Here are the links:
http://www.desktoplinux.com/news/NS6395357004.html
http://linux.slashdot.org/article.pl?sid=06/05/02/2216235&from=rss
http://news.yahoo.com/s/zd/20060502/tc_zd/177195

I searched Malone but couldn't find any references to this, so:
https://launchpad.net/bugs/42674

Here are the links:
http://www.desktoplinux.com/news/NS6395357004.html
http://linux.slashdot.org/article.pl?sid=06/05/02/2216235&from=rss
http://news.yahoo.com/s/zd/20060502/tc_zd/177195

I searched Malone but couldn't find any references to this, so:
https://launchpad.net/bugs/42674
Coverity Inc., which makes source code analysis software, announced May 2 that the biggest X Window System security vulnerability of the last six years has been identified and fixed, thanks to developers working with the U.S. Department of Homeland Security (DHS). Thankfully, the hole was plugged within a week, according to the company.
http://www.desktoplinux.com/news/NS6395357004.html
:cool:

and the comment from the devels (https://launchpad.net/bugs/42674):
We are not affected by this bug. I did upload 1.0.2 server the same day as the vulnerability was known. Also documented in debian/changelog.

No other versions of Ubuntu are affected.

For the next time, please always check the versions shipped and debian/changelog :)

always very polite ;)

It looks like the updates to X have finally hit repositories.

About 72 or so update requests in adept. . .Sheesh.

About 72 or so update requests in adept. . .Sheesh.
ouch. dial up... ](*,) ouch

ouch. dial up... ](*,) ouch

Lol, I'd hate to be you about now. :p

Lol, I'd hate to be you about now. :p
ehehe yep... I popped in the Dapper beta liveCD just so I won't see the "update-notifier" hanging on my head... :-$

....and then there's the one about the Hoary Hedgehog user on dial up who'd wiped all sorts of un-needed (supposedly) software off his box and when the gdm .Linux 686 Kernal and Xorg upgrades came through looked at the countless hours (more than 7) to download and update.
....and being the perfect cyberfool, made the committment. When it came time toreboot the machine there was a seemingly unnoticed bug somewhere and the GDM and X were lost, no forcing of the GDM would work and the Xdesktop could not be restored. No attempt to regain the system would work and since I'm still new to Linux (most of the reason it couldn't be restored since no online subpackages would work either) I can only guess I had a system which had been boogered somewhere along the line.

I know during the downloads and installations there were continuous and repetitive hits (tcp and udp), shown on the Firewall hitting as many as 6 ports from the same url. This url did this enumerable times during the download of the updates and I think this was due to the attempt to fix the security hole as that url may have been using the discovered breach.

In any event I now am on Breezy and will go about my usual hack 'em up software file removal and see where Breezy takes me....=D>

I know during the downloads and installations there were continuous and repetitive hits (tcp and udp), shown on the Firewall hitting as many as 6 ports from the same url. This url did this enumerable times during the download of the updates and I think this was due to the attempt to fix the security hole as that url may have been using the discovered breach.

1) If - and just in case - they were from 1025-1030, that's most likely a machine sending out messenger spam. I get hits from them all the time.

2) Set your firewall to "restrict all connections, whitelist traffic." That is, if you're using Firestarter.

3) If the connections already were blocked, I wouldn't worry too much about the hole (should there even be one) being used. Until you fix it you'll still get those alerts.

Thanks for that response. The system loss is attributable to a previous hack of my system, and vulnerability in the root through broken permissions and improper software package installation (MY FAULT) and these increased hits from whomever. Most of these hits are traversing a series of ports, as many as a half a dozen and have been coming from address ranges attributable to my ISP provider and a number of locations worldwide.

Anyway, I'm running Breezy now and have been a bit more careful with the setup and included the recent security updates. Something I've noticed is when accessing the repositories to fix a security issue the frequency of hits increases as much as ten fold and the ports they go after have run from single digits through high five digits. Usually there's a slow down of the download when this occurs and sometimes a stall. Since I'm using dial up it makes downloading a long winded (almost like this post) issue.

Breezy so far seems a bit better :cool: