[nSLUG] Updating strategies and distros

George N. White III gnwiii at gmail.com
Sat Apr 21 09:33:04 ADT 2007


Many linux distros recently released a Mesa updates and a security
patch for libX11 (CVE 2001-1667).  The libX11 patch simply adds some
sanity checks on arguments to a couple functions but catches out many
applications, e.g., graphicsMagick:
<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=414045>

Among the commercial applications using "insane" arguments, IDL and
PV-WAVE, forks of the same legacy code base dating back 25 years, were
both affected.

For an example of a 3rd party vendor's response:
<http://www.ittvis.com/services/techtip.asp?ttid=4177>

The open source "clone" of IDL, GDL (gnudatalanguage), did not have the bug

Distributions like debian, ubuntu, Fedora Core, and gentoo that have
frequent updates
are often the target of complaints about the number of updates.  An
advantage of frequent updates is that they are "fine-grained", so each
update represents a small set of changes.
This makes it easier to track down problems and apply workarounds.

-- 
George N. White III <aa056 at chebucto.ns.ca>
Head of St. Margarets Bay, Nova Scotia

!DSPAM:462a048594651173815969!




More information about the nSLUG mailing list