xinetd - pipe exposure

Solar Designer found a vulnerability in xinetd, a replacement for the
BSD derived inetd. File descriptors for the signal pipe introduced in
version 2.3.4 are leaked into services started from xinetd. The
descriptors could be used to talk to xinetd resulting in crashing it
entirely. This is usually called a denial of service.

This problem has been fixed by the package maintainer in version
2.3.4-1.2 for the current stable distribution (woody) and in version
2.3.7-1 for the unstable distribution (sid). The old stable
distribution (potato) is not affected, since it doesn’t contain the
signal pipe.

We recommend that you upgrade your xinetd packages.