LWN.net Weekly Edition for April 27, 2006 [LWN.net]

Time to expand the DMCA?

Since it was enacted, the U.S. Digital Millennium Copyright Act (DMCA) has stifled security research, led to the arrest of visiting programmers, shut down fair use, prohibited the creation of free DVD players for Linux, and facilitated anti-competitive moves by manufacturers of printer cartridges and garage door openers, among others. The EFF and others have been pushing for a reform of the DMCA for some time, and the occasional member of Congress has tried to bring that about. The DMCA is a law which clearly needs fixing.

Now, there is a new attempt to amend the DMCA in the works; a copy of the DMCA with the proposed changes highlighted [PDF] is available for those who are interested. This proposal, however, would have the effect of making the DMCA significantly worse. Here are a few highlights:

No longer content with criminalizing copyright infringement, the new law would make even attempted infringement illegal - with the same penalties. There would be no need to actually copy anything to violate the new DMCA.
The new law authorizes the impounding of "records documenting the manufacture, sale, or receipt of items involved in such violation" Such records certainly will include Internet service provider logs.
The penalty for copyright infringement will be raised to a maximum of ten years in prison - twenty for repeat offenses. In the future, rational criminals will not copy CDs; the potential penalty for simply stealing them will be lower. The new ten-year penalty will apply to those committing the heinous crime of recording a live concert as well.
The use of wiretapping and similar techniques is authorized for investigations into criminal copyright infringement or recording of live performances.
Criminal and civil forfeiture powers would be available to law enforcement agencies dealing with copyright cases.

The addition of forfeiture powers is, perhaps, the scariest part of this whole proposal. Civil forfeiture has long been a part of the U.S. "drug war," with the result that many law enforcement actions - often against innocent people - have been motivated primarily by the prospect of seizing valuable property. If this law goes through, any music player, laptop, or server deemed to have somehow participated in copyright infringement will be subject to seizure by the police - along with the houses they are found in. Anybody who thinks this power would not be abused has not been paying much attention.

As of this writing, the proposed legislation has not yet been formally introduced for consideration, but has been circulated among some members of the House of Representatives.

A different bill which, according to the EFF has been introduced is the "PERFORM act." This law can be thought of as a sort of broadcast flag for the net; it would require those broadcasting copyrighted material on the net to use DRM-afflicted formats. No more Vorbis or Theora streams - or even MP3. And, obviously, no way to tune into such streams using free software.

These bills make it clear that the powers behind the expansion of "intellectual property rights" are not yet satisfied and want more. This sort of thing will keep coming, and not just in the U.S. If we value our freedom, we must be prepared to keep fighting - and to work to push the pendulum in the other direction.

Comments (12 posted)

The JMRI Project and software patents

April 25, 2006

By Pamela Jones, Editor of Groklaw

[Editor's note: The case of KAM Industries and the JMRI project is an important one; it is one of the first times where a free software developer has been directly attacked by a patent holder and held responsible for royalties for every downloaded copy. If we wish to be able to post software without risking hundreds of thousands of dollars (or more) in royalty demands, we must quickly put an end to this sort of thing. We asked Groklaw founder Pamela Jones to put together a summary of this case and what we can do about it; the following is her response.]

The Right to Create blog has a letter from the attorney, Victoria K. Hall, who is representing Robert Jacobsen, the man who was sent the bill for $203.000 for allegedly infringing patents with his open source model train software. He has struck first, filing a lawsuit himself, Jacobsen v. Katzer et al, charging that the patent was fraudulently obtained and hence is invalid and unenforceable. The complaint also says the patent is invalid on the grounds of obviousness and for failure to meet the written description requirement of 35 U.S.C. Sec. 112.

So, on one side we find an Open Source developer, and, on the other, a guy wielding questionable software patents. Of course, as in all litigation, it's important to keep in mind that nothing is proven by a complaint. It's just the opening salvo, and we haven't yet heard the defendants' side.

Hall is asking the community to look for prior art. Let me tell you a little bit about the case, from the materials in the complaint Jacobsen has filed. It may help you to more effectively find prior art. It will surely motivate you.

The lawsuit

The case is 5:2006cv01905, filed in the US District Court for the Northern District of California, San Francisco Division, for those of you with Pacer accounts. The plaintiff lives there and works at the Lawrence Berkeley National Laboratory of the University of California and he also teaches physics there. He's also a model train hobbyist who has written, with others, open source code called JMRI, or Java Model Railroad Interface, which allows you to control how model trains run on a track. He's the primary developer of the software through the JMRI Project.

