LWN.net Logo

LWN.net Weekly Edition for July 07, 2005

Getting Started Listening to Podcasts

July 6, 2005

This article was contributed by Dan York

Last week, I discussed creating podcasts and offered some pointers to how you could get started along with reviews of a couple of books that can help. This week I want to back up a bit and talk about how you can get started listening to podcasts.

The Basics

First, though, I do need to address the question of what makes a podcast different from a regular audio file posted on a website. On a purely technical level, nothing is really different about the audio file. In fact, if you just want to listen to a podcast to see if it is something you would like to listen to on a regular basis, the best bet is often to go to the podcast website and simply download a recent episode and play it in your media player.

What is different is the way in which the audio file is normally retrieved. Rather than being something you click on, download, and play, you subscribe to the podcast RSS feed. This works by virtue of the fact that Dave Winer added an element called an Enclosure to RSS 2.0. Note that the enclosure element is actually not specific to audio: it can be used for pretty much any media element including video or images.

The beauty of this solution is that you simply need to subscribe to whichever podcasts interest you and then listen to them whenever new shows arrive - and whenever you feel like playing them. No need to check web sites for updates. No need to be online to listen to a streaming feed. Many people have referred to podcasting as "TiVo for audio" or "timeshifting radio" and indeed it very much works that way.

So in order to subscribe to podcasts, you need some software tool that can: a) handle RSS feeds; and b) interpret the RSS enclosure tag to download the media automatically for you. At a base level, that is pretty much all you need and the software that does this is often called either a "podcatcher" or "podcast aggregator". Of course, the programs out there don't simply do the base. They add the ability to easily manage your subscriptions, schedule the interval to check (ex. setup an appropriate cron job), manage the downloaded files, etc.

The Software

Linux users have the choice, of course, of podcatcher software in pretty much any language and with or without a GUI. A search on "podcast" at sites such as SourceForge or freshmeat will turn up a variety of choices in various states of development. Some of the prime contenders are:

iPodder - For someone just getting started who wants a GUI, my personal recommendation would be to start out with iPodder (also called the "iPodder Lemon" because of its logo). Being python-based, iPodder is cross-platform and is heavily-used within the Windows and Mac worlds. Linux users receive the benefit of all that usage/testing and have a robust program to use. Screenshots are available if you would like to see what it is all about.

BashPodder - For the text-inclined, BashPodder provides the functionality you need via a basic shell script. Simple, easy, and a breeze to extend. In fact, the site contains a wide range of user-contributed extensions and customizations. Additionally, for those who want the power of the shell but still with a GUI, there is BPConf that allows you to easily configure BashPodder.

jpodder - Another interesting choice is jpodder, a Java-based cross-platform podcatcher. Like iPodder, it is GUI-based and has a range of features.

Other choices - There are a range of other options (and readers are encouraged to leave their recommendations as comments), including:

A reader last week also commented that they were able to have Apple's iTunes program running on their Linux system using CrossOver Office. In any event, you need to have one of these programs installed to have the simplicity of subscribing to podcasts.

The Next Step

Once you have the software installed, you need to find podcasts to which you can subscribe. Some of the podcatchers, such as iPodder, include a built-in directory. Even with such a directory, though, you'll probably want to check out some of the directory sites. More keep appearing on a daily basis, but some of the major sites include:

Typically all you need to do is find the URL for the show's RSS feed and then enter it into your podcatcher software. Some programs allow drag-and-drop... but in any event that's it... you are now subscribed and will start to receive new shows. (Some podcatcher software will download the most recent show and then all new shows - some software will download all shows available in the feed.)

Happy listening! And please do feel free to leave comments to this article about your favorite podcasts - or feedback about various podcatcher software.

Comments (2 posted)

A look at the Bizgres Project

July 6, 2005

This article was contributed by Joe 'Zonker' Brockmeier.

There are a lot of PostgreSQL-derivative projects in the news lately. In May we looked at the EnterpriseDB project. The Bizgres Project released their 0.6 release last week, with a few new features of interest to organizations using PostgreSQL for data warehousing and business intelligence.

The Bizgres project was launched in April of this year. It is based on the PostgreSQL project, with development sponsored by Greenplum, which also uses the Bizgres source code in its DeepGreen offering. Josh Berkus, who works for Greenplum and is a member of the PostgreSQL core team, talked to us about the Bizgres release and the plans for the project.

The 0.6 release has two features of interest that are not currently found in PostgreSQL. The first is a patch that speeds up bulk loading of text data. Berkus said that the patch "speeds up bulk loading of text data by refactoring some of the bulk loader code."

The other feature is an improvement in temporary table creation. When tables are created using the "CREATE TABLE AS SELECT" statement, transaction logging is bypassed which can provide major benefits in performance -- in effect, a kind of "scratch" table that can be used to hold a copy of data that is being worked with without logging transactions. Berkus said that the Bizgres team is planning on expanding the capability to include the ability to bulk load into a "scratch table" but the current feature does not allow that.

With so many PostgreSQL-derived projects available, some may wonder if the project is forking. He said that Greenplum plans to contribute its features back to the PostgreSQL project, but that the timing of PostgreSQL releases made it hard to get the features that interest Greenplum and its customers into mainstream PostgreSQL in a timely fashion:

Feature freeze for 8.1 was July 1st, that was the last day for consideration of patches for 8.1, and for that matter, if you introduced a major patch on July 1 that hadn't been discussed, there's very little chance it'd be introduced [in the 8.1 release of PostgreSQL]. Much of the stuff [in Bizgres] has bad timing, and would have waited for 8.2.

Since PostgreSQL 8.2 is currently slated for summer of 2006, there is a distinct advantage in creating a derivative distribution of PostgreSQL to allow Greenplum and the Bizgres Project to push its features out to its users earlier. Berkus compared this to Linux vendors like Red Hat backporting features from the 2.5/2.6 kernel series to the 2.4 series while 2.6 was still in development. He also compared Bizgres to embedded Linux or Real Time Linux, "in that we're focusing on a distribution of PostgreSQL entirely focused on needs of people running data warehouses or doing business intelligence." Users outside those profiles, said Berkus, probably don't want to consider Bizgres or DeepGreen at all.

He also said that the Bizgres project is focused only on Linux, Solaris and Windows, as opposed to all of the platforms that are supported by the PostgreSQL project, which produces fewer platform compatibility issues for Bizgres.

Berkus allowed for the possibility that Bizgres could have features that do not make it into mainstream PostgreSQL, if they were of benefit to data warehouse applications without providing a benefit to general performance, but that he wasn't aware of any features under consideration that would fit that category.

As for licensing, Berkus said that anything developed by Greenplum for Bizgres would be available under a "BSD or analogous license."

We want to permit commercialization. Our goal, overall is to make it the standard in data warehousing and the BSD license is the best to choose. It eliminates any legal concerns that someone might have about adopting your software.

He also said that he wasn't concerned about other companies snapping up Bizgres' technology. According to Berkus, the major vendors like Microsoft, IBM and Oracle, "already have technology of their own that they have investment in, and they're unlikely to abandon theirs... and if they did [take Bizgres features and make them proprietary] it would be enough of a moral victory that it would be worth it."

Given the number of companies working on PostgreSQL distributions, it should be interesting to see how many of the improvements flow back into the main project, and whether the various companies can avoid straying too far from the main project. It should also be interesting to see whether the Bizgres project gains much steam as an independent project. The mailing list traffic isn't particularly heavy yet, but the project is still very new.

For users who are interested in trying out Bizgres, the 0.6 release is available as source code or binaries for Solaris 10 or Red Hat Linux.

Comments (1 posted)

First Look at Knoppix 4.0

July 6, 2005

This article was contributed by Ladislav Bodnar

The much awaited "maxi" DVD edition of Knoppix 4.0 was presented at the Linux Tag conference in Karlsruhe, Germany last week. As usual, this was a special edition and not a public release, but it didn't take long before the ISO image hit some of the popular BitTorrent download sites and it was even spotted on a few FTP servers a few days later. The reason for the high demand is not hard to understand - Knoppix 4.0 is the largest live Linux DVD ever produced, with a great collection of "the best open source software" available today.

First, some numbers. The size of the single-layer compressed DVD image is 4,122 MB. It contains over 9 GB of software in the form of 2,663 Debian packages providing more than 5,300 individual programs. Most of them come from the recently released Debian 3.1 "sarge", but there are several noteworthy upgrades, such as KDE 3.4.1. KDE is still the default desktop, but Knoppix 4.0 now contains ten other desktop environments and window managers, including the complete GNOME (2.8.1) and XFce (3.8.16 and 4.0.6), and even some exotic ones, such as LarsWM, Openbox, and RatPoison. Booting this DVD on a 4-year old 1.4 GHz Pentium 4 system with 384 MB of RAM took just under 8 minutes (from the GRUB boot prompt to KDE); for comparison, booting the Knoppix 3.9 CD on the same system took only about 3.5 minutes.

It needs to be mentioned that, starting from version 4.0, Knoppix will be split into two editions - "maxi" DVD and "light" CD. The light edition will essentially be the same Knoppix live CD that we have come to love and appreciate over the last couple of years, except that all development software will be removed and replaced with more general desktop applications. The public release of Knoppix 4.0 is expected within the next few weeks, with the "maxi" DVD and "light" CD editions appearing simultaneously.

The Knoppix 4.0 DVD contains many of the most popular open source software packages for the desktop, server, office, graphics, multimedia, and development. Compared to the live CD edition, users now have a choice of KOffice (1.3.5) and GNOME Office (AbiWord + Gnumeric), in addition to OpenOffice.org (a recent beta of the 2.0 series). On the server side of things, both Apache 1.3 and 2.0 are present, and, unlike the CD edition, the DVD also includes PostgreSQL 8. Some other interesting packages that have been missing from all recent Knoppix CD releases include Blender, Eclipse, GnuCash, Mozilla, LyX and teTeX. One downside of the DVD is that, with so many applications included, the standard Debian menus tend to be badly cluttered and poorly organized; as an example, the "Internet" submenu contains a total of 76 items, while the "System" submenu contains 88 items!

Besides adding new packages, what else is new in Knoppix 4.0? In the absence of any changelog we had to dig around the menus and file system to see what exciting things are hiding under the bonnet. The DVD has retained the Unionfs file system so extra packages can be installed on the fly - either from Debian repositories with apt-get or the newly included Synaptic, or via the web-based Klik installer, which also includes some non-free packages. A new feature is the ability to switch between the 11 desktop environments through a "Restart KNOPPIX Desktop" utility. Also, the DVD now contains a lot more documentation in HTML and PDF formats, including the excellent 133-page Knowing Knoppix and m23 Software Distribution guides.

There seems to be an increasing level of collaboration between the developers of Knoppix and other Knoppix-derived live CD and DVD projects. The Kanotix developers contributed some DSL network configuration and hard disk installation code (due to data decompression, a partition of at least 12 GB in size is required for installing the DVD edition of Knoppix 4.0 on the hard disk). Much of the newly included scientific and statistical software was accepted from the Quantian and Paipix live DVD projects, while a lot of educational software found its way into Knoppix from Freeduc, a distribution designed for schools.

Although providing a large number of applications on the DVD should please those users who missed some important pieces of software on the earlier CD editions, the size of the DVD presents its own set of problems. We have already mentioned the unsightly and difficult-to-navigate menus, but a potentially more annoying problem is the general sluggishness of the system while it runs from the DVD. Maybe a more modern DVD drive would be able to launch software packages in a speedier manner, but we were not impressed with a delay lasting several minutes after clicking on a PDF file in Konqueror. Likewise, OpenOffice.org Writer took 150 seconds to launch. Even navigating the menus was painfully slow, much slower than any of the CD editions. Of course, once an application is cached in the memory it starts a lot faster, but the first run of any large software package will likely test your patience.

This brings in the question about how useful a 4 GB Knoppix live DVD really is. Although it is easy to get excited over all the goodies available at a mouse click, many people will undoubtedly be put off by the long boot times, poor system responsiveness and cluttered menus. After having played with the system for a few minutes, we found ourselves craving for the much leaner and faster Knoppix CD - although not nearly as full-featured as the DVD edition, it contains enough applications to satisfy the majority of users. Whether you use Knoppix as a rescue CD, carry it around to boot computers in Internet cafes, or employ it to demonstrate Linux and open source software to interested parties, the CD edition of Knoppix will probably remain a more practical tool than the more complete, but also more sluggish DVD edition.

Comments (9 posted)

Page editor: Rebecca Sobol

Security

Brief items

PEAR XML_RPC remote code execution vulnerability

July 6, 2005

This article was contributed by Joe 'Zonker' Brockmeier.

A serious vulnerability in the PEAR XML_RPC library and the XML-RPC for PHP package has been disclosed. The vulnerability allows unsanitized data to be passed to the eval() call, which would allow execution of arbitrary PHP code.

The vulnerability was reported by James Bercegay of the GulfTech Security Research Team. Bercegay reports that the parseRequest() function passes data to eval() without sanitizing the input first. As a result, a properly-crafted XML file can be used to execute PHP code on the targeted server. Bercegay's advisory gives an example that could be used to execute the relatively harmless phpinfo() function to be executed on a target server:

<?xml version="1.0"?>
<methodCall>
<methodName>test.method</methodName>
  <params>
    <param>
      <value><name>','')); phpinfo(); exit;/*</name></value>
    </param>
  </params>
</methodCall>

PEAR's library or the XML-RPC for PHP package are used in a number of PHP-based projects, including WordPress, Drupal, PostNuke, Xaraya, phpGroupWare, Tikiwiki, and many others, which means that there are a lot of vulnerable servers out there. Users of PHP-based blogging applications and other packages that use XML_RPC should check to see if the software is vulnerable and update the package as soon as a new release is available. Some projects, like PostNuke, are advising users to remove the offending code altogether.

PEAR's XML_RPC library is also distributed with many Linux distributions. Most of the vulnerable projects and distributions have announced updated packages, and the PHP project has bundled the new PEAR XML_RPC package in PHP 4.4.0RC2, and a separate release is available on the PEAR site. The final PHP 4.4.0 release is scheduled for July 11. Users can also update the PEAR library by running "pear upgrade XML_RPC" as root or using sudo. An update of XML-RPC for PHP is also available.

Users should upgrade or take steps to remove the library as soon as possible, as it seems likely that exploits of this vulnerability will begin appearing in the wild soon, if they have not already.

Comments (2 posted)

New vulnerabilities

crip: insecure temporary files

Package(s):crip CVE #(s):CAN-2005-0393
Created:June 30, 2005 Updated:July 6, 2005
Description: Justin Rye discovered that crip, a terminal-based ripper, encoder and tagger tool, utilizes temporary files in an insecure fashion in its helper scripts.
Alerts:
Debian DSA-733-1 2005-06-30

Comments (none posted)

kernel: multiple vulnerabilities

Package(s):kernel CVE #(s):CAN-2005-1913 CAN-2005-1761
Created:July 1, 2005 Updated:September 9, 2005
Description: Several vulnerabilities in the 2.6 kernel have been fixed, including a subthread exec problem (CAN-2005-1913) and a ia64 ptrace + sigrestore_context problem (CAN-2005-1761).
Alerts:
Ubuntu USN-178-1 2005-09-09
Red Hat RHSA-2005:551-01 2005-08-25
SuSE SUSE-SA:2005:044 2005-08-04
Fedora FEDORA-2005-510 2005-07-01

Comments (1 posted)

phpbb: arbitrary command execution

Package(s):phpbb CVE #(s):
Created:July 4, 2005 Updated:July 6, 2005
Description: Ron van Daal discovered a vulnerability in the PhpBB highlighting code that can allow an attacker to execute arbitrary code with the privileges of the web server.
Alerts:
Gentoo 200507-03 2005-07-04

Comments (none posted)

php-pear: remote code execution

Package(s):php-pear CVE #(s):CAN-2005-1921
Created:July 1, 2005 Updated:July 29, 2005
Description: The PEAR XMLRPC implementation has a vulnerability that can be exploited for remote code execution. See this report from GulfTech Security Research. This vulnerability affects a large number of PHP web applications.
Alerts:
Fedora-Legacy FLSA:163559 2005-07-28
Conectiva CLA-2005:980 2005-07-14
Gentoo 200507-15 2005-07-15
Debian DSA-746-1 2005-07-13
Slackware SSA:2005-192-02 2005-07-12
Slackware SSA:2005-192-01 2005-07-12
Gentoo 200507-08 2005-07-10
Debian DSA-747-1 2005-07-10
Gentoo 200507-07 2005-07-10
Debian DSA-745-1 2005-07-10
SuSE SUSE-SA:2005:041 2005-07-08
Red Hat RHSA-2005:564-01 2005-07-07
Gentoo 200507-06 2005-07-06
Ubuntu USN-147-2 2005-07-06
Ubuntu USN-147-1 2005-07-05
Fedora FEDORA-2005-518 2005-07-05
Fedora FEDORA-2005-517 2005-07-05
Gentoo 200507-01 2005-07-03
Mandriva MDKSA-2005:109 2005-06-30

Comments (none posted)

zlib: buffer overflow

Package(s):zlib CVE #(s):CAN-2005-2096
Created:July 6, 2005 Updated:October 27, 2005
Description: zlib has a buffer overflow vulnerability that can be exploited by inflation of corrupted files, this can be used to crash zlib or possibly remotely execute code.
Alerts:
Mandriva MDKSA-2005:196 2005-10-26
Debian DSA-797-2 2005-09-28
Fedora FEDORA-2005-565 2005-07-13
Slackware SSA:2005-189-01 2005-07-10
Trustix TSLSA-2005-0034 2005-07-08
Mandriva MDKSA-2005:112 2005-07-06
Fedora FEDORA-2005-523 2005-07-07
Fedora FEDORA-2005-524 2005-07-07
OpenPKG OpenPKG-SA-2005.013 2005-07-07
Ubuntu USN-148-1 2005-07-06
SuSE SUSE-SA:2005:039 2005-07-06
Red Hat RHSA-2005:569-01 2005-07-06
Gentoo 200507-05 2005-07-06
Debian DSA-740-1 2005-07-06

Comments (6 posted)

Updated vulnerabilities

a2ps: input validation error

Package(s):a2ps CVE #(s):CAN-2004-1170 CAN-2004-1377
Created:November 26, 2004 Updated:December 19, 2005
Description: The GNU a2ps utility fails to properly sanitize filenames, which can be abused by a malicious user to execute arbitrary commands with the privileges of the user running the vulnerable application. More information at Security Focus.
Alerts:
Fedora-Legacy FLSA:152870 2005-12-17
Mandriva MDKSA-2005:097 2005-06-07
OpenPKG OpenPKG-SA-2005.003 2005-01-17
Gentoo 200501-02 2005-01-04
Debian DSA-612-1 2004-12-20
Mandrake MDKSA-2004:140 2004-11-25

Comments (none posted)

kernel: Linux amd64 kernel vulnerabilities

Package(s):AMD kernel CVE #(s):CAN-2005-1762 CAN-2005-1765
Created:June 27, 2005 Updated:June 29, 2005
Description: A Denial of Service vulnerability has been discovered in the ptrace() call on the amd64 platform. By calling ptrace() with specially crafted ("non-canonical") addresses, a local attacker could cause the kernel to crash. This only affects the amd64 platform. (CAN-2005-1762)

ZouNanHai discovered that a local user could hang the kernel by invoking syscall() with specially crafted arguments. This only affects the amd64 platform when running in the 32 bit compatibility mode. (CAN-2005-1765)

