LWN.net Logo

LWN.net Weekly Edition for June 1, 2006

Ubuntu Dapper and the distribution business

Ubuntu's "Dapper Drake" release - more prosaically known as "6.06 LTS" - is due on June 1, and may well be available by the time you read this article. A distribution release is not a particularly rare occurrence in the Linux community, but there are a couple of things about Dapper which are just a little bit unusual and worthy of note.

The "LTS" in this release's name stands for "long term support"; this distribution comes with a promise of security updates for five years (on server systems) or three years (on desktop systems). Exactly how that distinction will be made is not entirely clear; one assumes that, for example, graphical mail clients will go unsupported in June, 2009, while mail transfer agents will continue to get updates into 2011. That is the longest credible support promise ever made for a free distribution, and it may change the commercial landscape in interesting ways.

There are many situations where the deployment of a Linux system makes a great deal of sense. In many of those, one wishes to start with reasonably current software, but to not have to worry much about upgrades for a long time thereafter. Web servers, print servers, database servers, kiosks, point of sale systems, and more all fall into this category. Once the system works, any sort of software change offers downtime and the risk of problems, but little in the way of advantages - except, of course, for security fixes. Anybody planning such a deployment must consider how the system will be supported and kept secure through its operating life. In recent years, the available choices have fallen into these categories:

  • An entirely free distribution (Fedora, Debian, OpenSUSE, etc.) can be used. The price is right, and the quality of the software tends to be high. The support window for these distributions tends to be short, and, for some of them, unpredictable. Keeping a Fedora Core system secure can involve upgrades twice a year - not an appealing option for a system which is supposed to be stable and "just work."

  • The "Enterprise" offerings from Red Hat and Novell come with long support promises; there are, undoubtedly, still plenty of systems running 2.4.9 kernels on RHEL 2 with uninterrupted support. These services can be expensive, however. For many customers, a support subscription is easily justified and worth every penny. But others will find that cost hard to swallow.

    Some try to get the best of both worlds through enterprise clone distributions like CentOS. By all accounts, the CentOS team has done a top-quality job with its distribution, but anybody contemplating a long-term deployment will have to be convinced of the project's long-term future and be able to overcome qualms (if any) about free-riding on the enterprise distributions.

  • Security support can be managed in-house. This approach requires a significant investment of time by a skilled administrator or developer, however, and is thus far from being free.

Ubuntu's five-year guarantee provides another choice: install Dapper, and obtain updates until 2011 with no costs at all. The existence of the Ubuntu Foundation, with its $10 million nest egg, helps to make that five-year promise credible, and Ubuntu's record with security updates has been, so far, quite good. So it would not be surprising to see significant uptake on Ubuntu's promise. Whether those new Ubuntu users will come at the cost of the enterprise distributions, or whether they are mostly people getting away from the (relative) upgrade treadmill of the free distributions, remains to be seen.

That leads to the other interesting aspect of this release: the increasing friendliness between Ubuntu/Canonical and Sun Microsystems. The two have just announced that the Dapper release will include a version for Sun's new Niagara SPARC architecture, and Sun executives are issuing quotes on how important a distribution Ubuntu is. Clearly something is going on here.

Sun's troubles in recent years have been well documented; to a great extent, Sun's customers have been steadily turning into customers of the enterprise distributions. To Sun, Ubuntu may well look like an opportunity to poke holes in the revenue streams of its main competitors. Ubuntu, in turn, may see Sun's support (and the Niagara port) as a way to gain a foothold in the server market. If Sun's new servers find customers, Ubuntu will be the obvious distribution for any of those customers who wish to run Linux.

How all of this plays out will be interesting to watch. Ubuntu's past releases have certainly been popular; if Dapper holds together well enough (and the initial signs are good), it may be the best-received Ubuntu release yet. If so, Ubuntu may well change the shape of the Linux distribution landscape.

(For those who are interested in what's actually in the 6.06 LTS release, the "testing Dapper" page has a lot of information and screenshots).

Comments (21 posted)

The end of the JPEG patent - sort of

Forgent Networks is a company which would easily qualify as a patent troll for many observers. This small company picked up a data compression patent in 1997, and has been busily using that patent to shake down corporations ever since. Since this patent is said to cover the JPEG image format, there is a wide list of possible victims to choose from. Those victims have dropped more that $100 million into Forgent's bank account, and Forgent currently has litigation outstanding with some 30 companies.

The Public Patent Foundation chose this patent as one which was vulnerable to a challenge. The Foundation's work bore fruit on May 25, when the US Patent Office issued a ruling on the Forgent patent [PDF]. The resulting press release from the Public Patent Foundation was triumphant:

"The Patent Office has agreed with our conclusion that it would have never granted Forgent Networks' '672 patent had it been aware of the prior art that we uncovered and submitted to them," said Dan Ravicher, PUBPAT's Executive Director.

It is worth noting that Forgent had a different spin on the ruling:

...the United States Patent and Trademark Office issued its first office action, a non-final action, confirming a majority of the claims in United States Patent 4,698,672. The action upholds 27 of the 46 claims of Forgent's patent. Forgent will vigorously defend the remaining claims that were not initially upheld in this first office action.

Anybody wondering if the world is now safe for JPEG users will clearly need to look beyond the press releases and dig into the patent and the USPTO ruling directly. The short story is that, while the independent claims of U.S. Patent 4,698,672 have been invalidated, many of the more-specific dependent claims remain standing. Consider, for example, claim 1:

A method for processing digital signals, where the digital signals have first values, second values and other values, to reduce the amount of data utilized to represent the digital signals and to form statistically coded signals such that the more frequently occurring values of digital signals are represented by shorter code lengths and the less frequently occurring values of digital signals are represented by longer code lengths, comprising,
  • forming first runlength code values representing the number of consecutive first values of said digital signals followed by said second value,
  • forming second runlength code values representing the number of consecutive first values of said digital signals followed by one of said other values.

What the Public Patent Foundation asserted is that this claim - covering a fairly basic run-length encoding scheme - had already been claimed by another patent: #4,541,012 by Andrew Tescher. The Patent Office agreed, and ruled that claim 1 was invalid.

The story does not stop there, however. There are a number of dependent claims which make claim 1 more specific; these include:

2. The method of claim 1 further including the step of amplitude encoding said other values.

3. The method of claim 1 further including the step of encoding said first and second runlength code values with a sign value.

4. The method of claim 1 wherein said first values have amplitude zero, said second values have absolute amplitude one, and said other values have absolute amplitudes greater than one whereby said first and second runlength codes values are formed representing the number of consecutive zeros.

5. The method of claim 1 wherein said first values have the highest frequency of occurrence in said digital signals, wherein said second values have the next highest frequency of occurrence in said digital signals, and wherein said other values have the lowest frequency of occurrence in said digital signals.

Claim 3 (adding a sign value) was also rejected, but claims 2, 4, and 5 were upheld by the Patent Office. The same pattern persists through the remaining claims: the independent claims were rejected, but the more-specific versions were allowed. That is why Forgent proclaims that the majority of its claims had been upheld.

So, to a great extent, the Forgent patent survives, having lost only the most general of its claims. We asked Dan Ravicher of the Public Patent Foundation whether this ruling was enough to remove the threat against JPEG users; his response was:

It likely won't be enough to put an absolute end, but this is a significant blow to the solitary patent that are using against the JPEG standard. To the extent we've shown their armor to be made more of tin or paper, than steel or iron, we've provided the public the benefit of a more transparent view of the legitimacy of their claims.

Whether the remaining claims in the patent are applicable to the JPEG standard is a matter for the courts to determine - and, given the thirty-some outstanding cases, the courts will certainly have the opportunity to do so.

There is one interesting additional factor which, thanks to the Public Patent Foundation's work, may just come into play here. Forgent's patent was originally filed from a company called Compression Labs, Inc. It turns out that the Tescher patent, which provided the prior art used against Forgent's patent, was also developed at Compression Labs. In other words, when Compression Labs filed for the patent now being wielded by Forgent, it must have known about the existence of the prior art, since it had patented that prior art itself. But Compression Labs did not disclose that prior art to the Patent Office. Failure to disclose known prior art is a violation of the Patent Office rules. It seems likely that defendants in Forgent's litigation will find a way to let their respective courts know that the patent at issue was obtained in bad faith.

Comments (4 posted)

Page editor: Jonathan Corbet

Security

SQL injection vulnerabilities in PostgreSQL

May 31, 2006

This article was contributed by Jake Edge.

A recent urgent update to PostgreSQL vividly demonstrates the problems with validating user input that are the foundation of SQL injection attacks. Widely used techniques to escape characters in user input can still allow SQL injection when coupled with multibyte character encodings. While this problem was first discovered in PostgreSQL, today's security fix announcement for MySQL indicates a similar problem there as well.

As discussed in the LWN SQL injection article, inserting strings of user input into SQL queries can be hazardous. Many applications do little or no validation of strings entered by a user before dropping them into a query; this negligence can lead to a compromise of the entire database. Better behaved programs attempt to escape various troublesome characters (typically single-quote and backslash), but because of the multibyte-encoding problem, problems can remain.

It is not just database clients that need to validate user input, the database server needs to validate as well as the first bug shows. PostgreSQL allows the "\'" (backslash + single-quote) sequence to be used to represent a single-quote character in a query as well as the two single-quote character sequence ("''") that is the SQL standard. Unfortunately, the escaping code used by database clients often ignores the character encoding and just looks for bytes with a 0x27 ("'") value and replaces them with an escaped version. The security hole comes about because illegal multibyte character sequences can be used to enable quotes to slip past the escaping process. An example provided in the technical information describes how this can be done.

In the UTF8 encoding, the byte value 0xc8 introduces a two-byte character; the second byte must be within the range 0xa0-0xff. However, PostgreSQL would accept any value for the second byte and treat both bytes as a single character. A malicious user could enter "0xc8'text", which would be converted by the well meaning client to "0xc8''text" (or "0xc8\'text"); the server would then treat the 0xc8' or 0xc8\ sequence as a single character, leaving an unescaped single-quote in the input, effectively injecting the attacker-supplied text.

The second issue stems from certain far-eastern encodings where the value 0x5c ("\") is a valid value for the second byte of a two-byte character. In the SJIS encoding for example, the two-byte sequence 0x95 0x5c is a valid character, but a client that is not encoding-aware may try to escape the 'backslash' that it sees by doubling it. Adding single-quotes into the mix provides a means for a SQL injection. "0x95 0x5c'text" could become "0x95 0x5c\''text", which effectively inserts an unescaped single-quote into the query. It is interesting to note that 0x27 ("'") is not a valid value for the second byte of a two-byte character and, if PostgreSQL had rigidly adhered to the SQL standard and only accepted "''" to escape single-quotes, this issue would not exist.

There is a straightforward fix for the first problem: do not accept illegal multibyte character sequences and refuse to process queries that contain them. Unfortunately, the second problem is more complicated and there is no single simple fix on the database server side. If database clients did their escaping in an encoding aware manner, this problem would not exist; expecting this from all clients is hopeless, however. The PostgreSQL developers chose to disallow "\'" for any encoding that allows embedded 0x5c characters. This closes the hole for all clients that use "''" to escape single-quotes but still allows for injections for clients that use "\'". This change is likely to break those clients altogether, however.

Both of these problems could have been avoided by using prepared statements with placeholders (i.e. 'SELECT * FROM tbl WHERE id=?'). Even if the libraries did not implement the quoting correctly, the SQL engine would still not allow the parameter to be treated as anything but data for that particular spot in the query, thereby avoiding the injection. Another way to avoid this kind of problem is to use stored procedures. As these bugs show, it can be very difficult to appropriately filter and/or validate user input.

Comments (30 posted)

New vulnerabilities

binutils: buffer overflow

Package(s):binutils CVE #(s):CVE-2006-2362
Created:May 27, 2006 Updated:August 29, 2006
Description: The GNU Binutils has a buffer overflow vulnerability in libbfd. Maliciously crafted Tektronix Hex Format files with improper length characters can cause a crash and possibly lead to the execution of arbitrary code.
Alerts:
Mandriva MDKSA-2006:153 2006-08-28
Ubuntu USN-292-1 2006-06-09
OpenPKG OpenPKG-SA-2006.009 2006-05-26

Comments (none posted)

cherrypy: information disclosure

Package(s):cherrypy CVE #(s):CVE-2006-0847
Created:May 31, 2006 Updated:May 31, 2006
Description: The CherryPy web development framework (prior to version 2.1.1) has a directory traversal vulnerability which could lead to undesired information disclosure.
Alerts:
Gentoo 200605-16 2006-05-30

Comments (none posted)

dovecot: information disclosure

Package(s):dovecot CVE #(s):CVE-2006-2414
Created:May 31, 2006 Updated:June 14, 2006
Description: The Dovecot imap server contains a directory traversal vulnerability which could be exploited by authenticated users to read files other than their mailboxes.
Alerts:
Ubuntu USN-288-4 2006-06-13
Debian DSA-1080-1 2006-05-29

Comments (1 posted)

ImageMagick: heap overflow vulnerability

Package(s):ImageMagick CVE #(s):CVE-2006-2440
Created:May 25, 2006 Updated:September 5, 2006
Description: The ImageMagick DisplayImageCommand has a heap overflow vulnerability. If an maliciously created unexpanded glob is passed to ImageMagick, a heap overflow can result.
Alerts:
Debian DSA-1168-1 2006-09-04
Fedora FEDORA-2006-588 2006-05-24
Fedora FEDORA-2006-587 2006-05-24

Comments (none posted)

kernel: netfilter memory corruption

Package(s):kernel CVE #(s):CVE-2006-2444
Created:May 25, 2006 Updated:July 5, 2006
Description: The 2.6.12 kernel has a remote memory corruption vulnerability that can be remotely triggered by loading the ip_nat_snmp_basic module and traffic is network-translated on port 161 or 162.
Alerts:
Mandriva MDKSA-2006:116 2006-07-05
Ubuntu USN-302-1 2006-06-15
Trustix TSLSA-2006-0030 2006-05-26
Mandriva MDKSA-2006:087 2006-05-24

Comments (none posted)

kernel: information disclosure

Package(s):kernel CVE #(s):CVE-2006-1343
Created:May 31, 2006 Updated:July 20, 2006
Description: The 2.6 kernel netfilter code contains an information leak; this vulnerability has been fixed in the 2.6.16.19 release.
Alerts:
Red Hat RHSA-2006:0437-01 2006-07-20
Debian DSA-1097-1 2006-06-14
Fedora FEDORA-2006-698 2006-06-11
Fedora FEDORA-2006-697 2006-06-11
Trustix TSLSA-2006-0032 2006-06-05
rPath rPSA-2006-0087-1 2006-05-31

Comments (none posted)

libtiff: buffer overflow

Package(s):libtiff CVE #(s):CVE-2006-2656
Created:May 26, 2006 Updated:June 8, 2006
Description: The tiffsplit command has a problem in the way that it handles fixed-size buffers, a stack overflow can result.
Alerts:
Ubuntu USN-289-1 2006-06-08
Debian DSA-1091-1 2006-06-08
Mandriva MDKSA-2006:095 2006-06-05
Fedora FEDORA-2006-592 2006-05-25
Fedora FEDORA-2006-591 2006-05-25

Comments (none posted)

lynx: denial of service

Package(s):lynx CVE #(s):CVE-2004-1617
Created:May 26, 2006 Updated:June 1, 2006
Description: The lynx text-mode web browser has a problem understanding invalid html involving the TEXTAREA tag. An infinite loop can happen, resulting in a denial of service.
Alerts:
Debian DSA-1085-1 2006-06-01
Debian DSA-1077-1 2006-05-26
Debian DSA-1076-1 2006-05-26

Comments (1 posted)

php: multiple vulnerabilities

Package(s):php CVE #(s):CVE-2006-1990 CVE-2006-1991 CVE-2006-3017
Created:May 25, 2006 Updated:August 18, 2006
Description: The php wordwrap() function is vulnerable to an integer overflow. Attackers can submit long arguments to cause a heap-based buffer overflow, allowing arbitrary code execution.

PHP 5.x and PHP 4.4.2 have a problem with the substr_compare() function. An attacker can use an out-of-bounds offset argument to cause a memory access violation, causing a denial of service.

