User: Password:
|
|
Subscribe / Log in / New account

Security advisories for Friday

[Posted January 18, 2008 by ris]

Debian has updated xorg-server (multiple vulnerabilities).

Red Hat has updated xorg-x11 (multiple vulnerabilities), xorg-x11-server (multiple vulnerabilities), libXfont (buffer overflow), XFree86 (multiple vulnerabilities).

Ubuntu has updated libxfont, xorg-server (multiple vulnerabilities).

(Log in to post comments)

Watch out for Ubuntu and Debian xorg-server

Posted Jan 18, 2008 20:28 UTC (Fri) by rfunk (subscriber, #4054) [Link]

Once again, Ubuntu seems to have messed up an X server update. At least Java apps are broken, possibly wxWidgets (or whatever it's called now) apps too. Debian may have the same problem.

Watch out for Ubuntu and Debian xorg-server

Posted Jan 18, 2008 20:39 UTC (Fri) by rfunk (subscriber, #4054) [Link] 

Oh, and it also breaks nVidia drivers due to a symlink issue.

The good news is that Ubuntu has withdrawn the bad package, is working on 
an "undo" package, then a fix and a QA review.

Watch out for Ubuntu and Debian xorg-server

Posted Jan 19, 2008 12:07 UTC (Sat) by cortana (subscriber, #24596) [Link] 

The NVIDIA symlink issue is unavoidable due to the way that NVIDIA's drivers carelessly
overwrite files (such as libGL) owned by other packages.

I suspect that those using Debian's official pakages of the NVIDIA drivers won't have this
issue:

$ /usr/sbin/dpkg-divert --list 
diversion of /usr/lib/libGL.so.1 to /usr/lib/nvidia/libGL.so.1.xlibmesa by nvidia-glx
diversion of /usr/lib/libGL.so.1.2 to /usr/lib/nvidia/libGL.so.1.2.xlibmesa by nvidia-glx
diversion of /usr/bin/perldoc to /usr/bin/perldoc.stub by perl-doc
diversion of /usr/lib/xorg/modules/extensions/libGLcore.a to
/usr/lib/nvidia/libGLcore.a.xlibmesa by nvidia-glx
diversion of /usr/lib/xorg/modules/extensions/libglx.a to /usr/lib/nvidia/libglx.a.xlibmesa by
nvidia-glx
diversion of /usr/lib/xorg/modules/extensions/libglx.so to /usr/lib/nvidia/libglx.so.xlibmesa
by nvidia-glx
diversion of /usr/lib/libGL.so to /usr/lib/nvidia/libGL.so.xlibmesa by nvidia-glx
diversion of /usr/lib/xorg/modules/extensions/libGLcore.so to
/usr/lib/nvidia/libGLcore.so.xlibmesa by nvidia-glx
diversion of /usr/lib/xorg/modules/libwfb.so to /usr/lib/nvidia/libwfb.so.xserver-xorg-core by
nvidia-glx

i.e., the nvidia-glx package diverts the files that NVIDIA's drivers want to overwrite out of
the way, so that future upgrades don't re-overwrite them.

When will NVIDIA fix their drivers to make use of DRM?, making this ugly and error-prone
diversion process un-necessary? Even ATI have managed to do so with recent versions of fglrx!

Watch out for Ubuntu and Debian xorg-server

Posted Jan 18, 2008 23:00 UTC (Fri) by jcristau (subscriber, #41237) [Link] 

this isn't ubuntu-specific at all.  all distros used the same upstream patch, which introduced
a regression, and which has been fixed today.

Watch out for Ubuntu and Debian xorg-server

Posted Jan 19, 2008 17:39 UTC (Sat) by ArbitraryConstant (guest, #42725) [Link] 

IMO, any distro that incorporates a patch with a regression that bad has failed to do adequate
regression testing. If multiple distros missed it, that doesn't excuse it, it means they all
dropped the ball.


Copyright © 2008, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds