Fix CVE-2013-4342: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4342 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=324678 Patch copied from upstream source repository: https://github.com/xinetd-org/xinetd/commit/91e2401a219121eae15244a6b25d2e79c1af5864 From 91e2401a219121eae15244a6b25d2e79c1af5864 Mon Sep 17 00:00:00 2001 From: Thomas Swan Date: Wed, 2 Oct 2013 23:17:17 -0500 Subject: [PATCH] CVE-2013-4342: xinetd: ignores user and group directives for TCPMUX services Originally reported to Debian in 2005 and rediscovered , xinetd would execute TCPMUX services without dropping privilege to match the service configuration allowing the service to run with same privilege as the xinetd process (root). --- xinetd/builtins.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xinetd/builtins.c b/xinetd/builtins.c index 3b85579..34a5bac 100644 --- a/xinetd/builtins.c +++ b/xinetd/builtins.c @@ -617,7 +617,7 @@ static void tcpmux_handler( const struct server *serp ) if( SC_IS_INTERNAL( scp ) ) { SC_INTERNAL(scp, nserp); } else { - exec_server(nserp); + child_process(nserp); } } -- 2.7.4 >treecommitdiff
path: root/gnu/system/uuid.scm
AgeCommit message (Expand)Author
2023-06-18uuid: Fix NTFS UUID stringification....Previously, (ntfs-uuid->string (string->ntfs-uuid"5234ED0D34ECF53F")) would yield "5234EDD34ECF53F". Reported by sughosha in #guix. * gnu/system/uuid.scm (ntfs-uuid->string): Pad hex bytes with zero when needed. Tobias Geerinckx-Rice