Mailinglist Archive: opensuse (2391 mails)
| < Previous | Next > |
Re: [opensuse] kdebase3-3.5.7-87.5 Update on x86-64 -- Normal user Login Freeze, root - OK
- From: Satoru Matsumoto <helios_reds@xxxxxxx>
- Date: Sun, 11 May 2008 03:06:41 +0900
- Message-id: <4825E431.3020500@xxxxxxx>
David C. Rankin wrote:
I met the same trouble in openSUSE 10.3 i386 environment on my laptop.
The problem was triggered by updating "kdelibs3*" packages to version
3.5.7-72.9 or later and I think it is related to the issue CVE-2008-1671:
start_kdeinit in KDE 3.5.5 through 3.5.9, when installed setuid root,
allows local users to cause a denial of service and possibly execute
arbitrary code via "user-influenceable input" (probably command-line
arguments) that cause start_kdeinit to send SIGUSR1 signals to other
processes.
http://www.suse.de/~meissner/cve/CVE-2008-1671.html
I downgraded "kdelibs3*" packages to version 3.5.7-72.6, which I found
in the "Updates" repository, and the problem isn't reproduced.
On the other hand, I have other desktops, on which I installed openSUSE
10.3 i386 and x86_64, and in those environments, the problem isn't
reproduced by updating "kdelibs3*" packages to version 3.5.7-72.9
though. So, the problem was provided not only by updating "kdelibs3*"
packages, but also by other conditions, which is not specified yet.
--
□●□ _/_/_/ To be Happy! _/_/_/
□□● _/_/ Satoru Matsumoto _/_/
●●● _/ helios_reds@xxxxxxx _/
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx
I updated to the latest KDE last night from openSuSE BuildService on a x86-64 machine via yast and seem to have picked up a bug doing it. Graphics card is a ATI Radeon 9600 utilizing the 8.471-1 fglrx driver build. All worked fine before the update. After the update, normal users can no longer start KDE, but root can start KDE just fine. For a normal user, KDE startup first appears to be working fine. The splash screen appears with the little rotating circle and there is hard drive activity.
However, KDE startup freezes when the first splash screen (with the animation) is replaced by the next green splash screen (no animation). This isn't a hard lockup because the mouse pointer still responds and ctrl+alt+backspace returns you to the kdm login. All other desktops continue to work fine (xfce4, etc..) so this appears to be a pure KDE issue.
I met the same trouble in openSUSE 10.3 i386 environment on my laptop.
The problem was triggered by updating "kdelibs3*" packages to version
3.5.7-72.9 or later and I think it is related to the issue CVE-2008-1671:
start_kdeinit in KDE 3.5.5 through 3.5.9, when installed setuid root,
allows local users to cause a denial of service and possibly execute
arbitrary code via "user-influenceable input" (probably command-line
arguments) that cause start_kdeinit to send SIGUSR1 signals to other
processes.
http://www.suse.de/~meissner/cve/CVE-2008-1671.html
I downgraded "kdelibs3*" packages to version 3.5.7-72.6, which I found
in the "Updates" repository, and the problem isn't reproduced.
On the other hand, I have other desktops, on which I installed openSUSE
10.3 i386 and x86_64, and in those environments, the problem isn't
reproduced by updating "kdelibs3*" packages to version 3.5.7-72.9
though. So, the problem was provided not only by updating "kdelibs3*"
packages, but also by other conditions, which is not specified yet.
--
□●□ _/_/_/ To be Happy! _/_/_/
□□● _/_/ Satoru Matsumoto _/_/
●●● _/ helios_reds@xxxxxxx _/
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx
| < Previous | Next > |