LWN.net Weekly Edition for March 29, 2007

The third GPLv3 draft

The original plans had called for the third draft of the GNU General Public License update to come out late last year. Needless to say, things didn't happen that way. Between trying to address concerns raised from various directions and responding to the Microsoft/Novell deal, the Free Software Foundation ended up having to slip its schedule; as a result, eight months have passed since the second draft was released. One could well argue that a major license update should not be made in a hurry, and thus the delays are not problematic. In any case, the wait is over: the new GPLv3 draft is available. In many ways, the draft resembles its predecessors; in others, it has changed significantly. This article will focus on the differences.

One area of conflict has been the anti-DRM provisions. The relatively uncontroversial language stating that GPLv3-licensed works are not "technological measures" has been reworked slightly to give it a more international focus:

The previous draft had been specific to the DMCA, but anti-circumvention laws are a global issue, so this change makes sense.

The "anti-tivoization" provisions have been the source of much of the disagreement over this license. The new draft changes those sections significantly - though the intent remains the same, and people who did not like the previous versions are unlikely to feel better about the new language. In previous drafts, signing keys required to convince hardware to run a given binary were deemed to be part of the source code, and thus a required part of the (required) source distribution. The drafters decided that extending the definition of "source code" in this way was not the best idea. So, instead, we now have "installation information":

The license goes on to say that, if GPLv3-licensed code is shipped as part of a product, the installation instructions must be made available as well. Actually, it's not anywhere near that simple, for a couple of reasons. The first is this concept of a "user product," which is new in this draft:

The actual requirement for the shipping of installation information is:

One might well wonder what is going on here. In the explanation materials sent to LWN with the license draft, the FSF states:

The nature of these innocuous business models is not spelled out. What it comes down to, though, is that gadgets intended to be sold to businesses will be exempt from the "installation instructions" requirements. This seems strange; it may well be businesses which would have the most use for the ability to change the code running in devices they purchase. The FSF has been saying that the right to replace the software in a device is required for true software freedom; why is that right now less important for devices which are not "user products"?

This exemption could prove to be a big loophole. Many years ago, your editor bought a digital audio tape deck. The rules for DAT decks in those days specified that they must implement the "serial copy management system" - a couple of bits in the digital audio data stream which indicated whether another deck was allowed to record that stream or not. It turned out that decks intended for "professional use" were exempt, however - musicians, after all, might actually want to make copies of their work. As far as your editor could tell, the difference between "professional" and "consumer" decks (at the low end, anyway) consisted of a pair of rack-mount ears; "professional" decks were available at the local guitar shop. Anybody could get a SCMS-free deck with little trouble. The exemption for devices which are not "user products" looks similar; with this language, the FSF may well be setting us up for a flood of "business use" gadgets which happen to available at the local big-box technology store.

The "additional terms" section has been simplified a bit. The second draft included the optional requirement that, if the covered code is used to implement a web service, the users should be able to get the source via that service. This requirement, intended to close the "web services loophole," is absent from the third draft.

The termination rules still allow any copyright holder to terminate the license if it is violated. There is a new escape clause, though:

An opportunity to fix a GPL violation is consistent with how the license has been enforced so far.

The patent language has changed significantly as well. The second draft included a covenant not to enforce any relevant patents against recipients of the software; in the third draft, instead, an explicit patent license is granted. This change is apparently intended to make the patent grant language look more like that found in other licenses.

The change which will attract the most attention, though, is the language aimed at the Microsoft/Novell deal; it does not look like anything found elsewhere. It starts by broadening the definition of a "patent license" to include things like covenants not to sue, thus covering the Novell non-license. There is a clause saying that if you distribute covered code under the protection of such a license, you must arrange for all recipients - anywhere - to have the same protection. Then there's this part:

The FSF is still considering whether it should grandfather in deals made before this draft was released.

The restriction to deals involving software companies is strange; it will just cause the next deal to be done by way of a patent-troll corporation. The prohibition only applies if the payments are based on the number of copies distributed, meaning that the next such deal will look like a fixed-sum payment - we will never know how that sum was calculated. There are enough loopholes in this section that it seems unlikely to slow down the next patent shakedown in any significant way. If the grandfather clause is added, it will not even affect Novell, the target of this whole thing.

There is an interesting new exception in this draft:

The posted version of the Affero GPL is version 1; your editor was not able to find any mention of a second version anywhere. The FSF must know something the rest of us are not yet privy to.

Finally, there is explicit support for signing away the right to decide on future license changes to others:

There are various other tweaks - providing source by way of a network server is now officially allowed, for example. In many ways, GPLv3 is shaping up exactly as it was supposed to: it is bringing the license up to contemporary, worldwide standards and is evolving in response to input from the community. Your editor anticipates that the new anti-DRM and anti-Novell language will be the subject of significant criticism, however. They are developing the complex, baroque nature of code which has been repeatedly patched far beyond its original design. That language may require some work yet.

The current plan calls for the FSF to accept comments on this draft for the next 60 days, after which the final draft will be released. One month later - around the end of June - the GPLv3 will become official. The FSF claims to be actively looking for comments, so now is the time for anybody who has remaining concerns to speak up. Regardless of whether certain high-profile projects move to GPLv3, we all will be working with code covered by this new license. It's important that we help the FSF get it right.

Comments (55 posted)

Beryl and Compiz: back together again?

Once upon a time, just over one year ago, the Compiz window manager hit the net. Compiz, which features fancy 3D effects, was the result of some months' worth of behind-closed-doors work at Novell. There was an enthusiastic reception, and others began to hack on the code. It didn't take long, however, before some of those others found that it was hard to get their changes back into the Compiz mainline. Eventually one of those developers, Quinn Storm, got tired of carrying an increasing collection of external patches. The result was a fork, and the Beryl project was created.

These events can be acrimonious, and the Compiz/Beryl fork was no exception. Beryl developers complained that Compiz was run as a Novell fiefdom which was uninterested in patches from the outside. On the Compiz side, Beryl's decision to relicense the code from the MIT license to the GPL meant that code could flow from Compiz to Beryl, but not in the other direction. In early 2007, a Compiz site administrator vandalized Beryl's site, an act which must surely mark a low point in relations between the two projects.

During this time, development on both sides continued, with Beryl quickly developing a reputation for bells, whistles, and an unbelievable number of configuration options. Compiz took a more conservative course, working on getting the core functionality working in a way which seemed, to its core developers, to be right. Despite all of this, the differences between the two code bases are apparently less than one might think. No major architectural change have happened; instead, most of Beryl's additions come in the form of plugins.

Recently, though, the Beryl developers started to ponder some more sweeping changes. According to Robert Carr, the conversation went like this:

The result was that the two projects started talking again. As of this writing, it would appear that Beryl and Compiz have come to an agreement to end the fork and join back into a single project. Should things happen this way, the results for eye-candy fans should be good. There are a few details which need to be worked out first, though.

One of those is licensing. The fact that Beryl's work is licensed under the GPL means that, for the two projects to merge, one of them must be relicensed. It looks like Beryl will be the one to give here, moving its core back to the MIT license. The number of contributors is evidently sufficiently small that this sort of change is still feasible.

Then there is the issue of how to merge the changes in the code. According to Mr. Carr, agreement has been reached on most points, at least with regard to the core changes. In the past, Compiz leader David Reveman has not been receptive to Beryl code:

It seems that the situation is different now:

The merge is probably helped by the Compiz project's plan to split the code into "core" and "extra" modules. Much of what is currently in Beryl will, it seems, slip into compiz-extra with little trouble.

So if licensing and code are not problems, what are the potential sticking points in this merger? It seems that there are two of them: naming and leadership. The Beryl side is pushing for a new name and structure which would enable a clean start for the entire project. Without that, they fear, one side or the other will probably get the short end of the stick. Mr. Reveman responds:

From reading the discussion, one gets the sense that the leadership issues have not yet been the subject of serious discussion. Some sort of project management model will have to be worked out, or the newly merged project will run a risk of falling victim to the same tensions and forking again.

There should be an answer, though. It would be a sad day if these two projects could come together, resolve their technical and licensing differences, then drop the whole thing because they cannot agree on the name. Some great progress has been made on reunifying one of the most unpleasant forks in our community; it seems like the remaining issues must somehow be amenable to a solution.

Comments (8 posted)

Working with raw images on Linux

This article is part of the LWN Grumpy Editor series.

Your editor's exploration of high dynamic range (HDR) techniques inspired one comment suggesting that photographic topics should be avoided in the future if your editor wishes to avoid looking foolish. As it happens, fear of looking foolish would make this particular job almost impossible to do; when one writes for an audience that knows more than the author, occasional foolishness will inevitably result. Even for authors who are not so inherently foolish as your editor. So, foolish or not, here is a followup to the HDR article; this week's topic is working with raw files.

Most digital cameras are set to produce JPEG files; for many applications, such files are more than good enough. But most decent cameras support other formats, and a vendor-specific raw format in particular. The raw format contains something close to what was measured by the sensor, with a minimum of processing in the camera. These files are large, unwieldy, and in a proprietary format, which argues against their use in many situations. But, by virtue of holding the original image data, raw files give the photographer a much wider range of options later on. Much of the processing normally done in the camera (white balance, histogram adjustment, etc.) can be tweaked later on. For this reason, people who do photography for a living often prefer to record in the raw format.

Even for the rest of us, who have no hope of earning a living that way, raw files can keep creative options open. For people who like to play with HDR techniques there is an additional advantage: the camera typically record 12 to 16 bits of data for each channel - rather more than fits into a JPEG file. That, in turn, means that the dynamic range of raw files is significantly higher - assuming, of course, that the camera has a sensor which can meaningfully record data at that resolution. The extra range can be used to increase detail in images in a number of ways, including the use of tone mapping techniques.

Raw file formats are created by camera manufacturers, who generally feel no need to document their work. They will usually sell you a tool for decrypting their raw files - but, strangely enough, Linux support is usually missing from the feature list. Fortunately, the free software world benefits from the work of Dave Coffin, who has set a task for himself:

The result is dcraw, which comes awfully close to meeting that goal. It supports a huge list of cameras, and it does so at a high level of quality - arguably better than the vendor's tools. It is a command-line tool, aimed at batch operation or invocation from other programs; dcraw can be run from a gimp plugin, for example. Just about anything one wants to do with a raw image file is supported by dcraw.

The only downside is that processing raw images can be an interactive process. If one wants to make adjustments, a command-line tool can get tiresome after a while. The answer to that complaint is the UFRaw tool, which is built on dcraw. UFRaw allows adjustment of the white and black points, gamma curve, white balance and more - all with immediate visual feedback. When the desired result is achieved, it can be saved in a number of formats.

UFRaw is not perfect. It's one of those applications that thinks it's clever to remember where the last image was stored and put the next one in the same directory. Your editor, instead, expects programs to default to the directory they were started in, or, failing that, to the directory where the source file was found. It's aggravating to save a file then have to figure out where the application decided to put it. UFRaw is doubly obnoxious in this regard because it immediately exits after saving the file. The non-resizeable window is also annoying. One assumes these little difficulties can be dealt with eventually; meanwhile, the core functionality is good stuff.

What sort of results can one expect? Here are three versions of the window view photo featured in the HDR article:

Original	UFRaw edited	Tone mapped

(See this page for larger versions of the pictures).

Some quick editing with UFRaw was sufficient to bring out a fair amount of detail in the plant in the foreground - though the background lost some contrast as a result. The tone-mapped photo does better at maintaining contrast throughout the frame. The end result is not as complete as the full HDR image (visible here), but it does show that raw files contain information which can be recovered later on to improve the picture. Taking a single raw image is much easier than the full bracketed HDR technique, and it allows tone mapping techniques to be used on subjects which stubbornly refuse to stand still for a few minutes while several shots are taken.

One thing worth noting in conclusion: we should not take our ability to work with raw images for granted. Vendors like Nikon and Sony are known for encrypting their raw formats. The language they use to justify themselves will look most familiar; consider this advisory from Nikon regarding its NEF format:

In other words, photographers are being locked out of their own images for their own benefit. All of the usual counterarguments apply here; photographers might just have their own idea of where there benefit lies. And what happens to those raw images a decade or two from now, when the vendor has long since ceased to support the format and, even if one can find one's single legal backup copy of the software, it refuses to run on currently available systems? Fortunately, we have dcraw, which will document the reading of these formats indefinitely.

So far, vendors' attempts to encrypt raw files have been broken in short order. Chances are that trend will continue. But there is little difference between breaking into a raw image file and turning off the copy protection bits inside a PDF file. The stage is clearly set for an ugly battle, probably involving the DMCA, when some vendor decides to turn nasty.

Photographers have been worried about this issue for a few years now; efforts like the OpenRAW project have been working, with little success, to get camera manufacturers to open up their formats. Adobe has been pushing its Digital Negative format as a standard; it would be a step in the right direction, but this format still has mechanisms for the embedding of vendor "private" information. At this time, there does not seem to be a clear solution in sight. We must deal with cameras just like we deal with many other types of hardware: we have to figure out how it works ourselves.

Comments (13 posted)

Page editor: Jonathan Corbet

Security

Metasploit 3.0

The Metasploit Framework, a popular open source framework for penetration testing and security tool development, has just released its 3.0 version that provides many new features. The framework has been completely rewritten from version 2, moving from Perl to Ruby in the process. In many ways, Metasploit 3 seeks to be the swiss army knife of network vulnerability research and testing, providing a wealth of tools for security researchers.

At its core, Metasploit provides a means to launch an exploit at a particular host, execute the payload and provide a shell that communicates with the payload. The exploits provided with the framework are known vulnerabilities for various operating systems and the payloads are different ways to execute a shell on the exploited machine. This allows users to probe hosts for susceptibility to known attacks and to combine those attacks with different ways of getting a shell in an attempt to avoid firewall and intrusion detection rules. In addition, Metasploit makes it easy to add new payloads and exploits so that a researcher can develop or work with entirely new vulnerabilities using the familiar framework interface.

Once Metasploit has connected to an exploited system, an irb (interactive ruby) shell from within the framework can be used to script access to any accessible process on the remote system. Because it provides a means to read and write the memory of those processes, credentials like passwords could be grabbed or processes could be backdoored in various ways. Another interesting feature allows an attacker to route all Metasploit traffic through a compromised host, potentially bypassing firewalls and routers. This is just a small sample of the tools that are provided; this is a very potent toolkit.

There are two main interfaces to Metasploit, a console interface as well as an AJAX-enabled web interface that is driven with Ruby on Rails. Both provide tab-completion of commands and arguments and are very convenient to use. The web interface, however, feels rather sluggish, even running on the local machine; it is mostly provided to allow demonstrations of using the tool. There is also a command-line interface that can be used from scripts and the like, but the console is the main interface workhorse.

The release comes with both a user and a developer guide and both are quite readable and useful. The developer guide lays out the rationale behind the switch to Ruby which makes for an interesting read. It notes that Windows compatibility was one of the major reasons for the switch, which makes it rather surprising that deficiencies in either Ruby for Windows or Windows itself make some features (the entire console interface for instance) usable only on Linux or other UNIX systems.

Metasploit was already an incredibly useful tool and it would appear that version 3 takes a big step forward. As with all security tools, it can be used for good or ill, but it is most certainly an essential arrow in the quiver of anyone tasked with or interested in computer security.

Comments (3 posted)

New vulnerabilities

cups: denial of service

Package(s):	cups	CVE #(s):	CVE-2007-0720
Created:	March 26, 2007	Updated:	February 7, 2008
Description:	Previous versions of the cups package could be forced to hang via a client "partially negotiating" an ssl connection. In this state, cups would not allow other connections to be made, a denial of service.
Alerts:	Mandriva MDVSA-2008:036 2007-02-06 Mandriva MDKSA-2007:086 2007-04-16 Red Hat RHSA-2007:0123-01 2007-04-16 Gentoo 200703-28 2007-03-31 Foresight FLEA-2007-0003-1 2007-03-25

Comments (none posted)

evolution: format string error

Package(s):	evolution	CVE #(s):	CVE-2007-1002
Created:	March 27, 2007	Updated:	February 27, 2008
Description:	A format string error in the "write_html()" function in calendar/gui/ e-cal-component-memo-preview.c when displaying a memo's categories can potentially be exploited to execute arbitrary code via a specially crafted shared memo containing format specifiers.
Alerts:	SuSE SUSE-SR:2007:015 2007-08-03 Gentoo 200706-02 2007-06-06 Red Hat RHSA-2007:0158-01 2007-05-03 Foresight FLEA-2007-0010-1 2007-04-05 Fedora FEDORA-2007-404 2007-04-04 Fedora FEDORA-2007-393 2007-04-04 Mandriva MDKSA-2007:070 2007-03-27

Comments (1 posted)

file: arbitrary code execution

Package(s):	file	CVE #(s):	CVE-2007-1536
Created:	March 22, 2007	Updated:	May 30, 2007
Description:	The "file" utility incorrectly checks the allocated heap memory size. If a remote attacker can trick a user into looking at specially crafted files with file, arbitrary code can be executed with the user's privileges.
Alerts:	Red Hat RHSA-2007:0391-01 2007-05-30 Slackware SSA:2007-093-01 2007-04-04 Gentoo 200703-26 2007-03-30 Debian DSA-1274-1 2007-04-02 Fedora FEDORA-2007-391 2007-03-30 Red Hat RHSA-2007:0124-01 2007-03-23 Mandriva MDKSA-2007:067 2007-03-22 rPath rPSA-2007-0059-1 2007-03-22 Ubuntu USN-439-1 2007-03-21

Comments (1 posted)

firefox: FTP PASV port-scanning

Package(s):	firefox seamonkey	CVE #(s):	CVE-2007-1562
Created:	March 23, 2007	Updated:	June 4, 2007
Description:	According to this advisory, the FTP protocol includes the PASV (passive) command which is used by Firefox to request an alternate data port. The specification of the FTP protocol allows the server response to include an alternate server address as well, although this is rarely used in practice.
Alerts:	Fedora FEDORA-2007-0066 2007-06-01 Fedora FEDORA-2007-0050 2007-06-01 Fedora FEDORA-2007-0001 2007-06-04 rPath rPSA-2007-0112-1 2007-05-31 Foresight FLEA-2007-0023-1 2007-05-31 Fedora FEDORA-2007-0001 2007-06-01 Fedora FEDORA-2007-0001 2007-06-01 Fedora FEDORA-2007-0001 2007-06-01 Fedora FEDORA-2007-554 2007-05-31 Fedora FEDORA-2007-549 2007-05-31 Fedora FEDORA-2007-549 2007-05-31 Fedora FEDORA-2007-549 2007-05-31 Fedora FEDORA-2007-549 2007-05-31 Red Hat RHSA-2007:0402-01 2007-05-30 Red Hat RHSA-2007:0400-01 2007-05-30 rPath rPSA-2007-0062-1 2007-04-04 Ubuntu USN-443-1 2007-03-27 Foresight FLEA-2007-0001-1 2007-03-22

Comments (1 posted)

mysql: denial of service

Package(s):	mysql	CVE #(s):	CVE-2007-1420
Created:	March 22, 2007	Updated:	May 21, 2008
Description:	MySQL subselect queries using "ORDER BY" can be used by an attacker with access to a MySQL instance in order to create an intermittent denial of service.
Alerts:	Red Hat RHSA-2008:0364-01 2008-05-21 Mandriva MDKSA-2007:139 2007-07-04 rPath rPSA-2007-0107-1 2007-05-23 Gentoo 200705-11 2007-05-08 Ubuntu USN-440-1 2007-03-21

Comments (none posted)

squid: denial of service

Package(s):	squid	CVE #(s):	CVE-2007-1560
Created:	March 23, 2007	Updated:	April 3, 2007
Description:	Due to an internal error Squid-2.6 is vulnerable to a denial of service attack when processing the TRACE request method. This problem allows any client trusted to use the service to perform a denial of service attack on the Squid service.
Alerts:	Red Hat RHSA-2007:0131-01 2007-04-03 Gentoo 200703-27 2007-03-31 SuSE SUSE-SR:2007:005 2007-03-30 Mandriva MDKSA-2007:068 2006-03-22

Comments (none posted)

xmms: BMP handling vulnerability

Package(s):	xmms	CVE #(s):	CVE-2007-0653 CVE-2007-0654
Created:	March 28, 2007	Updated:	July 26, 2011
Description:	xmms suffers from vulnerabilities in its handling of BMP images. Should a hostile image be included in an xmms skin, it could lead to code execution on the user's system.
Alerts:	Fedora FEDORA-2011-9421 2011-07-16 Fedora FEDORA-2011-9413 2011-07-16 Debian DSA-1277-1 2007-04-04 Mandriva MDKSA-2007:071 2007-03-29 Ubuntu USN-445-1 2007-03-27

Comments (none posted)

Updated vulnerabilities

acroread: multiple vulnerabilities

Package(s):	acroread	CVE #(s):	CVE-2006-5857 CVE-2007-0045 CVE-2007-0046
Created:	January 11, 2007	Updated:	October 26, 2009
Description:	Adobes acrobat reader has the following vulnerabilities: The Adobe Reader Plugin has a cross site scripting vulnerability that can be triggered by processes malformed URLs. Arbitrary JavaScript can be served by a malicious web server, leading to a cross-site scripting attack. Maliciously crafted PDF files can be used to trigger two vulnerabilities, if an attacker can trick a user into viewing the files, arbitrary code can be executed with the user's privileges.
Alerts:	SuSE SUSE-SA:2009:049 2009-10-26 Gentoo 200910-03 2009-10-25 Red Hat RHSA-2007:0021-01 2007-01-22 Gentoo 200701-16 2007-01-22 SuSE SUSE-SA:2007:011 2007-01-22 Red Hat RHSA-2007:0017-01 2007-01-11

Comments (1 posted)

apache: cross-site scripting

Package(s):	apache	CVE #(s):	CVE-2006-3918
Created:	August 9, 2006	Updated:	April 4, 2008
Description:	From the Red Hat advisory: "A bug was found in Apache where an invalid Expect header sent to the server was returned to the user in an unescaped error message. This could allow an attacker to perform a cross-site scripting attack if a victim was tricked into connecting to a site and sending a carefully crafted Expect header."
Alerts:	SuSE SUSE-SA:2008:021 2008-04-04 Ubuntu USN-575-1 2008-02-04 SuSE SUSE-SA:2006:051 2006-09-08 Debian DSA-1167-1 2005-09-04 Red Hat RHSA-2006:0619-01 2006-08-10 Red Hat RHSA-2006:0618-01 2006-08-08

Comments (none posted)

asterisk: SIP denial of service

Package(s):	asterisk	CVE #(s):	CVE-2007-1306
Created:	March 19, 2007	Updated:	March 21, 2007
Description:	The MU Security Research Team discovered that Asterisk contains a NULL-pointer dereferencing error in the SIP channel when handling request messages. A remote attacker could cause an Asterisk server listening for SIP messages to crash by sending a specially crafted SIP request message.
Alerts:	Gentoo 200703-14 2007-03-16

Comments (2 posted)

bluez-utils: hidd vulnerability

Package(s):	bluez-utils	CVE #(s):	CVE-2006-6899
Created:	January 16, 2007	Updated:	May 14, 2007
Description:	hidd in BlueZ (bluez-utils) before 2.25 allows remote attackers to obtain control of the Mouse and Keyboard Human Interface Device (HID) via a certain configuration of two HID (PSM) endpoints, operating as a server, aka HidAttack.
Alerts:	Red Hat RHSA-2007:0065-01 2007-05-14 Ubuntu USN-413-1 2007-01-24 Mandriva MDKSA-2007:014 2006-01-15

Comments (none posted)

bugzilla: multiple vulnerabilities

Package(s):	bugzilla	CVE #(s):	CVE-2006-5453 CVE-2006-5454 CVE-2006-5455
Created:	November 10, 2006	Updated:	August 28, 2007
Description:	Bugzilla has the following vulnerabilities: Input data passed to various fields is not properly sanitized before being passed back to users. Users can gain unauthorized access to read attachment descriptions while using diff mode. HTTP GET and HTTP POST requests can be used to perform unauthorized actions due to improper verification. Input that is passed to showdependencygraph.cgi is not properly sanitized before being returned to users.
Alerts:	Debian DSA-1208-1 2006-11-11 Gentoo 200611-04 2006-11-09

Comments (none posted)

busybox: insecure password generation

Package(s):	busybox	CVE #(s):	CVE-2006-1058
Created:	May 5, 2006	Updated:	May 2, 2007
Description:	The BusyBox 1.1.1 passwd command does not use a proper salt when generating passwords. This would create an instance where a brute force attack could take very little time.
Alerts:	Red Hat RHSA-2007:0244-02 2007-05-01 Fedora FEDORA-2006-511 2006-05-04 Fedora FEDORA-2006-510 2006-05-04

Comments (2 posted)

cpio: arbitrary code execution

Package(s):	cpio	CVE #(s):	CVE-2005-4268
Created:	January 2, 2006	Updated:	March 17, 2010
Description:	Richard Harms discovered that cpio did not sufficiently validate file properties when creating archives. Files with e. g. a very large size caused a buffer overflow. By tricking a user or an automatic backup system into putting a specially crafted file into a cpio archive, a local attacker could probably exploit this to execute arbitrary code with the privileges of the target user (which is likely root in an automatic backup system).
Alerts:	CentOS CESA-2010:0145 2010-03-17 Red Hat RHSA-2010:0145-01 2010-03-15 rPath rPSA-2007-0094-1 2007-05-07 Red Hat RHSA-2007:0245-02 2007-05-01 Ubuntu USN-234-1 2006-01-02

Comments (none posted)

vixie-cron: privilege escalation

Package(s):	cron	CVE #(s):	CVE-2006-2607
Created:	May 31, 2006	Updated:	June 1, 2009
Description:	The Vixie cron daemon does not check the return code from setuid(); if that call can be made to fail, a local attacker may be able to execute commands as root.
Alerts:	Ubuntu USN-778-1 2009-06-01 Red Hat RHSA-2006:0539-01 2006-07-12 Gentoo 200606-07 2006-06-09 SuSE SUSE-SA:2006:027 2006-05-31 rPath rPSA-2006-0082-1 2006-05-25

Comments (1 posted)

cscope: buffer overflows

Package(s):	cscope	CVE #(s):	CVE-2006-4262
Created:	October 2, 2006	Updated:	June 16, 2009
Description:	Will Drewry of the Google Security Team discovered several buffer overflows in cscope, a source browsing tool, which might lead to the execution of arbitrary code.
Alerts:	CentOS CESA-2009:1101 2009-06-16 Red Hat RHSA-2009:1101-01 2009-06-15 Gentoo 200610-08 2006-10-20 Debian DSA-1186-1 2006-09-30

Comments (none posted)

cscope: buffer overflows

Package(s):	cscope	CVE #(s):	CVE-2004-2541
Created:	May 22, 2006	Updated:	June 19, 2009
Description:	A buffer overflow in Cscope 15.5, and possibly multiple overflows, allows remote attackers to execute arbitrary code via a C file with a long #include line that is later browsed by the target.
Alerts:	CentOS CESA-2009:1102 2009-06-19 CentOS CESA-2009:1101 2009-06-16 Red Hat RHSA-2009:1102-01 2009-06-15 Red Hat RHSA-2009:1101-01 2009-06-15 Gentoo 200606-10 2006-06-11 Debian DSA-1064-1 2006-05-19

Comments (1 posted)

Cyrus-SASL: DIGEST-MD5 Pre-Authentication Denial of Service

Package(s):	cyrus-sasl	CVE #(s):	CVE-2006-1721
Created:	April 21, 2006	Updated:	September 4, 2007
Description:	Cyrus-SASL contains an unspecified vulnerability in the DIGEST-MD5 process that could lead to a Denial of Service. An attacker could possibly exploit this vulnerability by sending specially crafted data stream to the Cyrus-SASL server, resulting in a Denial of Service even if the attacker is not able to authenticate.
Alerts:	Red Hat RHSA-2007:0878-01 2007-09-04 Red Hat RHSA-2007:0795-01 2007-09-04 SuSE SUSE-SA:2006:025 2006-05-05 Fedora FEDORA-2006-515 2006-05-04 Debian DSA-1042-1 2006-04-25 Mandriva MDKSA-2006:073 2006-04-24 Ubuntu USN-272-1 2006-04-24 Gentoo 200604-09 2006-04-21

Comments (none posted)

dovecot: index cache file handling error

Package(s):	dovecot	CVE #(s):	CVE-2006-5973
Created:	November 29, 2006	Updated:	May 8, 2007
Description:	The dovecot IMAP server has an error in its index cache file handling code which could be exploited by an authenticated user to execute arbitrary code. Only servers with the (non-default) mmap_disable=yes option setting are vulnerable.
Alerts:	Fedora FEDORA-2006-1504 2006-12-27 Fedora FEDORA-2006-1396 2006-12-18 rPath rPSA-2006-0220-1 2006-11-30 Ubuntu USN-387-1 2006-11-28

Comments (none posted)

ekiga: format string vulnerability

Package(s):	ekiga	CVE #(s):	CVE-2007-1006 CVE-2007-0999
Created:	February 21, 2007	Updated:	March 30, 2007
Description:	Ekiga contains a format string vulnerability in the code which processes control messages from remote peers. If a user was running Ekiga and listening for incoming calls, a remote attacker could send a crafted call request, and execute arbitrary code with the user's privileges.
Alerts:	Gentoo 200703-25 2007-03-29 Red Hat RHSA-2007:0087-02 2007-03-14 Mandriva MDKSA-2007:058 2007-03-08 Ubuntu USN-434-1 2007-03-09 Fedora FEDORA-2007-322 2007-03-07 Fedora FEDORA-2007-321 2007-03-07 Ubuntu USN-426-1 2007-02-22 Mandriva MDKSA-2007:044 2007-02-21 Fedora FEDORA-2007-263 2007-02-20 Fedora FEDORA-2007-262 2007-02-20

Comments (none posted)

elinks: arbitrary file access

Package(s):	elinks	CVE #(s):	CVE-2006-5925
Created:	November 16, 2006	Updated:	October 22, 2009
Description:	The elinks text-mode browser has an arbitrary file access vulnerability in the Elinks SMB protocol handler. If a user can be tricked into visiting a specially crafted web page, arbitrary files may be read or written with the user's permissions.
Alerts:	Ubuntu USN-851-1 2009-10-21 Gentoo 200701-27 2007-01-30 OpenPKG OpenPKG-SA-2006.043 2006-12-26 Debian DSA-1240-1 2006-12-21 Gentoo 200612-16 2006-12-14 Debian DSA-1228-1 2006-12-05 Debian DSA-1226-1 2006-12-03 Fedora FEDORA-2006-1278 2006-11-21 Fedora FEDORA-2006-1277 2006-11-21 Mandriva MDKSA-2006:216 2006-11-20 Red Hat RHSA-2006:0742-01 2006-11-15

Comments (none posted)

fail2ban: denial of service

Package(s):	fail2ban	CVE #(s):	CVE-2006-6302
Created:	February 16, 2007	Updated:	July 30, 2007
Description:	fail2ban 0.7.4 and earlier does not properly parse sshd logs file, which allows remote attackers to add arbitrary hosts to the /etc/hosts.deny file and cause a denial of service by adding arbitrary IP addresses to the sshd log file, as demonstrated by logging in to ssh using a login name containing certain strings with an IP address.
Alerts:	Gentoo 200702-05 2007-02-16

Comments (3 posted)

ffmpeg: buffer overflows

Package(s):	ffmpeg	CVE #(s):	CVE-2006-4799 CVE-2006-4800
Created:	September 14, 2006	Updated:	May 28, 2007
Description:	the AVI processing code in FFmpeg has a number of buffer overflow vulnerabilities. If an attacker can trick a user into loading a specially crafted crafted AVI, arbitrary code can be executed with the user's privileges.
Alerts:	Gentoo 200609-09 2006-09-13

Comments (2 posted)

freeradius: several vulnerabilities

Package(s):	freeradius	CVE #(s):	CVE-2005-4745 CVE-2005-4746
Created:	August 8, 2006	Updated:	April 24, 2007
Description:	Several remote vulnerabilities have been discovered in freeradius, a high-performance RADIUS server, which may lead to SQL injection or denial of service.
Alerts:	Mandriva MDKSA-2007:092 2007-04-23 Debian DSA-1145-1 2006-08-08

Comments (none posted)

freetype: integer overflows

Package(s):	freetype	CVE #(s):	CVE-2006-0747 CVE-2006-1861 CVE-2006-2493 CVE-2006-2661 CVE-2006-3467
Created:	June 8, 2006	Updated:	June 1, 2010
Description:	The FreeType library has several integer overflow vulnerabilities. If a user can be tricked into installing a specially crafted font file, arbitrary code can be executed with the privilege of the user.
Alerts:	Gentoo 201006-01 2010-06-01 Fedora FEDORA-2009-5644 2009-05-28 Fedora FEDORA-2009-5558 2009-05-28 CentOS CESA-2009:0329 2009-05-22 Red Hat RHSA-2009:1062-01 2009-05-22 Red Hat RHSA-2009:0329-02 2009-05-22 Gentoo 200710-09 2007-10-09 Debian DSA-1178-1 2006-09-16 Ubuntu USN-341-1 2006-09-06 Gentoo 200609-04 2006-09-06 rPath rPSA-2006-0157-1 2006-08-25 Mandriva MDKSA-2006:148 2006-08-24 Red Hat RHSA-2006:0635-01 2006-08-21 Red Hat RHSA-2006:0634-01 2006-08-21 Fedora FEDORA-2006-912 2006-08-14 SuSE SUSE-SA:2006:045 2006-08-01 OpenPKG OpenPKG-SA-2006.017 2006-07-28 Ubuntu USN-324-1 2006-07-27 Slackware SSA:2006-207-02 2006-07-27 Mandriva MDKSA-2006:129 2006-07-20 Gentoo 200607-02 2006-07-09 SuSE SUSE-SA:2006:037 2006-06-27 Mandriva MDKSA-2006:099-1 2006-06-13 Mandriva MDKSA-2006:099 2006-06-12 rPath rPSA-2006-0100-1 2006-06-12 Debian DSA-1095-1 2006-06-10 Ubuntu USN-291-1 2006-06-08

Comments (none posted)

gcc: file overwrite vulnerability

Package(s):	gcc	CVE #(s):	CVE-2006-3619
Created:	September 6, 2006	Updated:	March 14, 2008
Description:	The fastjar utility found in the GNU compiler collection does not perform adequate file path checking, allowing the creation or overwriting of files outside of the current directory tree.
Alerts:	Mandriva MDVSA-2008:066 2007-03-13 Red Hat RHSA-2007:0473-01 2007-06-11 Red Hat RHSA-2007:0220-02 2007-05-01 Debian DSA-1170-1 2006-09-06

Comments (none posted)

gd: buffer overflow

Package(s):	gd	CVE #(s):	CVE-2007-0455
Created:	February 7, 2007	Updated:	November 18, 2009
Description:	The gd graphics library contains a buffer overflow which could enable a remote attacker to execute arbitrary code. Note that various other packages include code from gd and could also be vulnerable.
Alerts:	Debian DSA-1936-1 2009-11-17 Red Hat RHSA-2008:0146-01 2008-02-28 Ubuntu USN-473-1 2007-06-11 OpenPKG OpenPKG-SA-2007.016 2007-05-18 Trustix TSLSA-2007-0007 2007-02-13 Fedora FEDORA-2007-150 2007-02-12 Fedora FEDORA-2007-149 2007-02-12 rPath rPSA-2007-0028-1 2007-02-08 Mandriva MDKSA-2007:038 2006-02-06 Mandriva MDKSA-2007:036 2006-02-06 Mandriva MDKSA-2007:035 2006-02-06

Comments (2 posted)

gdb: buffer overflow

Package(s):	gdb	CVE #(s):	CVE-2006-4146
Created:	September 15, 2006	Updated:	June 12, 2007
Description:	A buffer overflow in dwarfread.c and dwarf2read.c debugging code in GNU Debugger (GDB) 6.5 allows user-assisted attackers, or restricted users, to execute arbitrary code via a crafted file with a location block (DW_FORM_block) that contains a large number of operations.
Alerts:	Red Hat RHSA-2007:0469-01 2007-06-11 Red Hat RHSA-2007:0229-02 2007-05-01 Ubuntu USN-356-1 2006-10-02 Fedora FEDORA-2006-975 2006-09-14

Comments (none posted)

gdm: improper file permissions

Package(s):	gdm	CVE #(s):	CVE-2006-1057
Created:	April 19, 2006	Updated:	May 2, 2007
Description:	The .ICEauthority file may be created with the wrong ownership and permissions; gdm 2.14.2 fixes the problem.
Alerts:	Red Hat RHSA-2007:0286-02 2007-05-01 Mandriva MDKSA-2006:083 2006-05-09 Ubuntu USN-278-1 2006-05-03 Debian DSA-1040-1 2006-04-24 Fedora FEDORA-2006-338 2006-04-19

Comments (none posted)

gedit: format string vulnerability

Package(s):	gedit	CVE #(s):	CAN-2005-1686
Created:	June 9, 2005	Updated:	February 5, 2009
Description:	A format string vulnerability has been discovered in gedit. Calling the program with specially crafted file names caused a buffer overflow, which could be exploited to execute arbitrary code with the privileges of the gedit user.
Alerts:	Fedora FEDORA-2009-1189 2009-01-29 Fedora FEDORA-2009-1187 2009-01-29 Debian DSA-753-1 2005-07-12 Mandriva MDKSA-2005:102 2005-06-15 Red Hat RHSA-2005:499-01 2005-06-13 Gentoo 200506-09 2005-06-11 Ubuntu USN-138-1 2005-06-09

Comments (1 posted)

GnuPG: unsigned data injection vulnerability

Package(s):	gnupg	CVE #(s):	CVE-2007-1263
Created:	March 6, 2007	Updated:	March 30, 2007
Description:	Core Security Technologies has reported that GnuPG and GnuPG clients are vulnerable to an unsigned data injection vulnerability.
Alerts:	SuSE SUSE-SA:2007:024 2007-03-30 rPath rPSA-2007-0056-1 2007-03-16 Red Hat RHSA-2007:0107-02 2007-03-14 Debian DSA-1266-1 2007-03-13 Ubuntu USN-432-2 2007-03-13 Mandriva MDKSA-2007:059 2006-03-08 Trustix TSLSA-2007-0009 2007-03-09 Ubuntu USN-432-1 2007-03-08 Slackware SSA:2007-066-01 2007-03-08 Red Hat RHSA-2007:0106-01 2007-03-06

Comments (none posted)

grip: buffer overflow

Package(s):	grip	CVE #(s):	CAN-2005-0706
Created:	March 10, 2005	Updated:	November 19, 2008
Description:	Grip, a CD ripper, has a buffer overflow vulnerability that can occur when the CDDB server returns more than 16 matches.
Alerts:	Fedora FEDORA-2008-9604 2008-11-19 Fedora FEDORA-2008-9521 2008-11-19 Fedora-Legacy FLSA:152919 2005-09-15 Mandriva MDKSA-2005:074 2005-04-20 Mandriva MDKSA-2005:075 2005-04-20 Gentoo 200504-07 2005-04-08 Mandrake MDKSA-2005:066 2005-04-01 Red Hat RHSA-2005:304-01 2005-03-28 Gentoo 200503-21 2005-03-17 Fedora FEDORA-2005-203 2005-03-09 Fedora FEDORA-2005-202 2005-03-09

Comments (none posted)

gv: stack-based buffer overflow

Package(s):	gv	CVE #(s):	CVE-2006-5864
Created:	November 20, 2006	Updated:	April 9, 2007
Description:	Stack-based buffer overflow in the ps_gettext function in ps.c for GNU gv 3.6.2, and possibly earlier versions, allows user-assisted attackers to execute arbitrary code via a PostScript (PS) file with certain headers that contain long comments, as demonstrated using the DocumentMedia header.
Alerts:	Gentoo 200704-06 2007-04-06 Gentoo 200703-24 2007-03-26 Debian DSA-1243-1 2006-12-28 Debian DSA-1214-2 2006-12-27 Mandriva MDKSA-2006:229 2006-12-13 rPath rPSA-2006-0230-1 2006-12-12 Fedora FEDORA-2006-1438 2006-12-11 Fedora FEDORA-2006-1437 2006-12-11 Ubuntu USN-390-3 2006-12-06 Ubuntu USN-390-2 2006-12-06 Mandriva MDKSA-2006:214-1 2006-12-04 Ubuntu USN-390-1 2006-11-30 Gentoo 200611-20 2006-11-24 Debian DSA-1214-1 2006-11-20 Mandriva MDKSA-2006:214 2006-11-17

Comments (none posted)

gzip: multiple vulnerabilities

Package(s):	gzip	CVE #(s):	CVE-2006-4334 CVE-2006-4335 CVE-2006-4336 CVE-2006-4337 CVE-2006-4338
Created:	September 19, 2006	Updated:	January 20, 2010
Description:	Tavis Ormandy of the Google Security Team discovered two denial of service flaws in the way gzip expanded archive files. If a victim expanded a specially crafted archive, it could cause the gzip executable to hang or crash. Tavis Ormandy of the Google Security Team discovered several code execution flaws in the way gzip expanded archive files. If a victim expanded a specially crafted archive, it could cause the gzip executable to crash or execute arbitrary code.
Alerts:	Debian DSA-1974-1 2010-01-20 Fedora FEDORA-2007-557 2007-05-31 Gentoo 200611-24 2006-11-28 Fedora-Legacy FLSA:211760 2006-11-13 Fedora FEDORA-2006-989 2006-10-10 SuSE SUSE-SA:2006:056 2006-09-26 Gentoo 200609-13 2006-09-23 Trustix TSLSA-2006-0052 2006-09-22 Mandriva MDKSA-2006:167 2006-09-20 Slackware SSA:2006-262-01 2006-09-20 OpenPKG OpenPKG-SA-2006.020 2006-09-20 Debian DSA-1181-1 2006-09-19 rPath rPSA-2006-0170-1 2006-09-19 Ubuntu USN-349-1 2006-09-19 Red Hat RHSA-2006:0667-01 2006-09-19

Comments (1 posted)

horde-kronolith: local file inclusion

Package(s):	horde-kronolith	CVE #(s):	CVE-2006-6175
Created:	January 17, 2007	Updated:	March 7, 2008
Description:	Kronolith contains a mistake in lib/FBView.php where a raw, unfiltered string is used instead of a sanitized string to view local files. An authenticated attacker could craft an HTTP GET request that uses directory traversal techniques to execute any file on the web server as PHP code, which could allow information disclosure or arbitrary code execution with the rights of the user running the PHP application (usually the webserver user).
Alerts:	Gentoo 200701-11 2007-01-16

Comments (none posted)

imlib2: arbitrary code execution

Package(s):	imlib2	CVE #(s):	CVE-2006-4806 CVE-2006-4807 CVE-2006-4808 CVE-2006-4809
Created:	November 6, 2006	Updated:	August 13, 2007
Description:	M. Joonas Pihlaja discovered that imlib2 did not sufficiently verify the validity of ARGB, JPG, LBM, PNG, PNM, TGA, and TIFF images. If a user were tricked into viewing or processing a specially crafted image with an application that uses imlib2, the flaws could be exploited to execute arbitrary code with the user's privileges.
Alerts:	Mandriva MDKSA-2007:156 2007-08-10 Gentoo 200612-20 2006-12-20 Fedora FEDORA-EXTRAS-2006-004 2006-11-09 Mandriva MDKSA-2006:198-1 2006-11-06 Mandriva MDKSA-2006:198 2006-11-06 Ubuntu USN-376-2 2006-11-06 Ubuntu USN-376-1 2006-11-03

Comments (none posted)

inkscape: format string vulnerabilities

Package(s):	inkscape	CVE #(s):	CVE-2007-1463 CVE-2007-1464
Created:	March 21, 2007	Updated:	April 16, 2007
Description:	Inkscape has a format string vulnerability in its URI handling, possibly allowing an attacker to execute code with user privileges via a specially crafted file. Format string vulnerability in the whiteboard Jabber protocol in Inkscape before 0.45.1 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors.
Alerts:	Gentoo 200704-10 2007-04-16 rPath rPSA-2007-0061-1 2007-03-28 Foresight FLEA-2007-0002-1 2007-03-24 Mandriva MDKSA-2007:069 2007-03-22 Ubuntu USN-438-1 2007-03-20

Comments (none posted)

java: multiple vulnerabilities

Package(s):	java	CVE #(s):	CVE-2006-4339 CVE-2006-4790 CVE-2006-6731 CVE-2006-6736 CVE-2006-6737 CVE-2006-6745
Created:	January 18, 2007	Updated:	June 4, 2010
Description:	java has multiple vulnerabilities, these include: an RSA exponent padding attack vulnerability, two vulnerabilities which allow untrusted applets to access data in other applets, vulnerabilities that involve applets gaining privileges due to serialization bugs in the JRE and buffer overflows in the java image handling routines that can give attackers read/write/execute capabilities for local files.
Alerts:	Pardus 2010-67 2010-06-04 Gentoo 200705-20 2007-05-26 Red Hat RHSA-2007:0073-01 2007-02-09 Red Hat RHSA-2007:0072-01 2007-02-08 Red Hat RHSA-2007:0062-02 2007-02-07 Gentoo 200701-15 2007-01-22 SuSE SUSE-SA:2007:010 2007-01-18

Comments (1 posted)

kdelibs: denial of service

Package(s):	kdelibs	CVE #(s):	CVE-2007-1308
Created:	March 8, 2007	Updated:	March 29, 2007
Description:	Kdelibs has a denial of service vulnerability that can be triggered in Konqueror's use of KDE JavaScript. A null pointer dereference caused by accessing the content of an iframe with an ftp:// URI in the src attribute can be used to trigger the DOS.
Alerts:	Ubuntu USN-447-1 2007-03-28 Mandriva MDKSA-2007:054 2007-03-08

Comments (none posted)

kdelibs: kate backup file permission leak

Package(s):	kdelibs kate kwrite	CVE #(s):	CAN-2005-1920
Created:	July 19, 2005	Updated:	September 21, 2010
Description:	Kate / Kwrite, as shipped with KDE 3.2.x up to including 3.4.0, creates a file backup before saving a modified file. These backup files are created with default permissions, even if the original file had more strict permissions set. See this advisory for more information.
Alerts:	Gentoo 200611-21 2006-11-27 Debian DSA-804-2 2005-11-10 Debian DSA-804-1 2005-09-08 Red Hat RHSA-2005:612-01 2005-07-27 Ubuntu USN-150-1 2005-07-21 Mandriva MDKSA-2005:122 2005-07-20 Fedora FEDORA-2005-594 2005-07-19

Comments (1 posted)

kdelibs: cross-site scripting

Package(s):	kdelibs konqeror	CVE #(s):	CVE-2007-0537
Created:	February 5, 2007	Updated:	August 13, 2007
Description:	Konqueror 3.5.5 does not properly parse HTML comments, which allows remote attackers to conduct cross-site scripting (XSS) attacks and bypass some XSS protection schemes by embedding certain HTML tags within a comment, a related issue to CVE-2007-0478.
Alerts:	Mandriva MDKSA-2007:157 2007-08-10 Gentoo 200703-10 2007-03-10 rPath rPSA-2007-0052-1 2007-03-07 Ubuntu USN-420-1 2007-02-06 Mandriva MDKSA-2007:031 2007-02-02

Comments (none posted)

kernel: denial of service

Package(s):	kernel	CVE #(s):	CVE-2006-4623
Created:	October 18, 2006	Updated:	November 14, 2007
Description:	The kernel DVB layer can be caused to crash with maliciously-formatted unidirectional lightweight encapsulation (ULE) data.
Alerts:	Ubuntu USN-489-1 2007-07-19 rPath rPSA-2006-0194-1 2006-10-17

Comments (none posted)

kernel: multiple vulnerabilities

Package(s):	kernel	CVE #(s):	CVE-2007-0005 CVE-2007-1000
Created:	March 15, 2007	Updated:	November 14, 2007
Description:	The Linux kernel has a boundary error problem with the Omnikey CardMan 4040 driver read and write functions. This can be used to cause a buffer overflow and possible execution or arbitrary code with kernel privileges. The ipv6_getsockopt_sticky function in net/ipv6/ipv6_sockglue.c is vulnerable to a NULL pointer dereference. Local users can use this to crash the kernel or to disclose kernel memory.
Alerts:	Fedora FEDORA-2007-599 2007-06-21 Ubuntu USN-489-1 2007-07-19 Ubuntu USN-486-1 2007-07-17 Debian DSA-1286-1 2007-05-02 Red Hat RHSA-2007:0169-01 2007-04-30 Mandriva MDKSA-2007:078 2007-04-04 Fedora FEDORA-2007-336 2007-03-14 Fedora FEDORA-2007-335 2007-03-14

Comments (none posted)

kernel: denial of service

Package(s):	kernel	CVE #(s):	CVE-2006-0007 CVE-2007-0006
Created:	February 15, 2007	Updated:	November 14, 2007
Description:	Linux kernel versions from 2.6.9 to 2.6.20 have a denial of service vulnerability. A remote attacker can cause the key_alloc_serial function's key serial number collision avoidance code to have a null dereference, resulting in a crash.
Alerts:	Fedora FEDORA-2007-599 2007-06-21 Red Hat RHSA-2007:0099-02 2007-03-14 rPath rPSA-2007-0050-1 2007-03-06 Red Hat RHSA-2007:0085-01 2007-02-27 Mandriva MDKSA-2007:047 2007-02-21 Fedora FEDORA-2007-226 2007-02-13 Fedora FEDORA-2007-225 2007-02-13

Comments (1 posted)

kernel: denial of service

Package(s):	kernel	CVE #(s):	CVE-2006-4535 CVE-2006-4538
Created:	September 18, 2006	Updated:	January 5, 2009
Description:	Sridhar Samudrala discovered a local denial of service vulnerability in the handling of SCTP sockets. By opening such a socket with a special SO_LINGER value, a local attacker could exploit this to crash the kernel. (CVE-2006-4535) Kirill Korotaev discovered that the ELF loader on the ia64 and sparc platforms did not sufficiently verify the memory layout. By attempting to execute a specially crafted executable, a local user could exploit this to crash the kernel. (CVE-2006-4538)
Alerts:	Red Hat RHSA-2008:0787-01 2009-01-05 Red Hat RHSA-2007:1049-01 2007-12-03 Mandriva MDKSA-2006:182 2006-10-11 Red Hat RHSA-2006:0689-01 2006-10-05 Debian DSA-1184-2 2006-09-26 Debian DSA-1184-1 2006-09-25 Debian DSA-1183-1 2006-09-25 Ubuntu USN-347-1 2006-09-18

Comments (none posted)

kernel: denial of service by memory consumption

Package(s):	kernel	CVE #(s):	CVE-2006-2936
Created:	July 17, 2006	Updated:	November 14, 2007
Description:	The ftdi_sio driver (usb/serial/ftdi_sio.c) in Linux kernel 2.6.x up to 2.6.17, and possibly later versions, allows local users to cause a denial of service (memory consumption) by writing more data to the serial port than the driver can handle, which causes the data to be queued.
Alerts:	SuSE SUSE-SA:2007:035 2007-06-14 Mandriva MDKSA-2006:151 2006-08-25 Mandriva MDKSA-2006:150 2006-08-25 Ubuntu USN-331-1 2006-08-03 rPath rPSA-2006-0130-1 2006-07-17

Comments (none posted)

kernel: denial of service

Package(s):	kernel	CVE #(s):	CVE-2007-0772
Created:	February 23, 2007	Updated:	November 14, 2007
Description:	The Linux kernel before 2.6.20.1 allows remote attackers to cause a denial of service (oops) via a crafted NFSACL 2 ACCESS request that triggers a free of an incorrect pointer.
Alerts:	Fedora FEDORA-2007-599 2007-06-21 Ubuntu USN-451-1 2007-04-10 SuSE SUSE-SA:2007:021 2007-03-16 Mandriva MDKSA-2007:060 2006-03-09 Fedora FEDORA-2007-291 2007-03-02 Fedora FEDORA-2007-277 2007-03-02 SuSE SUSE-SA:2007:018 2007-02-27 rPath rPSA-2007-0036-1 2007-02-23

Comments (none posted)

kernel: denial of service

Package(s):	kernel	CVE #(s):	CVE-2006-5757
Created:	November 13, 2006	Updated:	November 14, 2007
Description:	From the MOKB-05-11-2006 advisory: "The ISO9660 filesystem handling code of the Linux 2.6.x kernel fails to properly handle corrupted data structures, leading to an exploitable denial of service condition. This particular vulnerability seems to be caused by a race condition and a signedness issue. When performing a read operation on a corrupted ISO9660 fs stream, the isofs_get_blocks() function will enter an infinite loop when __find_get_block_slow() callback from sb_getblk() fails ("due to various races between file io on the block device and getblk")."
Alerts:	Fedora FEDORA-2007-599 2007-06-21 Fedora FEDORA-2006-1223 2006-11-12 Fedora FEDORA-2006-1221 2006-11-10

Comments (none posted)

kernel: denial of service

Package(s):	kernel	CVE #(s):	CVE-2006-2935 CVE-2006-4145 CVE-2006-3745
Created:	September 1, 2006	Updated:	July 30, 2008
Description:	Previous versions of the kernel package are subject to several vulnerabilities. Certain malformed UDF filesystems can cause the system to crash (denial of service). Malformed CDROM firmware or USB storage devices (such as USB keys) could cause system crash (denial of service), and if they were intentionally malformed, can cause arbitrary code to run with elevated privileges. In addition, the SCTP protocol is subject to a remote system crash (denial of service) attack.
Alerts:	Red Hat RHSA-2008:0665-01 2008-07-24 SuSE SUSE-SA:2007:053 2007-10-12 SuSE SUSE-SA:2006:064 2006-11-10 Red Hat RHSA-2006:0710-01 2006-10-19 SuSE SUSE-SA:2006:057 2006-09-28 Trustix TSLSA-2006-0051 2006-09-15 Ubuntu USN-346-2 2006-09-14 Ubuntu USN-346-1 2006-09-14 rPath rPSA-2006-0162-1 2006-08-31

Comments (none posted)

kernel: multiple vulnerabilities

Package(s):	kernel	CVE #(s):	CVE-2006-5749 CVE-2006-4814 CVE-2006-6106
Created:	January 5, 2007	Updated:	January 8, 2009
Description:	A security issue has been reported in Linux kernel due to an error in drivers/isdn/i4l/isdn_ppp.c as the "isdn_ppp_ccp_reset_alloc_state()" function never initializes an event timer before scheduling it with the "add_timer()" function. The mincore function in the kernel does not properly lock access to user space, which has unspecified impact and attack vectors, possibly related to a deadlock. Another vulnerability has been reported in Linux kernel caused by a boundary error within the handling of incoming CAPI messages in net/bluetooth/cmtp/capi.c. This can be exploited to overwrite certain Kernel data structures.
Alerts:	Red Hat RHSA-2008:0787-01 2009-01-05 Red Hat RHSA-2009:0001-01 2009-01-08 CentOS CESA-2008:0211 2008-05-07 Red Hat RHSA-2008:0211-01 2008-05-07 Debian DSA-1503 2008-02-22 Debian DSA-1503-2 2008-03-06 SuSE SUSE-SA:2007:035 2007-06-14 SuSE SUSE-SA:2007:053 2007-10-12 Ubuntu USN-416-2 2007-03-01 Ubuntu USN-416-1 2007-02-01 rPath rPSA-2007-0031-1 2007-02-09 Mandriva MDKSA-2007:040 2007-02-07 Red Hat RHSA-2007:0014-01 2007-01-30 Mandriva MDKSA-2007:025 2007-01-23 Fedora FEDORA-2007-058 2007-01-18 Mandriva MDKSA-2007:012 2006-01-12 Trustix TSLSA-2007-0002 2007-01-05

Comments (none posted)

krb5: uninitialized pointers

Package(s):	krb5	CVE #(s):	CVE-2006-6143 CVE-2006-3084
Created:	January 10, 2007	Updated:	July 7, 2010
Description:	The kdamind daemon can, in some situations, perform operations on uninitialized pointers. This bug could conceivably open up the system to a code execution attack by an unauthenticated remote attacker, but it appears to be difficult to exploit. See this advisory for details.
Alerts:	Mandriva MDVSA-2010:129 2010-07-07 Gentoo 200701-21 2007-01-24 Ubuntu USN-408-1 2007-01-15 rPath rPSA-2007-0006-1 2007-01-11 Mandriva MDKSA-2007:008 2006-01-10 SuSE SUSE-SA:2007:004 2007-01-10 OpenPKG OpenPKG-SA-2007.006 2007-01-10 Fedora FEDORA-2007-033 2007-01-09 Fedora FEDORA-2007-034 2007-01-09

Comments (1 posted)

krb5: local privilege escalation

Package(s):	krb5	CVE #(s):	CVE-2006-3083
Created:	August 9, 2006	Updated:	July 7, 2010
Description:	Some kerberos applications fail to check the results of setuid() calls, with the result that, if that call fails, they could continue to execute as root after thinking they had switched to a nonprivileged user. A local attacker who can cause these calls to fail (through resource exhaustion, presumably) could exploit this bug to gain root privileges.
Alerts:	Mandriva MDVSA-2010:129 2010-07-07 SuSE SUSE-SR:2006:022 2006-09-08 Gentoo 200608-21 2006-08-23 Ubuntu USN-334-1 2006-08-16 Fedora FEDORA-2006-905 2006-08-09 Mandriva MDKSA-2006:139 2006-09-09 Gentoo 200608-15 2006-08-10 rPath rPSA-2006-0150-1 2006-08-09 Red Hat RHSA-2006:0612-01 2006-08-08 Debian DSA-1146-1 2006-08-09

Comments (none posted)

ktorrent: incorrect validation

Package(s):	ktorrent	CVE #(s):	CVE-2007-1384 CVE-2007-1385 CVE-2007-1799
Created:	March 13, 2007	Updated:	October 24, 2007
Description:	Bryan Burns of Juniper Networks discovered that KTorrent did not correctly validate the destination file paths nor the HAVE statements sent by torrent peers. A malicious remote peer could send specially crafted messages to overwrite files or execute arbitrary code with user privileges.
Alerts:	Debian DSA-1373-2 2007-10-23 Debian DSA-1373-1 2007-09-11 Ubuntu USN-436-2 2007-05-18 Mandriva MDKSA-2007:095 2007-05-01 Gentoo 200705-01 2007-05-01 Slackware SSA:2007-093-02 2007-04-04 Ubuntu USN-436-1 2007-03-12

Comments (1 posted)

libgadu: memory alignment bug

Package(s):	libgadu	CVE #(s):	CAN-2005-2370
Created:	July 29, 2005	Updated:	June 25, 2007
Description:	Szymon Zygmunt and Michal Bartoszkiewicz discovered a memory alignment error in libgadu (from ekg, console Gadu Gadu client, an instant messaging program) which is included in gaim, a multi-protocol instant messaging client, as well. This can not be exploited on the x86 architecture but on others, e.g. on Sparc and lead to a bus error, in other words a denial of service.
Alerts:	Debian DSA-813-1 2005-09-15 Red Hat RHSA-2005:627-01 2005-08-09 Debian DSA-769-1 2005-07-29

Comments (none posted)

libgtop2: buffer overflow

Package(s):	libgtop2	CVE #(s):	CVE-2007-0235
Created:	January 15, 2007	Updated:	August 9, 2007
Description:	The /proc parsing routines in libgtop are vulnerable to a buffer overflow. If an attacker can run a process in a specially crafted long path then trick a user into running gnome-system-monitor, arbitrary code can be executed with the user's privileges.
Alerts:	Fedora FEDORA-2007-657 2007-08-02 Red Hat RHSA-2007:0765-01 2007-08-07 Debian DSA-1255-1 2007-01-31 rPath rPSA-2007-0014-1 2007-01-23 Gentoo 200701-17 2007-01-23 Mandriva MDKSA-2007:023 2007-01-18 Ubuntu USN-407-1 2007-01-15

Comments (none posted)

libmodplug: boundary errors

Package(s):	libmodplug	CVE #(s):	CVE-2006-4192
Created:	December 11, 2006	Updated:	May 4, 2011
Description:	Luigi Auriemma has reported various boundary errors in load_it.cpp and a boundary error in the "CSoundFile::ReadSample()" function in sndfile.cpp. A remote attacker can entice a user to read crafted modules or ITP files, which may trigger a buffer overflow resulting in the execution of arbitrary code with the privileges of the user running the application.
Alerts:	CentOS CESA-2011:0477 2011-05-04 Red Hat RHSA-2011:0477-01 2011-05-02 Ubuntu USN-521-1 2007-09-27 Mandriva MDKSA-2007:001 2007-01-02 Gentoo 200612-04 2006-12-10

Comments (none posted)

libpng: buffer overflow

Package(s):	libpng	CVE #(s):	CVE-2006-3334
Created:	July 19, 2006	Updated:	December 15, 2008
Description:	In pngrutil.c, the function png_decompress_chunk() allocates insufficient space for an error message, potentially overwriting stack data, leading to a buffer overflow.
Alerts:	Gentoo 200812-15 2008-12-14 Mandriva MDKSA-2006:213 2006-11-16 rPath rPSA-2006-0133-1 2006-07-19 Gentoo 200607-06 2006-07-19

Comments (none posted)

libpng: heap based buffer overflow

Package(s):	libpng	CVE #(s):	CVE-2006-0481
Created:	February 13, 2006	Updated:	December 15, 2008
Description:	A heap based buffer overflow bug was found in the way libpng strips alpha channels from a PNG image. An attacker could create a carefully crafted PNG image file in such a way that it could cause an application linked with libpng to crash or execute arbitrary code when the file is opened by a victim.
Alerts:	Gentoo 200812-15 2008-12-14 Red Hat RHSA-2006:0205-01 2006-02-13

Comments (1 posted)

libtiff: buffer overflow

Package(s):	libtiff	CVE #(s):	CVE-2006-2193
Created:	June 15, 2006	Updated:	September 1, 2008
Description:	The t2p_write_pdf_string function in libtiff 3.8.2 and earlier is vulnerable to a buffer overflow. Attackers can use a TIFF file with UTF-8 characters in the DocumentName tag to overflow a buffer, causing a denial of service, and possibly the execution of arbitrary code.
Alerts:	CentOS CESA-2008:0848 2008-08-30 Red Hat RHSA-2008:0848-01 2008-08-28 Fedora FEDORA-2006-952 2006-09-05 SuSE SUSE-SA:2006:044 2006-08-01 Gentoo 200607-03 2006-07-09 SuSE SUSE-SR:2006:014 2006-06-20 Trustix TSLSA-2006-0036 2006-06-16 Mandriva MDKSA-2006:102 2006-06-14

Comments (none posted)

libwpd: buffer overflows

Package(s):	libwpd	CVE #(s):	CVE-2007-0002
Created:	March 16, 2007	Updated:	April 9, 2007
Description:	iDefense reported several overflow bugs in libwpd. An attacker could create a carefully crafted Word Perfect file that could cause an application linked with libwpd, such as OpenOffice, to crash or possibly execute arbitrary code if the file was opened by a victim.
Alerts:	Gentoo 200704-07 2007-04-06 Slackware SSA:2007-085-02 2007-03-27 Fedora FEDORA-2007-351 2007-03-19 Fedora FEDORA-2007-350 2007-03-19 Ubuntu USN-437-1 2007-03-19 Debian DSA-1268-1 2007-03-17 Mandriva MDKSA-2007:064 2007-03-16 Mandriva MDKSA-2007:063 2007-03-16 rPath rPSA-2007-0057-1 2007-03-16 Red Hat RHSA-2007:0055-01 2007-03-16

Comments (none posted)

libxml2 - arbitrary code execution

Package(s):	libxml2	CVE #(s):	CAN-2004-0110
Created:	February 26, 2004	Updated:	August 19, 2009
Description:	Yuuichi Teranishi discovered a flaw in libxml2 versions prior to 2.6.6. When fetching a remote resource via FTP or HTTP, libxml2 uses special parsing routines. These routines can overflow a buffer if passed a very long URL. If an attacker is able to find an application using libxml2 that parses remote resources and allows them to influence the URL, then this flaw could be used to execute arbitrary code.
Alerts:	Fedora FEDORA-2009-8594 2009-08-15 Fedora FEDORA-2009-8582 2009-08-15 Fedora-Legacy FLSA:1324 2004-07-19 Conectiva CLA-2004:836 2004-03-31 Gentoo 200403-01 2004-03-06 Trustix TSLSA-2004-0010 2004-03-05 OpenPKG OpenPKG-SA-2004.003 2004-03-05 Netwosix NW-2004-0004 2004-03-04 Debian DSA-455-1 2004-03-03 Mandrake MDKSA-2004:018 2004-03-03 Red Hat RHSA-2004:091-02 2004-03-03 Whitebox WBSA-2004:090-01 2004-03-01 Red Hat RHSA-2004:090-01 2004-02-26 Fedora FEDORA-2004-087 2004-02-25 Red Hat RHSA-2004:091-01 2004-02-26

Comments (none posted)

libxml2: multiple buffer overflows

Package(s):	libxml2	CVE #(s):	CAN-2004-0989
Created:	October 28, 2004	Updated:	August 19, 2009
Description:	libxml2 prior to version 2.6.14 has multiple buffer overflow vulnerabilities, if a local user passes a specially crafted FTP URL, arbitrary code may be executed.
Alerts:	Fedora FEDORA-2009-8594 2009-08-15 Fedora FEDORA-2009-8582 2009-08-15 Ubuntu USN-89-1 2005-02-28 Red Hat RHSA-2004:650-01 2004-12-16 Conectiva CLA-2004:890 2004-11-18 Red Hat RHSA-2004:615-01 2004-11-12 Mandrake MDKSA-2004:127 2004-11-04 Debian DSA-582-1 2004-11-02 Gentoo 200411-05 2004-11-02 Trustix TSLSA-2004-0055 2004-10-29 OpenPKG OpenPKG-SA-2004.050 2004-10-31 Ubuntu USN-10-1 2004-10-28 Fedora FEDORA-2004-353 2004-10-28

Comments (none posted)

lookup-el: insecure temporary file

Package(s):	lookup-el	CVE #(s):	CVE-2007-0237
Created:	March 19, 2007	Updated:	December 10, 2007
Description:	Tatsuya Kinoshita discovered that Lookup, a search interface to electronic dictionaries on emacsen, creates a temporary file in an insecure fashion when the ndeb-binary feature is used, which allows a local attacker to craft a symlink attack to overwrite arbitrary files.
Alerts:	Gentoo 200712-07 2007-12-09 Debian DSA-1269-1 2007-03-18

Comments (none posted)

LSAT: insecure temporary file creation

Package(s):	lsat	CVE #(s):
Created:	March 19, 2007	Updated:	March 21, 2007
Description:	LSAT insecurely writes in /tmp with a predictable filename. A local attacker could create symbolic links in the temporary files directory, pointing to a valid file somewhere on the filesystem. When the LSAT script is executed, this would result in the file being overwritten with the rights of the user running the software, which could be the root user.
Alerts:	Gentoo 200703-20 2007-03-18

Comments (none posted)

lynx: arbitrary command execution

Package(s):	lynx	CVE #(s):	CVE-2005-2929
Created:	November 14, 2005	Updated:	September 14, 2009
Description:	An arbitrary command execute bug was found in the lynx "lynxcgi:" URI handler. An attacker could create a web page redirecting to a malicious URL which could execute arbitrary code as the user running lynx.
Alerts:	Gentoo 200909-15 2009-09-12 Fedora-Legacy FLSA:152832 2005-12-17 OpenPKG OpenPKG-SA-2005.026 2005-12-03 Fedora FEDORA-2005-1079 2005-11-14 Fedora FEDORA-2005-1078 2005-11-14 Gentoo 200511-09 2005-11-13 Mandriva MDKSA-2005:211 2005-11-12 Red Hat RHSA-2005:839-01 2005-11-11

Comments (none posted)

mod_jk: stack overflow

Package(s):	mod_jk	CVE #(s):	CVE-2007-0774
Created:	March 5, 2007	Updated:	May 30, 2007
Description:	A stack overflow flaw was found in the URI handler of mod_jk. A remote attacker could visit a carefully crafted URL being handled by mod_jk and trigger this flaw, which could lead to the execution of arbitrary code as the 'apache' user.
Alerts:	Gentoo 200703-16 2007-03-16 Red Hat RHSA-2007:0096-01 2007-03-02

Comments (none posted)

mplayer: buffer overflow

Package(s):	mplayer	CVE #(s):	CVE-2007-1246
Created:	March 8, 2007	Updated:	April 1, 2008
Description:	MPlayer versions up to 1.0rc1 have a buffer overflow in the loader/dmo/DMO_VideoDecoder.c DMO_VideoDecoder_Open function. user-assisted remote attackers can use this to create a buffer overflow and possibly execute arbitrary code.
Alerts:	Debian DSA-1536-1 2008-03-31 Gentoo 200705-21 2007-05-30 Foresight FLEA-2007-0013-1 2007-04-23 Slackware SSA:2007-109-02 2007-04-20 Gentoo 200704-09 2007-04-14 Ubuntu USN-433-1 2007-03-09 Mandriva MDKSA-2007:057 2007-03-08 Mandriva MDKSA-2007:055 2007-03-08

Comments (none posted)

mysql: format string bug

Package(s):	mysql	CVE #(s):	CVE-2006-3469
Created:	July 21, 2006	Updated:	July 30, 2008
Description:	Jean-David Maillefer discovered a format string bug in the date_format() function's error reporting. By calling the function with invalid arguments, an authenticated user could exploit this to crash the server.
Alerts:	Red Hat RHSA-2008:0768-01 2008-07-24 Slackware SSA:2006-211-01 2006-07-31 Ubuntu USN-321-1 2006-07-21

Comments (none posted)

MySQL: privilege violations

Package(s):	mysql	CVE #(s):	CVE-2006-4031 CVE-2006-4226
Created:	August 25, 2006	Updated:	July 30, 2008
Description:	MySQL 4.1 before 4.1.21 and 5.0 before 5.0.24 allows a local user to access a table through a previously created MERGE table, even after the user's privileges are revoked for the original table, which might violate intended security policy (CVE-2006-4031). MySQL 4.1 before 4.1.21, 5.0 before 5.0.25, and 5.1 before 5.1.12, when run on case-sensitive filesystems, allows remote authenticated users to create or access a database when the database name differs only in case from a database for which they have permissions (CVE-2006-4226).
Alerts:	Red Hat RHSA-2008:0768-01 2008-07-24 Red Hat RHSA-2008:0364-01 2008-05-21 Red Hat RHSA-2007:0152-01 2007-04-03 Red Hat RHSA-2007:0083-01 2007-02-19 Fedora FEDORA-2006-1298 2006-11-27 Fedora FEDORA-2006-1297 2006-11-27 Ubuntu USN-338-1 2006-09-05 Mandriva MDKSA-2006:149 2006-08-24

Comments (none posted)

MySQL: logging bypass

Package(s):	mysql	CVE #(s):	CVE-2006-0903
Created:	April 4, 2006	Updated:	May 21, 2008
Description:	MySQL 5.0.18 and earlier allows local users to bypass logging mechanisms via SQL queries that contain the NULL character, which are not properly handled by the mysql_real_query function. NOTE: this issue was originally reported for the mysql_query function, but the vendor states that since mysql_query expects a null character, this is not an issue for mysql_query.
Alerts:	Red Hat RHSA-2008:0364-01 2008-05-21 Ubuntu USN-274-2 2006-05-15 Ubuntu USN-274-1 2006-04-27 Mandriva MDKSA-2006:064 2006-04-03

Comments (2 posted)

nas: code execution

Package(s):	nas	CVE #(s):	CVE-2007-1543 CVE-2007-1544 CVE-2007-1545 CVE-2007-1546 CVE-2007-1547
Created:	March 21, 2007	Updated:	April 24, 2007
Description:	The Network Audio System daemon has a number of vulnerabilities which can be exploited to run arbitrary code or force a crash.
Alerts:	Gentoo 200704-20 2007-04-23 rPath rPSA-2007-0067-1 2007-04-04 Foresight FLEA-2007-0007-1 2007-04-03 Ubuntu USN-446-1 2007-03-28 Debian DSA-1273-1 2007-03-27 Mandriva MDKSA-2007:065 2007-03-20

Comments (none posted)

nbd: arbitrary code execution

Package(s):	nbd	CVE #(s):	CVE-2005-3534
Created:	January 6, 2006	Updated:	March 7, 2011
Description:	Kurt Fitzner discovered that the NBD (network block device) server did not correctly verify the maximum size of request packets. By sending specially crafted large request packets, a remote attacker who is allowed to access the server could exploit this to execute arbitrary code with root privileges.
Alerts:	SuSE SUSE-SR:2006:001 2006-01-13 Ubuntu USN-237-1 2006-01-06

Comments (none posted)

ncompress: buffer underflow

Package(s):	ncompress	CVE #(s):	CVE-2006-1168
Created:	August 10, 2006	Updated:	February 21, 2012
Description:	The ncompress compression utility has a missing boundary check. A local user can use a maliciously created file to cause a a .bss buffer underflow.
Alerts:	Gentoo 200610-03 2006-10-06 Red Hat RHSA-2006:0663-01 2006-09-12 Mandriva MDKSA-2006:140 2006-08-09 Debian DSA-1149-1 2006-08-10 Red Hat RHSA-2012:0308-03 2012-02-21 Scientific Linux SL-busy-20120321 2012-03-21 Red Hat RHSA-2012:0810-04 2012-06-20 Scientific Linux SL-busy-20120709 2012-07-09 Mageia MGASA-2012-0171 2012-07-19 Mandriva MDVSA-2012:129 2012-08-10 Mandriva MDVSA-2012:129-1 2012-08-10

Comments (none posted)

openafs: privilege escalation

Package(s):	openafs	CVE #(s):	CVE-2007-1507
Created:	March 21, 2007	Updated:	April 4, 2007
Description:	The handling of setuid files in the OpenAFS filesystem is flawed in such a way that a sufficiently clever attacker could make an arbitrary executable file to appear to be setuid.
Alerts:	Gentoo 200704-03 2007-04-03 Mandriva MDKSA-2007:066 2007-03-20 Debian DSA-1271-1 2007-03-20

Comments (none posted)

openldap: security bypass

Package(s):	openldap	CVE #(s):	CVE-2006-4600
Created:	September 29, 2006	Updated:	June 12, 2007
Description:	slapd in OpenLDAP before 2.3.25 allows remote authenticated users with selfwrite Access Control List (ACL) privileges to modify arbitrary Distinguished Names (DN).
Alerts:	Red Hat RHSA-2007:0430-01 2007-06-11 Red Hat RHSA-2007:0310-02 2007-05-01 Trustix TSLSA-2006-0055 2006-10-06 rPath rPSA-2006-0176-1 2006-09-29 Mandriva MDKSA-2006:171 2006-09-28

Comments (none posted)

OpenOffice.org: buffer overflow and command execution

Package(s):	openoffice.org	CVE #(s):	CVE-2007-0238 CVE-2007-0239
Created:	March 21, 2007	Updated:	April 17, 2007
Description:	The StarCalc parser in OpenOffice.org suffers from an "easily exploitable" stack overflow which could be exploited (via a malicious document) to execute arbitrary code. Additionally, there is a failure to escape shell metacharacters in URLs, exposing users to command execution by way of hostile links.
Alerts:	Gentoo 200704-12 2007-04-16 rPath rPSA-2007-0070-1 2007-04-09 Mandriva MDKSA-2007:073 2007-03-29 Foresight FLEA-2007-0004-1 2007-03-29 Ubuntu USN-444-1 2007-03-27 Debian DSA-1270-2 2007-03-28 Fedora FEDORA-2007-376 2007-03-27 Fedora FEDORA-2007-375 2007-03-27 Red Hat RHSA-2007:0069-01 2007-03-22 Red Hat RHSA-2007:0033-01 2007-03-22 SuSE SUSE-SA:2007:023 2007-03-21 Debian DSA-1270-1 2007-03-20

Comments (none posted)

OpenSSH: denial of service

Package(s):	openssh	CVE #(s):	CVE-2006-4925 CVE-2006-5052
Created:	October 6, 2006	Updated:	November 15, 2007
Description:	packet.c in ssh in OpenSSH allows remote attackers to cause a denial of service (crash) by sending an invalid protocol sequence with USERAUTH_SUCCESS before NEWKEYS, which causes newkeys[mode] to be NULL. An unspecified vulnerability in portable OpenSSH before 4.4, when running on some platforms, allows remote attackers to determine the validity of usernames via unknown vectors involving a GSSAPI "authentication abort."
Alerts:	Red Hat RHSA-2007:0703-02 2007-11-15 Red Hat RHSA-2007:0540-04 2007-11-07 Fedora FEDORA-2007-394 2007-04-03 Gentoo 200611-06 2006-11-13 SuSE SUSE-SA:2006:062 2006-10-20 rPath rPSA-2006-0185-1 2006-10-05

Comments (none posted)

openssh: privilege separation issue

Package(s):	openssh	CVE #(s):	CVE-2006-5794
Created:	November 8, 2006	Updated:	April 5, 2007
Description:	From the OpenSSH 4.5 announcement: "Fix a bug in the sshd privilege separation monitor that weakened its verification of successful authentication. This bug is not known to be exploitable in the absence of additional vulnerabilities."
Alerts:	Fedora FEDORA-2007-395 2007-04-03 Fedora FEDORA-2006-1215 2006-11-20 Fedora FEDORA-2006-1214 2006-11-20 SuSE SUSE-SR:2006:026 2006-11-17 Trustix TSLSA-2006-0063 2006-11-15 Red Hat RHSA-2006:0738-01 2006-11-15 rPath rPSA-2006-0207-1 2006-11-09 Mandriva MDKSA-2006:204 2006-11-08 OpenPKG OpenPKG-SA-2006.032 2006-11-08

Comments (none posted)

openssh: remote denial of service

Package(s):	openssh	CVE #(s):	CVE-2006-4924 CVE-2006-5051
Created:	September 27, 2006	Updated:	September 17, 2008
Description:	Openssh 4.4 fixes some security issues, including a pre-authentication denial of service, an unsafe signal hander and on portable OpenSSH a GSSAPI authentication abort could be used to determine the validity of usernames on some platforms.
Alerts:	Debian DSA-1638-1 2008-09-16 Debian DSA-1212-1 2006-11-15 Fedora FEDORA-2006-1011 2006-10-03 Debian DSA-1189-1 2006-10-04 Mandriva MDKSA-2006:179 2006-10-03 Ubuntu USN-355-1 2006-10-02 OpenPKG OpenPKG-SA-2006.022 2006-10-01 Slackware SSA:2006-272-02 2006-09-29 Red Hat RHSA-2006:0698-01 2006-09-28 Red Hat RHSA-2006:0697-01 2006-09-28 Gentoo 200609-17:02 2006-09-27 rPath rPSA-2006-0174-1 2006-09-27 Gentoo 200609-17 2006-09-27

Comments (none posted)

php: several vulnerabilities

Package(s):	php	CVE #(s):	CVE-2006-4481 CVE-2006-4484 CVE-2006-4485
Created:	September 8, 2006	Updated:	June 13, 2008
Description:	The file_exists and imap_reopen functions in PHP before 5.1.5 do not check for the safe_mode and open_basedir settings, which allows local users to bypass the settings (CVE-2006-4481). A buffer overflow in the LWZReadByte function in ext/gd/libgd/gd_gif_in.c in the GD extension in PHP before 5.1.5 allows remote attackers to have an unknown impact via a GIF file with input_code_size greater than MAX_LWZ_BITS, which triggers an overflow when initializing the table array (CVE-2006-4484). The stripos function in PHP before 5.1.5 has unknown impact and attack vectors related to an out-of-bounds read (CVE-2006-4485).
Alerts:	SuSE SUSE-SR:2008:013 2008-06-13 Mandriva MDVSA-2008:077 2007-03-26 SuSE SUSE-SR:2008:005 2008-03-06 Red Hat RHSA-2008:0146-01 2008-02-28 Fedora FEDORA-2008-1643 2008-02-13 Foresight FLEA-2008-0007-1 2008-02-11 Fedora FEDORA-2008-1122 2008-02-05 Fedora FEDORA-2008-1131 2008-02-05 SuSE SUSE-SR:2008:003 2008-02-07 Mandriva MDVSA-2008:038 2007-02-07 rPath rPSA-2008-0046-1 2008-02-06 Gentoo 200802-01 2008-02-06 rPath rPSA-2006-0182-1 2006-10-05 SuSE SUSE-SA:2006:052 2006-09-21 Red Hat RHSA-2006:0669-01 2006-09-21 Mandriva MDKSA-2006:162 2006-09-07

Comments (1 posted)

php: multiple vulnerabilities

Package(s):	php	CVE #(s):	CVE-2007-0906 CVE-2007-0907 CVE-2007-0908 CVE-2007-0909 CVE-2007-0910 CVE-2007-0988
Created:	February 20, 2007	Updated:	March 21, 2007
Description:	A number of buffer overflow flaws were found in the PHP session extension, the str_replace() function, and the imap_mail_compose() function. If very long strings under the control of an attacker are passed to the str_replace() function then an integer overflow could occur in memory allocation. If a script uses the imap_mail_compose() function to create a new MIME message based on an input body from an untrusted source, it could result in a heap overflow. An attacker who is able to access a PHP application affected by any these issues could trigger these flaws and possibly execute arbitrary code as the 'apache' user. (CVE-2007-0906) If unserializing untrusted data on 64-bit platforms, the zend_hash_init() function can be forced to enter an infinite loop, consuming CPU resources for a limited length of time, until the script timeout alarm aborts execution of the script. (CVE-2007-0988) If the wddx extension is used to import WDDX data from an untrusted source, certain WDDX input packets may allow a random portion of heap memory to be exposed. (CVE-2007-0908) If the odbc_result_all() function is used to display data from a database, and the contents of the database table are under the control of an attacker, a format string vulnerability is possible which could lead to the execution of arbitrary code. (CVE-2007-0909) A one byte memory read will always occur before the beginning of a buffer, which could be triggered for example by any use of the header() function in a script. However it is unlikely that this would have any effect. (CVE-2007-0907) Several flaws in PHP could allows attackers to "clobber" certain super-global variables via unspecified vectors. (CVE-2007-0910)
Alerts:	Gentoo 200703-21 2007-03-20 SuSE SUSE-SA:2007:020 2007-03-15 Red Hat RHSA-2007:0082-02 2007-03-14 Ubuntu USN-424-2 2007-03-08 Debian DSA-1264-1 2007-03-07 rPath rPSA-2007-0043-1 2007-02-27 Fedora FEDORA-2007-287 2007-02-26 OpenPKG OpenPKG-SA-2007.010 2007-02-23 Slackware SSA:2007-053-01 2007-02-23 Mandriva MDKSA-2007:048 2006-02-22 Red Hat RHSA-2007:0088-01 2007-02-22 Ubuntu USN-424-1 2007-02-21 Red Hat RHSA-2007:0081-01 2007-02-21 Fedora FEDORA-2007-261 2007-02-20 Red Hat RHSA-2007:0076-01 2007-02-19

