LWN.net Logo

LWN.net Weekly Edition for March 22, 2007

Linux and flash

As part of your editor's moral duty to be a torment to his children, he requires them to use Linux whenever possible. They have come to realize that Linux works well for almost anything required by their school, but that it is not up to their requirements for fun. The lack of a World of Warcraft client is a big problem, but the lack of solid Flash support seems to be an even bigger one. The YouTube/MySpace lifestyle remains hard to support on Linux; children are unimpressed by our high-quality Theora implementation.

One of the things your editor heard Lawrence Lessig say at Wizards of OS 4 was that video is the communication medium of our time. The free software world needs to better support this channel. In support of this argument, consider that those of us interested in the next U.S. presidential election (a mere year and a half away) may have to resort increasingly to anonymously-posted videos to get our full share of attack advertisements. The best mudslinging will be unavailable to those of us stuck in the text world.

While there are a number of video formats out there, what all of this really comes down to is that we need decent support for Flash. For better or for worse, Flash dominates in a number of areas, including network video and a number of interactive site features. It's not just for really obnoxious advertisements anymore. We do not have decent support for Flash now; that proprietary plugin just does not cut it in the free software world.

The good news is that we're getting closer to the level of support we need. In particular, Benjamin Otte has recently announced that the swfdec Flash player is now able to work with video from YouTube. In general, swfdec has some ground to cover yet; to answer the question of whether swfdec can replace proprietary Flash Benjamin writes:

That really depends on your definition of close. For the definition "implements all of Flash's features" it'll probably not hit 5%. For the definition of "plays all the Flash files on the Web" I think it's 80/20 right now. Swfdec plays 80% of the ads and 20% of the real content.

What's important here is that swfdec has hit a point where it will start to be truly useful; that, in turn, may help to attract more developers to the project. A program which almost works is often more attractive to hack on than something which is just a promise for the future.

Swfdec is not the only Flash-related project out there; Gnash is also working toward a solution to this problem. Gnash would also appear to be at a similar point in development; the project is not quite ready to proclaim YouTube support, but, according to Gnash hacker Rob Savoye, that's a result of different objectives:

I don't want to sound like I'm insulting swfdec, I think it's good there are multiple open source flash players. But swfdec is tweaked to handle primarily YouTube, Gnash handles many more Flash movies correctly. It's a difference in focus.

Given that what we need is one truly good Flash player, one might well wonder what the point of two competing projects is. That is the same question people asked about desktops in the past; at this point it seems clear (to your editor, at least) that the competition between GNOME and KDE has helped to increase the pace of free desktop development and to explore different approaches to the graphical Linux experience. The important thing is to focus on the development and stay away from silly flame wars. To that end, Rob's message contains some good news:

We all spend alot of time talking about Flash internals. [Benjamin's] very happy. We're happy too, because of the discussions of how swfdec and Gnash are implemented, we're learning things from each other's experiences.

If the projects can continue to cooperate and learn from each other, Linux should have a high-quality Flash implementation in short order. If some of the more desktop-oriented distributions were to realize that supporting these projects is very much in their own interest, it could happen even sooner. There are few limits to what a free software project can do once it gets rolling.

A good Flash player is just the beginning, however. If we want free software to have a significant role in the creation of all this content, we need good authoring tools - and those are rather further behind. Another thing Lawrence Lessig urged was the creation of a free software culture for Flash developers, almost all of whom are, for all practical purposes, shipping binaries at this point. Some good free Flash tools, along with increased support for sharing source, could transform the Flash development world - for video and more. We could help to bring freedom to an important communication medium; that would be even better than creating the ability to watch silly videos with free software tools.

Comments (32 posted)

Playing with the N800

Your editor recently decided to pick up a Nokia N800 tablet device. This acquisition wasn't just another case of yielding to the lure of a new gadget - your editor would never do that. Instead, the hope was that the N800 would be useful as a way of getting onto the net and dealing with simple situations without having to haul the laptop everywhere. Besides, such a device is always good for an article or two, at a cost that isn't that much above buying an article from an outside author.

Besides, it's a cool new gadget.

The N800 is, naturally, a Linux-powered device. It has an 800x480 screen, two speakers, and a pop-out camera. There's a headphone jack, a USB port, and two SD memory slots. The device can communicate wirelessly via 802.11 or Bluetooth. Also provided is a stylus which is used for most interaction [N800] with the device; there is a built-in storage slot for the stylus which should help to prevent loss, but it's still nice that Nokia thought to provide a spare as well.

On the connectivity side, the N800 developers have done some nice work. On the first boot, the tablet offers to pair with a Bluetooth-capable phone and set up a GPRS connection automatically. Anybody who has been through the process of setting up a Bluetooth/GPRS link on a Linux system knows that there can be a certain amount of pain involved - and that's before trying to get any real work done over such a painfully slow connection. Having GPRS Just Work is a nice bonus. The tablet also handles WiFi connections easily.

After that, however, a new N800 user might well feel at a bit of a loss. The startup screen includes a Google search bar (the usage of which is entirely straightforward), an RSS reader window with no subscribed feeds, a contact manager window (with no contacts, obviously), and a "Discover Tableteer" window which, when "tapped," opens a web browser on a remarkably static and unhelpful Nokia page. Digging through the menus yields a simple email client. Anybody expecting something that feels like a normal Linux system will be disappointed; there's not a whole lot else there. That can be changed, of course; we'll get to application installation shortly.

The tablet comes packaged with a user's manual, in PDF format, in a large number of languages. The user will not encounter this manual until he or she happens to fire up the file manager and look in the right place, however. The "Discover Tableteer" window does not do much to help a beginning user find this useful document.

Text entry is done through a keyboard which appears at the bottom of the screen; individual letters are approximately 2mm square. In practice, the letters are not hard to hit, and, with a bit of practice, one gets good at entering text quickly. Learning the simple gestures to minimize trips to the shift keys helps a lot. There is another mode where the keyboard expands to fill most of the screen; in this mode, the stylus can be put aside and text can be typed directly with the fingers. It works, and can be nice for extended text input, but your fat-fingered editor had a hard time using it as a real QWERTY keyboard. Finally, the tablet does support handwriting recognition, but your editor has not really had a chance to play with that mode yet.

The web browser is the proprietary Opera application. It works reasonably well for the most part, making good use of the limited display space. Your editor has found it to be not entirely stable; it occasionally hangs and must be restarted. Dragging Google maps around does not work. Pages generally render well, though; the browser is good enough for the sort of work one would want to do on a small tablet device.

Your editor tried the Minimo browser as well. It does not seem to render pages as nicely as Opera, based on some quick tests. It is also far less stable; your editor managed to crash it almost immediately. Still, Minimo will stay on the system in the hope that it gets better; your editor would much prefer to run free software on this system.

There is an application manager which can be used to install more software onto the tablet. The bad news is that it has little to offer out of the box. The good news is that one can go to maemo.org to look for a rather wider variety of software goodies for the device. The bad news is that the majority of those applications, as of this writing, say "missing install" and cannot actually be installed onto a tablet. The good news is that there's still quite a few useful tools available. In short order, your editor was able to equip his tablet with essential utilities like xterm and an ssh client.

The really bad news showed up with some of the other interesting packages, such as vim and gnumeric. The application manager will happily download the packages before popping up a window which says:

Unable to install: some application packages required for the installation are missing.

Such a message would perhaps have been acceptable ten years ago on some distributions. One would not expect to see it on a Debian-based system in 2007. There is no excuse for an "application manager" which is unable to handle dependencies anymore.

The N800 includes a (proprietary) Flash player and a media player as well. As many others have noted, the tablet comes well equipped to handle patent-encumbered formats like MP3 but it cannot play an Ogg file. One can make an argument for minimizing the size of the base system on a resource-limited tablet, but there's no easy way to fill in that gap afterward either. It would appear that installing an Ogg player, at this point in time, would involve downloading the development kit and building the application from source.

In general, the N800 feels a little like an unfinished product. Nokia has created a nice piece of hardware, based (mostly) on free software, and appears to be hoping that the development community will help turn it into a fully capable device. The company's practice of selling tablets to developers at a sharply-reduced price is clearly intended to help make this happen. One can only hope that Nokia succeeds here; the company has done what we really need it to do: made a open, Linux-based device. We certainly have the ability to make it do interesting things from here.

Comments (9 posted)

The road to freedom in the embedded world

March 16, 2007

This article was contributed by Georg Greve

If I had to choose the single moment that defines when the Free Software movement became self-aware, it would be the 1983 publication of the GNU manifesto by Richard Stallman. Despite its age it is amazingly up to date. Free Software has come a long way since that time; creating an alternative by inspiring people to put together the GNU Project piece by piece on a proprietary platform.

Only with the publication of the Linux kernel were people able to see pure Free Software operating systems running on their computers in the 90s. But they were still booting off a proprietary BIOS, and we also saw an increasing tendency to put hardware functionality into proprietary firmware. Only recently have projects such as LinuxBIOS managed to bring more freedom to the BIOS, although notebooks still are problematic. The issue of proprietary firmware is still being worked on, including by the FSF.

Compared to the situation in the personal computer area, embedded devices are still several years behind, but there are people who are working hard to catch up. I recently had the pleasure to learn a little more about this exciting field.

One device that a lot of people have in their homes or offices are routers to connect to the internet. Until not so long ago, these used to be entirely proprietary. That is no longer true. Not only do several vendors provide routers with more or less free firmware based on the Linux kernel, but the OpenWRT project and its younger offspring the FreeWRT project have also made some amazing advances in this area.

However even though FreeWRT has a web interface to build custom firmware online, both are still catching up with the freedom, ubiquity and sophistication of modern GNU/Linux desktop distributions.

There are still problems with hardware compatibility and drivers, as both distributions are still confined to a certain chipset, and locked into the 2.4 Linux kernel series because of proprietary drivers for the wireless card built by Broadcom, a manufacturer that has proven itself to be very uncooperative towards the Free Software community.

Getting rid of these restrictions to freedom is a collaborative effort with many different players, including FSFE's Freedom Task Force, which helped the OpenWRT team to avoid making mistakes in the reverse engineering of the Broadcom wireless driver, such that the result will then be fully usable by all Free Software.

The situation with mobile phones and PDAs is even worse than that of routers. Until very recently it was close to impossible to find mobile phones that were running Free Software and gave the user control over what they were doing.

One of the first companies that tried to answer requests for Free Software mobile phones was Trolltech with their Qtopia Greenphone. Maybe because this was the first time this was tried, and maybe because they didn't consult enough community voices before launching the phone, they made some mistakes. One of them was the overly restrictive EULA terms, which Trolltech quickly corrected after being confronted with the problem.

This was not the only problem. The Greenphone's package management is still proprietary, although that problem can be mitigated by using the ipkg package manager instead. Ultimately it seems that everything but the communication stack can be replaced by Free Software in this way. So the Greenphone was a step in the right direction, but it is not yet good enough.

The interest it raised probably also helped bringing about the OpenMoko phone, which will ship very soon and which is taking another big step toward freedom. Like the Greenphone, the GSM stack remains proprietary, though. Reasons for this appear to be a thicket of cross-licensed patents and regulatory concerns about frequency usage and transmission strength.

Many politicians are concerned that tinkering with these could impair the ability of other people to communicate, including the ability to access emergency services. Their argument is that the potential damage done by tinkering is greater than the damage of not having the freedom to change the code. This is a reincarnation of the old "your freedom to swing your fist ends at my nose" argument, and it is not easily discarded. We need to convince society with good answers to this and because of that, the GSM stack is likely to remain a difficult area for some time.

Depending on when you start to count, it took our community at least 10 years to address the issue of the proprietary BIOS on our PCs, but we did not let this stop us from improving our GNU/Linux Desktops. In the same way I believe we should work to create maximum freedom on mobile phones.

Other possible candidates have been launched by Nokia, namely the 770 and N800 internet tablets. Both devices are running a Linux kernel with a very small GNU/Busybox system using Debian package management.

Because they do not need the GSM stack, these devices might be made entirely free, though unfortunately they are not being shipped that way. They come with the proprietary Opera browser and a Flash player, which are easily uninstalled and can be replaced by a Mozilla port called Minimo; maybe Gnash can be compiled for them as well.

But there is more work waiting to be done: In a sad kind of irony Nokia seems to have chosen the Gtk+ library over Qt because that would allow them to keep part of their helper library for the embedded small screen proprietary. There are also other parts that are still kept proprietary, like the boot loader and battery charging application. They also seem to share the proprietary firmware problem with the personal computer platform. Even the flashing utility is proprietary software at the current point in time.

This has made some people very sceptical. It may even turn out that we will not be able to free these specific devices entirely without Nokia's help on the hardware interfaces, which may never come. But working to free them will inevitably end up providing more freedom, although maybe not on these specific devices. Experience gained can be used in many ways, and Free Software written can be transferred to other platforms.

Like the Greenphone, these Nokia devices provide a substantial step towards freedom, but are not yet good enough. So they have to be seen as an intermediate step towards freedom in the embedded world. Both Trolltech and Nokia deserve praise for making a step into the right direction, as well as constructive criticism on the remaining proprietary parts, which should also be set free.

There are projects that have already gotten very far in this effort for other devices, like the Familiar Project for the iPAQ which, I was told, is now running fully Free Software except for the wireless driver. And there are other devices that seem capable of running Familiar, like the Siemens Simpad, which also spawned its own community project to set it free. So maybe a FreeMaemo.org project is what we need for the Nokia internet tablets.

An essential element in truly achieving freedom in the embedded world will be to further strengthen the Free Software community in this area and enable more Free Software developers to tinker with these devices.

One person who has done extraordinary work in this area is Harald Welte. His signature is also visible all over the OpenMoko project and the way it actively reaches out to build a strong developer community. We need more people like him and the other OpenMoko developers, and I hope you will take a look at their call for GPL'ed wireless drivers and application developers.

We also need to get more of the devices into the hands of capable developers. This is what Armijn Hemel of gpl-violations.org did during FOSDEM 2007 when he gave a bunch of routers to the OpenWRT project so they would have more devices to work with and set free.

Ultimately freedom is not static. It is a process that involves a lot of work. It is also a differential question: There are steps towards more freedom, which are good, and steps towards less freedom, which cause problems -- if not immediately, then in the future. The choices of which direction to take were recently described by FSFLA as "The fifth freedom."

As a community, we have set the personal computer free to a very large extent. We are not yet as far with embedded devices, but there are first signs of the Free Software community growing into this area.

With the possible exception of the GSM stack, I believe we have good reason to expect 100% Free Software devices in the near future by starting from the most free, although imperfect, options available and setting them free entirely.

Through this effort we'll not only see the Free Software community flourish in this area and we are also likely to see more hardware vendors willing to supply the community and people who value their freedom with such devices.

Eventually it will be possible to enter the store and buy such a device running only Free Software out of the box, which is what I really want. And with projects such as the GPE Palmtop Environment we will be able to use the same software environment on different hardware devices; something that is common on personal computers, and a great advantage.

Working for this goal can serve to strengthen Free Software on the desktop, because integration of the mobile devices with desktop computers is an important issue. With Free Software it could be possible to use the same software on both, possibly in different versions and from different vendors. The result would be seamless integration that proprietary software might not be able to achieve across vendor boundaries.

It seems only a question of time until someone picks up on this and offers the combination of freedom and convenience to people. In the end, by walking forward on the road to embedded freedom, we might end up strengthening Free Software overall.

(The author is initiator and president of the Free Software Foundation Europe (FSFE) and his personal blog is available at the Fellowship of FSFE)

Comments (123 posted)

Page editor: Jonathan Corbet

Security

SQL-Ledger and LedgerSMB: a study in security reporting

March 21, 2007

This article was contributed by Jake Edge.

Accounting information is the kind of data that most organizations would want to keep private; it is also information that attackers might be most interested in. Because of that, security vulnerabilities in accounting packages require high visibility and prominent announcements so that users can take the appropriate steps to safeguard their data. Two related accounting systems, SQL-Ledger and LedgerSMB provide an interesting contrast in approaches to security reporting.

SQL-Ledger is a GPL-licensed accounting system first released in 1999; it has a large feature set and a sizable number of happy and loyal users. It is a web-based program, written in Perl that uses an SQL database to store the information. The original intent seems to be a system that lived behind a firewall and was not exposed to the Internet; most of the vulnerabilities reported recently have a much reduced impact behind the firewall. In fact, buried at the end of the FAQ, SQL-Ledger recommends using the web server authentication mechanisms (presumably HTTP Basic Auth for Apache) on top of those provided by SQL-Ledger.

SQL-Ledger is tightly controlled by its creator, Dieter Simader, and he has not encouraged a developer community to spring up around the system. This has caused some users to become frustrated with the pace of development; it doesn't help that the suggested way to get features added more quickly is to pay Simader's company to develop them. In addition, the documentation, user forums and wiki are only available to those who pay for them. There is nothing inherently wrong with doing things this way, but it is quite different than the way most GPL projects operate.

The project continued in this manner for quite some time until a reported session hijacking issue was not handled quickly by Simader. Another user mentioned that the issue had been known for a lot longer as they had reported it nearly a year earlier and, though there had been several releases in the interim, no fix had been made. This incident led directly to the September 2006 fork of the SQL-Ledger code as the LedgerSMB (SMB for 'small-medium business') project.

The LedgerSMB developers have created a project that operates the way open source developers expect, with open documentation, a public source code repository and a willingness to accept patches from anyone interested. They have also been doing an informal security audit of the shared codebase and coordinating security releases with SQL-Ledger. They have released a number of detailed vulnerability reports on the Bugtraq mailing list that cover security updates for both projects.

Visiting each project's homepage is very instructive with regards to the security updates. The SQL-Ledger page makes no mention of updates; one must follow the "What's New" link to see the updates and the descriptions make no mention of the security implications of the release. A user could easily be lulled into thinking that "added %00 check for login to trigger an error" is just a run-of-the-mill bug fix rather than a fix for an arbitrary code execution and authentication bypass bug as described in the report.

The LedgerSMB site, on the other hand, has its news listed on the front page and calls the most recent security release (1.1.10) a fix for "a serious security hole." The users and announce mailing lists both have detailed reports about the problem whereas the SQL-Ledger public user mailing list makes no mention of the new release. One presumes and hopes that the users who have purchased support get some kind of notification from DWS Systems (Simader's company), but the non-paying users need to pay close attention to Bugtraq (or the LedgerSMB site).

In many ways, the contrast between the two mirrors the contrast between how open source and proprietary software projects handle security issues. One disseminates the information far and wide while the other treats it as a public relations black eye and obscures it. DWS Systems is presumably trying to protect its income stream but, by doing it in the way it has, it appears to have alienated a segment of its user base which is now directly competing with the company. Had Simader been more responsive to those issues, there very well might not be a competing project. It will be interesting to see which approach works better in the long term or if both thrive equally.

Comments (5 posted)

Security news

Felten: Too much innovation in the OLPC?

Ed Felten questions the OLPC security model. His problem is not with specifics of the model itself, but rather with an overall sense of second system syndrome. "OLPC needs to be innovative in some areas, but I don't think security is one of them. Sure, it would be nice to have a better security model, but until we know that model is workable in practice, it seems risky to try it out on millions of kids." (LWN covered the OLPC security model in February).

Comments (15 posted)

New vulnerabilities

asterisk: SIP denial of service

Package(s):asterisk CVE #(s):CVE-2007-1306
Created:March 19, 2007 Updated:March 21, 2007
Description: The MU Security Research Team discovered that Asterisk contains a NULL-pointer dereferencing error in the SIP channel when handling request messages. A remote attacker could cause an Asterisk server listening for SIP messages to crash by sending a specially crafted SIP request message.
Alerts:
Gentoo 200703-14 2007-03-16

Comments (2 posted)

inkscape: format string vulnerabilities

Package(s):inkscape CVE #(s):CVE-2007-1463 CVE-2007-1464
Created:March 21, 2007 Updated:April 16, 2007
Description: Inkscape has a format string vulnerability in its URI handling, possibly allowing an attacker to execute code with user privileges via a specially crafted file.

Format string vulnerability in the whiteboard Jabber protocol in Inkscape before 0.45.1 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors.

Alerts:
Gentoo 200704-10 2007-04-16
rPath rPSA-2007-0061-1 2007-03-28
Foresight FLEA-2007-0002-1 2007-03-24
Mandriva MDKSA-2007:069 2007-03-22
Ubuntu USN-438-1 2007-03-20

Comments (none posted)

kernel: multiple vulnerabilities

Package(s):kernel CVE #(s):CVE-2007-0005 CVE-2007-1000
Created:March 15, 2007 Updated:November 14, 2007
Description: The Linux kernel has a boundary error problem with the Omnikey CardMan 4040 driver read and write functions. This can be used to cause a buffer overflow and possible execution or arbitrary code with kernel privileges.

The ipv6_getsockopt_sticky function in net/ipv6/ipv6_sockglue.c is vulnerable to a NULL pointer dereference. Local users can use this to crash the kernel or to disclose kernel memory.

Alerts:
Fedora FEDORA-2007-599 2007-06-21
Ubuntu USN-489-1 2007-07-19
Ubuntu USN-486-1 2007-07-17
Debian DSA-1286-1 2007-05-02
Red Hat RHSA-2007:0169-01 2007-04-30
Mandriva MDKSA-2007:078 2007-04-04
Fedora FEDORA-2007-336 2007-03-14
Fedora FEDORA-2007-335 2007-03-14

Comments (none posted)

libwpd: buffer overflows

Package(s):libwpd CVE #(s):CVE-2007-0002
Created:March 16, 2007 Updated:April 9, 2007
Description: iDefense reported several overflow bugs in libwpd. An attacker could create a carefully crafted Word Perfect file that could cause an application linked with libwpd, such as OpenOffice, to crash or possibly execute arbitrary code if the file was opened by a victim.
Alerts:
Gentoo 200704-07 2007-04-06
Slackware SSA:2007-085-02 2007-03-27
Fedora FEDORA-2007-351 2007-03-19
Fedora FEDORA-2007-350 2007-03-19
Ubuntu USN-437-1 2007-03-19
Debian DSA-1268-1 2007-03-17
Mandriva MDKSA-2007:064 2007-03-16
Mandriva MDKSA-2007:063 2007-03-16
rPath rPSA-2007-0057-1 2007-03-16
Red Hat RHSA-2007:0055-01 2007-03-16

Comments (none posted)

lookup-el: insecure temporary file

Package(s):lookup-el CVE #(s):CVE-2007-0237
Created:March 19, 2007 Updated:December 10, 2007
Description: Tatsuya Kinoshita discovered that Lookup, a search interface to electronic dictionaries on emacsen, creates a temporary file in an insecure fashion when the ndeb-binary feature is used, which allows a local attacker to craft a symlink attack to overwrite arbitrary files.
Alerts:
Gentoo 200712-07 2007-12-09
Debian DSA-1269-1 2007-03-18

Comments (none posted)

LSAT: insecure temporary file creation

Package(s):lsat CVE #(s):
Created:March 19, 2007 Updated:March 21, 2007
Description: LSAT insecurely writes in /tmp with a predictable filename. A local attacker could create symbolic links in the temporary files directory, pointing to a valid file somewhere on the filesystem. When the LSAT script is executed, this would result in the file being overwritten with the rights of the user running the software, which could be the root user.
Alerts:
Gentoo 200703-20 2007-03-18

Comments (none posted)

nas: code execution

Package(s):nas CVE #(s):CVE-2007-1543 CVE-2007-1544 CVE-2007-1545 CVE-2007-1546 CVE-2007-1547
Created:March 21, 2007 Updated:April 24, 2007
Description: The Network Audio System daemon has a number of vulnerabilities which can be exploited to run arbitrary code or force a crash.
Alerts:
Gentoo 200704-20 2007-04-23
rPath rPSA-2007-0067-1 2007-04-04
Foresight FLEA-2007-0007-1 2007-04-03
Ubuntu USN-446-1 2007-03-28
Debian DSA-1273-1 2007-03-27
Mandriva MDKSA-2007:065 2007-03-20

Comments (none posted)

openafs: privilege escalation

Package(s):openafs CVE #(s):CVE-2007-1507
Created:March 21, 2007 Updated:April 3, 2007
Description: The handling of setuid files in the OpenAFS filesystem is flawed in such a way that a sufficiently clever attacker could make an arbitrary executable file to appear to be setuid.
Alerts:
Gentoo 200704-03 2007-04-03
Mandriva MDKSA-2007:066 2007-03-20
Debian DSA-1271-1 2007-03-20

Comments (none posted)

OpenOffice.org: buffer overflow and command execution

Package(s):openoffice.org CVE #(s):CVE-2007-0238 CVE-2007-0239
Created:March 21, 2007 Updated:April 17, 2007
Description: The StarCalc parser in OpenOffice.org suffers from an "easily exploitable" stack overflow which could be exploited (via a malicious document) to execute arbitrary code.

Additionally, there is a failure to escape shell metacharacters in URLs, exposing users to command execution by way of hostile links.

Alerts:
Gentoo 200704-12 2007-04-16
rPath rPSA-2007-0070-1 2007-04-09
Mandriva MDKSA-2007:073 2007-03-29
Foresight FLEA-2007-0004-1 2007-03-29
Ubuntu USN-444-1 2007-03-27
Debian DSA-1270-2 2007-03-28
Fedora FEDORA-2007-376 2007-03-27
Fedora FEDORA-2007-375 2007-03-27
Red Hat RHSA-2007:0069-01 2007-03-22
Red Hat RHSA-2007:0033-01 2007-03-22
SuSE SUSE-SA:2007:023 2007-03-21
Debian DSA-1270-1 2007-03-20

Comments (none posted)

ssh: privilege escalation

Package(s):ssh CVE #(s):CVE-2006-0705
Created:March 15, 2007 Updated:March 21, 2007
Description: The SSH server has a format string vulnerability in the SFTP code for scp2 and sftp2. The accessed filename can be passed to the system log, an unspecified error could allow uncontrolled stack access. Authenticated users may be able to use this to bypass command restrictions or run commands as another user.
Alerts:
Gentoo 200703-13 2007-03-14

Comments (none posted)

webcalendar: missing input sanitizing

Package(s):webcalendar CVE #(s):CVE-2007-1343
Created:March 16, 2007 Updated:March 21, 2007
Description: It was discovered that WebCalendar, a PHP-based calendar application, insufficiently protects an internal variable, which allows remote file inclusion.
Alerts:
Debian DSA-1267-1 2007-03-15

Comments (none posted)

Updated vulnerabilities

amarok: remote code injection

Package(s):amarok CVE #(s):
Created:March 14, 2007 Updated:March 14, 2007
Description: Amarok's Magnatune component suffers from a shell code injection vulnerability exploitable by a hostile remote server.
Alerts:
Gentoo 200703-11 2007-03-13

Comments (none posted)

apache: cross-site scripting

Package(s):apache CVE #(s):CVE-2006-3918
Created:August 9, 2006 Updated:April 4, 2008
Description: From the Red Hat advisory: "A bug was found in Apache where an invalid Expect header sent to the server was returned to the user in an unescaped error message. This could allow an attacker to perform a cross-site scripting attack if a victim was tricked into connecting to a site and sending a carefully crafted Expect header."
Alerts:
SuSE SUSE-SA:2008:021 2008-04-04
Ubuntu USN-575-1 2008-02-04
SuSE SUSE-SA:2006:051 2006-09-08
Debian DSA-1167-1 2005-09-04
Red Hat RHSA-2006:0619-01 2006-08-10
Red Hat RHSA-2006:0618-01 2006-08-08

Comments (none posted)

bind: denial of service

Package(s):bind CVE #(s):CVE-2007-0493 CVE-2007-0494
Created:January 26, 2007 Updated:March 14, 2007
Description: The bind package is vulnerable to two remote denial of service attacks in which attackers can cause the bind daemon to to crash or exit unexpectedly by providing malformed data to the daemon in a DNS request.
Alerts:
Red Hat RHSA-2007:0057-02 2007-03-14
Gentoo 200702-06 2007-02-17
Red Hat RHSA-2007:0044-01 2007-02-06
Ubuntu USN-418-1 2007-02-05
Trustix TSLSA-2007-0005 2007-02-05
Mandriva MDKSA-2007:030 2006-01-30
SuSE SUSE-SA:2007:014 2007-01-30
Fedora FEDORA-2007-147 2007-01-29
Debian DSA-1254-1 2007-01-27
OpenPKG OpenPKG-SA-2007.007 2007-01-29
Slackware SSA:2007-026-01 2007-01-29
rPath rPSA-2007-0021-1 2007-01-25

Comments (none posted)

bluez-utils: hidd vulnerability

Package(s):bluez-utils CVE #(s):CVE-2006-6899
Created:January 16, 2007 Updated:May 14, 2007
Description: hidd in BlueZ (bluez-utils) before 2.25 allows remote attackers to obtain control of the Mouse and Keyboard Human Interface Device (HID) via a certain configuration of two HID (PSM) endpoints, operating as a server, aka HidAttack.
Alerts:
Red Hat RHSA-2007:0065-01 2007-05-14
Ubuntu USN-413-1 2007-01-24
Mandriva MDKSA-2007:014 2006-01-15

Comments (none posted)

bugzilla: multiple vulnerabilities

Package(s):bugzilla CVE #(s):CVE-2006-5453 CVE-2006-5454 CVE-2006-5455
Created:November 10, 2006 Updated:August 28, 2007
Description: Bugzilla has the following vulnerabilities:

Input data passed to various fields is not properly sanitized before being passed back to users.

Users can gain unauthorized access to read attachment descriptions while using diff mode.

HTTP GET and HTTP POST requests can be used to perform unauthorized actions due to improper verification.

Input that is passed to showdependencygraph.cgi is not properly sanitized before being returned to users.

Alerts:
Debian DSA-1208-1 2006-11-11
Gentoo 200611-04 2006-11-09

Comments (none posted)

busybox: insecure password generation

Package(s):busybox CVE #(s):CVE-2006-1058
Created:May 5, 2006 Updated:May 2, 2007
Description: The BusyBox 1.1.1 passwd command does not use a proper salt when generating passwords. This would create an instance where a brute force attack could take very little time.
Alerts:
Red Hat RHSA-2007:0244-02 2007-05-01
Fedora FEDORA-2006-511 2006-05-04
Fedora FEDORA-2006-510 2006-05-04

Comments (2 posted)

cpio: arbitrary code execution

Package(s):cpio CVE #(s):CVE-2005-4268
Created:January 2, 2006 Updated:May 8, 2007
Description: Richard Harms discovered that cpio did not sufficiently validate file properties when creating archives. Files with e. g. a very large size caused a buffer overflow. By tricking a user or an automatic backup system into putting a specially crafted file into a cpio archive, a local attacker could probably exploit this to execute arbitrary code with the privileges of the target user (which is likely root in an automatic backup system).
Alerts:
rPath rPSA-2007-0094-1 2007-05-07
Red Hat RHSA-2007:0245-02 2007-05-01
Ubuntu USN-234-1 2006-01-02

Comments (none posted)

Cyrus-SASL: DIGEST-MD5 Pre-Authentication Denial of Service

Package(s):cyrus-sasl CVE #(s):CVE-2006-1721
Created:April 21, 2006 Updated:September 4, 2007
Description: Cyrus-SASL contains an unspecified vulnerability in the DIGEST-MD5 process that could lead to a Denial of Service. An attacker could possibly exploit this vulnerability by sending specially crafted data stream to the Cyrus-SASL server, resulting in a Denial of Service even if the attacker is not able to authenticate.
Alerts:
Red Hat RHSA-2007:0878-01 2007-09-04
Red Hat RHSA-2007:0795-01 2007-09-04
SuSE SUSE-SA:2006:025 2006-05-05
Fedora FEDORA-2006-515 2006-05-04
Debian DSA-1042-1 2006-04-25
Mandriva MDKSA-2006:073 2006-04-24
Ubuntu USN-272-1 2006-04-24
Gentoo 200604-09 2006-04-21

Comments (none posted)

dovecot: index cache file handling error

Package(s):dovecot CVE #(s):CVE-2006-5973
Created:November 29, 2006 Updated:May 8, 2007
Description: The dovecot IMAP server has an error in its index cache file handling code which could be exploited by an authenticated user to execute arbitrary code. Only servers with the (non-default) mmap_disable=yes option setting are vulnerable.
Alerts:
Fedora FEDORA-2006-1504 2006-12-27
Fedora FEDORA-2006-1396 2006-12-18
rPath rPSA-2006-0220-1 2006-11-30
Ubuntu USN-387-1 2006-11-28

Comments (none posted)

ekiga: format string vulnerability

Package(s):ekiga CVE #(s):CVE-2007-1006 CVE-2007-0999
Created:February 21, 2007 Updated:March 30, 2007
Description: Ekiga contains a format string vulnerability in the code which processes control messages from remote peers.

