https://bugzilla.novell.com/show_bug.cgi?id=740132 https://bugzilla.novell.com/show_bug.cgi?id=740132#c zj jia changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |zjjia@suse.com AssignedTo|bnc-team-screening@forge.pr |matz@suse.com |ovo.novell.com | -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=740132 https://bugzilla.novell.com/show_bug.cgi?id=740132#c2 --- Comment #2 from Carlos Robinson 2012-01-10 13:21:35 UTC --- (In reply to comment #1)

As discussed in bug 736667 this is not a bug. Restarting the affected services is enough, there's no reason to e.g. restart init or bash.

False. I did a "init 1" and there were several processes remaining, one of them init. I have tried now on another machine, and "zypper ps" says that init, udev, and mount.ntfs-3g are still active and vulnerable to the security hole. A total of 5 PIDs. A second zypper ps on that machine crashed, so the machine was left unstable by the update. An attempt to umount partitions fails, too. I have to forcibly power-off the machine to retrieve it. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=740132 https://bugzilla.novell.com/show_bug.cgi?id=740132#c4 Michael Matz changed: What |Removed |Added ---------------------------------------------------------------------------- Status|REOPENED |RESOLVED Resolution| |INVALID --- Comment #4 from Michael Matz 2012-01-10 14:38:27 UTC --- Please read what I wrote: (In reply to comment #2)

(In reply to comment #1)

...

As discussed in bug 736667 this is not a bug. Restarting the affected services is enough, there's no reason to e.g. restart init or bash.

False.

I did a "init 1" and there were several processes remaining, one of them init.

"There is no reason to e.g. restart init or bash."

I have tried now on another machine, and "zypper ps" says that init, udev, and mount.ntfs-3g are still active and vulnerable to the security hole. A total of 5 PIDs.

None of them are vulnerable, please read the CVE what the security issue is about. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=740132 https://bugzilla.novell.com/show_bug.cgi?id=740132#c6 Michael Matz changed: What |Removed |Added ---------------------------------------------------------------------------- Status|REOPENED |RESOLVED Resolution| |INVALID --- Comment #6 from Michael Matz 2012-01-11 13:16:08 UTC ---

...

"There is no reason to e.g. restart init or bash."

I do not believe it.

That's your right, but it merely means that you're wrong.

glibc was updated for whatever security reasons, and the update is not fully applied till the machine is rebooted.

Well, I do know the nature of the security issue and I'm telling you that there's no need to "apply the update fully". If you personally want to reboot every time glibc is updated, fine, but we won't force our other users to do so just because you don't want to believe us, sorry.

Proof: the machine was unstable after "init 1" and had to be rebooted anyway.

That can be all kinds of issues, but certainly not the change of the glibc patch. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.