Comments (none posted)

php: buffer overflows

Package(s):	php	CVE #(s):	CVE-2006-5465
Created:	November 3, 2006	Updated:	January 18, 2010
Description:	The Hardened-PHP Project discovered buffer overflows in htmlentities/htmlspecialchars internal routines to the PHP Project. Of course the whole purpose of these functions is to be filled with user input. (The overflow can only be when UTF-8 is used)
Alerts:	Mandriva MDVSA-2010:007 2010-01-15 SuSE SUSE-SA:2006:067 2006-11-15 rPath rPSA-2006-0205-1 2006-11-09 Red Hat RHSA-2006:0731-01 2006-11-10 Red Hat RHSA-2006:0730-01 2006-11-06 Debian DSA-1206-1 2006-11-06 Fedora FEDORA-2006-1169 2006-11-06 Fedora FEDORA-2006-1168 2006-11-06 Slackware SSA:2006-307-01 2006-11-06 OpenPKG OpenPKG-SA-2006.028 2006-11-06 Ubuntu USN-375-1 2006-11-02 Mandriva MDKSA-2006:196 2006-11-02

Comments (none posted)

phpbb2: missing input sanitizing

Package(s):	phpbb2	CVE #(s):	CVE-2006-1896
Created:	May 22, 2006	Updated:	February 11, 2008
Description:	It was discovered that phpbb2, a web based bulletin board, insufficiently sanitizes values passed to the "Font Color 3" setting, which might lead to the execution of injected code by admin users.
Alerts:	Debian DSA-1066-1 2006-05-20

Comments (none posted)

phpbb2: multiple vulnerabilities

Package(s):	phpbb2	CVE #(s):	CVE-2005-3310 CVE-2005-3415 CVE-2005-3416 CVE-2005-3417 CVE-2005-3418 CVE-2005-3419 CVE-2005-3420 CVE-2005-3536 CVE-2005-3537
Created:	December 22, 2005	Updated:	February 11, 2008
Description:	The phpbb2 web forum has a number of vulnerabilities including: a web script injection problem, a protection mechanism bypass, a security check bypass, a remote global variable bypass, cross site scripting vulnerabilities, an SQL injection vulnerability, a remote regular expression modification problem, missing input sanitizing, and a missing request validation problem.
Alerts:	Debian DSA-925-1 2005-12-22

Comments (none posted)

postgresql: SQL injection

Package(s):	postgresql	CVE #(s):	CVE-2006-2313 CVE-2006-2314
Created:	May 24, 2006	Updated:	June 6, 2007
Description:	The PostgreSQL team has put out a set of "urgent updates" (in the form of the 7.3.15, 7.4.13, 8.0.8, and 8.1.4 releases) closing a newly-discovered set of SQL injection issues. Details about the problem can be found on the technical information page; in short: multi-byte encodings can be used to defeat normal string sanitizing techniques. The update fixes one problem related to invalid multi-byte characters, but punts on another by simply disallowing the old, unsafe technique of escaping single quotes with a backslash.
Alerts:	Fedora FEDORA-2007-0249 2007-06-06 Trustix TSLSA-2006-0059 2006-10-27 Gentoo 200607-04 2006-07-09 SuSE SUSE-SA:2006:030 2006-06-09 Ubuntu USN-288-3 2006-06-09 Ubuntu USN-288-2 2006-06-09 Mandriva MDKSA-2006:098 2006-06-07 Debian DSA-1087-1 2006-06-03 Ubuntu USN-288-1 2006-05-29 rPath rPSA-2006-0080-1 2006-05-24 Red Hat RHSA-2006:0526-02 2006-05-23 Fedora FEDORA-2006-578 2006-05-23 Fedora FEDORA-2006-579 2006-05-23

Comments (1 posted)

quake: buffer overflow

Package(s):	quake3-bin	CVE #(s):	CVE-2006-2236
Created:	May 10, 2006	Updated:	January 12, 2009
Description:	Games based on the Quake 3 engine are vulnerable to a buffer overflow exploitable by a hostile game server.
Alerts:	Gentoo 200901-06 2009-01-11 Gentoo 200605-12 2006-05-10

Comments (none posted)

rpm: arbitrary code execution

Package(s):	rpm	CVE #(s):	CVE-2006-5466
Created:	November 6, 2006	Updated:	August 28, 2007
Description:	An error was found in the RPM library's handling of query reports. In some locales, certain RPM packages would cause the library to crash. If a user was tricked into querying a specially crafted RPM package, the flaw could be exploited to execute arbitrary code with the user's privileges.
Alerts:	Fedora FEDORA-2007-668 2007-08-27 Gentoo 200611-08 2006-11-13 Mandriva MDKSA-2006:200 2006-11-07 Ubuntu USN-378-1 2006-11-04

Comments (none posted)

Mozilla: multiple vulnerabilities

Package(s):	seamonkey firefox thunderbird	CVE #(s):	CVE-2006-6077 CVE-2007-0008 CVE-2007-0009 CVE-2007-0775 CVE-2007-0777 CVE-2007-0778 CVE-2007-0779 CVE-2007-0780 CVE-2007-0800 CVE-2007-0981 CVE-2007-0995 CVE-2007-0996
Created:	February 26, 2007	Updated:	July 23, 2007
Description:	Several flaws were found in the way SeaMonkey processed certain malformed JavaScript code. A malicious web page could execute JavaScript code in such a way that may result in SeaMonkey crashing or executing arbitrary code as the user running SeaMonkey. (CVE-2007-0775, CVE-2007-0777) Several cross-site scripting (XSS) flaws were found in the way SeaMonkey processed certain malformed web pages. A malicious web page could display misleading information which may result in a user unknowingly divulging sensitive information such as a password. (CVE-2006-6077, CVE-2007-0995, CVE-2007-0996) A flaw was found in the way SeaMonkey cached web pages on the local disk. A malicious web page may be able to inject arbitrary HTML into a browsing session if the user reloads a targeted site. (CVE-2007-0778) A flaw was found in the way SeaMonkey displayed certain web content. A malicious web page could generate content which could overlay user interface elements such as the hostname and security indicators, tricking a user into thinking they are visiting a different site. (CVE-2007-0779) Two flaws were found in the way SeaMonkey displayed blocked popup windows. If a user can be convinced to open a blocked popup, it is possible to read arbitrary local files, or conduct an XSS attack against the user. (CVE-2007-0780, CVE-2007-0800) Two buffer overflow flaws were found in the Network Security Services (NSS) code for processing the SSLv2 protocol. Connecting to a malicious secure web server could cause the execution of arbitrary code as the user running SeaMonkey. (CVE-2007-0008, CVE-2007-0009) A flaw was found in the way SeaMonkey handled the "location.hostname" value during certain browser domain checks. This flaw could allow a malicious web site to set domain cookies for an arbitrary site, or possibly perform an XSS attack. (CVE-2007-0981)
Alerts:	Debian DSA-1336-1 2007-07-22 Slackware SSA:2007-085-01 2007-03-26 Gentoo 200703-22 2007-03-20 SuSE SUSE-SA:2007:022 2007-03-20 Gentoo 200703-18 2007-03-18 Red Hat RHSA-2007:0108-02 2007-03-14 Red Hat RHSA-2007:0097-02 2007-03-14 Gentoo 200703-08 2007-03-09 Slackware SSA:2007-066-03 2007-03-08 Slackware SSA:2007-066-04 2007-03-08 Slackware SSA:2007-066-05 2007-03-08 Ubuntu USN-431-1 2007-03-07 Mandriva MDKSA-2007:052 2007-03-06 SuSE SUSE-SA:2007:019 2007-03-06 Fedora FEDORA-2007-309 2007-03-05 Fedora FEDORA-2007-308 2007-03-05 rPath rPSA-2007-0040-3 2007-02-26 Gentoo 200703-05 2007-03-03 Gentoo 200703-04 2007-03-02 Mandriva MDKSA-2007:050-1 2007-03-02 Red Hat RHSA-2007:0078-01 2007-03-02 Ubuntu USN-428-2 2007-03-02 Mandriva MDKSA-2007:050 2007-02-28 Ubuntu USN-428-1 2007-02-26 Fedora FEDORA-2007-293 2007-02-27 Fedora FEDORA-2007-293 2007-02-27 Fedora FEDORA-2007-293 2007-02-27 Fedora FEDORA-2007-293 2007-02-27 Fedora FEDORA-2007-293 2007-02-27 Fedora FEDORA-2007-279 2007-02-26 Fedora FEDORA-2007-279 2007-02-26 Fedora FEDORA-2007-289 2007-02-26 Fedora FEDORA-2007-289 2007-02-26 Fedora FEDORA-2007-289 2007-02-26 Fedora FEDORA-2007-289 2007-02-26 Fedora FEDORA-2007-281 2007-02-26 Fedora FEDORA-2007-278 2007-02-26 Fedora FEDORA-2007-278 2007-02-26 rPath rPSA-2007-0040-1 2007-02-26 Red Hat RHSA-2007:0079-01 2007-02-23 Red Hat RHSA-2007:0077-01 2007-02-23

Comments (1 posted)

shadow-utils: mailbox creation vulnerability

Package(s):	shadow-utils	CVE #(s):	CVE-2006-1174
Created:	May 25, 2006	Updated:	June 12, 2007
Description:	The useradd tool from the shadow-utils package has a potential security problem. When a new user's mailbox is created, the permissions are set to random garbage from the stack, potentially allowing the file to be read or written during the time before fchmod() is called.
Alerts:	Red Hat RHSA-2007:0431-01 2007-06-11 rPath rPSA-2007-0096-1 2007-05-11 Red Hat RHSA-2007:0276-02 2007-05-01 Gentoo 200606-02 2006-06-07 Mandriva MDKSA-2006:090 2006-05-24

Comments (none posted)

slocate: information disclosure

Package(s):	slocate	CVE #(s):	CVE-2007-0227
Created:	February 22, 2007	Updated:	September 4, 2012
Description:	The slocate permission checking code has a local information disclosure vulnerability. During the reporting of matching files, slocate does not respect the parent directory's read permissions, resulting in hidden filenames being viewable by other local users.
Alerts:	Foresight FLEA-2007-0005-1 2007-03-29 Ubuntu USN-425-1 2007-02-22 Slackware SSA:2012-244-05 2012-08-31

Comments (none posted)

snort: remote arbitrary code execution

Package(s):	snort	CVE #(s):	CVE-2006-5276
Created:	March 2, 2007	Updated:	September 7, 2007
Description:	The Snort intrusion detection system is vulnerable to a buffer overflow in the DCE/RPC preprocessor code. Remote attackers can send specially crafted fragmented SMB or DCE/RPC packets which can be used to allow the the remote execution of arbitrary code.
Alerts:	Fedora FEDORA-2007-2060 2007-09-07 Gentoo 200703-01:02 2007-02-23 Gentoo 200703-01 2007-02-23

Comments (1 posted)

ssh: privilege escalation

Package(s):	ssh	CVE #(s):	CVE-2006-0705
Created:	March 15, 2007	Updated:	March 21, 2007
Description:	The SSH server has a format string vulnerability in the SFTP code for scp2 and sftp2. The accessed filename can be passed to the system log, an unspecified error could allow uncontrolled stack access. Authenticated users may be able to use this to bypass command restrictions or run commands as another user.
Alerts:	Gentoo 200703-13 2007-03-14

Comments (none posted)

sun-jdk: arbitrary code execution

Package(s):	sun-jdk	CVE #(s):	CVE-2007-0243
Created:	February 19, 2007	Updated:	April 25, 2007
Description:	A anonymous researcher discovered that an error in the handling of a GIF image with a zero width field block leads to a memory corruption flaw. An attacker could entice a user to run a specially crafted Java applet or application that would load a crafted GIF image, which could result in escalation of privileges and unauthorized access to system resources.
Alerts:	Red Hat RHSA-2007:0167-01 2007-04-25 Red Hat RHSA-2007:0166-01 2007-04-25 Gentoo 200702-08 2007-02-17 Gentoo 200702-07 2007-02-17

Comments (1 posted)

tcpdump: denial of service

Package(s):	tcpdump	CVE #(s):	CVE-2007-1218
Created:	March 5, 2007	Updated:	November 15, 2007
Description:	Off-by-one buffer overflow in the parse_elements function in the 802.11 printer code (print-802_11.c) for tcpdump 3.9.5 and earlier allows remote attackers to cause a denial of service (crash) via a crafted 802.11 frame. NOTE: this was originally referred to as heap-based, but it might be stack-based.
Alerts:	Red Hat RHSA-2007:0387-02 2007-11-15 Mandriva MDKSA-2007:155 2007-08-09 Debian DSA-1272-1 2007-03-22 Fedora FEDORA-2007-348 2007-03-15 Fedora FEDORA-2007-347 2007-03-15 Mandriva MDKSA-2007:056 2006-03-08 Ubuntu USN-429-1 2007-03-06 rPath rPSA-2007-0048-1 2007-03-03

Comments (none posted)

unzip: long file name buffer overflow

Package(s):	unzip	CVE #(s):	CVE-2005-4667
Created:	February 6, 2006	Updated:	May 2, 2007
Description:	A buffer overflow in UnZip 5.50 and earlier allows local users to execute arbitrary code via a long filename command line argument. NOTE: since the overflow occurs in a non-setuid program, there are not many scenarios under which it poses a vulnerability, unless unzip is passed long arguments when it is invoked from other programs.
Alerts:	Red Hat RHSA-2007:0203-02 2007-05-01 Fedora-Legacy FLSA:180159 2006-04-04 Debian DSA-1012-1 2006-03-21 Mandriva MDKSA-2006:050 2006-02-27 Ubuntu USN-248-2 2006-02-15 Ubuntu USN-248-1 2006-02-13 Fedora FEDORA-2006-098 2006-02-06

Comments (1 posted)

w3c-libwww: possible stack overflow

Package(s):	w3c-libwww	CVE #(s):	CVE-2005-3183
Created:	October 14, 2005	Updated:	May 2, 2007
Description:	xtensive testing of libwww's handling of multipart/byteranges content from HTTP/1.1 servers revealed multiple logical flaws and bugs in Library/src/HTBound.c
Alerts:	Red Hat RHSA-2007:0208-02 2007-05-01 Ubuntu USN-220-1 2005-12-01 Mandriva MDKSA-2005:210 2005-11-09 Fedora FEDORA-2005-953 2005-10-07 Fedora FEDORA-2005-952 2005-10-07

Comments (1 posted)

webcalendar: missing input sanitizing

Package(s):	webcalendar	CVE #(s):	CVE-2007-1343
Created:	March 16, 2007	Updated:	March 21, 2007
Description:	It was discovered that WebCalendar, a PHP-based calendar application, insufficiently protects an internal variable, which allows remote file inclusion.
Alerts:	Debian DSA-1267-1 2007-03-15

Comments (none posted)

wordpress: cross-site scripting

Package(s):	wordpress	CVE #(s):	CVE-2007-1049
Created:	March 5, 2007	Updated:	March 21, 2007
Description:	A Cross-site scripting (XSS) vulnerability in the wp_explain_nonce function in the nonce AYS functionality (wp-includes/functions.php) for WordPress 2.0 before 2.0.9 and 2.1 before 2.1.1 allows remote attackers to inject arbitrary web script or HTML via the file parameter to wp-admin/templates.php, and possibly other vectors involving the action variable.
Alerts:	Gentoo 200703-23 2007-03-20 Debian-Testing DTSA-34-1 2007-03-03

Comments (none posted)

xine: format string vulnerabilities

Package(s):	xine	CVE #(s):	CVE-2007-0017
Created:	January 23, 2007	Updated:	August 10, 2007
Description:	Multiple format string vulnerabilities in (1) the cdio_log_handler function in modules/access/cdda/access.c in the CDDA (libcdda_plugin) plugin, and the (2) cdio_log_handler and (3) vcd_log_handler functions in modules/access/vcdx/access.c in the VCDX (libvcdx_plugin) plugin, in VideoLAN VLC 0.7.0 through 0.8.6 allow user-assisted remote attackers to execute arbitrary code via format string specifiers in an invalid URI, as demonstrated by a udp://-- URI in an M3U file.
Alerts:	Mandriva MDKSA-2007:154 2007-08-09 Debian DSA-1252-1 2007-01-27 Mandriva MDKSA-2007:027 2007-01-26 Gentoo 200701-24 2007-01-26 SuSE SUSE-SA:2007:013 2007-01-23

Comments (none posted)

xine-lib: arbitrary code execution

Package(s):	xine-lib	CVE #(s):	CVE-2007-1387
Created:	March 13, 2007	Updated:	April 1, 2008
Description:	Moritz Jodeit discovered that the DirectShow loader of Xine did not correctly validate the size of an allocated buffer. By tricking a user into opening a specially crafted media file, an attacker could execute arbitrary code with the user's privileges.
Alerts:	Debian DSA-1536-1 2008-03-31 Mandriva MDKSA-2007:062 2007-03-13 Mandriva MDKSA-2007:061 2007-03-13 Ubuntu USN-435-1 2007-03-12

Comments (none posted)

xine-lib: buffer overflow

Package(s):	xine-lib	CVE #(s):	CVE-2006-6172
Created:	December 5, 2006	Updated:	June 5, 2007
Description:	A buffer overflow was discovered in the Real Media input plugin in xine-lib. If a user were tricked into loading a specially crafted stream from a malicious server, the attacker could execute arbitrary code with the user's privileges.
Alerts:	Mandriva MDKSA-2007:112 2007-06-04 Gentoo 200702-11 2007-02-27 Debian DSA-1244-1 2006-12-28 Gentoo 200612-02 2006-12-09 SuSE SUSE-SR:2006:028 2006-12-08 Mandriva MDKSA-2006:224 2006-12-05 Ubuntu USN-392-1 2006-12-04

Comments (none posted)

xine-lib: buffer overflow

Package(s):	xine-lib	CVE #(s):	CVE-2006-1664
Created:	April 27, 2006	Updated:	February 27, 2008
Description:	xine-lib does an improper input data boundary check on MPEG streams. A specially crafted MPEG file can be created that can cause arbitrary code execution when the file is accessed.
Alerts:	Gentoo 200802-12 2008-02-26 Gentoo 200604-16 2006-04-26

Comments (none posted)

xinit: race condition

Package(s):	xinit	CVE #(s):	CVE-2006-5214
Created:	October 17, 2006	Updated:	August 9, 2007
Description:	A race condition allows local users to see error messages generated during another user's X session. This could allow potentially sensitive information to be leaked.
Alerts:	Fedora FEDORA-2007-659 2007-08-08 Fedora FEDORA-2007-1409 2007-08-02 Ubuntu USN-364-1 2006-10-16

Comments (1 posted)

X.org: local privilege escalations

Package(s):	xorg-x11	CVE #(s):	CVE-2006-4447
Created:	August 28, 2006	Updated:	April 30, 2007
Description:	Several X.org libraries and X.org itself contain system calls to set*uid() functions, without checking their result. Local users could deliberately exceed their assigned resource limits and elevate their privileges after an unsuccessful set*uid() system call. This requires resource limits to be enabled on the machine.
Alerts:	Gentoo 200704-22 2007-04-27 Mandriva MDKSA-2006:160 2006-08-31 Gentoo 200608-25 2006-08-28

Comments (none posted)

Page editor: Jonathan Corbet

Kernel development

Brief items

Kernel release status

The current 2.6 prepatch is 2.6.21-rc5, released on March 25. It contains a number of fixes, including a set for timer-related regressions. Says Linus: "Those timer changes ended up much more painful than anybody wished for, but big thanks to Thomas Gleixner for being on it like a weasel on a dead rat, and the regression list has kept shrinking." See the long-format changelog for the details.

Several dozen fixes have been merged into the mainline git repository since -rc5 was released.

The current -mm tree is 2.6.21-rc5-mm2. Recent changes to -mm include a new lumpy reclaim patch, an updated deadline staircase (formerly RSDL) scheduler, a number of futex enhancements, and the integrity management patch set (see below).

The current stable 2.6 kernel is 2.6.20.4, released on March 23.

For older kernels: 2.6.16.45 was released with several fixes on March 26.

In the 2.4 world, 2.4.34.2 was released on March 24; it only contains two changes. 2.4.35-pre2 is also out with a rather larger set of fixes.

Comments (none posted)

Kernel development news

Quotes of the week

-- Andrew Morton

-- Rusty Russell

-- Greg Kroah-Hartman.

Comments (10 posted)

Application-friendly kernel interfaces

The "hugetlb" feature of the kernel allows applications to create and use "huge" pages in memory. These pages use a special page table mode which allows a single page table entry to provide the translation for up to 16MB of contiguous memory (on some architectures). The advantage to doing things this way is that references to the entire huge page only take up one slot in the translation lookaside buffer (TLB), and that can have good effects on performance.

Access to huge pages is through the hugetlbfs filesystem. Hugetlbfs is a virtual filesystem much like tmpfs, but with a twist: mappings of files within the filesystem use huge pages. It's not possible to do normal reads and writes from this filesystem, but it is possible to create a file, extend it, and use mmap() to map it into virtual memory. This interface gets the job done, but it's evidently a little too involved for some application programmers.

To make life simpler, Ken Chen has proposed /dev/hugetlb. This device is much like /dev/zero, except that it uses huge pages. Applications can simply open the device and use mmap() to create as much huge-paged anonymous memory as they need. The patch is simple and seemingly uncontroversial; Andrew Morton did note, though:

He goes on to observe, however, that getting yet another library distributed widely can be a difficult task - to the point that it's easier to just add more functionality within the kernel itself. He concludes: "This comes up regularly, and it's pretty sad."

