[<prev] [next>] [thread-next>] [month] [year] [list]
Date: Fri, 13 Dec 2002 13:12:39 +0300
From: Solar Designer <solar@...nwall.com>
To: Steve G <linux_4ever@...oo.com>
Subject: Re: [Fwd: [RHSA-2002:196-09] Updated xinetd packages fix denial of service vulnerability]
Hi Steve,
Perhaps you're aware of whether this is fixed in development versions
and what the fix was?
On Fri, Dec 13, 2002 at 03:15:33AM +0300, Dmitry V. Levin wrote:
> On Thu, Dec 05, 2002 at 05:09:08PM -0500, Ryan Cleary wrote:
> > On 4 Dec 2002, Dan Rowles wrote:
> [...]
> > Red Hat is using the "epoch" field in the RPM metadata to allow you to
> > automatically "upgrade" (or freshen) from 2.3.9 (epoch 1) back to 2.3.7
> > (epoch 2).
> >
> > They rolled back to 2.3.7 because 2.3.9 was leaving stale TCP connections
> > in the CLOSE_WAIT state, according to their bugzilla database:
> > http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=76146 for more info.
>
> There is a real problem with hanging file descriptors which makes 2.3.9
> unusable on production servers (just tested on ftp.altlinux.com).
>
> More over, xinetd passes these hundreds of descriptors to spawned children. :(
>
> Any ideas?
>
>
> --
> ldv
--
/sd
Please check out the
xvendor mailing list charter.
Hosted by DataForce ISP -
Powered by Openwall GNU/*/Linux