A bug in zend_hash_del() allowed attackers to prevent unsetting of some variables

Alerts:
Slackware SSA:2006-217-01 2006-08-07
Gentoo 200605-08:02 2006-05-08
Fedora-Legacy FLSA:175040 2006-07-27
Ubuntu USN-320-2 2006-07-26
Red Hat RHSA-2006:0567-01 2006-07-25
Ubuntu USN-320-1 2006-07-19
Red Hat RHSA-2006:0568-01 2006-07-12
Mandriva MDKSA-2006:122 2006-07-13
SuSE SUSE-SA:2006:034 2006-06-22
SuSE SUSE-SA:2006:031 2006-06-14
Mandriva MDKSA-2006:091 2006-05-24

Comments (none posted)

shadow-utils: mailbox creation vulnerability

Package(s):shadow-utils CVE #(s):CVE-2006-1174
Created:May 25, 2006 Updated:June 12, 2007
Description: The useradd tool from the shadow-utils package has a potential security problem. When a new user's mailbox is created, the permissions are set to random garbage from the stack, potentially allowing the file to be read or written during the time before fchmod() is called.
Alerts:
Red Hat RHSA-2007:0431-01 2007-06-11
rPath rPSA-2007-0096-1 2007-05-11
Red Hat RHSA-2007:0276-02 2007-05-01
Gentoo 200606-02 2006-06-07
Mandriva MDKSA-2006:090 2006-05-24

Comments (none posted)

tiff: denial of service

Package(s):tiff CVE #(s):CVE-2006-2120
Created:May 27, 2006 Updated:May 31, 2006
Description: The tiff image library is vulnerable to a denial of service attack. Images with specially crafted Yr/Yg/Yb values that exceed the YCR/YCG/YCB values can cause a crash of the associated application.
Alerts:
Debian DSA-1078-1 2006-05-27

Comments (none posted)

typespeed: buffer overflow

Package(s):typespeed CVE #(s):CVE-2006-1515
Created:May 31, 2006 Updated:June 19, 2006
Description: The typespeed game has a buffer overflow in its network data processing code which could possibly be exploited to execute arbitrary code.
Alerts:
Gentoo 200606-20 2006-06-19
Debian DSA-1084-1 2006-05-31

Comments (none posted)

vixie-cron: privilege escalation

Package(s):cron CVE #(s):CVE-2006-2607
Created:May 31, 2006 Updated:June 1, 2009
Description: The Vixie cron daemon does not check the return code from setuid(); if that call can be made to fail, a local attacker may be able to execute commands as root.
Alerts:
Ubuntu USN-778-1 2009-06-01
Red Hat RHSA-2006:0539-01 2006-07-12
Gentoo 200606-07 2006-06-09
SuSE SUSE-SA:2006:027 2006-05-31
rPath rPSA-2006-0082-1 2006-05-25

Comments (1 posted)

Updated vulnerabilities

awstats: missing input sanitizing

Package(s):awstats CVE #(s):CVE-2006-2237
Created:May 19, 2006 Updated:June 20, 2006
Description: Hendrik Weimer discovered that specially crafted web requests can cause awstats, a powerful and featureful web server log analyzer, to execute arbitrary commands.
Alerts:
SuSE SUSE-SA:2006:033 2006-06-20
Ubuntu USN-290-1 2006-06-08
Gentoo 200606-06 2006-06-07
Debian DSA-1075-1 2006-05-26
Ubuntu USN-285-1 2006-05-23
Debian DSA-1058-1 2006-05-18

Comments (none posted)

zoo: archive problem

Package(s):bin CVE #(s):
Created:May 23, 2006 Updated:May 24, 2006
Description: A security problem is zoo's fullpath() function could cause problems if zoo was run in an automated way, or if a user were to open a malicious zoo archive manually.
Alerts:
Slackware SSA:2006-142-02 2006-05-23

Comments (none posted)

blender: integer overflow

Package(s):blender CVE #(s):CVE-2005-4470
Created:January 6, 2006 Updated:June 15, 2006
Description: Damian Put discovered that Blender did not properly validate a 'length' value in .blend files. Negative values led to an insufficiently sized memory allocation. By tricking a user into opening a specially crafted .blend file, this could be exploited to execute arbitrary code with the privileges of the Blender user.
Alerts:
Debian-Testing DTSA-29-1 2006-06-15
Debian DSA-1039-1 2006-04-24
Gentoo 200601-08 2006-01-13
Ubuntu USN-238-2 2006-01-06
Ubuntu USN-238-1 2006-01-06

Comments (none posted)

busybox: insecure password generation

Package(s):busybox CVE #(s):CVE-2006-1058
Created:May 5, 2006 Updated:May 2, 2007
Description: The BusyBox 1.1.1 passwd command does not use a proper salt when generating passwords. This would create an instance where a brute force attack could take very little time.
Alerts:
Red Hat RHSA-2007:0244-02 2007-05-01
Fedora FEDORA-2006-511 2006-05-04
Fedora FEDORA-2006-510 2006-05-04

Comments (2 posted)

bzip2: race condition and infinite loop

Package(s):bzip2 CVE #(s):CAN-2005-0953 CAN-2005-1260
Created:May 17, 2005 Updated:January 10, 2007
Description: A race condition in bzip2 1.0.2 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by bzip2 after the decompression is complete. Also specially crafted bzip2 archives may cause an infinite loop in the decompressor.
Alerts:
rPath rPSA-2007-0004-1 2007-01-09
Debian DSA-741-1 2005-07-07
Red Hat RHSA-2005:474-01 2005-06-16
OpenPKG OpenPKG-SA-2005.008 2005-06-10
SuSE SUSE-SR:2005:015 2005-06-07
Debian DSA-730-1 2005-05-27
Mandriva MDKSA-2005:091 2005-05-18
Ubuntu USN-127-1 2005-05-17

Comments (2 posted)

ktools: buffer overflow

Package(s):centericq CVE #(s):CVE-2005-3863
Created:December 7, 2005 Updated:August 29, 2006
Description: From the Debian-Testing alert: Mehdi Oudad "deepfear" and Kevin Fernandez "Siegfried" from the Zone-H Research Team discovered a buffer overflow in kkstrtext.h of the ktools library, which is included in (at least) centericq and motor.
Alerts:
Gentoo 200608-27 2006-08-29
Debian DSA-1088-1 2006-06-03
Debian DSA-1083-1 2006-05-31
Gentoo 200512-11 2005-12-20
Debian-Testing DTSA-23-1 2005-12-05

Comments (none posted)

cpio: arbitrary code execution

Package(s):cpio CVE #(s):CVE-2005-4268
Created:January 2, 2006 Updated:March 17, 2010
Description: Richard Harms discovered that cpio did not sufficiently validate file properties when creating archives. Files with e. g. a very large size caused a buffer overflow. By tricking a user or an automatic backup system into putting a specially crafted file into a cpio archive, a local attacker could probably exploit this to execute arbitrary code with the privileges of the target user (which is likely root in an automatic backup system).
Alerts:
CentOS CESA-2010:0145 2010-03-17
Red Hat RHSA-2010:0145-01 2010-03-15
rPath rPSA-2007-0094-1 2007-05-07
Red Hat RHSA-2007:0245-02 2007-05-01
Ubuntu USN-234-1 2006-01-02

Comments (none posted)

cscope: buffer overflows

Package(s):cscope CVE #(s):CVE-2004-2541
Created:May 22, 2006 Updated:June 19, 2009
Description: A buffer overflow in Cscope 15.5, and possibly multiple overflows, allows remote attackers to execute arbitrary code via a C file with a long #include line that is later browsed by the target.
Alerts:
CentOS CESA-2009:1102 2009-06-19
CentOS CESA-2009:1101 2009-06-16
Red Hat RHSA-2009:1102-01 2009-06-15
Red Hat RHSA-2009:1101-01 2009-06-15
Gentoo 200606-10 2006-06-11
Debian DSA-1064-1 2006-05-19

Comments (1 posted)

curl: heap-based buffer overflow

Package(s):curl CVE #(s):CVE-2006-1061
Created:March 21, 2006 Updated:June 28, 2006
Description: Heap-based buffer overflow in cURL and libcURL 7.15.0 through 7.15.2 allows remote attackers to execute arbitrary commands via a TFTP URL (tftp://) with a valid hostname and a long path.
Alerts:
OpenPKG OpenPKG-SA-2006.012 2006-06-28
Trustix TSLSA-2006-0016 2006-03-24
Gentoo 200603-19 2006-03-21
Fedora FEDORA-2006-189 2006-03-21

Comments (none posted)

Cyrus-SASL: DIGEST-MD5 Pre-Authentication Denial of Service

Package(s):cyrus-sasl CVE #(s):CVE-2006-1721
Created:April 21, 2006 Updated:September 4, 2007
Description: Cyrus-SASL contains an unspecified vulnerability in the DIGEST-MD5 process that could lead to a Denial of Service. An attacker could possibly exploit this vulnerability by sending specially crafted data stream to the Cyrus-SASL server, resulting in a Denial of Service even if the attacker is not able to authenticate.
Alerts:
Red Hat RHSA-2007:0878-01 2007-09-04
Red Hat RHSA-2007:0795-01 2007-09-04
SuSE SUSE-SA:2006:025 2006-05-05
Fedora FEDORA-2006-515 2006-05-04
Debian DSA-1042-1 2006-04-25
Mandriva MDKSA-2006:073 2006-04-24
Ubuntu USN-272-1 2006-04-24
Gentoo 200604-09 2006-04-21

Comments (none posted)

dia: format string vulnerabilities

Package(s):dia CVE #(s):CVE-2006-2453 CVE-2006-2480
Created:May 24, 2006 Updated:June 8, 2006
Description: The dia drawing utility suffers from several format string vulnerabilities exploitable via a maliciously crafted dia file - or a file with a well-chosen name.
Alerts:
Gentoo 200606-03 2006-06-07
SuSE SUSE-SR:2006:012 2006-06-02
Red Hat RHSA-2006:0541-02 2006-06-01
Mandriva MDKSA-2006:093 2006-05-30
Fedora FEDORA-2006-580 2006-05-24
Ubuntu USN-286-1 2006-05-24

Comments (none posted)

enscript: arbitrary code execution

Package(s):enscript CVE #(s):CAN-2004-1184 CAN-2004-1185 CAN-2004-1186
Created:January 21, 2005 Updated:May 27, 2006
Description: Erik Sjölund has discovered several security relevant problems in enscript, a program to convert ASCII text into Postscript and other formats. Unsanitized input can cause the execution of arbitrary commands via EPSF pipe support. Due to missing sanitizing of filenames it is possible that a specially crafted filename can cause arbitrary commands to be executed. Multiple buffer overflows can cause the program to crash.
Alerts:
rPath rPSA-2006-0083-1 2006-05-26
Fedora-Legacy FLSA:152892 2005-12-17
Red Hat RHSA-2005:040-01 2005-02-15
Mandrake MDKSA-2005:033 2005-02-10
Gentoo 200502-03 2005-02-02
Red Hat RHSA-2005:039-01 2005-02-01
Fedora FEDORA-2005-096 2005-01-31
Fedora FEDORA-2005-092 2005-01-28
Fedora FEDORA-2005-091 2005-01-28
Fedora FEDORA-2005-016 2005-01-26
Fedora FEDORA-2005-015 2005-01-26
Ubuntu USN-68-1 2005-01-24
Debian DSA-654-1 2005-01-21

Comments (none posted)

fetchmail: multidrop bug

Package(s):fetchmail CVE #(s):CVE-2005-4348
Created:December 20, 2005 Updated:May 27, 2006
Description: Fetchmail contains a bug which allows a malicious mail server to crash the client by sending a message without headers. This occurs when running in multidrop mode.
Alerts:
rPath rPSA-2006-0084-1 2006-05-26
Fedora-Legacy FLSA:164512 2006-05-12
Slackware SSA:2006-045-01 2006-02-15
Debian DSA-939-1 2006-01-13
Ubuntu USN-233-1 2006-01-02
Mandriva MDKSA-2005:236 2005-12-23
Fedora FEDORA-2005-1187 2005-12-20
Fedora FEDORA-2005-1186 2005-12-20

Comments (none posted)

firefox: multiple vulnerabilities

Package(s):firefox mozilla CVE #(s):CVE-2006-0749 CVE-2006-1724 CVE-2006-1727 CVE-2006-1728 CVE-2006-1729 CVE-2006-1730 CVE-2006-1731 CVE-2006-1732 CVE-2006-1733 CVE-2006-1734 CVE-2006-1735 CVE-2006-1737 CVE-2006-1738 CVE-2006-1739 CVE-2006-1740 CVE-2006-1741 CVE-2006-1742
Created:April 14, 2006 Updated:June 9, 2006
Description: There are multiple vulnerabilities in Firefox and related products including Thunderbird, SeaMonkey and the Mozilla Suite. This CERT Advisory contains additional information.
Alerts:
Ubuntu USN-296-1 2006-06-09
Fedora-Legacy FLSA:189137-2 2006-06-06
Fedora-Legacy FLSA:189137-1 2006-06-06
Gentoo 200605-09 2006-05-08
Slackware SSA:2006-123-02 2006-05-04
Fedora FEDORA-2006-494 2006-05-03
Fedora FEDORA-2006-493 2006-05-03
Fedora FEDORA-2006-491 2006-05-03
Fedora FEDORA-2006-490 2006-05-03
Fedora FEDORA-2006-487 2006-05-03
Fedora FEDORA-2006-495 2006-05-03
Fedora FEDORA-2006-492 2006-05-03
Fedora FEDORA-2006-486 2006-05-03
Fedora FEDORA-2006-489 2006-05-03
Fedora FEDORA-2006-488 2006-05-03
Ubuntu USN-276-1 2006-05-03
Slackware SSA:2006-120-01 2006-05-01
Gentoo 200604-18 2006-04-28
Mandriva MDKSA-2006:078 2006-04-25
Mandriva MDKSA-2006:076 2006-04-25
Debian DSA-1044-1 2006-04-26
SuSE SUSE-SA:2006:022 2006-04-25
Mandriva MDKSA-2006:075 2006-04-24
Slackware SSA:2006-114-01 2006-04-25
Gentoo 200604-12 2006-04-23
Red Hat RHSA-2006:0330-01 2006-04-21
SuSE SUSE-SA:2006:021 2006-04-20
Ubuntu USN-271-1 2006-04-19
Fedora FEDORA-2006-411 2006-04-18
Fedora FEDORA-2006-410 2006-04-18
Red Hat RHSA-2006:0329-01 2006-04-18
Slackware SSA:2006-107-01 2006-04-17
Red Hat RHSA-2006:0328-01 2006-04-14

Comments (1 posted)

Foomatic: Arbitrary command execution in foomatic-rip

Package(s):foomatic CVE #(s):CAN-2004-0801
Created:September 20, 2004 Updated:May 31, 2006
Description: There is a vulnerability in the foomatic-filters package. This vulnerability is due to insufficient checking of command-line parameters and environment variables in the foomatic-rip filter. This vulnerability may allow both local and remote attackers to execute arbitrary commands on the print server with the permissions of the spooler.
Alerts:
SuSE SUSE-SA:2006:026 2006-05-30
Fedora-Legacy FLSA:2076 2004-11-05
Conectiva CLA-2004:880 2004-10-27
Fedora FEDORA-2004-303 2004-09-21
Gentoo 200409-24 2004-09-20

Comments (none posted)

freeradius: authentication bypass

Package(s):freeradius CVE #(s):CVE-2006-1354
Created:March 24, 2006 Updated:June 5, 2006
Description: An unspecified vulnerability in FreeRADIUS 1.0.0 up to 1.1.0 allows remote attackers to bypass authentication or cause a denial of service (server crash) via "Insufficient input validation" in the EAP-MSCHAPv2 state machine module.
Alerts:
Debian DSA-1089-1 2006-06-03
Mandriva MDKSA-2006:066 2006-04-05
Gentoo 200604-03 2006-04-04
Red Hat RHSA-2006:0271-01 2006-04-04
SuSE SUSE-SA:2006:019 2006-03-28
Mandriva MDKSA-2006:060 2006-03-23

Comments (none posted)

gdb: multiple vulnerabilities

Package(s):gdb CVE #(s):CAN-2005-1704 CAN-2005-1705
Created:May 20, 2005 Updated:August 11, 2006
Description: Tavis Ormandy of the Gentoo Linux Security Audit Team discovered an integer overflow in the BFD library, resulting in a heap overflow. A review also showed that by default, gdb insecurely sources initialization files from the working directory. Successful exploitation would result in the execution of arbitrary code on loading a specially crafted object file or the execution of arbitrary commands.
Alerts:
Red Hat RHSA-2006:0354-01 2006-08-10
Red Hat RHSA-2006:0368-01 2006-07-20
Mandriva MDKSA-2005:215 2005-11-23
Fedora FEDORA-2005-1033 2005-10-27
Fedora FEDORA-2005-1032 2005-10-27
Red Hat RHSA-2005:801-01 2005-10-18
Red Hat RHSA-2005:763-01 2005-10-11
Red Hat RHSA-2005:709-01 2005-10-05
Red Hat RHSA-2005:673-01 2005-10-05
Red Hat RHSA-2005:659-01 2005-09-28
Fedora FEDORA-2005-498 2005-06-29
Fedora FEDORA-2005-497 2005-06-29
Gentoo 200506-01 2005-06-01
Trustix TSLSA-2005-0025 2005-05-31
Mandriva MDKSA-2005:095 2005-05-30
Ubuntu USN-136-2 2005-05-27
Ubuntu USN-136-1 2005-05-27
Ubuntu USN-135-1 2005-05-27
Gentoo 200505-15 2005-05-20

Comments (5 posted)

gdm: improper file permissions

Package(s):gdm CVE #(s):CVE-2006-1057
Created:April 19, 2006 Updated:May 2, 2007
Description: The .ICEauthority file may be created with the wrong ownership and permissions; gdm 2.14.2 fixes the problem.
Alerts:
Red Hat RHSA-2007:0286-02 2007-05-01
Mandriva MDKSA-2006:083 2006-05-09
Ubuntu USN-278-1 2006-05-03
Debian DSA-1040-1 2006-04-24
Fedora FEDORA-2006-338 2006-04-19

Comments (none posted)

gedit: format string vulnerability

Package(s):gedit CVE #(s):CAN-2005-1686
Created:June 9, 2005 Updated:February 5, 2009
Description: A format string vulnerability has been discovered in gedit. Calling the program with specially crafted file names caused a buffer overflow, which could be exploited to execute arbitrary code with the privileges of the gedit user.
Alerts:
Fedora FEDORA-2009-1189 2009-01-29
Fedora FEDORA-2009-1187 2009-01-29
Debian DSA-753-1 2005-07-12
Mandriva MDKSA-2005:102 2005-06-15
Red Hat RHSA-2005:499-01 2005-06-13
Gentoo 200506-09 2005-06-11
Ubuntu USN-138-1 2005-06-09

