[CentOS] Heads up: Bugged update xorg-x11-server-utils-7.1-5.el5_6.1 upcoming

Tue Apr 19 11:21:50 UTC 2011
Johnny Hughes <johnny at centos.org>

On 04/18/2011 09:02 AM, Leonard den Ottolander wrote:
> Hello Jim,
> 
> On Mon, 2011-04-18 at 07:40 -0400, Jim Perrin wrote:
>> Have you tested these updates to see if you have experienced any
>> issue? Documenting symptoms people should watch for so that they can
>> make their own decisions is far better than simply recommending that
>> you exclude the update entirely.
> 
> A description of the symptoms can be found in the upstream bug report
> for which a link can be found in the forum thread. Perhaps I should have
> linked the upstream report and I agree I should have mentioned the
> symptoms.
> 
> https://bugzilla.redhat.com/show_bug.cgi?id=695603
> 
> "xrdb in the xorg-x11-server-utils-7.1-5.el5_6.1.x86_64 package passes
> broken defines through sh to cpp causing sh to fail parsing the command
> line, thus failing to preprocess the xresources file passed and not
> loading anything."
> 
> It was discussed in the thread about the glibc breakage that my wording
> should be more careful and definitely less general, but as always,
> people can always make their own decisions, but you cannot anticipate on
> issues you aren't aware of.
> 
>> Recommending that people exclude
>> something that may or may not impact them simply on the basis of one
>> thread in the forums probably isn't the best approach.
> 
> If I read the upstream advisory
> https://rhn.redhat.com/errata/RHSA-2011-0433.html correctly this update
> contains a fix for a single vulnerability for xrdb. No other binaries
> are affected. All it does is replace a vulnerable but functional binary
> with a non functional version causing the Xresources not to be loaded.
> 
> Also the exclude option I suggest is version specific, which means you
> do not run the risk of not receiving future updates of this package.

It also seems this is fixed by this update:

http://rhn.redhat.com/errata/RHBA-2011-0454.html



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 253 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20110419/51931f34/attachment-0005.sig>