Ms. Hall, although located in Maryland, is admitted to practice in California as well as in Maryland state courts and is a patent attorney admitted to practice before the USPTO. Interestingly, she worked in the chemical engineering and software industries for nine years before she went to law school.

The suit is an action for declaratory judgment that Katzer's patent, US Patent No. 6,530,329, called the '329 patent, is "invalid, unenforceable, void and/or not infringed by Plaintiff Jacobsen". What's a declaratory judgment?

Here's US Code Title 28, Ch 151, § 2201, the Declaratory Judgment Act. And here is a definition from Cornell's Legal Information Institute. If someone is threatening to sue you, but hasn't yet, in certain limited circumstances, you can take the initiative rather than waiting for the axe to fall, go to court and in essence say: "This person or this company is threatening to sue me and I need our respective rights with respect to this dispute settled, so this cloud over my or my company's head doesn't ruin my business."

The court doesn't have to hear a request for a declaratory judgment. It has discretion. It's an enabling statute, and your case has to fit into the confines of the Declaratory Judgment Act, namely you have to have an actual "controversy" in the constitutional sense. That means it isn't a hypothetical problem and it isn't moot, meaning, first, that you really have a realistic and reasonable apprehension of actually being sued, and second, that the court can settle your problem with a declaratory judgment. If the judge accepts the dispute, he can issue a declaratory judgment, in which he "declares" what each party's rights are, the idea being that if, for example, he declares that you aren't infringing your adversary's patent, then you can't be sued.

Mr. Jacobsen's complaint is also a complaint for "violation of federal antitrust laws, the Lanham Act, and California Unfair Competition Act and for libel." The Complaint asks for a decree that the defendants Katzer and his company "have attempted to monopolize the market for multi-train control systems software in the United States" in violation of Section 2 of the Sherman Act.

The defendants

The named defendants are Matthew Katzer, KAMIND Associates, Inc. d/b/a KAM Industries, and Kevin Russell. Katzer is a model train hobbyist who has written software code for controlling model trains and is an expert in the field. He has several patents, and the complaint states that Jacobsen believes there are more pending. KAM is Katzer's business, selling products embodying Katzer's patents.

Here's the surprising twist. The third defendant, Kevin Russell, is their lawyer. He works for a firm in Oregon, Chernoff, Vilhauer, McClung & Stenzel. He's now accused of libel, and the court is asked to find against the defendants, jointly and severally, to the tune of $50,000 plus punitive damages.

Russell filed a a request under the U.S. Freedom of Information Act, with the Lawrence Berkeley National Laboratory, not only accusing Jacobsen of patent infringement, but claiming that the Lab "had sponsored the allegedly infringing JMRI Project's activities." The DOE turned down the request in December of 2005, but not before Jacobsen was embarrassed and had to explain the whole "harassment story," as he describes it, to his boss and the DOE FOIA liaison. The complaint also says it interfered with his work, resulting in a loss of income. The FOIA request, Jacobsen says, caused him embarrassment, particularly because he's "a scientist whose work involves the creation of intellectual property." The complaint continues, saying that Russell knew that the Lab, which has a contract with the U.S. Department of Energy, which has nothing to do with the JMRI Project. The defendants made the allegation, says the complaint, "to effect Defendants' goal to embarrass Plaintiff Jacobsen and force him to shut down the JMRI Project and to pay royalties to Defendant KAM."

The patent

According to Jacobson, the basis for claiming that the patent is not valid is the defendant's history of applying for patents on what others invent without telling the patent office about the prior art. Another charge is that Katzer didn't tell the patent office that some of KAM's products "were in public use, published, offered for sale or sold more than 1 year before Defendant Katzer filed the '461 application," which would disqualify them for patent protection. The patent in question, '329, claims the benefit of earlier patent applications' filing dates, '461 being the earliest filed in the chain that '329 issues from.

The complaint lists prior art dating back to the 1986 that it says Katzer ought to have told the USPTO about, since the complaint alleges he knew about them. For example, in late March of 2002, the story continues, the JMRI Project software's client-server capabilities were described in a posting to a public mailing list, which Katzer is on. Then in April 14, 2002, the first version of JMRI with the new capabilities was released for public download and announced on several mailing lists and on the JMRI website. "Three days later, Defendant Katzer filed a patent application tailored to claim the capabilities of the JMRI Project software." Again, the Complaint says, Katzer didn't tell the patent examiner about the JMRI Project.