Comments (1 posted)

grip: buffer overflow

Package(s):grip CVE #(s):CAN-2005-0706
Created:March 10, 2005 Updated:November 19, 2008
Description: Grip, a CD ripper, has a buffer overflow vulnerability that can occur when the CDDB server returns more than 16 matches.
Alerts:
Fedora FEDORA-2008-9604 2008-11-19
Fedora FEDORA-2008-9521 2008-11-19
Fedora-Legacy FLSA:152919 2005-09-15
Mandriva MDKSA-2005:074 2005-04-20
Mandriva MDKSA-2005:075 2005-04-20
Gentoo 200504-07 2005-04-08
Mandrake MDKSA-2005:066 2005-04-01
Red Hat RHSA-2005:304-01 2005-03-28
Gentoo 200503-21 2005-03-17
Fedora FEDORA-2005-203 2005-03-09
Fedora FEDORA-2005-202 2005-03-09

Comments (none posted)

gzip: arbitrary command execution

Package(s):gzip CVE #(s):CAN-2005-0758
Created:August 1, 2005 Updated:January 10, 2007
Description: zgrep in gzip before 1.3.5 does not handle shell metacharacters like '|' and '&' properly when they occurred in input file names. This could be exploited to execute arbitrary commands with user privileges if zgrep is run in an untrusted directory with specially crafted file names.
Alerts:
OpenPKG OpenPKG-SA-2007.002 2007-01-08
Mandriva MDKSA-2006:027 2006-01-30
Mandriva MDKSA-2006:026 2006-01-30
Fedora-Legacy FLSA:158801 2005-11-14
Fedora-Legacy FLSA:157696 2005-08-10
Ubuntu USN-161-1 2005-08-04
Ubuntu USN-158-1 2005-08-01

Comments (2 posted)

hostapd: insufficient boundary checks

Package(s):hostapd CVE #(s):CVE-2006-2213
Created:May 22, 2006 Updated:May 25, 2006
Description: Matteo Rosi and Leonardo Maccari discovered that hostapd, a wifi network authenticator daemon, performs insufficient boundary checks on a key length value, which might be exploited to crash the service.
Alerts:
Mandriva MDKSA-2006:088 2006-05-24
Debian DSA-1065-1 2006-05-19

Comments (none posted)

ipsec-tools: denial of service

Package(s):ipsec-tools CVE #(s):CVE-2005-3732
Created:December 1, 2005 Updated:June 8, 2006
Description: ipsec-tools has a remote denial of service vulnerability in the racoon daemon. If racoon is running in aggressive mode, it fails to check all peer payloads during When the daemon the IKE negotiation phase, allowing a malicious peer to crash the daemon. One should always be careful around aggressive racoons.
Alerts:
Fedora-Legacy FLSA:190941 2006-06-06
Red Hat RHSA-2006:0267-01 2006-04-25
Debian DSA-965-1 2006-02-06
Mandriva MDKSA-2006:020 2006-01-25
SuSE SUSE-SA:2005:070 2005-12-20
Gentoo 200512-04 2005-12-12
Ubuntu USN-221-1 2005-12-01

Comments (none posted)

kdebase: local root vulnerability

Package(s):kdebase CVE #(s):CAN-2005-2494
Created:September 7, 2005 Updated:August 11, 2006
Description: The kdebase package (and kcheckpass in particular) found in KDE versions 3.2.0 through 3.4.2 suffers from a lock file handling error which can enable a local attacker to obtain root access. See this advisory for details.
Alerts:
Red Hat RHSA-2006:0582-01 2006-08-10
Debian DSA-815-1 2005-09-16
Slackware SSA:2005-251-01 2005-09-09
Ubuntu USN-176-1 2005-09-07
Mandriva MDKSA-2005:160 2005-09-06

Comments (none posted)

kdelibs: kate backup file permission leak

Package(s):kdelibs kate kwrite CVE #(s):CAN-2005-1920
Created:July 19, 2005 Updated:September 21, 2010
Description: Kate / Kwrite, as shipped with KDE 3.2.x up to including 3.4.0, creates a file backup before saving a modified file. These backup files are created with default permissions, even if the original file had more strict permissions set. See this advisory for more information.
Alerts:
Gentoo 200611-21 2006-11-27
Debian DSA-804-2 2005-11-10
Debian DSA-804-1 2005-09-08
Red Hat RHSA-2005:612-01 2005-07-27
Ubuntu USN-150-1 2005-07-21
Mandriva MDKSA-2005:122 2005-07-20
Fedora FEDORA-2005-594 2005-07-19

Comments (1 posted)

kernel: multiple vulnerabilities

Package(s):kernel CVE #(s):CVE-2006-2271 CVE-2006-2272 CVE-2006-2274 CVE-2006-2275 CVE-2006-1864
Created:May 12, 2006 Updated:July 13, 2006
Description: Multiple vulnerabilities in the Linux have been found.
  • An error in the Stream Control Transmission Protocol (SCTP) code that uses incorrect state table entries when certain ECNE chunks are received in CLOSED state, could be exploited by attackers to cause a kernel panic via a specially crafted packet.
  • An error exist when handling incoming IP-fragmented SCTP control chunks, which could be exploited by attackers to cause a kernel panic via a specially crafted packet.
  • Linux SCTP (lksctp) allows remote attackers to cause a denial of service (infinite recursion and crash) via a packet that contains two or more DATA fragments, which causes an skb pointer to refer back to itself when the full message is reassembled, leading to infinite recursion in the sctp_skb_pull function
  • Linux SCTP (lksctp) allows remote attackers to cause a denial of service (deadlock) via a large number of small messages to a receiver application that cannot process the messages quickly enough, which leads to "spillover of the receive buffer."
  • A vulnerability has been identified due to an input validation error when processing arguments containing backslash ("\\") characters passed to certain commands (e.g. "cd"), which could be exploited by authenticated attackers to escape chroot restrictions for a CIFS or SMBFS mounted filesystem.
Alerts:
Red Hat RHSA-2006:0580-01 2006-07-13
Red Hat RHSA-2006:0579-01 2006-07-13
Debian DSA-1103-1 2006-06-27
SuSE SUSE-SA:2006:028 2006-05-31
Red Hat RHSA-2006:0493-01 2006-05-24
Mandriva MDKSA-2006:086 2006-05-18
Trustix TSLSA-2006-0026 2006-05-12

Comments (none posted)

kernel: denial of service

Package(s):kernel CVE #(s):CVE-2006-1859 CVE-2006-1860
Created:May 19, 2006 Updated:May 24, 2006
Description: Memory leak in __setlease in fs/locks.c in Linux kernel before 2.6.16.16 allows attackers to cause a denial of service (memory consumption) via unspecified actions related to an "uninitialized return value," aka "slab leak."

lease_init in fs/locks.c in Linux kernel before 2.6.16.16 allows attackers to cause a denial of service (fcntl_setlease lockup) via actions that cause lease_init to free a lock that might not have been allocated on the stack.

Alerts:
rPath rPSA-2006-0079-1 2006-05-23
Fedora FEDORA-2006-573 2006-05-21
Fedora FEDORA-2006-572 2006-05-21
Trustix TSLSA-2006-0028 2006-05-19

Comments (none posted)

kernel: multiple vulnerabilities

Package(s):kernel CVE #(s):CAN-2005-0449 CAN-2005-0209 CAN-2005-0529 CAN-2005-0530 CAN-2005-0532 CAN-2005-0384 CAN-2005-0210 CAN-2005-0504 CAN-2005-0003
Created:March 24, 2005 Updated:May 31, 2006
Description: A number of vulnerabilities have been found in the Linux kernel, including a PPP-related denial of service problem, an integer overflow in the epoll() code, memory corruption in the ELF loader, and exploitable overflows in the ISO9660 code.
Alerts:
Debian DSA-1082-1 2006-05-29
Debian DSA-1069-1 2006-05-20
Debian DSA-1070-1 2006-05-21
Debian DSA-1067-1 2006-05-20
Conectiva CLA-2005:945 2005-03-31
Fedora FEDORA-2005-262 2005-03-28
SuSE SUSE-SA:2005:018 2005-03-24

Comments (none posted)

kernel-patch-vserver: privilege escalation

Package(s):kernel-patch-vserver CVE #(s):CVE-2006-2110
Created:May 22, 2006 Updated:May 24, 2006
Description: Jan Rekorajski discovered that the kernel patch for virtual private servers does not limit context capabilities to the root user within the virtual server, which might lead to privilege escalation for some virtual server specific operations.
Alerts:
Debian DSA-1060-1 2006-05-19

Comments (none posted)

kphone: insecure file creation

Package(s):kphone CVE #(s):CVE-2006-2442
Created:May 22, 2006 Updated:May 25, 2006
Description: Sven Dreyer discovered that KPhone, a Voice over IP client for KDE, creates a configuration file world-readable, which could leak sensitive information like SIP passwords.
Alerts:
Mandriva MDKSA-2006:089 2006-05-24
Debian DSA-1062-1 2006-05-19

Comments (none posted)

libextractor: heap-based buffer overflows

Package(s):libextractor CVE #(s):CVE-2006-2458
Created:May 22, 2006 Updated:May 31, 2006
Description: Luigi Auriemma has found two heap-based buffer overflows in libextractor 0.5.13 and earlier: one of them occurs in the asf_read_header function in the ASF plugin, and the other occurs in the parse_trak_atom function in the Qt plugin.
Alerts:
Debian DSA-1081-1 2006-05-29
Gentoo 200605-14 2006-05-21

Comments (none posted)

libgadu: memory alignment bug

Package(s):libgadu CVE #(s):CAN-2005-2370
Created:July 29, 2005 Updated:June 25, 2007
Description: Szymon Zygmunt and Michal Bartoszkiewicz discovered a memory alignment error in libgadu (from ekg, console Gadu Gadu client, an instant messaging program) which is included in gaim, a multi-protocol instant messaging client, as well. This can not be exploited on the x86 architecture but on others, e.g. on Sparc and lead to a bus error, in other words a denial of service.
Alerts:
Debian DSA-813-1 2005-09-15
Red Hat RHSA-2005:627-01 2005-08-09
Debian DSA-769-1 2005-07-29

Comments (none posted)

libgd2: buffer overflows in PNG handling

Package(s):libgd2 CVE #(s):CAN-2004-0990 CAN-2004-0941
Created:October 29, 2004 Updated:June 28, 2006
Description: Several buffer overflows have been discovered in libgd's PNG handling functions.
If an attacker tricked a user into loading a malicious PNG image, they could leverage this into executing arbitrary code in the context of the user opening image. Most importantly, this library is commonly used in PHP. One possible target would be a PHP driven photo website that lets users upload images. Therefore this vulnerability might lead to privilege escalation to a web server's privileges.
Multiple buffer overflows in the gd graphics library (libgd) 2.0.21 and earlier may allow remote attackers to execute arbitrary code via malformed image files that trigger the overflows due to improper calls to the gdMalloc function.
Alerts:
Mandriva MDKSA-2006:114 2006-06-27
Red Hat RHSA-2006:0194-01 2006-02-01
Fedora-Legacy FLSA:152838 2005-07-15
Red Hat RHSA-2004:638-01 2004-12-17
Ubuntu USN-33-1 2004-11-29
Debian DSA-602-1 2004-11-29
Debian DSA-601-1 2004-11-29
Mandrake MDKSA-2004:132 2004-11-15
Ubuntu USN-25-1 2004-11-15
Fedora FEDORA-2004-412 2004-11-11
Fedora FEDORA-2004-411 2004-11-11
Ubuntu USN-21-1 2004-11-09
Debian DSA-591-1 2004-11-09
Debian DSA-589-1 2004-11-09
Gentoo 200411-08 2004-11-03
OpenPKG OpenPKG-SA-2004.049 2004-10-30
Ubuntu USN-11-1 2004-10-28

Comments (none posted)

libpam-ldap: authentication bypass

Package(s):libpam-ldap CVE #(s):CAN-2005-2641
Created:August 25, 2005 Updated:October 6, 2006
Description: libpam-ldap, the PAM LDAP interface, has a vulnerability in which it fails to authenticate with an LDAP server which is not configured properly, allowing an authentication bypass.
Alerts:
rPath rPSA-2006-0183-1 2006-10-05
Mandriva MDKSA-2005:190 2005-10-20
Gentoo 200508-22 2005-08-31
Debian DSA-785-1 2005-08-25

Comments (none posted)

libpng: heap based buffer overflow

Package(s):libpng CVE #(s):CVE-2006-0481
Created:February 13, 2006 Updated:December 15, 2008
Description: A heap based buffer overflow bug was found in the way libpng strips alpha channels from a PNG image. An attacker could create a carefully crafted PNG image file in such a way that it could cause an application linked with libpng to crash or execute arbitrary code when the file is opened by a victim.
Alerts:
Gentoo 200812-15 2008-12-14
Red Hat RHSA-2006:0205-01 2006-02-13

Comments (1 posted)

libtiff: denial of service

Package(s):libtiff CVE #(s):CVE-2006-2024
Created:April 28, 2006 Updated:May 31, 2006
Description: Multiple vulnerabilities in libtiff before 3.8.1 allow context-dependent attackers to cause a denial of service via a TIFF image that triggers errors in (1) the TIFFFetchAnyArray function in (a) tif_dirread.c; (2) certain "codec cleanup methods" in (b) tif_lzw.c, (c) tif_pixarlog.c, and (d) tif_zip.c; (3) and improper restoration of setfield and getfield methods in cleanup functions within (e) tif_jpeg.c, tif_pixarlog.c, (f) tif_fax3.c, and tif_zip.c.
Alerts:
Gentoo 200605-17 2006-05-30
Red Hat RHSA-2006:0425-01 2006-05-09
Debian DSA-1054-1 2006-05-09
Mandriva MDKSA-2006:082 2006-05-03
Ubuntu USN-277-1 2006-05-03
SuSE SUSE-SR:2006:009 2006-04-28
Fedora FEDORA-2006-474 2006-04-27
Fedora FEDORA-2006-473 2006-04-27

Comments (none posted)

libxml2 - arbitrary code execution

Package(s):libxml2 CVE #(s):CAN-2004-0110
Created:February 26, 2004 Updated:August 19, 2009
Description: Yuuichi Teranishi discovered a flaw in libxml2 versions prior to 2.6.6. When fetching a remote resource via FTP or HTTP, libxml2 uses special parsing routines. These routines can overflow a buffer if passed a very long URL. If an attacker is able to find an application using libxml2 that parses remote resources and allows them to influence the URL, then this flaw could be used to execute arbitrary code.
Alerts:
Fedora FEDORA-2009-8594 2009-08-15
Fedora FEDORA-2009-8582 2009-08-15
Fedora-Legacy FLSA:1324 2004-07-19
Conectiva CLA-2004:836 2004-03-31
Gentoo 200403-01 2004-03-06
Trustix TSLSA-2004-0010 2004-03-05
OpenPKG OpenPKG-SA-2004.003 2004-03-05
Netwosix NW-2004-0004 2004-03-04
Debian DSA-455-1 2004-03-03
Mandrake MDKSA-2004:018 2004-03-03
Red Hat RHSA-2004:091-02 2004-03-03
Whitebox WBSA-2004:090-01 2004-03-01
Red Hat RHSA-2004:090-01 2004-02-26
Fedora FEDORA-2004-087 2004-02-25
Red Hat RHSA-2004:091-01 2004-02-26

Comments (none posted)

libxml2: multiple buffer overflows

Package(s):libxml2 CVE #(s):CAN-2004-0989
Created:October 28, 2004 Updated:August 19, 2009
Description: libxml2 prior to version 2.6.14 has multiple buffer overflow vulnerabilities, if a local user passes a specially crafted FTP URL, arbitrary code may be executed.
Alerts:
Fedora FEDORA-2009-8594 2009-08-15
Fedora FEDORA-2009-8582 2009-08-15
Ubuntu USN-89-1 2005-02-28
Red Hat RHSA-2004:650-01 2004-12-16
Conectiva CLA-2004:890 2004-11-18
Red Hat RHSA-2004:615-01 2004-11-12
Mandrake MDKSA-2004:127 2004-11-04
Debian DSA-582-1 2004-11-02
Gentoo 200411-05 2004-11-02
Trustix TSLSA-2004-0055 2004-10-29
OpenPKG OpenPKG-SA-2004.050 2004-10-31
Ubuntu USN-10-1 2004-10-28
Fedora FEDORA-2004-353 2004-10-28

Comments (none posted)

lynx: arbitrary command execution

Package(s):lynx CVE #(s):CVE-2005-2929
Created:November 14, 2005 Updated:September 14, 2009
Description: An arbitrary command execute bug was found in the lynx "lynxcgi:" URI handler. An attacker could create a web page redirecting to a malicious URL which could execute arbitrary code as the user running lynx.
Alerts:
Gentoo 200909-15 2009-09-12
Fedora-Legacy FLSA:152832 2005-12-17
OpenPKG OpenPKG-SA-2005.026 2005-12-03
Fedora FEDORA-2005-1079 2005-11-14
Fedora FEDORA-2005-1078 2005-11-14
Gentoo 200511-09 2005-11-13
Mandriva MDKSA-2005:211 2005-11-12
Red Hat RHSA-2005:839-01 2005-11-11

Comments (none posted)

mailman: denial of service

Package(s):mailman CVE #(s):CVE-2006-0052
Created:March 30, 2006 Updated:June 9, 2006
Description: Mailman 2.1.5 and below have a denial of service vulnerability in the Scrubber.py script. If a maliciously created message with a mime multi part format is received, mailman delivery can be stopped.
Alerts:
Red Hat RHSA-2006:0486-01 2006-06-09
SuSE SUSE-SR:2006:008 2006-04-07
Debian DSA-1027-1 2006-04-06
Ubuntu USN-267-1 2006-04-03
Mandriva MDKSA-2006:061 2006-03-29

Comments (none posted)

mpg123: buffer overflows

Package(s):mpg123 CVE #(s):CVE-2006-1655
Created:May 24, 2006 Updated:July 3, 2006
Description: mpg123 does not properly validate MPEG 2.0 layer 3 files, leading to a number of buffer overflow vulnerabilities.
Alerts:
Gentoo 200607-01 2006-07-03
Mandriva MDKSA-2006:092 2006-05-26
Debian DSA-1074-1 2006-05-24

Comments (none posted)

MySQL: logging bypass

Package(s):mysql CVE #(s):CVE-2006-0903
Created:April 4, 2006 Updated:May 21, 2008
Description: MySQL 5.0.18 and earlier allows local users to bypass logging mechanisms via SQL queries that contain the NULL character, which are not properly handled by the mysql_real_query function. NOTE: this issue was originally reported for the mysql_query function, but the vendor states that since mysql_query expects a null character, this is not an issue for mysql_query.
Alerts:
Red Hat RHSA-2008:0364-01 2008-05-21
Ubuntu USN-274-2 2006-05-15
Ubuntu USN-274-1 2006-04-27
Mandriva MDKSA-2006:064 2006-04-03

Comments (2 posted)

mysql: information leaks

Package(s):mysql mysql-dfsg CVE #(s):CVE-2006-1516 CVE-2006-1517
Created:May 8, 2006 Updated:June 23, 2006
Description: Stefano Di Paola discovered an information leak in the login packet parser. By sending a specially crafted malformed login packet, a remote attacker could exploit this to read a random piece of memory, which could potentially reveal sensitive data. (CVE-2006-1516)

Stefano Di Paola also found a similar information leak in the parser for the COM_TABLE_DUMP request. (CVE-2006-1517)

Alerts:
SuSE SUSE-SA:2006:036 2006-06-23
Debian DSA-1079-1 2006-05-29
Debian DSA-1073-1 2006-05-22
Debian DSA-1071-1 2006-05-22
Fedora FEDORA-2006-553 2006-05-17
Fedora FEDORA-2006-554 2006-05-17
Gentoo 200605-13 2006-05-11
Slackware SSA:2006-129-02 2006-05-10
Mandriva MDKSA-2006:084 2006-05-10
Ubuntu USN-283-1 2006-05-08

Comments (1 posted)

nagios: buffer overflow

Package(s):nagios CVE #(s):CVE-2006-2162
Created:May 8, 2006 Updated:May 31, 2006
Description: A buffer overflow in CGI scripts in Nagios 1.x before 1.4 and 2.x before 2.3 allows remote attackers to execute arbitrary code via a negative content length (Content-Length) HTTP header.
Alerts:
Ubuntu USN-287-1 2006-05-29
Debian DSA-1072-1 2006-05-22
SuSE SUSE-SR:2006:011 2006-05-19
Gentoo 200605-07a 2006-05-07
Ubuntu USN-282-1 2006-05-08
Gentoo 200605-07 2006-05-07

Comments (none posted)

nbd: arbitrary code execution

Package(s):nbd CVE #(s):CVE-2005-3534
Created:January 6, 2006 Updated:March 7, 2011
Description: Kurt Fitzner discovered that the NBD (network block device) server did not correctly verify the maximum size of request packets. By sending specially crafted large request packets, a remote attacker who is allowed to access the server could exploit this to execute arbitrary code with root privileges.
Alerts:
SuSE SUSE-SR:2006:001 2006-01-13
Ubuntu USN-237-1 2006-01-06

Comments (none posted)

ntp: uses wrong gid

Package(s):ntp CVE #(s):CAN-2005-2496
Created:August 26, 2005 Updated:August 11, 2006
Description: When starting xntpd with the -u option and specifying the group by using a string not a numeric gid the daemon uses the gid of the user not the group. This problem is now fixed by this update.
Alerts:
Red Hat RHSA-2006:0393-01 2006-08-10
Mandriva MDKSA-2005:156 2005-09-06
Debian DSA-801-1 2005-09-05
Ubuntu USN-175-1 2005-09-01
Fedora FEDORA-2005-812 2005-08-26

Comments (none posted)

OpenLDAP: boundary error

Package(s):openldap CVE #(s):
Created:May 23, 2006 Updated:May 24, 2006
Description: According to this Secunia advisory, a weakness exists in OpenLDAP which is caused due to a boundary error in slurpd within the handling of the status file. This can be exploited to cause a stack-based buffer overflow via an overly long hostname read from the status file. The weakness has been reported to be in OpenLDAP version 2.3.21 and earlier.
Alerts:
OpenPKG OpenPKG-SA-2006.008 2006-05-22

Comments (none posted)

openmotif: buffer overflows

Package(s):openmotif CVE #(s):CVE-2005-3964
Created:December 29, 2005 Updated:July 27, 2006
Description: The libUil component of the OpenMotif toolkit has a pair of buffer overflow vulnerabilities that can possibly be used for the execution of arbitrary code.
Alerts:
Fedora FEDORA-2006-854 2006-07-26
Red Hat RHSA-2006:0272-01 2006-04-04
Gentoo 200512-16 2005-12-28

Comments (none posted)

OpenSSH: double shell expansion

Package(s):openssh CVE #(s):CVE-2006-0225
Created:January 23, 2006 Updated:July 20, 2006
Description: OpenSSH has a double shell expansion vulnerability in local to local and remote to remote copy with scp.
Alerts:
Red Hat RHSA-2006:0298-01 2006-07-20
Red Hat RHSA-2006:0044-01 2006-03-07
Ubuntu USN-255-1 2006-02-21
Gentoo 200602-11 2006-02-20
Fedora-Legacy FLSA:168935 2006-02-18
OpenPKG OpenPKG-SA-2006.003 2006-02-18
Slackware SSA:2006-045-06 2006-02-15
SuSE SUSE-SA:2006:008 2006-02-14
Mandriva MDKSA-2006:034 2006-02-06
Fedora FEDORA-2006-056 2006-01-23

Comments (none posted)

perl: setuid vulnerabilities

Package(s):perl CVE #(s):CAN-2005-0155 CAN-2005-0156
Created:February 2, 2005 Updated:August 11, 2006
Description: There are two vulnerabilities with perl when it is used in a setuid mode. The PERLIO_DEBUG environment variable can be used to overwrite arbitrary files; there is also an associated buffer overflow which can be exploited to gain root access.
Alerts:
Red Hat RHSA-2006:0605-01 2006-08-10
Fedora FEDORA-2005-353 2005-05-02
Red Hat RHSA-2005:103-01 2005-02-15
Gentoo 200502-13 2005-02-11
SuSE SUSE-SR:2005:004 2005-02-11
Mandrake MDKSA-2005:031 2005-02-08
Red Hat RHSA-2005:105-01 2005-02-07
Ubuntu USN-72-1 2005-02-02

Comments (none posted)

php: several vulnerabilities

Package(s):php CVE #(s):CVE-2006-0996 CVE-2006-1494 CVE-2006-1608
Created:April 25, 2006 Updated:May 24, 2006
Description: There are several vulnerabilities in PHP v5.1.2 and earlier.
  • A cross-site scripting (XSS) vulnerability in phpinfo (info.c) allows remote attackers to inject arbitrary web script or HTML via long array variables. (CVE-2006-0996)
  • A directory traversal vulnerability in file.c allows local users to bypass open_basedir restrictions and allows remote attackers to create files in arbitrary directories via the tempnam function. (CVE-2006-1494)
  • The copy function in file.c allows local users to bypass safe mode and read arbitrary files via a source argument containing a compress.zlib:// URI. (CVE-2006-1608)
Alerts:
Red Hat RHSA-2006:0501-02 2006-05-23
Fedora FEDORA-2006-289 2006-05-16
Gentoo 200605-08 2006-05-08
SuSE SUSE-SA:2006:024 2006-05-05
Red Hat RHSA-2006:0276-01 2006-04-25
Mandriva MDKSA-2006:074 2006-04-24

Comments (none posted)

phpbb2: missing input sanitizing

Package(s):phpbb2 CVE #(s):CVE-2006-1896
Created:May 22, 2006 Updated:February 11, 2008
Description: It was discovered that phpbb2, a web based bulletin board, insufficiently sanitizes values passed to the "Font Color 3" setting, which might lead to the execution of injected code by admin users.
Alerts:
Debian DSA-1066-1 2006-05-20

Comments (none posted)

phpbb2: multiple vulnerabilities

Package(s):phpbb2 CVE #(s):CVE-2005-3310 CVE-2005-3415 CVE-2005-3416 CVE-2005-3417 CVE-2005-3418 CVE-2005-3419 CVE-2005-3420 CVE-2005-3536 CVE-2005-3537
Created:December 22, 2005 Updated:February 11, 2008
Description: The phpbb2 web forum has a number of vulnerabilities including: a web script injection problem, a protection mechanism bypass, a security check bypass, a remote global variable bypass, cross site scripting vulnerabilities, an SQL injection vulnerability, a remote regular expression modification problem, missing input sanitizing, and a missing request validation problem.
Alerts:
Debian DSA-925-1 2005-12-22

Comments (none posted)

phpgroupware: missing input sanitizing

Package(s):phpgroupware CVE #(s):CVE-2005-2781
Created:May 22, 2006 Updated:May 24, 2006
Description: It was discovered that the Avatar upload feature of FUD Forum, a component of the web based groupware system phpgroupware, does not sufficiently validate uploaded files, which might lead to the execution of injected web script code.
Alerts:
Debian DSA-1063-1 2006-05-08

Comments (none posted)

phpMyAdmin: multiple vulnerabilities

Package(s):phpmyadmin CVE #(s):CVE-2005-4079 CVE-2005-3665
Created:December 12, 2005 Updated:November 20, 2006
Description: Stefan Esser reported multiple vulnerabilities found in phpMyAdmin. The $GLOBALS variable allows modifying the global variable import_blacklist to open phpMyAdmin to local and remote file inclusion, depending on your PHP version (CVE-2005-4079, PMASA-2005-9). Furthermore, it is also possible to conduct an XSS attack via the $HTTP_HOST variable and a local and remote file inclusion because the contents of the variable are under total control of the attacker (CVE-2005-3665, PMASA-2005-8).
Alerts:
Debian DSA-1207-2 2006-11-19
Debian DSA-1207-1 2006-11-09
SuSE SUSE-SA:2006:004 2006-01-26
Gentoo 200512-03 2005-12-11

Comments (none posted)

popfile: missing input sanitizing

Package(s):popfile CVE #(s):CVE-2006-0876
Created:May 22, 2006 Updated:May 24, 2006
Description: It has been discovered that popfile, a bayesian mail classifier, can be forced into a crash through malformed character sets within email messages, which allows denial of service.
Alerts:
Debian DSA-1061-1 2006-05-19

Comments (none posted)

postgresql: SQL injection

Package(s):postgresql CVE #(s):CVE-2006-2313 CVE-2006-2314
Created:May 24, 2006 Updated:June 6, 2007
Description: The PostgreSQL team has put out a set of "urgent updates" (in the form of the 7.3.15, 7.4.13, 8.0.8, and 8.1.4 releases) closing a newly-discovered set of SQL injection issues. Details about the problem can be found on the technical information page; in short: multi-byte encodings can be used to defeat normal string sanitizing techniques. The update fixes one problem related to invalid multi-byte characters, but punts on another by simply disallowing the old, unsafe technique of escaping single quotes with a backslash.
Alerts:
Fedora FEDORA-2007-0249 2007-06-06
Trustix TSLSA-2006-0059 2006-10-27
Gentoo 200607-04 2006-07-09
SuSE SUSE-SA:2006:030 2006-06-09
Ubuntu USN-288-3 2006-06-09
Ubuntu USN-288-2 2006-06-09
Mandriva MDKSA-2006:098 2006-06-07
Debian DSA-1087-1 2006-06-03
Ubuntu USN-288-1 2006-05-29
rPath rPSA-2006-0080-1 2006-05-24
Red Hat RHSA-2006:0526-02 2006-05-23
Fedora FEDORA-2006-578 2006-05-23
Fedora FEDORA-2006-579 2006-05-23

Comments (1 posted)

pound: HTTP Request Smuggling Attack

Package(s):pound CVE #(s):CVE-2005-3751
Created:January 10, 2006 Updated:June 8, 2006
Description: HTTP requests with conflicting Content-Length and Transfer-Encoding headers could lead to HTTP Request Smuggling Attack, which can be exploited to bypass packet filters or poison web caches.
Alerts:
Gentoo 200606-05 2006-06-07
Debian DSA-934-1 2006-01-09

Comments (none posted)

Py2Play: remote execution of arbitrary Python code

Package(s):Py2Play CVE #(s):CAN-2005-2875
Created:September 19, 2005 Updated:September 6, 2006
Description: Py2Play uses Python pickles to send objects over a peer-to-peer game network, that clients accept without restriction the objects and code sent by peers. A remote attacker participating in a Py2Play-powered game can send malicious Python pickles, resulting in the execution of arbitrary Python code on the targeted game client.
Alerts:
Gentoo 200509-09:02 2005-09-17
Debian DSA-856-1 2005-10-10
Gentoo 200509-09 2005-09-17

Comments (none posted)

quagga: multiple vulnerabilities

Package(s):quagga CVE #(s):CVE-2006-2223 CVE-2006-2224 CVE-2006-2276
Created:May 15, 2006 Updated:July 24, 2006
Description: Paul Jakma discovered that Quagga's ripd daemon did not properly handle authentication of RIPv1 requests. If the RIPv1 protocol had been disabled, or authentication for RIPv2 had been enabled, ripd still replied to RIPv1 requests, which could lead to information disclosure. (CVE-2006-2223)

Paul Jakma also noticed that ripd accepted unauthenticated RIPv1 response packets if RIPv2 was configured to require authentication and both protocols were allowed. A remote attacker could exploit this to inject arbitrary routes. (CVE-2006-2224)

Fredrik Widell discovered that Quagga did not properly handle certain invalid 'sh ip bgp' commands. By sending special commands to Quagga, a remote attacker with telnet access to the Quagga server could exploit this to trigger an endless loop in the daemon (Denial of Service). (CVE-2006-2276)

Alerts:
Fedora FEDORA-2006-845 2006-07-22
Fedora FEDORA-2006-843 2006-07-22
Red Hat RHSA-2006:0533-01 2006-06-01
Red Hat RHSA-2006:0525-01 2006-06-01
Gentoo 200605-15 2006-05-21
Debian DSA-1059-1 2006-05-19
Ubuntu USN-284-1 2006-05-15

Comments (1 posted)

quake: buffer overflow

Package(s):quake3-bin CVE #(s):CVE-2006-2236
Created:May 10, 2006 Updated:January 12, 2009
Description: Games based on the Quake 3 engine are vulnerable to a buffer overflow exploitable by a hostile game server.
Alerts:
Gentoo 200901-06 2009-01-11
Gentoo 200605-12 2006-05-10

Comments (none posted)

rsync: integer overflow

Package(s):rsync CVE #(s):CVE-2006-2083
Created:May 8, 2006 Updated:June 6, 2006
Description: An integer overflow in the receive_xattr function in the extended attributes patch (xattr.c) for rsync before 2.6.8 might allow attackers to execute arbitrary code via crafted extended attributes that trigger a buffer overflow.
Alerts:
Fedora FEDORA-2006-599 2006-06-05
Fedora FEDORA-2006-601 2006-06-05
Gentoo 200605-05 2006-05-06

Comments (none posted)

scorched3d: multiple vulnerabilities

Package(s):scorched3d CVE #(s):
Created:November 15, 2005 Updated:August 11, 2006
Description: Luigi Auriemma discovered multiple flaws in the Scorched 3D game server, including a format string vulnerability and several buffer overflows. A remote attacker could exploit these vulnerabilities to crash a game server or execute arbitrary code with the rights of the game server user.
Alerts:
Gentoo 200511-12:03 2005-11-15
Gentoo 200511-12 2005-11-15

Comments (none posted)

squirrelmail: multiple vulnerabilities

Package(s):squirrelmail CVE #(s):CVE-2006-0188 CVE-2006-0195 CVE-2006-0377
Created:February 28, 2006 Updated:June 8, 2006
Description: Webmail.php in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to inject arbitrary web pages into the right frame via a URL in the right_frame parameter. NOTE: this has been called a cross-site scripting (XSS) issue, but it is different than what is normally identified as XSS. (CVE-2006-0188)

Interpretation conflict in the MagicHTML filter in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to conduct cross-site scripting (XSS) attacks via style sheet specifiers with invalid (1) "/*" and "*/" comments, or (2) a newline in a "url" specifier, which is processed by certain web browsers including Internet Explorer. (CVE-2006-0195)

CRLF injection vulnerability in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to inject arbitrary IMAP commands via newline characters in the mailbox parameter of the sqimap_mailbox_select command, aka "IMAP injection." (CVE-2006-0377)

Alerts:
Fedora-Legacy FLSA:190884 2006-06-06
Red Hat RHSA-2006:0283-01 2006-05-03
Gentoo 200603-09 2006-03-12
Debian DSA-988-1 2006-03-08
Fedora FEDORA-2006-133 2006-03-03
Mandriva MDKSA-2006:049 2006-02-27

Comments (none posted)

sudo: vulnerability via scripts

Package(s):sudo CVE #(s):CAN-2005-4158 CVE-2006-0151
Created:December 16, 2005 Updated:September 1, 2006
Description: Perl and Python scripts run via Sudo can be subverted.
Alerts:
Mandriva MDKSA-2006:159 2006-08-31
Debian DSA-946-2 2006-04-08
Slackware SSA:2006-045-08 2006-02-15
SuSE SUSE-SR:2006:002 2006-01-20
Debian DSA-946-1 2006-01-20
Ubuntu USN-235-2 2006-01-09
Ubuntu USN-235-1 2006-01-05
Mandriva MDKSA-2005:234 2005-12-20
Fedora FEDORA-2005-1147 2005-12-16