Alerts:
Ubuntu USN-143-1 2005-06-27

Comments (none posted)

bzip2: race condition and infinite loop

Package(s):bzip2 CVE #(s):CAN-2005-0953 CAN-2005-1260
Created:May 17, 2005 Updated:January 10, 2007
Description: A race condition in bzip2 1.0.2 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by bzip2 after the decompression is complete. Also specially crafted bzip2 archives may cause an infinite loop in the decompressor.
Alerts:
rPath rPSA-2007-0004-1 2007-01-09
Debian DSA-741-1 2005-07-07
Red Hat RHSA-2005:474-01 2005-06-16
OpenPKG OpenPKG-SA-2005.008 2005-06-10
SuSE SUSE-SR:2005:015 2005-06-07
Debian DSA-730-1 2005-05-27
Mandriva MDKSA-2005:091 2005-05-18
Ubuntu USN-127-1 2005-05-17

Comments (2 posted)

cacti: SQL injection and PHP file inclusion

Package(s):cacti CVE #(s):
Created:June 22, 2005 Updated:July 21, 2005
Description: Cacti (prior to version 0.8.6e) suffers from vulnerabilities which can lead to SQL injection and (on some systems) execution of arbitrary PHP files.
Alerts:
Debian DSA-764-1 2005-07-21
Gentoo GLSA 200506-20:02 2005-06-22
Gentoo GLSA 200506-20:02 2005-06-22
Gentoo 200506-20:02 2005-06-22
Gentoo 200506-20 2005-06-22

Comments (none posted)

ClamAV: denial of service

Package(s):clamav CVE #(s):CAN-2005-2056 CAN-2005-2070
Created:June 27, 2005 Updated:July 12, 2005
Description: Andrew Toller and Stefan Kanthak discovered that a flaw in libmspack's Quantum archive decompressor renders Clam AntiVirus vulnerable to a Denial of Service attack. A remote attacker could exploit this vulnerability to cause a Denial of Service by sending a specially crafted Quantum archive to the server.
Alerts:
Mandriva MDKSA-2005:113 2005-07-11
Debian DSA-737-1 2005-07-05
SuSE SUSE-SA:2005:038 2005-06-29
Gentoo 200506-23 2005-06-27

Comments (none posted)

cpio - file permissions error

Package(s):cpio CVE #(s):CAN-1999-1572
Created:February 2, 2005 Updated:July 19, 2005
Description: Some versions of cpio contain an ancient vulnerability where files created by that utility have overly generous access permissions.
Alerts:
Fedora-Legacy FLSA:152891 2005-07-15
Red Hat RHSA-2005:080-01 2005-02-18
Red Hat RHSA-2005:073-01 2005-02-15
Mandrake MDKSA-2005:032-1 2005-02-11
Mandrake MDKSA-2005:032 2005-02-10
Ubuntu USN-75-1 2005-02-04
Debian DSA-664-1 2005-02-02

Comments (none posted)

cpio: directory traversal

Package(s):cpio CVE #(s):CAN-2005-1111
Created:June 20, 2005 Updated:December 26, 2005
Description: There is a vulnerability in cpio (2.6 and previous) that allows a malicious cpio file to extract to an arbitrary directory of the attackers choice. cpio will extract to the path specified in the cpio file, this path can be absolute.
Alerts:
Mandriva MDKSA-2005:237 2005-12-23
Red Hat RHSA-2005:806-01 2005-11-10
Debian DSA-846-1 2005-10-07
Ubuntu USN-189-1 2005-09-29
Red Hat RHSA-2005:378-01 2005-07-21
Mandriva MDKSA-2005:116-1 2005-07-19
Mandriva MDKSA-2005:116 2005-07-11
Trustix TSLSA-2005-0030 2005-06-24
Gentoo 200506-16 2005-06-20

Comments (1 posted)

cURL: buffer overflow

Package(s):curl CVE #(s):CAN-2005-0490
Created:February 28, 2005 Updated:July 19, 2005
Description: Multiple stack-based buffer overflows in libcURL and cURL 7.12.1, and possibly other versions, allow remote malicious web servers to execute arbitrary code via base64 encoded replies that exceed the intended buffer lengths when decoded.
Alerts:
Fedora-Legacy FLSA:152917 2005-07-15
Fedora FEDORA-2005-325 2005-04-20
Red Hat RHSA-2005:340-01 2005-04-05
Conectiva CLA-2005:940 2005-03-21
Gentoo 200503-20 2005-03-16
Mandrake MDKSA-2005:048 2005-03-04
SuSE SUSE-SA:2005:011 2005-02-28
Ubuntu USN-86-1 2005-02-28

Comments (none posted)

cvs: multiple vulnerabilities

Package(s):cvs CVE #(s):CAN-2005-0753
Created:April 18, 2005 Updated:July 13, 2005
Description: CVS (in version prior to 1.11.20) has one or more buffer overflow vulnerabilities, memory leaks, and a NULL pointer dereferencing error. These can be used to launch a remote denial of service or to remotely execute arbitrary code.
Alerts:
Debian DSA-742-1 2005-07-07
Fedora-Legacy FLSA:155508 2005-05-12
Ubuntu USN-117-1 2005-05-04
Red Hat RHSA-2005:387-01 2005-04-25
Gentoo 200504-16:02 2005-04-18
Slackware SSA:2005-111-01 2005-04-22
Trustix TSLSA-2005-0013 2005-04-20
Mandriva MDKSA-2005:073 2005-04-20
Fedora FEDORA-2005-330 2005-04-20
Gentoo 200504-16 2005-04-18
SuSE SUSE-SA:2005:024 2005-04-18

Comments (none posted)

cyrus-imapd: buffer overflows

Package(s):cyrus-imapd CVE #(s):CAN-2005-0546
Created:February 23, 2005 Updated:April 10, 2006
Description: Cyrus-imapd, prior to version 2.2.12, contains several buffer overflows which could be exploited by an (authenticated) attacker to run code on the server system.
Alerts:
Fedora-Legacy FLSA:156290 2006-04-04
Red Hat RHSA-2005:408-01 2005-05-17
Fedora FEDORA-2005-339 2005-04-27
OpenPKG OpenPKG-SA-2005.005 2005-04-05
Conectiva CLA-2005:937 2005-03-17
Mandrake MDKSA-2005:051 2005-03-04
Ubuntu USN-87-1 2005-02-28
SuSE SUSE-SA:2005:009 2005-02-24
Gentoo 200502-29 2005-02-23

Comments (none posted)

dbus: information disclosure

Package(s):dbus CVE #(s):CAN-2005-0201
Created:June 8, 2005 Updated:August 30, 2005
Description: From the Red Hat alert: "Dan Reed discovered that a user can send and listen to messages on another user's per-user session bus if they know the address of the socket." At current usage levels, this vulnerability is not particularly threatening.
Alerts:
Fedora FEDORA-2005-822 2005-08-29
Ubuntu USN-144-1 2005-06-27
Mandriva MDKSA-2005:105 2005-06-24
Red Hat RHSA-2005:102-01 2005-06-08

Comments (none posted)

dhcp: format string vulnerability

Package(s):dhcp CVE #(s):CAN-2004-1006
Created:November 4, 2004 Updated:July 13, 2005
Description: Dhcp has a format string vulnerability in the log functions of dhcp 2.x that may be exploited via a malicious DNS server.
Alerts:
Fedora-Legacy FLSA:152835 2005-07-10
Red Hat RHSA-2005:212-01 2005-04-12
Debian DSA-584-1 2004-11-04

Comments (none posted)

Dnsmasq: poisoning and DoS

Package(s):dnsmasq CVE #(s):
Created:April 4, 2005 Updated:July 21, 2005
Description: Dnsmasq does not properly detect that DNS replies received do not correspond to any DNS query that was sent. Rob Holland of the Gentoo Linux Security Audit team also discovered two off-by-one buffer overflows that could crash DHCP lease files parsing.
Alerts:
Slackware SSA:2005-201-01 2005-07-21
Gentoo 200504-03 2005-04-04

Comments (none posted)

emacs21: format string vulnerability in "movemail"

Package(s):emacs21 CVE #(s):CAN-2005-0100
Created:February 7, 2005 Updated:May 15, 2006
Description: Max Vozeler discovered a format string vulnerability in the "movemail" utility of Emacs. By sending specially crafted packets, a malicious POP3 server could cause a buffer overflow, which could be exploited to execute arbitrary code with the privileges of the user and the "mail" group.
Alerts:
Fedora-Legacy FLSA:152898 2006-05-12
Debian DSA-685-1 2005-02-17
Mandrake MDKSA-2005:038 2005-02-15
Gentoo 200502-20 2005-02-15
Fedora FEDORA-2005-146 2005-02-14
Fedora FEDORA-2005-145 2005-02-14
Red Hat RHSA-2005:133-01 2005-02-15
Red Hat RHSA-2005:110-01 2005-02-15
Red Hat RHSA-2005:134-01 2005-02-10
Red Hat RHSA-2005:112-01 2005-02-10
Fedora FEDORA-2005-116 2005-02-08
Fedora FEDORA-2005-115 2005-02-08
Debian DSA-671-1 2005-02-08
Debian DSA-670-1 2005-02-08
Ubuntu USN-76-1 2005-02-07

Comments (none posted)

enscript: arbitrary code execution

Package(s):enscript CVE #(s):CAN-2004-1184 CAN-2004-1185 CAN-2004-1186
Created:January 21, 2005 Updated:May 27, 2006
Description: Erik Sjölund has discovered several security relevant problems in enscript, a program to convert ASCII text into Postscript and other formats. Unsanitized input can cause the execution of arbitrary commands via EPSF pipe support. Due to missing sanitizing of filenames it is possible that a specially crafted filename can cause arbitrary commands to be executed. Multiple buffer overflows can cause the program to crash.
Alerts:
rPath rPSA-2006-0083-1 2006-05-26
Fedora-Legacy FLSA:152892 2005-12-17
Red Hat RHSA-2005:040-01 2005-02-15
Mandrake MDKSA-2005:033 2005-02-10
Gentoo 200502-03 2005-02-02
Red Hat RHSA-2005:039-01 2005-02-01
Fedora FEDORA-2005-096 2005-01-31
Fedora FEDORA-2005-092 2005-01-28
Fedora FEDORA-2005-091 2005-01-28
Fedora FEDORA-2005-016 2005-01-26
Fedora FEDORA-2005-015 2005-01-26
Ubuntu USN-68-1 2005-01-24
Debian DSA-654-1 2005-01-21

Comments (none posted)

ettercap: format string vulnerability

Package(s):ettercap CVE #(s):CAN-2005-1796
Created:June 13, 2005 Updated:July 13, 2005
Description: The Ettercap suite of networking tools has a format string vulnerability that can be exploited by a remote attacker for the execution of arbitrary code.
Alerts:
Debian DSA-749-1 2005-07-10
Gentoo 200506-07 2005-06-11

Comments (none posted)

evolution: message crash vulnerability

Package(s):evolution CVE #(s):CAN-2005-0806
Created:March 17, 2005 Updated:August 11, 2005
Description: The Evolution mail client can be crashed when reading certain types of messages.
Alerts:
Ubuntu USN-166-1 2005-08-11
Red Hat RHSA-2005:397-01 2005-05-04
Conectiva CLA-2005:950 2005-04-27
Fedora FEDORA-2005-338 2005-04-22
Mandrake MDKSA-2005:059 2005-03-16

Comments (none posted)

Foomatic: Arbitrary command execution in foomatic-rip

Package(s):foomatic CVE #(s):CAN-2004-0801
Created:September 20, 2004 Updated:May 31, 2006
Description: There is a vulnerability in the foomatic-filters package. This vulnerability is due to insufficient checking of command-line parameters and environment variables in the foomatic-rip filter. This vulnerability may allow both local and remote attackers to execute arbitrary commands on the print server with the permissions of the spooler.
Alerts:
SuSE SUSE-SA:2006:026 2006-05-30
Fedora-Legacy FLSA:2076 2004-11-05
Conectiva CLA-2004:880 2004-10-27
Fedora FEDORA-2004-303 2004-09-21
Gentoo 200409-24 2004-09-20

Comments (none posted)

gaim: denial of service

Package(s):gaim CVE #(s):CAN-2005-1934
Created:June 15, 2005 Updated:July 5, 2005
Description: There's yet another remote vulnerability in gaim; this one affects MSN users, who can be subject to denial of service attacks via malicious messages.
Alerts:
Debian DSA-734-1 2005-07-05
Fedora FEDORA-2005-411 2005-06-16
Fedora FEDORA-2005-410 2005-06-16
Red Hat RHSA-2005:518-01 2005-06-16
Ubuntu USN-140-1 2005-06-15

Comments (none posted)

gdb: multiple vulnerabilities

Package(s):gdb CVE #(s):CAN-2005-1704 CAN-2005-1705
Created:May 20, 2005 Updated:August 11, 2006
Description: Tavis Ormandy of the Gentoo Linux Security Audit Team discovered an integer overflow in the BFD library, resulting in a heap overflow. A review also showed that by default, gdb insecurely sources initialization files from the working directory. Successful exploitation would result in the execution of arbitrary code on loading a specially crafted object file or the execution of arbitrary commands.
Alerts:
Red Hat RHSA-2006:0354-01 2006-08-10
Red Hat RHSA-2006:0368-01 2006-07-20
Mandriva MDKSA-2005:215 2005-11-23
Fedora FEDORA-2005-1033 2005-10-27
Fedora FEDORA-2005-1032 2005-10-27
Red Hat RHSA-2005:801-01 2005-10-18
Red Hat RHSA-2005:763-01 2005-10-11
Red Hat RHSA-2005:709-01 2005-10-05
Red Hat RHSA-2005:673-01 2005-10-05
Red Hat RHSA-2005:659-01 2005-09-28
Fedora FEDORA-2005-498 2005-06-29
Fedora FEDORA-2005-497 2005-06-29
Gentoo 200506-01 2005-06-01
Trustix TSLSA-2005-0025 2005-05-31
Mandriva MDKSA-2005:095 2005-05-30
Ubuntu USN-136-2 2005-05-27
Ubuntu USN-136-1 2005-05-27
Ubuntu USN-135-1 2005-05-27
Gentoo 200505-15 2005-05-20

Comments (5 posted)

gtk-pixbuf, gtk2: denial of service

Package(s):gdk-pixbuf gtk2 CVE #(s):CAN-2005-0891
Created:March 30, 2005 Updated:December 19, 2005
Description: The BMP image processing code in gdk-pixbuf and gtk2 contains a denial of service vulnerability exploitable via a specially crafted image file.
Alerts:
Fedora-Legacy FLSA:155510 2005-12-17
Fedora-Legacy FLSA:154272 2005-07-15
SuSE SUSE-SR:2005:010 2005-04-08
Mandrake MDKSA-2005:069 2005-04-07
Mandrake MDKSA-2005:068 2005-04-07
Ubuntu USN-108-1 2005-04-05
Red Hat RHSA-2005:343-01 2005-04-05
Red Hat RHSA-2005:344-01 2005-04-01
Fedora FEDORA-2005-268 2005-03-30
Fedora FEDORA-2005-267 2005-03-30
Fedora FEDORA-2005-266 2005-03-30
Fedora FEDORA-2005-265 2005-03-30

Comments (none posted)

gedit: format string vulnerability

Package(s):gedit CVE #(s):CAN-2005-1686
Created:June 9, 2005 Updated:February 5, 2009
Description: A format string vulnerability has been discovered in gedit. Calling the program with specially crafted file names caused a buffer overflow, which could be exploited to execute arbitrary code with the privileges of the gedit user.
Alerts:
Fedora FEDORA-2009-1189 2009-01-29
Fedora FEDORA-2009-1187 2009-01-29
Debian DSA-753-1 2005-07-12
Mandriva MDKSA-2005:102 2005-06-15
Red Hat RHSA-2005:499-01 2005-06-13
Gentoo 200506-09 2005-06-11
Ubuntu USN-138-1 2005-06-09

Comments (1 posted)

gettext: Insecure temporary file handling

Package(s):gettext CVE #(s):CAN-2004-0966
Created:October 11, 2004 Updated:March 1, 2006
Description: gettext insecurely creates temporary files in world-writeable directories with predictable names. A local attacker could create symbolic links in the temporary files directory, pointing to a valid file somewhere on the filesystem. When gettext is called, this would result in file access with the rights of the user running the utility, which could be the root user.
Alerts:
Mandriva MDKSA-2006:051 2006-02-28
Fedora-Legacy FLSA:136323 2006-01-09
Gentoo 200410-10:02 2004-10-10
OpenPKG OpenPKG-SA-2004.055 2004-12-23
Ubuntu USN-5-1 2004-10-27
Gentoo 200410-10 2004-10-10

Comments (1 posted)

gftp: missing input sanitizing

Package(s):gftp CVE #(s):CAN-2005-0372 CAN-2004-1376
Created:February 17, 2005 Updated:July 13, 2005
Description: gftp has a directory traversal vulnerability. A remote server could use specially crafted filenames to overwrite local files.
Alerts:
Fedora-Legacy FLSA:152908 2005-07-10
Red Hat RHSA-2005:410-01 2005-06-13
Fedora FEDORA-2005-310 2005-04-07
Fedora FEDORA-2005-309 2005-04-07
Mandrake MDKSA-2005:050 2005-03-04
Gentoo 200502-27 2005-02-19
SuSE SUSE-SR:2005:005 2005-02-18
Debian DSA-686-1 2005-02-17

Comments (none posted)

ghostscript: symlink vulnerabilities

Package(s):ghostscript CVE #(s):CAN-2004-0967
Created:October 20, 2004 Updated:September 28, 2005
Description: The ghostscript package (prior to version 7.07.1-r7) contains several scripts which are vulnerable to symlink attacks.
Alerts:
Red Hat RHSA-2005:081-01 2005-09-28
Ubuntu USN-3-1 2004-10-27
Gentoo 200410-18 2004-10-20

Comments (none posted)

glibc: tempfile vulnerability in catchsegv script

Package(s):glibc CVE #(s):CAN-2004-0968
Created:October 21, 2004 Updated:November 14, 2005
Description: The catchsegv script in the glibc package has a symlink vulnerability that may allow a local user to overwrite arbitrary files with the permissions of the user that is running the script.
Alerts:
Fedora-Legacy FLSA:152848 2005-11-13
Red Hat RHSA-2005:261-01 2005-04-28
Debian DSA-636-1 2005-01-12
Mandrake MDKSA-2004:159 2004-12-29
Red Hat RHSA-2004:586-01 2004-12-20
Fedora FEDORA-2004-356 2004-11-11
Ubuntu USN-4-1 2004-10-27
Gentoo 200410-19 2004-10-21

Comments (none posted)

gnupg: information leak

Package(s):gnupg CVE #(s):CAN-2005-0366
Created:March 16, 2005 Updated:August 19, 2005
Description: GnuPG (and other PGP-like systems) suffers from an information leak which could, in some situations, be used by an attacker to obtain plain text from an encrypted message. See this message for a detailed explanation of the problem. "We know of no real-world application that is affected by this type of attack. It is an attack that requires the active participation of someone who holds the actual key required to decrypt a message. Thus, it is not something you are likely to see."
Alerts:
Ubuntu USN-170-1 2005-08-19
Gentoo 200503-29 2005-03-24
Mandrake MDKSA-2005:057 2005-03-15

Comments (none posted)

grip: buffer overflow

Package(s):grip CVE #(s):CAN-2005-0706
Created:March 10, 2005 Updated:November 19, 2008
Description: Grip, a CD ripper, has a buffer overflow vulnerability that can occur when the CDDB server returns more than 16 matches.
Alerts:
Fedora FEDORA-2008-9604 2008-11-19
Fedora FEDORA-2008-9521 2008-11-19
Fedora-Legacy FLSA:152919 2005-09-15
Mandriva MDKSA-2005:074 2005-04-20
Mandriva MDKSA-2005:075 2005-04-20
Gentoo 200504-07 2005-04-08
Mandrake MDKSA-2005:066 2005-04-01
Red Hat RHSA-2005:304-01 2005-03-28
Gentoo 200503-21 2005-03-17
Fedora FEDORA-2005-203 2005-03-09
Fedora FEDORA-2005-202 2005-03-09

Comments (none posted)

groff: insecure temporary directory

Package(s):groff CVE #(s):CAN-2004-0969
Created:November 1, 2004 Updated:February 9, 2006
Description: Recently, Trustix Secure Linux discovered a vulnerability in the groff package. The utility "groffer" created a temporary directory in an insecure way, which allowed exploitation of a race condition to create or overwrite files with the privileges of the user invoking the program.
Alerts:
Mandriva MDKSA-2006:038 2006-02-08
Gentoo 200411-15 2004-11-08
Ubuntu USN-13-1 2004-11-01

Comments (none posted)

gxine: format string vulnerability

Package(s):gxine CVE #(s):CAN-2005-1692
Created:May 26, 2005 Updated:July 23, 2005
Description: The gxine media player has a format string vulnerability in the hostname decoding function. A specially crafted file can be used to cause a user to execute arbitrary code.
Alerts:
Slackware SSA:2005-203-04 2005-07-23
Gentoo 200505-19 2005-05-26

Comments (none posted)

gzip: race condition and directory traversal

Package(s):gzip CVE #(s):CAN-2005-0988 CAN-2005-1228
Created:May 4, 2005 Updated:July 13, 2005
Description: gzip suffers from a race condition which could allow a fast-fingered attacker to change the permissions on files owned by others. There is also a directory traversal vulnerability associated with the -N option.
Alerts:
Debian DSA-752-1 2005-07-11
Red Hat RHSA-2005:357-01 2005-06-13
OpenPKG OpenPKG-SA-2005.010 2005-06-10
OpenPKG OpenPKG-SA-2005.009 2005-06-10
Mandriva MDKSA-2005:092 2005-05-18
Gentoo 200505-05 2005-05-09
Trustix TSLSA-2005-0018 2005-05-06
Ubuntu USN-116-1 2005-05-04

Comments (none posted)

Heimdal: buffer overflow vulnerabilities

Package(s):heimdal CVE #(s):CAN-2005-2040
Created:June 29, 2005 Updated:July 18, 2005
Description: It has been reported that the "getterminaltype" function of Heimdal's (before 0.6.5) telnetd server is vulnerable to buffer overflows. An attacker could exploit this vulnerability to execute arbitrary code with the permission of the telnetd server program.
Alerts:
Debian DSA-758-1 2005-07-18
SuSE SUSE-SA:2005:040 2005-07-06
Gentoo 200506-24 2005-06-29

Comments (none posted)

htdig: cross site scripting

Package(s):htdig CVE #(s):CAN-2005-0085
Created:February 14, 2005 Updated:January 10, 2006
Description: Michael Krax discovered that ht://Dig fails to validate the 'config' parameter before displaying an error message containing the parameter. This flaw could allow an attacker to conduct cross-site scripting attacks.
Alerts:
Fedora-Legacy FLSA:152907 2006-01-09
Mandrake MDKSA-2005:063 2005-03-31
Red Hat RHSA-2005:090-01 2005-02-15
Debian DSA-680-1 2005-02-14
Gentoo 200502-16 2005-02-13

Comments (none posted)

ImageMagick: xwd coder denial of service

Package(s):ImageMagick CVE #(s):CAN-2005-1739
Created:May 26, 2005 Updated:July 19, 2005
Description: The xwd coder in ImageMagick has a vulnerability that can be accessed by working on a maliciously created image. A denial of service can result.
Alerts:
Fedora-Legacy FLSA:152777 2005-07-12
Mandriva MDKSA-2005:107 2005-06-28
Red Hat RHSA-2005:480-01 2005-06-02
Fedora FEDORA-2005-395 2005-05-26

Comments (none posted)

imap: buffer overflow in c-client

Package(s):imap CVE #(s):CAN-2003-0297
Created:February 18, 2005 Updated:April 10, 2006
Description: A buffer overflow flaw was found in the c-client IMAP client. An attacker could create a malicious IMAP server that if connected to by a victim could execute arbitrary code on the client machine.
Alerts:
Fedora-Legacy FLSA:184074 2006-04-04
Fedora-Legacy FLSA:152912 2005-05-12
Red Hat RHSA-2005:114-01 2005-02-18

Comments (none posted)

imlib2: buffer overflows

Package(s):imlib2 CVE #(s):CAN-2004-0802 CAN-2004-0817
Created:September 8, 2004 Updated:October 26, 2005
Description: The imlib2 library contains buffer overflows in the BMP handling code.
Alerts:
Debian DSA-548-2 2005-10-26
Conectiva CLA-2004:870 2004-09-28
Debian DSA-552-1 2004-09-22
Debian DSA-548-1 2004-09-16
Red Hat RHSA-2004:465-01 2004-09-15
Gentoo 200409-12 2004-09-08
Fedora FEDORA-2004-301 2004-09-09
Fedora FEDORA-2004-300 2004-09-09
Mandrake MDKSA-2004:089 2004-09-07

Comments (none posted)

infozip: privilege escalation, directory-traversal

Package(s):infozip CVE #(s):CAN-2003-0282 CAN-2004-1010 CAN-2005-0602
Created:May 2, 2005 Updated:August 1, 2005
Description: InfoZip reports that Zip 2.3 and (presumably) all previous versions have a buffer-overrun vulnerability relating to deep directory paths that could potentially lead to local privilege escalation (e.g., in the case of automated, Zip-based backups). All versions of UnZip through 5.50 have a number of directory-traversal vulnerabilities.
Alerts:
Ubuntu USN-159-1 2005-08-01
Slackware SSA:2005-121-01 2005-05-02

Comments (1 posted)

junkbuster: heap corruption and settings modification

Package(s):junkbuster CVE #(s):CVE-2005-1108 CVE-2005-1109
Created:April 13, 2005 Updated:November 5, 2005
Description: JunkBuster through version 2.02-r2 contains two vulnerabilities: a heap corruption bug and a possible privacy violation.
Alerts:
Debian DSA-713-1 2005-04-21
Gentoo 200504-11 2005-04-13

Comments (1 posted)

kdelibs: unsanitzied input

Package(s):kdelibs CVE #(s):CAN-2004-1165
Created:January 10, 2005 Updated:July 19, 2005
Description: Thiago Macieira discovered a vulnerability in the kioslave library, which is part of kdelibs, which allows a remote attacker to execute arbitrary FTP commands via an ftp:// URL that contains an URL-encoded newline before the FTP command.
Alerts:
Fedora-Legacy FLSA:152769 2005-07-15
Mandrake MDKSA-2005:045 2005-02-17
Red Hat RHSA-2005:065-01 2005-02-15
Red Hat RHSA-2005:009-01 2005-02-10
Fedora FEDORA-2005-064 2005-01-25
Fedora FEDORA-2005-063 2005-01-25
Gentoo 200501-18 2005-01-11
Debian DSA-631-1 2005-01-10

Comments (none posted)

kernel: multiple vulnerabilities

Package(s):kernel CVE #(s):CAN-2005-0400 CAN-2005-0749 CAN-2005-0750 CAN-2005-0815 CAN-2005-0839
Created:April 1, 2005 Updated:July 1, 2005
Description: More kernel vulnerabilities have been discovered including:
  • Mathieu Lafon discovered an information leak in the ext2 file system driver. (CAN-2005-0400)
  • Yichen Xie discovered a Denial of Service vulnerability in the ELF loader. (CAN-2005-0749)
  • Ilja van Sprundel discovered that the bluez_sock_create() function did not check its "protocol" argument for negative values. (CAN-2005-0750)
  • Michal Zalewski discovered that the iso9660 file system driver fails to check ranges properly in several cases. (CAN-2005-0815)
  • Previous kernels did not restrict the use of the N_MOUSE line discipline in the serial driver. (CAN-2005-0839)
Alerts:
Mandriva MDKSA-2005:110 2005-06-30
Mandriva MDKSA-2005:111 2005-06-30
Fedora-Legacy FLSA:152532 2005-06-04
Conectiva CLA-2005:952 2005-05-02
Red Hat RHSA-2005:284-01 2005-04-28
Red Hat RHSA-2005:283-01 2005-04-28
Red Hat RHSA-2005:293-01 2005-04-22
Fedora FEDORA-2005-313 2005-04-11
Trustix TSLSA-2005-0011 2005-04-05
SuSE SUSE-SA:2005:021 2005-04-04
Ubuntu USN-103-1 2005-04-01

Comments (1 posted)

kernel: ELF loader core dump vulnerability

Package(s):kernel CVE #(s):CAN-2005-1263
Created:May 11, 2005 Updated:August 25, 2005
Description: Paul Starzetz has posted an advisory for yet another kernel vulnerability. In this case, by using a specially manipulated ELF binary, a local attacker can compromise the system (via the core dump code) and obtain root access. This vulnerability affects all kernels from 2.2 through 2.6.12-rc4.
Alerts:
Red Hat RHSA-2005:529-01 2005-08-25
Red Hat RHSA-2005:420-01 2005-06-08
Red Hat RHSA-2005:472-01 2005-05-25
Fedora FEDORA-2005-392 2005-05-23
Ubuntu USN-131-1 2005-05-23
Trustix TSLSA-2005-0022 2005-05-13

Comments (none posted)

kernel: multiple vulnerabilities

Package(s):kernel CVE #(s):CAN-2005-0449 CAN-2005-0209 CAN-2005-0529 CAN-2005-0530 CAN-2005-0532 CAN-2005-0384 CAN-2005-0210 CAN-2005-0504 CAN-2005-0003
Created:March 24, 2005 Updated:May 31, 2006
Description: A number of vulnerabilities have been found in the Linux kernel, including a PPP-related denial of service problem, an integer overflow in the epoll() code, memory corruption in the ELF loader, and exploitable overflows in the ISO9660 code.
Alerts:
Debian DSA-1082-1 2006-05-29
Debian DSA-1069-1 2006-05-20
Debian DSA-1070-1 2006-05-21
Debian DSA-1067-1 2006-05-20
Conectiva CLA-2005:945 2005-03-31
Fedora FEDORA-2005-262 2005-03-28
SuSE SUSE-SA:2005:018 2005-03-24

Comments (none posted)

kimgio input validation errors

Package(s):kimgio CVE #(s):CAN-2005-1046
Created:April 22, 2005 Updated:July 19, 2005
Description: KDE has issued a security advisory for kimgio. This is found in kdelibs as shipped with KDE 3.2 up to including KDE 3.4. kimgio contains a PCX image file format reader that does not properly perform input validation. A source code audit performed by the KDE security team discovered several vulnerabilities in the PCX and other image file format readers, some of them exploitable to execute arbitrary code.
Alerts:
Ubuntu USN-114-2 2005-05-27
Red Hat RHSA-2005:393-01 2005-05-17
Mandriva MDKSA-2005:085 2005-05-12
Ubuntu USN-114-1 2005-05-03
Fedora FEDORA-2005-350 2005-05-02
Debian DSA-714-1 2005-04-26
Gentoo 200504-22 2005-04-22

Comments (none posted)

libconvert-uulib-perl: arbitrary code execution

Package(s):libconvert-uulib-perl CVE #(s):CAN-2005-1349
Created:May 20, 2005 Updated:January 27, 2006
Description: Mark Martinec and Robert Lewis discovered a buffer overflow in Convert::UUlib (before 1.051), a Perl interface to the uulib library, which may result in the execution of arbitrary code.
Alerts:
Mandriva MDKSA-2006:022 2006-01-26
Debian DSA-727-1 2005-05-20

Comments (1 posted)

libdbi-perl: insecure temporary file

Package(s):libdbi-perl CVE #(s):CAN-2005-0077
Created:January 25, 2005 Updated:March 2, 2006
Description: Javier Fernández-Sanguino Peña from the Debian Security Audit Project discovered that the DBI library, the Perl5 database interface, creates a temporary PID file in an insecure manner. This can be exploited by a malicious user to overwrite arbitrary files owned by the person executing the parts of the library.
Alerts:
Fedora-Legacy FLSA:178989 2006-03-01
Gentoo 200501-38:03 2005-01-26
Red Hat RHSA-2005:072-01 2005-02-15
Mandrake MDKSA-2005:030 2005-02-08
Red Hat RHSA-2005:069-01 2005-02-01
Gentoo 200501-38 2005-01-26
Ubuntu USN-70-1 2005-01-25
Debian DSA-658-1 2005-01-25

Comments (none posted)

libgd2: buffer overflows in PNG handling

Package(s):libgd2 CVE #(s):CAN-2004-0990 CAN-2004-0941
Created:October 29, 2004 Updated:June 28, 2006
Description: Several buffer overflows have been discovered in libgd's PNG handling functions.
If an attacker tricked a user into loading a malicious PNG image, they could leverage this into executing arbitrary code in the context of the user opening image. Most importantly, this library is commonly used in PHP. One possible target would be a PHP driven photo website that lets users upload images. Therefore this vulnerability might lead to privilege escalation to a web server's privileges.
Multiple buffer overflows in the gd graphics library (libgd) 2.0.21 and earlier may allow remote attackers to execute arbitrary code via malformed image files that trigger the overflows due to improper calls to the gdMalloc function.
Alerts:
Mandriva MDKSA-2006:114 2006-06-27
Red Hat RHSA-2006:0194-01 2006-02-01
Fedora-Legacy FLSA:152838 2005-07-15
Red Hat RHSA-2004:638-01 2004-12-17
Ubuntu USN-33-1 2004-11-29
Debian DSA-602-1 2004-11-29
Debian DSA-601-1 2004-11-29
Mandrake MDKSA-2004:132 2004-11-15
Ubuntu USN-25-1 2004-11-15
Fedora FEDORA-2004-412 2004-11-11
Fedora FEDORA-2004-411 2004-11-11
Ubuntu USN-21-1 2004-11-09
Debian DSA-591-1 2004-11-09
Debian DSA-589-1 2004-11-09
Gentoo 200411-08 2004-11-03
OpenPKG OpenPKG-SA-2004.049 2004-10-30
Ubuntu USN-11-1 2004-10-28

Comments (none posted)

libnet-ssleay-perl: weakened cryptographic operations

Package(s):libnet-ssleay-perl CVE #(s):CAN-2005-0106
Created:May 3, 2005 Updated:January 27, 2006
Description: Javier Fernandez-Sanguino Pena discovered that this library used the file /tmp/entropy as a fallback entropy source if a proper source was not set in the environment variable EGD_PATH. This can potentially lead to weakened cryptographic operations if an attacker provides a /tmp/entropy file with known content.
Alerts:
Mandriva MDKSA-2006:023 2006-01-26
Ubuntu USN-113-1 2005-05-03

Comments (none posted)

libTIFF: buffer overflow

Package(s):libtiff CVE #(s):CAN-2005-1544
Created:May 10, 2005 Updated:February 18, 2006
Description: Tavis Ormandy of the Gentoo Linux Security Audit Team discovered a stack based buffer overflow in the libTIFF library when reading a TIFF image with a malformed BitsPerSample tag. Successful exploitation would require the victim to open a specially crafted TIFF image, resulting in the execution of arbitrary code.
Alerts:
Mandriva MDKSA-2006:042 2006-02-17
Debian DSA-755-1 2005-07-13
Ubuntu USN-130-1 2005-05-19
Gentoo 200505-07 2005-05-10

Comments (1 posted)

libxml2 - arbitrary code execution

Package(s):libxml2 CVE #(s):CAN-2004-0110
Created:February 26, 2004 Updated:August 19, 2009
Description: Yuuichi Teranishi discovered a flaw in libxml2 versions prior to 2.6.6. When fetching a remote resource via FTP or HTTP, libxml2 uses special parsing routines. These routines can overflow a buffer if passed a very long URL. If an attacker is able to find an application using libxml2 that parses remote resources and allows them to influence the URL, then this flaw could be used to execute arbitrary code.
Alerts:
Fedora FEDORA-2009-8594 2009-08-15
Fedora FEDORA-2009-8582 2009-08-15
Fedora-Legacy FLSA:1324 2004-07-19
Conectiva CLA-2004:836 2004-03-31
Gentoo 200403-01 2004-03-06
Trustix TSLSA-2004-0010 2004-03-05
OpenPKG OpenPKG-SA-2004.003 2004-03-05
Netwosix NW-2004-0004 2004-03-04
Debian DSA-455-1 2004-03-03
Mandrake MDKSA-2004:018 2004-03-03
Red Hat RHSA-2004:091-02 2004-03-03
Whitebox WBSA-2004:090-01 2004-03-01
Red Hat RHSA-2004:090-01 2004-02-26
Fedora FEDORA-2004-087 2004-02-25
Red Hat RHSA-2004:091-01 2004-02-26

Comments (none posted)

libxml2: multiple buffer overflows

Package(s):libxml2 CVE #(s):CAN-2004-0989
Created:October 28, 2004 Updated:August 19, 2009
Description: libxml2 prior to version 2.6.14 has multiple buffer overflow vulnerabilities, if a local user passes a specially crafted FTP URL, arbitrary code may be executed.
Alerts:
Fedora FEDORA-2009-8594 2009-08-15
Fedora FEDORA-2009-8582 2009-08-15
Ubuntu USN-89-1 2005-02-28
Red Hat RHSA-2004:650-01 2004-12-16
Conectiva CLA-2004:890 2004-11-18
Red Hat RHSA-2004:615-01 2004-11-12
Mandrake MDKSA-2004:127 2004-11-04
Debian DSA-582-1 2004-11-02
Gentoo 200411-05 2004-11-02
Trustix TSLSA-2004-0055 2004-10-29
OpenPKG OpenPKG-SA-2004.050 2004-10-31
Ubuntu USN-10-1 2004-10-28
Fedora FEDORA-2004-353 2004-10-28

Comments (none posted)

libXpm: new buffer overflows

Package(s):libXpm CVE #(s):CAN-2005-0605
Created:March 4, 2005 Updated:March 8, 2006
Description: A new vulnerability has been discovered in libXpm, which is included in OpenMotif and LessTif, that can potentially lead to remote code execution.
Alerts:
Fedora-Legacy FLSA:168264 2006-03-07
Fedora-Legacy FLSA:152803 2006-01-09
Fedora FEDORA-2005-815 2005-08-26
Fedora FEDORA-2005-808 2005-08-25
Red Hat RHSA-2005:198-01 2005-06-08
Red Hat RHSA-2005:473-01 2005-05-24
Red Hat RHSA-2005:412-01 2005-05-11
Debian DSA-723-1 2005-05-09
Mandriva MDKSA-2005:081 2005-05-05
Mandriva MDKSA-2005:080 2005-04-28
Red Hat RHSA-2005:044-01 2005-04-06
Red Hat RHSA-2005:331-01 2005-03-30
Fedora FEDORA-2005-273 2005-03-29
Fedora FEDORA-2005-272 2005-03-29
Ubuntu USN-97-1 2005-03-16
Gentoo 200503-15 2005-03-12
Ubuntu USN-92-1 2005-03-07
Gentoo 200503-08 2005-03-04

Comments (none posted)

lvm10: creates insecure temporary directory

Package(s):lvm10 CVE #(s):CAN-2004-0972
Created:November 1, 2004 Updated:July 25, 2005
Description: Trustix Secure Linux discovered a vulnerability in a supplemental script of the lvm10 package. The program "lvmcreate_initrd" created a temporary directory in an insecure way, which could allow a symlink attack to create or overwrite arbitrary files with the privileges of the user invoking the program.
Alerts:
Fedora-Legacy FLSA:152842 2005-07-24
Mandrake MDKSA-2004:144 2004-12-06
Gentoo 200411-22 2004-11-11
Debian DSA-583-1 2004-11-03
Ubuntu USN-15-1 2004-11-01

Comments (none posted)

mailman: path traversal

Package(s):mailman CVE #(s):CAN-2005-0202
Created:February 9, 2005 Updated:July 13, 2005
Description: The "private" module in the mailman mailing list manager fails to sanitize path names adequately. An attacker could exploit this vulnerability to retrieve private information, including passwords and private list archives.

