Re: [Fwd: [RHSA-2002:196-09] Updated xinetd packages fix denial of service vulnerability]

[Ryan Cleary <tryanc () interdimensions com>]

On 4 Dec 2002, Dan Rowles wrote:

> On October 15th, Redhat sent a post to BugTraq advising users of Xinetd
> to upgrade to 2.3.9-0.xx
>
> Their latest post (3rd December) advises people to "upgrade" to
> 2.3.7-4.xx
>
> Can anyone from RedHat please comment on what people who have already
> got 2.3.9 installed should do from here? Do we need to force a
> downgrade, or is 2.3.9 OK? If so, why the second update, and why has the
> 2.3.9 RPM disappeared from the mirrors?????

I'm not from Red Hat, but I can answer your questions.  This confused me, 
too, until I did some digging in Red Hat's bugzilla.

Red Hat is using the "epoch" field in the RPM metadata to allow you to
automatically "upgrade" (or freshen) from 2.3.9 (epoch 1) back to 2.3.7
(epoch 2).

They rolled back to 2.3.7 because 2.3.9 was leaving stale TCP connections 
in the CLOSE_WAIT state, according to their bugzilla database:
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=76146 for more info.

Ryan Cleary
SysAdmin
Interdimenions Corp.

-- 
T Ryan Cleary <tryanc () interdimensions com>
URL:  http://people.interdimensions.com/tryanc
PGP:  82 93 32 D7 3A AC C0 8D  34 56 96 CC DA DB 5E 2B