If a user was running Ekiga and listening for incoming calls, a remote attacker could send a crafted call request, and execute arbitrary code with the user's privileges.

Alerts:
Gentoo 200703-25 2007-03-29
Red Hat RHSA-2007:0087-02 2007-03-14
Mandriva MDKSA-2007:058 2007-03-08
Ubuntu USN-434-1 2007-03-09
Fedora FEDORA-2007-322 2007-03-07
Fedora FEDORA-2007-321 2007-03-07
Ubuntu USN-426-1 2007-02-22
Mandriva MDKSA-2007:044 2007-02-21
Fedora FEDORA-2007-263 2007-02-20
Fedora FEDORA-2007-262 2007-02-20

Comments (none posted)

fail2ban: denial of service

Package(s):fail2ban CVE #(s):CVE-2006-6302
Created:February 16, 2007 Updated:July 30, 2007
Description: fail2ban 0.7.4 and earlier does not properly parse sshd logs file, which allows remote attackers to add arbitrary hosts to the /etc/hosts.deny file and cause a denial of service by adding arbitrary IP addresses to the sshd log file, as demonstrated by logging in to ssh using a login name containing certain strings with an IP address.
Alerts:
Gentoo 200702-05 2007-02-16

Comments (3 posted)

fetchmail: password disclosure and DOS

Package(s):fetchmail CVE #(s):CVE-2006-5867 CVE-2006-5974
Created:January 9, 2007 Updated:March 16, 2007
Description: Fetchmail suffers from a password disclosure vulnerability due to a failure to use secure protocols (advisory) and a denial of service vulnerability (advisory).
Alerts:
SuSE SUSE-SR:2007:004 2007-03-16
Debian DSA-1259-1 2007-02-14
Red Hat RHSA-2007:0018-01 2007-01-31
Slackware SSA:2007-024-01 2007-01-25
Gentoo 200701-13 2007-01-22
Fedora FEDORA-2007-042 2007-01-16
Fedora FEDORA-2007-041 2007-01-16
Mandriva MDKSA-2007:016 2006-01-15
Ubuntu USN-405-1 2007-01-11
rPath rPSA-2007-0003-1 2007-01-09
OpenPKG OpenPKG-SA-2007.004 2007-01-08

Comments (none posted)

ffmpeg: buffer overflows

Package(s):ffmpeg CVE #(s):CVE-2006-4799 CVE-2006-4800
Created:September 14, 2006 Updated:May 28, 2007
Description: the AVI processing code in FFmpeg has a number of buffer overflow vulnerabilities. If an attacker can trick a user into loading a specially crafted crafted AVI, arbitrary code can be executed with the user's privileges.
Alerts:
Gentoo 200609-09 2006-09-13

Comments (2 posted)

freeradius: several vulnerabilities

Package(s):freeradius CVE #(s):CVE-2005-4745 CVE-2005-4746
Created:August 8, 2006 Updated:April 24, 2007
Description: Several remote vulnerabilities have been discovered in freeradius, a high-performance RADIUS server, which may lead to SQL injection or denial of service.
Alerts:
Mandriva MDKSA-2007:092 2007-04-23
Debian DSA-1145-1 2006-08-08

Comments (none posted)

freetype: integer overflows

Package(s):freetype CVE #(s):CVE-2006-0747 CVE-2006-1861 CVE-2006-2493 CVE-2006-2661 CVE-2006-3467
Created:June 8, 2006 Updated:October 10, 2007
Description: The FreeType library has several integer overflow vulnerabilities. If a user can be tricked into installing a specially crafted font file, arbitrary code can be executed with the privilege of the user.
Alerts:
Gentoo 200710-09 2007-10-09
Debian DSA-1178-1 2006-09-16
Ubuntu USN-341-1 2006-09-06
Gentoo 200609-04 2006-09-06
rPath rPSA-2006-0157-1 2006-08-25
Mandriva MDKSA-2006:148 2006-08-24
Red Hat RHSA-2006:0635-01 2006-08-21
Red Hat RHSA-2006:0634-01 2006-08-21
Fedora FEDORA-2006-912 2006-08-14
SuSE SUSE-SA:2006:045 2006-08-01
OpenPKG OpenPKG-SA-2006.017 2006-07-28
Ubuntu USN-324-1 2006-07-27
Slackware SSA:2006-207-02 2006-07-27
Mandriva MDKSA-2006:129 2006-07-20
Gentoo 200607-02 2006-07-09
SuSE SUSE-SA:2006:037 2006-06-27
Mandriva MDKSA-2006:099-1 2006-06-13
Mandriva MDKSA-2006:099 2006-06-12
rPath rPSA-2006-0100-1 2006-06-12
Debian DSA-1095-1 2006-06-10
Ubuntu USN-291-1 2006-06-08

Comments (none posted)

gcc: file overwrite vulnerability

Package(s):gcc CVE #(s):CVE-2006-3619
Created:September 6, 2006 Updated:March 14, 2008
Description: The fastjar utility found in the GNU compiler collection does not perform adequate file path checking, allowing the creation or overwriting of files outside of the current directory tree.
Alerts:
Mandriva MDVSA-2008:066 2007-03-13
Red Hat RHSA-2007:0473-01 2007-06-11
Red Hat RHSA-2007:0220-02 2007-05-01
Debian DSA-1170-1 2006-09-06

Comments (none posted)

gd: buffer overflow

Package(s):gd CVE #(s):CVE-2007-0455
Created:February 7, 2007 Updated:February 28, 2008
Description: The gd graphics library contains a buffer overflow which could enable a remote attacker to execute arbitrary code. Note that various other packages include code from gd and could also be vulnerable.
Alerts:
Red Hat RHSA-2008:0146-01 2008-02-28
Ubuntu USN-473-1 2007-06-11
OpenPKG OpenPKG-SA-2007.016 2007-05-18
Trustix TSLSA-2007-0007 2007-02-13
Fedora FEDORA-2007-150 2007-02-12
Fedora FEDORA-2007-149 2007-02-12
rPath rPSA-2007-0028-1 2007-02-08
Mandriva MDKSA-2007:038 2006-02-06
Mandriva MDKSA-2007:036 2006-02-06
Mandriva MDKSA-2007:035 2006-02-06

Comments (2 posted)

gdb: buffer overflow

Package(s):gdb CVE #(s):CVE-2006-4146
Created:September 15, 2006 Updated:June 12, 2007
Description: A buffer overflow in dwarfread.c and dwarf2read.c debugging code in GNU Debugger (GDB) 6.5 allows user-assisted attackers, or restricted users, to execute arbitrary code via a crafted file with a location block (DW_FORM_block) that contains a large number of operations.
Alerts:
Red Hat RHSA-2007:0469-01 2007-06-11
Red Hat RHSA-2007:0229-02 2007-05-01
Ubuntu USN-356-1 2006-10-02
Fedora FEDORA-2006-975 2006-09-14

Comments (none posted)

gdm: improper file permissions

Package(s):gdm CVE #(s):CVE-2006-1057
Created:April 19, 2006 Updated:May 2, 2007
Description: The .ICEauthority file may be created with the wrong ownership and permissions; gdm 2.14.2 fixes the problem.
Alerts:
Red Hat RHSA-2007:0286-02 2007-05-01
Mandriva MDKSA-2006:083 2006-05-09
Ubuntu USN-278-1 2006-05-03
Debian DSA-1040-1 2006-04-24
Fedora FEDORA-2006-338 2006-04-19

Comments (none posted)

GnuPG: unsigned data injection vulnerability

Package(s):gnupg CVE #(s):CVE-2007-1263
Created:March 6, 2007 Updated:March 30, 2007
Description: Core Security Technologies has reported that GnuPG and GnuPG clients are vulnerable to an unsigned data injection vulnerability.
Alerts:
SuSE SUSE-SA:2007:024 2007-03-30
rPath rPSA-2007-0056-1 2007-03-16
Red Hat RHSA-2007:0107-02 2007-03-14
Debian DSA-1266-1 2007-03-13
Ubuntu USN-432-2 2007-03-13
Mandriva MDKSA-2007:059 2006-03-08
Trustix TSLSA-2007-0009 2007-03-09
Ubuntu USN-432-1 2007-03-08
Slackware SSA:2007-066-01 2007-03-08
Red Hat RHSA-2007:0106-01 2007-03-06

Comments (none posted)

gv: stack-based buffer overflow

Package(s):gv CVE #(s):CVE-2006-5864
Created:November 20, 2006 Updated:April 9, 2007
Description: Stack-based buffer overflow in the ps_gettext function in ps.c for GNU gv 3.6.2, and possibly earlier versions, allows user-assisted attackers to execute arbitrary code via a PostScript (PS) file with certain headers that contain long comments, as demonstrated using the DocumentMedia header.
Alerts:
Gentoo 200704-06 2007-04-06
Gentoo 200703-24 2007-03-26
Debian DSA-1243-1 2006-12-28
Debian DSA-1214-2 2006-12-27
Mandriva MDKSA-2006:229 2006-12-13
rPath rPSA-2006-0230-1 2006-12-12
Fedora FEDORA-2006-1438 2006-12-11
Fedora FEDORA-2006-1437 2006-12-11
Ubuntu USN-390-3 2006-12-06
Ubuntu USN-390-2 2006-12-06
Mandriva MDKSA-2006:214-1 2006-12-04
Ubuntu USN-390-1 2006-11-30
Gentoo 200611-20 2006-11-24
Debian DSA-1214-1 2006-11-20
Mandriva MDKSA-2006:214 2006-11-17

Comments (none posted)

gzip: multiple vulnerabilities

Package(s):gzip CVE #(s):CVE-2006-4334 CVE-2006-4335 CVE-2006-4336 CVE-2006-4337 CVE-2006-4338
Created:September 19, 2006 Updated:June 1, 2007
Description: Tavis Ormandy of the Google Security Team discovered two denial of service flaws in the way gzip expanded archive files. If a victim expanded a specially crafted archive, it could cause the gzip executable to hang or crash.

Tavis Ormandy of the Google Security Team discovered several code execution flaws in the way gzip expanded archive files. If a victim expanded a specially crafted archive, it could cause the gzip executable to crash or execute arbitrary code.

Alerts:
Fedora FEDORA-2007-557 2007-05-31
Gentoo 200611-24 2006-11-28
Fedora-Legacy FLSA:211760 2006-11-13
Fedora FEDORA-2006-989 2006-10-10
SuSE SUSE-SA:2006:056 2006-09-26
Gentoo 200609-13 2006-09-23
Trustix TSLSA-2006-0052 2006-09-22
Mandriva MDKSA-2006:167 2006-09-20
Slackware SSA:2006-262-01 2006-09-20
OpenPKG OpenPKG-SA-2006.020 2006-09-20
Debian DSA-1181-1 2006-09-19
rPath rPSA-2006-0170-1 2006-09-19
Ubuntu USN-349-1 2006-09-19
Red Hat RHSA-2006:0667-01 2006-09-19

Comments (1 posted)

horde-kronolith: local file inclusion

Package(s):horde-kronolith CVE #(s):CVE-2006-6175
Created:January 17, 2007 Updated:March 7, 2008
Description: Kronolith contains a mistake in lib/FBView.php where a raw, unfiltered string is used instead of a sanitized string to view local files. An authenticated attacker could craft an HTTP GET request that uses directory traversal techniques to execute any file on the web server as PHP code, which could allow information disclosure or arbitrary code execution with the rights of the user running the PHP application (usually the webserver user).
Alerts:
Gentoo 200701-11 2007-01-16

Comments (none posted)

imlib2: arbitrary code execution

Package(s):imlib2 CVE #(s):CVE-2006-4806 CVE-2006-4807 CVE-2006-4808 CVE-2006-4809
Created:November 6, 2006 Updated:August 13, 2007
Description: M. Joonas Pihlaja discovered that imlib2 did not sufficiently verify the validity of ARGB, JPG, LBM, PNG, PNM, TGA, and TIFF images. If a user were tricked into viewing or processing a specially crafted image with an application that uses imlib2, the flaws could be exploited to execute arbitrary code with the user's privileges.
Alerts:
Mandriva MDKSA-2007:156 2007-08-10
Gentoo 200612-20 2006-12-20
Fedora FEDORA-EXTRAS-2006-004 2006-11-09
Mandriva MDKSA-2006:198-1 2006-11-06
Mandriva MDKSA-2006:198 2006-11-06
Ubuntu USN-376-2 2006-11-06
Ubuntu USN-376-1 2006-11-03

Comments (none posted)

java: multiple vulnerabilities

Package(s):java CVE #(s):CVE-2006-4339 CVE-2006-4790 CVE-2006-6731 CVE-2006-6736 CVE-2006-6737 CVE-2006-6745
Created:January 18, 2007 Updated:June 8, 2007
Description: java has multiple vulnerabilities, these include: an RSA exponent padding attack vulnerability, two vulnerabilities which allow untrusted applets to access data in other applets, vulnerabilities that involve applets gaining privileges due to serialization bugs in the JRE and buffer overflows in the java image handling routines that can give attackers read/write/execute capabilities for local files.
Alerts:
Gentoo 200705-20 2007-05-26
Red Hat RHSA-2007:0073-01 2007-02-09
Red Hat RHSA-2007:0072-01 2007-02-08
Red Hat RHSA-2007:0062-02 2007-02-07
Gentoo 200701-15 2007-01-22
SuSE SUSE-SA:2007:010 2007-01-18

Comments (1 posted)

kdelibs: denial of service

Package(s):kdelibs CVE #(s):CVE-2007-1308
Created:March 8, 2007 Updated:March 29, 2007
Description: Kdelibs has a denial of service vulnerability that can be triggered in Konqueror's use of KDE JavaScript. A null pointer dereference caused by accessing the content of an iframe with an ftp:// URI in the src attribute can be used to trigger the DOS.
Alerts:
Ubuntu USN-447-1 2007-03-28
Mandriva MDKSA-2007:054 2007-03-08

Comments (none posted)

kdelibs: cross-site scripting

Package(s):kdelibs konqeror CVE #(s):CVE-2007-0537
Created:February 5, 2007 Updated:August 13, 2007
Description: Konqueror 3.5.5 does not properly parse HTML comments, which allows remote attackers to conduct cross-site scripting (XSS) attacks and bypass some XSS protection schemes by embedding certain HTML tags within a comment, a related issue to CVE-2007-0478.
Alerts:
Mandriva MDKSA-2007:157 2007-08-10
Gentoo 200703-10 2007-03-10
rPath rPSA-2007-0052-1 2007-03-07
Ubuntu USN-420-1 2007-02-06
Mandriva MDKSA-2007:031 2007-02-02

Comments (none posted)

kernel: multiple vulnerabilities

Package(s):kernel CVE #(s):CVE-2006-5749 CVE-2006-4814 CVE-2006-6106
Created:January 5, 2007 Updated:May 7, 2008
Description: A security issue has been reported in Linux kernel due to an error in drivers/isdn/i4l/isdn_ppp.c as the "isdn_ppp_ccp_reset_alloc_state()" function never initializes an event timer before scheduling it with the "add_timer()" function.

The mincore function in the kernel does not properly lock access to user space, which has unspecified impact and attack vectors, possibly related to a deadlock.

Another vulnerability has been reported in Linux kernel caused by a boundary error within the handling of incoming CAPI messages in net/bluetooth/cmtp/capi.c. This can be exploited to overwrite certain Kernel data structures.

Alerts:
CentOS CESA-2008:0211 2008-05-07
Red Hat RHSA-2008:0211-01 2008-05-07
Debian DSA-1503 2008-02-22
Debian DSA-1503-2 2008-03-06
SuSE SUSE-SA:2007:035 2007-06-14
SuSE SUSE-SA:2007:053 2007-10-12
Ubuntu USN-416-2 2007-03-01
Ubuntu USN-416-1 2007-02-01
rPath rPSA-2007-0031-1 2007-02-09
Mandriva MDKSA-2007:040 2007-02-07
Red Hat RHSA-2007:0014-01 2007-01-30
Mandriva MDKSA-2007:025 2007-01-23
Fedora FEDORA-2007-058 2007-01-18
Mandriva MDKSA-2007:012 2006-01-12
Trustix TSLSA-2007-0002 2007-01-05

Comments (none posted)

kernel: denial of service

Package(s):kernel CVE #(s):CVE-2006-4623
Created:October 18, 2006 Updated:November 14, 2007
Description: The kernel DVB layer can be caused to crash with maliciously-formatted unidirectional lightweight encapsulation (ULE) data.
Alerts:
Ubuntu USN-489-1 2007-07-19
rPath rPSA-2006-0194-1 2006-10-17

Comments (none posted)

kernel: denial of service

Package(s):kernel CVE #(s):CVE-2006-0007 CVE-2007-0006
Created:February 15, 2007 Updated:November 14, 2007
Description: Linux kernel versions from 2.6.9 to 2.6.20 have a denial of service vulnerability. A remote attacker can cause the key_alloc_serial function's key serial number collision avoidance code to have a null dereference, resulting in a crash.
Alerts:
Fedora FEDORA-2007-599 2007-06-21
Red Hat RHSA-2007:0099-02 2007-03-14
rPath rPSA-2007-0050-1 2007-03-06
Red Hat RHSA-2007:0085-01 2007-02-27
Mandriva MDKSA-2007:047 2007-02-21
Fedora FEDORA-2007-226 2007-02-13
Fedora FEDORA-2007-225 2007-02-13

Comments (1 posted)

kernel: denial of service

Package(s):kernel CVE #(s):CVE-2006-4535 CVE-2006-4538
Created:September 18, 2006 Updated:December 3, 2007
Description: Sridhar Samudrala discovered a local denial of service vulnerability in the handling of SCTP sockets. By opening such a socket with a special SO_LINGER value, a local attacker could exploit this to crash the kernel. (CVE-2006-4535)

Kirill Korotaev discovered that the ELF loader on the ia64 and sparc platforms did not sufficiently verify the memory layout. By attempting to execute a specially crafted executable, a local user could exploit this to crash the kernel. (CVE-2006-4538)

Alerts:
Red Hat RHSA-2007:1049-01 2007-12-03
Mandriva MDKSA-2006:182 2006-10-11
Red Hat RHSA-2006:0689-01 2006-10-05
Debian DSA-1184-2 2006-09-26
Debian DSA-1184-1 2006-09-25
Debian DSA-1183-1 2006-09-25
Ubuntu USN-347-1 2006-09-18

Comments (none posted)

kernel: denial of service by memory consumption

Package(s):kernel CVE #(s):CVE-2006-2936
Created:July 17, 2006 Updated:November 14, 2007
Description: The ftdi_sio driver (usb/serial/ftdi_sio.c) in Linux kernel 2.6.x up to 2.6.17, and possibly later versions, allows local users to cause a denial of service (memory consumption) by writing more data to the serial port than the driver can handle, which causes the data to be queued.
Alerts:
SuSE SUSE-SA:2007:035 2007-06-14
Mandriva MDKSA-2006:151 2006-08-25