SCIENTIFIC-LINUX-DEVEL Archives

July 2012

SCIENTIFIC-LINUX-DEVEL@LISTSERV.FNAL.GOV

Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
From:
David Crick <[log in to unmask]>
Reply To:
David Crick <[log in to unmask]>
Date:
Tue, 10 Jul 2012 13:34:09 +0100
Content-Type:
text/plain
Parts/Attachments:
text/plain (132 lines)
This update caused one of my machines not to launch X.

Pulling the recent batch of 6.3 security updates:

Machine A:
# yum clean all
# yum update

everything went through fine.  Re-boot for good luck
and all as normal.


Machine B:
# yum clean all
# yum update

dependancy conflict between xorg-x11-server and
gnome-screensaver

# yum --skip-broken
# yum update

everything else is updated

# yum --remove gnome-screensaver
# yum update

 xorg-x11-server is now updated

reboot.... and won't go beyond starting mouse
console services; X is not launched.

switch to a TTY:

# yum downgrade xorg-x11-server
# reboot

now working again, with the older xorg-x11-server.


Machine A *also* had gnome-screensaver
installed, but it *didn't* kick up a dependancy
conflict.

Both machines running SL6.2 x86_64


On Mon, Jul 9, 2012 at 4:00 PM,  <[log in to unmask]> wrote:
> Synopsis:    Low: xorg-x11-server security and bug fix update
> Issue Date:  2012-06-20
> CVE Numbers: CVE-2011-4029
>              CVE-2011-4028
>
>
> X.Org is an open source implementation of the X Window System. It provides
> the basic low-level functionality that full-fledged graphical user
> interfaces are designed upon.
>
> A flaw was found in the way the X.Org server handled lock files. A local
> user with access to the system console could use this flaw to determine the
> existence of a file in a directory not accessible to the user, via a
> symbolic link attack. (CVE-2011-4028)
>
> A race condition was found in the way the X.Org server managed temporary
> lock files. A local attacker could use this flaw to perform a symbolic link
> attack, allowing them to make an arbitrary file world readable, leading to
> the disclosure of sensitive information. (CVE-2011-4029)
>
>
> This update also fixes the following bugs:
>
> * Prior to this update, the KDE Display Manager (KDM) could pass invalid
> 24bpp pixmap formats to the X server. As a consequence, the X server could
> unexpectedly abort. This update modifies the underlying code to pass the
> correct formats.
>
> * Prior to this update, absolute input devices, like the stylus of a
> graphic tablet, could become unresponsive in the right-most or bottom-most
> screen if the X server was configured as a multi-screen setup through
> multiple "Device" sections in the xorg.conf file. This update changes the
> screen crossing behavior so that absolute devices are always mapped across
> all screens.
>
> * Prior to this update, the misleading message "Session active, not
> inhibited, screen idle. If you see this test, your display server is broken
> and you should notify your distributor." could be displayed after resuming
> the system or re-enabling the display, and included a URL to an external
> web page. This update removes this message.
>
> * Prior to this update, the erroneous input handling code of the Xephyr
> server disabled screens on a screen crossing event. The focus was only on
> the screen where the mouse was located and only this screen was updated
> when the Xephyr nested X server was configured in a multi-screen setup.
> This update removes this code and Xephyr now correctly updates screens in
> multi-screen setups.
>
> * Prior to this update, raw events did not contain relative axis values. As
> a consequence, clients which relied on relative values for functioning did
> not behave as expected. This update sets the values to the original driver
> values instead of the already transformed values. Now, raw events contain
> relative axis values as expected.
>
> All users of xorg-x11-server are advised to upgrade to these updated
> packages, which correct these issues. All running X.Org server instances
> must be restarted for this update to take effect.
>
> SL6:
>   i386
>      xorg-x11-server-common-1.10.6-1.sl6.i686.rpm
>      xorg-x11-server-debuginfo-1.10.6-1.sl6.i686.rpm
>      xorg-x11-server-devel-1.10.6-1.sl6.i686.rpm
>      xorg-x11-server-Xdmx-1.10.6-1.sl6.i686.rpm
>      xorg-x11-server-Xephyr-1.10.6-1.sl6.i686.rpm
>      xorg-x11-server-Xnest-1.10.6-1.sl6.i686.rpm
>      xorg-x11-server-Xorg-1.10.6-1.sl6.i686.rpm
>      xorg-x11-server-Xvfb-1.10.6-1.sl6.i686.rpm
>   noarch
>      xorg-x11-server-source-1.10.6-1.sl6.noarch.rpm
>   x86_64
>      xorg-x11-server-common-1.10.6-1.sl6.x86_64.rpm
>      xorg-x11-server-debuginfo-1.10.6-1.sl6.i686.rpm
>      xorg-x11-server-debuginfo-1.10.6-1.sl6.x86_64.rpm
>      xorg-x11-server-devel-1.10.6-1.sl6.i686.rpm
>      xorg-x11-server-devel-1.10.6-1.sl6.x86_64.rpm
>      xorg-x11-server-Xdmx-1.10.6-1.sl6.x86_64.rpm
>      xorg-x11-server-Xephyr-1.10.6-1.sl6.x86_64.rpm
>      xorg-x11-server-Xnest-1.10.6-1.sl6.x86_64.rpm
>      xorg-x11-server-Xorg-1.10.6-1.sl6.x86_64.rpm
>      xorg-x11-server-Xvfb-1.10.6-1.sl6.x86_64.rpm
>
> - Scientific Linux Development Team

ATOM RSS1 RSS2