LWN.net Logo

Advertisement

E-Commerce & credit card processing - the Open Source way!

Advertise here

LWN.net Weekly Edition for January 6, 2005

The Grumpy Editor's guide to 2005

An inevitable part of the new-year ritual is the posting of predictions for the coming twelve months. Your editor, having access to a moderately high soapbox, feels it would be morally wrong to fail to make use of that soapbox to make an absolute fool out of himself. To that end, here are a few ideas for what we might see in the coming year. As always, these predictions are offered in the hope that they will be useful, but they carry NO WARRANTY regarding any correspondence with reality as experienced in your timezone or as to whether they make sense at all.

Development

This will be the year for free desktop infrastructure. Yes, there will be a long series of high-profile application releases, with OpenOffice.org 2.0 being, arguably, at the top of the list. But 2005 will be the year when projects like HAL and D-BUS stabilize and see wide deployment, and when the reinvigorated X.Org development team starts making some truly big strides. The kernel's support for contemporary video cards will be rationalized and improved. Perhaps there will even be a place for Mono. The convergence of all this new, low-level support code, combined with increased cooperation between desktop projects for low-level support, will build the base for the next generation of amazing free desktop applications.

Free databases will see some high-profile deployments. The adoption of free database management systems is still in an early stage. Things will progress in 2005, to the point that some proprietary database vendors will see the need to start competing directly against the free alternatives. Perhaps 2005 is when we'll see some real free database FUD.

There will be no 2.7 kernel in 2005, despite the requests for such a release from some quarters. The 2.6 process will continue to merge changes at a staggering rate, and nothing will come along which is so disruptive that it forces the creation of a new development series. The steady series of complaints about the quality of the 2.6 mainline releases will force some changes to the process - we may see more frequent releases or true "release candidates" for wider testing. But the simple fact is that the kernel developers - and the distributors who have the job of delivering stable kernels to their customers - are happy with things as they are, and will not be in a hurry to go back to the older way of doing things.

Commercial

Red Hat will find something to do with its cash pile. The company currently has about $1 billion (almost half of its market capitalization) in the bank - much of that cash is the result of a debt sale one year ago. As Red Hat's management tries to push the company's stock price back up, it will have to find something more productive to do with that money. It would not be surprising to see an acquisition or two happen in the near future.

The market for not-quite-enterprise distributions will grow. There are no end of companies looking to gain the benefits of switching to Linux, but who do not want to pay the hefty "enterprise Linux" price tag. Many of these companies will realize that high-quality Linux can be had for less, and will look to companies with credible support offerings. Companies like Progeny, Ubuntu, and Specifix may be well placed to thrive in this market. The UserLinux distributed support network model looks an awful lot like the early Red Hat "support partner" program, and risks ending up the same way.

Embedded Linux will gain a higher profile, especially as a base for a new round of "personal media player" gadgets. Expect some fireworks as some of these devices - and their built-in DRM schemes - prove to be more hackable than the entertainment industry would like.

Very few companies will buy Linux indemnification policies, making life difficult for insurance vendors like OSRM.

Distributions

Debian will get a new stable release out, one way or another. Much of the user base for stable Debian releases will, however, have moved on to offshoot distributions like Ubuntu. There will be a new round of soul-searching within the Debian Project over the value of its stable distribution and what that distribution should be.

Community involvement in Fedora will increase, mostly through outside maintenance of some non-core packages. Red Hat will maintain a firm grip on important decisions, however. Don't expect to see an open Fedora developers' conference in 2005.

Legal and political

Thanks to serious activism and the entry of several countries into the EU, software patents will not be enacted in Europe in 2005. One thing your editor has seen many times, however, is that the commercial forces behind this kind of legislation do not ever give up. While their current push looks to be headed for failure, the issue will remain, and the fight will go on.

A new round of copyright legislation will hit the U.S. Congress. The entertainment industry will attempt to strengthen its control and find some sort of legislative solution to file sharing over increasingly decentralized networks. Fair use activists will try again for copyright and DMCA reform. Neither side is likely to get far. The entertainment industry may get caught engaging in increasingly dirty denial of service attacks on peer-to-peer networks and their users.

This one should be fairly obvious: 2005 will see the end of SCO. The company's remaining cases will fall apart in court, and its cash will run out. In retrospect, it will become clear that the SCO lawsuit has actually been a good thing for free software: it has proved how clean our code is now, made developers more aware of the potential for such lawsuits in the future, and has made many large companies take a clear position in the defense of free software. The next company that tries to extract payments from the free software business world will find a climate which is far less hospitable to that sort of litigation; for this reason, your editor believes there will not be a new major intellectual property suit related to Linux in the coming year.

In conclusion...

More people will notice that Linux users don't have spyware and adware problems, which will be getting steadily worse on other platforms. This issue, alone, will cause more people to look at free software. Many will get their feet wet with Firefox and stop there, but others will take the full plunge. As proprietary systems are turned into zombies which spam and spy on their alleged owners, pure exasperation will push a new round of Linux adoption.

Your editor expects many things to continue as they have been. An increasing number of developers will work to create ever more powerful applications. More and more people will awaken to the value of free software, and they will look seriously at using it. Some people will even figure out ways to make money from it. And, inevitably, Linux will continue to be fun - even for a grumpy editor.

Comments (14 posted)

Looking forward to OpenOffice.org 2.0

January 5, 2005

This article was contributed by Joe 'Zonker' Brockmeier.

As the OpenOffice.org development team closes in on the 2.0 release, we thought we'd take a look at the suite and see how the 2.0 version is shaping up. Since OpenOffice.org 2.0 is still in development, it's to be expected that some features do not work or work poorly, and that its stability isn't at a level appropriate for a finished application. The 1.9.65 build of OpenOffice.org certainly lives up to that expectation, and should only be deployed for testing purposes.

We installed OpenOffice.org 1.9.65 from the snapshot builds page on a SUSE 9.2 system. Unlike previous versions of OpenOffice.org, version 1.9.x is being distributed in "native" installer format for various systems. The Linux build is available as an RPM rather than the old OpenOffice.org setup application.

