ubuntu-x-swat team mailing list archive

[QIII <642518@xxxxxxxxxxxxxxxxxx>]

Fortunately, I keep my ear to the ground and was aware of this problem
before I updated.  I would have been able to dig myself out of it, but
it would certainly have raised by blood pressure.

Since the fix was made available in -updates, this worked for me:

Completely uninstall Catalyst 10.9.

Reinstall Catalyst 10.4 from the repo.

Perform updates.

Restart.

I am not going to move forward with installing the later Catalyst
versions at this point.

But I must say something, and I hope the developers and MOTUs will take
this as constructive criticism.  I understand that you all work very
hard, and I appreciate that.  I admire you.

Lucid is an LTS.  People expect it to be stable.  They do not expect
that some strange-sounding thing like compat_alloc_user_space, which
they don't know from a hole in the ground, should change suddenly,
causing them to have difficulty with their video driver.
Understandably, this is difficult with driver versions later than the
ones in the repos, but changes should work at least with what is in the
repos.  The driver affected, per the original bug report, is the one
that is in the Lucid repo.  CVE-2010-3081 is a critical bug fix that
plugs a hole that can allow a nefarious outside user to root an
exploited machine.  The likelihood that someone's personal machine would
be attacked is small, but it is real.  This whole thing would have gone
right past a headless server without notice.

A critical update to the kernel was needed and provided.  Unwitting
users, perhaps with little tech know-how, diligently updated their
machines and broke their ATI drivers because there was a change in other
files that kept the driver from being compiled against the kernel
correctly.  They were left with machines that would not operate as
expected. They were first offered a patch, which many might not have
understood how to apply. Finally some 24 - 36 hours later, they were
given an update that works with the driver in the repo.  Their ability
to use it depends somewhat on whether they are able to get themselves
out of whatever mire they may have gotten themselves into in the
meantime.

Sorry, guys, but this smells very strongly of failure coordinate effort
and conduct appropriate testing.

I've been doing the computer gig for 35 years.  This is just not the
sort of thing I find acceptable.

-- 
[MASTER] package fglrx 2:8.723.1-0ubuntu4 failed to install/upgrade: Kernel fix for CVE-2010-3081 breaks fglrx
https://bugs.launchpad.net/bugs/642518
You received this bug notification because you are a member of Ubuntu-X,
which is subscribed to linux-restricted-modules-2.6.24 in ubuntu.