In a separate message, Andrew talked about how kernel interfaces should be designed in general:

In many cases, the C library fills this role by providing a more application-friendly interface to kernel calls. But there are limits to how much code even the glibc developers want to stuff into the library, and things like a friendlier huge page interface may be on the wrong side of the line. A separate library for developers trying to do obscure and advanced things with the kernel might be the right solution.

The right solution, Andrew suggests, is to have a user-space API library which is maintained as part of the kernel itself. That would keep oversight over the API and help to ensure that the library is maintained into the future while minimizing the amount of code which goes into the kernel solely for the purpose of creating friendlier interfaces. Somebody would have to step up to create and maintain that library, though; as of this writing, volunteers are in short supply.

Comments (7 posted)

Deferrable timers

The dynamic tick code featured in the upcoming 2.6.21 kernel seeks to avoid processor wakeups by turning off the period timer tick when nothing is happening. Before stopping the clock, the kernel must decide when it should wake up again; this decision involves looking at the timer queue to see when the next timer expires. In the absence of other events (hardware interrupts, for example), the system will sleep until the nearest timer is due.

Many of these timers should, in fact, run as soon as the requested period has expired. Others, however, are less important - to the point that they are not worth waking up the processor. These non-critical timeouts can run some fraction of a second later (when the processor wakes up for other reasons) and nobody will notice the difference. So it would be nice if there were a way to tell the kernel that a specific timer does not require immediate action on expiration and that the processor should not wake up for the sole purpose of handling it.

Venki Pallipadi has created such a way with the deferrable timers patch. There is just one new function added to the internal kernel API:

    void init_timer_deferrable(struct timer_list *timer);

Timers which are initialized in this fashion will be recognized as deferrable by the kernel. They will not be considered when the kernel makes its "when should the next timer interrupt be?" decision. When the system is busy these timers will fire at the scheduled time. When things are idle, instead, they will simply wait until something more important wakes up the processor.

Venki appears to have gone to great length to minimize the changes required by this patch. So, in particular, the timer_list structure does not change at all. Instead, the low-order bit on an internal pointer (which is known to always be zero) is repurposed as a "deferrable" flag. The result is that the timer_list structure does not grow to support this new functionality, at the cost of requiring all code using the internal base pointer to mask out the "deferrable" bit.

The patch, as presented, only affects timers used within the kernel; no code has been changed to actually use deferrable timers yet. There could be potential in extending this interface somehow to user space. Our user space remains full of applications which feel the need to wake up frequently to check the state of the world; these applications are a real problem for power-limited systems. If those applications truly cannot be fixed, perhaps they could at least indicate a willingness to wait when nothing important is going on.

Comments (2 posted)

Integrity management in the kernel

Certain patches seem to pop up occasionally on the kernel lists for years. One of those is the whole integrity management patch set from IBM; these patches were last covered here in November, 2005. They are back for consideration yet again. Integrity management still looks like it is not ready for inclusion into the mainline, but it is getting closer; at some point it will force consideration of some interesting questions.

The core idea behind integrity management is providing some sort of assurance that the files on the system have not been messed with. David Safford described it this way:

The current patches work, at the lowest level, by defining a new set of security module hooks for an "integrity provider." The provider can hook into system calls which access or execute files and check the integrity of those files; should it conclude that Bad Things have happened, access to the files can be denied. On top of that is the EVM ("extended verification module") code, which checks the integrity of files (and their metadata) by checksumming them and comparing the result with a value stored as an extended attribute. The IBAC (integrity-based access control) module can then use EVM and the LSM hooks to allow or deny access to files based on the conclusions reached by the integrity checker.

All of this can work using a passphrase supplied by the system administrator, but the intended mode of operation uses the trusted platform module (TPM) built into an increasing number of computers. With cooperation from the system's BIOS, the TPM can do an effective job of checksumming the software running on the system. The TPM also performs basic cryptographic functions, like signing the checksums used to verify the integrity of files. The key aspect of the system, though, is that the TPM can be set up to create these signatures only if the checksums for the running system match a set of pre-configured values. The end result is that the checksums associated with files cannot be changed on another system or by booting a different kernel - at least, not in a way which preserves their value as checksums. If the system holds together as advertised, it should be able to prevent attacks based on changing the files used by the system.

Beyond that, this system supports remote attestation: providing a TPM-signed checksum to a third party which proves that only approved software is running on the system.

There are clear advantages to a structure like this. A Linux-based teller machine, say, or a voting machine could ensure that it has not been compromised and prove its integrity to the network. Administrators in charge of web servers can use the integrity code in similar ways. In general, integrity management can be a powerful tool for people who want to be sure that the systems they own (or manage) have not be reconfigured into spam servers when they weren't looking.

The other side of this coin is that integrity management can be a powerful tool for those who wish to maintain control over systems they do not own. Should it be merged, the kernel will come with the tools needed to create a locked-down system out of the box. As these modules get closer to mainline confusion, we may begin to see more people getting worried about them. Quite a few kernel developers may oppose license terms intended to prevent "tivoization," but that doesn't mean they want to actively support that sort of use of their software. Certainly it would be harder to argue against the shipping of locked-down, Linux-based gadgets when the kernel, itself, provides the lockdown tools.

For now, that issue can be avoided; there are still plenty of more mundane problems with this patch set. But, sooner or later, the integrity management developers are going to get past the lower-level issues; they have certainly shown persistence in working on this patch. Based on his prior statements, Linus is unlikely to oppose the merging of these modules once they are ready. Whether the rest of the development community will be so welcoming remains to be seen.

Comments (6 posted)

Patches and updates

Kernel trees

• Linus Torvalds: Linux 2.6.21-rc5. (March 25, 2007)

• Andrew Morton: 2.6.21-rc5-mm1. (March 27, 2007)

• Andrew Morton: 2.6.21-rc5-mm2. (March 27, 2007)

• Greg KH: Linux 2.6.20.4. (March 24, 2007)

• Adrian Bunk: Linux 2.6.16.45. (March 27, 2007)

• Adrian Bunk: Linux 2.6.16.45-rc1. (March 26, 2007)

• Willy Tarreau: Linux 2.4.35-pre2. (March 24, 2007)

• Willy Tarreau: Linux 2.4.34.2. (March 24, 2007)

Core kernel code

• Con Kolivas: RSDL cpu scheduler v 0.33. (March 23, 2007)

• Con Kolivas: Staircase deadline v0.36. (March 27, 2007)

• Con Kolivas: [RFC] sched: accurate user accounting. (March 26, 2007)

• Nick Piggin: 2.6.21-rc4 nicksched v32. (March 26, 2007)

• Venki Pallipadi: Add support for deferrable timers (respun). (March 28, 2007)

Development tools

• Wink Saville: Documention for trace records (trec).. (March 26, 2007)

Device drivers

• Yan Burman: [PATCH 2.6.21-rc4] hwmon: HP Mobile Data Protection System 3D ACPI driver. (March 26, 2007)

• Artem Bityutskiy: UBI: Unsorted Block Images. (March 26, 2007)

• Paul Sokolovsky: Virtual methods for devices and generalized GPIO support using it. (March 27, 2007)

Filesystems and block I/O

• Dan Williams: md raid5 acceleration and async_tx. (March 26, 2007)

Janitorial

• Adrian Bunk: the scheduled eepro100 removal. (March 26, 2007)

• Jan Beulich: remove pci_dac_dma_... APIs. (March 27, 2007)

Memory management

• Christoph Lameter: Quicklists for page table pages V4. (March 23, 2007)

• Benjamin Herrenschmidt: Pass MAP_FIXED down to get_unmapped_area. (March 26, 2007)

• Ken Chen: rfc: introduce /dev/hugetlb. (March 26, 2007)

Networking

• Evgeniy Polyakov: Unified dynamic storage for different socket types instead of separate hash tables.. (March 23, 2007)

• Johannes Berg: cfg80211/nl80211 updates. (March 26, 2007)

Architecture-specific

• Nick Piggin: queued spinlocks (i386). (March 23, 2007)

• Jeremy Fitzhardinge: Add smp_ops interface. (March 28, 2007)

Security-related

• Mimi Zohar: integrity service framework and provider. (March 24, 2007)

• Mimi Zohar: integrity: EVM as an integrity service provider. (March 24, 2007)

• Mimi Zohar: integrity: TPM internal kernel interface. (March 24, 2007)

• Mimi Zohar: SLIM Integrity Patch. (March 24, 2007)

• Mimi Zohar: IBAC Patch. (March 24, 2007)

Virtualization and containers

• Rusty Russell: Cleanup: rationalize paravirt wrappers. (March 23, 2007)

• Jeremy Fitzhardinge: Revised softlockup watchdog improvement patches. (March 28, 2007)

Miscellaneous

• Miklos Szeredi: add file position info to proc. (March 26, 2007)

• Kay Sievers: udev 107 release. (March 26, 2007)

Page editor: Jonathan Corbet

Distributions

How to vote in the Debian Project Leader election

Those who looked at the statistics packaged with the second call for votes in this year's Debian Project Leader election noticed something interesting: 54 ballots, so far, have been rejected by the election system. That is rather higher than last year's total (14, at the end of the election). So, it was asked, what's going on and how does one actually manage to cast a valid ballot this year?

The problem, as it turns out, is that one of the candidates (Raphaël Hertzog) has a non-ASCII character in his name. Evidently, this is the first time such a name has shown up on the Debian ballot. Mr. Hertzog's difficult name is creating trouble for certain Debian developers who are using electronic mail clients which, it seems, have not entirely kept up with the times. Debian, it seems, is shipping software which cannot send a valid vote in its own elections.

A number of possible remedies have been discussed. Asking Mr. Hertzog to change his name seemed like a bit of a non-starter, though he did indicate his willingness to accept a non-accented version of his name in the ballot. It was suggested the the vote-accepting software could be fixed to accept ballots with corrupted names or to accept a non-accented alternative, but the Debian project secretary (Manoj Srivastava) is not enthusiastic about those ideas:

Finally, it was also suggested that developers with non-ASCII names should simply be ruled ineligible for the Project Leader position, but that eminently sensible idea fell on deaf ears as well.

So, for Debian developers who are having trouble voting, the options seem to come down to this: "I think your options are to send in an ascii armored encrypted ballot, or use mutt or gnus to send a proper PGP/MIME signed ballot. Either should work." Then, perhaps, the Debian developers can work on fixing various old mail clients for etch+1.

Comments (none posted)

New Releases

pure:dyne 2.3.52 release

Pure:dyne is a GNU/Linux Live CD distribution for media artists. "The pure:dyne project provides tools and an optimized platform to try out and work on a large range of applications. It comes with optimized and tested software such as Supercollider, Icecast, csound, Packet Forth, fluxus and much more, including of course Pure Data and a great collection of essential externals and abstractions (PDP, PiDiP, Gem, GridFlow, RRadical, PixelTango ...). The Studio "classics" have not been forgotten (Ardour, LADSPA, seq24, Audacity ...) and numerous essential graphics software are also bundled (Inkscape, Gimp, Blender ...)."

Full Story (comments: none)

Ubuntu 7.04 Beta released

Ubuntu has released the first beta for version 7.04, aka Feisty Fawn. Desktop highlights include a Windows migration tool, easy-to-install codec wizards and plug and play network sharing with Avahi. "Ubuntu 7.04 server edition adds support for hardware facilities that speed up the use of virtual machines as well as other improved hardware support, making it an excellent choice as a web, database, file and print server, the fastest growing area of Linux server use." The full release notes can be found here. The Kubuntu beta is also available.

Full Story (comments: 5)

Announcing XORP Release 1.4

Release 1.4 of XORP, the eXtensible Open Router Platform, is available. "The major new feature with this release is: OSPFv3 (draft-ietf-ospf-ospfv3-update-14.txt) In addition, this release contains numerous bug fixes." XORP is released under the BSD license and builds on DragonFlyBSD-1.8, FreeBSD-6.2, Linux Fedora Core6, Linux Debian-3.1 (sarge), NetBSD-3.1 and OpenBSD-4.0.

Full Story (comments: none)

Terra Soft Released YDL v5.0.1 for Apple PowerPC

Terra Soft has released Yellow Dog Linux v5.0.1 for Apple G3, G4, and G5 computers. Yellow Dog Linux v5.0.1 adds more than 500 package updates to the operating system released last fall for the Sony Computer Entertainment PLAYSTATION(R)3 with support for the former Apple PowerPC product line.

Full Story (comments: none)

Distribution News

Debian announcements

Debian developers have voted for a general resolution that will enable those developers currently allowed to perform combined source and binary packages uploads to also perform binary-only packages uploads for the same set of architectures.

A call for testing of the sarge to etch upgrade path has gone out. "Any upgrade tests that could be done over the next days to verify this procedure would be most welcome. Please file a bug in the BTS against "upgrade-reports" with your results."

A second call for votes was followed by another call for votes in the Debian Project Leader Elections. Votes must be received by the end of April 7, 2007.

Comments (none posted)

Mandriva Linux 2007 Spring: Here Comes The Spring

Mandriva is announcing the upcoming release of its new distribution: Mandriva Linux 2007 Spring. Mandriva Linux 2007 Spring provides Metisse (another 3D window manager) and the newest versions of Compiz and Beryl 3D-accelerated desktops. Mandriva will also distribute O3Spaces Workplace as part of the Corporate Server 4 and Mandriva Linux Powerpack+ 2007 Spring editions. O3Spaces Workplace is an enterprise extension for OpenOffice.org.

Full Story (comments: none)

YaST, LiMaL, libzypp mailing lists now @openSUSE.org

OpenSUSE has new mailing lists for the discussion of the YaST, ZYPP and LiMaL projects. YaST is the installation and configuration tool for SuSE Linux. libzypp is the integration of SUSE's yast2 Package manager and Ximian's libredcarpet. LiMaL (Linux Management Library) provides a system library style, object oriented way of access to the operating system.

Full Story (comments: none)

March meeting of PC-BSD Core

PC-BSD is a desktop operating system featuring KDE 3.5, based on FreeBSD. Tim McCormick, lead developer of PC-BSD, has posted a summary of the March meeting of the PC-BSD core team. Topics include documentation and product life-cycle.

Comments (none posted)

Distribution Newsletters

Gentoo Weekly Newsletter

The Gentoo Weekly Newsletter for March 19, 2007 looks at the Dell Linux survey, Gentoo/Java changes, Firefox 1.5 upcoming removal, Developer of the week (welp) and several other topics.

Comments (none posted)

Ubuntu Weekly News: Issue #33

The Ubuntu Weekly Newsletter for March 24, 2007 covers Feisty Fawn's beta release, newly approved Ubuntu members, the big effort the "Ubuntu Desktop Effects" team is doing, and all the buzz about Ubuntu going on in the press and the blogosphere.

Full Story (comments: none)

DistroWatch Weekly, Issue 195

The DistroWatch Weekly for March 26, 2007 is out. "As expected, the developers of the Ubuntu family of Linux distributions announced their beta releases late last week, edging towards that last month of intensive debugging before the final release. Other distributions are also hard at work: Mandriva has announced details about the upcoming Mandriva 2007 "Spring", KNOPPIX has delivered a new CeBIT DVD to the attendees of the popular show in Hannover, and Fedora is expected to publish its third development build, version 7 test3, in just a few days. In other news, Red Hat unveils plans for a new desktop distribution, Ian Murdoch criticises the project he founded for lacking strong leadership, and François Bancilhon is dismayed by the decision of the French Assemblée Nationale to choose Ubuntu over Mandriva for its Windows-to-Linux migration."

Comments (none posted)

Newsletters and articles of interest

Mandriva Linux Spring 2007 Edition to Arrive Soon (Linux Electrons)

Linux Electrons looks forward to the release of Mandriva 2007 Spring. "What is the key innovation of Spring? The breakthrough technology presented last January during the Solutions Linux event in Paris: Metisse, an innovative window management technology. Unlike the widely known 3D-accelerated desktops with the "cube" effect and other visual enhancements, Metisse offers an innovative way to manage windows: only the windows move, making the possible variations endless! Metisse is not a 3D-accelerated desktop but a Human-Computer Interface (HCI) technology that revolutionizes the user experience."

Comments (none posted)

Here come the RHEL 5 clones (Linux-Watch)

Linux-Watch looks at the upcoming release of Startcom Enterprise Linux AS-5.0.0 and other RHEL 5 clones. "Of course if you go with a cloned RHEL, while you get the code goodies, you don't get Red Hat's support. Various Red Hat clone distributions, such StartCom AS-5, CentOS, and White Box Enterprise Linux, are built from Red Hat's source code, which is freely available at the Raleigh, NC company's FTP site. The "cloned" versions alter or otherwise remove non-free packages within the RHEL distribution, or non-redistributable bits such as the Red Hat logo."

Comments (none posted)

Distribution reviews

Review: Dreamlinux 2.2 (Linux.com)

Linux.com reviews Dreamlinux 2.2. "When it comes to choosing a Linux distribution, people tend to stick with the major players, such as Ubuntu, SUSE, or Fedora. However, every once in a while a distro comes along that offers a look at Linux in a new and fun way. One such distribution is Dreamlinux, a Morphix-based implementation of Linux that can be run from a single CD or installed on a hard drive. Dreamlinux 2.2 aims to offer a full range of desktop applications while providing a wealth of multimedia tools for easy production of professional-grade media."

Comments (none posted)

Page editor: Rebecca Sobol

Development

KDE 4 gets more Hot New Stuff

Since KDE 3.3 was released in 2004, KDE applications have used the KDELibs library KNewStuff to implement a simple interface for downloading and installing content from a centralized server. Its successor, KNewStuff 2 (KNS 2), is gearing up to give KDE 4 users new options for uninstalling content, content synchronization, the ability to rate content directly from the application interface, a dramatically faster interface, and more. KNewStuff 2 will be compliant with the FreeDesktop.org GetHotNewStuff specification (GHNS), developed as a cross-desktop standard based on the original KNewStuff design.

Like its predecessor, KNS 2 will act as a sort of per-application package management system for content. HotNewStuff content differs by application, ranging from visual themes for Amarok to object position data for KStars. In KDE 3, Hot New Stuff can be installed in participating applications via a KNS 1 dialog which lists content by user rating scores, download rate, or release date.

Arguably the most noticeable improvement to KNS will be the content data caching feature, which should make the interface significantly faster. Content data primarily consists of preview pictures and metadata such as the name, description, and rating of each content item. In KDE 3, the user must wait for this content data to download before the KNS dialog appears. The KNS 2 dialog will open immediately with cached data and update the cache transparently in the background. The interface will be updated with new data as it arrives - though KNS' exact protocol for updating its interface based on this data will not be finalized until the KDE 4 Usability and Accessibility Review period from May 8th to June 1st.

KNS 2 will introduce Desktop Exchange Service (DXS) support. KNS 1 presents content items in lists sorted by highest rating, most downloads, or release date. The ratings it uses come from user ratings made through web-interfaces such as KDE-Look.org. By using DXS, content providers will be able to integrate this rating system directly into applications by using a CGI-like script. If application developers support DXS, users will be able to upload content ratings and even leave text comments without having to open a web browser. Additionally, DXS integration will add support for content searching by keyword and allow users to "subscribe" to content and be notified of updates.

Content management will also be greatly improved in KNS 2. It will keep a record of content files and files extracted from content archives. KNS 1 is not capable of uninstalling content, but KNS 2 will be able to do so by simply referring to its record of installed files and deleting any associated with a content item. Like version one, KNS 2 will be able to recognize when content has been updated. Although KNS 2 is not capable of automatically downloading updated content, it will indicate to the user that the update is available.

KNS 2's content management features will also resolve some distribution issues that occur with KNS 1. In the event that an application ships with some content data already installed, KNS 1 is not able to detect it and will indicate to the user that it is not installed. Moreover, it cannot indicate to the user whether or not this content is the latest version or not. KNS 2 will recognize these content packages and treat them like any other content it has installed.

In addition to being able to upgrade installed content through the KNS 2 interface, KDE 4 users will be able to automatically synchronize some content over the Internet or a private network. Content providers can offer automatic synchronization by listing references to files on a network rather than the files themselves. When the application attempts to access this quasi-installed content, it will have to fetch it from the server using KIO rather than a local directory. In this way, the content will always appear up to date to the user.

KOrganizer is among those applications that will benefit greatly from synchronization functionality. Users may use KNS 2 to install public calendar listings, for instance, holidays or company events which will then appear alongside the users' own calendar entries in KOrganizer. If KNS 2 installs these calendars as remote links rather than local content, users will be kept aware of newly added events or other calendar changes.

KNewStuff2 will be included in KDELibs for KDE 4. Lead developer Josef Spillner is already well into the coding of KNS 2. He quips, "There is already more code for it than what its predecessor had, although more might not always be better." He is currently working to integrate KNewStuff with the SVN development version of KDELibs 4, marking the implementation of basic downloading and uploading functionality. Spillner plans to release a new developer tutorial soon.

Spillner believes the developer tutorial for KNS 1, which walked KDE 3 application developers through implementing GHNS functionality, was partly responsible for his library's fairly wide adoption. KDE 3 applications such as Korganizer, Kopete, SuperKaramba, Amarok, and many KDE Edutainment applications such as KStars all use KNS to deliver content such as interface themes and templates to users.

There is reason to believe that KDE 4 applications will adopt KNS on a wider scale than was seen in KDE 3. Spillner notes that several common hesitations that prevented application developers from adding KNS support in KDE 3 have been fixed. He writes, "The inelastic installation methods turned out to be the obstacle which probably prevented more apps from using it." KNS 2's uninstallation functionality should eliminate this obstacle. Moreover, he believes that developers will not have to write as much code to integrate KNS, as "simple configuration files" have replaced what previously required lines of code, in many places.

KNewStuff2 also retains two features from its predecessor that perhaps saw less use than they deserved: data verification and uploading. Since KDE 3.4, the KNewStuffSecure class has allowed application developers to implement md5 hash and gpg signature checks for Hot New Stuff. Unfortunately, this class is currently separate from the original KNewStuff. By integrating these verification features into KNS 2, it may prove more visible and popular among developers. KNS 1 is capable of handling user uploading without requiring a web interface, though there has been almost no implementation outside a few of Spillner's own games. KNS 2 will also support uploading, and may switch from using the FTP protocol to the more secure WebDAV. HotStuff server administrators could then allow users to register to upload content or do so anonymously.

For KDE 4, Spillner is also removing what is perhaps the greatest barrier to KNS integration: server requirements. KNewStuff must get its content from a server running HotStuff. For KDE 3 applications, this often meant that application developers needed to build and maintain their own HotStuff server. Shortly, however, KDE will begin to offer a general HotStuff server and a web interface at data.kde.org. The Oregon State University Open Source Lab has agreed to host the server on a Xen box alongside the KDE news site, The Dot. Spillner still encourages developers to run their own HotStuff servers, but general distribution points such as data.kde.org and KDE-Look.org will be available for those developers who do not want to burden themselves.

Spillner is setting his sights on KDE Games and KOffice integration for KNS 2. Many KDE Games applications already implement KNS, but Spillner would like to see adoption throughout the entire Games module. At least one of KOffice's many components, the database manager Kexi, already uses KNS. Spillner sees the remainder of KOffice as another excellent opportunity for KNS growth: "In organizations, there is often a need for keeping templates up to date regarding the corporate design, contact data and so on. KNewStuff could be of great use here." Organizations could host a GHNS server for employees and synchronize templates among them using KNS 2's remote content synchronization feature.

The GHNS specification is broadly defined by the "idea of collaborative work" statement posted on its website: "Free desktops empower their users to work together over the internet, and share their ideas, artwork, scripts and files. The missions of GHNS is to provide the necessary infrastructure on the client, the server and the protocols in between." More specifically, the specification outlines the GHNS standard for distributing and centralizing data.

The GHNS project has developed or inspired both server-side and client-side implementations of this standard. Client-side GHNS software includes KNS and the SDLNewStuff Python library for games. Additional client implementations include the incomplete Get Hot New Stuff for Java and the unmaintained GNOME Art. Spillner notes that the SDLNewStuff library has had significant adoption among game designers for sharing content such as level designs and themes. He writes, "In Chess, for example, fiddly game positions are exchanged in the standard PGN format. Using KNewStuff or other GHNS client libraries, those can easily be retrieved from within the game."

Server-side GHNS software consists of the HotStuff web interface and backend scripts, as well as the DXS service. Major content providers supporting the GHNS specification include KDE-look.org and KDE-apps.org. Spillner credits KDE-look.org's historical support for KNewStuff as prompting the standardization of GHNS.

As with most FreeDesktop.org-endorsed specifications, Spillner intends for GHNS to have a cross-desktop appeal. In areas where desktop content overlaps, such as wallpapers - where nearly any desktop can use the same data files, the benefits of cross-desktop GHNS compatibility is obvious. With the lapse of GNOME Art, KDE has become - once again - the only desktop which has significant support for GHNS. Spillner would like this to change in the coming months. In his words, "My main focus right now is on development, but advocacy will certainly become more important again once KNewStuff2 is in a state where we can show off with it and trigger proponents of other desktops to rival it."

Development on KNS 2's content management dialog has only just begun. Spillner will be designing the interface in collaboration with KDE Usability experts. Spillner plans for the interface to be very customizable by application developers. As an example, he describes an interface for dynamically listing content in menus, like Live Bookmarks. Spillner will give a comprehensive presentation on KNewStuff 2 at the Akademy 2007 conference in Glasgow, Scotland June 30th to July 8th.

Comments (4 posted)

System Applications

Database Software

Firebird sub-release 2.0.1

Sub-release 2.0.1 of the Firebird DBMS has been announced. "This is the first sub-release since the 2.0 release in November, 2006. It adds no new features (those are coming in v.2.1) but provides a large number of bug-fixes and a few improvements. It is highly recommended that v.2.0 installations be upgraded to get the benefits of these."

Comments (none posted)

PostgreSQL Weekly News

The March 25, 2007 edition of the PostgreSQL Weekly News is online with the latest PostgreSQL DBMS articles and resources.

Full Story (comments: none)

Embedded Systems

BusyBox 1.5.0 released

Unstable version 1.5.0 of BusyBox, a collection of command line utilities for embedded systems, is out with a lot of new features. "Since this is a x.x.0 release, it probably does not deserve "stable" label. Please help making 1.5.1 stable by testing 1.5.0."

Comments (none posted)

Interoperability

Samba 3.0.25 pre 2 released

Version 3.0.25 pre2 of Samba has been announced. "This is the second preview release of the Samba 3.0.25 code base and is provided for testing only. This release is *not* intended for production servers. There has been a substantial amount of development since the 3.0.23/3.0.24 series of stable releases. We would like to ask the Samba community for help in testing these changes as we work towards the next significant production upgrade Samba 3.0 release."

Full Story (comments: none)

Security

Metasploit Framework 3.0 released

Version 3.0 of the Metasploit Framework, a development platform for creating security tools and exploits, is available. "Version 3.0 contains 177 exploits, 104 payloads, 17 encoders, and 3 nop modules. Additionally, 30 auxiliary modules are included that perform a wide range of tasks, including host discovery, protocol fuzzing, and denial of service testing."

Full Story (comments: none)

Web Site Development

Announcing Django 0.96

Version 0.96 of the Django web development platform has been announced. "The primary goal for 0.96 was a cleanup and stabilization of the features introduced in 0.95. The release notes cover the few backwards-incompatible changes, but for most people the upgrade process should be simple. One particular change affects users of MySQL on older servers: If you get an error about Django requiring a newer version of MySQLdb, you'll need to either upgrade MySQLdb to 1.2.1p2 or later, or switch your DATABASE_ENGINE setting to "mysql_old"."

Comments (none posted)

Plone 3.0-beta1 is out

Version 3.0-beta1 of the Plone web development platform has been released. "With this release the Plone 3.0 tree is now feature complete: all new features are included this release. Some are optional and not enabled by default (iterate staging, OpenID authentication, the new NuPlone skin)."

Full Story (comments: none)

Silva 1.6 Final released

Version 1.6 of Silva has been released. "Infrae has released version 1.6 of the Silva content management system. This release brings a range of improvements and several key new features, such as automatic PDF and Word file fulltext indexing, Atom/RSS feeds from containers, ‘classic’ list-based menu rendering, and additions to the documentation. Performance has been significantly improved by changing how containers are published and optimizing calls to the metadata service."

Full Story (comments: none)

Desktop Applications

Audio Applications

CLAM 1.0 released

Version 1.0 of CLAM, a software framework for research and application development in the audio and music domains, is out. "We are very happy to announce the CLAM 1.0 "Berlin" release while having splendid views of the Alps in the flight to Berlin for the Linux Audio Conference. This release is indeed a major milestone for the project and it opens a door to the development of exciting new features, so keep tuned! Apart of these big changes expect also bug fixes (yes 1.0 have bugs) as we move on."

Full Story (comments: none)

Vamp audio analysis plugin API 1.0 released

Version 1.0 of the Vamp Plugin API and software developers kit has been announced. "Vamp is a plugin API for audio analysis and feature extraction plugins written in C or C++. Its SDK features an easy-to-use set of C++ classes for plugin and host developers, a reference host implementation, example plugins, and documentation. It is supported across Linux, OS/X and Windows. The Vamp plugin API is also used by the Sonic Visualiser audio visualisation and analysis application."

Full Story (comments: none)

Desktop Environments

GNOME Software Announcements

The following new GNOME software has been announced this week:

• Gimmie 0.2.6 (new features and bug fixes)
• GNOME Power Manager 2.18.1 (bug fixes and translation work)
• Gnome Subtitles 0. (new features and bug fixes)
• gThumb 2.10.0 (new features)
• Libgda/Libgnomedb 2.99.6 (new features, bug fixes and translation work)
• libxklavier 3.2 (bug fixes)
• Mergeant 0.66 (API changes, new features and translation work)
• Vala 0.0.8 (new features and bug fixes)

You can find more new GNOME software releases at gnomefiles.org.

Comments (none posted)

KDE Software Announcements

The following new KDE software has been announced this week:

• CoverPrint 1.2 (new features)
• Decrypt and Extract Here Service Menu 1.1-4 (bug fix)
• dosbox-pykde 0.1.0 (unspecified)
• improved offline web browsing 0.5 (patches for KDE 3.5.2)
• Ingutie Alpha 0.3 (unspecified)
• k3b 1.0 (release for Ubuntu 7.04)
• kamix 0.6.5 (bug fixes)
• kbtv 1.2.4 (unspecified)
• kdesvn 0.11.2 (bug fixes and translation work)
• kdesvn 0.11.1 (new features, bug fixes and translation work)
• kdevelop 3.4 (release for Kubuntu 7.04)
• Kflickr MOCKUP 1.0 (test release)
• Kima 0.7.1 (new features, bug fixes and translation work)
• kiwi 1.9.14 (new features, bug fixes and translation work)
• KMess 1.5-pre2 (bug fixes)
• kopete-otr 0.1 (initial release)
• KpassDNS 0.2 (new features and bug fixes)
• KRename 3.0.14 (bug fixes)
• Marble 0.3 (beta preview release)
• mp3CONVERT 0.2 (unspecified)
• Qtpfsgui 1.8.3 (new features and bug fixes)
• QuadKonsole 2.0.2 (new feature and bug fix)
• Rosenkoenig 0.6 (unspecified)
• TorK 0.14-beta (new features and bug fixes)
• webarchiver plugin 0.4 (patches for KDE 3.5.2)
• WengoPhone 2.1 rc2 (bug fixes)

You can find more new KDE software releases at kde-apps.org.

Comments (none posted)

The Road to KDE 4: Updates and Addenda (KDE.News)

Troy Unrau looks at changes to KRunner, logout screens, Dolphin, KDE job progress improvements, okular, Kalzium and KOffice in his Road to KDE 4 series. "Well, so far I've published a dozen articles about KDE 4 over the last 12 weeks. A lot of content has been covered, but there is rapid progress still being made on those topics. So, in no particular order, this week's issue deals with addenda and updates to the last 12 articles, so that you can see some of the rapid progress happening as KDE races forward."

Comments (none posted)

Xorg Software Announcements

The following new Xorg software has been announced this week:

• makedepend 1.0.1 (bug fix)
• xf86-video-ati 6.6.191 (new features and bug fixes)
• mkfontdir 1.0.3 (util macros change)
• xf86-video-intel-1.9.93 (new features and bug fixes)
• xf86-video-nv 2.0.1 (bug fixes)
• xserver 1.2.99.903 (new features and bug fixes)
• xload-1.0.2 (bug fixes)

More information can be found on the X.Org Foundation wiki.

Comments (none posted)

Electronics

ASCO 0.4.6 released

Version 0.4.6 of ASCO, a Spice circuit analyzer, is out. "Changes since ASCO 0.4.5: * Improvements in the RF module functionality. * Include support for logarithmic search space for the existing variables. * Code refinements and bug fixes. The dormant code for the RF module has been revised. Some new functionalities have been added. Corrections to compile in win32 and better work with Qucs simulator are included."

Comments (none posted)

Covered 0.5 released

Stable release 0.5 of Covered, a Verilog code coverage analyzer, is available. "This is a new major release of Covered, containing many new features, enhancements, and general improvements to the 0.4.x stable release."

Comments (none posted)

Layout editor 20070319 announced

Release 20070319 of Layout editor, An integrated circuit MEMS layout editor, has been announced on the Open Collector site. "Beside a lot of bugfixes the new version supports multiply undo's and more fill styles."

Comments (none posted)

Mirth 1.4 Released (LinuxMedNews)

LinuxMedNews has announced the release of Mirth 1.4. "The Mirth project is announcing the release of Mirth 1.4, with HL7 v3, X12 (HIPAA X12N), EDI (UN/EDIFACT) and XML message support. Mirth 1.4 includes over 60 bug fixes, improvements and features, as well as a new, powerful development and mapping environment."

Comments (none posted)

Games

Ember 0.4.3 released

The WorldForge game project has announced the release of Ember 0.4.3. "Ember is a 3d client for the WorldForge project. It uses the Ogre 3d graphics library for presentation and CEGUI for its GUI system. This release includes the new libwfut library for media updates, removing the need for an external java updater. It also adds a lot of bug fixes."

Comments (none posted)

Graphics

Dia v. 0.96 released (GnomeDesktop)

Version 0.96 of Dia, a diagramming tool, has been announced. "This version introduces import and export of Visio VDX files, improves the font rendering, adds a sheet of BPMN objects, and has numerous other fixes and improvements. Visio VDX interoperability has been added by Ian Redfern. It is still in a beta stage, but should help those in diverse environments or who want to migrate away from Visio. The font width issues that have plagued Dia the last several releases should now be fixed, both for zooming and for printing."

Comments (none posted)

GUI Packages

Urwid 0.9.8 announced

Version 0.9.8 of Urwid, a command line user interface package, is out. "This release improves Urwid's performance by 70% to 450% (reducing running time by 41% to 82%) for some benchmarks. New base classes have been introduced for widgets, canvases and list walkers. Some bugs have been fixed. Python 2.2 or later is now required."

Full Story (comments: none)

Music Applications

Canorus 0.2.5 is out

Version 0.2.5 of Canorus has been announced. "Canorus development team is happy to announce the new release of Canorus - a free cross-platform music score editor, version 0.2.5. The release took lots of effort from core developers, various contributors, testers and translators. This release mostly brought huge under the hood changes. Among others, the most notible features are the new GUI and LilyPond support."

Full Story (comments: none)

GMIDImonitor 3.2 released

Version 3.2 of GMIDImonitor, a GTK+ application that shows MIDI events, is out. "New in this release: * Fix bug causing stalled midi events after burst followed by silence * Decode jack midi reset message (by Edward Tomasz Napierala) * Add some instructions about using GMIDImonitor."

Full Story (comments: none)

Digital Photography

Qtpfsgui 1.8.3 released

Stable version 1.8.3 Qtpfsgui is out with one new feature, bug fixes and improved documentation. "Qtpfsgui is a Qt4 graphical user interface that provides a workflow for HDR imaging."

Comments (none posted)

Video Applications

Swfdec 0.4.3 released

The swfdec 0.4.3 release is out. This is the version of swfdec contains the updates that make it able to play videos from YouTube. "Swfdec still is development software, but has also followed a rigid no-crashes-allowed policy. I believe it's stable enough now to be installed as a default plugin for people that can live with occasional crashes of their browser."

Full Story (comments: 2)

Web Browsers

Gran Paradiso Alpha 3 Released (MozillaZine)

MozillaZine has announced the release of Gran Paradiso Alpha 3. "Gran Paradiso Alpha 3, an early developer milestone aimed at testers and web application developers, has been released. This is the third milestone on the path to Gecko 1.9. As mentioned earlier, Gran Paradiso is the project codename for Firefox 3. This milestone includes support for Animated PNG (APNG) images and several backend changes for layout, rendering and web applications support."

Comments (none posted)

Miscellaneous

Croquet SDK 1.0 Released

Version 1.0 of the Croquet software development kit has been released. "The kit provides developers with a flexible tool to create virtual spaces with built-in networked telephony and a 'late-binding object-oriented' programming language that allows multiple users to jointly create, animate or modify 3-D objects and dynamic simulations. Developers can also import and share resources, such as 2-D web applications or multimedia content, from their own systems. Working together across multiple locations, they can change simulations while they are running and work together to create new applications -- all in real time." The software can be downloaded from the Croquet Consortium site.

Comments (none posted)

Languages and Tools

Caml

Caml Weekly News

The March 27, 2007 edition of the Caml Weekly News is out with new Caml language articles.

Full Story (comments: none)

Perl

Weekly Perl 6 mailing list summary (O'Reilly)

The March 21, 2007 edition of the Weekly Perl 6 mailing list summary is out with coverage of the latest Perl 6 developments.

Comments (none posted)

Python

Shed Skin Optimizing Python-to-C++ Compiler 0.0.21

Version 0.0.21 of Shed Skin Optimizing Python-to-C++ Compiler has been announced. "I have just released 0.0.21, which comes with the following changes: -important type inference fix/cleanup -support for 'bisect', 'collections.deque' and 'string.maketrans' -improved 'copy' support -support for 'try, else' construction -some optimizations ('dict[..] += ..', "''.join(sorted(str))") -several minor bug fixes".

Full Story (comments: none)

Python-URL! - weekly Python news and links

The March 22, 2007 edition of the Python-URL! is online with a new collection of Python article links.

Full Story (comments: none)

Ruby

Ruby Weekly News

This week's edition of the Ruby Weekly News looks at pulling text from XML documents, interactive help in irb, an upcoming regional conference in North Carolina and more.

Comments (none posted)

Tcl/Tk

Tcl-URL! - weekly Tcl news and links

The March 27, 2007 edition of the Tcl-URL! is online with new Tcl/Tk articles and resources.

Full Story (comments: none)

XML

The Future of XSLT 2.0 (O'Reilly)

Kurt Cagle discusses XSLT 2.0 on O'Reilly. "Kurt Cagle provides some compelling arguments for the importance of XSLT 2.0 in XML applications as we move forward."

Comments (none posted)

IDEs

Pydev 1.3.1 Released

Version 1.3.1 of Pydev and and Pydev Extensions are out with many new features. "PyDev is a plugin that enables users to use Eclipse for Python and Jython development -- making Eclipse a first class Python IDE -- It comes with many goodies such as code completion, syntax highlighting, syntax analysis, refactor, debug and many others."

Full Story (comments: none)

Libraries

PHP OpenID 1.2.2 released

Version 1.2.2 of the JanRain PHP OpenID library is out with bug fixes and optimizations.

Full Story (comments: none)

Page editor: Forrest Cook

Linux in the news

Recommended Reading

Clearing up anti-GPL3 FUD (Linux-Watch)

Bruce Perens looks at some common misconceptions about the GPLv3. "There's been a lot of talk about GPL version 3: whether it goes too far to be acceptable to business, whether the Linux kernel developers will ever switch to it, whether our community will fork or undergo unrest over it. Much of that talk is based on a poor understanding of the GPL3 terms, and with release of the new license imminent, it's time to clear that up."

Comments (65 posted)

Ian Murdock: Making Solaris more like Linux (ZDNet)

ZDNet attended a talk by Ian Murdock shortly after his move to Sun. "You can make a real argument that Solaris innovated more than Linux in the last few years—such as DTrace and ZFS—but usability stands in the way of appreciating that,' Murdock said. 'Part of what we are working on is closing the usability gap so that it doesn’t stand in the way.'"

Comments (10 posted)

Trade Shows and Conferences

Open source at CeBIT 2007 (Linux.com)

Linux.com has this report from CeBIT 2007. "Traditionally, most companies that work with open source software cluster at the Linux Park in Hall 5, and this year was no exception. Nor was there any exception to another CeBIT tradition, namely the release of a new version of Knoppix, which is now at version 5.2. However, this time Klaus Knopper -- Mr. Knoppix himself -- wasn't handing out free disks and answering visitors' questions. Instead, German publisher Heise was selling copies of its C't magazine containing the latest version of Knoppix."

Comments (none posted)

Report from the Decibel Hackathon (KDE.News)

KDE.News has a report from the Decibel Hackathon. "At the Decibel Hackathon sponsored by NL.net and basysKom GmbH in Darmstadt, Germany last weekend, hackers from the KDE community met to discuss the handling of contact data in KDE 4. Read on for a summary of the event."

Comments (none posted)

Guademy 2007 Event Report (KDE.News)

KDE.News covers GUADEMY 2007. "The first Guademy event finished yesterday at the university of A Coruña, Spain. Organized by the GPUL (Grupo de Programadores y Usuarios de Linux), the Linux User Group of A Coruña, it was an event which brought together people from the GNOME and KDE camp (thus the combination of "GUADEC" and "aKademy" that forms the name of the event)."

Comments (none posted)

News And A Review: LAC2007 & Rosegarden 1.5 (Linux Journal)

Dave Phillips looks at the annual Linux Audio Conference and Rosegarden 1.5. "The review: The developers at 64Studio recently announced the release of version 1.2 of my favorite audio-optimized Linux distribution. Among its many additions and improvements this update brings Rosegarden 1.5 to the 64-bit desktop studio. It's been quite a while since I considered the program in detail (I profiled a much earlier version in my Book Of Linux Music And Sound), so I decided the time had come for me to spend some quality time with the latest Rosegarden."