One of the goals for the 2.0 release of OpenOffice.org is for the application to start faster than previous releases. At this point in development, the startup for OpenOffice 1.9.65 is not noticeably faster than 1.1.3, however.

Let's start with the word-processing application, Writer. The sad fact is that OpenOffice.org could be the best word processor ever invented -- but if it fails to import Microsoft Word documents well, it will have a tough time in the general market. This is also true of other OpenOffice.org applications, so we spent a good deal of time testing Office compatibility.

To test out the Word and other Microsoft document import features, this reporter searched for Microsoft Office documents on Google using the "filetype" search feature. Writer is still better at importing Microsoft Word documents than AbiWord, and 1.9.65 does a slightly better job of importing Microsoft Office files than 1.1.3. There still seem to be a few glitches. One Word document, for example, looked almost perfect, with the exception of a bulleted list presented outside the page borders.

The interface for Writer has changed very little, so users who are familiar with Writer already will be able to jump right in to the next version. There are a number of noteworthy new features in Writer aside from its Microsoft Word compatibility. This version of Writer allows an author to count words in a selection, in addition to counting words in the entire document. Nested table support has also improved in this version, which will also help with importing complex Microsoft Word documents. [OOo Impress screenshot]

The Impress interface has changed quite a bit, with floating toolbars for formatting and a tabbed interface to switch between views of the document. This reporter likes the new interface a little more, but the transitions between views are a bit jarring. The "slide sorter" view is particularly nice if one needs to re-arrange a presentation quickly.

Calc looks and feels the same as its predecessor. It has undergone a few improvements under the hood, however. In particular, Calc's limitation of 32,000 rows has been removed. Calc can now handle sheets with up to 65,536 rows, which is the same as Microsoft Excel. We tested this by importing a CSV document with 59,621 rows. Calc had no problem importing this document or saving it as a native OpenOffice.org file.

Calc is a bit better at importing Excel files with odd text formatting than Gnumeric, but Gnumeric does still seem to have the edge in supported functions. Calc fails several tests in Gnumeric's testing files which test for Excel compatibility.

One of the big additions to OpenOffice.org 2.0 is a database application like Microsoft Access. The OO.org Base application is, or should be, a nice addition to the OpenOffice.org suite when it's complete. Unfortunately, Base isn't very stable at the moment, and testing usually resulted in a complete crash in a short time. The Table Wizard is very user-friendly, but each time this reporter tried to create a database using the Wizard, OpenOffice.org would crash at the final step.

Unfortunately, the entire suite is only as stable as its least-stable component. When Base crashed, it brought down the entire suite in one fell swoop. This is a bit of a design flaw, as a user with Writer, Calc and Base open will have all applications crash simultaneously. This did give us a chance to work with the document recovery wizard. At startup, OpenOffice.org would try to recover all documents open at the time of the crash. OpenOffice.org's recovery feature was fairly dependable, but this reporter is looking forward to using it a little less often.

There are also a number of features that can be found throughout the OpenOffice.org suite rather than any specific application. The native file formats have changed to the OASIS Open Document Format for Office Applications. OpenOffice.org applications still support the older format, but new files are saved in the new format by default unless the user changes default file format preferences. Users have a great deal of flexibility in this area, including the ability to save in Microsoft Office formats if they prefer.

OpenOffice.org 2.0 also has a document conversion wizard that allows the user to convert older OpenOffice.org and Microsoft Office documents into the new OpenOffice.org document formats. Rather than forcing the user to convert documents one at a time, the wizard allows a user to convert all documents in a directory at once. This feature isn't quite error-free just yet.

We were also interested in OpenOffice.org 2.0's digital signatures feature. Apparently, OpenOffice.org will allow the user to sign or verify macros and documents in the new format. Unfortunately, this feature didn't seem to be working in the 1.9.65 build.

From a test of the 1.9.65 build, it's pretty clear that the OpenOffice.org project has a way to go before it's finished. However, this release does provide a pretty good overview of what to expect, and it does look like 2.0 will be a formidable suite when finished.

For LWN readers who wish to participate in testing, or just see what else is on the way, a feature guide to 2.0 is available. According to the roadmap, the OpenOffice.org project should be releasing a 2.0 beta some time this month, with a final release tentatively planned for March of this year.

Comments (9 posted)

The LWN.net 2004 Linux Timeline

Much happens in the Linux world over the course of a year. 2004 saw ongoing legal and political fights, new distributions, big releases of major applications, a new mode for kernel development, and more. This timeline is our attempt to separate out the most significant developments of the year and present them in a concise and enjoyable format. It continues an annual LWN tradition; it is the seventh in the series.

This is version 0.9 of the 2004 timeline. If you find any remaining major omissions, please send them to us at timeline@lwn.net; please do not post errors or omissions as comments until after we have had a chance to address them.

The development of the LWN.net Linux Timeline was supported by LWN subscribers; if you like what you see, please consider subscribing to LWN.

As usual, the timeline is split up by month. We apologize that a "one big page" version is not available at this time.

The LWN.net Linux timelines from the last six years are still available:

Comments (5 posted)

Page editor: Jonathan Corbet

Security

The Honeynet report on Linux life expectancy

Numerous electrons have been expended on the recently-released Honeynet report (PDF) on the life expectancy of systems exposed to the Internet. That report concluded that an unpatched Linux system would last, on the average, for about three months before being compromised, while a Windows system had a life expectancy measured in hours. That is an outcome which is certainly welcome to those who are concerned about the security of Linux systems.

If you actually read the report, however, you'll find some interesting things. The test, it would seem, was set up in a way designed to make the Linux systems as easy as possible to compromise. Among other things:

  • The Linux distributions installed were old: Red Hat Linux 7.2, SUSE Linux 6.3, etc. The most current distribution installed was Fedora Core 1, put on two boxes (neither of which was compromised)..

  • These systems had a number of services installed; some of those (i.e. SMB) are not necessarily something one would enable on systems directly connected to the net.

  • The systems were set up with easily guessed passwords as well.

Of the four Linux systems which were compromised, two of them fell to brute-force password guessing. This episode may be a good lesson in why choosing good passwords is still important, but it has nothing to do with Linux security.

The report authors note that the expected lifetime of Linux systems has increased - an interesting development, given that the net has not exactly become a friendlier place. The authors guess, as usual, that the relative popularity of Windows makes it a more attractive target. They also note, however, that default Linux installations have become more secure over time. Certainly much effort has gone toward that end; it is nice to see that it is having an effect.

Comments (6 posted)

New vulnerabilities

debmake: insecure temp directories

Package(s):debmake CVE #(s):CAN-2004-1179
Created:December 23, 2004 Updated:January 4, 2005
Description: debmake contains a script that can make insecure temporary directories. This can be used by a symlink attack to create and overwrite arbitrary files.
Alerts:
Ubuntu USN-49-1 2004-12-23

Comments (none posted)

htmlheadline: insecure temporary files

Package(s):htmlheadline CVE #(s):CAN-2004-1181
Created:January 3, 2005 Updated:January 4, 2005
Description: Javier Fernández-Sanguino Peña has discovered multiple insecure uses of temporary files that could lead to overwriting arbitrary files via a symlink attack.
Alerts:
Debian DSA-622-1 2005-01-03

Comments (none posted)

kdelibs: unwanted email origination

Package(s):kdelibs CVE #(s):
Created:January 4, 2005 Updated:January 4, 2005
Description: The Konqueror browser (via kdelibs) contains a vulnerability which can cause it to send email without the user's interaction or consent. See this bug report for details.
Alerts:
Mandrake MDKSA-2004:160 2004-12-29

Comments (none posted)

kernel: 32bit emulation privilege escalation

Package(s):kernel CVE #(s):CAN-2004-1144
Created:December 23, 2004 Updated:January 5, 2005
Description: The 2.4 Linux Kernel on the AMD64 platform has a missing argument checking vulnerability that can allow a local attacker to gain root privileges.
Alerts:
Red Hat RHSA-2004:689-01 2004-12-23
SuSE SUSE-SA:2004:046 2004-12-22

Comments (none posted)

LinPopUp: buffer overflow in message reply

Package(s):linpopup CVE #(s):CAN-2004-1282
Created:January 4, 2005 Updated:January 10, 2005
Description: Stephen Dranger discovered that LinPopUp contains a buffer overflow in string.c, triggered when replying to a remote user message. A remote attacker could craft a malicious message that, when replied to using LinPopUp, would exploit the buffer overflow. This would result in the execution of arbitrary code with the privileges of the user running LinPopUp.
Alerts:
Debian DSA-632-1 2005-01-10
Gentoo 200501-01 2005-01-04

Comments (none posted)

netkit-telnet-ssl: format string vulnerability

Package(s):netkit-telnet-ssl CVE #(s):CAN-2004-0998
Created:December 23, 2004 Updated:January 4, 2005
Description: telnetd-ssl has a format string vulnerability that may be exploitable for executing arbitrary code.
Alerts:
Debian DSA-616-1 2004-12-23

Comments (none posted)

pcal: buffer overflows

Package(s):pcal CVE #(s):CAN-2004-1289
Created:January 5, 2005 Updated:January 5, 2005
Description: Two buffer overflows have been found in the pcal utility; they could be exploited by a hostile calendar file to execute arbitrary code.
Alerts:
Debian DSA-625-1 2004-01-05

Comments (none posted)

PHProjekt: PHP code execution

Package(s):phprojekt CVE #(s):
Created:January 4, 2005 Updated:January 4, 2005
Description: PHProject, prior to version 4.2-r2, has a vulnerability wherein a remote attacker can define a global variable and execute arbitrary PHP code.
Alerts:
Gentoo 200412-27 2004-12-30

Comments (none posted)

shoutcast server: buffer overflow

Package(s):shoutcast-server CVE #(s):
Created:January 5, 2005 Updated:January 5, 2005
Description: The shoutcast server contains a remotely exploitable buffer overflow vulnerability; upgrading to version 1.9.5 fixes the problem.
Alerts:
Gentoo 200501-04 2005-01-05

Comments (none posted)

tetex: insecure temp files

Package(s):tetex CVE #(s):
Created:December 23, 2004 Updated:January 4, 2005
Description: The xdvizilla script can create insecure temporary files and directories, allowing a symbolic link attack that can overwrite arbitrary files.
Alerts:
Ubuntu USN-51-1 2004-12-23

Comments (none posted)

xpdf: buffer overflow

Package(s):xpdf CVE #(s):CAN-2004-1125
Created:December 23, 2004 Updated:April 1, 2005
Description: xpdf has a potential buffer overflow problem caused by insufficient input validation. A specially crafted PDF file can allow an attacker to execute code with privileges of the xpdf user.
Alerts:
Red Hat RHSA-2005:354-01 2005-04-01
Red Hat RHSA-2005:018-01 2005-01-12
Gentoo 200501-17 2005-01-11
Gentoo 200501-13 2005-01-10
Fedora FEDORA-2004-585 2005-01-03
Fedora FEDORA-2004-584 2005-01-03
Debian DSA-621-1 2004-12-31
Mandrake MDKSA-2004:166 2004-12-29
Mandrake MDKSA-2004:165 2004-12-29
Mandrake MDKSA-2004:162 2004-12-29
Mandrake MDKSA-2004:164 2004-12-29
Mandrake MDKSA-2004:163 2004-12-29
Mandrake MDKSA-2004:161 2004-12-29
Debian DSA-619-1 2004-12-30
Gentoo 200412-25 2004-12-28
Gentoo 200412-24 2004-12-28
Fedora FEDORA-2004-575 2004-12-22
Fedora FEDORA-2004-574 2004-12-22
Fedora FEDORA-2004-573 2004-12-22
Fedora FEDORA-2004-572 2004-12-22
Ubuntu USN-50-1 2004-12-23
Ubuntu USN-48-1 2004-12-23

Comments (none posted)

Updated vulnerabilities

a2ps: input validation error

Package(s):a2ps CVE #(s):CAN-2004-1170 CAN-2004-1377
Created:November 26, 2004 Updated:December 19, 2005
Description: The GNU a2ps utility fails to properly sanitize filenames, which can be abused by a malicious user to execute arbitrary commands with the privileges of the user running the vulnerable application. More information at Security Focus.
Alerts:
Fedora-Legacy FLSA:152870 2005-12-17
Mandriva MDKSA-2005:097 2005-06-07
OpenPKG OpenPKG-SA-2005.003 2005-01-17
Gentoo 200501-02 2005-01-04
Debian DSA-612-1 2004-12-20
Mandrake MDKSA-2004:140 2004-11-25

Comments (none posted)

cdrecord: failure to drop privilege

Package(s):cdrecord CVE #(s):CAN-2004-0806
Created:September 8, 2004 Updated:February 21, 2005
Description: The cdrecord utility, which is installed setuid on some distributions, fails to drop privilege before running a user-specified program.
Alerts:
Fedora-Legacy FLSA:2058 2005-02-20
Gentoo 200409-18 2004-09-14
Fedora FEDORA-2004-298 2004-09-09
Fedora FEDORA-2004-297 2004-09-09
Mandrake MDKSA-2004:091 2004-09-07

Comments (none posted)

cups: multiple vulnerabilities

Package(s):cups CVE #(s):CAN-2004-1267 CAN-2004-1268 CAN-2004-1269 CAN-2004-1270
Created:December 17, 2004 Updated:February 9, 2005
Description: cups has a denial of service vulnerability in the lppasswd utility and a remote code execution vulnerability in the hpgltops filter.
Alerts:
SuSE SUSE-SR:2005:003 2005-02-04
Mandrake MDKSA-2005:008 2005-01-17
Gentoo 200412-25:02 2004-12-28
Red Hat RHSA-2005:013-01 2005-01-12
Gentoo 200412-25 2004-12-28
Fedora FEDORA-2004-559 2004-12-17
Fedora FEDORA-2004-560 2004-12-17

Comments (none posted)

cyrus-sasl: remote buffer overflow

Package(s):cyrus-sasl CVE #(s):CAN-2004-0884
Created:October 7, 2004 Updated:March 16, 2005
Description: cyrus-sasl has a vulnerability involving a buffer overflow in the digestmda5.c file. A remote attacker may be able to compromise the system. Also, a local user may be able to exploit a vulnerability by using the SASL_PATH environment variable.
Alerts:
Mandrake MDKSA-2005:054 2005-03-15
SuSE SUSE-SA:2005:013 2005-03-03
Fedora-Legacy FLSA:2137 2005-02-17
OpenPKG OpenPKG-SA-2005.004 2005-01-28
Conectiva CLA-2004:889 2004-11-11
Debian DSA-568-1 2004-10-16
Debian DSA-563-3 2004-10-14
Debian DSA-563-2 2004-10-12
Debian DSA-563-1 2004-10-12
Trustix TSLSA-2004-0053 2004-10-08
Mandrake MDKSA-2004:106 2004-10-07
Red Hat RHSA-2004:546-02 2004-10-07
Gentoo 200410-05 2004-10-07

Comments (none posted)

dhcp: format string vulnerability

Package(s):dhcp CVE #(s):CAN-2004-1006
Created:November 4, 2004 Updated:July 13, 2005
Description: Dhcp has a format string vulnerability in the log functions of dhcp 2.x that may be exploited via a malicious DNS server.
Alerts:
Fedora-Legacy FLSA:152835 2005-07-10
Red Hat RHSA-2005:212-01 2005-04-12
Debian DSA-584-1 2004-11-04

Comments (none posted)

ethereal: multiple vulnerabilities

Package(s):ethereal CVE #(s):CAN-2004-1139 CAN-2004-1140 CAN-2004-1141 CAN-2004-1142
Created:December 20, 2004 Updated:January 13, 2005
Description: There are multiple vulnerabilities in versions of Ethereal earlier than 0.10.8, including:
  • Bug in DICOM dissection discovered by Bing could make Ethereal crash (CAN-2004-1139).
  • An invalid RTP timestamp could make Ethereal hang and create a large temporary file (CAN-2004-1140).
  • The HTTP dissector could access previously-freed memory (CAN-2004-1141).
  • Brian Caswell discovered that an improperly formatted SMB could make Ethereal hang (CAN-2004-1142).
Alerts:
Conectiva CLA-2005:916 2005-01-13
Debian DSA-613-1 2004-12-21
Mandrake MDKSA-2004:152 2004-12-20
Gentoo 200412-15 2004-12-19

Comments (none posted)

Filename disclosure vulnerability in fam

Package(s):fam CVE #(s):CAN-2002-0875
Created:August 19, 2002 Updated:January 5, 2005
Description: "fam" (file alteration monitor) watches files and directories for changes and lets interested applications know when something happens. This package has a flaw in its group handling that blocks some legitimate operations while, at the same time, exposing the names of files that should otherwise be invisible.
Alerts:
Red Hat RHSA-2005:005-01 2005-01-05
Debian DSA-154-1 2002-08-15

Comments (none posted)

Foomatic: Arbitrary command execution in foomatic-rip

Package(s):foomatic CVE #(s):CAN-2004-0801
Created:September 20, 2004 Updated:May 31, 2006
Description: There is a vulnerability in the foomatic-filters package. This vulnerability is due to insufficient checking of command-line parameters and environment variables in the foomatic-rip filter. This vulnerability may allow both local and remote attackers to execute arbitrary commands on the print server with the permissions of the spooler.
Alerts:
SuSE SUSE-SA:2006:026 2006-05-30
Fedora-Legacy FLSA:2076 2004-11-05
Conectiva CLA-2004:880 2004-10-27
Fedora FEDORA-2004-303 2004-09-21
Gentoo 200409-24 2004-09-20

Comments (none posted)

FreeRADIUS: denial of service

Package(s):freeradius CVE #(s):CAN-2004-0938 CAN-2004-0960 CAN-2004-0961
Created:September 22, 2004 Updated:February 2, 2005
Description: FreeRADIUS (through version 1.0.1) suffers from several denial of service vulnerabilities in its packet reception code.
Alerts:
Fedora-Legacy FLSA:2187 2005-02-01
Red Hat RHSA-2004:609-01 2004-11-12
Gentoo 200409-29 2004-09-22

Comments (none posted)

gaim: buffer overflow in MSN protocol

Package(s):gaim CVE #(s):CAN-2004-0891
Created:October 25, 2004 Updated:February 11, 2005
Description: A buffer overflow in the MSN protocol handler for gaim 0.79 to 1.0.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an "unexpected sequence of MSNSLP messages" that results in an unbounded copy operation that writes to the wrong buffer.
Alerts:
Fedora-Legacy FLSA:2188 2005-02-10
Red Hat RHSA-2004:604-01 2004-10-20
Mandrake MDKSA-2004:117 2004-11-01
Ubuntu USN-8-1 2004-10-27
Gentoo 200410-23 2004-10-24
Slackware SSA:2004-296-01 2004-10-25

Comments (none posted)

Gallery: cross-site scripting vulnerability

Package(s):Gallery CVE #(s):CAN-2004-1106
Created:November 8, 2004 Updated:January 17, 2005
Description: Jim Paris has discovered a cross-site scripting vulnerability in Gallery. By sending a carefully crafted URL, an attacker can inject and execute script code in the victim's browser window, and potentially compromise the users gallery.
Alerts:
Debian DSA-642-1 2005-01-17
Gentoo 200411-10:01 2004-11-06

Comments (none posted)

gtk2, gdk-pixbuf: buffer overflows

Package(s):gdk-pixbuf gtk2 CVE #(s):CAN-2004-0753 CAN-2004-0782 CAN-2004-0783 CAN-2004-0788
Created:September 15, 2004 Updated:February 25, 2005
Description: The gdk-pixbuf and gtk2 libraries contain vulnerabilities in their handling of BMP and XPM files which can lead to denial of service and, potentially, code execution attacks.
Alerts:
Fedora-Legacy FLSA:2005 2005-02-23
Conectiva CLA-2004:875 2004-10-18
Slackware SSA:2004-266-02 2004-09-22
Gentoo 200409-28 2004-09-21
Mandrake MDKSA-2004:095-1 2004-09-17
SuSE SUSE-SA:2004:033 2004-09-17
Debian DSA-549-1 2004-09-17
Red Hat RHSA-2004:447-02 2004-09-15
Debian DSA-546-1 2004-09-16
Red Hat RHSA-2004:466-01 2004-09-15
Red Hat RHSA-2004:447-01 2004-09-15
Mandrake MDKSA-2004:095 2004-09-15
Fedora FEDORA-2004-289 2004-09-15
Fedora FEDORA-2004-288 2004-09-15
Fedora FEDORA-2004-287 2004-09-15
Fedora FEDORA-2004-286 2004-09-15

Comments (none posted)

gettext: Insecure temporary file handling

Package(s):gettext CVE #(s):CAN-2004-0966
Created:October 11, 2004 Updated:March 1, 2006
Description: gettext insecurely creates temporary files in world-writeable directories with predictable names. A local attacker could create symbolic links in the temporary files directory, pointing to a valid file somewhere on the filesystem. When gettext is called, this would result in file access with the rights of the user running the utility, which could be the root user.
Alerts:
Mandriva MDKSA-2006:051 2006-02-28
Fedora-Legacy FLSA:136323 2006-01-09
Gentoo 200410-10:02 2004-10-10
OpenPKG OpenPKG-SA-2004.055 2004-12-23
Ubuntu USN-5-1 2004-10-27
Gentoo 200410-10 2004-10-10

Comments (1 posted)

ghostscript: symlink vulnerabilities

Package(s):ghostscript CVE #(s):CAN-2004-0967
Created:October 20, 2004 Updated:September 28, 2005
Description: The ghostscript package (prior to version 7.07.1-r7) contains several scripts which are vulnerable to symlink attacks.
Alerts:
Red Hat RHSA-2005:081-01 2005-09-28
Ubuntu USN-3-1 2004-10-27
Gentoo 200410-18 2004-10-20

Comments (none posted)

glibc: Information leak with LD_DEBUG

Package(s):glibc CVE #(s):CAN-2004-1453
Created:August 17, 2004 Updated:May 26, 2005
Description: Silvio Cesare discovered a potential information leak in glibc. It allows LD_DEBUG on SUID binaries where it should not be allowed. This has various security implications, which may be used to gain confidential information. An attacker can gain the list of symbols a SUID application uses and their locations and can then use a trojaned library taking precedence over those symbols to gain information or perform further exploitation.
Alerts:
Red Hat RHSA-2005:256-01 2005-05-18
Gentoo 200408-16 2004-08-16

Comments (1 posted)

glibc: tempfile vulnerability in catchsegv script

Package(s):glibc CVE #(s):CAN-2004-0968
Created:October 21, 2004 Updated:November 14, 2005
Description: The catchsegv script in the glibc package has a symlink vulnerability that may allow a local user to overwrite arbitrary files with the permissions of the user that is running the script.
Alerts:
Fedora-Legacy FLSA:152848 2005-11-13
Red Hat RHSA-2005:261-01 2005-04-28
Debian DSA-636-1 2005-01-12
Mandrake MDKSA-2004:159 2004-12-29
Red Hat RHSA-2004:586-01 2004-12-20
Fedora FEDORA-2004-356 2004-11-11
Ubuntu USN-4-1 2004-10-27
Gentoo 200410-19 2004-10-21

Comments (none posted)

gnome-vfs: backend script vulnerabilities

Package(s):gnome-vfs CVE #(s):CAN-2004-0494
Created:August 4, 2004 Updated:February 21, 2005
Description: Several scripts packaged with gnome-vfs, using its "extfs" capability, have security flaws. These scripts tend not to be used on many systems, but their presence can still be a threat.
Alerts:
Fedora-Legacy FLSA:1944 2005-02-20
Whitebox WBSA-2004:373-01 2004-08-19
Red Hat RHSA-2004:373-01 2004-08-04

Comments (none posted)

groff: insecure temp file

Package(s):groff CVE #(s):CAN-2004-1296
Created:December 20, 2004 Updated:January 17, 2005
Description: Javier Fernández-Sanguino Peña discovered that the auxiliary scripts "eqn2graph" and "pic2graph" created temporary files in an insecure way, which allowed exploitation of a race condition to create or overwrite files with the privileges of the user invoking the program.
Alerts:
Ubuntu USN-43-1 2004-12-20

Comments (1 posted)

groff: insecure temporary directory

Package(s):groff CVE #(s):CAN-2004-0969
Created:November 1, 2004 Updated:February 9, 2006
Description: Recently, Trustix Secure Linux discovered a vulnerability in the groff package. The utility "groffer" created a temporary directory in an insecure way, which allowed exploitation of a race condition to create or overwrite files with the privileges of the user invoking the program.
Alerts:
Mandriva MDKSA-2006:038 2006-02-08
Gentoo 200411-15 2004-11-08
Ubuntu USN-13-1 2004-11-01

Comments (none posted)

gtkhtml: malformed messages cause crash

Package(s):gtkhtml CVE #(s):CAN-2003-0133 CAN-2003-0541
Created:April 14, 2003 Updated:April 18, 2005
Description: GtkHTML is the HTML rendering widget used by the Evolution mail reader.

GtkHTML supplied with versions of Evolution prior to 1.2.4 contain a bug when handling HTML messages. Alan Cox discovered that certain malformed messages could cause the Evolution mail component to crash.

Alerts:
Debian DSA-710-1 2005-04-18
Mandrake MDKSA-2003:093 2003-09-18
Conectiva CLA-2003:737 2003-09-12
Red Hat RHSA-2003:264-01 2003-09-09
Mandrake MDKSA-2003:046 2003-04-15
Red Hat RHSA-2003:126-01 2003-04-14

Comments (none posted)

imlib: buffer overflows in image decoding

Package(s):imlib CVE #(s):CAN-2004-1026
Created:December 6, 2004 Updated:January 13, 2005
Description: Pavel Kankovsky discovered that several overflows found in the libXpm library also applied to imlib. He also fixed a number of other potential flaws. A remote attacker could entice a user to view a carefully-crafted image file, which would potentially lead to execution of arbitrary code with the rights of the user viewing the image. This affects any program that makes use of the imlib library.
Alerts:
Mandrake MDKSA-2005:007 2005-01-12
Gentoo 200501-19 2005-01-11
Ubuntu USN-55-1 2005-01-06
Debian DSA-628-1 2005-01-06
Ubuntu USN-53-1 2004-12-29
Debian DSA-618-1 2004-12-24
Red Hat RHSA-2004:651-01 2004-12-10
Gentoo 200412-03 2004-12-06

Comments (none posted)

imlib2: buffer overflows

Package(s):imlib2 CVE #(s):CAN-2004-0802 CAN-2004-0817
Created:September 8, 2004 Updated:October 26, 2005
Description: The imlib2 library contains buffer overflows in the BMP handling code.
Alerts:
Debian DSA-548-2 2005-10-26
Conectiva CLA-2004:870 2004-09-28
Debian DSA-552-1 2004-09-22
Debian DSA-548-1 2004-09-16
Red Hat RHSA-2004:465-01 2004-09-15
Gentoo 200409-12 2004-09-08
Fedora FEDORA-2004-301 2004-09-09
Fedora FEDORA-2004-300 2004-09-09
Mandrake MDKSA-2004:089 2004-09-07

Comments (none posted)

iptables: missing initialization

Package(s):iptables CVE #(s):CAN-2004-0986
Created:November 1, 2004 Updated:February 11, 2005
Description: Faheem Mitha noticed that the iptables command, an administration tool for IPv4 packet filtering and NAT, did not always load the required modules on its own as it was supposed to. This could lead to firewall rules not being loaded on system startup. This caused a failure in connection with rules provided by lokkit at least.
Alerts:
Fedora-Legacy FLSA:2252 2005-02-10
Ubuntu USN-81-1 2005-02-11
Mandrake MDKSA-2004:125 2004-11-04
Debian DSA-580-1 2004-11-01

Comments (none posted)

kerberos5: execution of arbitrary code by authenticated user

Package(s):kerberos5 CVE #(s):CAN-2004-1189
Created:December 21, 2004 Updated:February 15, 2005
Description: There is a buffer overflow in the password history handling code of libkadm5srv which could be exploited by an authenticated user to execute arbitrary code on a Key Distribution Center (KDC) server.
Alerts:
Red Hat RHSA-2005:045-01 2005-02-15
Red Hat RHSA-2005:012-01 2005-01-19
Conectiva CLA-2005:917 2005-01-13
Ubuntu USN-58-1 2005-01-10
Debian DSA-629-1 2005-01-07
Gentoo 200501-05 2005-01-05
Mandrake MDKSA-2004:156 2004-12-22
Fedora FEDORA-2004-564 2004-12-21
Fedora FEDORA-2004-563 2004-12-21
Trustix TSLSA-2004-0069 2004-12-21

Comments (none posted)

kernel: IGMP and scm_send vulnerabilities

Package(s):kernel CVE #(s):CAN-2004-1016 CAN-2004-1137
Created:December 14, 2004 Updated:January 4, 2005
Description: Paul Starzetz has discovered a new pair of kernel vulnerabilities. The IGMP code suffers from input validation and integer overflow vulnerabilities which could be remotely exploitable, and the socket function __scm_send() has a local denial of service vulnerability.
Alerts:
Fedora FEDORA-2004-582 2005-01-03
Fedora FEDORA-2004-581 2005-01-03
Ubuntu USN-47-1 2004-12-23
SuSE SUSE-SA:2004:044 2004-12-21
Trustix TSLSA-2004-0068 2004-01-19
Ubuntu USN-38-1 2004-12-14

Comments (none posted)

kernel-utils: setuid vulnerability

Package(s):kernel-utils CVE #(s):CAN-2003-0019
Created:February 7, 2003 Updated:January 21, 2005
Description: The kernel-utils package contains several utilities that can be used to control the kernel or machine hardware. In Red Hat Linux 8.0 this package contains user mode linux (UML) utilities.

The uml_net utility in kernel-utils packages with Red Hat Linux 8.0 was incorrectly shipped setuid root. This could allow local users to control certain network interfaces, add and remove arp entries and routes, and put interfaces in and out of promiscuous mode.

All users of the kernel-utils package should update to these packages that contain a version of uml_net that is not setuid root.

Alternatively, as a work-around to this vulnerability issue the following command as root:

chmod -s /usr/bin/uml_net

Alerts:
Red Hat RHSA-2003:056-08 2003-02-07

Comments (none posted)

libgd2: buffer overflows in PNG handling

Package(s):libgd2 CVE #(s):CAN-2004-0990 CAN-2004-0941
Created:October 29, 2004 Updated:June 28, 2006
Description: Several buffer overflows have been discovered in libgd's PNG handling functions.
If an attacker tricked a user into loading a malicious PNG image, they could leverage this into executing arbitrary code in the context of the user opening image. Most importantly, this library is commonly used in PHP. One possible target would be a PHP driven photo website that lets users upload images. Therefore this vulnerability might lead to privilege escalation to a web server's privileges.
Multiple buffer overflows in the gd graphics library (libgd) 2.0.21 and earlier may allow remote attackers to execute arbitrary code via malformed image files that trigger the overflows due to improper calls to the gdMalloc function.
Alerts:
Mandriva MDKSA-2006:114 2006-06-27
Red Hat RHSA-2006:0194-01 2006-02-01
Fedora-Legacy FLSA:152838 2005-07-15
Red Hat RHSA-2004:638-01 2004-12-17
Ubuntu USN-33-1 2004-11-29
Debian DSA-602-1 2004-11-29
Debian DSA-601-1 2004-11-29
Mandrake MDKSA-2004:132 2004-11-15
Ubuntu USN-25-1 2004-11-15
Fedora FEDORA-2004-412 2004-11-11
Fedora FEDORA-2004-411 2004-11-11
Ubuntu USN-21-1 2004-11-09
Debian DSA-591-1 2004-11-09
Debian DSA-589-1 2004-11-09
Gentoo 200411-08 2004-11-03
OpenPKG OpenPKG-SA-2004.049 2004-10-30
Ubuntu USN-11-1 2004-10-28

Comments (none posted)

libpng: multiple vulnerabilities

Package(s):libpng CVE #(s):CAN-2002-1363 CAN-2004-0597 CAN-2004-0598 CAN-2004-0599
Created:August 4, 2004 Updated:February 10, 2005
Description: There is yet another set of holes in libpng, versions 1.2.5 and prior, which can be exploited by a malicious image file; see this advisory from Chris Evans or this CERT advisory for details.
Alerts:
Fedora-Legacy FLSA:1943 2005-02-08
Red Hat RHSA-2004:421-01 2004-08-04
Gentoo 200408-22 2004-08-23
Whitebox WBSA-2004:402-01 2004-08-19
Mandrake MDKSA-2004:082 2004-08-12
Slackware SSA:2004-223-01 2004-08-09
Slackware SSA:2004-223-02 2004-08-07
Slackware SSA:2004-222-01b 2004-08-10
Slackware SSA:2004-222-01 2004-08-07
Conectiva CLA-2004:856 2004-08-06
Trustix TSLSA-2004-0040 2004-08-05
Gentoo 200408-03 2004-08-05
Debian DSA-536-1 2004-08-04
Mandrake MDKSA-2004:079 2004-08-04
SuSE SUSE-SA:2004:023 2004-08-04
Red Hat RHSA-2004:402-01 2004-08-04
OpenPKG OpenPKG-SA-2004.035 2004-08-04

Comments (1 posted)

libtiff: buffer overflow

Package(s):libtiff CVE #(s):CAN-2004-1308
Created:December 22, 2004 Updated:May 19, 2005
Description: The libtiff image manipulation library contains several exploitable buffer overflows.
Alerts:
Fedora-Legacy FLSA:152815 2005-05-18
Red Hat RHSA-2005:035-01 2005-02-15
Conectiva CLA-2005:920 2005-01-20
Red Hat RHSA-2005:019-01 2005-01-13
SuSE SUSE-SA:2005:001 2005-01-10
Fedora FEDORA-2005-598 2005-01-07
Fedora FEDORA-2005-597 2005-01-07
Ubuntu USN-54-1 2005-01-06
Mandrake MDKSA-2005:002 2005-01-06
Mandrake MDKSA-2005:001 2005-01-06
Gentoo 200501-06 2005-01-05
Debian DSA-626-1 2005-01-06
Debian DSA-617-1 2004-12-24
Fedora FEDORA-2004-577 2004-12-22
Fedora FEDORA-2004-576 2004-12-22
Ubuntu USN-46-1 2004-12-22

Comments (none posted)

libxml2: multiple buffer overflows

Package(s):libxml2 CVE #(s):CAN-2004-0989
Created:October 28, 2004 Updated:February 28, 2005
Description: libxml2 prior to version 2.6.14 has multiple buffer overflow vulnerabilities, if a local user passes a specially crafted FTP URL, arbitrary code may be executed.
Alerts:
Ubuntu USN-89-1 2005-02-28
Red Hat RHSA-2004:650-01 2004-12-16
Conectiva CLA-2004:890 2004-11-18
Red Hat RHSA-2004:615-01 2004-11-12
Mandrake MDKSA-2004:127 2004-11-04
Debian DSA-582-1 2004-11-02
Gentoo 200411-05 2004-11-02
Trustix TSLSA-2004-0055 2004-10-29
OpenPKG OpenPKG-SA-2004.050 2004-10-31
Ubuntu USN-10-1 2004-10-28
Fedora FEDORA-2004-353 2004-10-28

Comments (none posted)

libxpm4: stack and integer overflows

Package(s):libxpm4 CVE #(s):CAN-2004-0687 CAN-2004-0688
Created:September 16, 2004 Updated:February 14, 2005
Description: There are several stack and integer overflow bugs in the libXpm code of XFree86 that may be used for a denial of service.
Alerts:
Conectiva CLA-2005:924 2005-02-14
Red Hat RHSA-2005:004-01 2005-01-12
Red Hat RHSA-2004:537-01 2004-12-02
Ubuntu USN-27-1 2004-11-17
Mandrake MDKSA-2004:124 2004-11-04
Debian DSA-561-1 2004-10-11
Gentoo 200410-09 2004-10-09
Debian DSA-560-1 2004-10-07
Red Hat RHSA-2004:479-01 2004-10-06
Red Hat RHSA-2004:478-01 2004-10-04
Gentoo 200409-34 2004-09-27
SuSE SUSE-SA:2004:034 2004-09-17
Mandrake MDKSA-2004:099 2004-09-15
Mandrake MDKSA-2004:098 2004-09-15

Comments (none posted)

lvm10: creates insecure temporary directory

Package(s):lvm10 CVE #(s):CAN-2004-0972
Created:November 1, 2004 Updated:July 25, 2005
Description: Trustix Secure Linux discovered a vulnerability in a supplemental script of the lvm10 package. The program "lvmcreate_initrd" created a temporary directory in an insecure way, which could allow a symlink attack to create or overwrite arbitrary files with the privileges of the user invoking the program.
Alerts:
Fedora-Legacy FLSA:152842 2005-07-24
Mandrake MDKSA-2004:144 2004-12-06
Gentoo 200411-22 2004-11-11
Debian DSA-583-1 2004-11-03
Ubuntu USN-15-1 2004-11-01

Comments (none posted)

Midnight Commander: extfs vfs vulnerability

Package(s):mc CVE #(s):CAN-2004-0494
Created:September 2, 2004 Updated:January 5, 2005
Description: Midnight Commander has a vfs vulnerability with shell quoting in extfs perl scripts.
Alerts:
Red Hat RHSA-2004:464-02 2005-01-05
Red Hat RHSA-2004:464-01 2004-09-15
Fedora FEDORA-2004-273 2004-09-01
Fedora FEDORA-2004-272 2004-09-01

Comments (none posted)

mikmod: buffer overflow

Package(s):mikmod CVE #(s):CAN-2003-0427
Created:June 16, 2003 Updated:June 16, 2005
Description: Ingo Saitz discovered a bug in mikmod whereby a long filename inside an archive file can overflow a buffer when the archive is being read by mikmod.
Alerts:
Fedora FEDORA-2005-405 2005-06-16
Red Hat RHSA-2005:506-01 2005-06-13
Fedora FEDORA-2005-404 2005-06-09
Gentoo 200307-01 2003-07-02
Debian DSA-320-1 2003-06-13

Comments (none posted)

mozilla products: arbitrary code execution and other vulnerabilities

Package(s):mozilla firefox thunderbird CVE #(s):CAN-2004-0902 CAN-2004-0903 CAN-2004-0904 CAN-2004-0905 CAN-2004-0908
Created:September 20, 2004 Updated:January 13, 2005
Description: Several vulnerabilities exist in the Mozilla web browser and derived products, the most serious of which could allow a remote attacker to execute arbitrary code on an affected system. See the CERT advisory for details.
Alerts:
Gentoo 200501-03 2005-01-05
Fedora-Legacy FLSA:2089 2004-10-27
Conectiva CLA-2004:877 2004-10-22
Mandrake MDKSA-2004:107 2004-10-19
SuSE SUSE-SA:2004:036 2004-10-06
Red Hat RHSA-2004:486-01 2004-09-30
Slackware SSA:2004-266-03 2004-09-22
Gentoo 200409-26 2004-09-20

Comments (none posted)

mpg123: buffer overflow bug

Package(s):mpg123 CVE #(s):CAN-2004-0805
Created:September 16, 2004 Updated:January 11, 2005
Description: The mpg123 audio playing utility has a buffer overflow bug that may allow arbitrary execution of code.
Alerts:
Gentoo 200501-14 2005-01-10
Debian DSA-564-1 2004-10-13
Mandrake MDKSA-2004:100 2004-09-22
Gentoo 200409-20 2004-09-16

Comments (none posted)

mpg321: format string vulnerability

Package(s):mpg321 CVE #(s):CAN-2003-0969
Created:January 6, 2004 Updated:March 28, 2005
Description: A vulnerability was discovered in mpg321, a command-line mp3 player, whereby user-supplied strings were passed to printf(3) unsafely. This vulnerability could be exploited by a remote attacker to overwrite memory, and possibly execute arbitrary code. In order for this vulnerability to be exploited, mpg321 would need to play a malicious mp3 file (including via HTTP streaming).
Alerts:
Gentoo 200503-34 2005-03-28
Debian DSA-411-1 2004-01-05

Comments (none posted)

MPlayer: multiple overflows

Package(s):mplayer CVE #(s):
Created:December 20, 2004 Updated:January 5, 2005
Description: iDEFENSE, Ariel Berkman and the MPlayer development team found multiple vulnerabilities in MPlayer, potentially resulting in remote executing of arbitrary code. See iDEFENSE reports: MPlayer Bitmap Parsing Remote Heap Overflow Vulnerability, MPlayer MMST Streaming Stack Overflow Vulnerability and MPlayer Remote RTSP Heap Overflow Vulnerability.
Alerts:
Conectiva CLA-2005:910 2005-01-05
Mandrake MDKSA-2004:157 2004-12-22
Gentoo 200412-21 2004-12-20

Comments (none posted)

mysql: several vulnerabilities

Package(s):mysql CVE #(s):CAN-2004-0835 CAN-2004-0836 CAN-2004-0837
Created:October 11, 2004 Updated:April 6, 2005
Description: Several problems have been discovered in MySQL. Oleksandr Byelkin noticed that ALTER TABLE ... RENAME checks CREATE/INSERT rights of the old table instead of the new one. (CAN-2004-0835) Lukasz Wojtow noticed a buffer overrun in the mysql_real_connect function. (CAN-2004-0836) Dean Ellis noticed that multiple threads ALTERing the same (or different) MERGE tables to change the UNION can cause the server to crash or stall. (CAN-2004-0837)
Alerts:
Ubuntu USN-109-1 2005-04-06
Fedora FEDORA-2004-530 2004-12-08