Jacobsen says he received a letter from KAM in March of 2005, offering to license for $19 per program installed on a computer, saying that JMRI was infringing claim 1 of the '329 patent. Jacobsen says he wrote a letter back asking exactly how he was infringing, and his answer was a letter in August, saying that he was infringing claim 1 and that they were now investigating to see if any other patents were infringed by JMRI. Oh, and the price to license was now $29. The letter also demanded $203,000 for the 7,000 copies already distributed. In October came a bill with finance charges, so the total had risen to more than $206,000. He's gotten bills roughly every month since.

Jacobsen is about to release a new version of his software, and that's why he's asking the Court to bring resolution to the matter, because he believes the defendants will sue him when he releases the new version. He's also asking for redress.

The request

Aside from the declaratory judgments, the antitrust decree, and the libel damages, the Plaintiff is asking for the following:

An injunction ordering Defendant Katzer to identify all patents and patents applications filed in the United States and throughout the world, to produce to their respective patent offices all material references discovered through this litigation, and to request re-examination (or the nearest equivalent proceeding outside the U.S.) of any patents issuing from the patent applications.
An award of treble damages for the loss of income and other property on the antitrust claim.
A decree that Defendants Katzer and KAM have engaged in unlawful, unfair and/or fraudulent business practices in violation of the California Unfair Competition Act, California Business and Professions Code, and an order enjoining them from any future such conduct.
An order finding that Katzer cybersquatted on the trademarked name, www.decoderpro.com in violation of the Lanham Act and requiring him to turn the domain name over to Plaintiff Jacobsen.
An order enjoining Defendant Katzer and Defendant KAM, and all persons and entities under their direction or control, from engaging in or carrying out any further anti-competitive or bad faith conduct
An order referring the matter to the U.S. Attorney's Office for investigation into antitrust violations, perjury, mail fraud, and cancellation proceedings against any patents involved in this litigation, and any related patents.
An order awarding costs and attorney's fees as permitted by law, including 35 U.S.C. Section 285.

What you can do

Ms. Hall in her letter asks that no one harass the defendants "through calls, letters, faxes, emails, etc. It does NOT advance the case in Mr. Jacobsens favor." What does help is to find prior art. Groklaw just published a basic tutorial on prior art, Prior Art and Its Uses - a Primer, by a patent attorney, Theodore C. McCullough. It might help you.

Here is what Ms. Hall is asking for:

The key date is prior art existing before June 24, 1998, and more importantly, prior art existing before June 24, 1997. The prior art that we are looking for is:

A patent or printed publication that described the invention. Source can be from anywhere in the world.
Evidence of public use, offer for sale, or sale in the United States. (If its from outside the U.S., please make a note and send it so we can follow up.)
Evidence of another person inventing the same thing in the U.S. the invention must not have been suppressed, concealed or abandoned.
If the evidence is not the exact invention, then any information (in addition to the evidence) suggesting that the evidence could be combined with something else to successfully make the invention.

Here's her contact information, if you do find prior art. Snail mail is the best, she says. I can't help but point out that had the Peer to Patent Project mentioned in McCullough's article been in place a few years ago, these patents might well have been blocked before they issued, and all this woe could have been prevented. If nothing else, this incident can help us to understand what patents project like that are designed to address.

So, there you have the information and the tools to get started searching for prior art. Happy hunting.

Comments (25 posted)

Learning the lesson: open content licensing

April 26, 2006

This article was contributed by Glyn Moody

As the previous feature on open content noted, the need for an appropriate license was felt from the earliest days. Strangely, it was not Richard Stallman who filled this gap: even though the GNU General Public License dates back to 1984, it was only in 2000 that the corresponding GNU Free Documentation License was created. As a result, the honor for the creation of the first formal non-software open license goes to David Wiley.

In the summer of 1998, Wiley had joined the graduate program in Instructional Psychology and Technology at Brigham Young University, where he began doctoral work on “learning objects” - small-scale, reusable computer-based educational materials designed to be used in a variety of settings. This was just a couple of months after the term “open source” had been devised at the Freeware Summit, and Wiley realized that what was needed was a kind of open source for instructional content.