This vulnerability was used to compromise the Full-Disclosure list.

Alerts:
Fedora-Legacy FLSA:152895 2005-07-10
Ubuntu USN-78-2 2005-02-17
Debian DSA-674-3 2005-02-21
Mandrake MDKSA-2005:037 2005-02-14
Red Hat RHSA-2005:137-01 2005-02-15
SuSE SUSE-SA:2005:007 2005-02-14
Debian DSA-674-2 2005-02-11
Red Hat RHSA-2005:136-01 2005-02-10
Gentoo 200502-11 2005-02-10
Fedora FEDORA-2005-132 2005-02-10
Fedora FEDORA-2005-131 2005-02-10
Ubuntu USN-78-1 2005-02-09

Comments (none posted)

mc: buffer overflow

Package(s):mc CVE #(s):CAN-2005-0763
Created:March 29, 2005 Updated:August 11, 2005
Description: An unfixed buffer overflow has been discovered by Andrew V. Samoilov in mc, the midnight commander, a file browser and manager.
Alerts:
Fedora-Legacy FLSA:152889 2005-08-10
Red Hat RHSA-2005:512-01 2005-06-16
Debian DSA-698-1 2005-03-29

Comments (none posted)

mod_python: remote access vulnerability

Package(s):mod_python CVE #(s):CAN-2005-0088
Created:February 10, 2005 Updated:April 10, 2006
Description: mod_python has a vulnerability in the publisher handler that may allow a remote user to use a specially crafted URL to allow access to objects that should be protected. An information leak can result.
Alerts:
Fedora-Legacy FLSA:152896 2006-04-04
Conectiva CLA-2005:926 2005-03-02
Debian DSA-689-1 2005-02-23
Red Hat RHSA-2005:100-01 2005-02-15
Gentoo 200502-14 2005-02-13
Trustix TSLSA-2005-0003 2005-02-11
Ubuntu USN-80-1 2005-02-11
Red Hat RHSA-2005:104-01 2005-02-10
Fedora FEDORA-2005-140 2005-02-10
Fedora FEDORA-2005-139 2005-02-10

Comments (none posted)

Mozilla Firefox, Mozilla Suite: multiple vulnerabilities

Package(s):mozilla CVE #(s):CAN-2005-0989
Created:April 19, 2005 Updated:July 18, 2005
Description: The following vulnerabilities were found and fixed in the Mozilla Suite and Mozilla Firefox:
  • Vladimir V. Perepelitsa reported a memory disclosure bug in JavaScript's regular expression string replacement when using an anonymous function as the replacement argument (CAN-2005-0989).
  • moz_bug_r_a4 discovered that Chrome UI code was overly trusting DOM nodes from the content window, allowing privilege escalation via DOM property overrides.
  • Michael Krax reported a possibility to run JavaScript code with elevated privileges through the use of javascript: favicons.
  • Michael Krax also discovered that malicious Search plugins could run JavaScript in the context of the displayed page or stealthily replace existing search plugins.
  • shutdown discovered a technique to pollute the global scope of a window in a way that persists from page to page.
  • Doron Rosenberg discovered a possibility to run JavaScript with elevated privileges when the user asks to "Show" a blocked popup that contains a JavaScript URL.
  • Finally, Georgi Guninski reported missing Install object instance checks in the native implementations of XPInstall-related JavaScript objects.
The following Firefox-specific vulnerabilities have also been discovered:
  • Kohei Yoshino discovered a new way to abuse the sidebar panel to execute JavaScript with elevated privileges.
  • Omar Khan reported that the Plugin Finder Service can be tricked to open javascript: URLs with elevated privileges.
Alerts:
Gentoo 200507-17 2005-07-18
Fedora-Legacy FLSA:152883 2005-05-18
Red Hat RHSA-2005:384-01 2005-04-28
SuSE SUSE-SA:2005:028 2005-04-27
Red Hat RHSA-2005:386-01 2005-04-26
Slackware SSA:2005-111-04 2005-04-22
Red Hat RHSA-2005:383-01 2005-04-21
Gentoo 200504-18 2005-04-19

Comments (none posted)

mozilla firefox: javascript vulnerabilities

Package(s):mozilla firefox CVE #(s):CAN-2005-1531 CAN-2005-1532
Created:June 9, 2005 Updated:July 19, 2005
Description: Firefox before 1.0.4 and Mozilla Suite before 1.7.8 does not properly implement certain security checks for script injection, which allows remote attackers to execute script via "Wrapped" javascript.

Firefox before 1.0.4 and Mozilla Suite before 1.7.8 does not properly limit privileges of Javascript eval and Script objects in the calling context, which allows remote attackers to conduct unauthorized activities via "non-DOM property overrides," a variant of CAN-2005-1160.

Alerts:
Fedora-Legacy FLSA:158149 2005-07-15
SuSE SUSE-SA:2005:030 2005-06-09

Comments (1 posted)

MPlayer: heap overflows

Package(s):mplayer CVE #(s):
Created:April 20, 2005 Updated:July 12, 2005
Description: Heap overflows have been found in the code handling RealMedia RTSP and Microsoft Media Services streams over TCP (MMST). By setting up a malicious server and enticing a user to use its streaming data, a remote attacker could possibly execute arbitrary code on the client computer with the permissions of the user running MPlayer.
Alerts:
Mandriva MDKSA-2005:115 2005-07-11
Gentoo 200504-19 2005-04-20

Comments (none posted)

MySQL: input validation and temporary file vulnerabilities

Package(s):mysql CVE #(s):CAN-2005-0709 CAN-2005-0710 CAN-2005-0711
Created:March 16, 2005 Updated:July 19, 2005
Description: MySQL (prior to version 4.0.24) suffers from two input validation errors and a temporary file vulnerability.
Alerts:
Fedora-Legacy FLSA:152925 2005-07-15
OpenPKG OpenPKG-SA-2005.006 2005-04-20
Debian DSA-707-1 2005-04-13
Fedora FEDORA-2005-305 2005-04-05
Fedora FEDORA-2005-304 2005-04-05
Red Hat RHSA-2005:348-01 2005-04-05
Conectiva CLA-2005:946 2005-04-04
Red Hat RHSA-2005:334-01 2005-03-28
SuSE SUSE-SA:2005:019 2005-03-24
Mandrake MDKSA-2005:060 2005-03-21
Trustix TSLSA-2005-0009 2005-03-21
Ubuntu USN-96-1 2005-03-16
Gentoo 200503-19 2005-03-16

Comments (none posted)

ncpfs: multiple vulnerabilities

Package(s):ncpfs CVE #(s):CAN-2005-0013 CAN-2005-0014
Created:January 31, 2005 Updated:May 15, 2006
Description: Erik Sjolund discovered two vulnerabilities in the programs bundled with ncpfs: there is a potentially exploitable buffer overflow in ncplogin (CAN-2005-0014), and due to a flaw in nwclient.c, utilities using the NetWare client functions insecurely access files with elevated privileges (CAN-2005-0013).
Alerts:
Fedora-Legacy FLSA:152904 2006-05-12
Fedora FEDORA-2005-435 2005-08-16
Red Hat RHSA-2005:371-01 2005-05-17
Mandrake MDKSA-2005:028 2005-02-01
Gentoo 200501-44 2005-01-30

Comments (none posted)

Net-SNMP: fixproc insecure temporary file creation

Package(s):net-snmp CVE #(s):CAN-2005-1740
Created:May 23, 2005 Updated:July 13, 2005
Description: The fixproc application of Net-SNMP creates temporary files with predictable filenames.
Alerts:
Fedora FEDORA-2005-561 2005-07-13
Fedora FEDORA-2005-562 2005-07-13
Gentoo 200505-18 2005-05-23

Comments (1 posted)

nfs-utils: arbitrary code execution

Package(s):nfs-utils CVE #(s):CAN-2004-0946
Created:January 11, 2005 Updated:February 27, 2006
Description: Arjan van de Ven discovered a buffer overflow in rquotad on 64bit architectures; an improper integer conversion could lead to a buffer overflow. An attacker with access to an NFS share could send a specially crafted request which could then lead to the execution of arbitrary code.
Alerts:
Fedora-Legacy FLSA:138098 2006-02-25
Red Hat RHSA-2005:014-01 2005-01-12
Mandrake MDKSA-2005:005 2005-01-11

Comments (none posted)

openssh: directory traversal

Package(s):openssh CVE #(s):CAN-2004-0175
Created:May 18, 2005 Updated:July 13, 2005
Description: The OpenSSH scp client can, when connected to a hostile server, be instructed to overwrite arbitrary files.
Alerts:
Fedora-Legacy FLSA:123014 2005-07-11
Mandriva MDKSA-2005:100 2005-06-14
Red Hat RHSA-2005:495-01 2005-06-13
Red Hat RHSA-2005:165-01 2005-06-08
Red Hat RHSA-2005:481-01 2005-06-02
Red Hat RHSA-2005:106-01 2005-05-18
Red Hat RHSA-2005:074-01 2005-05-18

Comments (1 posted)

openssl: der_chop script temp file vulnerability

Package(s):openssl CVE #(s):CAN-2004-0975
Created:November 11, 2004 Updated:July 19, 2005
Description: The der_chop script in openssl has a temp file vulnerability that may allow an attacker to overwrite arbitrary files with the permissions that the script is running under.
Alerts:
Fedora-Legacy FLSA:152841 2005-07-15
Mandrake MDKSA-2004:147 2004-12-06
Debian DSA-603-1 2004-12-01
Ubuntu USN-24-1 2004-11-11

Comments (1 posted)

OpenSSL: information leak

Package(s):openssl CVE #(s):CAN-2005-0109
Created:May 23, 2005 Updated:October 11, 2005
Description: Hyper-Threading technology, as used in FreeBSD other operating systems and implemented on Intel Pentium and other processors, allows local users to use a malicious thread to create covert channels, monitor the execution of other threads, and obtain sensitive information such as cryptographic keys, via a timing attack on memory cache misses. See this LWN article for more information.
Alerts:
Trustix TSLSA-2005-0028 2005-06-13
Mandriva MDKSA-2005:096 2005-06-06
Red Hat RHSA-2005:476-01 2005-06-01
Fedora FEDORA-2005-390 2005-05-23
Fedora FEDORA-2005-389 2005-05-23

Comments (none posted)

OpenSSL: denial of service vulnerabilities

Package(s):OpenSSL CVE #(s):CAN-2004-0081 CAN-2003-0851
Created:March 17, 2004 Updated:November 2, 2005
Description: Versions 0.9.7a-c of the OpenSSL library suffer from two denial of service vulnerabilities; see the version 0.9.7d release announcement for details.
Alerts:
Red Hat RHSA-2005:830-00 2005-11-02
Red Hat RHSA-2005:829-00 2005-11-02
Fedora FEDORA-2005-1042 2005-10-31
Fedora-Legacy FLSA:1395 2004-05-08
Conectiva CLA-2004:834 2004-03-31
Whitebox WBSA-2004:084-01 2004-03-23
Red Hat RHSA-2004:084-01 2004-03-23
Fedora FEDORA-2004-095 2004-03-19
Whitebox WBSA-2004:120-01 2004-03-22
Trustix TSLSA-2004-0012 2004-03-17
Slackware SSA:2004-077-01 2004-03-17
Red Hat RHSA-2004:121-01 2004-03-17
OpenPKG OpenPKG-SA-2004.007 2004-03-18
Gentoo 200403-03 2004-03-17
Debian DSA-465-1 2004-03-17
Netwosix NW-2004-0005 2004-03-17
Mandrake MDKSA-2004:023 2004-03-17
SuSE SuSE-SA:2004:007 2004-03-17
Red Hat RHSA-2004:120-01 2004-03-17
Red Hat RHSA-2004:119-01 2004-03-17
EnGarde ESA-20040317-003 2004-03-17

Comments (1 posted)

perl: setuid vulnerabilities

Package(s):perl CVE #(s):CAN-2005-0155 CAN-2005-0156
Created:February 2, 2005 Updated:August 11, 2006
Description: There are two vulnerabilities with perl when it is used in a setuid mode. The PERLIO_DEBUG environment variable can be used to overwrite arbitrary files; there is also an associated buffer overflow which can be exploited to gain root access.
Alerts:
Red Hat RHSA-2006:0605-01 2006-08-10
Fedora FEDORA-2005-353 2005-05-02
Red Hat RHSA-2005:103-01 2005-02-15
Gentoo 200502-13 2005-02-11
SuSE SUSE-SR:2005:004 2005-02-11
Mandrake MDKSA-2005:031 2005-02-08
Red Hat RHSA-2005:105-01 2005-02-07
Ubuntu USN-72-1 2005-02-02

Comments (none posted)

perl: symlink vulnerability

Package(s):perl CVE #(s):CAN-2005-0448
Created:March 9, 2005 Updated:January 30, 2006
Description: The rmtree() function in the File:Path.pm module has a symlink vulnerability which could be exploited to create setuid binaries.
Alerts:
Fedora-Legacy FLSA:152845 2006-01-24
Red Hat RHSA-2005:674-01 2005-10-05
Fedora FEDORA-2005-600 2005-07-22
Mandriva MDKSA-2005:079 2005-04-28
Debian DSA-696-1 2005-03-22
Ubuntu USN-94-1 2005-03-09

Comments (none posted)

php4: integer overflow and denial of service

Package(s):php4 CVE #(s):CAN-2005-1042 CAN-2005-1043
Created:April 14, 2005 Updated:July 13, 2005
Description: The php4 EXIF module has two vulnerabilities. An integer overflow in the exif_process_IFD_TAG() function can be exploited to cause a buffer overflow for the purpose of arbitrary code execution. EXIF headers with a large IFD nesting level can be used to cause a denial of service. Remote exploits are possible.
Alerts:
Fedora-Legacy FLSA:155505 2005-07-10
Red Hat RHSA-2005:406-01 2005-05-04
Red Hat RHSA-2005:405-01 2005-04-28
Mandriva MDKSA-2005:072 2005-04-18
Ubuntu USN-112-1 2005-04-14

Comments (none posted)

phpsysinfo: cross-site-scripting

Package(s):phpsysinfo CVE #(s):CAN-2005-0870
Created:May 18, 2005 Updated:November 15, 2005
Description: The phpsysinfo program contains several cross-site scripting vulnerabilities.
Alerts:
Debian DSA-724-1 2005-05-18

Comments (none posted)

postgresql: EXECUTE privilege vulnerability

Package(s):postgresql CVE #(s):CAN-2005-0244 CAN-2005-0245 CAN-2005-0246 CAN-2005-0247
Created:February 10, 2005 Updated:July 19, 2005
Description: postgresql has a vulnerability in which the EXECUTE privilege may not be checked on custom functions. This may allow any database user to circumvent the EXECUTE restriction on functions.
Alerts:
Fedora-Legacy FLSA:152844 2005-07-16
Trustix TSLSA-2005-0015 2005-04-25
SuSE SUSE-SA:2005:027 2005-04-20
SuSE SUSE-SR:2005:008 2005-03-18
SuSE SUSE-SR:2005:006 2005-02-25
Fedora FEDORA-2005-158 2005-02-22
Fedora FEDORA-2005-157 2005-02-22
Mandrake MDKSA-2005:040 2005-02-17
Red Hat RHSA-2005:150-01 2005-02-16
Debian DSA-683-1 2005-02-15
Red Hat RHSA-2005:138-01 2005-02-15
Gentoo 200502-19 2005-02-14
Ubuntu USN-79-1 2005-02-10

Comments (none posted)

postgresql: database initialization errors

Package(s):postgresql CVE #(s):CAN-2005-1409 CAN-2005-1410
Created:May 4, 2005 Updated:February 28, 2006
Description: PostgreSQL suffers from two vulnerabilities in how databases are set up by default; they allow a local attacker (one with access to the database) to crash the back end and, perhaps, execute code with the privileges of the server process. See this advisory for details and workarounds.
Alerts:
Fedora-Legacy FLSA:157366 2006-02-27
Mandriva MDKSA-2005:093 2005-05-26
Red Hat RHSA-2005:433-01 2005-06-01
Gentoo 200505-12 2005-05-15
Fedora FEDORA-2005-368 2005-05-10
Ubuntu USN-118-1 2005-05-04

Comments (none posted)

Pound: buffer overflow

Package(s):pound CVE #(s):CVE-2005-1391
Created:May 2, 2005 Updated:January 10, 2006
Description: Steven Van Acker has discovered a buffer overflow vulnerability in the "add_port()" function in Pound 1.8.2+. A remote attacker could send a request for an overly long hostname parameter, which could lead to the remote execution of arbitrary code with the rights of the Pound daemon process.
Alerts:
Gentoo 200504-29 2005-04-30

Comments (none posted)

ppxp: missing privilege release

Package(s):ppxp CVE #(s):CAN-2005-0392
Created:May 19, 2005 Updated:July 5, 2005
Description: The ppxp PPP program has a log file vulnerability that can allow the root privileges used by the software to remain active, enabling the opening of a root shell by a local user.
Alerts:
Debian DSA-725-2 2005-07-04
Debian DSA-725-1 2005-05-19

Comments (none posted)

razor-agents: denial of service

Package(s):razor-agents CVE #(s):
Created:June 23, 2005 Updated:July 6, 2005
Description: The Vipuls Razor spam detection framework has multiple vulnerabilities. Processing of malformed messages can lead to a remote denial of service by causing the software to execute infinite loops.
Alerts:
Debian DSA-738-1 2005-07-05
SuSE SUSE-SA:2005:035 2005-06-23

Comments (none posted)

RealPlayer HelixPlayer arbitrary code execution

Package(s):RealPlayer HelixPlayer CVE #(s):CAN-2005-1766 CAN-2005-1277
Created:June 27, 2005 Updated:July 6, 2005
Description: RealNetworks, Inc. has addressed security vulnerabilities that offered the potential for an attacker to run arbitrary or malicious code on a customer's machine. RealNetworks has received no reports of machines compromised as a result of the now-remedied vulnerabilities. RealNetworks takes all security vulnerabilities very seriously.
Alerts:
Gentoo 200507-04 2005-07-06
Red Hat RHSA-2005:523-02 2005-07-05
SuSE SUSE-SA:2005:037 2005-06-27
Fedora FEDORA-2005-484 2005-06-25
Fedora FEDORA-2005-483 2005-06-25

Comments (none posted)

rp-pppoe, pppoe: missing privilege dropping

Package(s):rp-pppoe, pppoe CVE #(s):CAN-2004-0564
Created:October 4, 2004 Updated:November 15, 2005
Description: Max Vozeler discovered a vulnerability in pppoe, the PPP over Ethernet driver from Roaring Penguin. When the program is running setuid root (which is not the case in a default Debian installation), an attacker could overwrite any file on the file system.
Alerts:
Fedora-Legacy FLSA:152794 2005-11-14
Mandrake MDKSA-2004:145 2004-12-06
Debian DSA-557-1 2004-10-04

Comments (none posted)

ruby: arbitrary command execution

Package(s):ruby CVE #(s):CAN-2005-1992
Created:June 21, 2005 Updated:October 6, 2005
Description: Ruby (versions < 1.8.2) is vulnerable to arbitrary command execution on XMLRPC servers.
Alerts:
Gentoo 200510-05 2005-10-06
Red Hat RHSA-2005:543-01 2005-08-05
Mandriva MDKSA-2005:118 2005-07-12
Gentoo 200507-10 2005-07-11
Debian DSA-748-1 2005-07-10
Ubuntu USN-146-1 2005-06-29
Fedora FEDORA-2005-475 2005-06-22
Fedora FEDORA-2005-474 2005-06-22

Comments (none posted)

samba: integer overflow vulnerability

Package(s):samba CVE #(s):CAN-2004-1154
Created:December 16, 2004 Updated:July 19, 2005
Description: Samba has an integer overflow vulnerability that may allow an authenticated remote user to execute arbitrary code on the Samba server.
Alerts:
Fedora-Legacy FLSA:152874 2005-07-15
Debian DSA-701-2 2005-04-21
Debian DSA-701-1 2005-03-31
Conectiva CLA-2005:913 2005-01-06
Red Hat RHSA-2005:020-01 2005-01-05
Mandrake MDKSA-2004:158 2004-12-27
SuSE SUSE-SA:2004:045 2004-12-22
Red Hat RHSA-2004:681-01 2004-12-21
Fedora FEDORA-2004-562 2004-12-20
Fedora FEDORA-2004-561 2004-12-20
Gentoo 200412-13 2004-12-17
Ubuntu USN-41-1 2004-12-17
OpenPKG OpenPKG-SA-2004.054 2004-12-17
Red Hat RHSA-2004:670-01 2004-12-16

Comments (none posted)

SpamAssassin: Denial of Service vulnerability

Package(s):spamassassin CVE #(s):CAN-2004-0796
Created:August 9, 2004 Updated:August 11, 2005
Description: SpamAssassin contains an unspecified Denial of Service vulnerability. By sending a specially crafted message an attacker could cause a Denial of Service attack against the SpamAssassin service.
Alerts:
Fedora-Legacy FLSA:129284 2005-08-10
Fedora-Legacy FLSA:2268 2005-03-24
Red Hat RHSA-2004:451-01 2004-09-30
Conectiva CLA-2004:867 2004-09-22
OpenPKG OpenPKG-SA-2004.041 2004-09-15
Mandrake MDKSA-2004:084 2004-08-18
Gentoo 200408-06 2004-08-09

Comments (none posted)

SpamAssassin: denial of service

Package(s):spamassassin CVE #(s):CAN-2005-1266
Created:June 17, 2005 Updated:July 28, 2005
Description: SpamAssassin 3.0.4 was released to fix a denial of service vulnerability in versions 3.0.1, 3.0.2, and 3.0.3. The vulnerability allows certain mis-formatted long message headers to cause spam checking to take a very long time.
Alerts:
OpenPKG OpenPKG-SA-2005.015 2005-07-28
Debian DSA-736-2 2005-07-07
Gentoo 200506-17:02 2005-06-21
Debian DSA 736-1 2005-07-01
Mandriva MDKSA-2005:106 2005-06-28
Red Hat RHSA-2005:498-01 2005-06-23
SuSE SUSE-SA:2005:033 2005-06-22
Gentoo 200506-17 2005-06-21
Fedora FEDORA-2005-428 2005-06-16
Fedora FEDORA-2005-427 2005-06-16

Comments (none posted)

squid: DNS spoofing

Package(s):squid CVE #(s):CAN-2005-1519
Created:May 18, 2005 Updated:July 13, 2005
Description: The squid proxy server performs DNS lookups in a way which is susceptible to answers injected by a hostile user, and, thus, DNS spoofing attacks.
Alerts:
Debian DSA-751-1 2005-07-11
Mandriva MDKSA-2005:104 2005-06-24
Red Hat RHSA-2005:415-01 2005-06-14
Red Hat RHSA-2005:489-01 2005-06-13
Ubuntu USN-129-1 2005-05-18
Fedora FEDORA-2005-373 2005-05-17

Comments (none posted)

SquirrelMail: multiple vulnerabilities

Package(s):squirrelmail CVE #(s):CAN-2005-0075 CAN-2005-0103 CAN-2005-0104
Created:January 28, 2005 Updated:July 19, 2005
Description: SquirrelMail 1.4.4 has been released, fixing a number of security issues that have been resolved since 1.4.3a.
Alerts:
Fedora-Legacy FLSA:152900 2005-07-16
Fedora FEDORA-2005-260 2005-03-28
Fedora FEDORA-2005-259 2005-03-28
Debian DSA-662-2 2005-03-14
Red Hat RHSA-2005:099-01 2005-02-15
Red Hat RHSA-2005:135-01 2005-02-10
Debian DSA-662-1 2005-02-01
Gentoo 200501-39 2005-01-28

Comments (none posted)

SquirrelMail: several XSS vulnerabilities

Package(s):squirrelmail CVE #(s):CAN-2005-1769
Created:June 21, 2005 Updated:September 16, 2005
Description: Several cross site scripting (XSS) vulnerabilities have been discovered in SquirrelMail versions 1.4.0 - 1.4.4.
Alerts:
Fedora-Legacy FLSA:163047 2005-09-14
Fedora FEDORA-2005-780 2005-08-22
Fedora FEDORA-2005-779 2005-08-22
Red Hat RHSA-2005:595-02 2005-08-05
Red Hat RHSA-2005:595-01 2005-08-03
Debian DSA-756-1 2005-07-13
Mandriva MDKSA-2005:108 2005-06-30
Gentoo 200506-19 2005-06-21

Comments (none posted)

sudo: race condition

Package(s):sudo CVE #(s):CAN-2005-1993
Created:June 21, 2005 Updated:February 24, 2006
Description: Charles Morris discovered a race condition in sudo which could lead to privilege escalation. If /etc/sudoers allowed a user the execution of selected programs, and this was followed by another line containing the pseudo-command "ALL", that user could execute arbitrary commands with sudo by creating symbolic links at a certain time.
Alerts:
Fedora-Legacy FLSA:162750 2006-02-23
Debian DSA-735-2 2005-07-07
Debian DSA 735-1 2005-07-01
Red Hat RHSA-2005:535-04 2005-06-29
SuSE SUSE-SA:2005:036 2005-06-24
OpenPKG OpenPKG-SA-2005.012 2005-06-23
Gentoo 200506-22 2005-06-23
Slackware SSA:2005-172-01 2005-06-22
Mandriva MDKSA-2005:103 2005-06-21
Fedora FEDORA-2005-473 2005-06-21
Fedora FEDORA-2005-472 2005-06-21
Ubuntu USN-142-1 2005-06-21

Comments (none posted)

File overwrite vulnerability in tar and unzip

Package(s):tar unzip CVE #(s):CAN-2001-1267 CAN-2001-1268 CAN-2001-1269 CAN-2002-0399
Created:October 1, 2002 Updated:April 10, 2006
Description: The tar utility does not properly filter file names containing "../", meaning that a hostile archive can, if unpacked by an unsuspecting user, overwrite any file that is writable by that user. GNU tar versions 1.13.19 and earlier are vulnerable; unzip through version 5.42 has the same vulnerability.
Alerts:
Fedora-Legacy FLSA:183571-1 2006-04-04
Red Hat RHSA-2006:0195-01 2006-02-21
Conectiva CLA-2002:538 2002-10-29
Mandrake MDKSA-2002:066 2002-10-10
Mandrake MDKSA-2002:065 2002-10-10
EnGarde ESA-20021003-022 2002-10-03
Gentoo unzip-20021001 2002-10-01
Gentoo tar-20021001 2002-10-01
Red Hat RHSA-2002:096-24 2002-09-18

Comments (1 posted)

tcpdump: denial of service

Package(s):tcpdump CVE #(s):CAN-2005-1267
Created:June 9, 2005 Updated:October 10, 2005
Description: Several tcpdump protocol decoders contain programming errors which can cause them to go into infinite loops.
Alerts:
Debian DSA-854-1 2005-10-09
Slackware SSA:2005-195-10 2005-07-15
Ubuntu USN-141-1 2005-06-21
Mandriva MDKSA-2005:101 2005-06-15
Fedora FEDORA-2005-407 2005-06-16
Gentoo 200505-06:02 2005-05-09
Red Hat RHSA-2005:505-01 2005-06-13
Fedora FEDORA-2005-406 2005-06-09

Comments (none posted)

tcpdump: multiple DoS issues

Package(s):tcpdump CVE #(s):CAN-2005-1280 CAN-2005-1279 CAN-2005-1278
Created:May 2, 2005 Updated:April 10, 2006
Description: The rsvp_print function in tcpdump 3.9.1 and earlier allows remote attackers to cause a denial of service (infinite loop) via a crafted RSVP packet of length 4. (CAN-2005-1280)

tcpdump 3.8.3 and earlier allows remote attackers to cause a denial of service (infinite loop) via a crafted BGP packet, which is not properly handled by RT_ROUTING_INFO, or LDP packet, which is not properly handled by the ldp_print function. (CAN-2005-1279)

The isis_print function, as called by isoclns_print, in tcpdump 3.9.1 and earlier allows remote attackers to cause a denial of service (infinite loop) via a zero length, as demonstrated using a GRE packet. (CAN-2005-1278)

Alerts:
Fedora-Legacy FLSA:156139 2006-04-04
Debian DSA-850-1 2005-10-09
Mandriva MDKSA-2005:087 2005-05-11
Red Hat RHSA-2005:417-02 2005-05-11
Red Hat RHSA-2005:421-02 2005-05-11
Gentoo 200505-06 2005-05-09
Ubuntu USN-119-1 2005-05-06
Fedora FEDORA-2005-351 2005-05-02

Comments (none posted)

telnet: buffer overflows

Package(s):telnet CVE #(s):CAN-2005-0468 CAN-2005-0469
Created:March 28, 2005 Updated:August 1, 2005
Description: Two buffer overflow flaws were discovered in the way the telnet client handles messages from a server. An attacker may be able to execute arbitrary code on a victim's machine if the victim can be tricked into connecting to a malicious telnet server.
Alerts:
Slackware SSA:2005-210-01 2005-08-01
Debian DSA-765-1 2005-07-22
Fedora-Legacy FLSA:154276 2005-07-24
Fedora-Legacy FLSA:152583 2005-07-11
Debian DSA-731-1 2005-06-02
Gentoo 200504-28 2005-04-28
Gentoo 200504-04 2005-04-06
Debian DSA-703-1 2005-04-01
Gentoo 200504-01 2005-04-01
Gentoo 200503-36 2005-03-31
Red Hat RHSA-2005:330-01 2005-03-30
Mandrake MDKSA-2005:061 2005-03-29
Fedora FEDORA-2005-274 2005-03-30
Fedora FEDORA-2005-277 2005-03-30
Fedora FEDORA-2005-270 2005-03-29
Fedora FEDORA-2005-269 2005-03-29
SuSE SUSE-SR:2005:009 2005-03-29
Debian DSA-699-1 2005-03-29
Debian DSA-697-1 2005-03-29
Red Hat RHSA-2005:327-01 2005-03-28

Comments (none posted)

Tor: information disclosure

Package(s):tor CVE #(s):
Created:June 21, 2005 Updated:August 25, 2005
Description: A bug in Tor allows attackers to view arbitrary memory contents from an exit server's process space. A remote attacker could exploit the memory disclosure to gain sensitive information and possibly even private keys.
Alerts:
Gentoo 200508-16 2005-08-25
Gentoo 200506-18 2005-06-21

Comments (none posted)

trac: file upload vulnerability

Package(s):trac CVE #(s):
Created:June 22, 2005 Updated:July 6, 2005
Description: Versions of trac prior to 0.8.4 suffer from an input validation error which can lead to the uploading of files to undesired locations on the host system.
Alerts:
Debian DSA-739-1 2005-07-06
Gentoo 200506-21 2005-06-22

Comments (none posted)

vixie-cron: crontab allows any user to read another users crontabs

Package(s):vixie-cron CVE #(s):CAN-2005-1038
Created:April 15, 2005 Updated:March 15, 2006
Description: crontab in Vixie cron 4.1, when running with the -e option, allows local users to read the cron files of other users by changing the file being edited to a symlink. NOTE: there is insufficient information to know whether this is a duplicate of CVE-2001-0235. See also this Security Focus report.
Alerts:
Red Hat RHSA-2006:0117-01 2006-03-15
Red Hat RHSA-2005:361-01 2005-10-05
Fedora FEDORA-2005-320 2005-04-15

Comments (none posted)

wget: file overwrites and arbitrary code execution

Package(s):wget CVE #(s):CAN-2004-1487 CAN-2004-1488
Created:June 9, 2005 Updated:September 27, 2005
Description: wget 1.8.x and 1.9.x allows a remote malicious web server to overwrite certain files via a redirection URL containing a ".." that resolves to the IP address of the malicious server, which bypasses wget's filtering for ".." sequences.

wget 1.8.x and 1.9.x does not filter or quote control characters when displaying HTTP responses to the terminal, which may allow remote malicious web servers to inject terminal escape sequences and execute arbitrary code.

Alerts:
Red Hat RHSA-2005:771-01 2005-09-27
Ubuntu USN-145-2 2005-09-06
Ubuntu USN-145-1 2005-06-28
Mandriva MDKSA-2005:098 2005-06-09

Comments (none posted)

Wordpress: multiple vulnerabilities

Package(s):wordpress CVE #(s):
Created:June 6, 2005 Updated:July 4, 2005
Description: Due to a lack of input validation, WordPress is vulnerable to SQL injection and XSS attacks. An attacker could use the SQL injection vulnerabilities to gain information from the database. Furthermore the cross-site scripting issues give an attacker the ability to inject and execute malicious script code or to steal cookie-based authentication credentials, potentially compromising the victim's browser.
Alerts:
Gentoo 200507-02 2005-07-04
Gentoo 200506-04 2005-06-06

Comments (none posted)

XChat 2.0.x SOCKS5 Vulnerability

Package(s):xchat CVE #(s):CAN-2004-0409
Created:April 19, 2004 Updated:November 15, 2005
Description: XChat is vulnerable to a stack overflow that may allow a remote attacker to run arbitrary code. The SOCKS 5 proxy code in XChat is vulnerable to a remote exploit. Users would have to be using XChat through a SOCKS 5 server, enable SOCKS 5 traversal which is disabled by default and also connect to an attacker's custom proxy server. This vulnerability may allow an attacker to run arbitrary code within the context of the user ID of the XChat client.
Alerts:
Fedora-Legacy FLSA:123013 2005-11-14
Red Hat RHSA-2004:585-01 2004-10-27
Netwosix NW-2004-0014 2004-05-01
Red Hat RHSA-2004:177-01 2004-04-30
Mandrake MDKSA-2004:036 2004-04-21
Debian DSA-493-1 2004-04-21
Gentoo 200404-15 2004-04-19

Comments (none posted)

xine-lib: buffer overflows

Package(s):xine-lib CVE #(s):CAN-2004-1379
Created:September 22, 2004 Updated:April 10, 2006
Description: xine-lib (through version 1_rc6) contains buffer overflows in the subtitle parsing and DVD sub-picture decoder code.
Alerts:
Fedora-Legacy FLSA:152873 2006-04-04
Debian DSA-657-1 2005-01-25
Mandrake MDKSA-2004:105 2004-10-06
Slackware SSA:2004-266-04 2004-09-22
Gentoo 200409-30 2004-09-22

Comments (none posted)

xine-ui - insecure temporary file creation

Package(s):xine-ui CVE #(s):CAN-2004-0372
Created:April 6, 2004 Updated:April 27, 2006
Description: Shaun Colley discovered a problem in xine-ui, the xine video player user interface. A script contained in the package to possibly remedy a problem or report a bug does not create temporary files in a secure fashion. This could allow a local attacker to overwrite files with the privileges of the user invoking xine.
Alerts:
Gentoo 200404-20 2004-04-27
Slackware SSA:2004-111-01 2004-04-20
Mandrake MDKSA-2004:033 2004-04-19
Debian DSA-477-1 2004-04-06

Comments (none posted)

xorg-x11: integer overflows

Package(s):xorg-x11 CVE #(s):CAN-2004-0914
Created:November 18, 2004 Updated:September 12, 2005
Description: The X.Org libXpm library has several integer overflow vulnerabilities An attacker can modify XPM images to execute malicious code.
Alerts:
Ubuntu USN-83-2 2005-09-12
Fedora-Legacy FLSA:152804 2005-05-12
Ubuntu USN-83-1 2005-02-16
Gentoo 200502-07 2005-02-07
Gentoo 200502-06 2005-02-06
Red Hat RHSA-2004:612-01 2004-12-20
Red Hat RHSA-2004:610-01 2004-12-20
Debian DSA-607-1 2004-12-10
Mandrake MDKSA-2004:137-1 2004-11-29
Mandrake MDKSA-2004:137 2004-11-22
Mandrake MDKSA-2004:138 2004-11-22
Gentoo 200411-28 2004-11-19
Fedora FEDORA-2004-434 2004-11-17
Fedora FEDORA-2004-433 2004-11-17
SuSE SUSE-SA:2004:041 2004-11-17

Comments (none posted)

xpdf: buffer overflow

Package(s):xpdf CVE #(s):CAN-2005-0064
Created:January 19, 2005 Updated:March 15, 2007
Description: iDEFENSE has found yet another xpdf buffer overflow; see this advisory for details.
Alerts:
Fedora FEDORA-2007-1219 2007-03-14
Gentoo 200506-06 2005-06-09
Red Hat RHSA-2005:026-01 2005-03-16
Red Hat RHSA-2005:066-01 2005-02-15
Red Hat RHSA-2005:057-01 2005-02-15
Red Hat RHSA-2005:053-01 2005-02-15
Red Hat RHSA-2005:034-01 2005-02-15
Fedora-Legacy FLSA:2353 2005-02-10
Fedora-Legacy FLSA:2352 2005-02-10
Gentoo 200502-10 2005-02-09
Red Hat RHSA-2005:049-01 2005-02-01
SuSE SUSE-SR:2005:002 2005-01-26
Red Hat RHSA-2005:059-01 2005-01-26
Mandrake MDKSA-2005:020 2005-01-25
Mandrake MDKSA-2005:019 2005-01-25
Mandrake MDKSA-2005:016 2005-01-25
Mandrake MDKSA-2005:021 2005-01-25
Mandrake MDKSA-2005:018 2005-01-25
Mandrake MDKSA-2005:017 2005-01-25
Fedora FEDORA-2005-061 2005-01-25
Fedora FEDORA-2005-062 2005-01-25
Fedora FEDORA-2005-059 2005-01-25
Fedora FEDORA-2005-060 2005-01-25
Conectiva CLA-2005:921 2005-01-25
Fedora FEDORA-2004-049 2005-01-24
Fedora FEDORA-2004-048 2005-01-24
Gentoo 200501-32 2005-01-23
Gentoo 200501-31 2005-01-23
Gentoo 200501-30 2005-01-22
Gentoo 200501-28 2005-01-21
Fedora FEDORA-2005-052 2005-01-20
Fedora FEDORA-2005-051 2005-01-20
Ubuntu USN-64-1 2005-01-19
Debian DSA-645-1 2005-01-19
Debian DSA-648-1 2005-01-19

Comments (1 posted)

XV: multiple vulnerabilities

Package(s):xv CVE #(s):
Created:April 19, 2005 Updated:July 19, 2005
Description: Greg Roelofs has reported multiple input validation errors in XV image decoders. Tavis Ormandy of the Gentoo Linux Security Audit Team has reported insufficient validation in the PDS (Planetary Data System) image decoder, format string vulnerabilities in the TIFF and PDS decoders, and insufficient protection from shell meta-characters in malformed filenames. Successful exploitation would require a victim to view a specially created image file using XV, potentially resulting in the execution of arbitrary code.
Alerts:
Slackware SSA:2005-195-02 2005-07-15
Gentoo 200504-17 2005-04-19

Comments (none posted)

Resources

Linux Advisory Watch - July 1st 2005

The Linux Advisory Watch for July 1, 2005 is out, with articles on Linux File & Directory Permissions Mistakes, Measuring Security IT Success, Getting to Know Linux Security: File Permissions, The Tao of Network Security Monitoring: Beyond Intrusion Detection, and other news.

Full Story (comments: none)

Linux Security Week - July 4th 2005

The Linux Advisory Watch for July 4, 2005 is out. Articles include Review: The Book of Postfix: State-of-the-Art Message Transport, Introduction: Buffer Overflow Vulnerabilities, Getting to Know Linux Security: File Permissions, and more.

Full Story (comments: none)

Page editor: Rebecca Sobol

Kernel development

Brief items

Kernel release status

The 2.6.13-rc1 kernel was released on Jun 28. It contained over 2000 different patches, showing that there was a lot of pent-up development during the end of the 2.6.12 release cycle. It contains changes in almost all areas of the kernel, such as: USB, SCSI, driver core, ALSA, static cleanups, IDE, network drivers, network core, audit, input, pcmcia, I2C, W1, V4L, NFS, IB and ARM arch. It also contains some new features such as kexec/kdump, execute-in-place and a new architecture called xtensa. Also, devfs has been disabled from the build (but the code is still present). In all, over 3000 files were changed, with over 190000 lines added and over 84000 lines removed.

Since then, the 2.6.13-rc2 kernel was released on July 5. It had a much more manageable set of around 180 patches. The patches were mostly bug fixes for various things that were merged in the 2.6.13-rc1 release: driver core, PCI, ARM, TCP, pcmcia and serial, along with a few new options: driver binding and unbinding from userspace through sysfs.

The current stable 2.6 kernel is 2.6.12.2, it was released on July 1.

Linux 2.4.32-pre1 was released on July 4, it contains x86_64 security updates and other fixes.

Comments (4 posted)

Kernel development news

A couple of graphical git front ends

The development of git is a classic free software success story, even at this early stage. When Linus Torvalds needed a new tool for managing source code revisions, he sat down for a week and bashed out something which was enough for other people to play with. It didn't do much, but it contained enough in the way of good ideas and functionality that a group of developers quickly gathered around it and started making it better. Git may still have a number of rough edges, but, to a great extent, it has taken BitKeeper's place in the development process.

One of those rough edges has been the lack of graphical tools for working with the repository. Things are happening in this area as well, however, and there are now two tools available which warrant a look. These tools (being gitk and qgit) both function as patch browsers; neither, currently, can actually make any changes to a git repository. In other words, capabilities like three-way patch conflict resolution are still missing. But you have to start somewhere; either of these tools will be helpful for anybody who wishes to look at the path the kernel took to get to the current point.

gitk is a Tk-based utility written by Paul Mackerras; the current release is version 1.1. The build [gitk screenshot] process for gitk is about the easiest your editor has ever encountered; since it is written in Tcl, installation is simply a matter of putting the gitk script somewhere in your path.

Running gitk yields a three-paned window. At the top is a reverse-time list of committed patches, along with a graphical trace showing which tree each patch was merged from. Tags in the repository are indicated by a cute little yellow tag in this pane. The bottom left shows the selected patch in a fairly gaudy, colorful form. The commit text and the patch itself are run together, just as they would appear in an emailed patch. On the lower right is a list of files touched by the current patch; clicking on the name of a file narrows the view to the corresponding portion of the patch.

There is a simple "find" function which can search for patches whose description or author information match a given string; searching with regular expressions is possible. If you know the SHA tag for a given commit, you can type (or paste, presumably) it into a blank and view the corresponding patch. gitk also stores the SHA ID of the current commit in the X selection, allowing it to be pasted into git commands if need be.

The alternative to gitk is qgit, a Qt-based application currently at version 0.6. The initial experience with qgit is a little rougher; the application uses SCons for building instead of make. Since most systems tend not to have SCons [qgit screenshot] installed, the qgit tarball includes a prebuilt version of SCons and a script to hack up the build file to use it. One thinks that, for a relatively simple application, it might have been easier to just toss in a makefile.

The initial qgit window looks very similar to gitk. The lower left pane shows only the commit text, however; the actual patch is nowhere to be seen. A single click on the filenames on the right appears to do nothing; a double click will pop up a separate window with the full text of the file. It turns out that one has to double-click on the appropriate line in the top pane to get a separate window with the patch itself. Once the window is up, it will be updated with the body of any patch selected in the main window. The presentation of the patches is a bit nicer than in gitk; the use of color is a bit more restrained, and patches are shown in the diff -up format that developers are used to reading. The patch window, however, has the obnoxious feature that it is permanently on top of any other window on the screen, regardless of the user's desires.

Nicely, in version 0.6, the qgit file browser window includes line-by-line annotation which makes it easy to figure out which commit modified a specific piece of code. This feature is enough to make one wish that the kernel.org git repository contained more than a few months of history.

qgit also makes it possible to search for specific patches; entering a string in the blank and clicking "filter" will narrow the patch view to the patches containing the string. It is not obvious, but the way back to the full listing is to hit "filter" again.

Once upon a time, your editor asked the BitKeeper folks how to determine which tree was the source of any particular changeset in the mainline. The answer that came back was that this information was not available - BitKeeper did not store it. So it is pleasing to see this information so readily in evidence in either git front end. We really do have a better handle on the development history than we did even a few months ago.

Both tools can be a bit rough to use at times, and their features are limited. When one considers that, back at the beginning of March, none of this software existed at all, it is hard not to be impressed. There is a lot happening around git, and, chances are, we've just barely seen the beginning of it.

Comments (3 posted)

Looking at inotify again

July 6, 2005

This article was contributed by Greg Kroah-Hartman.

In September, 2004, LWN.net took a look at the inotify patch. This patch has been reworked a number of times by its primary developers, and has been living in the -mm kernel tree for a few months. With the recent What to merge for 2.6.13? discussion, inotify was mentioned as something that might be considered for merging into the main kernel tree. One thing that few kernel developers had paid attention to in the inotify patch was the userspace interface to the feature. So, let's take a look at how a programmer is supposed to interact with inotify.

From the documentation included in the kernel patch, inotify communicates to userspace through a character device, /dev/inotify. This is a misc character device (it uses the misc_register() kernel interface to create its character device), and if you use udev to manage /dev, the device node is automatically created. If not, the character node needs to be created by hand:

	mknod /dev/inotify c 10 63
Inotify works with something called "watches". A "watch" is an object and a mask that describe an event that the user wants to receive notification events from. The object is either a file or a directory, as represented by an open file descriptor, and the mask is a bitmask of events. The different types of events that can be monitored are:
	IN_ACCESS		The file was accessed
	IN_MODIFY		The file was modified
	IN_ATTRIB		The metadata changed
	IN_CLOSE_WRITE		The writtable file was closed
	IN_CLOSE_NOWRITE	The unwrittable file closed
	IN_OPEN			The file was opened
	IN_MOVED_FROM		The file was moved from location X
	IN_MOVED_TO		The file was moved to location Y
	IN_CREATE		A subfile was created
	IN_DELETE		A subfile was deleted
	IN_DELETE_SELF		self was deleted
If the user wants to monitor all events, a handy IN_ALL_EVENTS macro is defined which includes all of the above event flags combined together. To create a watch and register it with the kernel, an ioctl is called on the /dev/inotify node:

	struct inotify_request request = { fd, mask };
	int watch_desc = ioctl(dev_fd, INOTIFY_WATCH, &request);
where fd is the open file descriptor of the file or directory you wish to watch, and mask is the type of event to monitor. To remove a watch that is already in place, another ioctl should be sent:

	ioctl(dev_fd, INOTIFY_IGNORE, watch_desc);

Once a watch has been registered with the kernel, a simple read() call to the device node is used to retrieve events based on that watch (and all other watches that have been registered for this process.) The structure of the data that read from the kernel is described in the following C struct:


struct inotify_event {
	__s32	wd;		/* watch descriptor */
	__u32	mask;		/* watch mask */
	__u32	cookie;		/* cookie to synchronize two events */
	__u32	len;		/* length (including nulls) of name */
	char	name[0];	/* stub for possible name */
};
All of the fields are pretty self explanatory, with the exception of "cookie". If this field is not set to 0, then it is used to tell userspace that multiple events happened at the same time on the same object. An example of this is renaming a file. If a directory is being watched and the following file rename happens in it:

	mv foo baz
there would be 2 events generated, an IN_MOVE_FROM and an IN_MOVE_TO event. They would both have the same cookie value, which allows userspace to coordinate the events. The /dev/inotify node allows select() and poll() to be called on it, so a blocking read() is not necessary, which would tie up a program's thread.

The FIONREAD ioctl is also supported by inotify, and returns the size of the current pending event queue, if userspace wishes to do dynamic buffer allocation to place the events into. When the userspace program that had the /dev/inotify node open exits, or when the node is closed, all watches that were registered with the kernel are destroyed and cleaned up properly.

For a very simple example program that shows how to register for events, and read events as they happen, see the inotify-utils package that can be found here.

For more details on the kernel design decisions that the inotify developers went through in creating this system, please see the inotify documentation in the kernel patch. It describes why a character node was used instead of signals, and other details.

Comments (14 posted)

Patches and updates

Core kernel code

Device drivers

  • Bartlomiej Zolnierkiewicz: IDE update. (July 4, 2005)

Documentation

Filesystems and block I/O

Memory management

Networking

Architecture-specific

Security-related

Page editor: Forrest Cook

Distributions

News and Editorials

Yellow Dog Linux 4.0.1 and Y-HPC

July 6, 2005

This article was contributed by Ryan Paul

A conspicuous banner at the Terra Soft Solutions web site informs viewers that "PowerPC is not dead". This resonant affirmation of PPC's capacity to endure is meant to address the concerns of consumers that doubt the value PowerPC software in the wake of Apple's stunning x86 about-face.

Those that follow the issue know that the perpetuation of the PowerPC architecture is not really in dispute. With robust POWER processors in all the next generation gaming systems, it is likely that the architecture will be around for years to come. While we will soon see PowerPC consoles on top of our televisions, Apple's migration to x86 creates some questions about the relevance of PowerPC on the desktop.

With POWER supercomputers topping the list and IBM aggressively promoting Linux on POWER, it looks like the Linux PPC server market is starting to heat up. Kai Staats, CEO of Terra Soft Solutions (TSS) and a familiar face in the PPC Linux community believes that there is more than enough demand for PPC server solutions to keep him in business despite Apple's hasty retreat from the market.

TSS is an Apple reseller, best known for Yellow Dog Linux (YDL), it's popular GNU/Linux distribution for the PowerPC platform. Based on Fedora, YDL 4.0.1 is a flexible and intuitive distribution that supports a wide variety of hardware from Apple and IBM.

While broader package selection and community driven development models make non-commercial alternatives like Debian and Gentoo a superior choice for many developers and home consumers, availability of quality services and support as well as pre-installation make YDL a popular pick for schools, government agencies and corporations that utilize PowerPC technology.

The 4.0.1 release features a number of important updates and adds support for the iMac G5 and the Mac mini. I put it to the test to see how it compares to some of my favorite non-commercial distributions. Aside from the excellent hardware support and virtually flawless automated configuration, YDL is relatively unremarkable. Those who are comfortable with Fedora and RPM package management will feel right at home with it. It performs relatively well and it is relatively stable.

The limited availability of YDL RPMs is probably the most prodigious defect. While four CDs may seem like a lot, there are a lot of holes. Firefox is only available via the 'Extras' repository, and libglade for Ruby (which I use heavily for rapid application development) doesn't appear to be available at all. Developers who don't use mainstream languages are out of luck: YDL doesn't come with compilers for Eiffel, C#, Ocaml or Haskell. If you want to use GHC or Mono, for instance, you are probably better of with Debian or Gentoo. While my esoteric development needs may not be indicative of general user needs, it is likely that the needs of most users will not be adequately met by what is available within the limited YDL package ecosystem.You can use TSS's web-based repository interface to find out if YDL has the packages you need.

The boxed set comes with four installation CDs, four source CDs, a 10 page installation quickstart, a cute frisbee-esque thing bearing the YDL logo, and a comprehensive 180 page guide that contains a thorough introduction to KDE, a relatively effective introduction to the command line, and a concise introduction to Linux administration. The guide contains expository comparisons to OS X and Windows that will help users of other operating systems understand the significance of various KDE/Linux features. The most notable deficiency of the user guide is the severe KDE bias and the absence of Gnome documentation. Aside from that, the guide provides good coverage of relevant features.

The distribution comes with YUM for package management. Though YUM has become a standard part of the RedHat Linux distribution, it was originally designed by TSS (and then modified by Duke University) specifically for YDL. YUM has a smaller code base than apt4rpm and features superior dependency handling.

YDL 4.0.1 comes with a few intriguing PowerPC extras, including Mac-On-Linux (MOL), which allows users to run an entire mac environment at near-native speed inside of a window. I was looking forward to trying out MOL with OS X. Unfortunately, MOL doesn't support OS X 10.4, so I was unable to see it in action. Apparently, it doesn't support macs with G5 processors either. It's still worth looking at, and probably quite impressive when it works. Check out this spooky screenshot from the MOL web site. With any luck, MOL support for Tiger will be added soon.

TSS provides a number of services for customers. YDL.net Enhanced members get a pop/imap accessible e-mail account, early access to YDL ISOs and web hosting. Updates appear to be free via YUM.

Also of interest is Terra Soft's Y-HPC, a 64-bit PowerPC GNU/Linux distribution and "cluster construction-management suite" compatible with a wide variety of PowerPC systems, including Apple's Xserve and IBM's JS20. Y-HPC provides users with a complete 64-bit development environment that features IBM's XLF and XLC compilers. Y-HPC natively supports double-precision as well as up to 16GB of RAM and contains complete 32 and 64-bit development tool chains.

Y-HPC comes with a PowerPC port of SystemImager and TSS's unique, user-friendly image management interface called Y-Imager that facilitates visual, node-based cluster construction. Y-HPC also features PPC-64 builds of many popular open source applications.

I still prefer Debian on my desktop, but YDL presents a few compelling benefits, particularly for those who already have extensive experience with RedHat or Fedora. There are also definitely contexts in which Terra Soft's high performance computing solutions are optimal. TSS designed a YDL-based Xserve imaging cluster for deployment on US Navy submarines and provided Boeing with specialized G5 computers for Weapons Systems Officers training programs. Despite the imminent extinction of Apple PPC hardware, we may see renewed interest in TSS as demand for Linux on POWER escalates.

Comments (2 posted)

New Releases

Trustix Secure Linux 3.0

Trustix Secure Linux 3.0 has been released. "Other additions to the system include X.org X11 libraries, FreeRadius support, easy PXE installs, Mini CD and Net CD versions of the OS, enhanced hardware detection, installation on RAID and logical volumes and a range of kernel upgrades including the shift to Linux 2.6 kernel and BASH 3." Click below for the announcement.

Full Story (comments: none)

Ubuntu "Breezy Badger" Colony CD 2

Ubuntu has the Colony CD 2 ready. This is the second in a series of milestone CD images that will be released throughout the Breezy development cycle, as images that are known to be reasonably free of showstopper CD-build or installer bugs, while representing very current snapshots of Breezy. You can download it here or click below for the full announcement.

Full Story (comments: 2)

Distribution News

Debian GNU/Linux news

Matthias Klose reports that GCC 4.0 is the default GCC in etch as part of the C++ ABI change.

The Sixth Annual Debian Conference begins July 9, 2005 at the Computer Science department of the Helsinki University of Technology in Espoo, Finland This editor plans to arrive in HEL on Saturday afternoon.

Comments (none posted)

FC4 CD/DVD Installer Syslinux Crash Workaround

Those installing Fedora Core 4 may have a problem with certain motherboard chipsets that may be affected by the syslinux crash bug. For those having trouble with FC4 installs, Warren Togami presents a workaround (click below).

Full Story (comments: none)

Slackware Linux

Slackware Linux reports that a new package browser is being tested at http://slackware.it/en/. "Everyone is invited to give a look over there, and report any kind of problem you may find. The plan is to backport the new package browser here on the .com if everything goes well, and maybe some of the other new features from slackware.it too (depending on how well they scale.)"

Comments (none posted)

New Distributions

grml-small 0.1 released

GRML is a live CD based on Knoppix and Debian with a collection of GNU/Linux software for system administrators. It provides automatic hardware detection and can be used for system rescue, for analyzing systems/networks or as a working environment. grml-small fits on a business card CD-ROM or USB device with 50MB. The initial version of grml-small, 0.1 (codename zugschlus), was released July 5, 2005.

Comments (none posted)

Distribution Newsletters

Debian Weekly News

The Debian Weekly News for July 5, 2005 looks at Debian packages for X.Org, minutes of the release team meeting, ongoing installer development, ongoing Firefox Trademark problems, a GLADE transition, and more.

Full Story (comments: none)

Fedora Weekly News Issue 3

The Fedora Weekly News for July 4, 2005 is out. Topics in this issue include Status of Livna Repository, JPackage Java for FC4, Bluetooth Dialup Networking for FC4, Caveats and Known Bugs on FC4, FC3 to FC4 Upgrade Process Question, More Fedora Core 4 Reviews, Up2date Issue on FC4, and more.

Full Story (comments: none)

Ubuntu MOTU report - issue 5

In this edition of the MOTU report you'll meet two new Masters of the Universe and find out more about the C++ transition, REVU - a next-generation package review tool, and more.

Full Story (comments: none)

DistroWatch Weekly, Issue 107

The DistroWatch Weekly for July 4, 2005 is out. "Last week's release of SUSE LINUX 9.3 ISO images provided much excitement during the otherwise dull week and many users are now discovering the joys of computing with one of the oldest and best-known Linux operating systems around. In the meantime, the Debian Project ended up with a tarnished reputation for being unable to provide timely security updates for sarge - will this fiasco bring radical changes to the project's security infrastructure? Also in this issue: comment on the recent merger of Mandriva and Lycoris, and an interesting change in the release policy of Fedora Core."

Comments (none posted)

Minor distribution updates

WHoppix becomes WHAX

WHoppix was a Knoppix-based live CD designed to be a standalone penetration testing toolkit. The focus remains the same, but WHAX is now SLAX/Slackware based. WHAX v.3.0 Beta2 was released July 5, 2005.

Comments (none posted)

Package updates

Fedora Core updates

Fedora Core 4 updates: totem-1.0.4-1 (upgrade to version 1.0.4), rgmanager-1.9.34-5 (upgrade), magma-plugins-1.0.0-2 (upgrade), iddev-2.0.0-1 (upgrade), magma-1.0.0-1 (upgrade), gulm-1.0.0-2 (upgrade), fence-1.32.1-1 (upgrade), dlm-1.0.0-3 (upgrade), cman-1.0.0-1 (upgrade), ccs-1.0.0-1 (upgrade), GFS-6.1.0-3 (upgrade), mod_perl-2.0.1-1.fc4 (upgrade), qt-3.3.4-15.1 (patches and bug fixes), gnbd-1.0.0-1 (upgrade), netpbm-10.27-4.FC4.2 (bug fixes), cryptsetup-luks-1.0.1-0.fc4 (fix twp incompatibilities), kdevelop-3.2.1-0.fc4.2 (fix undefined symbol issue), kdeartwork-3.4.1-0.fc4.2 (look at the right xscreensaver dirs), gjdoc-0.7.5-3 (FC4 update), javacc-3.2-1jpp_2fc (FC4 update), lucene-1.4.3-1jpp_3fc (FC4 update).

Fedora Core 3 updates: netpbm-10.27-4.FC3.1 (bug fixes), selinux-policy-targeted-1.17.30-3.16 (allow unconfined_t to execmod file_type), kdenetwork-3.3.1-3.1 (fix Kopete MSN login).

Comments (none posted)

Trustix Secure Linux updates

Trustix bug fix advisories: #2005-0031 updates (clamav, cpplus, dev, imagemagick, kerberos5, kernel, openldap, pam_ldap, perl-net-server, php, php4, sqlgrey, swup) and notes end of life for Trustix Secure Linux 1.5 and 2.1, #2005-0032 updates (iproute, kernel, sqlgrey).

Comments (none posted)

Newsletters and articles of interest

Comodo-Trustix announce Trustix Secure Linux 3.0 release (IT Observer)

IT Observer covers the release of Trustix Secure Linux 3.0. "TSL’s rapidly expanding new user base has identified a wide range of possible improvements which have now been implemented and made available in this release. Foremost amongst these is the new installer "Viper". Apart from the added ease of use and many new features "Viper" boasts the ability to poll the latest updates during the installation process. This ensures that servers deploying TSL will be up to date and secure right from the first installation – effectively closing the insecurity window that exists between first installation and the time it takes to locate, download and implement upgrades."

Comments (none posted)

LiveLAMP Available: $10,000 Server Software Solution Free (Groklaw)

Groklaw looks at LiveLAMP, a bootable CD project from Australia's Open Source Victoria. "According to OSV, LiveLAMP can turn any PC into an instant server capable of supporting up to 1,000 students doing work on over a dozen programming languages and hundreds of development tools. Technologies covered include PHP, Python, Perl, MySQL, Ruby, PostgreSQL, C++, C, Pascal, Fortran, CVS, Apache, Lex/Yacc, text editing, HTML, JavaScript, CSS, XML and many more. LiveLAMP will fully integrate with their existing Windows, Apple or Linux systems. OSV estimates that purchasing proprietary versions of this software for 1000 students and teachers would cost each school over $10,000 if they had to pay for it."

Comments (none posted)

My Workstation OS: Puppy Linux (NewsForge)

NewsForge looks at Puppy Linux. "The Puppy Linux distribution was started by Barry Kauler independently of any other distro. Barry went back to basics and reinvented a much better wheel. Puppy has an informed, diverse, and active support forum, a wiki (with news), and great developers who actually listen. The distribution is regularly updated."

Comments (none posted)

Distribution reviews

FreeSBIE: A FreeBSD live CD (NewsForge)

NewsForge reviews FreeSBIE, a FreeBSD-based live CD. "The current version 1.1 is based on FreeBSD version 5.3. It works directly from the CD without altering any data on your hard disk, but version 1.1 also offers the option of a hard disk installation using a feature borrowed with permission from the BSDinstaller team. FreeSBIE support several types of desktop environments. You can use it as a shell only, or as a full desktop with all the applications you expect in a desktop system."

Comments (none posted)

Bleeding-Edge Linux Desktop: SuSE Linux Professional 9.3 (eWeek)

eWeek reviews Novell's SuSE Linux Professional 9.3. "What it all adds up to in the end is that if you need an advanced Linux desktop, SLP is an excellent choice. It's also great for people who need to look right over the bleeding edge of Linux technology to see what tomorrow will bring. However, for beginners or general desktop users, there are better choices."

Comments (none posted)

Linux to the rescue: A review of three system rescue CDs (NewsForge)

This NewsForge article looks at three open source rescue CDs. "I tested the three for basic rescue features: mounting partitions to read and write data, disk management (format, partition, etc.), network access, CD/DVD writing, and virus scanning. These are the most important rescue disk features, and if they work well, you are well on your way to getting your machine working again."

Comments (none posted)

Page editor: Rebecca Sobol

Development

Track eBay bids with JBidwatcher

The JBidWatcher project is:

A Java-based application allowing you to monitor auctions you're not part of, submit bids, snipe (bid at the last moment), and otherwise track your auction-site experience. It includes adult-auction management, MANY currencies (yen, pound, dollar (US, Canada, Australian, and New Taiwanese), Swiss Francs, and euro, presently), drag-and-drop of auction URLs, a unique and powerful 'multisniping' feature, a relatively nice UI, and is known to work cleanly under Linux, Windows, Solaris, and MacOSX from the same binary.

[jbidwatcher] The project has been around since 2002, the project news shows an interesting history that involves tracking breakages caused by frequent eBay site changes.

The feature list includes:

  • General design for future compatibility with sites other than eBay.
  • Multisniping support cancels other bids after one bid has been won.
  • Designed and developed in a cross-platform environment.
  • Support for launching a web browser directly to an item that is being bid on.
  • A built-in search mechanism.
  • Support for user-customizable tabs.
  • Support for multiple languages and currencies.

Newly added features include:

  • User customizable column displays.
  • A Buy It Now feature for purchasing at a fixed price.
  • The ability to subtract shipping prices from snipe purchases.
  • An RSS feed for watching bids.
The screenshots show the user interface of an older version of JBidWatcher.

Version 0.9.7 of JBidWatcher was released this week. "This version is a major overhaul, with several major new features and dozens of bugfixes. The top four features are Customizable Columns, Buy It Now support, automatically Subtract Shipping from Snipes, and RSS Feeds." See the changelog file for more information on this release.

JBidWatcher has been released under the Lesser General Public License (LGPL). The software is available for download here.

If you are a frequent eBay auction bidder, JBidWatcher is a handy tool that can give you an advantage over other bidders. All that you need to worry about is where to store all of that new stuff you just bought.

Comments (none posted)

System Applications

Database Software

HSQLDB 1.8.0 released (SourceForge)

Version 1.8.0 of HSQLDB, an SQL database engine that is written in Java, has been announced. "HSQLDB is a relational database engine written in Java, with a JDBC driver, supporting a large subset of ANSI-92 SQL. A small, fast engine with both in memory and disk based tables. This product is the continuation of HypersonicSQL."

Comments (none posted)

Interoperability

Samba3 Compendium Released

A new Samba documentation collection has been released. "For those who want a more searchable Samba book, the Samba Compendium may be of interest. This electronic-only book is made up of all current samba documentation, logically arranged to suit the electronic medium."

Comments (1 posted)

Mail Software

bogofilter 0.95.2 released

Version 0.95.2 of bogofilter, a Bayesian mail filter, is out. "This release includes unicode support. When creating a new wordlist, the UTF-8 character set will be used. For compatibility, bogofilter will not use unicode when operating with old wordlists. Additionally, wordlist locking has been changed. One lock is now used for the whole database rather than one lock per page."

Full Story (comments: none)

Eridani releases MailStripper V1.3.2

Eridani Star System has announced the release of MailStripper version 1.3.2, an SMTP spam filter. A long-standing stream freeze and timeout bug has been fixed.

Full Story (comments: none)

Printing

Chap 4 Of New CUPS Manual

Chapter 4 of the CUPS printing system manual is online: "This chapter describes how to save printer options for your printer and set your default printer."

Comments (none posted)

VPN Software

SSL-Explorer 0.1.12 released (SourceForge)

Version 0.1.12 of SSL-Explorer, an open-source SSL VPN solution, is out. "Release 0.1.12 of SSL-Explorer contains several new features mainly concerning authentication methods. A new 'security questions' module has been introduced that may be prompted in addition to regular password entry. Authentication schemes may also now be defined that allow the administrator to configure authentication policies to suit their environment. This allows the user to select from a range of defined authentication schemes when logging in. A number of usability enhancements have also been introduced; the most notable of which being the dynamic popup menu. Lastly, the VPN client may now be started from any page in SSL-Explorer."

Comments (none posted)

Web Site Development

Analog is 10, Nathan is 0

Stephen Turner has announced the 10th year anniversary of Analog, a web server logfile analysis package. "Today is analog's 10th birthday! On 29th June 1995, I wrote a message to the comp.sources.testers newsgroup asking for people to test a new logfile analyser I had started writing".

Comments (none posted)

Nvu 1.0 Released (MozillaZine)

MozillaZine covers the release of version 1.0 of the Nvu web authoring system. "I am immensely happy to report that Nvu 1.0 went live an hour ago. As usual, it's available from the official site (www.nvu.com) or the official mirror (nvu.viapanda.com/1.0/changelog) for Windows, Mac, Linspire5, FC3, Linux 2.6.10, and for the first time Mandriva. Nvu broke the 500,000 users limit with version 1.0PR, and we expect even better results for this 1.0."

Comments (none posted)

Desktop Applications

Audio Applications

Snd-ls V0.9.4.3, Mammut V0.20, Ceres V0.43 and more

A multiple announcement for the audio applications Snd-ls V0.9.4.3, Mammut V0.20, Ceres V0.43 and the Snd RT-extension documentation has been sent out.

Full Story (comments: none)

Desktop Environments

GNOME Software Announcements

The following new GNOME software has been announced this week:

Comments (none posted)

libnotify in GNOME Applets (GnomeDesktop)

Rodrigo Moya is experimenting with libnotify in various GNOME applets. "While Rodrigo has already scrapped the trash notification, there are many places where this could be a nice enhancement in the GNOME Desktop. What do you think? What types of actions would you use/not use notifications?"

Comments (none posted)

Nautilus Enhancements (GnomeDesktop)

GnomeDesktop covers the latest enhancements to the Nautilus file manager. "Some new enhancements are finding their way into Nautilus. The first is new tree functionality complete with auto-expand for dnd to the spatial Nautilus list view, much like what is seen here on a Mac. Nautilus now has the ability to create a new file when dragging and dropping text into a Nautilus window."

Comments (none posted)

KDE Software Announcements

The following new KDE software has been announced this week:

Comments (none posted)

KDE Commit Digest (KDE.News)

KDE.News has announced the July 1, 2005 edition of the KDE Commit Digest. Here's the content summary: "Kopete supports MSN http protocol. amaroK adds support for media:/ urls. Speedups in Krita and aKregator. Work continues on Quanta plugin for KDevelop."

Comments (none posted)

Electronics

Electric 8.02 released

Version 8.02 of Electric, a VLSI CAD design system, has been announced. "This is a complete translation of Electric from C to Java, and also includes some new features."

Comments (none posted)

XCircuit 3.3.19 released

Version 3.3.19 of XCircuit, an electronic schematic drawing package, is out. Changes include improvements to the undo mechanism and other fixes.

Comments (none posted)

Games

Cyphesis 0.3.12 Released

Version 0.3.12 of Cyphesis, a server for WorldForge games, has been released. New features include drawing of paths and roads, a new river, growing trees from seeds, a graveyard, bug fixes and more.

Comments (none posted)

Imaging Applications

GIMP development snapshot (2.3.2) (GnomeDesktop)

Development snapshot 2.3.2 of the GIMP has been announced. "The most notable change in this release is the start of a massive menu reorganization. Your feedback on this effort is much appreciated. Please add your suggestions on how to proceed with this."

Comments (none posted)

Instant Messaging

Laffer 0.3.2.7 released (SourceForge)

Version 0.3.2.7 of Laffer, a cross-platform web-based instant messenger client, is out. "Changes are: The initial protocol for the communication between the IM proxy server and the client was changed. There is new "docs" directory where the documentation will be stored."

Comments (none posted)

Medical Applications

OpenVistA SemiVivA FOIA Gold 20050507 available (LinuxMedNews)

OpenVistA SemiVivA FOIA Gold 20050507, a medical health record system, has been announced. "It combines the FOIA release from the VA's FTP site with GT.M V5.0-000."

Comments (none posted)

Music Applications

wcnt 1.2 released

Version 1.2 of wcnt, a not-real-time modular audio synth, sequencer, and sampler, is out with numerous changes.

Full Story (comments: none)

Office Suites

OpenOffice.org Newsletter

The June, 2005 edition of the OpenOffice.org Newsletter is online with the latest OO.o office suite news.

Full Story (comments: none)

extendedPDF 1.3 beta released

Version 1.3 beta of extendedPDF has been announced. "'extendedPDF' is an OpenOffice.org macro that converts an OpenOffice document into a PDF document. The output includes the original document's headings as PDF bookmarks, and includes the original hyperlinks as PDF hyperlinks. Document meta-information (such as title, author, and keywords) is also added."

Comments (none posted)

RSS Software

Making Your RSS Feed Look Pretty in a Browser (O'ReillyNet)

Ben Hammersley customizes RSS feeds for display in a web browser. "As more and more non-techie websites offer syndication feeds, a growing number of non-technical readers are clicking on the links and filling their screens with confusing XML. But syndication content doesn't have to look like geeky markup or malformed text in your readers' browsers. You can make it look quite pretty, and give clues to what the feed is actually for."

Comments (none posted)

Science

Ghemical 1.90 Released

Development version 1.90 of Ghemical, a molecular modeling package, is available.

Comments (none posted)

Video Applications

VLC media player 0.8.2 released (SourceForge)

Version 0.8.2 of VLC media player is available. "VLC 0.8.2 has been released and has support for Dirac encoding and decoding. Dirac is a general-purpose video codec aimed at resolutions from QCIF (180x144) to HDTV (1920x1080) progressive or interlaced. It uses wavelets, motion compensation and arithmetic coding and aims to be competitive with other state of the art codecs."

Comments (none posted)

Web Browsers

SeaMonkey Project Continues Internet Suite (MozillaZine)

MozillaZine covers progress in the SeaMonkey project. "Robert Kaiser Writes: "On behalf of the SeaMonkey Council, I'm happy to announce the formation of a group to continue new development of the Mozilla Application Suite code under its new name: SeaMonkey." "See the official announcement for more details about the new SeaMonkey project and it's relation to Mozilla." "We'll be offering our first developer release, SeaMonkey 1.0 alpha, shortly.""

Comments (21 posted)

Rewrite of Bookmarks Code Planned (MozillaZine)

MozillaZine covers an effort to rewrite the Firefox bookmark code. "Vladimir Vukicevic has announced that he plans to completely rewrite the bookmarks code used by Mozilla Firefox. The revamped bookmarks system should be simpler, more flexible and allow bookmarks to be used in new ways. Vlad explains, "The first order of business is to come up with a list of things that we'd like to be able to do with bookmarks, and then to create a data API that can support all these things in a fairly generic fashion.""

Comments (none posted)

Languages and Tools

Caml

Caml Weekly News

The July 5, 2005 edition of the Caml Weekly News is online with the latest Caml language developments.

Full Story (comments: none)

Java

GNU Classpath 0.16 released

Version 0.16 of GNU Classpath, a set of essential libraries for Java, is available. "This is the first release of GNU Classpath since our Harmony collaboration with the Apache group." Numerous improvements are included.

Full Story (comments: none)

Hermes 1.9.1 Released (SourceForge)

Version 1.9.1 of Hermes has been announced. "Hermes, a GUI for working with JMS, has a new release. You can browse queues and subscribe to topics, copy messages around between providers, the clipboard and the filesystem. Hermes includes a simple plugin framework so non-JMS functionality can be exposed in the GUI. This lets you monitor queue depths, get statistics from the provider and search for administered queues and topics."

Comments (none posted)

Lisp

SBCL 0.9.2 released

Version 0.9.2 of Steel Bank Common Lisp has been released. "This version supports the EUC-JP external format, provides better management of symlinks, a larger dynamic space size on the PPC architecture, improved threading, and more."

Full Story (comments: none)

Perl

This Week in Perl 6 (O'Reilly)

The June 21-28, 2005 edition of This Week in Perl 6 is online with the latest Perl 6 development news.

Comments (none posted)

PHP

PEAR XML_RPC Vulnerability and PHP 4.4.0RC2 release

PHP Version 4.4.0 RC2 has been released with a security fix. "An easily exploitable security issue was discovered in PEAR XML_RPC <= 1.3.0. We recommend that users of this PEAR class immediately upgrade to the latest version with: pear upgrade XML_RPC The same security problem exists in many other XML RPC implementations, please check if the installed applications that you use might have a similar problem. The new PEAR XML_RPC package is also bundled with the second release candidation of PHP 4.4.0RC2. Besides this new PEAR package there are two minor issues fixed since PHP 4.4.0RC1."

Comments (none posted)

Python

python-dev Summary

The June 1-15, 2005 edition of the Python-dev Summary is online with coverage of the Python-dev mailing list.

Full Story (comments: none)

Dr. Dobb's Python-URL!

The July 5, 2005 edition of Dr. Dobb's Python-URL! is online with the latest Python development articles.

Full Story (comments: none)

pyc 0.6 released

Version 0.6 of pyc, a utility for compiling Python applications into bytecode, is available. See the Change Log for more information.

Comments (none posted)

Tcl/Tk

Dr. Dobb's Tcl-URL!

The July 4, 2005 edition of Dr. Dobb's Tcl-URL! is available with the latest Tcl/Tk news and resources.

Full Story (comments: none)

Debuggers

An introduction to Delta Debugging (NewsForge)

NewsForge examines the Delta Debugging technique. "Every developer knows that debugging -- the process of finding and fixing defects in program code -- is an important process. Often, the effort devoted to it outweighs the cost of all the other software development phases. Debugging is unpredictable, since a single bug can hold clueless developers hostage for long time. And unfortunately, debugging has always been a mostly manual affair -- but that's about to change, with the advent of Delta Debugging."

Comments (none posted)

Page editor: Forrest Cook

Linux in the news

Recommended Reading

ESR: 'We Don't Need the GPL Anymore' (O'ReillyNet)

Federico Biancuzzi talks to Eric Raymond about license issues. "Q:Why did you say we don't need the GPL anymore? A:It's 2005, not 1985. We've learned a lot in the last 20 years. The fears that originally led to the reciprocity stuff in GPL are nowadays, at least in my opinion, baseless. People who do what the GPL tries to prevent (e.g., closed source forks of open source projects) wind up injuring only themselves. They trap themselves unto competing with a small in-house development group against the much larger one in the parent open source project, and failing."

Comments (75 posted)

Changes loom for patent process in US, EU (NewsForge)

NewsForge looks at patent reform in the U.S. "Non-obviousness is supposed to be the foundation of the patent system. No invention should be granted a patent if it doesn't contain the "aha" factor - the element of surprise that grabs experts in the technology, causing them to exclaim, "wow! I never thought of that!" Yet, over and over again, the United States Patent and Trademark Office (USPTO) grants patents for algorithms that leave software developers scratching their heads and saying, "that one, we already knew.""

