xinetd does not enforce the user and group configuration directives for
TCPMUX services, which causes these services to be run as root and makes it
easier for remote attackers to gain privileges by leveraging another
vulnerability in a service.
fix is in xinetd-2.3.15-r2 which may go stable at any time
Stable for HPPA PPC64.
Maintainer(s), please cleanup.
Security, please add it to the existing request, or file a new one.
Arches, Thank you for your work.
New GLSA Request filed.
Maintainer(s), please drop the vulnerable version(s).
vulnerable version 2.3.15-r1 still in tree. Please clean.
Thanks for the report. re: http://gitweb.gentoo.org/repo/gentoo.git/commit/?id=dfb83dec9850f43ad7d9040309de4f7e139ad0e2
This issue was resolved and addressed in
GLSA 201611-06 at https://security.gentoo.org/glsa/201611-06
by GLSA coordinator Aaron Bauman (b-man).