suse.com/882917 SUSE Bug 882917