He contacted people like Richard Stallman and Eric Raymond to ask their advice, and drew up his first license in July 1998. Wiley decided to call his approach “open content” - a term which he seems to have been the first to use consistently. For Stallman, the idea of “open” as opposed to “free” is anathema, and he also refuses to refer to works as “content”, so ultimately he wanted nothing to do with this new “OpenContent License”, even though he and Wiley had previously worked together in an attempt to tweak the GNU GPL for content. Raymond, by contrast, was an important influence on the fledgling open content idea, as the following passage from the newly-created Opencontent.org site indicates:

OpenContent advocates adoption of the principles Eric S. Raymond outlines in his essay “The Cathedral and the Bazaar” for use in the development of Content. ... The Bazaar model for Content development will bring these same benefits to online instructional content; namely the creativity, expertise, and problem-solving power of a potentially infinite team of instructional designers and subject matter experts. A development effort of this kind will fill the Internet with high quality, well-maintained, frequently updated Content.

More input was provided by Tim O'Reilly and Andy Oram, making the license more palatable to publishers so that online versions of printed books and journals could be distributed for free. The result was the Open Publication License (OPL), released in June 1999. Appropriately enough, Raymond's “Cathedral and the Bazaar” was released under the OPL (as was his “Brief History of Hackerdom”). A number of other books, mostly in the field of computing, adopted the license, including GTK+/Gnome Application Development by Havoc Pennington, and Grokking the GIMP, by Carey Bunks. It was also adopted for Bruce Perens' Open Source Series, published by Prentice Hall.

Although the OPL led to a modest increase in open content being made available, the license still had some problems. One was that it came in four versions – OPL, OPL-A, OPL-B and OPL-AB - according to which, if any, of two optional clauses were included. These dealt with the thorny issues of “substantively modified works” and whether the work or derivatives of it could be published in book form for commercial purposes. The combinations obviously made it harder to be sure what exactly an OPL license permitted, and meant that users were forced to refer to the license to find out what their rights were. What was needed was some legal input to produce a series of open content licenses that clearly delineated what could and could not be done with them.

Fortunately, in the second half of the 1990s, a group of lawyers were becoming increasingly interested in the interrelated issues of copyright, intellectual property, digital content and the public domain. Pioneers here include Pamela Samuelson, James Boyle and Yochai Benkler. But the person who has become most closely associated with this whole area is undoubtedly Larry Lessig.

He rose to prominence with his book “Code and other laws of Cyberspace”, which asserted that the Net's software codes necessarily implied legal codes. From this early interest in architectures and their growing power to affect everyday life, Lessig's focus gradually shifted back to the legal domain, where he sought to counter the threats posed by the music and film industries to the new creative possibilities opened up by the Net.

His first attempt at a solution was the creation of Copyright's Commons in 1999, “a coalition devoted to promoting the public availability of literature, art, music, and film.” Its principal instrument was the use of what it called “counter-copyright”, which “strips away the exclusivity that a copyright provides and allows others to use your work as a source or a foundation for their own creative ideas. The counter-copyright initiative is analogous to the idea of open source in the software context.”

When Copyright's Commons became involved in the Eldred vs. Ashcroft lawsuit – which tried to block the extension of US copyright by 20 years - it also pioneered what it called “openlaw”, where legal arguments were posted online for open discussion.

It was Lessig who argued the Eldred vs. Ashcroft case in court – and lost, much to his chagrin. A more positive outcome from this work was the creation of a second, more ambitious, organization called Creative Commons, and the drawing up of a series of formal open content licenses. Like Wiley's Open Publication license, these Creative Commons licenses allow several options. While this lends them great flexibility, it also means that there is now a confusing array of Creative Commons licenses. Indeed, Richard Stallman no longer supports the Creative Commons project because not all of these licenses meet his requirements for freedom.

Despite Stallman's concerns, there is no doubt that the Creative Commons licenses have transformed the open content scene. They offer creators a range of rigorous licenses that have been drawn up by lawyers with a deep understanding of the issues of copyright in the Net age. An important recent court case in the Netherlands has confirmed their legality, at least in that jurisdiction.

Wiley's original licenses were created for educational materials, and among the first applications of the Creative Commons licenses were two major open content projects in the field of what has come to be called open courseware, both funded by the Hewlett Foundation. Just as open source avoids re-inventing the wheel by building on existing code, so open courseware aims to save time, effort and money by making educational material freely available for others to re-use, extend and improve.

The first such project, Connexions, came from Rice University. It was the brainchild of Richard Baraniuk, professor of electrical engineering, who was directly inspired by the example of open source. Connexions uses a content creation platform called Rhaptos, which is released under the GNU GPL. The other major open courseware project came from MIT. One of the people behind the OpenCourseWare idea – which arose out of an earlier failed attempt to make money from selling MIT courses online – was Hal Abelson, who is also one of the founders of Creative Commons. This joint involvement simplified the issue of licensing, something that was a major issue for Rice initially, until it too adopted a Creative Commons license.

MIT does not use an open source platform, but David Wiley has started a project called eduCommons, based on Plone, that offers this facility. Another of his free software projects, called Open Learning Support, and now part of eduCommons, provides Rice's Connexions and MIT's OpenCourseWare with online discussion boards. Baraniuk, for his part, is working on a range of ancillary open source software, including systems to aid translation, and a rating system for courses. It is also worth mentioning the free software course management package Moodle, which is widely used around the world, and Sakai, a similar project, funded by the Hewlett Foundation.

Although both Connexions and OpenCourseWare allow course materials to be modified, they do not make any provision in their platforms for true collaborative development. The final article in this short series will explore how this issue has been addressed by open content projects.

Glyn Moody writes about open source and open content at opendotdotdot.

Comments (4 posted)

Page editor: Jonathan Corbet

Security

A flurry of kernel security fixes

April 26, 2006

This article was contributed by Jake Edge.

Over the last month, there have been eleven separate releases in the 2.6.16 stable kernel series, seven of which were single-patch releases for security related issues. This flurry of security fixes would make one think that there was a concerted effort by an individual or organization to try and find kernel security problems, but that is not the case. It is entirely coincidental that all of these fixes came about at around the same time.

A chronological look at each of these fixes gives a nice picture of the diverse places that kernel developers are looking for bugs in general and security bugs in particular.

Roughly a week after the original 2.6.16 release, the 2.6.16.1 release contained 19 patches, including one that fixed CVE-2006-1242. Code had been put into the kernel in the 2.4 series to stop leaking information in the form of fragment IDs in TCP packets that did not require them. Packets that have the DF (don't fragment) bit set do not need a fragment ID and eliminating that information is a countermeasure to a technique called idle scanning. Unfortunately when the original change was made, the response to a certain kind of packet (a SYN-ACK packet) was missed and that was discovered in March.

The 2.6.16.2 release came out on 7 April and had a quite a few fixes including a change to the sysfs interface covered by LWN two weeks ago.

On the 11th and 12th of April, there were 3 releases, each of which included just one security fix. 2.6.16.3 is a fix for a bug that would allow a user to oops the kernel by passing invalid arguments to the keyctl utility (CVE-2006-1522). If the user specified a key as the target for an "add key" operation, rather than a keyring, a invalid dereference in the kernel would result.

A call to BUG_ON() in the __group_complete_signal() function (which is part of the RCU signal handling code) "has unknown impact and attack vectors" and was patched as 2.6.16.4. If a user process could cause the condition in the BUG_ON call, it could oops the kernel and lead to a denial of service. (CVE-2006-1523).

A difference in the way Intel and AMD 64-bit CPUs handle non-canonical return addresses led to the 2.6.16.5 release. The Intel CPU reports the exception on the SYSRET instruction which causes the kernel exception handler to run using the user stack. (CVE-2006-0744). Kernel processing using a user created stack would seem rife with opportunities for exploitation.

The 2.6.16.6 release came out a week later with another long list of patches, two of which have security implications. The m32r architecture had a bug in the get_user and put_user macros that did not check the address passed to them which would allow access outside of the process address space.

A more widespread issue was addressed with a patch in this release and then fixed in the 2.6.16.7 release later in the day. The MADV_REMOVE vulnerability (CVE-2006-1524) has been present in kernels since 2.4 and allows local users to potentially bypass the access restrictions on a read-only attachment of shared memory. The user process could call mprotect() and gain write permission on a piece of memory even though the memory was explicitly set to be read-only when shared via the shared memory IPC mechanism.

Prior to 2.6.16.8, the kernel was vulnerable to users causing a kernel panic by requesting a route for a multicast IP address (CVE-2006-1525). Using a simple 'ip' command from the shell would cause a null pointer dereference in ip_route_input and panic the kernel. This is another example of a local denial of service vulnerability.

2.6.16.9 patches a problem that affected both Linux and FreeBSD kernels running on AMD processors which would allow a malicious process running on the same CPU to determine portions of the state of floating point instructions in a target process. AMD had some comments on the bug and provided some background information on why they chose to implement the FXRSTOR and FXSAVE instructions differently than they are implemented in Intel processors. Essentially, these two instructions do not save and restore all of the same registers as Intel does and this allows information to leak from one process to another. The patch ensures that the floating point state is constant between context switches on affected processors. (CVE-2006-1056)

Last on our tour of kernel security fixes is a patch made in 2.6.16.11 and released on Monday that disallows backslashes in path components unless POSIX paths have been negotiated. This change is for the CIFS (aka Samba) filesystem code; one can only imagine the kinds of havoc one could cause by putting backslashes (the standard Windows path separator) into CIFS paths. This bug is CVE-2006-1863, but the CVE database just shows a placeholder page for that number at the time of this writing.

Observant readers will have noticed that we skipped over 2.6.16.10 as it was a release with quite a few patches, none of which were noted as being security related.

As this laundry list of issues shows, there are a wide variety of places that kernel bugs can impact security, but the many eyes of kernel developers seem to be finding and fixing them. This process plays out in the open and that can give competitors ammunition to claim that Linux is less secure than certain proprietary systems. Reasonable people would more likely come to the conclusion that Linux developers are much more interested in finding these issues and fixing them. The kernel community has no interest in hiding vulnerabilities or playing games with security patch descriptions to make the OS look more secure. PR considerations just do not seem to be on the radar of the technical contributors and that is just as it should be.

Comments (2 posted)

New vulnerabilities

abc2ps: buffer overflows

Package(s):

abc2ps abcmidi

CVE #(s):

CVE-2006-1513 CVE-2006-1514

Created:

April 25, 2006

Updated:

April 26, 2006

Description:

Erik Sjölund discovered that abc2ps, a translator for ABC music description files into PostScript, does not check the boundaries when reading in ABC music files resulting in buffer overflows.

The abcmidi-yaps utility suffers from similar problems.

Alerts:

Debian	DSA-1043-1	2006-04-26
Debian	DSA-1041-1	2006-04-25

LWN.net Weekly Edition for April 27, 2006

The lawsuit

The defendants

The patent

The request

What you can do

abc2ps: buffer overflows

beagle: command line injection

ethereal: multiple vulnerabilities

fbida: insecure temporary file creation

kernel: multiple vulnerabilities

php: several vulnerabilities

ruby1.8: denial of service

xzgv: heap overflow

apache: cross-site scripting

blender: integer overflow

bsdgames: buffer overflow

bzip2: race condition and infinite loop

ktools: buffer overflow

cpio: arbitrary code execution

crossfire: arbitrary code execution

curl: heap-based buffer overflow

Cyrus-SASL: DIGEST-MD5 Pre-Authentication Denial of Service

dia: buffer overflows

emacs21: format string vulnerability in "movemail"

enscript: arbitrary code execution

fcheck: insecure temporary file

fetchmail: multidrop bug

firefox: multiple vulnerabilities

Foomatic: Arbitrary command execution in foomatic-rip

freeradius: authentication bypass

gdb: multiple vulnerabilities

gdm: improper file permissions

gedit: format string vulnerability

gnupg: incorrect signature verification

grip: buffer overflow

gzip: arbitrary command execution

ipsec-tools: denial of service

kdebase: local root vulnerability

kdelibs: kate backup file permission leak

kernel: multiple vulnerabilities

libgadu: memory alignment bug

libgd2: buffer overflows in PNG handling

libpam-ldap: authentication bypass

libpng: heap based buffer overflow

libxml2 - arbitrary code execution

libxml2: multiple buffer overflows

lynx: arbitrary command execution

mailman: denial of service

mozilla: multiple vulnerabilities

Mozilla Thunderbird: remote code execution and DoS

mplayer: integer overflows

MySQL: logging bypass

nbd: arbitrary code execution

ncpfs: multiple vulnerabilities

ntp: uses wrong gid

openmotif: buffer overflows

OpenSSH: double shell expansion

openvpn: arbitrary code execution

perl: setuid vulnerabilities

phpbb2: multiple vulnerabilities

phpMyAdmin: multiple vulnerabilities

pound: HTTP Request Smuggling Attack

Py2Play: remote execution of arbitrary Python code

scorched3d: multiple vulnerabilities

squirrelmail: multiple vulnerabilities

sudo: vulnerability via scripts

tetex: integer overflows

texinfo: temporary file vulnerability

tin: buffer overflow

unzip: long file name buffer overflow

w3c-libwww: possible stack overflow

webcalendar: multiple vulnerabilities

xine-ui - insecure temporary file creation

xloadimage: buffer overflows

xpdf: buffer overflow

xpdf: denial of service

xpdf: integer overflows

xscreensaver: possible password exposure

Vox Libertas