Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Fri, 13 Dec 2002 13:12:39 +0300
From: Solar Designer <solar@...nwall.com>
To: Steve G <linux_4ever@...oo.com>
Cc: "Dmitry V. Levin" <ldv@...linux.org>, xvendor@...ts.openwall.com
Subject: Re: [Fwd: [RHSA-2002:196-09] Updated xinetd packages fix denial of service vulnerability]

Hi Steve,

Perhaps you're aware of whether this is fixed in development versions
and what the fix was?

On Fri, Dec 13, 2002 at 03:15:33AM +0300, Dmitry V. Levin wrote:
> On Thu, Dec 05, 2002 at 05:09:08PM -0500, Ryan Cleary wrote:
> > On 4 Dec 2002, Dan Rowles wrote:
> [...]
> > Red Hat is using the "epoch" field in the RPM metadata to allow you to
> > automatically "upgrade" (or freshen) from 2.3.9 (epoch 1) back to 2.3.7
> > (epoch 2).
> > 
> > They rolled back to 2.3.7 because 2.3.9 was leaving stale TCP connections 
> > in the CLOSE_WAIT state, according to their bugzilla database:
> > http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=76146 for more info.
> 
> There is a real problem with hanging file descriptors which makes 2.3.9
> unusable on production servers (just tested on ftp.altlinux.com).
> 
> More over, xinetd passes these hundreds of descriptors to spawned children. :(
> 
> Any ideas?
> 
> 
> --
> ldv

-- 
/sd

Powered by blists - more mailing lists

Your e-mail address:

Please check out the xvendor mailing list charter.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