[CentOS] Heads up: Bugged update xorg-x11-server-utils-7.1-5.el5_6.1 upcoming

Mon Apr 18 14:02:31 UTC 2011
Leonard den Ottolander <leonard at den.ottolander.nl>

Hello Jim,

On Mon, 2011-04-18 at 07:40 -0400, Jim Perrin wrote:
> Have you tested these updates to see if you have experienced any
> issue? Documenting symptoms people should watch for so that they can
> make their own decisions is far better than simply recommending that
> you exclude the update entirely.

A description of the symptoms can be found in the upstream bug report
for which a link can be found in the forum thread. Perhaps I should have
linked the upstream report and I agree I should have mentioned the
symptoms.

https://bugzilla.redhat.com/show_bug.cgi?id=695603

"xrdb in the xorg-x11-server-utils-7.1-5.el5_6.1.x86_64 package passes
broken defines through sh to cpp causing sh to fail parsing the command
line, thus failing to preprocess the xresources file passed and not
loading anything."

It was discussed in the thread about the glibc breakage that my wording
should be more careful and definitely less general, but as always,
people can always make their own decisions, but you cannot anticipate on
issues you aren't aware of.

> Recommending that people exclude
> something that may or may not impact them simply on the basis of one
> thread in the forums probably isn't the best approach.

If I read the upstream advisory
https://rhn.redhat.com/errata/RHSA-2011-0433.html correctly this update
contains a fix for a single vulnerability for xrdb. No other binaries
are affected. All it does is replace a vulnerable but functional binary
with a non functional version causing the Xresources not to be loaded.

Also the exclude option I suggest is version specific, which means you
do not run the risk of not receiving future updates of this package.

Regards,
Leonard.

-- 
mount -t life -o ro /dev/dna /genetic/research