A fix for TurboLinux 2.0 USA and 2.0 Japanese to fix the 'sioux' DOS attack in Apache can be found at: ftp://ftp.pht.com/pub/turbolinux-2.0-updates/i386/apache-1.3.1-6TL.i386.rpm ftp://ftp.pht.com/pub/turbolinux-2.0-updates/SRPMS/apache-1.3.1-6TL.src.rpm After installing this update, make sure to stop and restart apache, either using xturboservice or manually from the commandline: /etc/rc.d/init.d/httpd stop (sometimes you must do that twice to get all the processes) /etc/rc.d/init.d/httpd start Proper behavior after this update is applied is for the 'sioux' exploit program to simply report 'broken pipe' and exit, with no adverse effects on the server side. -------------------------------------------------- Scott M. Stone <sstoneat_private, sstoneat_private> <sstoneat_private> Head of TurboLinux Development/Systems Administrator Pacific HiTech, Inc (USA) / Pacific HiTech, KK (Japan) http://www.pht.com http://armadillo.pht.co.jp http://www.pht.co.jp http://www.turbolinux.com
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:11:56 PDT