Bugtraq mailing list archives
Re: [Fwd: [RHSA-2002:196-09] Updated xinetd packages fix denial of service vulnerability]
From: Ryan Cleary <tryanc () interdimensions com>
Date: Thu, 5 Dec 2002 17:09:08 -0500 (EST)
On 4 Dec 2002, Dan Rowles wrote:
On October 15th, Redhat sent a post to BugTraq advising users of Xinetd to upgrade to 2.3.9-0.xx Their latest post (3rd December) advises people to "upgrade" to 2.3.7-4.xx Can anyone from RedHat please comment on what people who have already got 2.3.9 installed should do from here? Do we need to force a downgrade, or is 2.3.9 OK? If so, why the second update, and why has the 2.3.9 RPM disappeared from the mirrors?????
I'm not from Red Hat, but I can answer your questions. This confused me, too, until I did some digging in Red Hat's bugzilla. Red Hat is using the "epoch" field in the RPM metadata to allow you to automatically "upgrade" (or freshen) from 2.3.9 (epoch 1) back to 2.3.7 (epoch 2). They rolled back to 2.3.7 because 2.3.9 was leaving stale TCP connections in the CLOSE_WAIT state, according to their bugzilla database: http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=76146 for more info. Ryan Cleary SysAdmin Interdimenions Corp. -- T Ryan Cleary <tryanc () interdimensions com> URL: http://people.interdimensions.com/tryanc PGP: 82 93 32 D7 3A AC C0 8D 34 56 96 CC DA DB 5E 2B
Current thread:
- [Fwd: [RHSA-2002:196-09] Updated xinetd packages fix denial of service vulnerability] Dan Rowles (Dec 05)
- Re: [Fwd: [RHSA-2002:196-09] Updated xinetd packages fix denial of service vulnerability] Ryan Cleary (Dec 05)