Comments (none posted)

texinfo: temporary file vulnerability

Package(s):texinfo CVE #(s):CAN-2005-3011
Created:October 5, 2005 Updated:November 9, 2006
Description: Texinfo prior to version 4.8-r1 suffers from a temporary file vulnerability.
Alerts:
Ubuntu USN-194-2 2006-01-09
Fedora FEDORA-2005-991 2005-10-14
Fedora FEDORA-2005-990 2005-10-14
Mandriva MDKSA-2005:175 2005-10-06
Ubuntu USN-194-1 2005-10-06
Gentoo 200510-04 2005-10-05

Comments (none posted)

tin: buffer overflow

Package(s):tin CVE #(s):CVE-2006-0804
Created:February 19, 2006 Updated:November 24, 2006
Description: An allocation off-by-one bug exists in the TIN news reader version 1.8.0 and earlier which can lead to a buffer overflow.
Alerts:
Gentoo 200611-18 2006-11-24
OpenPKG OpenPKG-SA-2006.005 2006-02-19

Comments (none posted)

unzip: long file name buffer overflow

Package(s):unzip CVE #(s):CVE-2005-4667
Created:February 6, 2006 Updated:May 2, 2007
Description: A buffer overflow in UnZip 5.50 and earlier allows local users to execute arbitrary code via a long filename command line argument. NOTE: since the overflow occurs in a non-setuid program, there are not many scenarios under which it poses a vulnerability, unless unzip is passed long arguments when it is invoked from other programs.
Alerts:
Red Hat RHSA-2007:0203-02 2007-05-01
Fedora-Legacy FLSA:180159 2006-04-04
Debian DSA-1012-1 2006-03-21
Mandriva MDKSA-2006:050 2006-02-27
Ubuntu USN-248-2 2006-02-15
Ubuntu USN-248-1 2006-02-13
Fedora FEDORA-2006-098 2006-02-06

Comments (1 posted)

w3c-libwww: possible stack overflow

Package(s):w3c-libwww CVE #(s):CVE-2005-3183
Created:October 14, 2005 Updated:May 2, 2007
Description: xtensive testing of libwww's handling of multipart/byteranges content from HTTP/1.1 servers revealed multiple logical flaws and bugs in Library/src/HTBound.c
Alerts:
Red Hat RHSA-2007:0208-02 2007-05-01
Ubuntu USN-220-1 2005-12-01
Mandriva MDKSA-2005:210 2005-11-09
Fedora FEDORA-2005-953 2005-10-07
Fedora FEDORA-2005-952 2005-10-07

Comments (1 posted)

xine-lib: buffer overflow

Package(s):xine-lib CVE #(s):CVE-2006-1664
Created:April 27, 2006 Updated:February 27, 2008
Description: xine-lib does an improper input data boundary check on MPEG streams. A specially crafted MPEG file can be created that can cause arbitrary code execution when the file is accessed.
Alerts:
Gentoo 200802-12 2008-02-26
Gentoo 200604-16 2006-04-26

Comments (none posted)

X.Org: buffer overflow

Package(s):xorg-x11-server xorg-x11 CVE #(s):CVE-2006-1526
Created:May 3, 2006 Updated:January 10, 2007
Description: There is a buffer overflow in the Xrender extension of the X.Org server; any process which is able to connect to the server may be able to exploit this overflow to run arbitrary code. Since the X server runs as root on most systems, this vulnerability could be exploited to gain root access. See the X.Org advisory for more information.
Alerts:
Fedora-Legacy FLSA:190777 2006-06-06
Trustix TSLSA-2006-0024 2006-05-05
Mandriva MDKSA-2006:081-1 2006-05-04
Ubuntu USN-280-1 2006-05-04
Slackware SSA:2006-123-01 2006-05-04
Red Hat RHSA-2006:0451-01 2006-05-04
SuSE SUSE-SA:2006:023 2006-05-03
Mandriva MDKSA-2006:081 2006-05-02
Gentoo 200605-02 2006-05-02

Comments (none posted)

xpdf: buffer overflow

Package(s):xpdf CVE #(s):CAN-2005-0064
Created:January 19, 2005 Updated:March 15, 2007
Description: iDEFENSE has found yet another xpdf buffer overflow; see this advisory for details.
Alerts:
Fedora FEDORA-2007-1219 2007-03-14
Gentoo 200506-06 2005-06-09
Red Hat RHSA-2005:026-01 2005-03-16
Red Hat RHSA-2005:066-01 2005-02-15
Red Hat RHSA-2005:057-01 2005-02-15
Red Hat RHSA-2005:053-01 2005-02-15
Red Hat RHSA-2005:034-01 2005-02-15
Fedora-Legacy FLSA:2353 2005-02-10
Fedora-Legacy FLSA:2352 2005-02-10
Gentoo 200502-10 2005-02-09
Red Hat RHSA-2005:049-01 2005-02-01
SuSE SUSE-SR:2005:002 2005-01-26
Red Hat RHSA-2005:059-01 2005-01-26
Mandrake MDKSA-2005:020 2005-01-25
Mandrake MDKSA-2005:019 2005-01-25
Mandrake MDKSA-2005:016 2005-01-25
Mandrake MDKSA-2005:021 2005-01-25
Mandrake MDKSA-2005:018 2005-01-25
Mandrake MDKSA-2005:017 2005-01-25
Fedora FEDORA-2005-061 2005-01-25
Fedora FEDORA-2005-062 2005-01-25
Fedora FEDORA-2005-059 2005-01-25
Fedora FEDORA-2005-060 2005-01-25
Conectiva CLA-2005:921 2005-01-25
Fedora FEDORA-2004-049 2005-01-24
Fedora FEDORA-2004-048 2005-01-24
Gentoo 200501-32 2005-01-23
Gentoo 200501-31 2005-01-23
Gentoo 200501-30 2005-01-22
Gentoo 200501-28 2005-01-21
Fedora FEDORA-2005-052 2005-01-20
Fedora FEDORA-2005-051 2005-01-20
Ubuntu USN-64-1 2005-01-19
Debian DSA-645-1 2005-01-19
Debian DSA-648-1 2005-01-19

Comments (1 posted)

xpdf: denial of service

Package(s):xpdf kpdf CVE #(s):CAN-2005-2097
Created:August 9, 2005 Updated:August 2, 2006
Description: A flaw was discovered in Xpdf in that could allow an attacker to construct a carefully crafted PDF file that would cause Xpdf to consume all available disk space in /tmp when opened.
Alerts:
Debian DSA-1136-1 2006-08-02
Mandriva MDKSA-2005:138-1 2005-09-19
Debian DSA-780-1 2005-08-22
SuSE SUSE-SR:2005:019 2005-08-19
Fedora FEDORA-2005-732 2005-08-17
Fedora FEDORA-2005-733 2005-08-17
Gentoo 200508-08 2005-08-16
Fedora FEDORA-2005-730 2005-08-15
Fedora FEDORA-2005-729 2005-08-15
Mandriva MDKSA-2005:136 2005-08-11
Mandriva MDKSA-2005:135 2005-08-11
Mandriva MDKSA-2005:134 2005-08-11
Mandriva MDKSA-2005:138 2005-08-11
Red Hat RHSA-2005:708-01 2005-08-10
Red Hat RHSA-2005:706-01 2005-08-09
Red Hat RHSA-2005:671-01 2005-08-09
Red Hat RHSA-2005:670-01 2005-08-09
Ubuntu USN-163-1 2005-08-09

Comments (none posted)

xpdf: integer overflows

Package(s):xpdf, poppler, cupsys, tetex-bin CVE #(s):CVE-2005-3624 CVE-2005-3625 CVE-2005-3626 CVE-2005-3627
Created:January 5, 2006 Updated:November 30, 2006
Description: xpdf has a number of integer overflows. A remote attacker can trick a user into opening a maliciously crafted pdf file, allowing the attacker to execute code with the privileges of the local user. This also affects the Poppler library, cupsys and tetex-bin.
Alerts:
Fedora FEDORA-2006-1220 2006-11-30
Debian DSA-932-1 2006-01-09
Debian DSA-931-1 2006-01-09
Ubuntu USN-236-2 2006-01-09
Mandriva MDKSA-2006:008 2006-01-06
Mandriva MDKSA-2006:006 2006-01-05
Mandriva MDKSA-2006:005 2006-01-05
Mandriva MDKSA-2006:004 2006-01-05
Mandriva MDKSA-2006:003 2006-01-05
Ubuntu USN-236-1 2006-01-05

Comments (none posted)

xscreensaver: possible password exposure

Package(s):xscreensaver CVE #(s):CVE-2004-2655
Created:April 11, 2006 Updated:May 24, 2006
Description: In some cases, xscreensaver did not properly grab the keyboard when reading the password for unlocking the screen, so that the password was typed into the currently active application window. The only known vulnerable case was when xscreensaver activated while an rdesktop session was currently active.
Alerts:
Red Hat RHSA-2006:0498-01 2006-05-23
Ubuntu USN-269-1 2006-04-11

Comments (none posted)

xzgv: heap overflow

Package(s):xzgv CVE #(s):CVE-2006-1060
Created:April 21, 2006 Updated:June 12, 2006
Description: Andrea Barisani of Gentoo Linux discovered xzgv and zgv allocate insufficient memory when rendering images with more than 3 output components, such as images using the YCCK or CMYK colour space. When xzgv or zgv attempt to render the image, data from the image overruns a heap allocated buffer.
Alerts:
Gentoo 200604-10:02 2006-04-21
Debian DSA-1038-1 2006-04-22
Debian DSA-1037-1 2006-04-21
Gentoo 200604-10 2006-04-21

Comments (none posted)

Page editor: Jonathan Corbet

Kernel development

Brief items

Kernel release status

The current stable 2.6 kernel is 2.6.16.19, released on May 30. It contains a single fix for an information leak in the netfilter code.

The current 2.6 prepatch is 2.6.17-rc5, released by Linus on May 24. With luck, this will be the final prepatch before the final 2.6.17 release. It consists of a fair number of fixes; see the long-format changelog for the details.

Several dozen patches (all fixes) have found their way into the mainline after the -rc5 release.

The current -mm tree is 2.6.17-rc5-mm1. Recent changes to -mm include the generic IRQ layer, an updated version of reiser4, the lock validator (see below), the adaptive readahead patch set, a new infrastructure for maintaining kernel statistics, and a new kernel API for inotify.

Comments (none posted)

Kernel development news

A summary of 2.6.17 API changes

The final 2.6.17 kernel release is getting close. Further internal API changes in this cycle are (one hopes) highly unlikely, so the following list should be definitive for this time around.

  • Support for the SPARC "Niagara" architecture.

  • EXPORT_SYMBOL_GPL_FUTURE() has been merged.

  • The safe notifier patch has been merged, creating a new API for all notifier users.

  • The SLAB_NO_REAP slab cache option, which ostensibly caused the slab not to be cleaned up when the system is under memory pressure, has been removed. The kmem_cache_t typedef is also being phased out in favor of struct kmem_cache.

  • The "softmac" 802.11 subsystem has been merged. This code may eventually be phased out, however, in favor of the Devicescape code.

  • There is a new real-time clock subsystem, providing generalized RTC support and a well-defined driver interface.

  • A new utility function has been added:

         int execute_in_process_context(void (*fn)(void *data),
                                        void *data, 
    				    struct execute_work *work);
    

    This function will arrange for fn() to be called in process context (where it can sleep). Depending on when execute_in_process_context() is called, fn() could be invoked immediately or delayed by way of a work queue.

  • The SMP alternatives patch has been merged.

  • A rework of the relayfs API - but the sysfs interface has been left out for now.

  • There is a new tracing mechanism for developers debugging block subsystem code.

  • There is a new internal flag (FMODE_EXEC) used to indicate that a file has been opened for execution.

  • The obsolete MODULE_PARM() macro is gone forevermore.

  • A new function, flush_anon_page(), can be used in conjunction with get_user_pages() to safely perform DMA to anonymous pages in user space.

  • Zero-filled memory can now be allocated from slab caches with kmem_cache_zalloc(). There is also a new slab debugging option to produce a /proc/slab_allocators file with detailed allocation information.

  • There are four new ways of creating mempools:

         mempool_t *mempool_create_page_pool(int min_nr, int order);
         mempool_t *mempool_create_kmalloc_pool(int min_nr, size_t size);
         mempool_t *mempool_create_kzalloc_pool(int min_nr, size_t size);
         mempool_t *mempool_create_slab_pool(int min_nr, 
                                             struct kmem_cache *cache);
    

    The first creates a pool which allocates whole pages (the number of which is determined by order), while the second and third create a pool backed by kmalloc() and kzalloc(), respectively. The fourth is a shorthand form of creating slab-backed pools.

  • The prototype for hrtimer_forward() has changed:

         unsigned long hrtimer_forward(struct hrtimer *timer,
                                       ktime_t now, ktime_t interval);
    

    The new now argument is expected to be the current time. This change allows some calls to be optimized. The data field has also been removed from the hrtimer structure.

  • A whole set of generic bit operations (find first set, count set bits, etc.) has been added, helping to unify this code across architectures and subsystems.

  • The inode f_ops pointer - which refers to the file_operations structure for the open file - has been marked const. Quite a bit of code, which used to change that structure, has been changed to compensate. Similar changes have been made in many filesystems. "The goal is both to increase correctness (harder to accidentally write to shared datastructures) and reducing the false sharing of cachelines with things that get dirty in .data (while .rodata is nicely read only and thus cache clean)."

  • local_t is now a signed type.

  • Attributes in sysfs can be pollable.

  • A class_device can now have attribute groups created at registration time; to take advantage of this capability, store the desired groups in the new groups field.

  • The splice(), vmsplice(), and tee() system calls have been merged. Supporting those calls requires implementing two new file_operations methods. See this article for the final form of the splice_read() and splice_write() functions.

As always, look at the LWN 2.6 kernel API changes page for a list of changes over time.

Comments (none posted)

Notifiers, 2.6.17 style

While plowing through the flood of patches early in the 2.6.17 cycle, your editor missed a significant API change: the new notifier interface. Notifiers are an internal kernel mechanism allowing code to register to be told about events of interest. There are notifiers for memory hotplug events, CPU frequency policy changes, USB hotplug events, module loading and unloading, system reboots, network device changes, and more.

Back in November, 2005, this page looked at a proposed notifier API change motivated by the lack of locking on the notifier chains themselves. That proposal received a lukewarm reception. Many low-level data structures in the kernel explicitly avoid performing any locking, on the assumption that the higher layers will have to be concerned with their own locking in any case. So, it was asked, why should notifiers be any different? The answer seems to be that, unlike many other data structures, notifiers tend to be used across relatively wide parts of the kernel, making it hard to use any locking regime except one designed for the notifiers themselves. In any case, a version of the notifier patch was merged for 2.6.17-rc1.

The current form of the API defines three different types of notifiers:

  • Blocking notifiers are always called from process context. The notifier code - along with the notification routines it calls - is allowed to sleep.

  • Atomic notifiers can be called from atomic context, no sleeping allowed.

  • Raw notifiers have no internal locking and no associated rules; they are simply the older form of the notifier API, preserved as a historical relic.

For 2.6.17, all notifier chains have been converted to the blocking or atomic types; there are no users of the raw interface in the mainline kernel. The notifier patch includes no threatening noises about removing the raw interface, but, sooner or later, somebody is likely to come along and want to clean it up. So avoiding raw notifiers is probably a good idea; this article will concentrate on the other two types.

Blocking notifiers are essentially a raw notifier with an rwsem added for mutual exclusion. Any operation on a blocking notifier may, well, block on that rwsem. These notifiers can be created in the usual two ways:

    #include <linux/notifier.h>

    BLOCKING_NOTIFIER_HEAD(my_notifier);

    struct blocking_notifier_head my_notifier;
    BLOCKING_INIT_NOTIFIER_HEAD(my_notifier);

Code which wishes to hook into a blocking notifier should first fill in a notifier_block structure:

    struct notifier_block {
	int (*notifier_call)(struct notifier_block *block, 
                             unsigned long event, 
			     void *data);
 	int priority;
	/* ... */
    };

The notifier_call field should point to the function to be called when something interesting happens; the event and data parameters will be provided by the code generating the event. Notifiers are called in order of increasing priority; the return value from the final notifier called will be passed back to the code signalling the event. Normally, the final notifier is the one with the highest priority value, but any notifier can halt further processing by returning a value with the bit indicated by NOTIFIER_STOP_MASK set. Other than that one bit (currently 0x8000), the return values are arbitrary (as far as the notification code is concerned), but the convenience values NOTIFY_OK ("so far so good"), NOTIFY_STOP ("all is well, but don't call any more notifiers") and NOTIFY_BAD ("stop calling notifiers and veto the proposed action") are available.

Once the code has a notifier_block ready, it should register it with:

    int blocking_notifier_chain_register(struct blocking_notifier_head *chain,
                                         struct notifier_block *nb);

The return value is apparently intended to allow an error status to be returned if the registration fails, but the 2.6.17 version of the code cannot fail.

A blocking notifier can be unregistered with:

    int blocking_notifier_chain_unregister(struct blocking_notifier_head *chain,
                                           struct notifier_block *nb);

This call will return -ENOENT if the given notifier was not actually registered.

Code which wishes to use a blocking notifier chain to signal an event can do so with:

    int blocking_notifier_call_chain(struct blocking_notifier_head *chain,
		                     unsigned long event, 
				     void *data);

This function will call all notifiers in chain (unless one of them stops the process partway through), returning the value from the last notifier called.

Atomic notifiers replace the rwsem with a spinlock; the API is very similar:

    ATOMIC_NOTIFIER_HEAD(my_notifier);

    struct atomic_notifier_head my_notifier;
    ATOMIC_INIT_NOTIFIER_HEAD(my_notifier);

    int atomic_notifier_chain_register(struct atomic_notifier_head *chain,
                                       struct notifier_block *nb);
    int atomic_notifier_chain_unregister(struct atomic_notifier_head *chain,
                                         struct notifier_block *nb);

    int atomic_notifier_call_chain(struct atomic_notifier_head *chain,
		                   unsigned long event, 
				   void *data);

Note that atomic notifiers use the same notifier_block structure as the blocking variety does. Nothing will ever sleep in the atomic notifier code, however, and notifier functions called from an atomic chain are not allowed to sleep either.

As noted above, all notifier chains in the kernel have been changed to one of the above types; any out-of-tree code which uses a kernel chain will have to be updated accordingly. See the explanatory text for the notifier patch for a summary of what type was assigned to each existing chain in the mainline kernel.

Comments (none posted)

The kernel lock validator

Locking is a necessary evil in operating systems; without a solid locking regime, different parts of the system will collide when trying to access the same resources, leading to data corruption and general chaos. But locking has hazards of its own; carelessly implemented locking can cause system deadlocks. As a simple example, consider two locks L1 and L2. Any code which requires both locks must take care to acquire the locks in the right order. If one function acquires L1 before L2, but another function acquires them in the opposite order, eventually the system will find itself in a situation where each function has acquired one lock and is blocked waiting for the other - a deadlock.

A race condition like the one described above may be a one-in-a-million possibility, but, with computers, it does not take too long to exercise a code path a million times. Sooner or later, a system containing this sort of bug will lock up, leaving its users wondering what is going on. To avoid this sort of situation, kernel developers try to define rules for the order in which locks should be acquired. But, in a system with many thousands of locks, defining a comprehensive set of rules is challenging at best, and enforcing them is even harder. So locking bugs creep into the kernel, lurk until some truly inconvenient time, and eventually surprise some unsuspecting user.

Over time, the kernel developers have made increasing use of automated code analysis tools as those tools become available. The latest such is the first version of the lock validator patch, posted by Ingo Molnar. This patch (a 61-part set, actually) adds a complex infrastructure to the kernel which can then be used to prove that none of the locking patterns observed in a running system could ever deadlock the kernel.

To that end, the lock validator must track real locking patterns in the kernel. There is no point, however, in tracking every individual lock - there are thousands of them, but many of them are treated in exactly the same way by the kernel. For example, every inode structure contains a spinlock, as does every file structure. Once the kernel has seen how locking is handled for one inode structure, it knows how it will be handled for every inode structure. So, somehow, the lock validator needs to be able to recognize that all spinlocks contained within (for example) the inode structure are essentially the same.

To this end, every lock in the system (including rwlocks and mutexes, now) is assigned a specific key. For locks which are declared statically (for example, files_lock, which protects the list of open files), the address of the lock is used as the key. Locks which are allocated dynamically (as most locks embedded within structures are) cannot be tracked that way, however; there may be vast numbers of addresses involved, and, in any case, all locks associated with a specific structure field should be mapped to a single key. This is done by recognizing that these locks are initialized at run time, so, for example, spin_lock_init() is redefined as:

    # define spin_lock_init(lock)			\
    do {						\
	static struct lockdep_type_key __key;		\
							\
	__spin_lock_init((lock), #lock, &__key);	\
    } while (0)

Thus, for each lock initialization, this code creates a static variable (__key) and uses its address as the key identifying the type of the lock. Since any particular type of lock tends to be initialized in a single place, this trick associates the same key with every lock of the same type.

Next, the validator code intercepts every locking operation and performs a number of tests:

  • The code looks at all other locks which are already held when a new lock is taken. For all of those locks, the validator looks for a past occurrence where any of them were taken after the new lock. If any such are found, it indicates a violation of locking order rules, and an eventual deadlock.

  • A stack of currently-held locks is maintained, so any lock being released should be at the top of the stack; anything else means that something strange is going on.

  • Any spinlock which is acquired by a hardware interrupt handler can never be held when interrupts are enabled. Consider what happens when this rule is broken. A kernel function, running in process context, acquires a specific lock. An interrupt arrives, and the associated interrupt handler runs on the same CPU; that handler then attempts to acquire the same lock. Since the lock is unavailable, the handler will spin, waiting for the lock to become free. But the handler has preempted the only code which will ever free that lock, so it will spin forever, deadlocking that processor.

    To catch problems of this type, the validator records two bits of information for every lock it knows about: (1) whether the lock has ever been acquired in hardware interrupt context, and (2) whether the lock is ever held by code which runs with hardware interrupts enabled. If both bits are set, the lock is being used erroneously and an error is signaled.

  • Similar tests are made for software interrupts, which present the same problems.

The interrupt tests are relatively straightforward, requiring just four bits of information for each lock (though the situation is a little more complicated for rwlocks). But the ordering tests require a bit more work. For every known lock key, the validator maintains two lists. One of them contains all locks which have ever been held when the lock of interest (call it L) is acquired; it thus contains the keys of all locks which might be acquired before L. The other list (the "after" list) holds all locks acquired while the L is held. These two lists thus encapsulate the proper ordering of how those other locks should be acquired relative to L.

Whenever L is acquired, the validator checks whether any lock on the "after" list associated with L is already held. It should not find any, since all locks on the "after" list should only be acquired after acquiring L. Should it find a lock which should not be held, an error is signaled. The validator code also takes the "after" list of L, connects it with the "before" lists of the currently-held locks, and convinces itself that there are no ordering or interrupt violations anywhere within that chain. If all the tests pass, the validator updates the various "before" and "after" lists and the kernel continues on its way.

Needless to say, all this checking imposes a certain amount of overhead; it is not something which one will want to enable on production kernels. It is not quite as bad as one might expect, however. As the kernel does its thing, the lock validator maintains its stack of currently-held locks. It also generates a 64-bit hash value from that series of locks. Whenever a particular combination of locks is validated, the associated hash value is stored in a table. The next time that lock sequence is encountered, the code can find the associated hash value in the table and know that the checks have already been performed. This hashing speeds the process considerably.

Of course, there are plenty of exceptions to the locking rules as understood by the validator. As a result, a significant portion of the validator patch set is aimed at getting rid of false error reports. For example, the validator normally complains if more than one lock with the same key is held at the same time - doing so is asking for deadlocks. There are situations, however, where this pattern is legitimate. For example, the block subsystem will often lock a block device, then lock a partition within that device. Since the partition also looks like a block device, the validator signals an error. To keep that from happening, the validator implements the notion of lock "subtypes." In this case, locks on partition devices can be marked with a different subtype, allowing their usage to be validated properly. This marking is done by using new versions of the locking functions (spin_lock_nested(), for example) which take a subtype parameter.

The lock validator was added to 2.6.17-rc5-mm1, so interested people can play with it. Waiting for another -mm release might not be a bad idea, however; there has since been a fairly long series of validator fixes posted.

The key point behind all of this is that deadlock situations can be found without having to actually make the kernel lock up. By watching the sequences in which locks are acquired, the validator can extrapolate a much larger set of possible sequences. So, even though a particular deadlock might only happen as the result of unfortunate timing caused by a specific combination of strange hardware, a rare set of configuration options, 220V power, a slightly flaky video controller, Mars transiting through Leo, an old version of gcc, an application which severely stresses the system (yum, say), and an especially bad Darl McBride hair day, the validator has a good chance of catching it. So this code should result in a whole class of bugs being eliminated from the kernel code base; that can only be a good thing.

Comments (36 posted)

Patches and updates

Kernel trees

Core kernel code

Development tools

Device drivers

Documentation

Filesystems and block I/O

Memory management

Networking

Security-related

Miscellaneous

Page editor: Jonathan Corbet

Distributions

Live CDs Part I: Why Do We Care?

May 31, 2006

This article was contributed by Michael J. Hammel

[Editor's note: this is the first in a four-part series; the next installment will appear in the next week or two.]

A live CD is a custom Linux environment that boots and runs entirely from a CD - no hard disk required. Live CDs are used for many purposes, including showcasing desktop distributions, providing useful tools for system recovery, and providing target-specific environments such as games, multimedia, GIS and security. Linux user groups often create demo live CDs for use at trade shows, install fests and other events to show that Linux isn't just a toy for hackers.

The usefulness of a live CD can be compared to the old DOS diskette used to run diagnostics on your PC. Since the floppy drive is a soon to be an extinct beast, technological evolution would have us using CDs for the same purpose. But a CD is to a floppy what a dump truck is to a spoon, and the extra space offers live CD creators nearly limitless options for customization.

There are many live CDs ISO images available for download for end users and developers. One list available from Frozentech.com lists 309 versions. The list shows versions available for varying categories, from desktop replacements to clustering environments and home entertainment. End users need only download an ISO image, burn it to a CD and boot the CD. You'll need to verify that your computer is configured to allow booting from a CD - check your BIOS configuration to be sure. Some live CD's also have minimum hardware requirements. Check the web site for that CD for details.

You might ask yourself why you're going to care about live CDs if you have a running desktop. First, live CDs are useful for specialized environments. A laptop configured for desktop use at home can boot an astronomy based live CD at night for field observations and then during the day at school use an educational live CD. No need to change the desktop configuration for three different environments.

Many live CDs also offer the option of saving user data to USB-attached drives, leaving the hard disk (if available) untouched. This makes a live CD perfect for setting up demonstrations for trade shows, customer contacts and conferences. If your group needs a demonstration of a particular application but you don't know who will give the demonstration or what hardware they will be using, all you need do is set up the live CD to handle the situation.

Second, a live CD can be used for system administration. If you've trashed your boot partition or accidentally overwritten important parts of the filesystem you can use a rescue CD to recover the partition or reinstall the OS without losing your user data. Live CDs can also be used, when appropriate, on public systems that don't offer the environment you need. A library kiosk or Internet cafe might offer you this option, for example.

Finally, live CDs are a good way to work with embedded systems. Embedded systems often have limited memory and little or no local storage. A live CD can be used to test the embedded system or manage it. Imagine a consumer media device that needs customer controlled upgrades. They can download a live CD to their computer, burn the CD and boot it to automatically run an upgrade even if the consumer device is not network connected.

More importantly, technologies used in live CDs often have important relationships with embedded systems. Compressed filesystems, read-only devices, and the use of ramdisks are all issues that are common between the two system types. Learning about live CDs can be a stepping stone into the interesting world of consumer devices.

Creating a live CD

Since a CD can hold around 700MB of data and a typical desktop installation can require more than 10-20GB, it won't be possible to duplicate your entire operating system (much less your personal data files) on a live CD. However, with compression and kernel tricks you can get very close to that.

Creating a personal live CD from your installed desktop is possible using the Linux live Scripts or similar tools. These tools make the assumption that the CD will be used on the same or very similar hardware that you're currently running on. For most desktop environments this is a safe assumption.

Another method is to build your own distribution from source and use it to create your live CD. The best place to learn how to do that is the LinuxFromScratch project. This project provides a recipe-driven process for creating your own Linux distribution from source code inside a directory on your current system. Recipes here include options for doing cross compiled builds of your distribution so that you can use your x86 desktop to build for a different architecture device, like a consumer media box.

Live CD Reviews

While it is possible to create your own live CD, it makes sense to first take a look at a few ready made versions to get an idea of what you can get now and what you might want in your own live CD. In the coming weeks I'll review a series of related live CDs from three different classes: desktop replacements, small footprint and special purpose live CDs. The goal of these reviews is not to compare one against another but to give you some idea of the variety of live CDs that area available so you can make an informed choice when you pick an existing version or take on the challenge of creating your own.

Most of the live CDs that will be reviewed are designed to allow end users to customize them with add-on packages, often packaged in project specific formats, such as compressed filesystem images, that you don't normally use with desktop distributions. I tested each of these on an EPIA M10000 board with 256MB of memory. This is an x86 compatible machine that requires the Via video drivers for both the kernel and X Window System - something that might be a little non-standard - just to see how each CD handles it. I'm also using the Linux Cool Keyboard which looks pretty much like a typical US QWERTY keyboard.

In the reviews I'll be looking for a number of things:

  • Cleanliness - How professional and uncluttered does it appear to the end user?
  • Originality - What makes this live CD unique?
  • On Target - How well does this CD stay true to the target audience?
  • Extensibility - How easy is it to add to this live CD?

Cleanliness is just a matter of taste. I prefer clean boots without much user interaction. Once I login I want to know where to go next to make the best use of the environment. For example, if this is a Games CD, where do I find the list of games and how do I start them? If this is a desktop CD, how clean is the desktop and how easy is it to find applications?

Originality is very important in these reviews. There are literally hundreds of live CD's available on the net. Each of these needs to have something that makes people want to use it. The live CD may be original because it has been targeted at a particular audience. Perhaps the CD boots quickly and offers an easy to use graphical interface that no one else offers. If they all look like a typical Red Hat or SuSE installation, there isn't much reason to choose one over another. Why is this so important? When you have a need for a CD, knowing there are 200 versions that boot to a typical desktop will let you know you can choose any one of them instead of making your own. But if only one CD boots on your TurboNator 3000 processor, maybe you will want to make your own.

Rating the CDs "On Target" value will be subjective - my interpretation of what category this CD belongs in (based in no small part on where FrozenTech.com lists the CD) and how well it stays true to that target. If a small footprint live CD takes up most of memory, that doesn't help with the small footprint problem I may be trying to solve.

Extensibility will be very important for developers and users who need to customize the CD. Most live CDs offer some way to extend the features on the CD. In some cases this will be done at runtime only with changes saved to hard disk or a USB connected storage device. In other cases, the ISO image can be extended with additional packages. The ease of adding new packages, either at runtime or in the ISO image, will determine the value of this rating.

The Chosen Few

If you want to get an early start, here is the list of live CDs I'll be looking at. Note that I've already downloaded these, before publication, so that they didn't have time to try and update just to make me happy.

  1. Desktop Replacements

  2. Small Footprint Systems

  3. Specialized Systems

Comments (7 posted)

New Releases

Musix GNU+Linux 0.40 released

The 0.40 release of Musix GNU+Linux is available. Musix is a Debian-based distribution with a strong emphasis on tools for creating, editing, and listening to music.

Full Story (comments: none)

Turbolinux to Launch FUJI Desktop Linux OS

Turbolinux has announced the launch of its FUJI Desktop Linux operating system. "Designed for optimum desktop and laptop computer performance, Turbolinux's FUJI operating system platform features several tools to facilitate the migration from Windows, including OpenOffice.org, Microsoft Office compatible software, Active Directory Authentication, file sharing, and other communications tools."

Comments (none posted)

Release Candidate for Ubuntu 6.06 LTS is available

A release candidate for Ubuntu 6.06 is available for testing. "The Ubuntu team is proud to announce the Release Candidate for version 6.06 LTS of Ubuntu, Kubuntu and Edubuntu - codenamed "Dapper Drake". The Release Candidate includes installable live Desktop CDs, server images, alternate text-mode installation CDs and an upgrade wizard for users of the current stable release. We consider this release candidate complete, stable and suitable for testing by any user."

Full Story (comments: 5)

Distribution News

Debian 'etch' release update

The Debian release team has sent out an update on the upcoming 'etch' release. The approved goals for that release now include a transition to gcc 4.1, SELinux support, IPv6 support everywhere, a new Python framework, and more. The planned release date of December 4 (2006!) is unchanged. Click below for the full text.

Full Story (comments: 8)

BSP Marathon (or: helping releasing etch in-time)

A report about upcoming Debian Etch bug squashing parties is online. "As you should all know, we had some bug squashing parties before the release of Debian 3.1 "sarge". These were quite effective, especially when they were centered around a meeting in real life. This led me to the proposal of a row of BSP this fall, helping to prepare the release of Etch. Naturally, fixing RC bugs is needed all the time. The BSPs we are planning will be focused on some sub-systems, so to help to release etch, *you* need to fix RC bugs all the time, so finish reading this mail, choose an RC bug and try to fix it!"

Full Story (comments: none)

Release-critical Bugreport for May 26, 2006

The May 26, 2006 Debian Release-critical Bugreport is online with status of the latest bug fixing efforts.

Full Story (comments: none)

Mandriva to ship OpenVZ

Mandriva has sent out a press release proclaiming its plans to include the OpenVZ virtualization mechanism in its Corporate Server 4.0 release. It seems that Mandriva is taking a different tack than a number of other distributors who have been pushing Xen instead.

Comments (none posted)

OpenSUSE build service becomes operational

The openSUSE build service is now operating, despite still being in an "alpha" stage. The build service is a web-based system for building and distributing packages for the openSUSE distribution; it is now being used for KDE, Apache, the kernel, and more.

Full Story (comments: none)

Ubuntu Dapper will have a SPARC Niagara version

Sun and Canonical have announced that the upcoming Ubuntu release ("6.06 LTS" or "Dapper Drake") will include a version for Sun's SPARC "Niagara" architecture. "Through the OpenSPARC initiative (http://www.opensparc.net), Canonical engineering and the Ubuntu community were given open access to the design of the UltraSPARC T1 processor and quickly completed the porting process. The release of the Ubuntu GNU/Linux distribution on UltraSPARC T1 processor-based systems merely ten weeks after the open source release of the chip design point validates the open hardware approach pioneered by SUN with the UltraSPARC T1 processor, and demonstrates the Ubuntu community's excitement at the benefits of Sun's SPARC processor-based CMT architecture for next-generation Web, communications and transactional services." Note that it was David Miller who "quickly completed" much of the kernel porting process.

Comments (2 posted)

Distribution Newsletters

Debian Weekly News

The May 29 issue of the Debian Weekly News is available. This week's topics include desktop layouts, summer of code projects, boot-time optimization, and more.

Full Story (comments: none)

Fedora Weekly News Issue 48

The May 29, 2006 edition of the Fedora Weekly News is online with the following topics: New logo guidelines Available Now, Application for Google's Summer of Code Ended, Invitation to Fedora Documentation Translation, Puplet (Yum Applet) anyone?, OLPC laptop prototype, Fedora Core 5 Review with Screenshots, My desktop OS: Fedora Core 5, Google releases Picasa for Linux, Fedora Weekly Reports 2006-05-22, Fedora Core 4 and 5 Updates, Contributing to Fedora Weekly News and Editor's Blog.

Full Story (comments: none)

Gentoo Weekly Newsletter

The May 29, 2006 edition of the Gentoo Weekly Newsletter is online with the latest Gentoo news.

Full Story (comments: none)

Edubuntu newsletter Issue 01

The first issue of the Edubuntu newsletter has been published. The table of contents includes: Edubuntu 6.06 LTS Release Candidate, Edubuntu is now available via ShipIt, Call for testing of Edubuntu CD images in preparation for release, Brand-new Edubuntu.org website, 2nd meeting of the Edubuntu Council and Edubuntu Summer of Code.

Full Story (comments: none)

Kubuntu Newsletter

The May 27, 2006 edition of the Kubuntu Newsletter is online. "In this newsletter: release candidate, Kubuntu meeting, KOffice 1.5.1, Kubuntu in Rosetta, Adept 2.0, Icecream and the Summer of Code."

Full Story (comments: none)

Minor distribution updates

Call for translations for Dapper using Rosetta

A call for translations has gone out for the Ubuntu distribution. "This week, we imported the last missing translation domain for Dapper and thus, you should be able to translate any package in Dapper's main component using Rosetta. There are a few VERY IMPORTANT packages for translation, these should now show up at the top of the list when you select your language on that page."

Full Story (comments: none)

Package updates

Fedora updates

Updates for Fedora Core 5: apr 1.2.2-7.3 (rebuild with new gcc), dhcdbd-1.15-1.FC5 (bug fix), eclipse-changelog 2.0.4_fc-1 (bug fixes), gcc 4.1.1-1.fc5 (bug fixes and other improvements), hplip 0.9.11-1.2 (bug fix and new documentation), ImageMagick 6.2.5.4-4.2.1.fc5.3 (bug fix), kasumi 2.0-1.fc5 (upstream release), libdv 0.104-3.fc5 (disable problem patch), libstdc++so 7-4.2.0-0.3.20060428.fc5.2 (bug fix), libtiff 3.7.4-7 (apply previous patch), libtool-1.5.22-2.3 (rebuild with new gcc), lsof 4.77-1 (bug fix), mailman 2.1.8-0.FC5.1 (security fixes), openoffice.org-2.0.2-5.12.2 (bug fix and other improvements), squid 2.5.STABLE14-1.FC5 (update to new upstream), vnc-4.1.1-39.fc5 (OpenGL enabled by default).

Updates for Fedora Core 4: mailman 2.1.8-0.FC4.1 (security fixes).

Comments (none posted)

Mandriva updates

Mandriva has announced upgraded netpbm packages that fix some converter crash issues.

Full Story (comments: none)

rPath Linux updates

rPath Linux has announced a maintenance release of Conary. Conary version 1.0.16 includes conary, conary-build, conary-repository and conary-web-common.

Full Story (comments: none)

Slackware Changelog Notice

The Slackware Changelog Notice for May 27, 2006 is online with new Slackware package releases.

Full Story (comments: none)

Trustix updates

Trustix Secure Linux has sent out a bug fix update for ckermit and stunnel.

Full Story (comments: none)

Newsletters and articles of interest

The Gentoo Development Guide

For anybody who has ever wondered what goes into the creation of a Gentoo package: the first version of the Gentoo Development Guide is now online. It contains a great deal of information on how to create ebuilds and the relevant policies.

Comments (4 posted)

Distribution reviews

My desktop OS: Debian Etch (NewsForge)

Flavio Henrique Araque Gurgel reviews Debian Etch in a NewsForge article. "Some people like to work in Linux distributions that are at the cutting edge of technology. Other prefers stability at any cost. I want both, and Debian Testing, codenamed Etch, gives me that. The Debian project's testing tree has up-to-date software along with good stability, since packages are highly tested in the Unstable branch before they move to Testing."

Comments (4 posted)

Page editor: Forrest Cook

Development

Polypaudio, a networked sound server

Polypaudio is a relatively new cross-platform networked sound server project. The first release came out in July, 2004, the software has been released under the Lesser General Public License. "Polypaudio is a networked sound server for Linux and other Unix like operating systems and Microsoft Windows. It is intended to be an improved drop-in replacement for the Enlightened Sound Daemon (ESOUND)." The main function of a sound server is to allow multiple audio applications to simultaneously share the same sound card, the networking capabilities extend this ability across machines.

Some of the main Polypaudio features include:

  • An extensible plugin architecture with support for loadable modules.
  • Compatibility with many popular audio applications.
  • Support for multiple audio sources and sinks.
  • Low-latency operation and support for latency measurement.
  • A zero-copy memory architecture for processor resource efficiency.
  • A command-line interface with scripting capabilities.
  • A sound daemon with command line reconfiguration capabilities.
  • Built-in sample conversion and resampling capabilities.
  • The ability to combine multiple sound cards into one.
  • The ability to synchronize multiple playback streams.
A variety of audio source and sink modules are available, connections are available for: OSS and Alsa sound drivers, JACK, esound, wav files, UNIX FIFOs, UNIX sockets, network tunnels, X11 console bells and more. Other modules are available for dealing with sound control, including automatic volume controls, LIRC infrared remote controls and multimedia keyboards.

The Polypaudio FAQ explains some of the Polypaudio dependencies and compatibilities, and has numerous examples of command-line operations.

Although GNOME/GTK is not required for Polypaudio operation, some GTK-based GUI utilities are provided, including Polypaudio Manager, Polypaudio Volume Meter and Polypaudio Volume Control.

Version 0.9.0 of Polypaudio was announced on May 26, 2006. It now fully matches or improves upon the ESOUND feature set. "This is a major step ahead since we decided to freeze the current API. From now on we will maintain API compatibility (or at least try to). To emphasize this starting with this release the shared library sonames are properly versioned. While Polypaudio 0.9.0 is not API/ABI compatible with 0.8 it is protocol compatible. Other notable changes beyond bug fixing, bug fixing and bug fixing are: a new Open Sound System /dev/dsp wrapper named padsp and a module module-volume-restore have been added."

Polypaudio version 0.9.0 adds new versions of the modules gst-polyp for use with the GStreamer multimedia framework, libao-polyp for Ogg-vorbis support, and xmms-polyp for sinking XMMS media player output.

With its support for a wide variety of popular audio utilities, actively developed code, and broad capabilities, the Polypaudio project fills an important role in Linux-based audio development.

Comments (10 posted)

System Applications

Audio Projects

JACK 0.101.1 Released

Version 0.101.1 of the JACK Audio Connection Kit is out. New features include support for the FreeBob backend and operability on Mactel platforms.

Comments (none posted)

Database Software

MySQL 4.1.20 has been released

Version 4.1.20 of the MySQL dbms has been released. "This is a security fix release for the recent production release family."

Full Story (comments: none)

MySQL 5.0.22 has been released

Version 5.0.22 of the MySQL dbms has been released. "This is a security fix release for the recent production release family."

Full Story (comments: none)

The Future of Perl in PostgreSQL (O'ReillyNet)

Andrew Dunstan discusses the use of Perl and PostgreSQL in part three of an O'Reilly series. "If your PostgreSQL database doesn't do exactly what you want, you can write server-side extensions--in Perl. Andrew Dunstan discusses some of the enhancements to PL/Perl in PostgreSQL 8.0 and 8.1, as well as some of the features he and the rest of the team plan to add."

Comments (none posted)

Interoperability

Samba 3.0.23rc1 Available for Download

Version 3.0.23rc1 of Samba has been announced. "This is the first release candidate of the 3.0.23 code base and is provided for testing purposes only. While close to the final stable release, this snapshot is *not* intended for production servers. Your testing and feedback is greatly appreciated."

Full Story (comments: none)

Mail Software

Apache SpamAssassin 3.1.2 available

Version 3.1.2 of the Apache SpamAssassin email filter has been announced. "3.1.2 includes a large number of bug fixes and documentation updates."

Full Story (comments: none)

MailStripper 1.4.0 released

Version 1.4.0 of MailStripper, an email spam filter, is out. Changes include bug fixes and other improvements.

Full Story (comments: 2)

Security

Sussen 0.22 is available

Version 0.22 of Sussen, a vulnerabilities and configuration issue scanner, is available with new features and bug fixes.

Full Story (comments: none)

Desktop Applications

CAD

PythonCAD release 32 is available

The thirty-second development release of PythonCAD has been announced. "The thirty-second release fixes a configuration problem where the newly added autosplitting feature would not be activated properly or could disable autosplitting in a Layer. A small bug in the reworked splitting code was also fixed, as well as a few other small errors."

Full Story (comments: none)

Data Visualization

PyX 0.9 released

Version 0.9 of PyX, the Python graphics package, has been announced. "This release features a new set of deformers for path manipulations like smoothing, shifting, etc. A new set of extensively documented examples describing various aspects of PyX in a cookbook-like fashion have been written. Type 1 font-stripping is now handled by a newly written Python module. The evaluation of functions for graph plotting is now left to Python. Thereby some obscure data manipulation could be removed from the bar style for handling of nested bar graphs. Transparency is now supported for PDF output. Many more small improvements and bug fixes top off this release."

Comments (none posted)

Desktop Environments

GNOME Software Announcements

The following new GNOME software has been announced this week: You can find more new GNOME software releases at gnomefiles.org.

Comments (none posted)

KDE Software Announcements

The following new KDE software has been announced this week: You can find more new KDE software releases at kde-apps.org.

Comments (none posted)

KDE Commit-Digest (KDE.News)

The May 28, 2006 edition of the KDE Commit-Digest has been announced. "In this week's KDE Commit-Digest: KViewShell gets support for PostScript files. Work begins on Akonadi (the new KDE PIM data storage backend) and amaroK 2.0, with further optimisations to the stable amaroK version. kttsd (the kde-accessibility text-to-speech system) is ported to Phonon. KDELibs is now fully ported to D-BUS. Aesthetic improvements to KSysGuard."

Comments (none posted)

Electronics

gSpiceUI 0.8.55 released

Version 0.8.55 of gSpiceUI, a GUI front end for the GNU-Cap and Ng-Spice circuit simulation engines, is out. has been announced. "This is largely a maintenance release which fixes some problems I came across doing some design work. There are also some enhancements to existing functionality."

Comments (none posted)

Qucs 0.0.9 announced

Version 0.0.9 of Qucs, an integrated circuit simulator, is out. Release details are on the OpenCollector site: "The new release comes with a Russian translation and the GUIs language can be explicitely chosen in the application settings dialog. The digital simulation abilities have been improved by a VHDL text editor and hand-crafted VHDL files can be used as subcircuits. The number of ports of the S-parameter component is no more limited. Components can now be either deactivated as a short or an open. There are some new components such as a coaxial line, a differential voltage probe, a switch, AM- and PM-modulators and a relais. Also many bug-fixes have been incorporated."

Comments (none posted)

Financial Applications

SQL-Ledger 2.6.12 is out

Version 2.6.12 of SQL-Ledger, a web-based accounting package, is out. See the What's New page for release notes.

Comments (none posted)

Games

Balazar Brother 0.2 released

Version 0.2 of Balazar Brother, a 3D puzzle game, is out. "The next world, currently in development, will be... the Pompon forest! It will recall something to Balazar Arkanae 2 players. And here is your first ennemy in the forest: the striking fruit!"

Comments (none posted)

GUI Packages

Lintouch 1.10 released

Version 1.10 of Lintouch has been released. "Lintouch is an opensource HMI software. It lets you design user interfaces for process automation. Lintouch runs on most popular hardware and software platforms, is lightweight and easily extensible." See the release announcement for more information on this version.

Comments (none posted)

Interoperability

Wine 0.9.14 released

Version 0.9.14 of Wine has been announced. Changes include: "Better MS/RPC compatibility, Many fixes to Direct3D shaders, Several improvements to the header control and Lots of bug fixes."

Comments (none posted)

Wine Weekly Newsletter

The May 26, 2006 edition of the Wine Weekly Newsletter has been published. Topics include: Picasa, Wine 0.9.14, LJ Article, Picasa Port to Linux, DirectDraw Patch, Patch Submission Ideas, MSI Problem and Font Issue.

Comments (none posted)

Medical Applications

MirrorMed releases MirrorMed 1.0 RC3 (LinuxMedNews)

LinuxMedNews has an announcement for version 1.0RC3 of MirrorMed, a PHP-based open-source EHR and practice management system. "MirrorMed-1.0RC3 has several new important features. Mostly, the billing workflow has been dramatically improved."

Comments (none posted)

Science

SciPy 0.4.9 released

Version 0.4.9 of SciPy, an open-source library of scientific tools for Python, has been announced. "This version adds support for NumPy version 0.9.8. It also has enhancements to sparse matrices, including a new linear solver module with UMFPACK support, and new support for fitting conditional maximum entropy models. This release also fixes bugs in ndimage, sparse, stats, weave, and other packages."

Comments (none posted)

Web Browsers

Firefox Bon Echo Alpha 3 milestone released

The third Firefox "Bon Echo" alpha has been released. New stuff this time around includes "anti-phishing protection" (testing of web sites against a blacklist, essentially), search changes, and client-side session and permanent storage (fancier, larger cookies).

Full Story (comments: 9)

Languages and Tools

C

GCC 4.1.1 released

Version 4.1.1 of GCC, the GNU Compiler Collection, is out. See the changes document for details on this release.

Comments (2 posted)

Caml

Caml Weekly News

The May 30, 2006 edition of the Caml Weekly News is out with new Caml language articles.

Full Story (comments: none)

HTML

gURLChecker 0.10.0 released

Stable version 0.10.0 of gURLChecker has been announced. "gURLChecker is a graphical web sites checker for GNU/Linux and other POSIX OS. It can work on a whole site, a single local page or a browser bookmarks file."

Comments (none posted)

Lisp

SBCL 0.9.13 released

Version 0.9.13 of Steel Bank Common Lisp has been announced. "This version provides better error reporting, and improves the performance of toplevel form compilation and object file loading."

Full Story (comments: none)

PostScript

AFPL Ghostscript 8.54 announced

Version 8.54 of AFPL Ghostscript has been announced. "Major new features include: The COMPILE_INITS build define now generates a compressed read-only filesystem which is linked into the executable and accessible from the interpreter as a new %rom% iodevice. This both improves installed footprint and allows using the same mechanism for embedding Resource files and fonts as well as postscript library and configuration files. This release also supports the proprietary Luratech JBIG2 and JPEG 2000 libraries."

Comments (none posted)

Python

Python Quick Reference Card 0.55 released

Version 0.55 of the Python Quick Reference Card has been published under a Creative Commons license. "The Python Quick Reference Card (PQRC) aims to provide a printable quick reference documentation for the Python language and some of its main standard libraries (currently for Python 2.4)."

Full Story (comments: 1)

Dr. Dobb's Python-URL!

The May 30, 2006 edition of Dr. Dobb's Python-URL! is online with a new collection of Python article links.

Full Story (comments: none)

Ruby

RubyGems (Linux Journal)

Dirk Elmendorf writes about Ruby Gems in a Linux Journal article. "RubyGems is a system for managing Ruby software libraries. Ruby code packaged in this manner is called a gem. When you find Ruby software you want to use in a project, gems offer a means of downloading, installing and managing the software."

Comments (none posted)

Ruby Weekly News

The May 28, 2006 edition of the Ruby Weekly News is available with new Ruby language articles from the Ruby-talk mailing list.

Comments (none posted)

Tcl/Tk

Dr. Dobb's Tcl-URL!

The May 30, 2006 edition of Dr. Dobb's Tcl-URL! is online with new Tcl/Tk articles and resources.

Full Story (comments: none)

Page editor: Forrest Cook

Linux in the news

Recommended Reading

Firefox snaps at Microsoft's heels (Telegraph)

The Telegraph looks at the Mozilla Foundation, with an emphasis on its finances. "Despite its success, however, Mozilla's fans are becoming increasingly concerned that the organisation is moving away from its altruistic roots and becoming a fully fledged money-making operation. The company makes no secret of the fact that it turns a profit. Firefox uses Google as its preferred search engine partner. When a user carries out a search via the browser's built-in search facility, about 80 per cent of the advertising revenue from any associated hits goes back to Mozilla."

Comments (5 posted)

Macro virus for Staroffice discovered (Techworld)

Techworld is reporting that a macro virus for StarOffice (and thus, presumably, OpenOffice.org) has been found by our old friends at Kaspersky Lab. "The Stardust virus is contained in a StarOffice document that uses macros and then infects a global template. If a user opens a document infected with Stardust, every StarOffice text document, with a '.sxw' extension, or document template, with a '.stw' extension, will be infected..." There is no mention of whether it can propagate through ODF files.

Comments (9 posted)

Trade Shows and Conferences

Day one at FreedomHEC (NewsForge)

Steve R. Hastings covers day one of the FreedomHEC conference on NewsForge. "This morning's activities started with a discussion to set the schedule for the day. Presentations included a lightning overview of SysFS and Udev, presented by Greg Kroah-Hartman; a session on how the kernel development community works, presented by Randy Dunlap; a question and answer session on the Linux SCSI layer with James Bottomley, the kernel maintainer of the SCSI layer; open source rocketry using Linux; and a question and answer session with Kroah-Hartman on how to get a driver added to the stock Linux kernel."

Comments (none posted)

Report from FreedomHEC (NewsForge)

NewsForge reports from the first FreedomHEC conference. "The final session of the first day was a question and answer session with Kroah-Hartman on getting drivers accepted into the Linux kernel. It was a lively session, touching on many areas of kernel development. Kroah-Hartman assured the attendees that kernel developers are interested in their drivers. 'People always say, 'Oh, they won't want my driver; we only ship a few hundred devices per year that use it.' I always tell them that we have device support in the Linux kernel for hardware with only one or two known users. Really, we'll take your driver!'"

Comments (none posted)

Telling Stories at JavaOne (O'ReillyNet)

O'Reilly covers the 2006 JavaOne conference. "JavaOne 2006 left attendees with an incomplete answer to the big question: will Sun open source Java? The answer was better than a definite maybe, but not by much. Daniel Steinberg looks back at the conference, its mixed message, and its many successes outside of the general sessions."

Comments (none posted)

First Day KDE 4 Multimedia Meeting (KDE.News)

Jos Poortvliet reports on day one of the KDE 4 Multimedia Meeting. "In the rainy Netherlands, eighteen KDE hackers have been working in the Annahoeve on Multimedia for the fourth incarnation of KDE. This report outlines the meeting topics, and the results of interesting presentations and explains how KDE developers outbid each others marshmallow records."

Comments (1 posted)

Second Day Multimedia Meeting (KDE.News)

KDE.news reports from the second day of the KDE 4 multimedia meeting. "This article will report on the progress the hackers made yesterday, including the 'why' and 'what' of redesigning and speeding up amaroK, work on the KIO slaves and Phonon."

Comments (none posted)

The Python "Need for Speed" Sprint

Sean Reifschneider has sent us coverage of the Python "Need for Speed" Sprint in Reykjavik, Iceland. "We started the week with the Python 2.5 alpha 2 release candidate being around 10% slower than 2.4.3, the previous stable release. Largely, this slowdown is due to newly added features, particularly a change in the object type of exceptions which is showing a 60% slowdown."

Full Story (comments: 11)

Companies

Google Releases Picasa for Linux (Slashdot)

Slashdot has an announcement for Google's release of Picasa for Linux. "Today I'm pleased to announce that we're making Picasa, our photo management application, available for Linux. This is a pre-beta labs release and since we're still learning on how to best make software for Linux, we're asking that you submit your bugs as you find them. Picasa for Linux uses Wine internally; this shows a bit in the interface, but it works even better than we had hoped." Picasa is not open-source software, see the End User License Agreement for details.

Comments (38 posted)

Novell sells Celerant, focuses on Linux (Linux-Watch)

Linux-Watch notes Novell's sale of its Celerant Consulting management consulting branch to Caledonia Investments. "Now that Celerant is sold, Novell will be better able to focus on its core businesses of Linux and open source; systems, security and identity management; and its renewed interest in workgroup computing. In particular, Novell is looking forward to a summer launch of the next-generation of its SUSE Linux Enterprise 10 for Novell server and desktop systems."

Comments (none posted)

Novell, NCR offer Linux on NCR POS Platforms (CIOL)

CIOL.com covers a partnership between NCR and Novell. "NCR and Novell today announced a global agreement to offer Novell Linux Point of Service on NCR RealPOS retail point-of-sale (POS) terminals. This agreement makes available a software platform and hardware combination for retailers deploying Linux-based POS solutions. NCR's future plans call for offering Novell Linux Point of Service on NCR easypoint kiosks and NCR fastlane self-checkout."

Comments (none posted)

Linux Adoption

Japan to develop and deploy open source "Secure VM"

The Japanese National Information Security Center (NISC) has announced plans to develop an open-source secure virtual machine. "Data breach (especially information leak via virus-infected P2P file-sharing programs) has been a social problem in Japan for these two years, and it seems that to solve it is one of the project's goals. They say it will not just be a research project, but will also be deployed in production environments of governmental organizations. Both Linux and Windows are planned as its guest OSes, but apparently they are assuming that Windows will continue to be used mainly, because they say that they chose to develop "Secure VM" (instead of switching to an open source desktop) "in order to improve security while keeping the existing client environment/UI as much as possible.""

Full Story (comments: 3)

Legal

U.S. PTO smashes JPEG patent (Linux-Watch)

Linux-Watch reports on the rejection of the JPEG patent. "Another attempt to tie down a standard with a patent has gone down in flames. The U.S. Patent and Trademark Office has rejected a patent that Forgent Networks was asserting against the Joint Photographic Experts Group, better known as JPEG, images standard. In the reexamination proceeding initiated late last year by the PUBPAT (Public Patent Foundation), The PTO Office Action released yesterday a finding that the prior art submitted by PUBPAT completely anticipated the broadest claims of the patent, U.S. Patent No. 4,698,672 (the '672 Patent)."

Comments (7 posted)

Could more Eolas-like open source benefactors hurt Microsoft, others? (ZDNet)

Here's a ZDNet blog entry by David Berlind on software patents and free software. "After losing to Eolas, Microsoft, was forced to remove important plug-in functionality from Internet Explorer. Firefox, on the other hand was not. Eolas has turned out to be an open source benefactor, allowing open source developers access to its intellectual property. In other words, in an extremely unusual twist of fate, a patent worked against commercial software and in favor of open source software to the point that the open source software had a distinct usability advantage over commercial alternatives."

Comments (16 posted)

Interviews

Interview: Mark Shuttleworth (451 Group)

The 451 Group (an analyst operation) has done an interview with Ubuntu founder Mark Shuttleworth; the first part of that interview has been published, liberally annotated with comments from the analysts. "For example, in the consumer space, people are very protective about the desktop, but they're not at all protective of the smart phone. So consumer adoption of Linux on the smart phone is enormous - people are absolutely willing to accept the idea that they might use new tools, new pieces of software, new user interfaces and so on, as long as you don't threaten certain key applications that they're comfortable with, that they know and trust."

Comments (none posted)

Interview: Red Hat's open source scholarship challenge (NewsForge)

NewsForge interviews Venkatesh Hariharan about an open-source scholarship challenge in India. "There is no dearth of IT talent in India, but for a country that churns out thousands of IT students every year, the number of Indian contributors in the open source software (OSS) world is disproportionately low, due in part to a lack of proper mentoring. To encourage more students to go into OSS development, the Kanwal Rekhi School of Information Technology (KReSIT) at the Indian Institute of Technology Bombay partners with Red Hat for an open source scholarship challenge each year. Participants, mentored by OSS leaders, get the opportunity to work and collaborate to solve a real-world problem, and the winners get a share of the Rs. 10 lakh (about $22,000) prize."

Comments (none posted)

Resources

Create your own distribution torrents (Linux.com)

Mayank Sharma shows how to distribute an ISO image with bittorrent on Linux.com. "The BitTorrent protocol has revolutionized peer-to-peer (P2P) file sharing. It works by enabling users to download fragments of a large file from other users simultaneously, rather than waiting for one file to complete, thus speeding the download process. As a result, many popular Linux distributions have started releasing their ISOs through torrents, many of which you can find at LinuxTracker. But if your favourite distro doesn't offer a release torrent, why not make your own?"

Comments (none posted)

Runit makes a speedy replacement for init (Linux.com)

Mark Alexander Bain looks at Runit on Linux.com "runit, a Unix init scheme with service supervision written by Gerrit Pape, is a complete replacement for SysVinit. Its key benefits include improved boot speed and ease of use. In the time that it takes you to read this article, you could move from init to runit. In a recent article covering the use of cinit to implement a parallel boot process, I managed to turn a booting time of 2 minutes 54 seconds into 2 minutes 3 seconds -- a massive saving of 51 seconds. By converting the same Linux machine to runit, I was able to reduce booting time to 55 seconds."

Comments (23 posted)

Building a Self-Healing Network (O'ReillyNet)

Greg Retkowski writes about self-healing networks on O'Reilly. "Wouldn't it be nice if your network services could detect their own failures and gracefully restart? Sure, you could have cron or FAM jobs always checking them, but that's so unrefined. Instead, consider Greg Retkowski's solution: building a small Cfengine and NAGIOS combination to detect and recover from failure."

Comments (6 posted)

Reviews

OpenSUSE 10.1 Is Versatile, but Uneven (eWeek)

eWeek reviews OpenSUSE 10.1. "In the past, we've found that SUSE distributions have lagged behind Red Hat and Debian-based distributions in the all-important area of software installation and management. OpenSUSE 10.1 has made some strides in this area, but the system's software management story remains murkier than we'd like."

Comments (1 posted)

Miscellaneous

Google Summer of Code KDE projects (KDE.News)

KDE.News has announced the KDE projects in this year's Google Summer of Code. "KDE is happy to announce the selection of 24 student applications for the Google Summer of Code 2006. This year, Google received a total of 6400 applications worldwide spread across 102 different Open Source organisations. "It looks like we've got some very interesting projects for KDE as a whole, and a good number of projects for KOffice", said Boudewijn Rempt, the maintainer for Krita, celebrating the selection of 4 KOffice student proposals."

Comments (2 posted)

Beyond the Open-Source Hype (Foreign Policy)

Here's a Foreign Policy column arguing that open source software has, perhaps, been oversold. "However, it is misleading to say that open source empowers people in ways proprietary software does not. Both open source and proprietary software allow you to change the behavior of a software program in significant ways without touching the program's source code. The truth is that software authors, whether they work for a large software firm or no one at all, want users to adapt their product to specific locations and needs. Microsoft makes a living out of making its software customizable while still closely guarding its source code." (Thanks to Sami Juvonen).

Comments (7 posted)

Page editor: Forrest Cook

Announcements

Non-Commercial announcements

EFF: Huge Win for Online Journalists' Source Protection

The Electronic Frontier Foundation has announced a the results of a legal ruling that affects online journalists. "A California state appeals court ruled in favor of the Electronic Frontier Foundation's (EFF's) petition on behalf of three online journalists Friday, holding that the online journalists have the same right to protect the confidentiality of their sources as offline reporters do."

Full Story (comments: none)

OLPC hardware details posted

The One Laptop Per Child hardware information page has been updated with a great many details on just what will go into the OLPC package. The most interesting stuff is under the "what makes this system unique" heading; clearly a great deal of thought has gone into the design of this system. "Wireless mesh: Child-child sharing! OLPC Laptops are full-time wireless routers. Mesh networking reduces the need for dedicated infrastructure (e.g. access points and/or cabling), and extends greatly the areas in which machines may be connected to each other and/or to the internet."

Comments (22 posted)

The OLPC developer's program

The One Laptop Per Child effort has a big pile of prototype systems, and they are looking for developers who would like to use them to help with OLPC development. Note the limits of these prototype systems: they are bare circuit boards with a power supply and a connector for a serial console. But, if you would like to play with such a system and help make it work better, the OLPC project may send you one. Have a look at the OLPC developer's program page for information on the systems, a list of tasks that need doing, and instructions on applying for a system.

Comments (1 posted)

Commercial announcements

FUEL Database 1.0 Released

Version 1.0 of FUEL Database, an embedded DBMS for Windows CE/Mobile, Embedded Linux, and VxWorks platforms, is out. "ITTIA plans to support all industry-standard platforms. Developers will be able to develop their application in one operating system environment and, without changing a single line of database code, deploy their application into a different operating system with ease. As a result, they can develop with minimal investment, zero administration, no disruption, and, with ITTIA's reasonable licensing model, gain a competitive edge for their application."

Full Story (comments: 1)

IBM invests in Brazil Linux Tech Center

IBM has announced the investment of $2.2 million in a Brazilian Linux Technology Center. "Developers at IBM's Linux Technology Center in Brazil will work to make Linux better as part of the open source community specializing in developing Linux with cell, power and virtualization technologies. The investment will be used to complete construction of a Linux development laboratory in Hortolândia and expand a second lab in Campinas, on Brazil's Unicamp campus."

Full Story (comments: none)

TimeSys Introduces LinuxLink Subscriptions for Freescale i.MX31

TimeSys has announced the availability of LinuxLink subscriptions for the Freescale Semiconductor i.MX31 multimedia processor. "Collaboration of Nissin Systems and Freescale will enable development of networking products using the state-of-the-art technologies requiring video, audio and mobile technologies, including a network-enabled camera, security camera, IP TV phone, media player, biometrics authentication device and other business equipment. In addition, communication equipment and appliance manufacturers can efficiently develop their custom boards and application software, significantly reducing procurement cost and speeding up development cycle."

Full Story (comments: none)

Win4Lin announces major upgrade to 2000/XP desktop product

Win4Lin has released version 3 of their 2000/XP desktop product. ""Win4Lin Pro 3.0 is an important step forward in both usability and performance. We are pleased to offer the world's fastest and easiest method for installing Windows on a Linux desktop, where users can literally be running Windows XP in less than thirty minutes,” said Leo Reiter, Win4Lin CTO."

Full Story (comments: none)

New Books

Building Scalable Web Sites - O'Reilly's Latest Release

O'Reilly has published the book Building Scalable Web Sites by Cal Henderson.

Full Story (comments: none)

Java I/O, Second Edition - O'Reilly's Latest Release

O'Reilly has published the book Java I/O, Second Edition by Elliotte Rusty Harold.

Full Story (comments: none)

No Starch Press releases "Object Oriented PHP"

No Starch Press has published the book Object Oriented PHP by Peter Lavin.

Full Story (comments: none)

Contests and Awards

SafeDesk Puts Bounties on STS Open-Source Development

The SafeDesk Bounty Program has been launched. "SafeDesk is currently inviting individuals or groups from the FOSS community to participate in making STS Bounty program in an effort to further develop an even better thin-client server solution as a compliment to the LTSP and other server-based solutions. Initial projects not only support the STS project directly, but also support the Debian Live project from which SafeDesk and its engineers have already been contributors."

Full Story (comments: 6)

Education and Certification

LPI promotes Linux Certification within North-East Asia Region

The Linux Professional Institute has announced the holding of Linux certification events and exam labs in Japan and South Korea from May 31 through June 7, 2006.

Full Story (comments: none)

Calls for Presentations

Zend/PHP Conference 2006 Call for Papers

A call for papers has gone out for the 2006 Zend/PHP Conference & Expo. The event takes place from October 29 to November 2, 2006 in San Jose, California. "The conference selection committee will consider all abstracts submitted on or before June 15th, 2006. Notifications will be made by August 1st, 2006."

Comments (none posted)

OSDC Australia CFP

A call for papers has gone out for the Open Source Developers' Conference 2006. The event takes place in Melbourne, Australia on December 5-8, 2006. Proposals are due by July 12.

Full Story (comments: none)

Upcoming Events

Collaborative Technologies Conference announced

CMP Media has announced the session topics for the Collaborative Technologies Conference. The event will take place in Boston, MA on June 19-22, 2006. "During these CTC sessions, industry thought leaders and technology innovators will explore strategies, practices and tools that can help businesses cut costs, increase productivity, reduce time-to-market, align workgroups and create a more streamlined, dynamic organization."

Comments (none posted)

Events: June 1 - July 27, 2006

Date Event Location
June 1 - 3, 20062006 USENIX Annual Technical Conference(Boston Marriott Copley Place)Boston, MA
June 13 - 14, 2006Where 2.0 Conference(Fairmont Hotel San Jose)San Jose, CA
June 13 - 14, 2006Gartner Open Source Summit 2006(Palau de Congressos de Catalunya)Barcelona, Spain
June 14 - 16, 2006New York PHP Conference and Expo 2006(New Yorker Hotel)New York, NY
June 16 - 18, 2006Recon 2006(Plaza Hotel Centre-Ville)Montreal, Canada
June 18 - 23, 2006Ubuntu Developer SummitCharles de Gaulle, Paris, France
June 19 - 22, 2006Collaborative Technologies Conference(Seaport Hotel)Boston, MA
June 22 - 23, 20063rd International GPLv3 ConferenceBarcelona, Spain
June 24 - 25, 2006Free and Open Source Conference(FrOSCon)(St. Augustin)Bonn, Germany
June 24 - 30, 20062006 GNOME Users and Developers European Conference(GUADEC)Catalonia, Spain
June 24 - 25, 2006PHP VikingerSkien, Norway
June 27 - 29, 2006Corporate Channel and Computing Expo(C3)(Jacob K. Javits Convention Center)New York, NY
June 28 - 30, 2006GCC and GNU Toolchain Developers' Summit(Ottawa Congress Centre)Ottawa, Canada
June 29 - July 2, 2006UKUUG Linux Technical Conference(University of Sussex)Brighton, UK
June 30 - July 1, 2006WebTech 2006(Kempinski Hotel Zografski)Sofia, Bulgaria
July 3 - 4, 20063rd European Lisp WorkshopNantes, France
July 3 - 5, 2006EuroPython 2006(CERN)Geneva, Switzerland
July 4 - 8, 20067th Libre Software Meeting(LSM)(Nancy 1 University)Vandoeuvre-les-Nancy, France
July 5 - 8, 2006V Jornades de Programari LliureBarcelona, Spain
July 8 - 9, 2006PostgreSQL Anniversary SummitToronto, Canada
July 10 - 11, 2006Global db4o User Conference(dUC)(Imperial College, South Kensington)London, UK
July 13 - 14, 2006Detection of Intrusions and Malware, and Vulnerability Assessment(DIMVA)Berlin, Germany
July 15 - 16, 2006Crystal Space Conference(University of Aachen)Aachen, Germany
July 16 - 19, 20062nd International Symposium on Free/Open Source Software, Technologies and Content(FOSSTEC 2006)Orlando, Florida, USA
July 19 - 22, 2006Ottawa Linux Symposium 2006(OLS 2006)Ottawa, Canada
July 22 - 23, 2006LugRadio Live(Wolverhampton University)Wolverhampton, UK
July 24 - 28, 2006O'Reilly Open Source Convention(OSCON 2006)Portland, Oregon

Comments (none posted)

Miscellaneous

PSF: Summer of Code projects announced

The Python Software Foundation has announced its 2006 Google Summer of Code projects. "25 projects were been accepted, tying with the Apache Software Foundation for the largest number of funded proposals. The accepted projects include 5 enhancements to the CPython interpreter or standard library, 3 PyPy projects, 3 SciPy projects, and 2 projects relating to the Soya3D library for 3-dimensional graphics."

Full Story (comments: none)

Page editor: Forrest Cook

Copyright © 2006, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds