LWN.net Logo

Advertisement

Front, Kernel, Security, Distributions, Development. See your byline here on LWN.net.

Advertise here

LWN.net Weekly Edition for July 07, 2005

Getting Started Listening to Podcasts

July 6, 2005

This article was contributed by Dan York

Last week, I discussed creating podcasts and offered some pointers to how you could get started along with reviews of a couple of books that can help. This week I want to back up a bit and talk about how you can get started listening to podcasts.

The Basics

First, though, I do need to address the question of what makes a podcast different from a regular audio file posted on a website. On a purely technical level, nothing is really different about the audio file. In fact, if you just want to listen to a podcast to see if it is something you would like to listen to on a regular basis, the best bet is often to go to the podcast website and simply download a recent episode and play it in your media player.

What is different is the way in which the audio file is normally retrieved. Rather than being something you click on, download, and play, you subscribe to the podcast RSS feed. This works by virtue of the fact that Dave Winer added an element called an Enclosure to RSS 2.0. Note that the enclosure element is actually not specific to audio: it can be used for pretty much any media element including video or images.

The beauty of this solution is that you simply need to subscribe to whichever podcasts interest you and then listen to them whenever new shows arrive - and whenever you feel like playing them. No need to check web sites for updates. No need to be online to listen to a streaming feed. Many people have referred to podcasting as "TiVo for audio" or "timeshifting radio" and indeed it very much works that way.

So in order to subscribe to podcasts, you need some software tool that can: a) handle RSS feeds; and b) interpret the RSS enclosure tag to download the media automatically for you. At a base level, that is pretty much all you need and the software that does this is often called either a "podcatcher" or "podcast aggregator". Of course, the programs out there don't simply do the base. They add the ability to easily manage your subscriptions, schedule the interval to check (ex. setup an appropriate cron job), manage the downloaded files, etc.

The Software

Linux users have the choice, of course, of podcatcher software in pretty much any language and with or without a GUI. A search on "podcast" at sites such as SourceForge or freshmeat will turn up a variety of choices in various states of development. Some of the prime contenders are:

iPodder - For someone just getting started who wants a GUI, my personal recommendation would be to start out with iPodder (also called the "iPodder Lemon" because of its logo). Being python-based, iPodder is cross-platform and is heavily-used within the Windows and Mac worlds. Linux users receive the benefit of all that usage/testing and have a robust program to use. Screenshots are available if you would like to see what it is all about.

BashPodder - For the text-inclined, BashPodder provides the functionality you need via a basic shell script. Simple, easy, and a breeze to extend. In fact, the site contains a wide range of user-contributed extensions and customizations. Additionally, for those who want the power of the shell but still with a GUI, there is BPConf that allows you to easily configure BashPodder.

jpodder - Another interesting choice is jpodder, a Java-based cross-platform podcatcher. Like iPodder, it is GUI-based and has a range of features.

Other choices - There are a range of other options (and readers are encouraged to leave their recommendations as comments), including:

A reader last week also commented that they were able to have Apple's iTunes program running on their Linux system using CrossOver Office. In any event, you need to have one of these programs installed to have the simplicity of subscribing to podcasts.

The Next Step

Once you have the software installed, you need to find podcasts to which you can subscribe. Some of the podcatchers, such as iPodder, include a built-in directory. Even with such a directory, though, you'll probably want to check out some of the directory sites. More keep appearing on a daily basis, but some of the major sites include:

Typically all you need to do is find the URL for the show's RSS feed and then enter it into your podcatcher software. Some programs allow drag-and-drop... but in any event that's it... you are now subscribed and will start to receive new shows. (Some podcatcher software will download the most recent show and then all new shows - some software will download all shows available in the feed.)

Happy listening! And please do feel free to leave comments to this article about your favorite podcasts - or feedback about various podcatcher software.

Comments (2 posted)

A look at the Bizgres Project

July 6, 2005

This article was contributed by Joe 'Zonker' Brockmeier.

There are a lot of PostgreSQL-derivative projects in the news lately. In May we looked at the EnterpriseDB project. The Bizgres Project released their 0.6 release last week, with a few new features of interest to organizations using PostgreSQL for data warehousing and business intelligence.

The Bizgres project was launched in April of this year. It is based on the PostgreSQL project, with development sponsored by Greenplum, which also uses the Bizgres source code in its DeepGreen offering. Josh Berkus, who works for Greenplum and is a member of the PostgreSQL core team, talked to us about the Bizgres release and the plans for the project.

The 0.6 release has two features of interest that are not currently found in PostgreSQL. The first is a patch that speeds up bulk loading of text data. Berkus said that the patch "speeds up bulk loading of text data by refactoring some of the bulk loader code."

The other feature is an improvement in temporary table creation. When tables are created using the "CREATE TABLE AS SELECT" statement, transaction logging is bypassed which can provide major benefits in performance -- in effect, a kind of "scratch" table that can be used to hold a copy of data that is being worked with without logging transactions. Berkus said that the Bizgres team is planning on expanding the capability to include the ability to bulk load into a "scratch table" but the current feature does not allow that.

With so many PostgreSQL-derived projects available, some may wonder if the project is forking. He said that Greenplum plans to contribute its features back to the PostgreSQL project, but that the timing of PostgreSQL releases made it hard to get the features that interest Greenplum and its customers into mainstream PostgreSQL in a timely fashion:

Feature freeze for 8.1 was July 1st, that was the last day for consideration of patches for 8.1, and for that matter, if you introduced a major patch on July 1 that hadn't been discussed, there's very little chance it'd be introduced [in the 8.1 release of PostgreSQL]. Much of the stuff [in Bizgres] has bad timing, and would have waited for 8.2.

Since PostgreSQL 8.2 is currently slated for summer of 2006, there is a distinct advantage in creating a derivative distribution of PostgreSQL to allow Greenplum and the Bizgres Project to push its features out to its users earlier. Berkus compared this to Linux vendors like Red Hat backporting features from the 2.5/2.6 kernel series to the 2.4 series while 2.6 was still in development. He also compared Bizgres to embedded Linux or Real Time Linux, "in that we're focusing on a distribution of PostgreSQL entirely focused on needs of people running data warehouses or doing business intelligence." Users outside those profiles, said Berkus, probably don't want to consider Bizgres or DeepGreen at all.

He also said that the Bizgres project is focused only on Linux, Solaris and Windows, as opposed to all of the platforms that are supported by the PostgreSQL project, which produces fewer platform compatibility issues for Bizgres.

Berkus allowed for the possibility that Bizgres could have features that do not make it into mainstream PostgreSQL, if they were of benefit to data warehouse applications without providing a benefit to general performance, but that he wasn't aware of any features under consideration that would fit that category.

As for licensing, Berkus said that anything developed by Greenplum for Bizgres would be available under a "BSD or analogous license."

We want to permit commercialization. Our goal, overall is to make it the standard in data warehousing and the BSD license is the best to choose. It eliminates any legal concerns that someone might have about adopting your software.

He also said that he wasn't concerned about other companies snapping up Bizgres' technology. According to Berkus, the major vendors like Microsoft, IBM and Oracle, "already have technology of their own that they have investment in, and they're unlikely to abandon theirs... and if they did [take Bizgres features and make them proprietary] it would be enough of a moral victory that it would be worth it."

Given the number of companies working on PostgreSQL distributions, it should be interesting to see how many of the improvements flow back into the main project, and whether the various companies can avoid straying too far from the main project. It should also be interesting to see whether the Bizgres project gains much steam as an independent project. The mailing list traffic isn't particularly heavy yet, but the project is still very new.

For users who are interested in trying out Bizgres, the 0.6 release is available as source code or binaries for Solaris 10 or Red Hat Linux.

Comments (1 posted)

First Look at Knoppix 4.0

July 6, 2005

This article was contributed by Ladislav Bodnar

The much awaited "maxi" DVD edition of Knoppix 4.0 was presented at the Linux Tag conference in Karlsruhe, Germany last week. As usual, this was a special edition and not a public release, but it didn't take long before the ISO image hit some of the popular BitTorrent download sites and it was even spotted on a few FTP servers a few days later. The reason for the high demand is not hard to understand - Knoppix 4.0 is the largest live Linux DVD ever produced, with a great collection of "the best open source software" available today.

First, some numbers. The size of the single-layer compressed DVD image is 4,122 MB. It contains over 9 GB of software in the form of 2,663 Debian packages providing more than 5,300 individual programs. Most of them come from the recently released Debian 3.1 "sarge", but there are several noteworthy upgrades, such as KDE 3.4.1. KDE is still the default desktop, but Knoppix 4.0 now contains ten other desktop environments and window managers, including the complete GNOME (2.8.1) and XFce (3.8.16 and 4.0.6), and even some exotic ones, such as LarsWM, Openbox, and RatPoison. Booting this DVD on a 4-year old 1.4 GHz Pentium 4 system with 384 MB of RAM took just under 8 minutes (from the GRUB boot prompt to KDE); for comparison, booting the Knoppix 3.9 CD on the same system took only about 3.5 minutes.

It needs to be mentioned that, starting from version 4.0, Knoppix will be split into two editions - "maxi" DVD and "light" CD. The light edition will essentially be the same Knoppix live CD that we have come to love and appreciate over the last couple of years, except that all development software will be removed and replaced with more general desktop applications. The public release of Knoppix 4.0 is expected within the next few weeks, with the "maxi" DVD and "light" CD editions appearing simultaneously.

The Knoppix 4.0 DVD contains many of the most popular open source software packages for the desktop, server, office, graphics, multimedia, and development. Compared to the live CD edition, users now have a choice of KOffice (1.3.5) and GNOME Office (AbiWord + Gnumeric), in addition to OpenOffice.org (a recent beta of the 2.0 series). On the server side of things, both Apache 1.3 and 2.0 are present, and, unlike the CD edition, the DVD also includes PostgreSQL 8. Some other interesting packages that have been missing from all recent Knoppix CD releases include Blender, Eclipse, GnuCash, Mozilla, LyX and teTeX. One downside of the DVD is that, with so many applications included, the standard Debian menus tend to be badly cluttered and poorly organized; as an example, the "Internet" submenu contains a total of 76 items, while the "System" submenu contains 88 items!

Besides adding new packages, what else is new in Knoppix 4.0? In the absence of any changelog we had to dig around the menus and file system to see what exciting things are hiding under the bonnet. The DVD has retained the Unionfs file system so extra packages can be installed on the fly - either from Debian repositories with apt-get or the newly included Synaptic, or via the web-based Klik installer, which also includes some non-free packages. A new feature is the ability to switch between the 11 desktop environments through a "Restart KNOPPIX Desktop" utility. Also, the DVD now contains a lot more documentation in HTML and PDF formats, including the excellent 133-page Knowing Knoppix and m23 Software Distribution guides.

There seems to be an increasing level of collaboration between the developers of Knoppix and other Knoppix-derived live CD and DVD projects. The Kanotix developers contributed some DSL network configuration and hard disk installation code (due to data decompression, a partition of at least 12 GB in size is required for installing the DVD edition of Knoppix 4.0 on the hard disk). Much of the newly included scientific and statistical software was accepted from the Quantian and Paipix live DVD projects, while a lot of educational software found its way into Knoppix from Freeduc, a distribution designed for schools.

Although providing a large number of applications on the DVD should please those users who missed some important pieces of software on the earlier CD editions, the size of the DVD presents its own set of problems. We have already mentioned the unsightly and difficult-to-navigate menus, but a potentially more annoying problem is the general sluggishness of the system while it runs from the DVD. Maybe a more modern DVD drive would be able to launch software packages in a speedier manner, but we were not impressed with a delay lasting several minutes after clicking on a PDF file in Konqueror. Likewise, OpenOffice.org Writer took 150 seconds to launch. Even navigating the menus was painfully slow, much slower than any of the CD editions. Of course, once an application is cached in the memory it starts a lot faster, but the first run of any large software package will likely test your patience.

This brings in the question about how useful a 4 GB Knoppix live DVD really is. Although it is easy to get excited over all the goodies available at a mouse click, many people will undoubtedly be put off by the long boot times, poor system responsiveness and cluttered menus. After having played with the system for a few minutes, we found ourselves craving for the much leaner and faster Knoppix CD - although not nearly as full-featured as the DVD edition, it contains enough applications to satisfy the majority of users. Whether you use Knoppix as a rescue CD, carry it around to boot computers in Internet cafes, or employ it to demonstrate Linux and open source software to interested parties, the CD edition of Knoppix will probably remain a more practical tool than the more complete, but also more sluggish DVD edition.

Comments (9 posted)

Page editor: Rebecca Sobol

Security

Security news

PEAR XML_RPC remote code execution vulnerability

July 6, 2005

This article was contributed by Joe 'Zonker' Brockmeier.

A serious vulnerability in the PEAR XML_RPC library and the XML-RPC for PHP package has been disclosed. The vulnerability allows unsanitized data to be passed to the eval() call, which would allow execution of arbitrary PHP code.

The vulnerability was reported by James Bercegay of the GulfTech Security Research Team. Bercegay reports that the parseRequest() function passes data to eval() without sanitizing the input first. As a result, a properly-crafted XML file can be used to execute PHP code on the targeted server. Bercegay's advisory gives an example that could be used to execute the relatively harmless phpinfo() function to be executed on a target server:

<?xml version="1.0"?>
<methodCall>
<methodName>test.method</methodName>
  <params>
    <param>
      <value><name>','')); phpinfo(); exit;/*</name></value>
    </param>
  </params>
</methodCall>

PEAR's library or the XML-RPC for PHP package are used in a number of PHP-based projects, including WordPress, Drupal, PostNuke, Xaraya, phpGroupWare, Tikiwiki, and many others, which means that there are a lot of vulnerable servers out there. Users of PHP-based blogging applications and other packages that use XML_RPC should check to see if the software is vulnerable and update the package as soon as a new release is available. Some projects, like PostNuke, are advising users to remove the offending code altogether.

PEAR's XML_RPC library is also distributed with many Linux distributions. Most of the vulnerable projects and distributions have announced updated packages, and the PHP project has bundled the new PEAR XML_RPC package in PHP 4.4.0RC2, and a separate release is available on the PEAR site. The final PHP 4.4.0 release is scheduled for July 11. Users can also update the PEAR library by running "pear upgrade XML_RPC" as root or using sudo. An update of XML-RPC for PHP is also available.

Users should upgrade or take steps to remove the library as soon as possible, as it seems likely that exploits of this vulnerability will begin appearing in the wild soon, if they have not already.

Comments (2 posted)

New vulnerabilities

crip: insecure temporary files

Package(s):crip CVE #(s):CAN-2005-0393
Created:June 30, 2005 Updated:July 6, 2005
Description: Justin Rye discovered that crip, a terminal-based ripper, encoder and tagger tool, utilizes temporary files in an insecure fashion in its helper scripts.
Alerts:
Debian DSA-733-1 2005-06-30

Comments (none posted)

kernel: multiple vulnerabilities

Package(s):kernel CVE #(s):CAN-2005-1913 CAN-2005-1761
Created:July 1, 2005 Updated:September 9, 2005
Description: Several vulnerabilities in the 2.6 kernel have been fixed, including a subthread exec problem (CAN-2005-1913) and a ia64 ptrace + sigrestore_context problem (CAN-2005-1761).
Alerts:
Ubuntu USN-178-1 2005-09-09
Red Hat RHSA-2005:551-01 2005-08-25
SuSE SUSE-SA:2005:044 2005-08-04
Fedora FEDORA-2005-510 2005-07-01

Comments (1 posted)

phpbb: arbitrary command execution

Package(s):phpbb CVE #(s):
Created:July 4, 2005 Updated:July 6, 2005
Description: Ron van Daal discovered a vulnerability in the PhpBB highlighting code that can allow an attacker to execute arbitrary code with the privileges of the web server.
Alerts:
Gentoo 200507-03 2005-07-04

Comments (none posted)

php-pear: remote code execution

Package(s):php-pear CVE #(s):CAN-2005-1921
Created:July 1, 2005 Updated:July 29, 2005
Description: The PEAR XMLRPC implementation has a vulnerability that can be exploited for remote code execution. See this report from GulfTech Security Research. This vulnerability affects a large number of PHP web applications.
Alerts:
Fedora-Legacy FLSA:163559 2005-07-28
Conectiva CLA-2005:980 2005-07-14
Gentoo 200507-15 2005-07-15
Debian DSA-746-1 2005-07-13
Slackware SSA:2005-192-02 2005-07-12
Slackware SSA:2005-192-01 2005-07-12
Gentoo 200507-08 2005-07-10
Debian DSA-747-1 2005-07-10
Gentoo 200507-07 2005-07-10
Debian DSA-745-1 2005-07-10
SuSE SUSE-SA:2005:041 2005-07-08
Red Hat RHSA-2005:564-01 2005-07-07
Gentoo 200507-06 2005-07-06
Ubuntu USN-147-2 2005-07-06
Ubuntu USN-147-1 2005-07-05
Fedora FEDORA-2005-518 2005-07-05
Fedora FEDORA-2005-517 2005-07-05
Gentoo 200507-01 2005-07-03
Mandriva MDKSA-2005:109 2005-06-30

Comments (none posted)

zlib: buffer overflow

Package(s):zlib CVE #(s):CAN-2005-2096
Created:July 6, 2005 Updated:October 27, 2005
Description: zlib has a buffer overflow vulnerability that can be exploited by inflation of corrupted files, this can be used to crash zlib or possibly remotely execute code.
Alerts:
Mandriva MDKSA-2005:196 2005-10-26
Debian DSA-797-2 2005-09-28
Fedora FEDORA-2005-565 2005-07-13
Slackware SSA:2005-189-01 2005-07-10
Trustix TSLSA-2005-0034 2005-07-08
Mandriva MDKSA-2005:112 2005-07-06
Fedora FEDORA-2005-523 2005-07-07
Fedora FEDORA-2005-524 2005-07-07
OpenPKG OpenPKG-SA-2005.013 2005-07-07
Ubuntu USN-148-1 2005-07-06
SuSE SUSE-SA:2005:039 2005-07-06
Red Hat RHSA-2005:569-01 2005-07-06
Gentoo 200507-05 2005-07-06
Debian DSA-740-1 2005-07-06

Comments (6 posted)

Updated vulnerabilities

a2ps: input validation error

Package(s):a2ps CVE #(s):CAN-2004-1170 CAN-2004-1377
Created:November 26, 2004 Updated:December 19, 2005
Description: The GNU a2ps utility fails to properly sanitize filenames, which can be abused by a malicious user to execute arbitrary commands with the privileges of the user running the vulnerable application. More information at Security Focus.
Alerts:
Fedora-Legacy FLSA:152870 2005-12-17
Mandriva MDKSA-2005:097 2005-06-07
OpenPKG OpenPKG-SA-2005.003 2005-01-17
Gentoo 200501-02 2005-01-04
Debian DSA-612-1 2004-12-20
Mandrake MDKSA-2004:140 2004-11-25

Comments (none posted)

kernel: Linux amd64 kernel vulnerabilities

Package(s):AMD kernel CVE #(s):CAN-2005-1762 CAN-2005-1765
Created:June 27, 2005 Updated:June 28, 2005
Description: A Denial of Service vulnerability has been discovered in the ptrace() call on the amd64 platform. By calling ptrace() with specially crafted ("non-canonical") addresses, a local attacker could cause the kernel to crash. This only affects the amd64 platform. (CAN-2005-1762)

ZouNanHai discovered that a local user could hang the kernel by invoking syscall() with specially crafted arguments. This only affects the amd64 platform when running in the 32 bit compatibility mode. (CAN-2005-1765)

Alerts:
Ubuntu USN-143-1 2005-06-27

Comments (none posted)

bzip2: race condition and infinite loop

Package(s):bzip2 CVE #(s):CAN-2005-0953 CAN-2005-1260
Created:May 17, 2005 Updated:January 10, 2007
Description: A race condition in bzip2 1.0.2 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by bzip2 after the decompression is complete. Also specially crafted bzip2 archives may cause an infinite loop in the decompressor.
Alerts:
rPath rPSA-2007-0004-1 2007-01-09
Debian DSA-741-1 2005-07-07
Red Hat RHSA-2005:474-01 2005-06-16
OpenPKG OpenPKG-SA-2005.008 2005-06-10
SuSE SUSE-SR:2005:015 2005-06-07
Debian DSA-730-1 2005-05-27
Mandriva MDKSA-2005:091 2005-05-18
Ubuntu USN-127-1 2005-05-17

Comments (2 posted)

cacti: SQL injection and PHP file inclusion

Package(s):cacti CVE #(s):
Created:June 22, 2005 Updated:July 21, 2005
Description: Cacti (prior to version 0.8.6e) suffers from vulnerabilities which can lead to SQL injection and (on some systems) execution of arbitrary PHP files.
Alerts:
Debian DSA-764-1 2005-07-21
Gentoo GLSA 200506-20:02 2005-06-22
Gentoo GLSA 200506-20:02 2005-06-22
Gentoo 200506-20:02 2005-06-22
Gentoo 200506-20 2005-06-22

Comments (none posted)

ClamAV: denial of service

Package(s):clamav CVE #(s):CAN-2005-2056 CAN-2005-2070
Created:June 27, 2005 Updated:July 12, 2005
Description: Andrew Toller and Stefan Kanthak discovered that a flaw in libmspack's Quantum archive decompressor renders Clam AntiVirus vulnerable to a Denial of Service attack. A remote attacker could exploit this vulnerability to cause a Denial of Service by sending a specially crafted Quantum archive to the server.
Alerts:
Mandriva MDKSA-2005:113 2005-07-11
Debian DSA-737-1 2005-07-05
SuSE SUSE-SA:2005:038 2005-06-29
Gentoo 200506-23 2005-06-27

Comments (none posted)

cpio - file permissions error

Package(s):cpio CVE #(s):CAN-1999-1572
Created:February 2, 2005 Updated:July 19, 2005
Description: Some versions of cpio contain an ancient vulnerability where files created by that utility have overly generous access permissions.
Alerts:
Fedora-Legacy FLSA:152891 2005-07-15
Red Hat RHSA-2005:080-01 2005-02-18
Red Hat RHSA-2005:073-01 2005-02-15
Mandrake MDKSA-2005:032-1 2005-02-11
Mandrake MDKSA-2005:032 2005-02-10
Ubuntu USN-75-1 2005-02-04
Debian DSA-664-1 2005-02-02

Comments (none posted)

cpio: directory traversal

Package(s):cpio CVE #(s):CAN-2005-1111
Created:June 20, 2005 Updated:December 26, 2005
Description: There is a vulnerability in cpio (2.6 and previous) that allows a malicious cpio file to extract to an arbitrary directory of the attackers choice. cpio will extract to the path specified in the cpio file, this path can be absolute.
Alerts:
Mandriva MDKSA-2005:237 2005-12-23
Red Hat RHSA-2005:806-01 2005-11-10
Debian DSA-846-1 2005-10-07
Ubuntu USN-189-1 2005-09-29
Red Hat RHSA-2005:378-01 2005-07-21
Mandriva MDKSA-2005:116-1 2005-07-19
Mandriva MDKSA-2005:116 2005-07-11
Trustix TSLSA-2005-0030 2005-06-24
Gentoo 200506-16 2005-06-20

Comments (1 posted)

cURL: buffer overflow

Package(s):curl CVE #(s):CAN-2005-0490
Created:February 28, 2005 Updated:July 19, 2005
Description: Multiple stack-based buffer overflows in libcURL and cURL 7.12.1, and possibly other versions, allow remote malicious web servers to execute arbitrary code via base64 encoded replies that exceed the intended buffer lengths when decoded.
Alerts:
Fedora-Legacy FLSA:152917 2005-07-15
Fedora FEDORA-2005-325 2005-04-20
Red Hat RHSA-2005:340-01 2005-04-05
Conectiva CLA-2005:940 2005-03-21
Gentoo 200503-20 2005-03-16
Mandrake MDKSA-2005:048 2005-03-04
SuSE SUSE-SA:2005:011 2005-02-28
Ubuntu USN-86-1 2005-02-28

Comments (none posted)

cvs: multiple vulnerabilities

Package(s):cvs CVE #(s):CAN-2005-0753
Created:April 18, 2005 Updated:July 13, 2005
Description: CVS (in version prior to 1.11.20) has one or more buffer overflow vulnerabilities, memory leaks, and a NULL pointer dereferencing error. These can be used to launch a remote denial of service or to remotely execute arbitrary code.
Alerts:
Debian DSA-742-1 2005-07-07
Fedora-Legacy FLSA:155508 2005-05-12
Ubuntu USN-117-1 2005-05-04
Red Hat RHSA-2005:387-01 2005-04-25
Gentoo 200504-16:02 2005-04-18
Slackware SSA:2005-111-01 2005-04-22
Trustix TSLSA-2005-0013 2005-04-20
Mandriva MDKSA-2005:073 2005-04-20
Fedora FEDORA-2005-330 2005-04-20
Gentoo 200504-16 2005-04-18
SuSE SUSE-SA:2005:024 2005-04-18

Comments (none posted)

cyrus-imapd: buffer overflows

Package(s):cyrus-imapd CVE #(s):CAN-2005-0546
Created:February 23, 2005 Updated:April 9, 2006
Description: Cyrus-imapd, prior to version 2.2.12, contains several buffer overflows which could be exploited by an (authenticated) attacker to run code on the server system.
Alerts:
Fedora-Legacy FLSA:156290 2006-04-04
Red Hat RHSA-2005:408-01 2005-05-17
Fedora FEDORA-2005-339 2005-04-27
OpenPKG OpenPKG-SA-2005.005 2005-04-05
Conectiva CLA-2005:937 2005-03-17
Mandrake MDKSA-2005:051 2005-03-04
Ubuntu USN-87-1 2005-02-28
SuSE SUSE-SA:2005:009 2005-02-24
Gentoo 200502-29 2005-02-23

Comments (none posted)

dbus: information disclosure

Package(s):dbus CVE #(s):CAN-2005-0201
Created:June 8, 2005 Updated:August 30, 2005
Description: From the Red Hat alert: "Dan Reed discovered that a user can send and listen to messages on another user's per-user session bus if they know the address of the socket." At current usage levels, this vulnerability is not particularly threatening.
Alerts:
Fedora FEDORA-2005-822 2005-08-29
Ubuntu USN-144-1 2005-06-27
Mandriva MDKSA-2005:105 2005-06-24
Red Hat RHSA-2005:102-01 2005-06-08

Comments (none posted)

dhcp: format string vulnerability

Package(s):dhcp CVE #(s):CAN-2004-1006
Created:November 4, 2004 Updated:July 13, 2005
Description: Dhcp has a format string vulnerability in the log functions of dhcp 2.x that may be exploited via a malicious DNS server.
Alerts:
Fedora-Legacy FLSA:152835 2005-07-10
Red Hat RHSA-2005:212-01 2005-04-12
Debian DSA-584-1 2004-11-04

Comments (none posted)

Dnsmasq: poisoning and DoS

Package(s):dnsmasq CVE #(s):
Created:April 4, 2005 Updated:July 21, 2005
Description: Dnsmasq does not properly detect that DNS replies received do not correspond to any DNS query that was sent. Rob Holland of the Gentoo Linux Security Audit team also discovered two off-by-one buffer overflows that could crash DHCP lease files parsing.
Alerts:
Slackware SSA:2005-201-01 2005-07-21
Gentoo 200504-03 2005-04-04

Comments (none posted)

emacs21: format string vulnerability in "movemail"

Package(s):emacs21 CVE #(s):CAN-2005-0100
Created:February 7, 2005 Updated:May 15, 2006
Description: Max Vozeler discovered a format string vulnerability in the "movemail" utility of Emacs. By sending specially crafted packets, a malicious POP3 server could cause a buffer overflow, which could be exploited to execute arbitrary code with the privileges of the user and the "mail" group.
Alerts:
Fedora-Legacy FLSA:152898 2006-05-12
Debian DSA-685-1 2005-02-17
Mandrake MDKSA-2005:038 2005-02-15
Gentoo 200502-20 2005-02-15
Fedora FEDORA-2005-146 2005-02-14
Fedora FEDORA-2005-145 2005-02-14
Red Hat RHSA-2005:133-01 2005-02-15
Red Hat RHSA-2005:110-01 2005-02-15
Red Hat RHSA-2005:134-01 2005-02-10
Red Hat RHSA-2005:112-01 2005-02-10
Fedora FEDORA-2005-116 2005-02-08
Fedora FEDORA-2005-115 2005-02-08
Debian DSA-671-1 2005-02-08
Debian DSA-670-1 2005-02-08
Ubuntu USN-76-1 2005-02-07

Comments (none posted)

enscript: arbitrary code execution

Package(s):enscript CVE #(s):CAN-2004-1184 CAN-2004-1185 CAN-2004-1186
Created:January 21, 2005 Updated:May 27, 2006
Description: Erik Sjölund has discovered several security relevant problems in enscript, a program to convert ASCII text into Postscript and other formats. Unsanitized input can cause the execution of arbitrary commands via EPSF pipe support. Due to missing sanitizing of filenames it is possible that a specially crafted filename can cause arbitrary commands to be executed. Multiple buffer overflows can cause the program to crash.
Alerts:
rPath rPSA-2006-0083-1 2006-05-26
Fedora-Legacy FLSA:152892 2005-12-17
Red Hat RHSA-2005:040-01 2005-02-15
Mandrake MDKSA-2005:033 2005-02-10
Gentoo 200502-03 2005-02-02
Red Hat RHSA-2005:039-01 2005-02-01
Fedora FEDORA-2005-096 2005-01-31
Fedora FEDORA-2005-092 2005-01-28
Fedora FEDORA-2005-091 2005-01-28
Fedora FEDORA-2005-016 2005-01-26
Fedora FEDORA-2005-015 2005-01-26
Ubuntu USN-68-1 2005-01-24
Debian DSA-654-1 2005-01-21

Comments (none posted)

ettercap: format string vulnerability

Package(s):ettercap CVE #(s):CAN-2005-1796
Created:June 13, 2005 Updated:July 13, 2005
Description: The Ettercap suite of networking tools has a format string vulnerability that can be exploited by a remote attacker for the execution of arbitrary code.
Alerts:
Debian DSA-749-1 2005-07-10
Gentoo 200506-07 2005-06-11

Comments (none posted)

evolution: message crash vulnerability

Package(s):evolution CVE #(s):CAN-2005-0806
Created:March 17, 2005 Updated:August 11, 2005
Description: The Evolution mail client can be crashed when reading certain types of messages.
Alerts:
Ubuntu USN-166-1 2005-08-11
Red Hat RHSA-2005:397-01 2005-05-04
Conectiva CLA-2005:950 2005-04-27
Fedora FEDORA-2005-338 2005-04-22
Mandrake MDKSA-2005:059 2005-03-16

Comments (none posted)

Foomatic: Arbitrary command execution in foomatic-rip

Package(s):foomatic CVE #(s):CAN-2004-0801
Created:September 20, 2004 Updated:May 31, 2006
Description: There is a vulnerability in the foomatic-filters package. This vulnerability is due to insufficient checking of command-line parameters and environment variables in the foomatic-rip filter. This vulnerability may allow both local and remote attackers to execute arbitrary commands on the print server with the permissions of the spooler.
Alerts:
SuSE SUSE-SA:2006:026 2006-05-30
Fedora-Legacy FLSA:2076 2004-11-05
Conectiva CLA-2004:880 2004-10-27
Fedora FEDORA-2004-303 2004-09-21
Gentoo 200409-24 2004-09-20

Comments (none posted)

gaim: denial of service

Package(s):gaim CVE #(s):CAN-2005-1934
Created:June 15, 2005 Updated:July 5, 2005
Description: There's yet another remote vulnerability in gaim; this one affects MSN users, who can be subject to denial of service attacks via malicious messages.
Alerts:
Debian DSA-734-1 2005-07-05
Fedora FEDORA-2005-411 2005-06-16
Fedora FEDORA-2005-410 2005-06-16
Red Hat RHSA-2005:518-01 2005-06-16
Ubuntu USN-140-1 2005-06-15

Comments (none posted)

gdb: multiple vulnerabilities

Package(s):gdb CVE #(s):CAN-2005-1704 CAN-2005-1705
Created:May 20, 2005 Updated:August 11, 2006
Description: Tavis Ormandy of the Gentoo Linux Security Audit Team discovered an integer overflow in the BFD library, resulting in a heap overflow. A review also showed that by default, gdb insecurely sources initialization files from the working directory. Successful exploitation would result in the execution of arbitrary code on loading a specially crafted object file or the execution of arbitrary commands.
Alerts:
Red Hat RHSA-2006:0354-01 2006-08-10
Red Hat RHSA-2006:0368-01 2006-07-20
Mandriva MDKSA-2005:215 2005-11-23
Fedora FEDORA-2005-1033 2005-10-27
Fedora FEDORA-2005-1032 2005-10-27
Red Hat RHSA-2005:801-01 2005-10-18
Red Hat RHSA-2005:763-01 2005-10-11
Red Hat RHSA-2005:709-01 2005-10-05
Red Hat RHSA-2005:673-01 2005-10-05
Red Hat RHSA-2005:659-01 2005-09-28
Fedora FEDORA-2005-498 2005-06-29
Fedora FEDORA-2005-497 2005-06-29
Gentoo 200506-01 2005-06-01
Trustix TSLSA-2005-0025 2005-05-31
Mandriva MDKSA-2005:095 2005-05-30
Ubuntu USN-136-2 2005-05-27
Ubuntu USN-136-1 2005-05-27
Ubuntu USN-135-1 2005-05-27
Gentoo 200505-15 2005-05-20

Comments (5 posted)

gtk-pixbuf, gtk2: denial of service

Package(s):gdk-pixbuf gtk2 CVE #(s):CAN-2005-0891
Created:March 30, 2005 Updated:December 19, 2005
Description: The BMP image processing code in gdk-pixbuf and gtk2 contains a denial of service vulnerability exploitable via a specially crafted image file.
Alerts:
Fedora-Legacy FLSA:155510 2005-12-17
Fedora-Legacy FLSA:154272 2005-07-15
SuSE SUSE-SR:2005:010 2005-04-08
Mandrake MDKSA-2005:069 2005-04-07
Mandrake MDKSA-2005:068 2005-04-07
Ubuntu USN-108-1 2005-04-05
Red Hat RHSA-2005:343-01 2005-04-05
Red Hat RHSA-2005:344-01 2005-04-01
Fedora FEDORA-2005-268 2005-03-30
Fedora FEDORA-2005-267 2005-03-30
Fedora FEDORA-2005-266 2005-03-30
Fedora FEDORA-2005-265 2005-03-30

Comments (none posted)

gedit: format string vulnerability

Package(s):gedit CVE #(s):CAN-2005-1686
Created:June 9, 2005 Updated:July 12, 2005
Description: A format string vulnerability has been discovered in gedit. Calling the program with specially crafted file names caused a buffer overflow, which could be exploited to execute arbitrary code with the privileges of the gedit user.
Alerts:
Debian DSA-753-1 2005-07-12
Mandriva MDKSA-2005:102 2005-06-15
Red Hat RHSA-2005:499-01 2005-06-13
Gentoo 200506-09 2005-06-11
Ubuntu USN-138-1 2005-06-09

Comments (none posted)

gettext: Insecure temporary file handling

Package(s):gettext CVE #(s):CAN-2004-0966
Created:October 11, 2004 Updated:March 1, 2006
Description: gettext insecurely creates temporary files in world-writeable directories with predictable names. A local attacker could create symbolic links in the temporary files directory, pointing to a valid file somewhere on the filesystem. When gettext is called, this would result in file access with the rights of the user running the utility, which could be the root user.
Alerts:
Mandriva MDKSA-2006:051 2006-02-28
Fedora-Legacy FLSA:136323 2006-01-09
Gentoo 200410-10:02 2004-10-10
OpenPKG OpenPKG-SA-2004.055 2004-12-23
Ubuntu USN-5-1 2004-10-27
Gentoo 200410-10 2004-10-10

Comments (1 posted)

gftp: missing input sanitizing

Package(s):gftp CVE #(s):CAN-2005-0372 CAN-2004-1376
Created:February 17, 2005 Updated:July 13, 2005
Description: gftp has a directory traversal vulnerability. A remote server could use specially crafted filenames to overwrite local files.
Alerts:
Fedora-Legacy FLSA:152908 2005-07-10
Red Hat RHSA-2005:410-01 2005-06-13
Fedora FEDORA-2005-310 2005-04-07
Fedora FEDORA-2005-309 2005-04-07
Mandrake MDKSA-2005:050 2005-03-04
Gentoo 200502-27 2005-02-19
SuSE SUSE-SR:2005:005 2005-02-18
Debian DSA-686-1 2005-02-17

Comments (none posted)

ghostscript: symlink vulnerabilities

Package(s):ghostscript CVE #(s):CAN-2004-0967
Created:October 20, 2004 Updated:September 28, 2005
Description: The ghostscript package (prior to version 7.07.1-r7) contains several scripts which are vulnerable to symlink attacks.
Alerts:
Red Hat RHSA-2005:081-01 2005-09-28
Ubuntu USN-3-1 2004-10-27
Gentoo 200410-18 2004-10-20

Comments (none posted)

glibc: tempfile vulnerability in catchsegv script

Package(s):glibc CVE #(s):CAN-2004-0968
Created:October 21, 2004 Updated:November 14, 2005
Description: The catchsegv script in the glibc package has a symlink vulnerability that may allow a local user to overwrite arbitrary files with the permissions of the user that is running the script.
Alerts:
Fedora-Legacy FLSA:152848 2005-11-13
Red Hat RHSA-2005:261-01 2005-04-28
Debian DSA-636-1 2005-01-12
Mandrake MDKSA-2004:159 2004-12-29
Red Hat RHSA-2004:586-01 2004-12-20
Fedora FEDORA-2004-356 2004-11-11
Ubuntu USN-4-1 2004-10-27
Gentoo 200410-19 2004-10-21

Comments (none posted)

gnupg: information leak

Package(s):gnupg CVE #(s):CAN-2005-0366
Created:March 16, 2005 Updated:August 19, 2005
Description: GnuPG (and other PGP-like systems) suffers from an information leak which could, in some situations, be used by an attacker to obtain plain text from an encrypted message. See this message for a detailed explanation of the problem. "We know of no real-world application that is affected by this type of attack. It is an attack that requires the active participation of someone who holds the actual key required to decrypt a message. Thus, it is not something you are likely to see."
Alerts:
Ubuntu USN-170-1 2005-08-19
Gentoo 200503-29 2005-03-24
Mandrake MDKSA-2005:057 2005-03-15

Comments (none posted)

grip: buffer overflow

Package(s):grip CVE #(s):CAN-2005-0706
Created:March 10, 2005 Updated:September 16, 2005
Description: Grip, a CD ripper, has a buffer overflow vulnerability that can occur when the CDDB server returns more than 16 matches.
Alerts:
Fedora-Legacy FLSA:152919 2005-09-15
Mandriva MDKSA-2005:074 2005-04-20
Mandriva MDKSA-2005:075 2005-04-20
Gentoo 200504-07 2005-04-08
Mandrake MDKSA-2005:066 2005-04-01
Red Hat RHSA-2005:304-01 2005-03-28
Gentoo 200503-21 2005-03-17
Fedora FEDORA-2005-203 2005-03-09
Fedora FEDORA-2005-202 2005-03-09

Comments (none posted)

groff: insecure temporary directory

Package(s):groff CVE #(s):CAN-2004-0969
Created:November 1, 2004 Updated:February 9, 2006
Description: Recently, Trustix Secure Linux discovered a vulnerability in the groff package. The utility "groffer" created a temporary directory in an insecure way, which allowed exploitation of a race condition to create or overwrite files with the privileges of the user invoking the program.
Alerts:
Mandriva MDKSA-2006:038 2006-02-08
Gentoo 200411-15 2004-11-08
Ubuntu USN-13-1 2004-11-01

Comments (none posted)

gxine: format string vulnerability

Package(s):gxine CVE #(s):CAN-2005-1692
Created:May 26, 2005 Updated:July 23, 2005
Description: The gxine media player has a format string vulnerability in the hostname decoding function. A specially crafted file can be used to cause a user to execute arbitrary code.
Alerts:
Slackware SSA:2005-203-04 2005-07-23
Gentoo 200505-19 2005-05-26

Comments (none posted)

gzip: race condition and directory traversal

Package(s):gzip CVE #(s):CAN-2005-0988 CAN-2005-1228
Created:May 4, 2005 Updated:July 13, 2005
Description: gzip suffers from a race condition which could allow a fast-fingered attacker to change the permissions on files owned by others. There is also a directory traversal vulnerability associated with the -N option.
Alerts:
Debian DSA-752-1 2005-07-11
Red Hat RHSA-2005:357-01 2005-06-13
OpenPKG OpenPKG-SA-2005.010 2005-06-10
OpenPKG OpenPKG-SA-2005.009 2005-06-10
Mandriva MDKSA-2005:092 2005-05-18
Gentoo 200505-05 2005-05-09
Trustix TSLSA-2005-0018 2005-05-06
Ubuntu USN-116-1 2005-05-04

Comments (none posted)

Heimdal: buffer overflow vulnerabilities

Package(s):heimdal CVE #(s):CAN-2005-2040
Created:June 29, 2005 Updated:July 18, 2005
Description: It has been reported that the "getterminaltype" function of Heimdal's (before 0.6.5) telnetd server is vulnerable to buffer overflows. An attacker could exploit this vulnerability to execute arbitrary code with the permission of the telnetd server program.
Alerts:
Debian DSA-758-1 2005-07-18
SuSE SUSE-SA:2005:040 2005-07-06
Gentoo 200506-24 2005-06-29

Comments (none posted)

htdig: cross site scripting

Package(s):htdig CVE #(s):CAN-2005-0085
Created:February 14, 2005 Updated:January 10, 2006
Description: Michael Krax discovered that ht://Dig fails to validate the 'config' parameter before displaying an error message containing the parameter. This flaw could allow an attacker to conduct cross-site scripting attacks.
Alerts:
Fedora-Legacy FLSA:152907 2006-01-09
Mandrake MDKSA-2005:063 2005-03-31
Red Hat RHSA-2005:090-01 2005-02-15
Debian DSA-680-1 2005-02-14
Gentoo 200502-16 2005-02-13

Comments (none posted)

ImageMagick: xwd coder denial of service

Package(s):ImageMagick CVE #(s):CAN-2005-1739
Created:May 26, 2005 Updated:July 19, 2005
Description: The xwd coder in ImageMagick has a vulnerability that can be accessed by working on a maliciously created image. A denial of service can result.
Alerts:
Fedora-Legacy FLSA:152777 2005-07-12
Mandriva MDKSA-2005:107 2005-06-28
Red Hat RHSA-2005:480-01 2005-06-02
Fedora FEDORA-2005-395 2005-05-26

Comments (none posted)

imap: buffer overflow in c-client

Package(s):imap CVE #(s):CAN-2003-0297
Created:February 18, 2005 Updated:April 9, 2006
Description: A buffer overflow flaw was found in the c-client IMAP client. An attacker could create a malicious IMAP server that if connected to by a victim could execute arbitrary code on the client machine.
Alerts:
Fedora-Legacy FLSA:184074 2006-04-04
Fedora-Legacy FLSA:152912 2005-05-12
Red Hat RHSA-2005:114-01 2005-02-18

Comments (none posted)

imlib2: buffer overflows

Package(s):imlib2 CVE #(s):CAN-2004-0802 CAN-2004-0817
Created:September 8, 2004 Updated:October 26, 2005
Description: The imlib2 library contains buffer overflows in the BMP handling code.
Alerts:
Debian DSA-548-2 2005-10-26
Conectiva CLA-2004:870 2004-09-28
Debian DSA-552-1 2004-09-22
Debian DSA-548-1 2004-09-16
Red Hat RHSA-2004:465-01 2004-09-15
Gentoo 200409-12 2004-09-08
Fedora FEDORA-2004-301 2004-09-09
Fedora FEDORA-2004-300 2004-09-09
Mandrake MDKSA-2004:089 2004-09-07

Comments (none posted)

infozip: privilege escalation, directory-traversal

Package(s):infozip CVE #(s):CAN-2003-0282 CAN-2004-1010 CAN-2005-0602
Created:May 2, 2005 Updated:August 1, 2005
Description: InfoZip reports that Zip 2.3 and (presumably) all previous versions have a buffer-overrun vulnerability relating to deep directory paths that could potentially lead to local privilege escalation (e.g., in the case of automated, Zip-based backups). All versions of UnZip through 5.50 have a number of directory-traversal vulnerabilities.
Alerts:
Ubuntu USN-159-1 2005-08-01
Slackware SSA:2005-121-01 2005-05-02

Comments (1 posted)

junkbuster: heap corruption and settings modification

Package(s):junkbuster CVE #(s):CVE-2005-1108 CVE-2005-1109
Created:April 13, 2005 Updated:November 5, 2005
Description: JunkBuster through version 2.02-r2 contains two vulnerabilities: a heap corruption bug and a possible privacy violation.
Alerts:
Debian DSA-713-1 2005-04-21
Gentoo 200504-11 2005-04-13

Comments (1 posted)

kdelibs: unsanitzied input

Package(s):kdelibs CVE #(s):CAN-2004-1165
Created:January 10, 2005 Updated:July 19, 2005
Description: Thiago Macieira discovered a vulnerability in the kioslave library, which is part of kdelibs, which allows a remote attacker to execute arbitrary FTP commands via an ftp:// URL that contains an URL-encoded newline before the FTP command.
Alerts:
Fedora-Legacy FLSA:152769 2005-07-15
Mandrake MDKSA-2005:045 2005-02-17
Red Hat RHSA-2005:065-01 2005-02-15
Red Hat RHSA-2005:009-01 2005-02-10
Fedora FEDORA-2005-064 2005-01-25
Fedora FEDORA-2005-063 2005-01-25
Gentoo 200501-18 2005-01-11
Debian DSA-631-1 2005-01-10

Comments (none posted)

kernel: multiple vulnerabilities

Package(s):kernel CVE #(s):CAN-2005-0400 CAN-2005-0749 CAN-2005-0750 CAN-2005-0815 CAN-2005-0839
Created:April 1, 2005 Updated:July 1, 2005
Description: More kernel vulnerabilities have been discovered including:
  • Mathieu Lafon discovered an information leak in the ext2 file system driver. (CAN-2005-0400)
  • Yichen Xie discovered a Denial of Service vulnerability in the ELF loader. (CAN-2005-0749)
  • Ilja van Sprundel discovered that the bluez_sock_create() function did not check its "protocol" argument for negative values. (CAN-2005-0750)
  • Michal Zalewski discovered that the iso9660 file system driver fails to check ranges properly in several cases. (CAN-2005-0815)
  • Previous kernels did not restrict the use of the N_MOUSE line discipline in the serial driver. (CAN-2005-0839)
Alerts:
Mandriva MDKSA-2005:110 2005-06-30
Mandriva MDKSA-2005:111 2005-06-30
Fedora-Legacy FLSA:152532 2005-06-04
Conectiva CLA-2005:952 2005-05-02
Red Hat RHSA-2005:284-01 2005-04-28
Red Hat RHSA-2005:283-01 2005-04-28
Red Hat RHSA-2005:293-01 2005-04-22
Fedora FEDORA-2005-313 2005-04-11
Trustix TSLSA-2005-0011 2005-04-05
SuSE SUSE-SA:2005:021 2005-04-04
Ubuntu USN-103-1 2005-04-01

Comments (1 posted)

kernel: ELF loader core dump vulnerability

Package(s):kernel CVE #(s):CAN-2005-1263
Created:May 11, 2005 Updated:August 25, 2005
Description: Paul Starzetz has posted an advisory for yet another kernel vulnerability. In this case, by using a specially manipulated ELF binary, a local attacker can compromise the system (via the core dump code) and obtain root access. This vulnerability affects all kernels from 2.2 through 2.6.12-rc4.
Alerts:
Red Hat RHSA-2005:529-01 2005-08-25
Red Hat RHSA-2005:420-01 2005-06-08
Red Hat RHSA-2005:472-01 2005-05-25
Fedora FEDORA-2005-392 2005-05-23