Comments (18 posted)

European Software Patent Directive Defeated (FSFE)

The European software patent directive has been defeated, according to a press release from the Free Software Foundation Europe (FSFE). "After years of struggle, the European Parliament finally rejected the software patent directive with 648 of 680 votes: A strong signal against patents on software logic, a sign of lost faith in the European Union and a clear request for the European Patent Office (EPO) to change its policy: the EPO must stop issuing software patents today."

Comments (22 posted)

Trade Shows and Conferences

JavaOne 2005: Participate in the Future of Java (O'ReillyNet)

O'ReillyNet covers JavaOne 2005. "Participation is Sun's theme for JavaOne 2005, as repeatedly preached by speakers in the general sessions of the two days that opened this week's developer conference. The idea was captured early by emcee John Gage, Sun's chief researcher and science office director, who began the first day by asking developers to stand up, then by asking all CTOs, VCs and other deal-makers to stand up. "OK, programmers," he said, "there's who you have to meet.""

Comments (2 posted)

Report: FreeNX on LinuxTag (KDE.News)

KDE.News has a report on the FreeNX talk at LinuxTag. "During the full hour of live demoing, not only did they showcase very fast remote GUI access to various KDE desktops. Amongst these was a brandnew Kubuntu installation on an IBM mainframe derivative (a Power5/PPC64 machine) running a very nice polished KDE 3.4.1. Kurt and Fabian had recently ported FreeNX to that platform."

Comments (none posted)

Report: KDE at Le Droit D'auteur et Vous (KDE.News)

KDE.News has a report from Le Droit D'auteur et Vous (Copyrights and You). "The main thing I realised during the whole day was about education. Everyone has the right to have access to education and educational material should be free. One of the main successes of the last three years is Wikipedia showing that it is possible to achieve this."

Comments (none posted)

The MA Software Council's OSS SIG Kickoff Meeting (Groklaw)

Groklaw covers the kickoff meeting of the Massachusetts Software Council's Open Source Software SIG. "There were three sessions, one on legal issues, one on business issues, and one on how to run an open source project, plus a, um, lively talk by Mark Fleury, CEO of JBOSS, as the keynote speaker at lunch. He's Dr. Fleury, by the way. He has a PhD in Physics. It was very much an interactive speech, with the audience participating fully. How could they help it?"

Comments (none posted)

The How and Who of Where (O'ReillyNet)

O'Reilly presents coverage of the 2005 Where 2.0 conference. "The two days of O'Reilly Media's Where 2.0 conference flew by, and beneath all the high-tech gadgets was the fact that to support this latest generation of location-based applications, you still need to begin by collecting and organizing the data. A9.com, NAVTEQ, and Eyebeam representatives explained how they gather and organize data. Then, Ron Ondrejka brought down the house with his description of how his team used to gather images of the Earth from spy satellites in the 1960s."

Another article entitled The What and Why of Where looks at other aspects of the conference.

Comments (none posted)

The SCO Problem

IBM's Unsealed Opposition to SCO's Motion for Leave to File 3rd Amended Complaint - as text (Groklaw)

Groklaw reports that SCO's Motion for Leave to File Third Amended Complaint was denied. "Judge Dale Kimball very properly said it's too late to raise all that now: "It appears that SCO -- or its predecessor -- either knew or should have known about the conduct at issue before it filed its original Complaint. Accordingly, the court declines to permit the filing of a Third Amended Complaint.""

Comments (none posted)

Companies

Linux moves into midrange Motorola phones (News.com)

News.com looks at Motorola's plans for using Linux in its cell phones. "Motorola announced a new step this week in its plan to remake most of its mobile phone line with Linux, expanding use of the open-source operating system to midrange phones. The E895 is a flip-phone design that uses a version of Linux from MontaVista Software, said Cheryln Chin, vice president for Motorola mobile phone marketing. Motorola expects to begin shipping it in Asia in the fourth quarter of the year and in other parts of the globe after that."

Comments (none posted)

Trolltech and Opera aim to get Linux on the road (Heise Online)

Heise Online looks at a joint effort by Opera and Trolltech. "Opera, the Norwegian vendor of the web browser of the same name, and Norwegian software firm Trolltech, the developer of the C++ framework Qt for the KDE Unix/Linux desktop among others things, have entered into a strategic partnership. Their joint efforts will focus on products for mobile communications and home entertainment, as Opera announced today. The Qtopia development environment and software platform for mobile devices will be combined with Opera. In addition, the two firms will be collaborating on marketing campaigns. They intend to strengthen the position of the Linux operating system on the markets for mobile and home electronics."

Comments (none posted)

Creating a clearinghouse for open-source info (News.com)

News.com looks at SourceLabs' new Swik site. "Called Swik, the site combines a search engine, a wiki for posting documentation and reviews, and information-sharing tools that use Really Simple Syndication, or RSS. The site was launched Wednesday. Swik is aimed at people, notably software developers, who seek a listing of open-source products and a communications hub to help navigate through the tens of thousands of projects out there."

Comments (3 posted)

Linux Adoption

City of Vienna Chooses KDE (KDE.News)

KDE.News reports on the use of Debian systems with KDE in the city of Vienna, Austria. "A customized version of Debian with KDE, dubbed "Wienux" was chosen as the official alternative to Windows for the 18,000 PCs of the city. It is up to the individual workers to choose if they prefer a KDE Desktop or a Microsoft based system. The officials expect that about 4,800 machines will run KDE in the short term."

Comments (none posted)

Legal

It's a NO! - 648 - 14 (Groklaw)

Groklaw covers the European Parliament's rejection of software patents. "Of course, this is not the end. After the vote the EU Commission said it would respect the vote and would not put forth "any new proposed legislation in this area", according to Reuters. There are hints that the next chapter will be an attempt to pass the so-called "Community" patent. Talk about Orwellian-newspeak. Here's the plan: Lawmakers including Kauppi said the rejection of the legislation should give fresh impetus to the creation of a single European system, known as the ``Community'' patent."

Comments (8 posted)

Chip Salzenberg Sued, Home Raided (use Perl)

use Perl covers Chip Salzenberg's legal troubles. "'In April of this year, Health Market Science of King of Prussia, PA, told police that they feared I was misappropriating trade secrets. That very afternoon, police raided my house with a search warrant to seize every computer in the house, paper files, CDs, and DVDs... even my wireless router and cable modem!' Chip was the pumpking for perl's 5.004 release." Find out more at geeksunite.net.

Comments (10 posted)

Interviews

Arnd Bergmann on Cell (developerWorks)

developerWorks talks with Arnd Bergmann, a kernel hacker with the IBM Linux Technology Center. "developerWorks caught up with Arnd Bergmann, the IBM Linux on Cell kernel maintainer, to talk about the port, about the Cell and Cell-based "workstations" (which aren't workstations at all) and about programming to Cell -- among other things."

Comments (none posted)

KDE-Artists.org: Featured Coder Ryan Nickell (KDE.News)

KDE.News mentions an interview with Ryan Nickell. "The KDE-Artists website is featuring an interview with Ryan Nickell, one of the current authors of SuperKaramba and Smooth Blend. He talks about his baby SuperKaramba, the KDE community website KDE-look.org, Plasma, KDE 4 and he even answers some personal questions."

Comments (none posted)

All SAP Solutions Should Soon Run on Linux (Sap Info)

Sap Info talks to Stefan Schindewolf about running SAP applications under Linux. "The Linux interest group of the German-speaking SAP user group, DSAG, is currently working on entering the world of 64 bits and is collaborating closely with the SAP LinuxLab. Stefan Schindewolf, the chair of the interest group, explains how SAP customers can profit from Linux."

Comments (14 posted)

Resources

The Daemon, the GNU & the Penguin, Ch. 14, by Dr. Peter H. Salus (Groklaw)

Groklaw has chapter 14 of Peter Salus' The Daemon, the GNU and the Penguin. This chapter covers Plan 9 and Inferno.

Comments (3 posted)

Keeping email under lock and (public) key (NewsForge)

Marcelo Rinesi explains how to encrypt mail archives in a NewsForge article. "With governments and law enforcement organizations pushing for increasingly intrusive monitoring and logging of business email messages, network administrators are put in an uncomfortable situation. Even disregarding privacy implications, such systems pose security problems at least as serious as those they attempt to solve. A "master archive" of emails is after all an extremely tempting target to external hackers, but it also has staggering potential for internal abuse. Ideally, we would want no centralized mail logs, but legal and corporate requirements mandate suitable record-keeping in the case of an internal or external audit. One way to meet both goals is by encrypting the archive using public key cryptography."

Comments (8 posted)

Porting LinuxBIOS to the AMD SC520 (Linux Journal)

Ron Minnich explains how to build a custom BIOS in a Linux Journal article. "Building a Linux system that will boot in seconds, not minutes, requires a custom BIOS. But thanks to a new compiler and development process, we can build a BIOS for a new motherboard with only C code-no assembly. In this article, we describe the work done by the Cluster Research Team at Los Alamos National Laboratory to port LinuxBIOS to the AMD SC520 CPU."

Comments (3 posted)

GNOME and KDE on LUGRadio

GnomeDesktop points to Episode 31 of LUGRadio, which features an interview with Yannick Pellet and Carlos Guerreiro about the GNOME and GTK+ using Nokia 770 internet tablet.

KDE.News covers all the KDE activity at LUGRadio Live.

Comments (none posted)

Blowing the lid off of TiVo (IBM developerWorks)

Peter Seebach looks inside of a TiVo video recording appliance. "Everyone's heard that the TiVo "runs Linux™". In this installment of Linux on board, Peter takes a look at the Linux system installed on the TiVo. Examining the TiVo system reveals how one company made the transition from desktop operating system to embedded system."

Comments (none posted)

Reviews

DNS name serving through NSD (NewsForge)

Daniel Rubio reviews NSD on NewsForge. "Given the sheer importance of name servers in providing Domain Name System (DNS) resolution -- a process used by every Web-facing application to translate domain names into IP addresses and vice versa -- not many people put much thought into the available software alternatives for pulling off this feat. One compelling application is NSD, an alternative to the widely deployed BIND name server."

Comments (none posted)

Miscellaneous

Final Voting in 2005 Readers' Choice Awards (Linux Journal)

The final round of voting in the 2005 Linux Journal Readers' Choice awards is underway. "The final ballot is based on the results of two previous rounds of open voting, in which write-in votes were accepted in every category. The top two vote-getters in each category have made it to the final ballot. In categories were the vote totals were close, an additional one or two nominees also made it to the official ballot."

Comments (none posted)

Page editor: Forrest Cook

Announcements

Non-Commercial announcements

Karlsruhe Memorandum on Softwarepatentability needs your signature!

The Free Software Foundation Europe is collecting signatures for its Karlsruhe Memorandum on Softwarepatentability. "Georg Greve, president of Free Software Foundation Europe (FSFE) asks "everyone to sign up to the Karlsruhe Memorandum on software patentability preserve your freedom to be creative!" Started last Saturday during GNU/Linuxtag in Karlsruhe, Germany the memorandum was signed by more than 200 people and 26 companies.."

Full Story (comments: 1)

yapc::NA::2005 Conference Proceedings (use Perl)

Use Perl has a call for conference materials from the recent YAPC::NA::2005 event. "For the presenters: this is your chance to update your slide show or presentation material that you want to include in the proceedings. It also gives you one last chance to update your photo and biography."

Comments (none posted)

Commercial announcements

DbWrench Database Design v1.2.0 Released

A free trial version of DbWrench Database Design v1.2.0 is available for the PostgreSQL database.

Comments (none posted)

DENX Embedded Linux Development Kit for PowerPC Evaluation Kit

DENX Software Engineering has announced the availability of its Embedded Linux Development Kit in the AMCC PowerPC® 440EP evaluation kit. "The DENX Embedded Linux Development Kit provides a complete and powerful software development environment for embedded and real-time systems. All components of the ELDK are available for free with complete source code under GPL or other free software licenses."

Full Story (comments: none)

Desktop Alert Releases Secure XMPP Jabber-based Linux Server

Desktop Alert Inc. has announced Jabcast 2.0 Secure for Linux. "Desktop Alert Inc. has released Jabcast 2.0 Secure for Linux which is based on an open source, secure, ad-free alternative to consumer IM services like AIM, ICQ, MSN, and Yahoo. Jabcast is a set of streaming XML protocols and technologies that enable any two entities on the Internet to exchange messages, presence, and other structured information in close to real time."

Comments (none posted)

FSMLabs Brings Its RTLinux to ARM Processor-Based Platforms

FSMLabs, Inc. has announced the availability of RTLinuxPro development and deployment platform for a wide array of ARM(R) processors.

Comments (none posted)

Red Hat Reports Fiscal First Quarter Results

Red Hat, Inc. has announced financial results for its fiscal first quarter ended May 31, 2005. "Total revenue for the quarter was $60.8 million, a year-over-year increase of 46% and a sequential increase of 6%. Enterprise subscription revenue was $48.7 million, an increase of 63% year-over-year and 7% sequentially."

Full Story (comments: 5)

SGI Teams With IBM on Security and Identity System

SGI has announced the availability of IBM's Entity Analytics Portfolio on the SGI Altix Server platform. "IBM's DB2 EAS portfolio on SGI Altix helps solve identity problems common in national security, compliance, fraud detection, customer relationship management, insider threat detection, and other applications. The solution is designed to bring a new level of accuracy, precision, and fidelity to the concept of identity recognition and relationship resolution for government and commercial organizations."

Comments (none posted)

VA Linux Business Forum a Spirited Success in Tokyo

VA Linux Systems Japan proclaims the VA Linux Business Forum, held last week in Tokyo, as a success. "This year the forum sought to explore the continuing growth of VA Linux as a technology source, present current business conditions and the directions of VA Linux partner companies as the core businesses driving the Linux and Open Source movement, as well as introduce new technologies and solutions essential to the enterprise market built from the Linux kernel level upward."

Full Story (comments: none)

New Books

Addison-Wesley Publishes Second Edition of Advanced Programming in the UNIX Environment

Addison-Wesley has announced the release of the Second Edition of Advanced Programming in the UNIX Environment, originally authored by W. Richard Stevens, and now comprehensively revised and expanded by Stephen A. Rago.

Full Story (comments: none)

JBoss: A Developer's Notebook - O'Reilly's Latest Release

O'Reilly has published the book JBoss: A Developer's Notebook by Norman Richards and Sam Griffith, Jr.

Full Story (comments: none)

Contests and Awards

Nominations for NJAPHs Open (use Perl)

Nominations are being accepted for a new Perl award. "jesse writes "At YAPC::NA, David H. Adler and I announced the creation of a new set of awards for the perl community: the NJAPHs. These awards recognize Perl hackers who have made an outstanding technical contribution in the past year. Nominations are now open, and will be tallied at OSCON, where information about how to cast your vote will be announced. The awards will be presented at YAPC::EU.""

Comments (none posted)

Event Reports

More coverage of International Lisp Conference 2005

More coverage of the 2005 International Lisp Conference is available online.

Full Story (comments: none)

Upcoming Events

GarageGames Presents the 4th Annual IGC

GarageGames will be holding the 4th Annual Indie Games Con from October 7-9, 2005 in Eugene, Oregon. "Indie Games Con (IGC) is a fun, informal and informative community gathering of independent game developers from around the world. IGC is designed to be a summit meeting of like-minded developers with the shared goal to focus on collaboration and building community. Along with sessions on game art, technology, tools and business, the event has a central ShowOFF Center where developers can showcase their current prototypes, demos and newly released games."

Full Story (comments: none)

UKUUG Linux 2005 Conference

The UKUUG Linux 2005 Conference will be held in Swansea on August 4-7, 2005. A detailed description of the event is now available.

Full Story (comments: none)

Events: July 7 - September 1, 2005

Date Event Location
July 7 - 9, 2005LSM 2005 Libre Software Meeting for MedicineDijon, France
July 7 - 9, 2005IV Jornades de Programari LliureCampus de Vilanova i la Geltrú, Spain
July 10 - 18, 2005Debconf 5Helsinki, Finland
July 11, 2005Evolution of Open-Source Code Bases(EVOSC05)Genova, Italy
July 11 - 15, 2005First International Conference on Open Source Systems(OSS2005)Genova, Italy
July 11 - 14, 2005GOTO10 workshop(OKNO)Brussels, Belgium
July 11 - 15, 2005IEEE International Conference on Web Services(ICWS 2005)Orlando, Florida
July 14 - 15, 2005Free Libre Open Source Software in Education Conference(FLOSSIE)(Bolton Technology Innovation Centre)Bolton, UK
July 17 - 19, 2005Desktop Developer's Conference(Ottawa Congress Centre)Ottawa, Ontario, Canada
July 18 - 22, 2005ApacheCon Europe 2005Stuttgart, Germany
July 18 - 22, 2005PostgreSQL Bootcamp(Big Nerd Ranch)Atlanta, GA
July 20 - 23, 2005Ottawa Linux Symposium(OLS 2005)Ottawa, Canada
July 20 - 22, 2005North American Plone Symposium(The Astro Crowne Plaza)New Orleans, Louisiana
July 26, 20052nd European LISP and Scheme WorkshopGlasgow, Scotland
July 27 - 28, 2005Black Hat Briefings USA 2005Las Vegas, NV
July 29 - 31, 2005DefCon 13(Alexis Park)Las Vegas, Nevada
July 31 - August 4, 20052005 SIGGRAPH Computer Animation FestivalLos Angeles, CA
August 1 - 5, 2005O'Reilly Open Source Convention(Oregon Convention Center)Portland, Oregon
August 1 - 5, 2005CIFS 2005 Conference and Plugfest(Doubletree Hotel)San Jose, CA
August 4, 2005Penguincon 2005Israel
August 4 - 7, 2005Linux 2005(University of Wales)Swansea, UK
August 8 - 11, 2005LinuxWorld Conference and Expo(Moscone Center)San Francisco, CA
August 20, 2005Free Audio and Video Event(FAVE)(Trinity Community and Arts Centre)Bristol, UK
August 27 - September 4, 2005aKademy 2005(University of Málaga)Málaga Spain
August 31 - September 2, 2005YAPC::EU::2005(University of Minho)Braga, Portugal
September 1 - 2, 2005Symposium on Security for Asia Network(SyScAN'05)(The Dusit Thani Hotel)Bangkok, Thailand

Comments (none posted)

Miscellaneous

KDE Announces the 24 Google Projects (KDE.News)

The KDE Project and Google have announced the 24 KDE projects selected for the Summer of Code project. "The accepted projects span accessibility work, improvements to the office and personal information management suites, and innovations to KDE architecture. Much anticipated projects include one addressing VoIP in KDE, and a unified document viewer to handle multiple formats with a plugin architecture for third party vendor extensions."

Comments (1 posted)

Summer of Code Results (MozillaZine)

MozillaZine reports on the list of Mozilla-related projects chosen to be part of Google's Summer Of Code. "Selected projects include an event logger for Firefox, a SIP phone client for Thunderbird, a Firefox extension installer, a XUL front end for Bugzilla, a graphical theme builder for Mozilla, a BitTorrent client built with XUL/XPCOM and localizations for Latvian, Thai, Vietnamese and Hindi."

Comments (4 posted)

Python Summer Of Code projects

A. M. Kuchling has announced the project list for the Python projects that will be mentored by the Python Software Foundation during the Summer Of Code event.

Comments (none posted)

Page editor: Forrest Cook

Copyright © 2005, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds