By Jonathan Corbet
August 7, 2007
When Sun looks to highlight the strongest features of the Solaris operating
system, DTrace always appears near the top of the list. Your editor
recently had a conversation with an employee of a prominent analyst firm
who was interested, above all else, in when Linux would have some sort of
answer to DTrace. There is a common notion out there that tracing tools is
one place where Linux is significantly behind the state of the art. So
your editor decided to take a closer look.
The Linux tool which is most similar to DTrace is SystemTap. This development is
supported by a number of high-profile companies, including Red Hat, Intel,
IBM, and Hitachi. Most distributions have SystemTap packages somewhere in
their systems of repositories, making it readily available to Linux users.
DTrace supporters have been known to say that SystemTap is merely a knock-off of
DTrace, and a badly-done one at that. SystemTap proponents will
counter that it is an independent development which can hold its own.
Both tools are based on the insertion of probe points in the system
kernel. Whenever a thread of execution hits one of those probe points,
some sort of action - as described in the tool's C-like language - is run.
That action can be as simple as printing a message, or it can be
significantly more complicated than that.
DTrace comes with a large set of pre-defined probe points wired into the
Solaris kernel - seemingly tens of thousands of them. These points are well documented and
cover most of the kernel. Some simple wildcarding is implemented for the
selection of multiple probe points. It is claimed that the run-time
overhead of unused probe points is negligible. [Update: see the
comments for some useful clarification on the use of dynamic probe points
in DTrace.]
SystemTap, instead, does not depend on static probe points within the
kernel; that capability exists, but nobody has much interest in maintaining
all of those points. Instead, SystemTap uses dynamic probes (implemented
with kprobes) which
are inserted into the kernel at run time. A flexible language can enable
probes to be easily inserted anywhere in the kernel, with fairly complete
wildcard support which allows, for example, all functions within a source
file or subsystem to be instrumented with a single statement. Unused probe
points do not exist at all, and so cannot affect system performance.
There are a couple of advantages to the DTrace approach. The probe points
exist and can be easily found in the manuals; a SystemTap user, instead, is
required to have a certain amount of familiarity with the kernel source
code. DTrace probe points are fixed at locations where it is known to be
safe to interrupt the execution of the kernel. The SystemTap
documentation, instead, comes with warnings that placing probes in the
wrong places can cause system crashes and mutterings about the possibility of
implementing blacklists in the future. The number of "wrong places"
appears to be quite small, but that is of limited comfort for an
administrator trying to observe the operation of a production system -
something which is supposed to be possible with either system. There is a
set of predefined points provided in the "tapsets" packaged with SystemTap,
but it is small.
The "D" language provided with DTrace is more restricted than the SystemTap
language, though it does have a few features - like the ability to print
stack traces - which appear to be missing in SystemTap. The D language has
no flow control or looping constructs. Instead, the code associated with a
probe has a predicate expression determining whether that code is executed
when the probe is hit. Thus each selected probe point can be thought of
as having a single, controlling "if" statement around it, with no
further flow control possible afterward.
SystemTap's language, instead, has conditionals, loops, and the ability to
define functions. It also has, for those who like to live dangerously, the
ability to embed C code. There are clear advantages to a more powerful
scripting language, but hazards as well: SystemTap must, for example, carry
extra code to keep infinite loops in scripts from bringing down the system.
D is, like Java, compiled to a special virtual machine and interpreted at
run time. SystemTap, instead, compiles directly to C. So SystemTap code
may execute more quickly, but D may benefit from the additional safety
checks which a virtual machine allows.
DTrace has the ability to work with user-space probes. As with the kernel,
developers are required to insert the probe points before DTrace can use
them; it is not clear that large amounts of user-space code have been so
instrumented. There is clear elegance to the idea, though, and this
capability may prove genuinely useful in the future as more applications
are equipped with probe points. SystemTap does not currently have this
capability.
In practice, simply getting SystemTap to work can be a challenge - even
when a distributor-supported package is available. SystemTap is clearly
its own development which must be (somewhat painfully) integrated with a
specific kernel. DTrace can be expected to simply work out of the box.
And that is perhaps the biggest difference between the two tracing
systems. SystemTap would appear to have all of the capabilities it really
needs to be a powerful system tracing tool - at least on the kernel side.
DTrace features which are missing - speculative
tracing, for example - could certainly be added if there were demand
for it. Evidently user-space tracing is in the works.
But what SystemTap really needs is more basic than that. What's missing is
the degree of maturity exhibited by DTrace.
SystemTap needs to simply work on most systems - and be usable by the
system administrators. To a great extent, the "simply work" part is
something that the distributors must address. Current SystemTap packages
as tested by your editor have the look of an edge-of-the-repository
afterthought. They do not have the dependencies to bring in the needed
kernel information, requiring a fair amount of manual "what does it need
now?" administrative work.
Even then, performance is spotty at best; the SystemTap utilities just do
not have access to the sort of information (uncompressed kernel images, for
example) that they need to operate correctly. Until an administrator can
simply tell the package management system to install SystemTap and expect
to have it work thereafter, it will be hard to convince anybody that we
have a mature tracing tool.
On the development side, there should be an extensive set of
well-documented trace points which can be used without having to go into
the kernel source. Digging deeply into the system in a flexible way is
always going to require a certain amount of skill, but SystemTap all but
requires its users to be kernel hackers. The hard work of making a tool
which can match - and, in places, exceed - DTrace has been done. What
remains is a large (but relatively straightforward) job: making this tool
usable by a much wider set of system administrators. Until that is done,
DTrace envy will remain with us.
Comments (54 posted)
By Jake Edge
August 8, 2007
"Get 'em while they're young" should be the motto of Red Hat High (RHH), a summer
camp program, funded by Red Hat, to introduce junior high school students
to free software tools. Now in its second year, RHH has a curriculum
designed to get students using creative tools to produce tangible works
during the week-long camp. In addition to teaching 50 eighth and ninth
grade students about free software, the project seeks to expand its reach,
not by increasing its enrollment, but by exporting the concept to other
venues.
The students all came from schools in the area around Red Hat's North Carolina
headquarters, and each had to be nominated by one of their teachers. RHH was
looking for participants "that show great creative potential and an
interest in technology, but perhaps lack the resources to pursue it outside
of school." In addition to the technology focus, the camp also provided
other social events in the evenings, all free of charge to the
campers. The camp was held at North Carolina State University, allowing
the students to experience dormitory life a few years early.
The students could choose amongst five different tracks, each focused on a
particular tool:
The curriculum for each track had a specific goal, "create a Google Gadget"
or "create ten seconds of animation" for example. During the program,
the students would learn the tool from scratch, then, singly or
collaboratively, use it to create something.
Two student projects are highlighted in a Red Hat Magazine article
about RHH 2007. One is three minute audio clip, the other a fifteen
second animation - both are quite impressive for 8th and 9th grade
students. The organizers failed to get permission from all of the students
to share their work, so these are the only examples available - something
they hope to fix for next year's camp. By all
accounts, RHH was a success, with the students and their parents as well
as the organizers. But, just as important, the course content for each of the
tracks will be made available to other
projects with similar goals.
Camp field trips included the Red Hat campus to "experience life in a
technology company" as well as a visit to a college level 3D animation
class, where the "free beer" part of free software really hit home.
Project coordinator Greg DeKoenigsberg
describes the scene:
When the kids reached the 3D Animation classroom, they were very impressed
by Maya — until one of them asked for a free copy. 'A full license
of Maya costs $7000,' the instructor said, which elicited an outraged
reaction from the kids. 'But Blender is free!' they cried in unison.
Then the teacher started to show them some of the things Maya could do, and
he was clearly surprised at the kids' clueful responses. 'These are
vertices,' he'd say, and then they'd say 'yeah, we've done that.' 'Okay,
this is texturing.' 'Yeah, we've done that too.'
In many ways, RHH is a testbed for free software outreach to young people.
In the two years of the program, the organizers have learned what works,
now they are ready to export that knowledge to others. The first step is
to focus on tutorials for the various tools, by creating new versions
specifically packaged into curricula that teachers can immediately use.
DeKoenigsberg, puts it this way:
A strong community of teachers and free software enthusiasts should be able
to develop, validate, and license simple lesson plans, with the explicit
goal of teaching kids to do stuff that is both cool and immediately
useful. It's my hope that Red Hat High can serve as a model for that
development.
Once the curricula exist, training teachers to use it in their classrooms
is the next step. The main barrier is teachers' time, but the way around that is
through the professional development programs that many school districts
have. Because professional development courses are often tied to their
earnings, formal training sessions that fulfill those requirements, will be
quite attractive to teachers that have an interest in free software, but
lack the time. In many districts, funding is available for
these kinds of training programs as well.
The project is a worthy one, even if it never escapes beyond the
Raleigh-Durham area. Even 50 students at a time, getting the word out
about free software is a good thing. If the project's larger goals can be
realized – spreading this knowledge far and wide – it can make
a huge difference.
Getting young folks hooked on expensive proprietary
software may be good for the bottom line at Adobe or Microsoft, but it is
not so good for the wallets of schools and parents. Free software is able
to replace an awful lot of proprietary packages, with no licensing hassles,
so that students can run it anywhere they can find an open computer. That
message has not, yet, been widely heard, but RHH hopes to change that.
Comments (2 posted)
August 2, 2007
This article was contributed by Donnie Berkholz
O'Reilly's annual OSCON in Portland, Ore., is perhaps the only major
conference in North America that spans the entire spectrum of open-source
communities. This makes it a great opportunity to learn from people who may
be encountering the same sorts of problems in a vastly different
environment. Other events such as FOSDEM or LCA already provide this kind
of environment, but
for those of us who are US-based, it's helpful to have one with a lower
travel budget. I highly recommend giving a talk if you're going so you get
in free, though, since registration costs hover around US$1000 and up. It's
clearly not a nonprofit conference.
Numerous groups met preceding the main part of the conference, one of them a
group of people involved with running a variety of free/open-source
projects. At the foundations
summit, most of the discussion centered around dealing with the issues
facing nonprofits, such as trademarks, fundraising and bookkeeping. But in
the same way as a full conference, the "hallway track" here was the most
useful. As the number of people grows, the discussion gets slower and
slower, but meeting the people involved with other foundations is
invaluable. The summit ended Tuesday, and next day, the exhibit hall and
regular sessions began.
In his session, Arjan van de Ven talked about efforts to reduce power use,
focusing on a few main problems to avoid in your code. The first, not
surprisingly, was polling. There is no excuse for polling, with the advent
of things like inotify. He said, "Frequent polling causes spattergroit."
His second enemy was timers. It costs power to keep moving your CPU in and
out of idle states, so you want to group timer events together rather than
having them randomly spread throughout time by a number of programs. On the
kernel side, you can use round_jiffies() or
round_jiffies_relative(), and in
userland, you can use glib's g_timeout_add_seconds() —
not g_timeout_add(). Some work is underway to add this
functionality to glibc as well. You don't want the entire Internet doing
this at the same time, however, so each computer must group its events at a
slightly different time.
Arjan's final enemy was disk I/O. Since disks have moving parts, they consume
a lot of power (at least until solid-state disks grow more
common). High-speed links such as SATA and SCSI also eat power when not in
power-saving mode. Gotchas here include opening files, even when in cache,
because of the access time update (use the O_NOATIME flag to open() when
possible), and looking for files or directories that don't exist (even when
using inotify, this always goes to disk).
A special case of this is media playback. The key is avoiding constant
spinups of DVDs as well as hard drives by using large buffers — Arjan
suggested 20 minutes of video or a minute of audio. Also, decode in large
batches so you can be idle longer.
Tools such as powertop and strace are key in tracking down the
culprits. Powertop can tell you where to look, and strace can tell you more
about what any programs are doing. Near the end, Arjan showed a graph of how
tuning and recent fixes dropped a Fedora 7 default installation from a
power consumption of 21W down to about 15.5W. That just a few fixes dropped
it by so much shows how broken things were, but we're now on the right
track. A good goal is to aim for 50 or less wakeups a second, because
getting below that level generally doesn't gain you much more.
A man with the job title "Disruptive Innovator" gave a talk with about 550
slides in 45 minutes. Rolf Skyberg of Ebay applied Maslow's hierarchy of
needs to technology to try to explain how users behave. The first level is
survival, the second is security, and the third is belonging. Computer
programs apparently haven't managed to get any higher up on the scale
yet. In terms of programs, survival means the program runs without
segfaults; security means the program is useful; and belonging means the
program is pretty. The more energy users spend finding the basics (help,
logging in, etc.), the less they have to spend doing something useful. But
one thing worth remembering is that people using a program may have higher needs
than you expected. For example, the iPod isn't just useful, it's pretty. And
people really care about that prettiness despite the lack of features like
an FM transmitter, a recorder, etc. that many other, less popular MP3
players have.
Luke Kanies talked about Puppet, a server automation tool he wrote in
Ruby. It's a replacement for earlier popular tools such as cfengine. He
really promoted the architecture, because any component in the entire system
can be replaced and reused separately. Puppet's made of three main layers:
server, networking and client. The server layer contains a compiler, a
file server, a certificate authority and a report handler. The networking is
XMLRPC over HTTPS. The client layer includes a resource abstraction layer,
transactions and a resource server. Each of these individual components can
be ripped out and replaced if you don't like it. You could change the
configuration language, use a different method of communication, or whatever
else your heart desires.
The resource abstraction layer contrasts the most with other tools such as
cfengine. It abstracts all the concepts like "install a package," "add a
user," "add a group" and so forth so you can run Puppet on any Linux or
other Unix-like OS and retain a simple configuration file without
OS-specific details. The layer supports about 10 different distributions and
other operating systems, and it's not difficult to add more.
Work is underway to create a library of Puppet config files (or recipes) to
reduce all the duplication, and that should greatly ease adoption of
Puppet. Puppet seems like a well-thought-out and extensible tool, so it will
be interesting to watch where it goes.
Clinton Nixon talked about dealing with legacy PHP code, but many of the
points are generally applicable to refactoring any code. His three primary
suggestions were to separate the controller and the view, even if you don't
have a solid MVC architecture; to call methods instead of including code
that runs from the include file; and to get rid of global variables.
His rules for view code were that control structures, printing, and
display-specific, unnested functions were allowed, but assignment and other
function calls were prohibited. He suggested beginning by drawing a line at
the top of the code and adding a comment that says "view code below here,"
then gradually migrating controller code above the line until you can move
it to a separate file. For loops, encapsulate the variables in an
object. Once you've gotten to this point, you may find duplicated views that
you can factor out.
Untangling a web of included files is a process of figuring out the inputs
and outputs, wrapping the entire file in a method, then refactoring. The
nice part about this style of refactoring is that the code always
works. There's never a point where you check in the code and it's broken.
Finally, he recommended two books: Working effectively with legacy code, by
Michael Feathers, and Refactoring by Martin Fowler. Although the Fowler
book is a classic, he recommended the newer book by Feathers because it's
more approachable.
At the close of the sessions Thursday, Dave Jones gave his now-infamous
"User Space Sucks" talk. Since most people have gotten the basic idea of
this talk, I'm only going to mention the new information. Dave re-ran his
tests a week ago on Fedora 7 to look at disk I/O during the
bootstrap process, and he
found that it had actually gotten even worse since FC6. Counts of stat(),
open() and exec() calls had either increased or stayed the same. But the
problem has grown harder, because the offenders no longer stand out in the
same way as the originals.
OSCON always provides some entertaining and educational talks, provided
you've got a way to get into them. But its free content isn't too shabby
either. The exhibit hall, all of the BOFs and parties (of which there are
many), and the accompanying OSCAMP (like FooCamp, BarCamp, etc.) and FOSCON
(mostly about Ruby) are all gratis. It stands nearly alone in the U.S. as a
conference that spans across all of the open-source world, although a niche
certainly exists for a lower-margin meeting like FOSDEM or LCA on this side
of the ocean.
Comments (35 posted)
Page editor: Jonathan Corbet
Security
By Jake Edge
August 8, 2007
This has been a bad few weeks to be a voting machine vendor. Three
separate governments, California, Florida and the UK looked at the devices
and have come to remarkably similar conclusions. The machines they looked
at are poorly designed, poorly implemented and subject to a wide variety of
security threats. None of the studies mentioned it, but it is likely that
the machines looked great.
The most comprehensive study was done
by California Secretary of State Debra Bowen's office. That study looked
at three electronic voting systems, each from a different manufacturer.
Each system had three separate teams investigating, one looking at the source
code, a "red team" that had physical access to the device and an
accessibility team. Their conclusions were not surprising to anyone who has
paid attention to this issue over the years.
All three of the voting machine systems were found to be sorely deficient
by all three teams. Even accessibility, which is one of the major benefits
touted by electronic voting advocates, was found lacking:
Although each of the tested voting systems included some accessibility
accommodations, none met the accessibility requirements of current law and
none performed satisfactorily in test voting by persons with a range of
disabilities and alternate language needs.
Though it is certainly terrible not to meet the needs of some individual
voters,
safeguarding the election process and accurately reporting the vote totals
need to be
higher priorities. Since they obviously had not successfully completed the
accessibility task, one would hope they were able to secure the
voting process. Unfortunately, they could not get the primary job done
right either.
The red team reports were released first and the conclusions were
devastating:
The red teams demonstrated that the security mechanisms provided for
all systems analyzed were inadequate to ensure accuracy and integrity
of the election results and of the systems that provide those results.
The teams were able to defeat the physical security of the voting machines,
modify or overwrite the software in the machines as well as subvert the
tabulation machines in order to provide incorrect vote counts. All of this
just by having access to the machines themselves; the same access that
election officials, poll workers and, to a lesser extent, voters, have.
Several days later, the source code teams' reports were released and, at
that point, were almost anti-climactic. Unsurprisingly, they found
numerous, hideous source code flaws in all three systems. Buffer
overflows, hard coded passwords ('diebold' being a particularly difficult
one to guess), misuse of encryption, integer overflows (wrapping
vote counts to negative or zero perhaps); the list goes on an on. It is as
if the voting machine vendors are completely unaware of the last
twenty (or thirty or forty) years of software security flaws.
In reality, they are most likely not unaware, they are just arrogant.
Diebold, Hart and Sequoia (the companies whose machines were studied) do
not depend solely on their technical "prowess" to win bids for providing
voting machines, politics plays a huge role. These are well connected
companies. It also helps that they are all uniformly bad, there are
literally no secure choices for a government agency to make.
Florida's study only covered
Diebold equipment, but it echoed the findings in the California study. Avi
Rubin of Johns Hopkins University, who participated in a 2003 study of
Diebold's voting machine, notes:
So, Diebold is doing some things better than they
did before when they had absolutely no security, but they have yet to do
them right. Anyone taking any of our cryptography classes at Johns Hopkins,
for example, would do a better job applying cryptography.
One of the bigger problems found was that Diebold assigned cryptographic
keys to each voting machine that is derived from an MD5 hash
of the machine's serial number. Rubin again:
This is arguably worse than having a fixed static key in all of the
machines. Because with knowledge of the machine's serial number, anyone can
calculate all of the secret keys. Whereas before, someone would have needed
access to the source code or the binary in the machine.
The UK also released reports
on the outcome of electronic voting trials held in May. The overall
summary of the trial, was, once again, not very favorable:
The
level of implementation and
security risk involved was
significant and unacceptable.
There remain issues with the
security and transparency of the
solutions and the capacity of the
local authorities to maintain
control over the elections.
This was not the result of security professionals analyzing the systems for
flaws, but was instead noted in actual trials of the equipment in an election.
The California study was quite well done and well thought out, except for
one thing: it was done long after the equipment was bought and used in
elections. This is the kind of study that needs to be done before
buying the equipment. Due to the conclusions of the study, Bowen
revoked the certification of the equipment from all three vendors, but immediately had to
conditionally re-certify them as a practical matter. Even with a six month
lead time, replacement systems (either electronic or of some other kind)
could not be deployed before the 2008 California presidential primary voting.
The reaction to the California study by the manufacturers was typical. It
is the same reaction they have had to each and every study done of the
security of their devices: trivialize it. Each released a statement in
reaction to the study conclusions, essentially admitting the flaws, but
claiming that any "laboratory study" would find vulnerabilities. According
to these vendors, it is impossible to make a secure voting system.
As they certainly know, no one is asking these vendors to
break the laws of physics
or to produce perfectly secure code. It would appear that they expend far
more effort in deflecting criticism and lobbying various legislative bodies
than they spend trying to secure their code and equipment. It is not
necessary that the equipment be tamper-proof, merely that tampering can be
detected. At least minimal precautions, perhaps to the level taught to
computer science undergraduates, should be taken with the software.
This is not anywhere near as hard a problem as the vendors make it out to be.
Many of the techniques needed to secure voting machinery are well known and
well understood, at least outside of the vendors' labs. This is an area
where open source methods could be and should be applied.
Organizations like BlackBoxVoting.org and the NSF Accurate project should be
working on solutions. Private companies have shown themselves to be
completely incompetent at producing secure voting equipment, it is time for
another solution to be tried.
Comments (37 posted)
New vulnerabilities
gd: multiple vulnerabilities
| Package(s): | gd |
CVE #(s): | CVE-2007-3472
CVE-2007-3473
CVE-2007-3474
CVE-2007-3475
CVE-2007-3476
CVE-2007-3477
CVE-2007-3478
|
| Created: | August 6, 2007 |
Updated: | November 6, 2009 |
| Description: |
Integer overflow in gdImageCreateTrueColor function in the GD Graphics
Library (libgd) before 2.0.35 allows user-assisted remote attackers
to have unspecified remote attack vectors and impact. (CVE-2007-3472)
The gdImageCreateXbm function in the GD Graphics Library (libgd)
before 2.0.35 allows user-assisted remote attackers to cause a denial
of service (crash) via unspecified vectors involving a gdImageCreate
failure. (CVE-2007-3473)
Multiple unspecified vulnerabilities in the GIF reader in the
GD Graphics Library (libgd) before 2.0.35 allow user-assisted
remote attackers to have unspecified attack vectors and
impact. (CVE-2007-3474)
The GD Graphics Library (libgd) before 2.0.35 allows user-assisted
remote attackers to cause a denial of service (crash) via a GIF image
that has no global color map. (CVE-2007-3475)
Array index error in gd_gif_in.c in the GD Graphics Library (libgd)
before 2.0.35 allows user-assisted remote attackers to cause
a denial of service (crash and heap corruption) via large color
index values in crafted image data, which results in a segmentation
fault. (CVE-2007-3476)
The (a) imagearc and (b) imagefilledarc functions in GD Graphics
Library (libgd) before 2.0.35 allows attackers to cause a denial
of service (CPU consumption) via a large (1) start or (2) end angle
degree value. (CVE-2007-3477)
Race condition in gdImageStringFTEx (gdft_draw_bitmap) in gdft.c in the
GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote
attackers to cause a denial of service (crash) via unspecified vectors,
possibly involving truetype font (TTF) support. (CVE-2007-3478) |
| Alerts: |
|
Comments (none posted)
gimp: integer overflows
| Package(s): | gimp |
CVE #(s): | CVE-2006-4519
|
| Created: | August 2, 2007 |
Updated: | August 8, 2007 |
| Description: |
The Gimp has multiple integer overflow vulnerabilities. If a user can be
tricked into opening specially crafted DICOM, PNM, PSD, PSP, RAS, XBM,
or XWD images, integer overflows can occur and arbitrary code can be
executed with the user's privileges. |
| Alerts: |
|
Comments (1 posted)
java-1.5.0-sun: multiple vulnerabilities
| Package(s): | java-1.5.0-sun |
CVE #(s): | CVE-2007-3503
CVE-2007-3655
CVE-2007-3698
CVE-2007-3922
|
| Created: | August 6, 2007 |
Updated: | June 24, 2008 |
| Description: |
The Javadoc tool was able to generate HTML documentation pages that
contained cross-site scripting (XSS) vulnerabilities. A remote attacker
could use this to inject arbitrary web script or HTML. (CVE-2007-3503)
The Java Web Start URL parsing component contained a buffer overflow
vulnerability within the parsing code for JNLP files. A remote attacker
could create a malicious JNLP file that could trigger this flaw and execute
arbitrary code when opened. (CVE-2007-3655)
The JSSE component did not correctly process SSL/TLS handshake requests. A
remote attacker who is able to connect to a JSSE-based service could
trigger this flaw leading to a denial-of-service. (CVE-2007-3698)
A flaw was found in the applet class loader. An untrusted applet could use
this flaw to circumvent network access restrictions, possibly connecting to
services hosted on the machine that executed the applet. (CVE-2007-3922)
|
| Alerts: |
|
Comments (none posted)
mediawiki: cross-site scripting
| Package(s): | mediawiki |
CVE #(s): | CVE-2007-1054
|
| Created: | August 7, 2007 |
Updated: | August 8, 2007 |
| Description: |
A cross-site scripting (XSS) vulnerability in the AJAX features in
index.php in MediaWiki 1.6.x through 1.9.2, when $wgUseAjax is enabled,
allows remote attackers to inject arbitrary web script or HTML via a UTF-7
encoded value of the rs parameter, which is processed by Internet Explorer. |
| Alerts: |
|
Comments (2 posted)
moodle: cross-site scripting
| Package(s): | moodle |
CVE #(s): | CVE-2007-3555
|
| Created: | August 7, 2007 |
Updated: | December 22, 2008 |
| Description: |
A cross-site scripting (XSS) vulnerability in index.php in Moodle 1.7.1
allows remote attackers to inject arbitrary web script or HTML via a style
expression in the search parameter. |
| Alerts: |
|
Comments (none posted)
openssl: private key attack
| Package(s): | openssl |
CVE #(s): | CVE-2007-3108
|
| Created: | August 7, 2007 |
Updated: | May 13, 2008 |
| Description: |
OpenSSL could allow a local user in certain circumstances to divulge
information about private keys being used. |
| Alerts: |
|
Comments (none posted)
xpdf: bounds checking issues
| Package(s): | xpdf |
CVE #(s): | |
| Created: | August 3, 2007 |
Updated: | August 8, 2007 |
| Description: |
XPDF had several bounds checking issues that were fixed in version 3.02
according to this change
log. A patch can be found here. |
| Alerts: |
|
Comments (none posted)
Updated vulnerabilities
acroread: multiple vulnerabilities
| Package(s): | acroread |
CVE #(s): | CVE-2006-5857
CVE-2007-0045
CVE-2007-0046
|
| Created: | January 11, 2007 |
Updated: | October 26, 2009 |
| Description: |
Adobes acrobat reader has the following vulnerabilities:
The Adobe Reader Plugin has a cross site scripting vulnerability that
can be triggered by processes malformed URLs. Arbitrary JavaScript can
be served by a malicious web server, leading to a cross-site scripting
attack.
Maliciously crafted PDF files can be used to trigger two vulnerabilities,
if an attacker can trick a user into viewing the files, arbitrary code
can be executed with the user's privileges. |
| Alerts: |
|
Comments (1 posted)
apache2: information disclosure
| Package(s): | apache |
CVE #(s): | CVE-2007-1862
|
| Created: | June 20, 2007 |
Updated: | February 18, 2008 |
| Description: |
From the Mandriva advisory: "The recall_headers function in mod_mem_cache in Apache 2.2.4 does not
properly copy all levels of header data, which can cause Apache to
return HTTP headers containing previously-used data, which could be
used to obtain potentially sensitive information by unauthorized users." |
| Alerts: |
|
Comments (2 posted)
apache: multiple vulnerabilities
| Package(s): | apache |
CVE #(s): | CVE-2007-3304
CVE-2006-5752
|
| Created: | June 27, 2007 |
Updated: | February 18, 2008 |
| Description: |
The Apache HTTP Server did not verify that a process was an Apache child
process before sending it signals. A local attacker who has the ability to
run scripts on the Apache HTTP Server could manipulate the scoreboard and
cause arbitrary processes to be terminated, which could lead to a denial of
service. (CVE-2007-3304)
A flaw was found in the Apache HTTP Server mod_status module. Sites with
the server-status page publicly accessible and ExtendedStatus enabled were
vulnerable to a cross-site scripting attack. On Red Hat Enterprise Linux
the server-status page is not enabled by default and it is best practice to
not make this publicly available. (CVE-2006-5752) |
| Alerts: |
|
Comments (1 posted)
apache: cross-site scripting
| Package(s): | apache |
CVE #(s): | CVE-2006-3918
|
| Created: | August 9, 2006 |
Updated: | April 4, 2008 |
| Description: |
From the Red Hat advisory: "A bug was found in Apache where an invalid Expect header sent to the server
was returned to the user in an unescaped error message. This could
allow an attacker to perform a cross-site scripting attack if a victim was
tricked into connecting to a site and sending a carefully crafted Expect
header." |
| Alerts: |
|
Comments (none posted)
Asterisk: two SIP denial of service vulnerabilities
| Package(s): | Asterisk |
CVE #(s): | CVE-2007-1561
CVE-2007-1594
|
| Created: | April 3, 2007 |
Updated: | August 27, 2007 |
| Description: |
The Madynes research team at INRIA has discovered that Asterisk contains a
null pointer dereferencing error in the SIP channel when handling INVITE
messages. Furthermore qwerty1979 discovered that Asterisk 1.2.x fails to
properly handle SIP responses with return code 0. A remote attacker could
cause an Asterisk server listening for SIP messages to crash by sending a
specially crafted SIP message or answering with a 0 return code. |
| Alerts: |
|
Comments (none posted)
avahi: denial of service
| Package(s): | avahi |
CVE #(s): | CVE-2007-3372
|
| Created: | June 28, 2007 |
Updated: | December 23, 2008 |
| Description: |
Avahi is vulnerable to a local denial of service that can be caused by
making an erroneous call to the assert() function. |
| Alerts: |
|
Comments (none posted)
bind: DNS cache poisoning
| Package(s): | bind |
CVE #(s): | CVE-2007-2926
|
| Created: | July 24, 2007 |
Updated: | August 20, 2007 |
| Description: |
A flaw was found in the way BIND generates outbound DNS query ids. If an
attacker is able to acquire a finite set of query IDs, it becomes possible
to accurately predict future query IDs. Future query ID prediction may
allow an attacker to conduct a DNS cache poisoning attack, which can result
in the DNS server returning incorrect client query data. |
| Alerts: |
|
Comments (none posted)
bochs: buffer overflow
| Package(s): | bochs |
CVE #(s): | CVE-2007-2893
|
| Created: | July 20, 2007 |
Updated: | November 19, 2007 |
| Description: |
A heap-based buffer overflow in the bx_ne2k_c::rx_frame function in
iodev/ne2k.cc in the emulated NE2000 device in Bochs 2.3 allows local users
of the guest operating system to write to arbitrary memory locations and
gain privileges on the host operating system via vectors that cause TXCNT
register values to exceed the device memory size, aka "RX Frame heap
overflow." |
| Alerts: |
|
Comments (none posted)
bugzilla: multiple vulnerabilities
| Package(s): | bugzilla |
CVE #(s): | CVE-2006-5453
CVE-2006-5454
CVE-2006-5455
|
| Created: | November 10, 2006 |
Updated: | August 28, 2007 |
| Description: |
Bugzilla has the following vulnerabilities:
Input data passed to various fields is not properly sanitized before
being passed back to users.
Users can gain unauthorized access to read attachment
descriptions while using diff mode.
HTTP GET and HTTP POST requests can be used to perform unauthorized
actions due to improper verification.
Input that is passed to showdependencygraph.cgi is not properly
sanitized before being returned to users. |
| Alerts: |
|
Comments (none posted)
centericq: buffer overflows
| Package(s): | centericq |
CVE #(s): | CVE-2007-3713
|
| Created: | July 20, 2007 |
Updated: | December 17, 2007 |
| Description: |
Multiple buffer overflows in Konst CenterICQ 4.9.11 through 4.21 allow
remote attackers to execute arbitrary code via unspecified vectors. NOTE:
the provenance of this information is unknown; the details are obtained
solely from third party information. NOTE: this might overlap
CVE-2007-0160. |
| Alerts: |
|
Comments (none posted)
clamav: denial of service
| Package(s): | clamav |
CVE #(s): | CVE-2007-3725
|
| Created: | July 24, 2007 |
Updated: | February 27, 2008 |
| Description: |
A NULL pointer dereference has been discovered in the RAR VM of Clam
Antivirus (ClamAV) which allows user-assisted remote attackers to
cause a denial of service via a specially crafted RAR archives. |
| Alerts: |
|
Comments (none posted)
cpio: arbitrary code execution
| Package(s): | cpio |
CVE #(s): | CVE-2005-4268
|
| Created: | January 2, 2006 |
Updated: | March 17, 2010 |
| Description: |
Richard Harms discovered that cpio did not sufficiently validate file
properties when creating archives. Files with e. g. a very large size
caused a buffer overflow. By tricking a user or an automatic backup
system into putting a specially crafted file into a cpio archive, a
local attacker could probably exploit this to execute arbitrary code
with the privileges of the target user (which is likely root in an
automatic backup system). |
| Alerts: |
|
Comments (none posted)
vixie-cron: privilege escalation
| Package(s): | cron |
CVE #(s): | CVE-2006-2607
|
| Created: | May 31, 2006 |
Updated: | June 1, 2009 |
| Description: |
The Vixie cron daemon does not check the return code from setuid(); if that call can be made to fail, a local attacker may be able to execute commands as root. |
| Alerts: |
|
Comments (1 posted)
cscope: buffer overflows
| Package(s): | cscope |
CVE #(s): | CVE-2006-4262
|
| Created: | October 2, 2006 |
Updated: | June 16, 2009 |
| Description: |
Will Drewry of the Google Security Team discovered several buffer overflows
in cscope, a source browsing tool, which might lead to the execution of
arbitrary code. |
| Alerts: |
|
Comments (none posted)
cscope: buffer overflows
| Package(s): | cscope |
CVE #(s): | CVE-2004-2541
|
| Created: | May 22, 2006 |
Updated: | June 19, 2009 |
| Description: |
A buffer overflow in Cscope 15.5, and possibly multiple overflows, allows
remote attackers to execute arbitrary code via a C file with a long
#include line that is later browsed by the target. |
| Alerts: |
|
Comments (1 posted)
cups: denial of service
| Package(s): | cups |
CVE #(s): | CVE-2007-0720
|
| Created: | March 26, 2007 |
Updated: | February 7, 2008 |
| Description: |
Previous versions of the cups package could be forced to hang via a client
"partially negotiating" an ssl connection. In this state, cups would not
allow other connections to be made, a denial of service. |
| Alerts: |
|
Comments (none posted)
gpdf: integer overflow
| Package(s): | cups poppler xpdf |
CVE #(s): | CVE-2007-3387
|
| Created: | July 31, 2007 |
Updated: | November 28, 2007 |
| Description: |
The gpdf library contains an integer overflow which can be exploited via a malicious PDF file. This code finds its way into multiple packages, including xpdf, kpdf, poppler, cups, and more. |
| Alerts: |
|
Comments (1 posted)
Cyrus-SASL: DIGEST-MD5 Pre-Authentication Denial of Service
| Package(s): | cyrus-sasl |
CVE #(s): | CVE-2006-1721
|
| Created: | April 21, 2006 |
Updated: | September 4, 2007 |
| Description: |
Cyrus-SASL contains an unspecified vulnerability in the DIGEST-MD5
process that could lead to a Denial of Service. An attacker could possibly
exploit this vulnerability by sending specially crafted data stream to the
Cyrus-SASL server, resulting in a Denial of Service even if the attacker is
not able to authenticate. |
| Alerts: |
|
Comments (none posted)
dovecot: directory traversal
| Package(s): | dovecot |
CVE #(s): | CVE-2007-2231
|
| Created: | May 8, 2007 |
Updated: | May 21, 2008 |
| Description: |
Directory traversal vulnerability in index/mbox/mbox-storage.c in Dovecot
before 1.0.rc29, when using the zlib plugin, allows remote attackers to
read arbitrary gzipped (.gz) mailboxes (mbox files) via a .. (dot dot)
sequence in the mailbox name. |
| Alerts: |
|
Comments (none posted)
drupal: cross site request forgery
| Package(s): | drupal |
CVE #(s): | |
| Created: | July 27, 2007 |
Updated: | August 1, 2007 |
| Description: |
From DRUPAL-SA-2007-017:
"Several parts in Drupal core are not protected against cross site
request forgeries due to inproper use of the Forms API, or by taking action
solely on GET requests. Malicious users are able to delete comments and
content revisions and disable menu items by enticing a privileged users to
visit certain URLs while the victim is logged-in to the targeted
site." |
| Alerts: |
|
Comments (2 posted)
elinks: code execution
| Package(s): | elinks |
CVE #(s): | CVE-2007-2027
|
| Created: | May 7, 2007 |
Updated: | October 30, 2009 |
| Description: |
Arnaud Giersch discovered that elinks incorrectly attempted to load
gettext catalogs from a relative path. If a user were tricked into
running elinks from a specific directory, a local attacker could execute
code with user privileges. |
| Alerts: |
|
Comments (none posted)
elinks: arbitrary file access
| Package(s): | elinks |
CVE #(s): | CVE-2006-5925
|
| Created: | November 16, 2006 |
Updated: | October 22, 2009 |
| Description: |
The elinks text-mode browser has an arbitrary file access vulnerability
in the Elinks SMB protocol handler. If a user can be tricked into
visiting a specially crafted web page, arbitrary files may be read or
written with the user's permissions. |
| Alerts: |
|
Comments (none posted)
emacs21: denial of service
| Package(s): | emacs21 |
CVE #(s): | CVE-2007-2833
|
| Created: | June 21, 2007 |
Updated: | August 29, 2007 |
| Description: |
The emacs21 editor has a denial of service vulnerability.
emacs21 can be made to crash by viewing "certain types of images". |
| Alerts: |
|
Comments (none posted)
evolution: format string error
| Package(s): | evolution |
CVE #(s): | CVE-2007-1002
|
| Created: | March 27, 2007 |
Updated: | February 27, 2008 |
| Description: |
A format string error in the "write_html()" function in calendar/gui/
e-cal-component-memo-preview.c when displaying a memo's categories can
potentially be exploited to execute arbitrary code via a specially crafted
shared memo containing format specifiers. |
| Alerts: |
|
Comments (1 posted)
evolution-data-server: malicious server arbitrary code execution
| Package(s): | evolution-data-server |
CVE #(s): | CVE-2007-3257
|
| Created: | June 18, 2007 |
Updated: | November 7, 2007 |
| Description: |
From the GNOME
bugzilla: "The "SEQUENCE" value in the GData of the IMAP code
(camel-imap-folder.c) is converted from a string using strtol. This allows
for negative values. The imap_rescan uses this value as an int. It checks
for !seq and seq>summary.length. It doesn't check for seq <
0. Although seq is used as the index of an array." |
| Alerts: |
|
Comments (1 posted)
pop mail man-in-the-middle attacks
| Package(s): | evolution thunderbird mutt fetchmail |
CVE #(s): | CVE-2007-1558
|
| Created: | May 8, 2007 |
Updated: | July 3, 2009 |
| Description: |
The APOP protocol allows remote attackers to guess the first 3 characters
of a password via man-in-the-middle (MITM) attacks that use crafted message
IDs and MD5 collisions. NOTE: this design-level issue potentially affects
all products that use APOP, including (1) Thunderbird, (2) Evolution, (3)
mutt, and (4) fetchmail. |
| Alerts: |
|
Comments (none posted)
festival: privilege escalation
| Package(s): | festival |
CVE #(s): | |
| Created: | July 26, 2007 |
Updated: | August 1, 2007 |
| Description: |
The festival text-to-speech converter has a privilege escalation
vulnerability. The festival daemon runs with root privileges,
a local attacker can connect to to the daemon and execute arbitrary
commands as root. |
| Alerts: |
|
Comments (1 posted)
file: integer overflow
| Package(s): | file |
CVE #(s): | CVE-2007-2799
|
| Created: | June 1, 2007 |
Updated: | October 19, 2007 |
| Description: |
Colin Percival from FreeBSD reported that the previous fix for the
file_printf() buffer overflow introduced a new integer overflow. A remote
attacker could entice a user to run the file program on an overly large
file (more than 1Gb) that would trigger an integer overflow on 32-bit
systems, possibly leading to the execution of arbitrary code with the
rights of the user running file. |
| Alerts: |
|
Comments (3 posted)
firebird: buffer overflow
| Package(s): | firebird |
CVE #(s): | CVE-2007-3181
|
| Created: | July 2, 2007 |
Updated: | March 27, 2008 |
| Description: |
The Firebird DBMS has a buffer overflow vulnerability involving
the processing of connect requests with an overly large p_cnct_count
value. Remote attackers can send a specially crafted
request to the server in order to potentially execute arbitrary code with
the permissions of the Firebird user. |
| Alerts: |
|
Comments (none posted)
firefox: multiple vulnerabilities
| Package(s): | firefox |
CVE #(s): | CVE-2007-3844
CVE-2007-3845
|
| Created: | August 1, 2007 |
Updated: | February 20, 2008 |
| Description: |
A flaw was discovered in handling of "about:blank" windows used by
addons. A malicious web site could exploit this to modify the contents,
or steal confidential data (such as passwords), of other web pages.
(CVE-2007-3844)
Jesper Johansson discovered that spaces and double-quotes were
not correctly handled when launching external programs. In rare
configurations, after tricking a user into opening a malicious web page,
an attacker could execute helpers with arbitrary arguments with the
user's privileges. (CVE-2007-3845) |
| Alerts: |
|
Comments (none posted)
firefox: multiple vulnerabilities
| Package(s): | firefox mozilla seamonkey thunderbird |
CVE #(s): | CVE-2007-1362
CVE-2007-2867
CVE-2007-2868
CVE-2007-2869
CVE-2007-2870
CVE-2007-2871
|
| Created: | June 4, 2007 |
Updated: | August 29, 2007 |
| Description: |
Various flaws were discovered in the layout and JavaScript engines. By
tricking a user into opening a malicious web page, an attacker could
execute arbitrary code with the user's privileges. (CVE-2007-2867,
CVE-2007-2868)
A flaw was discovered in the form autocomplete feature. By tricking a user
into opening a malicious web page, an attacker could cause a persistent
denial of service. (CVE-2007-2869)
Nicolas Derouet discovered flaws in cookie handling. By tricking a user
into opening a malicious web page, an attacker could force the browser to
consume large quantities of disk or memory while processing long cookie
paths. (CVE-2007-1362)
A flaw was discovered in the same-origin policy handling of the
addEventListener JavaScript method. A malicious web site could exploit
this to modify the contents, or steal confidential data (such as
passwords), of other web pages. (CVE-2007-2870)
Chris Thomas discovered a flaw in XUL popups. A malicious web site
could exploit this to spoof or obscure portions of the browser UI,
such as the location bar. (CVE-2007-2871) |
| Alerts: |
|
Comments (3 posted)
firefox, thunderbird, seamonkey: multiple vulnerabilities
| Package(s): | firefox, thunderbird, seamonkey |
CVE #(s): | CVE-2007-3738
CVE-2007-3656
CVE-2007-3670
CVE-2007-3285
CVE-2007-3737
CVE-2007-3089
CVE-2007-3736
CVE-2007-3734
CVE-2007-3735
|
| Created: | July 18, 2007 |
Updated: | May 12, 2008 |
| Description: |
shutdown and moz_bug_r_a4 reported two separate ways to modify an
XPCNativeWrapper such that subsequent access by the browser would result in
executing user-supplied code. (CVE-2007-3738)
Michal Zalewski reported that it was possible to bypass the same-origin
checks and read from cached (wyciwyg) documents It is possible to access
wyciwyg:// documents without proper same domain policy checks through the
use of HTTP 302 redirects. This enables the attacker to steal sensitive
data displayed on dynamically generated pages; perform cache poisoning; and
execute own code or display own content with URL bar and SSL certificate
data of the attacked page (URL spoofing++). (CVE-2007-3656)
Internet Explorer calls registered URL protocols without escaping quotes
and may be used to pass unexpected and potentially dangerous data to the
application that registers that URL Protocol. (CVE-2007-3670)
Ronald van den Heetkamp reported that a filename URL containing %00
(encoded null) can cause Firefox to interpret the file extension
differently than the underlying Windows operating system potentially
leading to unsafe actions such as running a program. This is only
accessible locally. (CVE-2007-3285)
An attacker can use an element outside of a document to call an event
handler allowing content to run arbitrary code with chrome
privileges. (CVE-2007-3737)
Ronen Zilberman and Michal Zalewski both reported that it was possible to
exploit a timing issue to inject content into about:blank frames in a
page. When opening a window from a script, it is possible to spoof the
content of the newly opened window's frames within a short time frame,
while the window is loading. (CVE-2007-3089)
Mozilla contributor moz_bug_r_a4 demonstrated that the methods
addEventListener and setTimeout could be used to inject script into another
site in violation of the browser's same-origin policy. This could be used
to access or modify private or valuable information from that other
site. (CVE-2007-3736)
As part of the Firefox 2.0.0.5 update releases Mozilla developers fixed
many bugs to improve the stability of the product. Some of these crashes
that showed evidence of memory corruption under certain circumstances and
we presume that with enough effort at least some of these could be
exploited to run arbitrary code. Note: Thunderbird shares the browser
engine with Firefox and could be vulnerable if JavaScript were to be
enabled in mail. This is not the default setting and we strongly discourage
users from running JavaScript in mail. Without further investigation we
cannot rule out the possibility that for some of these an attacker might be
able to prepare memory for exploitation through some means other than
JavaScript, such as large images. (CVE-2007-3734, CVE-2007-3735) |
| Alerts: |
|
Comments (none posted)
flac123: arbitrary code execution
| Package(s): | flac123 |
CVE #(s): | CVE-2007-3507
|
| Created: | July 13, 2007 |
Updated: | October 22, 2007 |
| Description: |
A stack-based buffer overflow in the local__vcentry_parse_value function in
vorbiscomment.c in flac123 (aka flac-tools or flac) before 0.0.10 allows
user-assisted remote attackers to execute arbitrary code via a large
comment value_length. |
| Alerts: |
|
Comments (none posted)
flash-plugin: input validation flaw
| Package(s): | flash-plugin |
CVE #(s): | CVE-2007-3456
|
| Created: | July 12, 2007 |
Updated: | August 10, 2007 |
| Description: |
The Firefox flash-plugin module has an input validation flaw
involving the display of certain content. If a user can be tricked
into opening a specially crafted Adobe Flash file, it may be possible
to execute arbitrary code. |
| Alerts: |
|
Comments (none posted)
freetype: arbitrary code execution
| Package(s): | freetype |
CVE #(s): | CVE-2007-2754
|
| Created: | May 24, 2007 |
Updated: | June 1, 2010 |
| Description: |
The Freetype font rendering library versions 2.3.4 and below
has an integer sign error. Remote attackers may be able to
create a specially crafted TrueType Font file with a negative
n_points value that will cause an integer overflow and heap-based
buffer overflow, allowing the execution of arbitrary code. |
| Alerts: |
|
Comments (none posted)
freetype: integer overflows
| Package(s): | freetype |
CVE #(s): | CVE-2006-0747
CVE-2006-1861
CVE-2006-2493
CVE-2006-2661
CVE-2006-3467
|
| Created: | June 8, 2006 |
Updated: | June 1, 2010 |
| Description: |
The FreeType library has several integer overflow vulnerabilities.
If a user can be tricked into installing a specially
crafted font file, arbitrary code can be executed with the privilege
of the user. |
| Alerts: |
|
Comments (none posted)
gcc: file overwrite vulnerability
| Package(s): | gcc |
CVE #(s): | CVE-2006-3619
|
| Created: | September 6, 2006 |
Updated: | March 14, 2008 |
| Description: |
The fastjar utility found in the GNU compiler collection does not perform adequate file path checking, allowing the creation or overwriting of files outside of the current directory tree. |
| Alerts: |
|
Comments (none posted)
gd: buffer overflow
| Package(s): | gd |
CVE #(s): | CVE-2007-0455
|
| Created: | February 7, 2007 |
Updated: | November 18, 2009 |
| Description: |
The gd graphics library contains a buffer overflow which could enable a remote attacker to execute arbitrary code. Note that various other packages include code from gd and could also be vulnerable. |
| Alerts: |
|
Comments (2 posted)
gd: denial of service
| Package(s): | gd |
CVE #(s): | CVE-2007-2756
|
| Created: | June 14, 2007 |
Updated: | February 28, 2008 |
| Description: |
Libgd2 has a denial of service vulnerability involving the incorrect
validation of PNG callback results. If an application that is linked
against libgd2 is used to process a specially-crafted PNG file,
a denial of service involving CPU resource consumption can be
caused. |
| Alerts: |
|
Comments (none posted)
gdm: denial of service
| Package(s): | gdm |
CVE #(s): | CVE-2007-3381
|
| Created: | August 1, 2007 |
Updated: | September 20, 2007 |
| Description: |
JLANTHEA reported a denial of service flaw in the way that gdm listens on its Unix domain socket.
Any local user can crash the locally running X session. |
| Alerts: |
|
Comments (none posted)
gedit: format string vulnerability
| Package(s): | gedit |
CVE #(s): | CAN-2005-1686
|
| Created: | June 9, 2005 |
Updated: | February 5, 2009 |
| Description: |
A format string vulnerability has been discovered in gedit. Calling
the program with specially crafted file names caused a buffer
overflow, which could be exploited to execute arbitrary code with the
privileges of the gedit user. |
| Alerts: |
|
Comments (1 posted)
gimp: multiple vulnerabilities
| Package(s): | gimp |
CVE #(s): | CVE-2007-2949
|
| Created: | June 28, 2007 |
Updated: | February 27, 2008 |
| Description: |
The gimp image editor has several vulnerabilities, including
a problem where it can open PSD files with excessive dimensions
and a possible stack overflow in the Sunras loader. |
| Alerts: |
|
Comments (none posted)
grip: buffer overflow
| Package(s): | grip |
CVE #(s): | CAN-2005-0706
|
| Created: | March 10, 2005 |
Updated: | November 19, 2008 |
| Description: |
Grip, a CD ripper, has a buffer overflow vulnerability that can
occur when the CDDB server returns more than 16 matches. |
| Alerts: |
|
Comments (none posted)
gzip: multiple vulnerabilities
| Package(s): | gzip |
CVE #(s): | CVE-2006-4334
CVE-2006-4335
CVE-2006-4336
CVE-2006-4337
CVE-2006-4338
|
| Created: | September 19, 2006 |
Updated: | January 20, 2010 |
| Description: |
Tavis Ormandy of the Google Security Team discovered two denial of service
flaws in the way gzip expanded archive files. If a victim expanded a
specially crafted archive, it could cause the gzip executable to hang or
crash.
Tavis Ormandy of the Google Security Team discovered several code execution
flaws in the way gzip expanded archive files. If a victim expanded a
specially crafted archive, it could cause the gzip executable to crash or
execute arbitrary code. |
| Alerts: |
|
Comments (1 posted)
HelixPlayer: arbitrary code execution
| Package(s): | HelixPlayer |
CVE #(s): | CVE-2007-3410
|
| Created: | June 27, 2007 |
Updated: | September 17, 2007 |
| Description: |
A buffer overflow flaw was found in the way HelixPlayer processed
Synchronized Multimedia Integration Language (SMIL) files. It was possible
for a malformed SMIL file to execute arbitrary code with the permissions of
the user running HelixPlayer. (CVE-2007-3410) |
| Alerts: |
|
Comments (1 posted)
horde-kronolith: local file inclusion
| Package(s): | horde-kronolith |
CVE #(s): | CVE-2006-6175
|
| Created: | January 17, 2007 |
Updated: | March 7, 2008 |
| Description: |
Kronolith contains a mistake in lib/FBView.php where a raw, unfiltered
string is used instead of a sanitized string to view local files. An
authenticated attacker could craft an HTTP GET request that uses directory
traversal techniques to execute any file on the web server as PHP code,
which could allow information disclosure or arbitrary code execution with
the rights of the user running the PHP application (usually the webserver
user). |
| Alerts: |
|
Comments (none posted)
ImageMagick: integer overflows
| Package(s): | imagemagick |
CVE #(s): | CVE-2007-1797
|
| Created: | April 4, 2007 |
Updated: | August 11, 2009 |
| Description: |
Multiple integer overflows in ImageMagick before 6.3.3-5 allow remote
attackers to execute arbitrary code via (1) a crafted DCM image, which
results in a heap-based overflow in the ReadDCMImage function, or (2) the
(a) colors or (b) comments field in a crafted XWD image, which results in a
heap-based overflow in the ReadXWDImage function, different issues than
CVE-2007-1667. |
| Alerts: |
|
Comments (none posted)
imlib2: arbitrary code execution
| Package(s): | imlib2 |
CVE #(s): | CVE-2006-4806
CVE-2006-4807
CVE-2006-4808
CVE-2006-4809
|
| Created: | November 6, 2006 |
Updated: | August 13, 2007 |
| Description: |
M. Joonas Pihlaja discovered that imlib2 did not sufficiently verify the
validity of ARGB, JPG, LBM, PNG, PNM, TGA, and TIFF images. If a user
were tricked into viewing or processing a specially crafted image with
an application that uses imlib2, the flaws could be exploited to execute
arbitrary code with the user's privileges. |
| Alerts: |
|
Comments (none posted)
ipsec-tools: denial of service
| Package(s): | ipsec-tools |
CVE #(s): | CVE-2007-1841
|
| Created: | April 10, 2007 |
Updated: | August 28, 2007 |
| Description: |
A flaw was discovered in the IPSec key exchange server "racoon". Remote
attackers could send a specially crafted packet and disrupt established
IPSec tunnels, leading to a denial of service. |
| Alerts: |
|
Comments (none posted)
jasper: denial of service
| Package(s): | jasper |
CVE #(s): | CVE-2007-2721
|
| Created: | June 1, 2007 |
Updated: | April 19, 2010 |
| Description: |
The jpc_qcx_getcompparms function in jpc/jpc_cs.c could allow remote
user-assisted attackers to cause a denial of service (crash) and possibly
corrupt the heap via malformed image files. |
| Alerts: |
|
Comments (none posted)
java: multiple vulnerabilities
| Package(s): | java |
CVE #(s): | CVE-2006-4339
CVE-2006-4790
CVE-2006-6731
CVE-2006-6736
CVE-2006-6737
CVE-2006-6745
|
| Created: | January 18, 2007 |
Updated: | June 4, 2010 |
| Description: |
java has multiple vulnerabilities, these include:
an RSA exponent padding attack vulnerability, two vulnerabilities
which allow untrusted applets to access data in other applets,
vulnerabilities that involve applets gaining privileges due to
serialization bugs in the JRE and buffer overflows in the java image
handling routines that can give attackers read/write/execute capabilities
for local files. |
| Alerts: |
|
Comments (1 posted)
kdebase: information leak
| Package(s): | kdebase |
CVE #(s): | CVE-2007-2022
|
| Created: | June 13, 2007 |
Updated: | September 19, 2007 |
| Description: |
A problem with the interaction between the Flash Player and the Konqueror
web browser was found. The problem could lead to key presses leaking to the
Flash Player applet instead of the browser.
NOTE: CVE number may be incorrect, see CVE entry |
| Alerts: |
|
Comments (1 posted)
kdelibs: kate backup file permission leak
| Package(s): | kdelibs kate kwrite |
CVE #(s): | CAN-2005-1920
|
| Created: | July 19, 2005 |
Updated: | September 21, 2010 |
| Description: |
Kate / Kwrite, as shipped with KDE 3.2.x up to including 3.4.0, creates a file backup before saving a modified file. These backup files are created with default permissions, even if the original file had more strict permissions set. See this advisory for more information. |
| Alerts: |
|
Comments (1 posted)
kdelibs: cross-site scripting
| Package(s): | kdelibs konqeror |
CVE #(s): | CVE-2007-0537
|
| Created: | February 5, 2007 |
Updated: | August 13, 2007 |
| Description: |
Konqueror 3.5.5 does not properly parse HTML comments, which allows remote
attackers to conduct cross-site scripting (XSS) attacks and bypass some XSS
protection schemes by embedding certain HTML tags within a comment, a
related issue to CVE-2007-0478. |
| Alerts: |
|
Comments (none posted)
kernel: denial of service
| Package(s): | kernel |
CVE #(s): | CVE-2007-1357
|
| Created: | April 16, 2007 |
Updated: | November 14, 2007 |
| Description: |
The atalk_sum_skb function in AppleTalk for Linux kernel 2.6.x before
2.6.21, and possibly 2.4.x, allows remote attackers to cause a denial of
service (crash) via an AppleTalk frame that is shorter than the specified
length, which triggers a BUG_ON call when an attempt is made to perform a
checksum. |
| Alerts: |
|
Comments (none posted)
kernel: denial of service
| Package(s): | kernel |
CVE #(s): | CVE-2006-4623
|
| Created: | October 18, 2006 |
Updated: | November 14, 2007 |
| Description: |
The kernel DVB layer can be caused to crash with maliciously-formatted unidirectional lightweight encapsulation (ULE) data. |
| Alerts: |
|
Comments (none posted)
kernel: denial of service
| Package(s): | kernel |
CVE #(s): | CVE-2007-3642
|
| Created: | July 23, 2007 |
Updated: | November 14, 2007 |
| Description: |
The decode_choice function in net/netfilter/bf_conntrack_h323_asn1.c in the
Linux kernel before 2.6.22 allows remote attackers to cause a denial of
service (crash) via an encoded, out-of-range index value for a choice
field, which triggers a NULL pointer dereference. |
| Alerts: |
|
Comments (none posted)
kernel: multiple vulnerabilities
| Package(s): | kernel |
CVE #(s): | CVE-2007-0005
CVE-2007-1000
|
| Created: | March 15, 2007 |
Updated: | November 14, 2007 |
| Description: |
The Linux kernel has a boundary error problem with the
Omnikey CardMan 4040 driver read and write functions. This can be used
to cause a buffer overflow and possible execution or arbitrary code with
kernel privileges.
The ipv6_getsockopt_sticky function in
net/ipv6/ipv6_sockglue.c is vulnerable to a NULL pointer dereference.
Local users can use this to crash the kernel or to disclose kernel
memory. |
| Alerts: |
|
Comments (none posted)
kernel: denial of service
| Package(s): | kernel |
CVE #(s): | CVE-2006-0007
CVE-2007-0006
|
| Created: | February 15, 2007 |
Updated: | November 14, 2007 |
| Description: |
Linux kernel versions from 2.6.9 to 2.6.20 have a denial of service
vulnerability. A remote attacker can cause the key_alloc_serial
function's key serial number collision avoidance code to have a
null dereference, resulting in a crash. |
| Alerts: |
|
Comments (1 posted)
kernel: denial of service
| Package(s): | kernel |
CVE #(s): | CVE-2006-4535
CVE-2006-4538
|
| Created: | September 18, 2006 |
Updated: | January 5, 2009 |
| Description: |
Sridhar Samudrala discovered a local denial of service vulnerability
in the handling of SCTP sockets. By opening such a socket with a
special SO_LINGER value, a local attacker could exploit this to crash
the kernel. (CVE-2006-4535)
Kirill Korotaev discovered that the ELF loader on the ia64 and sparc
platforms did not sufficiently verify the memory layout. By attempting
to execute a specially crafted executable, a local user could exploit
this to crash the kernel. (CVE-2006-4538) |
| Alerts: |
|
Comments (none posted)
kernel: denial of service
| Package(s): | kernel |
CVE #(s): | CVE-2007-1861
CVE-2007-2242
|
| Created: | May 1, 2007 |
Updated: | February 8, 2008 |
| Description: |
The netlink protocol has an infinite recursion bug that allows users to
cause a kernel crash. Also the IPv6 protocol allows remote attackers to
cause a denial of service via crafted IPv6 type 0 route headers
(IPV6_RTHDR_TYPE_0) that create network amplification between two routers. |
| Alerts: |
|
Comments (none posted)
kernel: denial of service by memory consumption
| Package(s): | kernel |
CVE #(s): | CVE-2006-2936
|
| Created: | July 17, 2006 |
Updated: | November 14, 2007 |
| Description: |
The ftdi_sio driver (usb/serial/ftdi_sio.c) in Linux kernel 2.6.x up to
2.6.17, and possibly later versions, allows local users to cause a denial
of service (memory consumption) by writing more data to the serial port
than the driver can handle, which causes the data to be queued. |
| Alerts: |
|
Comments (none posted)
kernel: denial of service
| Package(s): | kernel |
CVE #(s): | CVE-2007-0772
|
| Created: | February 23, 2007 |
Updated: | November 14, 2007 |
| Description: |
The Linux kernel before 2.6.20.1 allows remote attackers to cause a denial
of service (oops) via a crafted NFSACL 2 ACCESS request that triggers a free
of an incorrect pointer. |
| Alerts: |
|
Comments (none posted)
kernel: several vulnerabilities
| Package(s): | kernel |
CVE #(s): | CVE-2007-1353
CVE-2007-2451
CVE-2007-2453
|
| Created: | June 11, 2007 |
Updated: | March 6, 2008 |
| Description: |
Ilja van Sprundel discovered that Bluetooth setsockopt calls could leak
kernel memory contents via an uninitialized stack buffer. A local attacker
could exploit this flaw to view sensitive kernel information.
(CVE-2007-1353)
The GEODE-AES driver did not correctly initialize its encryption key.
Any data encrypted using this type of device would be easily compromised.
(CVE-2007-2451)
The random number generator was hashing a subset of the available
entropy, leading to slightly less random numbers. Additionally, systems
without an entropy source would be seeded with the same inputs at boot
time, leading to a repeatable series of random numbers. (CVE-2007-2453) |
| Alerts: |
|
Comments (none posted)
kernel: signal handling flaw on PPC
| Package(s): | kernel |
CVE #(s): | CVE-2007-3107
|
| Created: | July 10, 2007 |
Updated: | February 4, 2008 |
| Description: |
A flaw in the signal handling on PowerPC-based systems that allowed a
local user to cause a denial of service (floating point corruption). |
| Alerts: |
|
Comments (none posted)
kernel: several vulnerabilities
| Package(s): | kernel |
CVE #(s): | CVE-2006-5823
CVE-2006-6054
CVE-2007-1592
|
| Created: | June 12, 2007 |
Updated: | March 21, 2011 |
| Description: |
A flaw in the cramfs file system allows invalid compressed data to cause
memory corruption (CVE-2006-5823)
A flaw in the ext2 file system allows an invalid inode size to cause a
denial of service (system hang) (CVE-2006-6054)
A flaw in IPV6 flow label handling allows a local user to cause a denial of
service (crash) (CVE-2007-1592) |
| Alerts: |
|
Comments (none posted)
kernel: denial of service
| Package(s): | kernel |
CVE #(s): | CVE-2006-5757
|
| Created: | November 13, 2006 |
Updated: | November 14, 2007 |
| Description: |
From the MOKB-05-11-2006
advisory: "The ISO9660 filesystem handling code of the Linux
2.6.x kernel fails to properly handle corrupted data structures, leading to
an exploitable denial of service condition. This particular vulnerability
seems to be caused by a race condition and a signedness issue. When
performing a read operation on a corrupted ISO9660 fs stream, the
isofs_get_blocks() function will enter an infinite loop when
__find_get_block_slow() callback from sb_getblk() fails ("due to various
races between file io on the block device and getblk")." |
| Alerts: |
|
Comments (none posted)
kernel: denial of service
| Package(s): | kernel |
CVE #(s): | CVE-2006-2935
CVE-2006-4145
CVE-2006-3745
|
| Created: | September 1, 2006 |
Updated: | July 30, 2008 |
| Description: |
Previous versions of the kernel package are subject to several
vulnerabilities. Certain malformed UDF filesystems can cause the system to
crash (denial of service). Malformed CDROM firmware or USB storage devices
(such as USB keys) could cause system crash (denial of service), and if
they were intentionally malformed, can cause arbitrary code to run with
elevated privileges. In addition, the SCTP protocol is subject to a remote
system crash (denial of service) attack. |
| Alerts: |
|
Comments (none posted)
kernel: multiple vulnerabilities
| Package(s): | kernel |
CVE #(s): | CVE-2006-5749
CVE-2006-4814
CVE-2006-6106
|
| Created: | January 5, 2007 |
Updated: | January 8, 2009 |
| Description: |
A security issue has been reported in Linux kernel due to an error in
drivers/isdn/i4l/isdn_ppp.c as the "isdn_ppp_ccp_reset_alloc_state()"
function never initializes an event timer before scheduling it with the
"add_timer()" function.
The mincore function in the kernel does not properly lock access to user
space, which has unspecified impact and attack vectors, possibly related to
a deadlock.
Another vulnerability has been reported in Linux kernel caused by a
boundary error within the handling of incoming CAPI messages in
net/bluetooth/cmtp/capi.c. This can be exploited to overwrite certain
Kernel data structures. |
| Alerts: |
|
Comments (none posted)
krb5: multiple vulnerabilities
| Package(s): | krb5 |
CVE #(s): | CVE-2007-2442
CVE-2007-2443
CVE-2007-2798
|
| Created: | June 27, 2007 |
Updated: | March 24, 2008 |
| Description: |
David Coffey discovered an uninitialized pointer free flaw in the
RPC library used by kadmind. A remote unauthenticated attacker who
could access kadmind could trigger the flaw causing kadmind to crash
or possibly execute arbitrary code (CVE-2007-2442).
David Coffey also discovered an overflow flaw in the same RPC library.
A remote unauthenticated attacker who could access kadmind could
trigger the flaw causing kadmind to crash or possibly execute arbitrary
code (CVE-2007-2443).
Finally, a stack buffer overflow vulnerability was found in kadmind
that allowed an unauthenticated user able to access kadmind the
ability to trigger the vulnerability and possibly execute arbitrary
code (CVE-2007-2798). |
| Alerts: |
|
Comments (none posted)
krb5: uninitialized pointers
| Package(s): | krb5 |
CVE #(s): | CVE-2006-6143
CVE-2006-3084
|
| Created: | January 10, 2007 |
Updated: | July 7, 2010 |
| Description: |
The kdamind daemon can, in some situations, perform operations on uninitialized pointers. This bug could conceivably open up the system to a code execution attack by an unauthenticated remote attacker, but it appears to be difficult to exploit. See this advisory for details. |
| Alerts: |
|
Comments (1 posted)
krb5: local privilege escalation
| Package(s): | krb5 |
CVE #(s): | CVE-2006-3083
|
| Created: | August 9, 2006 |
Updated: | July 7, 2010 |
| Description: |
Some kerberos applications fail to check the results of setuid() calls, with the result that, if that call fails, they could continue to execute as root after thinking they had switched to a nonprivileged user. A local attacker who can cause these calls to fail (through resource exhaustion, presumably) could exploit this bug to gain root privileges. |
| Alerts: |
|
Comments (none posted)
krb5: multiple vulnerabilities
| Package(s): | krb5 |
CVE #(s): | CVE-2007-0956
CVE-2007-0957
CVE-2007-1216
|
| Created: | April 3, 2007 |
Updated: | March 24, 2008 |
| Description: |
A flaw was found in the username handling of the MIT krb5 telnet daemon
(telnetd). A remote attacker who can access the telnet port of a target
machine could log in as root without requiring a password. MIT krb5 Security Advisory 2007-001
Buffer overflows were found which affect the Kerberos KDC and the kadmin
server daemon. A remote attacker who can access the KDC could exploit this
bug to run arbitrary code with the privileges of the KDC or kadmin server
processes. MIT krb5 Security Advisory
2007-002
A double-free flaw was found in the GSSAPI library used by the kadmin
server daemon. MIT krb5 Security Advisory
2007-003 |
| Alerts: |
|
Comments (none posted)
ktorrent: incorrect validation
| Package(s): | ktorrent |
CVE #(s): | CVE-2007-1384
CVE-2007-1385
CVE-2007-1799
|
| Created: | March 13, 2007 |
Updated: | October 24, 2007 |
| Description: |
Bryan Burns of Juniper Networks discovered that KTorrent did not
correctly validate the destination file paths nor the HAVE statements
sent by torrent peers. A malicious remote peer could send specially
crafted messages to overwrite files or execute arbitrary code with user
privileges. |
| Alerts: |
|
Comments (1 posted)
lftp: shell command execution
| Package(s): | lftp |
CVE #(s): | CVE-2007-2348
|
| Created: | May 4, 2007 |
Updated: | September 16, 2009 |
| Description: |
mirror --script in lftp before 3.5.9 does not properly quote shell
metacharacters, which might allow remote user-assisted attackers to execute
shell commands via a malicious script. NOTE: it is not clear whether this
issue crosses security boundaries, since the script already supports
commands such as "get" which could overwrite executable files. |
| Alerts: |
|
Comments (none posted)
libexif: integer overflow
| Package(s): | libexif |
CVE #(s): | CVE-2007-2645
|
| Created: | June 1, 2007 |
Updated: | February 11, 2008 |
| Description: |
Integer overflow in the exif_data_load_data_entry function in exif-data.c
in libexif before 0.6.14 allows user-assisted remote attackers to cause a
denial of service (crash) or possibly execute arbitrary code via crafted
EXIF data, involving the (1) doff or (2) s variable. |
| Alerts: |
|
Comments (none posted)
libgtop2: buffer overflow
| Package(s): | libgtop2 |
CVE #(s): | CVE-2007-0235
|
| Created: | January 15, 2007 |
Updated: | August 9, 2007 |
| Description: |
The /proc parsing routines in libgtop are vulnerable to a buffer overflow.
If an attacker can run a process in a specially crafted long
path then trick a user into running gnome-system-monitor,
arbitrary code can be executed with the user's privileges. |
| Alerts: |
|
Comments (none posted)
libmodplug: boundary errors
| Package(s): | libmodplug |
CVE #(s): | CVE-2006-4192
|
| Created: | December 11, 2006 |
Updated: | May 4, 2011 |
| Description: |
Luigi Auriemma has reported various boundary errors in load_it.cpp and
a boundary error in the "CSoundFile::ReadSample()" function in
sndfile.cpp. A remote attacker can entice a user to read crafted modules
or ITP files, which may trigger a buffer overflow resulting in the
execution of arbitrary code with the privileges of the user running the
application. |
| Alerts: |
|
Comments (none posted)
libphp-phpmailer: command execution
| Package(s): | libphp-phpmailer |
CVE #(s): | CVE-2007-3215
|
| Created: | June 20, 2007 |
Updated: | June 25, 2009 |
| Description: |
libphp-phpmailer does not do sufficient input validation, enabling shell command injection attacks. |
| Alerts: |
|
Comments (none posted)
libpng: denial of service
| Package(s): | libpng |
CVE #(s): | CVE-2007-2445
|
| Created: | May 17, 2007 |
Updated: | March 23, 2009 |
| Description: |
Libpng can be crashed when processing malformed PNG files.
It may also be possible to exploit this vulnerability to execute arbitrary
code. |
| Alerts: |
|
Comments (none posted)
libpng: buffer overflow
| Package(s): | libpng |
CVE #(s): | CVE-2006-3334
|
| Created: | July 19, 2006 |
Updated: | December 15, 2008 |
| Description: |
In pngrutil.c, the function png_decompress_chunk() allocates
insufficient space for an error message, potentially overwriting stack
data, leading to a buffer overflow. |
| Alerts: |
|
Comments (none posted)
libpng: heap based buffer overflow
| Package(s): | libpng |
CVE #(s): | CVE-2006-0481
|
| Created: | February 13, 2006 |
Updated: | December 15, 2008 |
| Description: |
A heap based buffer overflow bug was found in the way libpng strips alpha
channels from a PNG image. An attacker could create a carefully crafted PNG
image file in such a way that it could cause an application linked with
libpng to crash or execute arbitrary code when the file is opened by a
victim. |
| Alerts: |
|
Comments (1 posted)
libtiff: buffer overflow
| Package(s): | libtiff |
CVE #(s): | CVE-2006-2193
|
| Created: | June 15, 2006 |
Updated: | September 1, 2008 |
| Description: |
The t2p_write_pdf_string function in libtiff 3.8.2 and earlier is vulnerable
to a buffer overflow. Attackers can use a TIFF file with UTF-8 characters
in the DocumentName tag to overflow a buffer, causing a denial of service,
and possibly the execution of arbitrary code. |
| Alerts: |
|
Comments (none posted)
libvorbis: multiple memory corruption flaws
| Package(s): | libvorbis |
CVE #(s): | CVE-2007-3106
CVE-2007-4029
|
| Created: | July 27, 2007 |
Updated: | January 22, 2008 |
| Description: |
This iSEC Partners security advisory has
details on multiple memory corruption flaws in libvorbis. |
| Alerts: |
|
Comments (none posted)
libxml2 - arbitrary code execution
| Package(s): | libxml2 |
CVE #(s): | CAN-2004-0110
|
| Created: | February 26, 2004 |
Updated: | August 19, 2009 |
| Description: |
Yuuichi Teranishi discovered a flaw in libxml2 versions prior to 2.6.6.
When fetching a remote resource via FTP or HTTP, libxml2 uses special
parsing routines. These routines can overflow a buffer if passed a very
long URL. If an attacker is able to find an application using libxml2 that
parses remote resources and allows them to influence the URL, then this
flaw could be used to execute arbitrary code. |
| Alerts: |
|
Comments (none posted)
libxml2: multiple buffer overflows
| Package(s): | libxml2 |
CVE #(s): | CAN-2004-0989
|
| Created: | October 28, 2004 |
Updated: | August 19, 2009 |
| Description: |
libxml2 prior to version 2.6.14 has multiple buffer overflow
vulnerabilities, if a local user passes a specially crafted
FTP URL, arbitrary code may be executed. |
| Alerts: |
|
Comments (none posted)
lighttpd: denial of service
| Package(s): | lighttpd |
CVE #(s): | CVE-2007-3946
CVE-2007-3947
CVE-2007-3948
CVE-2007-3949
CVE-2007-3950
|
| Created: | July 19, 2007 |
Updated: | July 15, 2008 |
| Description: |
The lighttpd web server has multiple vulnerabilities involving
a remote access-control setting circumvention that is performed
by the sending of malformed requests. This can be used to crash
the server and cause a denial of service. |
| Alerts: |
|
Comments (none posted)
lookup-el: insecure temporary file
| Package(s): | lookup-el |
CVE #(s): | CVE-2007-0237
|
| Created: | March 19, 2007 |
Updated: | December 10, 2007 |
| Description: |
Tatsuya Kinoshita discovered that Lookup, a search interface to electronic
dictionaries on emacsen, creates a temporary file in an insecure fashion
when the ndeb-binary feature is used, which allows a local attacker to
craft a symlink attack to overwrite arbitrary files. |
| Alerts: |
|
Comments (none posted)
lynx: arbitrary command execution
| Package(s): | lynx |
CVE #(s): | CVE-2005-2929
|
| Created: | November 14, 2005 |
Updated: | September 14, 2009 |
| Description: |
An arbitrary command execute bug was found in the lynx "lynxcgi:" URI
handler. An attacker could create a web page redirecting to a malicious URL
which could execute arbitrary code as the user running lynx. |
| Alerts: |
|
Comments (none posted)
mod_jk: proxy bypass
| Package(s): | mod_jk |
CVE #(s): | CVE-2007-1860
|
| Created: | May 30, 2007 |
Updated: | March 7, 2008 |
| Description: |
From the Red Hat advisory: "Versions of mod_jk before 1.2.23 decoded request URLs by default inside
Apache httpd and forwarded the encoded URL to Tomcat, which itself did a
second decoding. If Tomcat was used behind mod_jk and configured to only
proxy some contexts, an attacker could construct a carefully crafted HTTP
request to work around the context restriction and potentially access
non-proxied content." |
| Alerts: |
|
Comments (none posted)
moin: arbitrary JavaScript execution
| Package(s): | moin |
CVE #(s): | CVE-2007-2423
|
| Created: | May 8, 2007 |
Updated: | March 10, 2008 |
| Description: |
A flaw was discovered in MoinMoin's error reporting when using the
AttachFile action. By tricking a user into viewing a crafted MoinMoin
URL, an attacker could execute arbitrary JavaScript as the current
MoinMoin user, possibly exposing the user's authentication information
for the domain where MoinMoin was hosted. |
| Alerts: |
|
Comments (none posted)
mplayer: buffer overflow
| Package(s): | mplayer |
CVE #(s): | CVE-2007-1246
|
| Created: | March 8, 2007 |
Updated: | April 1, 2008 |
| Description: |
MPlayer versions up to 1.0rc1 have a buffer overflow in the
loader/dmo/DMO_VideoDecoder.c DMO_VideoDecoder_Open function.
user-assisted remote attackers can use this to create a buffer overflow
and possibly execute arbitrary code. |
| Alerts: |
|
Comments (none posted)
mydns: buffer overflows
| Package(s): | mydns |
CVE #(s): | CVE-2007-2362
|
| Created: | May 23, 2007 |
Updated: | December 17, 2007 |
| Description: |
Multiple buffer overflows in MyDNS allow remote attackers to cause a denial of
service (daemon crash) and possibly execution of arbitrary code. |
| Alerts: |
|
Comments (none posted)
mysql: denial of service
| Package(s): | mysql |
CVE #(s): | CVE-2007-1420
|
| Created: | March 22, 2007 |
Updated: | May 21, 2008 |
| Description: |
MySQL subselect queries using "ORDER BY" can be used by an attacker with
access to a MySQL instance in order to create an intermittent denial
of service. |
| Alerts: |
|
Comments (none posted)
mysql: format string bug
| Package(s): | mysql |
CVE #(s): | CVE-2006-3469
|
| Created: | July 21, 2006 |
Updated: | July 30, 2008 |
| Description: |
Jean-David Maillefer discovered a format string bug in the
date_format() function's error reporting. By calling the function with
invalid arguments, an authenticated user could exploit this to crash
the server. |
| Alerts: |
|
Comments (none posted)
MySQL: privilege violations
| Package(s): | mysql |
CVE #(s): | CVE-2006-4031
CVE-2006-4226
|
| Created: | August 25, 2006 |
Updated: | July 30, 2008 |
| Description: |
MySQL 4.1 before 4.1.21 and 5.0 before 5.0.24 allows a local user to access
a table through a previously created MERGE table, even after the user's
privileges are revoked for the original table, which might violate intended
security policy (CVE-2006-4031).
MySQL 4.1 before 4.1.21, 5.0 before 5.0.25, and 5.1 before 5.1.12, when run
on case-sensitive filesystems, allows remote authenticated users to create
or access a database when the database name differs only in case from a
database for which they have permissions (CVE-2006-4226). |
| Alerts: |
|
Comments (none posted)
mysql: multiple vulnerabilities
Comments (none posted)
MySQL: logging bypass
| Package(s): | mysql |
CVE #(s): | CVE-2006-0903
|
| Created: | April 4, 2006 |
Updated: | May 21, 2008 |
| Description: |
MySQL 5.0.18 and earlier allows local users to bypass logging mechanisms
via SQL queries that contain the NULL character, which are not properly
handled by the mysql_real_query function. NOTE: this issue was originally
reported for the mysql_query function, but the vendor states that since
mysql_query expects a null character, this is not an issue for mysql_query. |
| Alerts: |
|
Comments (2 posted)
nbd: arbitrary code execution
| Package(s): | nbd |
CVE #(s): | CVE-2005-3534
|
| Created: | January 6, 2006 |
Updated: | March 7, 2011 |
| Description: |
Kurt Fitzner discovered that the NBD (network block device) server did not
correctly verify the maximum size of request packets. By sending specially
crafted large request packets, a remote attacker who is allowed to access
the server could exploit this to execute arbitrary code with root
privileges. |
| Alerts: |
|
Comments (none posted)
ncompress: buffer underflow
| Package(s): | ncompress |
CVE #(s): | CVE-2006-1168
|
| Created: | August 10, 2006 |
Updated: | February 21, 2012 |
| Description: |
The ncompress compression utility has a missing boundary check.
A local user can use a maliciously created file to cause a
a .bss buffer underflow. |
| Alerts: |
|
Comments (none posted)
nginx: cross site scripting
| Package(s): | nginx |
CVE #(s): | |
| Created: | July 20, 2007 |
Updated: | September 14, 2009 |
| Description: |
Nginx [engine x] is an HTTP(S) server, HTTP(S) reverse proxy and IMAP/POP3
proxy server written by Igor Sysoev. The "msie_refresh" directive could
allow cross site scripting. |
| Alerts: |
|
Comments (none posted)
OpenOffice.org: arbitrary code execution
| Package(s): | openoffice.org |
CVE #(s): | CVE-2007-0245
|
| Created: | June 13, 2007 |
Updated: | June 12, 2008 |
| Description: |
A specially crafted RTF file could cause the
filter to overwrite data on the heap, which may lead to the execution
of arbitrary code. |
| Alerts: |
|
Comments (none posted)
OpenSSH: denial of service
| Package(s): | openssh |
CVE #(s): | CVE-2006-4925
CVE-2006-5052
|
| Created: | October 6, 2006 |
Updated: | November 15, 2007 |
| Description: |
packet.c in ssh in OpenSSH allows remote attackers to cause a denial of
service (crash) by sending an invalid protocol sequence with
USERAUTH_SUCCESS before NEWKEYS, which causes newkeys[mode] to be NULL.
An unspecified vulnerability in portable OpenSSH before 4.4, when running
on some platforms, allows remote attackers to determine the validity of
usernames via unknown vectors involving a GSSAPI "authentication abort." |
| Alerts: |
|
Comments (none posted)
openssh: remote denial of service
| Package(s): | openssh |
CVE #(s): | CVE-2006-4924
CVE-2006-5051
|
| Created: | September 27, 2006 |
Updated: | September 17, 2008 |
| Description: |
Openssh 4.4 fixes some
security issues, including a pre-authentication denial of service, an
unsafe signal hander and on portable OpenSSH a GSSAPI authentication abort
could be used to determine the validity of usernames on some platforms. |
| Alerts: |
|
Comments (none posted)
pam: privilege escalation
| Package(s): | pam |
CVE #(s): | CVE-2007-1716
|
| Created: | June 12, 2007 |
Updated: | November 15, 2007 |
| Description: |
A flaw was found in the way pam_console set console device permissions. It
was possible for various console devices to retain ownership of the console
user after logging out, possibly leaking information to an unauthorized
user. |
| Alerts: |
|
Comments (none posted)
perl-Net-DNS: predictable id sequence
| Package(s): | perl-Net-DNS |
CVE #(s): | CVE-2007-3377
|
| Created: | June 26, 2007 |
Updated: | March 12, 2008 |
| Description: |
Net::DNS before 0.60 uses an id sequence that is predictable and the same
in all child processes. |
| Alerts: |
|
Comments (none posted)
php: multiple vulnerabilities
| Package(s): | php |
CVE #(s): | CVE-2007-1001
CVE-2007-1285
CVE-2007-1718
CVE-2007-1583
|
| Created: | April 16, 2007 |
Updated: | December 4, 2007 |
| Description: |
A denial of service flaw was found in the way PHP processed a deeply nested
array. A remote attacker could cause the PHP interpreter to crash by
submitting an input variable with a deeply nested array. (CVE-2007-1285)
A flaw was found in the way the mbstring extension set global variables. A
script which used the mb_parse_str() function to set global variables could
be forced to enable the register_globals configuration option, possibly
resulting in global variable injection. (CVE-2007-1583)
A flaw was discovered in the way PHP's mail() function processed header
data. If a script sent mail using a Subject header containing a string from
an untrusted source, a remote attacker could send bulk e-mail to unintended
recipients. (CVE-2007-1718)
A heap based buffer overflow flaw was discovered in PHP's gd extension. A
script that could be forced to process WBMP images from an untrusted source
could result in arbitrary code execution. (CVE-2007-1001) |
| Alerts: |
|
Comments (none posted)
php: several vulnerabilities
| Package(s): | php |
CVE #(s): | CVE-2006-4481
CVE-2006-4484
CVE-2006-4485
|
| Created: | September 8, 2006 |
Updated: | June 13, 2008 |
| Description: |
The file_exists and imap_reopen functions in PHP before 5.1.5 do not check
for the safe_mode and open_basedir settings, which allows local users to
bypass the settings (CVE-2006-4481).
A buffer overflow in the LWZReadByte function in ext/gd/libgd/gd_gif_in.c
in the GD extension in PHP before 5.1.5 allows remote attackers to have an
unknown impact via a GIF file with input_code_size greater than
MAX_LWZ_BITS, which triggers an overflow when initializing the table array
(CVE-2006-4484).
The stripos function in PHP before 5.1.5 has unknown impact and attack
vectors related to an out-of-bounds read (CVE-2006-4485). |
| Alerts: |
|
Comments (1 posted)
php: multiple vulnerabilities
| Package(s): | php |
CVE #(s): | CVE-2007-2872
CVE-2007-2756
|
| Created: | June 1, 2007 |
Updated: | January 29, 2008 |
| Description: |
According to a vendor release announcement multiple
security enhancements and fixes were fixed in version 5.2.3 of the
programming language PHP. |
| Alerts: |
|
Comments (none posted)
php: buffer overflows
| Package(s): | php |
CVE #(s): | CVE-2006-5465
|
| Created: | November 3, 2006 |
Updated: | January 18, 2010 |
| Description: |
The Hardened-PHP Project discovered buffer overflows in
htmlentities/htmlspecialchars internal routines to the PHP Project. Of
course the whole purpose of these functions is to be filled with user
input. (The overflow can only be when UTF-8 is used) |
| Alerts: |
|
Comments (none posted)
phpbb2: missing input sanitizing
| Package(s): | phpbb2 |
CVE #(s): | CVE-2006-1896
|
| Created: | May 22, 2006 |
Updated: | February 11, 2008 |
| Description: |
It was discovered that phpbb2, a web based bulletin board, insufficiently
sanitizes values passed to the "Font Color 3" setting, which might lead to
the execution of injected code by admin users. |
| Alerts: |
|
Comments (none posted)
phpbb2: multiple vulnerabilities
| Package(s): | phpbb2 |
CVE #(s): | CVE-2005-3310
CVE-2005-3415
CVE-2005-3416
CVE-2005-3417
CVE-2005-3418
CVE-2005-3419
CVE-2005-3420
CVE-2005-3536
CVE-2005-3537
|
| Created: | December 22, 2005 |
Updated: | February 11, 2008 |
| Description: |
The phpbb2 web forum has a number of vulnerabilities including:
a web script injection problem, a protection mechanism bypass, a
security check bypass, a remote global variable bypass, cross site
scripting vulnerabilities, an SQL injection vulnerability,
a remote regular expression modification problem, missing input
sanitizing, and a missing request validation problem. |
| Alerts: |
|
Comments (none posted)
phpPgAdmin: cross-site scripting
| Package(s): | phppgadmin |
CVE #(s): | CVE-2007-2865
CVE-2007-5728
|
| Created: | June 18, 2007 |
Updated: | January 21, 2009 |
| Description: |
A cross-site scripting (XSS) vulnerability in sqledit.php in phpPgAdmin
4.1.1 allows remote attackers to inject arbitrary web script or HTML via
the server parameter. |
| Alerts: |
|
Comments (none posted)
phpwiki: remote code execution
| Package(s): | phpwiki |
CVE #(s): | CVE-2007-2024
CVE-2007-2025
|
| Created: | May 17, 2007 |
Updated: | September 12, 2007 |
| Description: |
The phpwiki Upload page does not properly check the extension of a file.
This can be used by a remote attacker to upload a specially crafted PHP file
and execute arbitrary PHP code with the privileges of the PhpWiki user. |
| Alerts: |
|
Comments (none posted)
pptpd: denial of service
| Package(s): | pptpd |
CVE #(s): | CVE-2007-0244
|
| Created: | May 9, 2007 |
Updated: | September 3, 2007 |
| Description: |
The PoPToP server daemon contains a bug which allows an attacker to tear down a connection through a malformed GRE packet. |
| Alerts: |
|
Comments (none posted)
proftpd: authentication bypass
| Package(s): | proftpd |
CVE #(s): | CVE-2007-2165
|
| Created: | June 21, 2007 |
Updated: | November 5, 2007 |
| Description: |
The ProFTPD Auth API has an authentication bypass vulnerability.
When multiple simultaneous authentication modules are configured,
the ProFTPD module that checks authentication is not necessarily
the same module that retrieves authentication data. This can be
used by remote attackers to bypass the authentication system.
|
| Alerts: |
|
Comments (none posted)
pulseaudio: denial of service
| Package(s): | pulseaudio |
CVE #(s): | CVE-2007-1804
|
| Created: | May 30, 2007 |
Updated: | March 10, 2008 |
| Description: |
The pulseaudio network code suffers from a denial of service vulnerability exploitable by an unauthenticated attacker. |
| Alerts: |
|
Comments (none posted)
python: information disclosure
| Package(s): | python |
CVE #(s): | CVE-2007-2052
|
| Created: | May 9, 2007 |
Updated: | July 30, 2009 |
| Description: |
Python 2.4 and 2.5 contain a bug in PyLocale_strxfrm() which could enable an attacker to read portions of unrelated memory. |
| Alerts: |
|
Comments (none posted)
qemu: multiple vulnerabilities
Comments (none posted)
qt: arbitrary code execution
| Package(s): | qt |
CVE #(s): | CVE-2007-3388
|
| Created: | August 1, 2007 |
Updated: | December 10, 2007 |
| Description: |
Format string bugs were found in several Qt warning messages.
Applications using Qt for processing certain data types could
trigger them if the data caused Qt to print warnings. The bugs
potentially allow to execute arbitrary code via specially crafted
files (CVE-2007-3388). |
| Alerts: |
|
Comments (none posted)
qt: "/../" injection
| Package(s): | qt |
CVE #(s): | CVE-2007-0242
|
| Created: | April 4, 2007 |
Updated: | September 13, 2007 |
| Description: |
Andreas Nolden discovered a bug in qt3, where the UTF8 decoder does not
reject overlong sequences, which can cause "/../" injection or (in the case
of konqueror) a "<script>" tag injection. |
| Alerts: |
|
Comments (2 posted)
quake: buffer overflow
| Package(s): | quake3-bin |
CVE #(s): | CVE-2006-2236
|
| Created: | May 10, 2006 |
Updated: | January 12, 2009 |
| Description: |
Games based on the Quake 3 engine are vulnerable to a buffer overflow exploitable by a hostile game server. |
| Alerts: |
|
Comments (none posted)
redhat-cluster-suite: denial of service
| Package(s): | redhat-cluster-suite |
CVE #(s): | CVE-2007-3380
|
| Created: | July 19, 2007 |
Updated: | November 14, 2007 |
| Description: |
The redhat cluster suite's
cluster manager is vulnerable to a remote attack. Attackers
can connect to the DLM port and block subsequent DLM operations,
resulting in a denial of service. |
| Alerts: |
|
Comments (1 posted)
rpm: arbitrary code execution
| Package(s): | rpm |
CVE #(s): | CVE-2006-5466
|
| Created: | November 6, 2006 |
Updated: | August 28, 2007 |
| Description: |
An error was found in the RPM library's handling of query reports. In
some locales, certain RPM packages would cause the library to crash. If
a user was tricked into querying a specially crafted RPM package, the
flaw could be exploited to execute arbitrary code with the user's
privileges. |
| Alerts: |
|
Comments (none posted)
slocate: information disclosure
| Package(s): | slocate |
CVE #(s): | CVE-2007-0227
|
| Created: | February 22, 2007 |
Updated: | September 4, 2012 |
| Description: |
The slocate permission checking code has a local information disclosure
vulnerability. During the reporting of matching files, slocate does not
respect the parent directory's read permissions, resulting in hidden
filenames being viewable by other local users. |
| Alerts: |
|
Comments (none posted)
snort: remote arbitrary code execution
| Package(s): | snort |
CVE #(s): | CVE-2006-5276
|
| Created: | March 2, 2007 |
Updated: | September 7, 2007 |
| Description: |
The Snort intrusion detection system is vulnerable to a buffer overflow
in the DCE/RPC preprocessor code. Remote attackers can send
specially crafted fragmented SMB or DCE/RPC packets which can be used
to allow the the remote execution of arbitrary code. |
| Alerts: |
|
Comments (1 posted)
Sun JDK/JRE: multiple vulnerabilities
| Package(s): | Sun JDK/JRE |
CVE #(s): | CVE-2007-2435
CVE-2007-2788
CVE-2007-2789
|
| Created: | June 1, 2007 |
Updated: | April 18, 2008 |
| Description: |
An unspecified vulnerability involving an "incorrect use of system
classes" was reported by the Fujitsu security team. Additionally, Chris
Evans from the Google Security Team reported an integer overflow
resulting in a buffer overflow in the ICC parser used with JPG or BMP
files, and an incorrect open() call to /dev/tty when processing certain
BMP files. |
| Alerts: |
|
Comments (none posted)
tcpdump: integer overflow
| Package(s): | tcpdump |
CVE #(s): | CVE-2007-3798
|
| Created: | July 20, 2007 |
Updated: | November 15, 2007 |
| Description: |
An integer overflow in print-bgp.c in the BGP dissector in tcpdump 3.9.6
and earlier allows remote attackers to execute arbitrary code via crafted
TLVs in a BGP packet, related to an unchecked return value. |
| Alerts: |
|
Comments (none posted)
tcpdump: denial of service
| Package(s): | tcpdump |
CVE #(s): | CVE-2007-1218
|
| Created: | March 5, 2007 |
Updated: | November 15, 2007 |
| Description: |
Off-by-one buffer overflow in the parse_elements function in the 802.11
printer code (print-802_11.c) for tcpdump 3.9.5 and earlier allows remote
attackers to cause a denial of service (crash) via a crafted 802.11
frame. NOTE: this was originally referred to as heap-based, but it might be
stack-based. |
| Alerts: |
|
Comments (none posted)
tetex: buffer overflow
| Package(s): | tetex |
CVE #(s): | CVE-2007-0650
|
| Created: | May 8, 2007 |
Updated: | May 13, 2008 |
| Description: |
A buffer overflow in the open_sty function in mkind.c for makeindex 2.14 in
teTeX might allow user-assisted remote attackers to overwrite files and
possibly execute arbitrary code via a long filename. NOTE: other overflows
exist but might not be exploitable, such as a heap-based overflow in the
check_idx function. |
| Alerts: |
|
Comments (1 posted)
tomcat: directory traversal
| Package(s): | tomcat |
CVE #(s): | CVE-2007-0450
|
| Created: | May 2, 2007 |
Updated: | February 27, 2008 |
| Description: |
Versions of tomcat prior to 5.5.22 do not properly filter filename separator characters, enabling information disclosure attacks. |
| Alerts: |
|
Comments (none posted)
tomcat: cross-site scripting
| Package(s): | tomcat |
CVE #(s): | CVE-2007-2449
CVE-2007-2450
|
| Created: | July 17, 2007 |
Updated: | February 17, 2009 |
| Description: |
Some JSPs within the 'examples' web application did not escape user
provided data. If the JSP examples were accessible, this flaw could allow a
remote attacker to perform cross-site scripting attacks (CVE-2007-2449).
Note: it is recommended the 'examples' web application not be installed on
a production system.
The Manager and Host Manager web applications did not escape user provided
data. If a user is logged in to the Manager or Host Manager web
application, an attacker could perform a cross-site scripting attack
(CVE-2007-2450). |
| Alerts: |
|
Comments (1 posted)
unrar: integer signedness error
| Package(s): | unrar |
CVE #(s): | CVE-2007-3726
|
| Created: | July 31, 2007 |
Updated: | August 1, 2007 |
| Description: |
Integer signedness error in the SET_VALUE function in rarvm.cpp in unrar
3.70 beta 3, as used in products including WinRAR and RAR for OS X, allows
user-assisted remote attackers to cause a denial of service (crash) via a
crafted RAR archive that causes a negative signed number to be cast to a
large unsigned number. |
| Alerts: |
|
Comments (1 posted)
vim: arbitrary code execution
| Package(s): | vim |
CVE #(s): | CVE-2007-2953
|
| Created: | July 30, 2007 |
Updated: | November 27, 2008 |
| Description: |
vim is vulnerable to a user-assisted attack in which vim may execute arbitrary code when helptags is run on data that has been maliciously crafted. |
| Alerts: |
|
Comments (none posted)
vixie-cron: weak permissions may cause errors
| Package(s): | vixie-cron |
CVE #(s): | CVE-2007-1856
|
| Created: | April 17, 2007 |
Updated: | December 4, 2007 |
| Description: |
During an internal audit, Raphael Marichez of the Gentoo Linux Security
Team found that Vixie Cron has weak permissions set on Gentoo, allowing
for a local user to create hard links to system and users cron files,
while a st_nlink check in database.c will generate a superfluous error. |
| Alerts: |
|
Comments (1 posted)
vlc: several vulnerabilities
| Package(s): | vlc |
CVE #(s): | CVE-2007-3316
CVE-2007-3467
CVE-2007-3468
|
| Created: | July 10, 2007 |
Updated: | March 10, 2008 |
| Description: |
Several remote vulnerabilities have been discovered in the VideoLan
multimedia player and streamer, which may lead to the execution of
arbitrary code. |
| Alerts: |
|
Comments (none posted)
wireshark: multiple vulnerabilities
| Package(s): | wireshark |
CVE #(s): | CVE-2007-3390
CVE-2007-3392
CVE-2007-3393
|
| Created: | June 28, 2007 |
Updated: | February 27, 2008 |
| Description: |
The wireshark network traffic analyzer has three vulnerabilities
that can be used to create a denial of service. These include
off-by-one overflows in the iSeries dissector, vulnerabilities in
the MMS and SSL dissectors that can cause an infinite loop and
an off-by-one overflow in the DHCP/BOOTP dissector. |
| Alerts: |
|
Comments (none posted)
XFree86 X.org: integer overflows
| Package(s): | xfree86 x.org |
CVE #(s): | CVE-2007-1003
CVE-2007-1667
CVE-2007-1351
CVE-2007-1352
|
| Created: | April 3, 2007 |
Updated: | August 11, 2009 |
| Description: |
iDefense reported an integer overflow flaw in the XFree86 XC-MISC
extension. A malicious authorized client could exploit this issue to cause
a denial of service (crash) or potentially execute arbitrary code with root
privileges on the XFree86 server. (CVE-2007-1003)
iDefense reported two integer overflows in the way X.org handled various
font files. A malicious local user could exploit these issues to
potentially execute arbitrary code with the privileges of the X.org server.
(CVE-2007-1351, CVE-2007-1352)
An integer overflow flaw was found in the XFree86 XGetPixel() function.
Improper use of this function could cause an application calling it to
function improperly, possibly leading to a crash or arbitrary code
execution. (CVE-2007-1667) |
| Alerts: |
|
Comments (none posted)
xfsdump: insecure temp dir
| Package(s): | xfsdump |
CVE #(s): | CVE-2007-2654
|
| Created: | June 22, 2007 |
Updated: | September 21, 2007 |
| Description: |
xfs_fsr in xfsdump creates a .fsr temporary directory with insecure
permissions, which allows local users to read or overwrite arbitrary files
on xfs filesystems. |
| Alerts: |
|
Comments (none posted)
xine: format string vulnerabilities
| Package(s): | xine |
CVE #(s): | CVE-2007-0017
|
| Created: | January 23, 2007 |
Updated: | August 10, 2007 |
| Description: |
Multiple format string vulnerabilities in (1) the cdio_log_handler function
in modules/access/cdda/access.c in the CDDA (libcdda_plugin) plugin, and
the (2) cdio_log_handler and (3) vcd_log_handler functions in
modules/access/vcdx/access.c in the VCDX (libvcdx_plugin) plugin, in
VideoLAN VLC 0.7.0 through 0.8.6 allow user-assisted remote attackers to
execute arbitrary code via format string specifiers in an invalid URI, as
demonstrated by a udp://-- URI in an M3U file. |
| Alerts: |
|
Comments (none posted)
xine-lib: arbitrary code execution
| Package(s): | xine-lib |
CVE #(s): | CVE-2007-1387
|
| Created: | March 13, 2007 |
Updated: | April 1, 2008 |
| Description: |
Moritz Jodeit discovered that the DirectShow loader of Xine did not
correctly validate the size of an allocated buffer. By tricking a user
into opening a specially crafted media file, an attacker could execute
arbitrary code with the user's privileges. |
| Alerts: |
|
Comments (none posted)
xine-lib: buffer overflow
| Package(s): | xine-lib |
CVE #(s): | CVE-2006-1664
|
| Created: | April 27, 2006 |
Updated: | February 27, 2008 |
| Description: |
xine-lib does an improper input data boundary check on
MPEG streams. A specially crafted MPEG file can be
created that can cause arbitrary code execution when the
file is accessed. |
| Alerts: |
|
Comments (none posted)
xinit: race condition
| Package(s): | xinit |
CVE #(s): | CVE-2006-5214
|
| Created: | October 17, 2006 |
Updated: | August 9, 2007 |
| Description: |
A race condition allows local users to see error messages generated during
another user's X session. This could allow potentially sensitive
information to be leaked. |
| Alerts: |
|
Comments (1 posted)
xmms: BMP handling vulnerability
| Package(s): | xmms |
CVE #(s): | CVE-2007-0653
CVE-2007-0654
|
| Created: | March 28, 2007 |
Updated: | July 26, 2011 |
| Description: |
xmms suffers from vulnerabilities in its handling of BMP images. Should a hostile image be included in an xmms skin, it could lead to code execution on the user's system. |
| Alerts: |
|
Comments (none posted)
X.org: temp file vulnerability
| Package(s): | X.org |
CVE #(s): | CVE-2007-3103
|
| Created: | July 12, 2007 |
Updated: | July 2, 2009 |
| Description: |
The X.Org X11 xfs font server has a temp file vulnerability in the
startup script. A local user can modify the permissions of the script
in order to elevate their local privileges. |
| Alerts: |
|
Comments (none posted)
zziplib: buffer overflow
| Package(s): | zziplib |
CVE #(s): | CVE-2007-1614
|
| Created: | April 4, 2007 |
Updated: | September 5, 2007 |
| Description: |
dmcox discovered a boundary error in the zzip_open_shared_io() function
from zzip/file.c . A remote attacker could entice a user to run a zziplib
function with an overly long string as an argument which would trigger the
buffer overflow and may lead to the execution of arbitrary code. |
| Alerts: |
|
Comments (none posted)
Page editor: Jake Edge
Kernel development
Brief items
The current 2.6 prepatch is 2.6.23-rc2,
released by Linus on
August 3. "
So I tried to hold people to the merge window, and
said no to a few pull requests, but this whole '-rc2 is the new -rc1' thing
is a disease, and not only is -rc2 late, it's bigger than it should be. Oh,
well." Along with a whole lot of fixes, -rc2 adds extensive
documentation to the Lguest code, a mechanism where kernel-space code can
request notification when it is about to be preempted from the CPU, new
configuration options for software suspend and hibernation, the removal of
support for SuperH sh73180 and 7300 CPUs, AMD Geode LX framebuffer support,
the removal of the arm26 port, and a TCP congestion control API change.
See
the short-form changelog for details or
the
full changelog for lots of details.
Roughly 50 changesets have been merged into the mainline repository since
-rc2.
The current stable 2.6 kernel remains 2.6.22.1. The 2.6.22.2 update is in review as of this
writing, and may be released as soon as August 9. It contains 84
fixes for problems all over the tree.
For older kernels: 2.6.21.7 was released on
August 4 with a fair number of important fixes.
Comments (none posted)
Kernel development news
I don't doubt at all that virtualization is useful in some
areas. What I doubt rather strongly is that it will ever have the
kind of impact that the people involved in virtualization want it
to have. It would appear that virtualization is the
"message-passing microkernel" of this decade, and that people have
a really hard time accepting that the reason operating systems
still basically look 100% the same today as they did almost forty
years ago, is that that is simply a very practical arrangement!
--
Linus Torvalds
In Linux we never ever assume a driver is working simply because
the hardware vendor tested it. A decade of real world experience
PROVES precisely the opposite -- getting code out into the world
early and often repeatedly turned up problems not seen in hardware
vendor's testing.
--
Jeff Garzik
Comments (12 posted)
By Jonathan Corbet
August 7, 2007
Contemporary processors have an interesting problem: if they operate at
their full rated capacity for extended periods of time, they run a real
risk of heating to the point that they let the blue smoke out and never run
again. To avoid this kind of problem, processors (and other components)
are instrumented with temperature sensors. The BIOS programs the sensors
with specific "trip points" - temperatures where things will happen to keep
the system from overheating. At a given trip point, the system might turn
on the fan, throttle the processor, or, if disaster is imminent, shut the
system down hard.
The Linux ACPI subsystem provides the ability to query these trip points;
the relevant virtual files can be found under
/proc/acpi/thermal_zone. Your editor's laptop, for example,
reveals that it is set to throttle the processor at 86°C and to pull
the plug at 91°. Traditionally, the ACPI code has also allowed a
suitably privileged user to change those trip points by writing new values
to the /proc files. That capability no longer exists, though; it
was removed in the 2.6.22 kernel.
Users are now starting to complain about
that change. They feel that the BIOS-set trip points on some systems are
positioned incorrectly, resulting in systems that run more slowly than they
think they should, fans which come on at the wrong time, and so on.
Naturally, they feel that the removal of the trip-point override feature
has reduced the functionality of their systems.
ACPI maintainer Len Brown responds that the
override feature is a bad idea for a number of reasons. At the top of the
list is the fact that the system cannot actually change the hardware trip
points. All it can do is disable them. Then the processor must take over
by polling the temperature sensors itself and responding when its software
trip points are reached. Should that polling and response fail to happen
for any reason, there is a real possibility that the hardware could be
damaged. Meltdowns could also easily occur if the trip points are set
incorrectly, leading to "Linux destroyed my laptop" postings echoed across
the net.
On top of that, the BIOS can change the trip points at any time for reasons
of its own. Many of the use cases for trip-point overrides (controlling
when fans go on and off, for example) are better done by having a
user-space daemon control fan operation directly. And the truth of the
matter is that overriding trip points is usually (Len would say always) an
inappropriate response to problems which are better solved somewhere else.
When the issue was discussed in May, he summarized it this way:
The fact that the trip-points are writable has obscured, rather
than clarified, the actual causes of the failures. No less than 4
people in that bug report declared that cleaning the dust out of
their fan fixed the root cause. A bunch more said that the issues
went away when they stopped using ubuntu's user-space power save
daemon.
There are a couple more with broken active fan control -- which
also gets obscured rather than clarified by over-riding trip
points.
The remaining problems, says Len, are most likely not present when Windows
is running on the affected hardware. And, he says, Windows is highly
unlikely to be overriding the trip points. The conclusion is that Linux is
doing something wrong in its thermal management on those systems. He would
much rather find and fix the real problem than hide it through use of
trip-point overrides.
In the end, according to Len, there has never yet been a bug report which
suggests that Linux should be messing with trip points in this way. This
is a clear challenge for anybody who misses the trip-point override
feature: send in a suitably documented report showing the problem that this
feature solved. If the override feature truly turns out to be necessary,
it may just come back - but it may just happen that a fix for the actual
problem goes in instead.
Comments (5 posted)
By Jake Edge
August 8, 2007
SELinux provides a comprehensive security solution for Linux, but it is
large and complex. A much simpler approach is taken by the Simplified
Mandatory Access Control Kernel (Smack), a patch posted to linux-kernel by
Casey Schaufler. Like SELinux, Smack implements Mandatory Access Control
(MAC), but it purposely leaves out the role based access control and type
enforcement that are major parts of SELinux. Smack is geared towards
solving smaller security problems than SELinux, requiring much less
configuration and very little application support.
Smack allows an administrator to define labels, 1-7 characters in length,
for kernel objects. Labels on objects are compared with the labels of a
task that tries to access them. By default, access is only allowed if the
labels match. There are a set of Smack-reserved labels that follow a
different set of rules, which allows most system objects and processes to be
unaffected by Smack restrictions. By default, Smack does not get in the
way of the OS, allowing the administrator to concentrate on just the users
and processes they want to secure.
Smack uses filesystem extended
attributes to store labels on files; administrators set the labels
using the attr command. The security.SMACK64 attribute
is used to store the Smack label on each file, so setting
/dev/null to have the Smack-reserved "star" label would
look like:
attr -S -s SMACK64 -V '*' /dev/null
For networks,
NetLabel is used to set CIPSO
labels and domains of interpretation for sockets, allowing Smack systems to
interoperate in those strictly controlled networking environments.
An administrator can add rules, but there is no support
for wildcards or regular expressions; each rule must specify a subject
label, object label and the access allowed explicitly. The access types
are much like the traditional UNIX rwx bits, with the addition of
an a bit for append. For configuration,
Smack uses the SELinux technique of defining a
filesystem that can be mounted, smackfs. Typically, it will be
mounted as /smack, providing various files that can be read or
written, to
govern Smack operation. For example, Smack access rules are written to
/smack/load; to change rules, one just writes a new set of access
permissions for the subject-object pair.
An example, one of several provided in the patch announcement, uses the
standard security levels for government documents. Smack labels are
defined for each level: Unclass for unclassified, C for
classified, S for secret, and TS for top secret. Then,
with a handful of rules:
C Unclass rx
S C rx
S Unclass rx
TS S rx
TS C rx
TS Unclass rx
the traditional hierarchy of access is defined. Because of the Smack
defaults,
Unclass will only be able to access data with that same
label,
whereas because of the rules above,
TS can access
S,
C and
Unclass data.
Note that there is no transitivity in Smack rules, just because S
can access C and TS can access S, that does not mean
that TS can access C. That rule must be explicitly
given. Also, because no write permissions have been given, tasks at each
level can only
write data with their own label. So secret tasks write secret data and so
on. Files will inherit the label of the task that creates them, with Smack
ensuring that the filesystem attribute is set. They will retain that label
unless it is explicitly reset by an administrator using the attr
command.
A patched version of sshd is available from Schaufler's homepage
which allows an administrator to assign labels to users. Those labels get
set on the user's shell and terminal device as they log into the system, forcing the user to
follow the rules established for their label. A patched version of
ls is
also available so that it can display the labels associated with files.
Smack is useful for limiting user and specific process access to
various resources, it is not meant to be as general purpose as SELinux.
Constructing a set of Smack labels and rules governing system processes,
network services and the like, to restrict their access as SELinux does,
would be impossible. For administrators needing to secure those services,
SELinux is probably a better tool, but for simple compartmentalization,
Smack may well suffice.
Comments (1 posted)
By Jonathan Corbet
August 7, 2007
Last December, LWN
looked at a
proposal to rework the NAPI interface used for packet reception in
high-bandwidth network drivers. Since then, the interface has gone through
some changes, but now appears to be in something close to its final form.
Anybody who maintains a NAPI-capable network driver will need to adapt to
the new API; in many cases the changes will be simple, but New-NAPI offers
some added features which may be of value to drivers of complicated hardware.
The core idea behind the NAPI interface is that, on a busy network, the
kernel does not need to be interrupted every time a network packet
arrives. Instead, the kernel can simply poll occasionally in the sure
knowledge that packets will be there waiting. Your editor likes to compare
packet receive interrupts with the beeps we all had, once upon a time, to
let us know when email had arrived. Few of us use those beeps anymore; we
have no doubt that there will be email waiting whenever we see fit to look
for it. Like us, the kernel can do without unneeded distractions; that is
especially true when those distractions can take the form of thousands of
interrupts every second.
There are other advantages to the NAPI approach. If the networking
subsystem is overwhelmed and must drop packets, NAPI makes it possible for
them to be dropped before they are ever fed into the stack. For various
reasons, packet reordering tends to be less of a problem with NAPI as
well.
The new napi_struct patch set (currently at version 5), like its
predecessor, introduces a new structure for controlling packet reception:
struct napi_struct {
struct list_head poll_list;
unsigned long state;
int weight;
int quota;
int (*poll)(struct napi_struct *, int);
/* Netpoll-related fields omitted */
}
This structure is no longer part of the net_device structure,
though; instead, drivers are expected to allocate it separately. Usually
it will be part of whatever larger structure the driver uses to represent
the device internally. One of the main advantages of this approach is that
device drivers can, if need be, create more than one napi_struct
structure for a given device. Contemporary hardware can support multiple
receive queues with nifty features like CPU affinity and flow separation;
multiple NAPI structures makes it easier to use those queues efficiently.
Drivers need not fill in the fields of the napi_struct structure,
though zeroing the whole structure at allocation time can only be a good
idea. Instead, each NAPI instance must be registered with the system with:
void netif_napi_add(struct net_device *dev,
struct napi_struct *napi,
int (*poll)(struct napi_struct *, int),
int weight);
Here, dev is the net_device structure associated with the
interface, napi is the NAPI structure, poll() is the
polling method to be used with this instance, and weight is the
relative weight to be given to this interface. Note that poll()
and weight are no longer part of the net_device
structure. As always, the setting of weight is somewhat
arbitrary, with most values varying between 16 (for basic Ethernet) and 64
- though InfiniBand uses 100. There is talk of reworking weights in a
future patch, but that is a separate issue.
There is no netif_napi_remove(), as there is currently no need for
it.
The prototype of the poll() method has changed somewhat:
int (*poll)(struct napi_struct *napi, int budget);
The NAPI structure comes in as napi, of course. The
budget parameter specifies how many packets the driver is allowed
to pass into the network stack on this call. There is no need to manage
separate quota fields anymore; drivers should simply respect
budget and return the number of packets which were actually
processed.
Most of the other NAPI-related functions have had the obvious changes made
to their prototypes. The two ways of turning on polling are:
void netif_rx_schedule(struct net_device *dev,
struct napi_struct *napi);
/* ...or... */
int netif_rx_schedule_prep(struct net_device *dev,
struct napi_struct *napi);
void __netif_rx_schedule(struct net_device *dev,
struct napi_struct *napi);
Polling is turned off with:
void netif_rx_complete(struct net_device *dev,
struct napi_struct *napi);
Since there can be more than one napi_struct structure in
existence, each can have polling enabled independently. Drivers are
responsible for disabling polling on all outstanding NAPI structures when
the interface is shut down (or when its stop() method is called).
The netif_poll_enable() and netif_poll_disable()
functions no longer exist, since polling is no longer tied to the
net_device structure. Instead, these functions should be used:
void napi_enable(struct napi *napi);
void napi_disable(struct napi *napi);
Networking maintainer David Miller, who has taken on the development of
this patch, says:
I don't anticipate making any more changes, just fixing bugs.
So please help me with that so we can finalize this patch. I
intend to cut a net-2.6.24 tree and stuff this patch into it by
the end of the week.
So anybody charged with maintaining out-of-tree network drivers should be
prepared for a significant API change in the 2.6.24 kernel.
Comments (1 posted)
By Jonathan Corbet
August 8, 2007
Among the metadata maintained by most filesystems is the last file access
time, or "atime." This time can be a useful value to have - it lets an
administrator (or a program) know when a file was last used. There is a
strong downside to this feature, though: it forces a write to the disk
every time a file is accessed. So read-only operations, which might have
been satisfied entirely from cache, turn into filesystem writes to keep the
atime value up to date.
A recent discussion on write throttling turned to atime after Ingo Molnar
pointed out that atime was probably a bigger performance problem than just
about everything else. He went on to say:
Atime updates are by far the biggest IO performance deficiency that
Linux has today. Getting rid of atime updates would give us more
everyday Linux performance than all the pagecache speedups of the
past 10 years, _combined_.
He also claimed that it was "perhaps the most stupid Unix design idea
of all times."
Such discussion leads quickly to the question of what should be done about
this old situation. One step that any Linux user can take now is to mount
filesystems with the noatime option, which turns off the tracking
of access times. For filesystem-intensive tasks, the performance reward
can be immediately apparent. Unfortunately, turning off atime
unconditionally will occasionally break software. Some mail tools will
compare modification and access times to determine whether there is unread
mail or not. The tmpwatch utility and some backup tools also use
atime and can misbehave if atime is not correct. For this reason,
distributors tend not to make noatime the default on installed
systems.
Another approach was added in 2.6.20: the relatime mount option. If
this flag is set, access times are only updated if they are (before the
update) earlier than the modification time. This change allows utilities
to see if the current version of a file has been read, but still cuts down
significantly on atime updates. This option is not heavily used, perhaps
because few people have heard of it and many distributions lack a version of
mount which is new enough to know about it. Using
relatime can still confuse tools which want to ask questions like
"has this file been accessed in the last week?"
To fix that problem, Linus suggested a
tweak to how relatime works: update it if the current value is
more than a certain time in the past - one day, for example. Ingo
responded with a patch
implementing that behavior and adding a couple of new boot options:
relatime_interval, which specifies the update interval in seconds,
and default_relatime, which turns on the relatime option
in all filesystems by default.
Something resembling this version of the patch might go into 2.6.24. It
was suggested that, whenever a file's inode is to be written to disk
anyway, the kernel might as well update atime as well. Alan Cox objected
that this change might make the overall behavior less predictable, which
might not be desirable. No new version of the patch with this feature has
been posted, so chances are it will not be in the version which gets merged
- if and when that happens.
Comments (14 posted)
Patches and updates
Kernel trees
Core kernel code
Development tools
Device drivers
Documentation
Filesystems and block I/O
Janitorial
Memory management
Networking
Architecture-specific
Security-related
Virtualization and containers
Miscellaneous
Page editor: Jonathan Corbet
Distributions
News and Editorials
By Rebecca Sobol
August 8, 2007
The week at LinuxWorld
Creative
Commons and the
Fedora Project
released a live CD called
LiveContent.
The live CD boots Fedora 7 and contains additional content licensed under a
free Creative Commons license. From the Red Hat press
release:
The Fedora 7 operating system boots directly from the LiveContent CD, making use of the open source tools found in the latest Fedora distribution like Revisor, Pungi and more. The CD features a variety of Creative Commons-licensed content including audio, video, image, text and educational resources. From the desktop, users can explore free and open content and learn more about businesses like Jamendo, Blip.tv, Flickr and others supporting creative communities through aggregation and search tools.
Also included are a number of open source software applications including OpenOffice, The Gimp, Inkscape, Firefox, multimedia viewers, open document templates and others. The LiveContent CD is a product of collaboration across a number of organizations - Red Hat is providing in-kind engineering support via Fedora 7 and many open source community members collaborated on the included software applications. Worldlabel.com, member of the Open Document Format Alliance, is supplying ongoing support for the development and distribution of the LiveContent CD.
As Fedora engineer Jack Aboutboul says in this
blog post:
The purpose of the LiveContent Distribution is to act as as tool and an enabler to both educate people about what Creative Commons is and does, and to provide them the tools and a selection of content with which they can begin to explore the remix culture and how endless the possibilities really are when a culture of collaboration is fostered, not detested.
The CD can be downloaded from the Fedora torrent site.
Comments (none posted)
New Releases
The first Fedora 8 test release is out. "
Test 1 is for 'alpha'
users. This is the time when we would like to have full
community participation. Without this participation both hardware and
software functionality suffers." See
the
Fedora 8 feature list for an overview of what's new in this
release.
Full Story (comments: none)
Linspire has
announced the availability of Freespire 2.0. "
Building on the best of open source
software using Ubuntu as its baseline, Freespire 2.0 adds legally licensed
proprietary drivers, codecs, and applications in its core distribution, to
provide a better user experience. Freespire 2.0
also continues to offer users the ability to choose what software they want
installed on their computer, without limitations or restrictions, as a
result, making available proprietary software where there are no viable
open source alternatives."
Comments (12 posted)
The first beta of Mandriva 2008 has been released. See
the
release notes for some indications of what's coming; among other
things, this release will feature a switch to AppArmor as the native
security framework.
Full Story (comments: none)
The first release candidate of Custom NimbleX 2 has been announced. Custom
NimbleX allows you to generate a customized Linux distribution.
Full Story (comments: none)
The seventh alpha release of openSUSE 10.3 is available for testing. Click
below for a look at the changes since alpha6, most annoying bugs, things
that need testing and the media and download information.
Full Story (comments: none)
Distribution News
DPL Sam Hocevar looks at FTP assistants, the Debian Maintainers proposal,
APT's Recommends handling and the patch sharing project.
Full Story (comments: none)
The latest version of apt in Debian's unstable and testing branches will
install recommended packages by default on October 1st.
Full Story (comments: none)
Debian Developers have voted to "Endorse the concept of Debian
Maintainers".
LWN
covered this general resolution last week.
Full Story (comments: none)
Novell
celebrates
the second anniversary of the openSUSE project with the release of the
first beta of openSUSE 10.3 (due August 9) and the continued growth of the
openSUSE Build Service.
Comments (1 posted)
Software.opensuse.org has a new
face and a new search interface.
Full Story (comments: none)
Matthew Garrett investigates
Automatix, a tool for Ubuntu users
to install software that is not officially supported. He
reports on a short look
at problems with the tool. "
Automatix exists to satisfy a genuine
need, and further work should be
carried out to determine whether these user requirements can be
satisfied within the distribution as a whole. However, in its current
form Automatix is actively dangerous to systems - ranging from damage
to small items of user configuration, through removing user-installed
packages without adequate prompting or warning and up to the (small
but existing) potential to leave a system in an unbootable state."
Comments (6 posted)
Distribution Newsletters
The Fedora Weekly News for July 29, 2007 covers announcements on Fedora 8
Test 1, Virtual FudCon and the new column called AskFedora. Also some
questions posed to AskFedora on a License Issue, Backups and Problem with
Pup. In Developments, continuing discussions on CodecBuddy, Yum, Kmods,
RPM Roadmap, KDE4 Status and more.
Full Story (comments: none)
The Mandriva Linux Community Newsletter for July 30, 2007 looks at new
releases: Corporate Desktop 4.0 and Mandriva Linux 2007 Spring Powerpack
CDs, Mandriva at the conferences: aKademy, GUADEC, LinuxWorld, French
Ministry of Agricultural and Fisheries chooses Mandriva, and more.
Full Story (comments: none)
The August 2007 edition of
PCLinuxOS
Magazine covers Lessons from Children, KDE User Guide Chapter 7, and
much more.
Comments (none posted)
Full Circle, the Ubuntu Community Magazine, has announced its
third issue containing
Xubuntu install step-by-step, How-To : Get a Stunning Ubuntu Desktop,
Learning Scribus part 3 and Ubuntu in Photography, Review of Ubuntu on a
Macbook, Preview of several new Compiz Fusion effects and more.
Full Story (comments: none)
The Ubuntu Weekly Newsletter for August 4, 2007 covers job opportunities at
Canonical, potential system issues caused by Automatix, the upcoming fourth
alpha release of Gutsy Gibbon, coverage of the US LoCo Teams Project and
meetup, and much much more.
Full Story (comments: none)
The
DistroWatch
Weekly for August 6, 2007 is out. "
The late Sunday release of
Arch Linux 2007.08 provided some excitement on the otherwise quiet
distribution release week, during which both Fedora and Mandriva failed to
deliver the promised first development builds of their upcoming
products. But on the distro news front, things were a lot more exciting:
MEPIS has announced that it will switch to a Debian base before its next
stable release, Ubuntu has published a detailed analysis of Automatix,
Kevin Carmony has announced resignation from Linspire, a Swedish
manufacturer has unveiled the world's cheapest laptop (running Fedora), and
Ian Murdock has given some hints about Sun Microsystems Project Indiana in
an interview. We also take a quick look at the current status of KNOPPIX
and Gentoo and publish some interesting statistical data about the
DistroWatch readership in Latin America and the Caribbean. Finally, we are
pleased to announce that the recipient of the July 2007 DistroWatch
donation is the FreeNAS project."
Comments (none posted)
Newsletters and articles of interest
Linux.com has
an excerpt
from
The Official Ubuntu Book, Second Edition. "
The
community-driven Edubuntu project aims to create a version of Ubuntu
specially tailored for use in primary and secondary education. Perhaps the
most useful feature present in the Edubuntu OS is the Linux Terminal Server
Project environment, whose applications are not limited just to
eduction. The LTSP model centers around one powerful machine that acts as a
server and several often much lower-powered machines that act as clients
and boot from an installation of Ubuntu on the server. Though you will not
be installing anything on them, there are still some maintenance tasks
specifically directed at clients."
Comments (none posted)
DesktopLinux
reports that
MEPIS Linux will return to using Debian as its base. "
With this
pre-beta, which is a preview of the upcoming SimplyMEPIS 7, MEPIS has
discontinued using Ubuntu binary packages in favor of a combination of
MEPIS packaged binaries based on Debian and Ubuntu source code. These
programs will run on top of a Debian Stable OS core, which will also be
using packages from the Debian package pools."
Comments (none posted)
Linux-Watch
reports that
Kevin Carmony has resigned as CEO of Linspire. "
Carmony also said
that Linspire is stronger than ever. "I can't speak for Linspire now, but I
believe the upcoming release of Freespire 2.0 and open CNR (Click N' Run)
will be great for Linspire and desktop Linux.""
Comments (none posted)
Distribution reviews
Linux.com has
a review of
Absolute Linux.
"
Absolute, a lightweight Linux operating system based on the
respected Slackware Linux distribution, just released version 12.0. It
features kernel version 2.6.21.5, IceWM and Fluxbox window managers, and
many graphical and ncurses-based configuration tools. Its goal is to
provide a lighter, easier-to-use Slackware appropriate for newcomers and
experienced Linux users alike. It is built for speed and performance but
doesn't neglect stability or security."
Comments (none posted)
PolishLinux.org has
a
review of EnGarde Secure Server 3.0.16. "
EnGarde is a server
oriented distribution equipped with WebTool -- a web based interface for
managing the system and various types of servers (HTTP, mail, FTP and many
other). There are two editions of EnGarde -- the free Community edition and
the commercial Professional edition. EnGarde and all it components are
published on the GPL license. EnGarde is available for i686 and x86_64
architectures, uses RPM packages managed by APT-GET."
Comments (none posted)
Linux.com
reviews Grafpup
2.0. "
Grafpup 2.0 is a compact Linux distribution based on Puppy
Linux and aimed at graphics professionals. It offers a variety of options
for installation, a custom set of configuration utilities, and a niche
suite of applications for digital artists. The graphics are soothing, and
the Openbox desktop runs smoothly even on older hardware. Despite a few
problems, Grafpup is a good choice for graphic designers and writers on the
go."
Comments (none posted)
TuxMachines
takes a
look at openSUSE 10.3 Alpha 7. "
So, all in all, it appears to me
that openSUSE 10.3 is shaping up. We're still really early in the
development process, so there's plenty time left. Things are looking better
and working better for the most part. I get more excited each release but
this one has really raised my pulse rate. I can hardly wait for
final."
Comments (none posted)
Linux-Watch
takes a look
at the first beta for Red Hat Enterprise Linux 5.1. "
If it seems
like it was only months ago that Red Hat launched its new major operating
system, Red Hat Enterprise Linux 5, that's because it wasn't quite five
months ago. Unlike Microsoft, which is still playing coy about when it will
replace Vista Service Pack 1, Red Hat has just announced the beta to its
next upgrade: RHEL 5.1."
Comments (3 posted)
Linux.com
reviews
Vyatta 2.2 beta.
"
The beta release of Vyatta -- which is essentially a Debian-based Linux distribution focused on networking -- includes Border Gateway Patrol (BGP) enhancements, Network Address Translation (NAT) usability enhancements, improvements to the Dynamic Host Configuration Protocol (DHCP) server and DHCP relay, and new options for the "show version" command."
Comments (none posted)
TuxMachines has
a
mini-review of Wolvix 1.1.0. "
Wolvix is a Linux distribution
released as an installable liveCD. Originally based on Slax, it is now
built upon Slackware and seems to concentrate highly on multimedia. It
features XFCE4 and Fluxbox and comes with a large suite of
software. Version 1.1.0 was released a few days ago and comes in two
variations. Hunter is the traditional more complete version, while Cub is a
smaller edition designed to fit and run on 256MB USB Flash Drives. I've
been a fan of Wolvix since the beginning because of it's unique look and
feel while offering exceptional functionality and lots of useful
applications. Realizing that I haven't looked at it in a while, I decided
to give Wolvix 1.1.0 a little spin this weekend. Since on-disk beat me to
the punch, I'll just post a mini-review and my screenshots."
Comments (none posted)
Page editor: Rebecca Sobol
Development
By Forrest Cook
August 8, 2007
The
K Desktop Environment (KDE) project has
announced the first beta release of KDE version 4.0:
This release marks the beginning of the integration process which will bring the powerful new technologies included in the now frozen KDE 4 libraries to the applications.
Almost two months after the foundations of KDE 4 have been laid with the first alpha, KDE enters the stage of a full freeze of the library interface. From now on, the applications will focus on integrating the new technology refined during the last months, and the library developers will try to fix all bugs found during this process. No new applications will enter the official KDE modules and usability and accessibility work is of course an ongoing process. In the following weeks KDE developers will be able to add features to their applications until the next beta is released and the application features will be frozen as well.
One interesting new application that will be included with KDE 4.0 is
Marble, a lightweight
earth viewing application that is similar to
Google Earth,
but will work on systems without graphics accelerator hardware:
Marble is a generic geographical map widget that is meant to be used by KDE4 applications. It shows the earth as a sphere but doesn't make use of any hardware acceleration (No OpenGL). So although it might look similar to professional applications like Google Earth or Nasa World Wind it's rather meant to be a small light weight multi purpose widget.
Changes coming to existing KDE applications in version 4.0 will include:
KWin,
the KDE window manager, will have some new effects to work with,
it will also run well on low-end video hardware.
Integration between the
Dolphin file manager
and the
Konqueror web browser will
be improved.
The Gwenview
image viewer is getting some new features and usability improvements.
The Konsole terminal emulator
will have some user interface improvements, new background choices,
support for clickable URLs and support for default color schemes.
The okular universal document viewer
will get usability improvements, better multithreading capabilities
and improvements to the print previewer.
The
KRDC remote desktop tool will undergo a code rewrite, new features
will include tabbed viewing and support for the
KWallet password manager.
The KDE PIM personal information
management suite will get some new features from its Enterprise
branch.
KOrganizer, the
calendar and scheduling component of the
Kontact
personal information management suite, will get new
Gantt chart
time line and Outlook-style views. The theming interface
has also had some improvements added.
If you want to give it a try,
KDE 4.0 beta 1 is available for download
here.
An openSUSE-based KDE4 Live CD has also been released.
Comments (2 posted)
System Applications
Database Software
The August 5, 2007 edition of the PostgreSQL Weekly News
is online with the latest PostgreSQL DBMS articles and resources.
Full Story (comments: none)
Libraries
Release 0.0.15 of libnetfilter_queue is out with an API change.
"
libnetfilter_queue is a userspace library providing an API to packets
that have been queued by the kernel packet filter. It is is part of a
system that deprecates the old ip_queue / libipq mechanism."
Full Story (comments: none)
Networking Tools
Stable version 0.8 of fetchconfig has been
announced
"
fetchconfig is a script for retrieving configurations for multiple devices. It has been tested under GNU/Linux, and currently supports a variety of devices, including Cisco IOS, Cisco Catalyst, FortiGate, ProCurve, Parks, Alcatel Ethernet Routers (Riverstone), and Dell PowerConnect switches."
Comments (none posted)
Web Site Development
The August 6, 2007 edition of the
Django weekly roundup has been published. Take a look for the latest
Django web platform news.
Comments (none posted)
Desktop Applications
Audio Applications
The Ardour multi-track audio editor project
has announced
project with the MIDI system.
"
Dave Robillard continues his work on Ardour's MIDI recording, playback and editing capabilities as part of the Google Summer of Code program. Since the last screenshot (below), Dave has added color coding of velocity values, percussion tracks, two modes for delivering MIDI CC data (discrete+interpolated), and some basic editing operations such as quantize, note selection and pencil-based note creation & deletion."
Comments (1 posted)
John Littler
discusses the writing of Linux audio software on O'Reilly.
"
Now, let's have a look at what we're trying to do and the main options available for doing it.
The three main things to do are capturing (recording) audio, replaying it, and altering it. All of this comes under the heading of Digital Signal Processing (DSP). We'll be looking at the first two options: capturing and replaying.
What we want to do is talk to the sound card in the computer, tell it what to do, what sort of arrangement the data should have (bearing in mind the card's capabilities), and then store it somewhere."
Comments (30 posted)
Desktop Environments
Version 0.5.2 of the
Compiz compositing window manager is out
with some new features and bug fixes.
Full Story (comments: none)
Version 2.19.6 of GARNOME, the bleeding edge GNOME distribution, is out.
"
This release includes all of GNOME 2.19.6 plus a
bunch of updates that were released after the GNOME freeze date.
This is the sixth release in the unstable cycle, with more features,
more fixes and yet more madness added. It is for anyone who wants to get
his hands dirty on the development branch, or who'd like to get a peek
at future features.
With this release, GNOME entered Feature Freeze for 2.20."
Full Story (comments: none)
Version 2.19.6 of the GNOME desktop environment has been announced.
"
This is our sixth development release on our road towards GNOME
2.20.0, which will be released in September 2007. New features are
still arriving, so your mission is simple : Go download it. Go compile
it. Go test it. And go hack on it, document it, translate it, fix it."
Full Story (comments: none)
The following new GNOME software has been announced this week:
You can find more new GNOME software releases at
gnomefiles.org.
Comments (none posted)
The following new KDE software has been announced this week:
You can find more new KDE software releases at
kde-apps.org.
Comments (none posted)
KDE.News presents another
Quickies article collection.
"
A few quickies again this week: the 4th Trophées du Libre (International Free Software Awards) contest is open. Please consider submitting your favourite KDE applications since the award is some 3000 in each category. Also new this week: Nikolaj Hald Nielsen has announced that he is being hired full time to work on Amarok, courtesy of the Magnatune music store. (Don't worry, this doesn't exclude support for other music stores). PyQt released a new version of their bindings. And every once in a while, we stumble upon an old piece of KDE history that just needs to be shared. Check out this 1998 Interview with KDE's grand-daddy: Matthias Ettrich."
Comments (none posted)
The following new Xorg software has been announced this week:
More information can be found on the
X.Org Foundation wiki.
Comments (none posted)
Desktop Publishing
Version 1.5.1 of LyX, a GUI front end to the TeX typesetting program, is out.
"
It includes a
few bug fixes and, more importantly, fixes a bug where files produced
with the Document>Compressed option on would be malformed on windows.
It was therefore decided to revert to the trusty 1.4.x code in this
area and release 1.5.1 sooner than anticipated.
All 1.5.0 users are urged to upgrade to 1.5.1."
Full Story (comments: none)
Financial Applications
Version 2.8.7 of
SQL-Ledger,
a web-based accounting system, is out with a number of new features and
some bug fixes.
Comments (1 posted)
Games
Stable version 0.4.1 of EGv8
has been announced.
"
Evil Greg Vs. Eight Year Olds (EGv8) is an arcade game with a simple premise. You control an adult character named Evil Greg who battles swarms of eight year old children. As you battle the children you face new enemy types and gain new abilities. "
Comments (none posted)
GUI Packages
Version 4.3 of PyQt, the Python bindings for Qt, is out.
"
The highlights of this release include:
- Full support for Qt v4.3.0.
- Partial functions can be used as slots.
- Many Qt classes now support the standard Python pickle protocol for data
serialisation."
Full Story (comments: none)
KDE.News
covers the Qt 4.3.1 release. Perhaps the most significant change is that the
license exemption list has been expanded, allowing Qt to be linked with software under a number of other free licenses without the requirement that the resulting work be distributed under the GPL.
Comments (11 posted)
Instant Messaging
Version 4.5.6 of the Zimbra Collaboration Suite
has been announced.
"
We've released ZCS 4.5.6 for RHEL5 32 & 64. Zimbra is an open source server and client technology for next-generation enterprise messaging and collaboration. Zimbra delivers innovation for both the administrator and the end-user as well as compatibility with exising infrastructure and applications. ZCS 4.5.6 contains 121 fixes."
Comments (none posted)
Mail Clients
MozillaZine
has announced the release of the Mozilla Thunderbird 2.0.0.6
email client.
"
This update fixes two security issues, which are detailed in the Thunderbird 2.0.0.6 section of the Mozilla Foundation Security Advisories page (they're the same bugs that were eliminated in the equivalent Mozilla Firefox 2.0.0.6 release earlier this week)."
The security issues involve the passing of URIs to external programs
and privilege escalation through chrome-loaded about:blank windows.
Comments (none posted)
Medical Applications
LinuxMedNews
has announced the release of CK-ERP 0.23.1.
"
This release features connectors for MirrorMed, ClearHealth, OpenEMR, and
osCMax. XOOPS connector has been enhanced to provide group-module ACL
control. Locale-aware monetary figure printing has been added. Sample cheque
format has been improved."
Comments (none posted)
Music Applications
Version 1.9 of horgand, an organ synthesizer, is out.
"
No new features, but a hard work to improve the sound engine, now is decent.
Also is fixed the crash with RT-Kernels, and some minor bugs.
This is the last release with my own code because at last a DSP guru is
involved on this project and I think we have good perspectives and will
rewrite all."
Full Story (comments: none)
Release 20070808 of the LV2 Simple Sine Generator plugin has been
announced.
"
This brings plugin in sync with latest lv2 (changed uri, double srate, header)
LV2 Simple Sine Generator is very simple plugin, generating sine when
feed with notes. It should load in any host supporting midi port LV2
extension, i.e. elven, ingen, lv2_jack_host and zynjacku."
Full Story (comments: none)
Version 0.11.0 of PHASEX, the [P]hase [H]armonic [A]dvanced [S]ynthesis
[EX]periment, has been announced.
"
This release contains many fixes and improvements and is highly
recommended for all PHASEX users."
Full Story (comments: none)
Streaming Media
Version 0.10.9 of GNonLin is out with a bug fix and support for
modifying compositions during playback.
"
The GStreamer team is proud to announce a new release
in the 0.10.x stable series of GNonLin.
This module contains a set of plug-ins for GStreamer to ease the
creation of multimedia editors, or any other application where a
timeline-oriented use of GStreamer makes sense."
Full Story (comments: none)
Video Applications
Version 1.7.3 of Freevo
has been announced.
"
Freevo is a Linux application that turns a PC with a TV capture card and/or TV-out into a standalone multimedia jukebox/VCR/PVR/HTPC. It uses MPlayer or Xine to play and record audio and video. It is optimized for use with a TV+remote.
This release contains some new (Greek and Chinese) and updated translations. An audio scrobbler plug-in. Scrollable descriptions for various menus."
Comments (none posted)
Web Browsers
The Alpha 7 release of Gran Paradiso is out.
"
Gran Paradiso Alpha 7 is an early developer milestone for Firefox 3 and the
next generation of Mozilla? layout engine, Gecko 1.9. Gran Paradiso Alpha 7
is being made available for testing purposes only, and is intended for web
application developers and our testing community. Current users of Mozilla
Firefox should not use alpha releases."
Full Story (comments: none)
MozillaZine
covers
the release of SeaMonkey 1.1.4. This release fixes several
security
issues. There is more information in the SeaMonkey 1.1.4
release
notes.
Comments (none posted)
Miscellaneous
Stable version 1.0 of Twitux, a
Twitter
client for the Gnome desktop,
has been announced.
"
Twitux provides features such as Nedirect messages, time-lines and many other features."
Comments (none posted)
Languages and Tools
Haskell
The August 7, 2007 edition of the
Haskell Weekly News
is online. This issue marks the second anniversary of the Haskell (not
quite) Weekly News. Thanks to the Haskell community for support, content
and for reading over the last two years!
Comments (none posted)
O'Reilly has published
part three of an article series on the Haskell language.
"
So far, Adam Turoff has given us the basics of Haskell and looked at pure
functions. In the final part of his introduction to the language, he looks
at Monads, which are functions that are allowed to have side effects."
Comments (none posted)
Java
Anghel Leonard
introduces JavaFX on O'Reilly's ONJava site.
"
In the spring of 2007 Sun released a new framework called JavaFX. This is a generic name because JavaFX has two major components, Script and Mobile, and, in the future, Sun will develop more components for it.
The core of JavaFX is JavaFX Script, which is a declarative scripting language. It is very different from Java code, but has a high degree of interactivity with Java classes. Many classes of the JavaFX Script are designed for implementing Swing and Java 2D functionalities more easily. With JavaFX Script you can develop GUIs, animations, and cool effects for text and graphics using only a few straightforward lines of code. And, as a plus, you can wrap Java and HTML code into JavaFX Script.
The second component, JavaFX Mobile, is a platform for developing Java applications for portable devices."
Comments (none posted)
Perl
Andy Sylvester
discusses Perl modules on O'Reilly's Perl.com.
"
Perl software development can occur at several levels. When first developing the idea for an application, a Perl developer may start with a short program to flesh out the necessary algorithms. After that, the next step might be to create a package to support object-oriented development. The final work is often to create a Perl module for the package to make the logic available to all parts of the application. Andy Sylvester explores this topic with a simple mathematical function."
Comments (1 posted)
PostScript
Version 8.60 of GPL Ghostscript
has been announced.
"
The major milestone of this release is a merge from the ESP Ghostscript fork, used to support the CUPS printing system. This means that free operating systems can now ship a single copy of upstream Ghostscript with their releases. Thanks to Till Kamppeter and Mike Sweet for making this possible.
This release also includes numerous important bug fixes over the previous stable versions, as well as improvements to performance, memory footprint, shading and image handling. We recommend this upgrade to all free users."
Comments (none posted)
Python
Version 2.2 rc3 of Jython, a Java implementation of the Python language,
has been announced.
"
A few new pieces of functionality have been added since 2.2rc2:
* Added telnetlib from CPython
* Added cpython_compatible_select to select. See here for information on when to use it.
* Several more java.nio exceptions are mapped to their corresponding Python error codes when thrown."
Comments (none posted)
Libraries
Version 0.9 of
html5lib,
a library for working with HTML5 documents, is available.
Changes include:
"
* Parses invalid and valid HTML documents to a tree
* Support for minidom, ElementTree and a custom simpletree output format
* DOM to SAX converter
* Collects parse errors
* Character encoding detection
* XML mode for working with illformed XML e.g. feeds
* Many unit tests".
Comments (none posted)
Version Control
Version 0.36 of monotone, a version control system, is out with a number
of new features and some bug fixes.
"
Finally, monotone 0.36 has arrived. There are quite a number of
changes and corrections in this release, well worth investigating."
Full Story (comments: none)
Page editor: Forrest Cook
Linux in the news
Recommended Reading
Criminal justice professor Thomas Holt presented the findings from his
study of malware markets at Defcon 2007. Dark Reading provides
coverage of
the talk. "
The average hackers' forum works much like a combination of eBay and
a department store site, Holt reports. Many are divided into areas of
interest -- such as programming, scripting, Mac, or Linux -- and there
usually is some sort of buying area where shoppers can purchase tools or
exploits, such as bots or credit card data collectors."
Comments (none posted)
Glyn Moody
analyzes Microsoft's recent open source moves in a Linux Journal blog posting. "
This, I think, goes to the heart of Microsoft's open source strategy. As well as adopting those aspects of an alternative development model that it finds useful, Microsoft is aiming to blunt the undeniable power of openness by hollowing it out. If OOXML is an open standard, and some of its own software licences become OSI-approved, Microsoft will be able to claim that it, too, is an open standard, open source company. For many busy managers, subject to all kinds of demands including increasing pressure to 'go open source' - the difference between Microsoft's open source and real open source won't matter, in the same way that the difference between Microsoft's open file formats and those of the OpenDocument Format won't really matter. In terms of keeping people happy, what matters for many is the label the appearance of going open and Microsoft's moves aim to provide just that."
Comments (4 posted)
Trade Shows and Conferences
Linux.com's Joe Barr
reports from this year's Black Hat conference. "
I had one particular question in mind when I came to Black Hat this year: who does the the black hat ops for the United States? Unfortunately, I still don't have a good answer for that, though I probably have a better understanding than when I arrived. Black Hat and Defcon are crawling with feds each year, but all the feds who are willing to talk even in general terms about what they do say they are involved in keeping the bad guys out of our computers, not breaking into the Department of Defense systems in Hackistan, or wherever."
Comments (1 posted)
LinuxDevices
notes that
there will be a Linux track at the Embedded Systems Conference East.
"
The East Coast version of CMP's semi-annual embedded developer
conference will once again include a track devoted to Linux and open
source. Set for Sept. 18-21 in Boston, the Embedded Systems Conference East
is co-located this year with conferences on Web development, software
development, and RFID."
Comments (none posted)
Linux-Watch
reports
that Projity plans to announce some OpenProj deployments
at the upcoming LinuxWorld conference.
"
With over 28 million project managers and users already using Microsoft Project, Projity executives believes that is considerable room for an inexpensive, open-source project management program like OpenProj. According to the company, instead of a $1,000 license fee for Microsoft Project, Projity customers can download OpenProj for free and use it anytime they want from their machine. Project teams can access the same documents and collaborate on projects, which enables distributed project teams to save time and money."
Comments (14 posted)
Joe 'Zonker' Brockmeier
covers a LinuxWorld keynote
by Andrew Morton. "
During the opening keynote at this week's
LinuxWorld Expo, kernel developer Andrew Morton called for more assistance
in testing the Linux kernel from users, and predicted that virtualization
would be the big thing for the next few years of kernel
development."
Comments (5 posted)
KDE.News
covers the Text Layout Summit at aKademy 2007. "
The Text Layout Summit was a true cross platform event, and
followed from the one last year at the Gnome Summit. Text layout is a
complex area requiring advanced knowledge of dozens of different writing
methods. With funding from The Linux Foundation they brought together people
from Pango, Qt, IBM ICU (Intl. Components for Unicode), SIL Graphite,
Unifont.org, m17n, W3C and DejaVu. Getting the various widget sets to have
the same high quality support for all scripts is a problem the summit hoped
to solve."
Comments (none posted)
GnomeDesktop.org
covers
the FreeDesktop.org Text
Layout Summit 2007.
"
The FreeDesktop.org Text
Layout Summit 2007 took place in July in Glasgow. With funding from The
Linux Foundation they brought together people from Pango, Qt, IBM ICU (Intl.
Components for Unicode), SIL Graphite, Unifont.org, m17n, W3C and DejaVu.
Getting the various widget sets to have the same high quality support for all
scripts is a problem the summit hoped to solve."
Comments (none posted)
Companies
PC World
reports that Acer is experimenting with the sale of Linux laptops
in Singapore.
"
While Memory World's offer has attracted attention outside Singapore for the use of Ubuntu on a notebook, Acer did not ship these notebooks with the Linux distribution preinstalled, said Ignatius Beh, a Memory World sales executive.
"We actually installed it ourselves," Beh said. Acer shipped the notebooks to Memory World with another version of Linux installed, he said.
At the time of writing, Acer did not respond to a request for comment."
Comments (7 posted)
ars technica
reports
on the Novell-Lenovo announcement of SUSE Linux Enterprise Desktop
preinstalled on Lenovo ThinkPad laptops. "
Unlike Dell, which has
targeted its Linux offering primarily at the enthusiast community, Lenovo's
SLED laptops are targeted at the enterprise. Whether they are running
Ubuntu, SLED, or some other distribution, the availability of Linux
preinstallation from mainstream vendors increases the visibility of the
operating system and gives component makers an incentive to provide better
Linux drivers and hardware support. If Lenovo is willing to collaborate
with the Linux development community to improve the Linux laptop user
experience, it will be a big win for all Linux users, not just the ones who
buy laptops from Lenovo."
Comments (21 posted)
InfoWorld
reports on IBM's efforts to save power by moving
3,900 of its servers to 30 virtualized System z9 mainframes.
"
"The cost of energy, power to run computers, storage, and networking equipment, as well as the power to the cooling equipment, is becoming the highest single cost of managing a datacenter," says David Gelardi, VP of industry solutions at IBM. "IBM took a look at these very interesting plums coming to the forefront at the same time. We have an opportunity with systems management tools, with Linux, and with virtualization, to be able to take the workloads that are principally running on much smaller, underutilized Unix servers and move them over to those 30 very large mainframes.""
Comments (4 posted)
Interviews
Matt Asay
interviews Dirk Hohndel on his CNet weblog. "
Open-source software is one of the pillars of the software stacks that our customers use today. We want to ensure that these stacks support Intel's leading technologies as we introduce them to the market and that customers have an incentive to run their software stacks on Intel hardware. This results in people recommending Intel."
Comments (1 posted)
KDE.News
introduces this
People Behind KDE
interview with some of
the Google Summer of Code participants. "
The People Behind KDE
series takes a temporary break, as we talk to students who are working on
KDE as part of the Google Summer of Code 2007 - in the first of four
interview articles, meet Aleix Pol Gonzàlez, Piyush Verma, Mike Arthur
and Nick Shaforostoff!"
Comments (none posted)
Resources
HowtoForge
shows how
to use POPFile on the Ubuntu Feisty Fawn distribution.
"
This article shows how you can install and use POPFile to classify incoming emails on an Ubuntu Feisty Fawn desktop. It is a POP3 proxy that fetches your mails from your mail server, classifies them and passes them on to your email client."
Comments (none posted)
A new version of the
Quicktoots
guide to Linux audio applications is out.
"
DJing is an artform and freewheeling with JACK on Linux makes it
possible to amaze your audience with live remixes of rare cuts and
hidden gems that when put together produce sample Heaven...
Ringheims Auto shows us how it's done."
Full Story (comments: none)
Reviews
Anze Vidmar
compares
Azureus to KTorrent in a Linux.com article.
"
BitTorrent is popular peer-to-peer sharing communication protocol used for
transferring all kind of files over the Internet. Two of the most popular
BitTorrent clients for Linux are Azureus and KTorrent. If you're looking for
a robust, fast, simple, and powerful BitTorrent client, you will probably go
with KTorrent. If you want a Java-based client that runs on every platform
and allows you to configure every detail for BitTorrent transfer, consider
Azureus."
Comments (none posted)
ComputerWorld has published
a
lengthy look at the OpenMoko phone with a lot of talk with OpenMoko
architect Sean Moss-Pultz. "
In fact, the most intriguing
possibilities are in the enterprise, where Linux servers and applications
are common, he stressed... 'Pretty much all the big enterprises have
contacted us and are interested,' he said. 'Enterprises have scores of IT
staff who can customize and maintain Linux applications. With this phone,
the company can customize it exactly the way they want it for their
employees.' By contrast, most cell phones are notoriously
uncustomizable."
Comments (3 posted)
LinuxDevices
covers the
release of Linx for Linux. "
A year later than expected, Enea has
released an open source Linux version of its flagship IPC (interprocess
communication) stack. The GPL/BSD-licensed Linx stack could allow for
tighter control- and data-plane integration in mobile phones and telecom
infrastructure equipment combining Linux with Enea's OSE/OSEck RTOS
(real-time operating system)."
Comments (none posted)
Miscellaneous
Doc Searls
wonders about
fiber. "
Two years ago, Bob Frankston wrote Why Settle for Just
1%? while in the midst of his ramp-up as a Verizon FiOS customer. The
question is still on the table. I'd like us to help answer it by re-phrasing
the question: What could we, as Linux developers and users, do with fiber to
our homes and businesses?"
Comments (27 posted)
Page editor: Forrest Cook
Announcements
Non-Commercial announcements
The OpenDocument Format Alliance recognizes New York as the second state to
enact legislation that calls for the study of electronic document formats.
"
'In calling for a study of electronic document formats, New York has
recognized the critical importance of continued access to their valuable
records,' said Marino Marcich, ODF Alliance Managing Director. 'The pending
studies in New York and Minnesota will reveal the true value of ODF for
maximizing access, control and interoperability of government documents and
information. With the world's 11th largest economy, New York understands
how important electronic document access is for maintaining their position
as a leader in the domestic and global marketplaces.'"
Full Story (comments: none)
The Open Invention Network has
announced that Google has signed up as its first end-user licensee. Quoting Chris DiBona: "
We believe that by becoming an Open Invention Network licensee, we can encourage Linux development and foster innovation in a way that benefits everyone. We're proud to participate in OIN's mission to help Linux thrive."
Comments (3 posted)
Commercial announcements
A beta release of CadSoft EAGLE 5, a printed circuit CAD system with
a no-cost reduced capability version,
has been announced.
"
CadSoft invites EAGLE users to participate in testing new versions of the EAGLE Layout Editor.
We suggest that only users who already have experience with previous versions of EAGLE participate in the beta test."
Comments (none posted)
Concurrent
has announced that it will supply real-time Linux systems running
RedHawk Linux to the U.S. Navy for missile simulation development.
"
Currently in development, this missile simulator system will provide input signals to actual missile guidance hardware in real-time and read the missiles response to provide a closed loop simulation. NSWC Crane is developing the simulator in partnership with multiple DoD labs.
The simulator will be used to determine the effectiveness of Navy and Marine Corps aircraft countermeasure systems that protect the aircraft from hostile missiles. The simulators multiple roles include optimizing new countermeasures in existing aircraft, determining the best use of existing countermeasures in new aircraft, and evaluating current aircraft capabilities against new missile system threats."
Comments (none posted)
Mercury Computer Systems, Inc. has
announced the release of their software development kit
for the PLAYSTATION 3 platform.
"
Mercury Computer
Systems, Inc. announced the release of its MultiCore
Plus(TM) SDK for PS3 - Base Package, which enables application developers
to unleash the powerful Sony PLAYSTATION(R)3 (PS3) game console for
low-cost, high-speed computing."
Comments (none posted)
Oracle has sent out
a press release describing its contributions to the free software community. "
A result of on-going work with the Linux community and strategic
partners, Oracle has spearheaded enhancements including: development of a
new file system designed for superior scaling; porting the popular Yet
another Setup Tool (YaST) to Oracle(R) Enterprise Linux and the fully
compatible Red Hat Enterprise Linux; open sourcing tools to streamline
testing, collaborating on an interface for comprehensive data integrity and
developing a new asynchronous I/O interface to reduce complexity."
Comments (11 posted)
Sun Microsystems, Inc. has
announced the UltraSPARC(R) T2 microprocessor.
"
Available for sale separate from Sun's own
systems, this new processor is the industry's first volume processor with
eight cores and eight threads per core. Formerly known as the "Niagara 2"
project, the UltraSPARC T2's world-record performance raises the bar on
commodity processors while boasting the industry's highest energy
efficiency per thread. With each thread capable of running its own
operating system, the chip delivers a whopping 64-way system on a single
chip."
Comments (none posted)
Wyse and Novell have announced a partnership.
"
Wyse Technology, the global
leader in thin computing, today announced it is working with Novell to
bring the next generation of Linux-based thin clients to market. Both
companies are committed to giving customers everything they need to
transition from traditional desktops with proprietary operating systems
to Wyse thin clients based on SUSE Linux Enterprise from Novell."
Full Story (comments: none)
LinuxWorld always seems to inspire companies to generate press releases:
Comments (none posted)
New Books
SitePoint has published the book
The CSS Anthology, 2nd Edition
by Rachel Andrew.
Full Story (comments: none)
Resources
Issue #141
of the Linux Gazette is online with the following topics: Mailbag,
An Ongoing Discussion of Open Source Licensing Issues, Talkback,
2-Cent Tips, NewsBytes, News in General, Conferences and Events,
Distro News, Software and Product News, GRUB, PATA and SATA,
An NSLU2 (Slug) Reminder Server, Who is using your Network?,
Serving Your Home Network on a Silver Platter with Ubuntu,
One Volunteer Per Child - GNU/Linux and the Community and HelpDex.
Full Story (comments: none)
Contests and Awards
Joe Barr
covers
the Black Hat Pwnie Awards on Linux.com.
"
In a hastily arranged ceremony, a small group of security researchers gathered last night at Black Hat to acknowledge the work of hackers, vendors, and music-makers in the First Annual Pwnie Awards.
The brainchild of Alex Sotirov and Dino Dai Zovi, the awards were a very late addition to the Black Hat schedule. Therefore the crowd was small, but appreciative."
Comments (none posted)
Education and Certification
The Linux Professional Institute is offering certification exams to US
veterans.
"
VCampus Corporation, the North America Master Affiliate for the Linux Professional
Institute (LPI) certification program, announced that all US veterans and
active military can now use their Department of Veterans Affairs (VA)
education benefits to cover examination fees for all LPI exams."
Full Story (comments: none)
Calls for Presentations
A call for presentations has gone out for GNOME.conf.au 2008.
The event will take place in Melbourne, Australia sometime in 2008,
submissions are tentatively due by November, 2007.
Full Story (comments: none)
The
Southern California Linux Expo (Scale 6X)
will take place in Los Angeles, CA on February 8-10, 2008.
A call for participation has been announced.
Comments (none posted)
Upcoming Events
CMP Technology has
announced the next
Embedded Systems Conference.
"
CMP Technology today
announced the program for its annual Embedded Systems Conference (ESC)
Boston, running September 18th to the
21st at the Hynes Convention Center. ESC is the industry's largest
international embedded technical conference and exhibition. This year's
Boston conference will bring together some of the most respected and
innovative minds in the field to offer attending systems architects and
engineers their choice of more than 100 training sessions, courses and
seminars covering methodologies, processes, and techniques fundamental to
the development of embedded systems."
Comments (none posted)
The
FOSS.IN
conference will take place in Bangalore, India on December 4-8, 2007.
"
FOSS.IN is one of the world's largest and most focussed FOSS events, held annually India. Over the years, it has attracted thousands of participants, and the speaker roster reads like a "Who's Who" of FOSS contributors from across the world."
Comments (none posted)
The Hack-a-thon II event has been announced.
"
Terra Soft Solutions is proud to announce
Hack-a-thon II, to be held in Austin, Texas, September 22-25, two days prior
to and then in conjunction with the Power Architecture Developer Conference.
In this 4 day event, Terra Soft will host a 6 node PS3 cluster and hands-on
workshop for the installation of Yellow Dog Linux, compute image deployment
via Y-HPC, and use of Torque and Moab for job management. Hack-a-thon
attendees will be invited to working hands-on with the cluster to test their
own parallel and distributed code."
Full Story (comments: none)
The Linux Audio Conference 2008 will be held in Cologne, Germany on
February 28 - March 2, 2008.
"
The Academy of Media Arts, Cologne, is proud to host the Linux Audio Conference
2008, where once a year programmers and artists, musicians, composers and
practioneers gather to discuss and explore new and important developments in
making music and sounds with Linux and Open Source software.
The Linux Audio Conference is both a meeting of developers writing audio
software for Linux as it is a music festival, where artists from all over the
world show how free software can create fresh and exciting new sounds."
Full Story (comments: none)
The Ohio LinuxFest organizers have announced that Max Spevack and Bradley
Kuhn will be keynoting this year at the
Ohio LinuxFest 2007. OLF takes place
September 28 - 30, 2007 in Columbus, Ohio.
Full Story (comments: none)
Events: August 16, 2007 to October 15, 2007
The following event listing is taken from the
LWN.net Calendar.
| Date(s) | Event | Location |
August 14 August 18 |
Scientific Tools for Python |
Pasadena, CA, USA |
| August 19 |
Open Source Health Informatics Working Group |
Brisbane, Australia |
August 20 August 24 |
PHP Training at the Big Nerd Ranch |
Atlanta, USA |
August 20 August 25 |
DallasCon 2007-cancelled |
Dallas, Texas, USA |
August 22 August 25 |
Python 3000 Sprint |
Mountain View and Chicago, USA |
August 24 August 26 |
Summercon 2007 |
Atlanta, GA, USA |
August 25 August 26 |
FrOSCon 2007 |
Sankt Augustin (near Bonn), Germany |
August 27 September 1 |
International Computer Music Conference 2007 |
Copenhagen, Denmark |
August 28 August 29 |
XCon2007 |
Beijing, China |
August 29 August 31 |
KVM Forum 2007 |
Tucson, AZ, United States |
| September 1 |
ENOS 2007 |
Caldas da Rainha, Leiria, Portugal |
September 2 September 4 |
LinuxConf Europe 2007 |
Cambridge, England |
September 3 September 6 |
HITBSecConf2007 |
Kuala Lumpur, Malaysia |
September 5 September 7 |
RAID 2007 |
Gold Coast, QL, Australia |
September 5 September 6 |
2007 Linux Kernel Developers Summit |
Cambridge, UK |
September 5 September 7 |
Office 2.0 Conference |
San Francisco, CA, USA |
September 6 September 8 |
Intelligent Data Acquisition and Advanced Computing Systems |
Dortmund, Germany |
September 7 September 8 |
LinuxWorld China 2007 |
Beijing, China |
September 7 September 8 |
LinuxChix Brasil |
Asa Sul, Brazil |
September 8 September 12 |
GITEX Technology Week |
Dubai, United Arab Emirates |
September 8 September 9 |
PyCon UK 2007 |
Birmingham, UK |
September 10 September 14 |
Django Bootcamp with Juan Pablo Claude |
Atlanta, GA, USA |
September 10 September 12 |
X Developers' Summit |
Cambridge, UK |
September 10 September 12 |
Sun Grid Engine Workshop 2007 |
Regensburg, Germany |
September 11 September 12 |
3rd International Conference on
IT-Incident Management and IT-Forensics |
Stuttgart, Germany |
September 11 September 14 |
5th Netfilter Workshop |
Karlsruhe, Germany |
September 11 September 13 |
VMworld 2007 |
San Francisco, CA, USA |
September 14 September 15 |
EuroBSDCon 2007 |
Copenhagen, Denmark |
| September 14 |
Django Sprint |
online, |
September 15 September 16 |
Texas Python Unconference |
Houston, TX, USA |
| September 15 |
Software Freedom Day |
The Internet, Worldwide |
September 17 September 19 |
RailsConf Europe 2007 |
Berlin, Germany |
| September 17 |
Bruce Perens to speak in Berkeley, September 17 |
Berkeley, CA, USA |
September 18 September 21 |
Embedded Systems Conference |
Boston, MA, USA |
September 18 September 20 |
High Performance Embedded Computing Workshop |
Lexington, MA, USA |
September 19 September 21 |
OpenOffice.org Conference 2007 |
Barcelona, Spain |
September 19 September 21 |
Gartner Open Source Summit |
Las Vegas, NV, USA |
September 22 September 25 |
Cell Hack-a-thon II |
Austin, TX, USA |
September 24 September 27 |
14th Annual Tcl/Tk Conference |
New Orleans, USA |
September 24 September 25 |
Power Architecture Developer Conference |
Austin, TX, USA |
September 24 September 27 |
Free and Open Source Software for Geospatial 2007 |
Victoria, BC, Canada |
September 27 September 28 |
Audio Mostly 2007 |
Ilmenau, Germany |
September 28 September 30 |
Ohio LinuxFest 2007 |
Columbus, USA |
September 28 September 29 |
Freed.in |
Delhi, India |
| September 28 |
IRC discussion on AGPLv3 and GPLv3 |
online, world |
September 30 October 3 |
Gelato ICE: Itanium® Conference & Expo |
Biopolis, Singapore, Singapore |
October 2 October 3 |
Openmind 2007 |
Tampere, Finland |
October 3 October 5 |
Apache Cocoon Get Together |
Rome, Italy |
October 6 October 7 |
Wineconf 2007 |
Zurich, Switzerland |
October 6 October 8 |
GNOME Boston Summit |
Boston, MA, USA |
October 7 October 9 |
Graphing Social Patterns |
San Jose, CA, USA |
October 8 October 10 |
VISION 2007 Embedded Linux Developer Conference |
Santa Clara, USA |
| October 8 |
Embedded Linux Bootcamp for Beginners |
Santa Clara, CA, USA |
October 9 October 10 |
Profoss |
Brussels, Belgium |
October 10 October 12 |
Plone Conference 2007 |
Naples, Italy |
| October 12 |
Legal Summit for Software Freedom |
New York, NY, USA |
October 13 October 14 |
T-DOSE 2007 (Technical Dutch Open Source Event) |
Eindhoven, The Netherlands |
| October 13 |
The Ontario Linux Fest Conference |
Toronto, Canada |
| October 13 |
Aka Linux Kernel Developer Conference |
Beijing, China |
If your event does not appear here, please
tell us about it.
Page editor: Forrest Cook