Comments (none posted)

Companies

Emulex driver shipping with Red Hat Enterprise Linux 5 (CTR)

Computer Technology Review reports on support for RHEL 5 by Emulex. "Emulex Corp. has announced the availability of its Linux driver for Emulex LightPulse HBAs (Host Bus Adapters) as part of the new Red Hat Enterprise Linux 5 distribution from Red Hat Inc. Emulex LightPulse HBA customers will as a result benefit immediately from the new virtualization, clustering, and manageability enhancements available in the Red Hat Enterprise Linux 5 distribution, the company added last week."

Comments (none posted)

Novell details new Linux and management offerings (Computer Business Review)

Computer Business Review covers Novell's latest announcements. "Novell Inc has unveiled a new thin client desktop Linux offering and started the beta testing for SUSE Linux Enterprise 10 Service Pack 1 as part of a slew of announcements made at its BrainShare user conference. The Waltham, Massachusetts-based company also detailed new groupware, and systems, security and identity management products, as well as customer momentum for its Open Workgroup Suite."

Comments (none posted)

Oracle claims Yahoo as Linux convert (ZDNet)

ZDNet reports on a deal between Oracle and Yahoo. "Oracle Chief Executive Larry Ellison announced the company's first prominent Linux customer Tuesday: Yahoo. But Red Hat hasn't been pushed aside at the Internet company. Ellison cited the Yahoo deal as the first real evidence of progress from Oracle's high-profile attack on Linux leader Red Hat that began in October. Oracle is cloning Red Hat Enterprise Linux, selling support for less than Red Hat's list prices."

Comments (none posted)

Oracle joins Linux patent commons (Linux-Watch)

Linux-Watch reports that Oracle will become a licensee of the Open Invention Network. "By doing this, Oracle opens the doors to making some of its patents available royalty-free to any company, institution, or individual that agrees not to assert its patents against Linux."

Comments (none posted)

Legal

Can You Legally Rip a DVD? Trial to Test 'Fair Use' (PC Mag)

PC Mag covers a trial between the DVD Content Control Association and the Kaleidescape regarding the copying of DVDs. "On Wednesday, a key copyright trial began in San Jose, as Kaleidescape Systems and the DVD Content Control Association went to court in a case expected to test the concept of "fair use". Kaleidescape manufactures the Kaleidescape System, essentially a DVD jukebox, connected via Ethernet to a separate player box. Users can insert a DVD and rip it to the installed hard drive, for later viewing upon a television screen. To the DVD CCA, the suit is a simple breach of contract of the terms of the Content Scrambling System, the encryption method that secures the millions of standard-definition DVDs sold worldwide."

Comments (2 posted)

Victims fight back against DMCA abuse (ars technica)

ars technica investigates efforts to combat DMCA abuses. "DMCA takedown notices: sure, they provide an easy way for companies or individuals to get copyrighted information pulled from sites like YouTube, but what happens when the process is abused? The DMCA does require takedown notices to be made under threat of perjury, and damages are possible against those that abuse the takedown process by using it for frivolous or fraudulent purposes. The EFF has recently filed two cases against alleged DMCA abusers, and may be prepping a third against Viacom."

Comments (none posted)

The Strange History of Linux and Trademarks (Tux Deluxe)

The Tux Deluxe site has a history of trademark-related hassles with an emphasis on the Mobilix case. "Over the years Linux International has spent over $300,000 defending the Linux trademark, $250,000 of which has come from maddog's own pocket. In 2005 maddog founded the Linux Mark Institute, with support from Linus Torvalds, with the objective of protecting the Linux mark for the community and against the prospectors of the future."

Comments (2 posted)

SIL Open Font License revised (Linux.com)

Linux.com covers the latest revision of the SIL Open Font License. "SIL International, a nonprofit organization whose concerns include literacy and the study and preservation of minority languages, has announced the release of version 1.1 of the SIL Open Font License (OFL). The revision, which follows months of discussion and review on several mailing lists, including OFL-Discuss, clarifies the language of the license, especially about embedding fonts and allowing reserved font names."

Comments (12 posted)

Resources

PHP Search Engine Showdown (O'ReillyNet)

Here's an O'ReillyNet article about the benefits of adding a search engine to your website. "When you choose to incorporate a local search service, you install the search engine on your server and customize the tool yourself. The advantages of using the local approach are that you can ensure the privacy of your data, you can control the indexing process and search results, and that you have the freedom to implement new features. The disadvantages of installing a local search engine are that indexing and maintenance is your responsibility, and that the index and installation files will use space on your hard drive. You may also incur costs associated with software acquisition--although free, open source software is available."

Comments (4 posted)

Building the XO: The Anatomy of an Activity (Red Hat Mag)

Red Hat Magazine has published a tutorial on the creation of activities for the OLPC XO machine. "Activities should be designed to be shared, and the process for sharing should be trivial. If a child sees a friend playing a neat new game, she should be able to click on that friend in her neighborhood view, receive her game code, and join in the game, immediately."

Comments (none posted)

Reviews

Chess engines for Linux (Linux.com)

M. Shuaib Khan looks at Linux-compatible chess engines on Linux.com. "Chess engines for Linux are comparable in strength to commercial chess engines available for other platforms. Here's a look at the features of half a dozen of the most well-known chess engines for Linux. A chess engine is the actual program against which you play the game. A chess engine can take a move as an input, and after analysis, generate a move of its own as an output."

Comments (2 posted)

Bake-Off: 4 Linux Desktops Tackle The Enterprise (CRN)

CRN reviews four "enterprise" desktop distributions. "Surface-deep features are not enough anymore, as more companies than ever before are seriously considering migrating to Linux. However, the UI and navigational changes that Linux vendors are making in Linux desktops to improve the user experience are still far behind Windows. Simple routines such as adding a Flash player or Java plug-in on Firefox can be a tedious experience. The Linux File Manager is not as intuitive as Windows Explorer."

Comments (9 posted)

RaveHD uses Linux to help movie studios process raw video (Linux.com)

Linux.com looks at RaveHD. "SpecSoft's Linux-powered RaveHD DDR-VTR system is not a video editing tool for home users or small-time professionals. It's a system that stores, manipulates, and plays back uncompressed video that can be turned into film clear enough to fill a Hollywood movie theater's wide screen. It's what you need when the file size of each frame in your video is measured in gigabytes and your whole project takes up multiple terabytes of storage, and you have not just one or two but 100 or 200 animators and post-production people working for you. At this level of video and film production, says SpecSoft co-founder Ramona Howard, the question isn't why you develop your utility programs in Linux, but why you would even consider using a proprietary operating system."

Comments (none posted)

Start-up Zimbra takes Web e-mail offline (ZDNet)

ZDNet looks at an alpha version of the Zimbra Desktop. "E-mail software company Zimbra on Sunday released an early version of Zimbra Desktop, Web e-mail software that will run online and offline. The company has built an open-source, Web-based alternative to existing mail servers and clients such as Microsoft Exchange and Outlook. Zimbra uses Ajax, a Web development technique that runs across browsers and operating systems."

Comments (none posted)

Miscellaneous

Gentoo attempts to deal with developer conflicts (Linux.com)

Joe 'Zonker' Brockmeier looks at the Gentoo Project and its recently adopted Code of Conduct. "If the idea is to stem the tide of "retiring" developers, it's not working yet. After the vote to adopt the CoC on March 15, Gentoo developer Alexandre Buisse turned in his resignation, saying that the adoption of the Code of Conduct by the Gentoo Council was "stupidly fast" and that he's tired of "endless fights" over "who gets a tiny bit more" power over parts of the project."

Comments (7 posted)

Page editor: Forrest Cook

Announcements

Non-Commercial announcements

Linux Foundation Announces a Diverse Board of Directors

The Linux Foundation has announced its new board of directors, a diverse group that represents the key stakeholders from every corner of the Linux ecosystem: the Linux kernel community, Linux vendors, distributions and users, as well as individual open source leaders.

Comments (none posted)

LQ Wiki reaches 3,000 articles

LinuxQuestions.org has announced reaching the 3000 article waterline on the LinuxQuestions Wiki site. "The LQ Wiki allows users to collaboratively build a free, complete and up-to-date Linux knowledgebase and aims to become the largest general-knowledge Linux repository on the web. It is free to join or use the LQ Wiki and any user can add or edit content. All content is licensed under either a Creative Commons license or the GFDL, ensuring that it remains freely redistributable."

Comments (none posted)

Commercial announcements

ActiveState Perl Dev Kit 7.0 now available

ActiveState has announced the release of Perl Dev Kit (PDK) 7.0, a multi-platform suite of tools for creating and deploying Perl applications. "PDK provides essential tools for building self-contained, easily deployable executables for Windows, Mac OS X, Linux, Solaris, AIX and HP-UX. The comprehensive feature set includes a graphical debugger and code coverage and hotspot analyzer, as well as tools for building sophisticated Perl-based filters and easily converting useful VBScript code to Perl."

Full Story (comments: none)

Collax updates its entire product family

Collax has announced updates to each of its server solutions, now Collax Business Server 4.1.0, Collax Security Gateway 4.2.0 and Collax Open-Xchange Server 5.1.0 respectively. "All solutions will run on the 2.6 kernel, guaranteeing stability, security and scalability. In addition, directory-, e-mail-, web-proxy-, file- and FTP-servers have been updated in the new versions. The use of AJAX (Asynchronous JavaScript and XML) enables Collax to provide improved software ergonomics. Configuration and administration of the solutions, which are being developed specifically for small and medium businesses (SMBs) is thus not only significantly simplified, but also drastically accelerated."

Full Story (comments: none)

First Year of Coverity Scan Site Squashes 6,000 Bugs

Coverity, Inc. has issued a press release for the one year anniversary of the scan.coverity.com project that was started under an open source vulnerability research contract with the Department of Homeland Security (DHS). The contract is shared with Stanford University and Symantec Corporation. Coverity also announced a major expansion of the analysis scope, increasing the number of open source projects involved to 150, up from 50.

Full Story (comments: 2)

Motorola announces revised guidance and actions to improve profitability

Motorola, Inc. has announced a number of moves aimed at improving its financial position. "Motorola is committed to improving the financial performance of the Mobile Devices business by pursuing market segments and product tiers that demonstrate the best opportunity for high gross margins and meaningful profitability. In this regard, the company is focused on steps to reduce cost and improve consumer experiences, including: -- Deploying open standards Linux/Java(TM) software across mid- and high-tier devices to enhance the experiences available on handsets ..."

Comments (none posted)

New Xandros Linux Server to bundle Scalix 11 collaboration platform

Xandros and Scalix have announced that the forthcoming Xandros Server 2 will ship with Scalix 11 pre-installed. "The bundled solution brings enterprise-class email and calendaring to the SMB market, providing a broad selection of true enterprise clients such as full feature support of Microsoft Outlook and Evolution, a Web client with desktop functionality, and a Mobile Web Client that allows a broad base of users to stay connected while mobile. A special Xandros plug-in provides full, remote graphical management of Scalix 11. Xandros Server with Scalix 11 provides SMBs with a powerful and easy-to-use alternative to Windows-based messaging systems, and will ship in April 2007."

Full Story (comments: none)

Contests and Awards

Ted Ts'o wins FSF award

The Free Software Foundation has announced that the winner of the 2006 Award for the Advancement of Free Software is Ted Ts'o. "Theodore Ts'o was recognized for his many and varied contributions to free software, including his work on the kernel Linux. His role as project leader in the development of Kerberos---the first single sign-on authentication system---and his work on the Open Network Computing Remote Procedure (ONC RPC) are representative of his important role in Internet security. He was also cited for his work as maintainer and developer of the key utilities under the project "E2fs", which are used to maintain file systems for GNU/Linux. Ts'o has also played an important role in community efforts, organizing the annual summit for kernel developers and publishing educational materials and tutorials."

Comments (4 posted)

O'Reilly Jolts the Industry--Head First Style

O'Reilly has announced the winning of several Jolt awards by two of its book authors. ""Head First Object-Oriented Analysis & Design" by Brett McLaughlin, Gary Pollice, and David West received top honors--the highly coveted Jolt--for best product in the "Technical Books" category at this year's Jolt Awards ceremony. Further honors were bestowed on O'Reilly Media with the presentation of a Productivity Award for "CSS: The Missing Manual" by David Sawyer McFarland in the same category."

Full Story (comments: none)

Education and Certification

Pure Data Spring School 2007 - GOTO10 at CCA (Glasgow, UK)

The Pure Data Spring School 2007 will take place in Glasgow, Scotland on May 14-25, 2007. "Pure Data is a free and open source real-time graphical programming environment used by artists to create a range of visual arts, theatre, dance, audio, installation, performance and media art works. Pure Data is ideal for those looking to integrate technology into their work for the first time, or advanced media artists looking to explore new tools and new ways to combine them in a unified environment. It is easy to use Pure Data to create interactive environments, link animations and sound, control hardware and electronics, stream audio, generate real time visuals and develop interfaces for other programs. In this intensive two week course, participants will learn Pure Data from scratch and explore in detail some of its most exciting extensions."

Full Story (comments: none)

Calls for Presentations

EuroPython 2007: Call for Proposals

A call for proposal has gone out for EuroPython 2007. "Book Monday 9th July to Wednesday 11th July 2007 in your calendar! EuroPython 2007, the European Python and Zope Conference, will be held in Vilnius, Lithuania. Last year's conference was a great success, featuring a variety of tracks, amazing lightning talks and inspiring keynotes. With your participation, we want to make EuroPython 2007, the sixth EuroPython, even more successful than the previous five." The submission deadline is May 18.

Full Story (comments: none)

Call for invitations to be the host of GUADEC 2008

A call for proposals for locations for the 2008 Gnome Users and Developers Conference (GUADEC) has been posted. "UADEC, GNOME's major annual developer conference, is going to be in Birmingham in 2007. We're calling for proposals for locations in 2008. The chosen location will be announced at GUADEC."

Full Story (comments: none)

OpenOffice.org Annual Conference 2007 - Call for Papers

A call for papers has gone out for the OpenOffice.org Annual Conference 2007. The conference will be held in Barcelona, Catalonia, Spain on September 19-21, 2007, submissions are due by June 1.

Full Story (comments: none)

CFP for RAID 2007

The call for papers for the RAID 2007 conference has been extended until April 8. The event takes place at the Crowne Plaza Hotel, Gold Coast, Queensland, Australia on September 5-7, 2007. "This symposium, the 10th in an annual series, brings together leading researchers and practitioners from academia, government, and industry to discuss issues and technologies related to intrusion detection and defense. The Recent Advances in Intrusion Detection (RAID) International Symposium series is intended to further advances in intrusion defense by promoting the exchange of ideas in a broad range of topics."

Full Story (comments: none)

Upcoming Events

Linux Audio Conference 2007 live streams

The 2007 Linux Audio Conference will feature live media streaming. "The Linux Audio Conference takes place this week 22-25 March, 2007. As in past years LAC2007 will be streamed live in ogg vorbis and theora via icecast"

Full Story (comments: none)

CMP Technology announces first Sys Admin Technical Conference

CMP Technology has announced the first Sys Admin Technical Conference. "CMP Technology's Sys Admin magazine, the journal for Unix and Linux systems administrators, today announced the first Sys Admin Technical Conference will take place May 7-8 at the Sheraton Inner Harbor in Baltimore. The two-day conference consists of security and scripting tracks and includes courses for beginners and experienced administrators. Conference sessions will be led by industry experts including Hal Pomeranz, Randal Schwartz, AEleen Frisch, Richard Bejtlich, and Tom Limoncelli."

Comments (none posted)

2007 O'Reilly Where 2.0 Conference adds new speakers and sessions

O'Reilly has sent out a status report for the 2007 Where 2.0 Conference. "Program planning is in the final stages for the 2007 O'Reilly Where 2.0 Conference, happening May 29-30, 2007 at The Fairmont Hotel in San Jose, California. Location industry visionaries are scheduled to present their futuristic ideas and groundbreaking projects in two full days of keynotes, lightning talks, panel discussions, and demonstrations. Now in its third year, the Where 2.0 Conference will provide attendees with the opportunity to discover the technologies, trends, and developments making a difference in location-based technology."

Full Story (comments: none)

Events: April 5, 2007 to June 4, 2007

The following event listing is taken from the LWN.net Calendar.

Date(s)	Event	Location
April 1 April 5	Embedded Systems Conference	San Jose, CA, USA
April 2 April 6	DJango Bootcamp	Atlanta, Georgia, USA
April 2 April 5	Hack in The Box Security Conference 2007	Dubai, United Arab Emirates
April 3 April 8	Make Art 2007	Poitiers, France
April 12 April 14	International Free Software Forum (Forum Internacional Software Livre)	Porto Alegre, Brazil,
April 14 April 15	Ruby and Python Conference 2007	Poznan, Poland
April 15 April 18	Gelato ICE: Itanium® Conference & Expo	San Jose, California, USA
April 17 April 19	Embedded Linux Conference	San Jose, USA
April 18 April 20	CanSecWest Applied Security Conference 2007	Vancouver, Canada
April 19	Linux 2007	Lisbon, Portugal
April 19	Power Architecture Software Summit	Austin, TX, USA
April 20 April 22	International Conference on Availability, Reliability and Security Conference on Availability, Reliability and Security	Vienna, Austria,
April 20 April 22	Penguicon 5.0 Open Source Software & Science Fiction Convention	Troy, Michigan, USA
April 21	Romanian Open Source Development Meeting	Bucharest, Romania
April 23 April 25	Samba eXPerience 2007	Göttingen, Germany
April 23 April 27	PostgreSQL Bootcamp at the Big Nerd Ranch	Atlanta, USA
April 23 April 26	MySQL Conference and Expo	Santa Clara, CA, USA
April 28 April 29	Linuxfest Northwest	Bellingham, WA, USA
May 3 May 4	Ubuntu Education Summit	Sevilla, Spain
May 3 May 5	SugarCRM Global Developer Conference	San Jose, CA, USA
May 4 May 6	Libre Graphics Meeting 2007	Montreal, Quebec, Canada
May 5 May 6	LayerOne Security Conference	Pasadena, CA, USA
May 5	Ubucon - Sevilla	Sevilla, Spain
May 6 May 11	Ubuntu Developer Summit	Sevilla, Spain
May 7	CommunityOne	San Francisco, CA, USA
May 8 May 9	World Summit on Intrusion Prevention	Baltimore, MD, USA
May 8 May 11	Annual Java Technology Conference	San Francisco, CA, USA
May 8 May 11	OSHCA 2007	Kuala Lumpur, Malaysia
May 9 May 11	Red Hat Summit	San Diego, CA, USA
May 10 May 11	IEEE International Workshop on Open Source Test Technology Tools	Berkeley, CA, USA
May 10	NLUUG Spring Conference 2007	Ede, The Netherlands
May 11 May 13	Conferenze Italiana sul Software Libero	Cosenza, Italy
May 12 May 13	KOffice ODF Weekend	Berlin, Germany
May 14 May 25	The Pure Data Spring School 2007	Glasgow, Scotland
May 16 May 18	php|tek	Chicago, IL, USA
May 17 May 20	RailsConf 2007	Portland, Oregon
May 18 May 19	eLiberatica Open Source and Free Software Conference	Brasov, Romania
May 18 May 19	FreedomHEC	Los Angeles, CA
May 18 May 19	BSDCan 2007	Ottawa, Canada
May 19 May 20	The 3rd International Workshop on Software Engineering for Secure Systems	Minneapolis, Minnesota, USA
May 19 May 20	Rockbox International Developers Conference 2007	Stockholm, Sweden
May 19	Grazer LinuxDays 2007	Graz, Austria
May 19 May 20	Make Magazine Maker Faire 2007	San Mateo, CA, USA
May 19	Linuxwochen Austria - Graz	Graz, Austria
May 21 May 23	International PHP 2007 Conference	Stuttgart, Germany
May 21 May 25	Python Bootcamp with David Beazley	Atlanta, USA
May 22 May 23	Open Source Business Conference	San Francisco, USA
May 22 May 24	Linux Days 2007, Geneva	Geneva, Switzerland
May 23 May 24	PGCon 2007	Ottawa, ON, Canada
May 25	Linuxwochen Austria - Krems	Krems, Austria
May 26	PAKCON III	Karachi, Pakistan
May 29 May 30	Where 2.0 Conference	San Jose, CA, USA
May 29 May 31	European ADempiere Developers Conference	Berlin, Germany
May 29 May 30	I FLOSS CONFERENCE RESISTENCIA	Resistencia, Argentina
May 30 June 2	Linuxtag	Berlin, Germany
May 30 June 1	3rd UNIX Days Conference - Gdansk 2007	Gdansk, Poland
May 30 June 1	Linuxwochen Austria - Wien	Wien, Austria
June 2 June 3	Journées Python Francophones	Paris, France

If your event does not appear here, please tell us about it.

Page editor: Forrest Cook