RHBA-2011:0827 - Bug Fix Advisory

Topic

An updated xinetd package that fixes several bugs is now available.

Description

The xinetd daemon is a secure replacement for inetd, the Internet services
daemon. It provides access control for all services based on the address of
the remote host and/or on time of access, and can prevent denial of service
attacks.

This update fixes the following bugs:

• The xinetd.log man page was in the wrong man section, and has been moved

to the correct one. The command "man 5 xinetd.log" now works as expected.
(BZ#428811)

• When a log file of an xinetd-controlled service exceeded the size limit

specified in its configuration file, xinetd terminated unexpectedly with a
segmentation fault. With this update, a patch has been applied to address
this issue, and the xinetd daemon no longer crashes. (BZ#438986)

• The xinetd.init script did not set its return value correctly when

invoked with the "status" argument. This update fixes this issue by making
the xinetd.init script return values compatible with Linux Standard Base
Core Specification 3.2. (BZ#498119)

• Under certain circumstances the xinetd daemon could hang (for example,

when trying to acquire an already acquired lock for writing to its log
file) when an unexpected signal arrived. As of this update the daemon
handles unexpected signals as expected and the hangs no longer occur.
(BZ#501604)

• The xinetd daemon ignored the "port" line of the service configuration

file, so it was impossible to bind some rpc services to a specific port.
This update addresses this issue and the xinetd daemon now handles the port
number appropriately. (BZ#624800)

• This update includes a patch that fixes the compiler warning

"dereferencing type-punned pointer will break strict-aliasing rules".
(BZ#695674)

All xinetd users are advised to upgrade to this updated package, which
addresses these bugs.

Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Affected Products

• Red Hat Enterprise Linux Server 5 x86_64
• Red Hat Enterprise Linux Server 5 ia64
• Red Hat Enterprise Linux Server 5 i386
• Red Hat Enterprise Linux Workstation 5 x86_64
• Red Hat Enterprise Linux Workstation 5 i386
• Red Hat Enterprise Linux Desktop 5 x86_64
• Red Hat Enterprise Linux Desktop 5 i386
• Red Hat Enterprise Linux for IBM z Systems 5 s390x
• Red Hat Enterprise Linux for Power, big endian 5 ppc
• Red Hat Enterprise Linux Server from RHUI 5 x86_64
• Red Hat Enterprise Linux Server from RHUI 5 i386

Fixes

• BZ - 428811 - xinetd.log man page in wrong section
• BZ - 438986 - RHEL4 SIGSEGV in xinetd when application's logfile hit size limit
• BZ - 498119 - xinetd init script 'status' does not set return value
• BZ - 501604 - xinetd can hang while processing unknown signal
• BZ - 624800 - bind rpc service to specific port
• BZ - 695674 - warning: dereferencing type-punned pointer will break strict-aliasing rules

CVEs

(none)

References

(none)