LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Mandriva
User Name
Password
Mandriva This Forum is for the discussion of Mandriva (Mandrake) Linux.

Notices

Reply
 
Search this Thread
Old 11-23-2006, 10:32 AM   #1
eikeland
Member
 
Registered: Nov 2004
Location: Newport, RI, USA
Distribution: Mandriva 2006
Posts: 125

Rep: Reputation: 15
kde broke in Mandriva 2006 when doing security update!


Hi,

I am running Mandriva 2006 x64, and wanted to do a security update for a stack overflow problem that could allow someone to hack into my system. This is the one:
http://www.mandriva.com/security/adv...KSA-2006:164-1

I went to the Control Center + Updates, and searched on xorg-x11. A handful came back, and I selected all of them (the main one had some dependencies). Some packages were pretty big, 20-30MB. Something must have gone wrong during the install, cause when I came back a few hours later, I wasn't even able to log in (unlock) to the desktop again and it gave me an error that a desktop process had to be killed. I killed this process and restarted. Now I only get to the command line prompt (no GUI). If I try to start X, I get this error:
xauth: error while loading shared libraries: libX11.so.6:cannot open shared object file:
No such file or directory.


I have liked Mandriva up until now, but it really bothers me that my system should crash when doing an official security update!

Any suggestions on how fix kde? Can I fix it from the install DVD or maybe upgrade to 2007 (I would think the latter would work).

Thanks
 
Old 11-23-2006, 11:53 AM   #2
jib2
Member
 
Registered: Sep 2003
Location: Paris, France
Distribution: Arch x86_64
Posts: 221

Rep: Reputation: 30
The security advisory you're refering to is for Mdv 2007, not 2006.

Is urpmi configured for Mdv 2006?
 
Old 11-23-2006, 12:17 PM   #3
eikeland
Member
 
Registered: Nov 2004
Location: Newport, RI, USA
Distribution: Mandriva 2006
Posts: 125

Original Poster
Rep: Reputation: 15
Yes, I recently updated my the repositories.
 
Old 11-23-2006, 01:33 PM   #4
jib2
Member
 
Registered: Sep 2003
Location: Paris, France
Distribution: Arch x86_64
Posts: 221

Rep: Reputation: 30
You should check your /etc/urpmi/urpmi.cfg to be sure you didn't misconfigured the repositories with Mdv2007. Look for the 'updates' media.

Code:
$ cat /etc/urpmi/urpmi.cfg | less

Last edited by jib2; 11-23-2006 at 01:36 PM.
 
Old 11-23-2006, 10:15 PM   #5
eikeland
Member
 
Registered: Nov 2004
Location: Newport, RI, USA
Distribution: Mandriva 2006
Posts: 125

Original Poster
Rep: Reputation: 15
No, all my repositories point to 2006.0/x86_64. I know the link I reference above point to 2007, but the same package shows up in 2006, and it reference the same error. I just checked on another machine (2006), and I see the same package. If you have 2006 installed you can verify it. I have installed many other packages without any problems, so that's not the problem.

This is the description from my other machine that's also running 2006, but 32 bit. It's NOT a 2007 problem.
Name: xorg-x11
Version: 6.9.0-5.10.20060mdk
Architecture: i586
Size: 37516 KB
Importance: security

Summary: Part of the X Window System

Reason for update: Local exploitation of an integer overflow vulnerability in the 'CIDAFM()' function in the X.Org and XFree86 X server could allow an attacker to execute arbitrary code with privileges of the X server, typically root (CVE-2006-3739).

Local exploitation of an integer overflow vulnerability in the 'scan_cidfont()' function in the X.Org and XFree86 X server could allow an attacker to execute arbitrary code with privileges of the X server, typically root (CVE-2006-3740).

Updated packages are patched to address this issue.

Description: If you want to install the X Window System (TM) on your machine, you'll need to install X11.

The X Window System provides the base technology for developing graphical user interfaces. Simply stated, X draws the elements of the GUI on the user's screen and builds methods for sending user interactions back to the application. X also supports remote application deployment--running an application on another computer while viewing the input/output on your machine. X is a powerful environment which supports many different applications, such as games, programming tools, graphics programs, text editors, etc.

This package contains the basic fonts, programs and documentation for an X workstation. You will also need the X11-server package, which contains the program which drives your video hardware.

In addition to installing this package, you will need to install the drakxtools package to configure your card using XFdrake. You may also need to install one of the X11 fonts packages.

And finally, if you are going to develop applications that run as X clients, you will also need to install libxorg-x11-devel.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
How do I update to KDE 3.5 in Mandriva 2006 bestseany Mandriva 3 04-01-2006 11:28 PM
LXer: Linux.com weekly security update - February 24, 2006 LXer Syndicated Linux News 0 02-24-2006 02:31 PM
LXer: Linux.com weekly security update - February 17, 2006 LXer Syndicated Linux News 0 02-18-2006 07:01 AM
LXer: Linux.com weekly security update - February 10, 2006 LXer Syndicated Linux News 0 02-10-2006 12:02 PM
LXer: Linux.com weekly security update - February 3, 2006 LXer Syndicated Linux News 0 02-03-2006 11:16 AM


All times are GMT -5. The time now is 06:49 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration