LWN.net Logo

LWN.net Weekly Edition for August 23, 2007

A pair of acquisitions

By Jonathan Corbet
August 21, 2007
While much of the commercial world was watching the initial public offering of VMWare stock, a competitor was carefully pushing forward a different strategy. On August 15, Citrix announced its acquisition of XenSource, the company formed to commercialize the Xen hypervisor. At $500 million, it is a pricey purchase - Citrix guesses that XenSource will bring in $50 million in revenue in 2008, but at a cost of $60-70 million. So profits from XenSource, in the near term, will be virtualized as well; perhaps the plan is to make it up in volume.

Those who fear that money cannot be made with free software might take comfort in a half-billion dollar acquisition of a free software company. Of course, XenSource is far from a pure free software operation. The kernel-level code is GPL-licensed, as is required; much of that code has recently, after a long delay, found its way into the mainline kernel. But the upper layers - the code for the management of virtualized systems - is highly proprietary. It is offered in a three-tier scheme, with the more expensive products un-crippling larger numbers of features. These products are where the revenue comes from.

This acquisition is somewhat indicative of what is happening in the virtualization market. The low-level functionality is free, and is getting steadily more capable. But the tools for the administration of virtualized systems - a task of daunting complexity for sites running large numbers of virtual guests - are generally proprietary. It is the offerings at this level which give XenSource its value despite the fact that Xen's kernel-level support is increasingly surrounded by capable and arguably better-designed alternatives. For all practical purposes, the XenSource acquisition is just the purchase of yet another proprietary software company, Xen's free software origins notwithstanding.

Perhaps more interesting is the acquisition of the ClamAV project by Sourcefire, the company behind the Snort intrusion detection system. ClamAV, a virus scanner, is a true free software project which, previously, had lacked a commercial component. Details have not been disclosed, but one assumes that the owners of ClamAV did not make out quite as well as the holders of XenSource stock. They did get jobs out of the deal, though; they will now continue their ClamAV work as Sourcefire employees.

Who the owners are is, in this case, an interesting question. Projects led by developers with commercial ambitions typically require copyright assignments for any outside contributions. With ownership of 100% of the code base, selling a project (or taking it proprietary) is a relatively straightforward operation. ClamAV, however, is not one of those projects, and all contributors retained their copyrights. So Sourcefire does not own the entire ClamAV code base (or the equally important virus signature database). What it has acquired is the copyrights held by the primary contributors - a large part of the project, but not the whole thing.

This ownership structure could be a bit of a challenge for Sourcefire going forward; part of the plan for making money from this deal involves making a commercially-licensed version of ClamAV available for vendors who wish to integrate ClamAV into their products without being bound by the GPL. To make this offering possible, Sourcefire will be digging through the code and the source code management system to weed out any code which it cannot relicense. If the developers involved have an accurate idea of how much code is involved, if they are thorough in eradicating it, and if they do not anger any outside contributors to the point that they wish to create trouble, this scheme could go well. If a misstep is made somewhere, the possibility of legal action and other unpleasant consequences is very real.

For now, the stated plan is to continue to keep the entire code base and signature database available under the GPL. Sourcefire's Mike Guiterman says that the ClamAV user community has nothing to worry about:

In this case our (Sourcefire's) track record with Snort speaks for itself. Sourcefire has never with held or delayed a feature in Snort from the open source community. Snort releases and Sourcefire commercial releases are in lock step.

It has been pointed out, though, that there is a bit more to Sourcefire's track record than stated above. Snort releases may happen "in lock step," but anybody who has not bought a Snort rules subscription must wait 30 days for rule updates. Like Snort, ClamAV uses a frequently-updated set of rules which are compared against incoming traffic to detect threats. So it would seem that the ClamAV signature database would be very much amenable to the same commercial treatment; that is, after all, how a number of other anti-virus companies do business.

For now, though, all of the indications are that Sourcefire will not be creating a subscription service around ClamAV signature updates. Quite possibly the company feels that one reason for ClamAV's success is the presence of a wider community which can contribute those updates; putting signature updates behind a subscription gate would almost certainly cause community contributions to dry up. Rather than risk damaging the project it just bought, Sourcefire may have decided to seek revenue in other directions - for now, at least.

With sufficient care, Sourcefire should be able to keep the ClamAV community together - and, perhaps, help it to grow further. Acquisition of a free software project is almost certain to bring change, but that change need not be bad. As we head steadily toward World Domination, we may well see more of these deals. One can only hope that the companies carrying out these acquisitions understand well that, in the absence of the wider community, all they can acquire is a lump of code. Preserving the value of a project acquisition requires preserving the community that goes with it. As long as this important fact is kept in mind, acquisitions can be ultimately beneficial to the affected projects and free software as a whole.

Comments (9 posted)

Large projects and decentralized development

By Jake Edge
August 22, 2007

Development using Git, with its decentralized model, is gaining proponents for projects beyond its Linux kernel heritage. Some recent threads on the kde-core-devel mailing list have been discussing how Git might be used by some developers without disrupting the Subversion (svn) infrastructure that is used by KDE. That conversation has broadened to consider how a large project like KDE might reorganize to take advantage of Git's strengths. It does not look like KDE is really considering a switch – they converted from CVS a little over two years ago – but the discussion is useful to anyone thinking about using Git.

There are really two separate discussions taking place, the first concerns using Git without disrupting svn, while the second covers the larger issues of how to structure and use Git for a larger project. The two are intertwined as the "best practice" for a KDE-sized project is to convert incrementally. Smaller sub-projects, a particular KDE application for example, would use Git while still committing the changes back to the svn repository. Trying to do a wholesale conversion of a project the size of KDE, with many developers, testers, translators and users – not to mention millions of lines of code – would be something approaching impossible.

For tracking an svn repository, while using Git locally, the git-svn tool is indispensable. It uses any of the svn protocols to check out a repository, optionally including branches and tags, and installing them as a Git repository. A developer then uses Git commands locally, using git-svn again when ready to update from or push changes to the svn repository. It is not a perfect fit, complaints about losing history in the conversion have been heard, but it does provide Git users a way to interact with svn.

The decentralized nature of the Git development model is always a stumbling block for projects that are used to the single, central, repository model of svn and other revision control systems. Adam Treat invited a rather well-known expert on Git, with some small experience in applying it to large projects, to comment on some of the questions he and others had. Linus Torvalds, who is also a KDE user, responded, at length, with some very useful insights.

Breaking the project into sub-projects is the first step:

So I'm hoping that if you guys are seriously considering git, you'd also split up the KDE repository so that it's not one single huge one, but with multiple smaller repositories (ie kdelibs might be one, and each major app would be its own), and then using the git "submodule" support to tie it all together.

Using the git-submodule command, a project can be broken up into many pieces, each with their own Git repository. Those separate repositories can then be stitched together into a "superproject" that understands how to handle a collection of repositories. If a change affects multiple modules, it can still be handled in an atomic way:

What happens is that you do a single commit in each submodule that is atomic to that *private* copy of that submodule (and nobody will ever see it on its own, since you'd not push it out), and then in the supermodule you make *another* commit that updates the supermodule to all the changes in each submodule.

See? It's totally atomic. Anybody that updates from the supermodule will get one supermodule commit, when that in turn fetches all the submodule changes, you never have any inconsistent state.

Users of a development tree have differing needs, which Git supports by not requiring a central repository that all users must interact with. Torvalds believes that the development organization, not the tool, should determine which repositories are central:

I certainly agree that almost any project will want a "central" repository in the sense that you want to have one canonical default source base that people think of as the "primary" source base.

But that should not be a *technical* distinction, it should be a *social* one, if you see what I mean. The reason? Quite often, certain groups would know that there is a primary archive, but for various reasons would want to ignore that knowledge.

For Linux, his kernel Git tree is the center, but for a variety of other users, the "stable" tree or distribution kernel trees for example, their repositories are the source. Those repositories can and do update from time to time from the main tree, but they control when and the users of those trees don't have to care.

On the subject of mapping the current KDE practices to Git, Torvalds is, characteristically, not shy about expressing his opinion:

Hey, you can use your old model if you want to. git doesn't *force* you to change. But trust me, once you start noticing how different groups can have their own experimental branches, and can ask people to test stuff that isn't ready for mainline yet, you'll see what the big deal is all about.

Centralized _works_. It's just *inferior*.

There is a clash of development models going on and Torvalds is pushing the kernel's model. His reasons are good, though they may not convince everyone, which is why Git tries hard to avoid forcing any particular style. As he did with open source development, Torvalds is trying to lead by example, while not forcing anyone to change.

Reading the full threads including the entire posting by Torvalds will be very interesting to those who follow source code management issues. This culture clash, centralized and somewhat bureaucratic versus decentralized and freewheeling will come up again and again over the next few years. Torvalds seems to think the Git model will work most everywhere and his track record for making smart choices is good. It will be interesting to watch.

Comments (11 posted)

Microsoft's licenses: excerpts from a conversation

By Jonathan Corbet
August 22, 2007
Microsoft recently submitted two licenses to the Open Source Initiative to be considered for approval as being truly open source. There have been a few themes which have come out of the subsequent discussion. One is that the licenses are generally seen as being compliant with the Open Source Definition, though their incompatibility with other licenses bothers a few people. Not everybody agrees that the Microsoft Permissive License (MS-PL) is truly "permissive," and some have asked for a name change. There have been some grumblings that the licenses offer no additional value in a time when the OSI is actively trying to reduce license proliferation.

But, as can be seen below, the heated part of the conversation was about a different topic: can and should the OSI judge a license based on its origin? Without further ado...

Does this submission to the OSI mean that Microsoft will:

a) Stop using the market confusing term Shared Source
b) Not place these licenses and the other, clearly non-free , non-osd licenses in the same place thus muddying the market further.
c) Continue its path of spreading misinformation about the nature of open source software, especially that licensed under the GPL?
d) Stop threatening with patents and oem pricing manipulation schemes to deter the use of open source software?

If not, why should the OSI approve of your efforts? That of a company who has called those who use the licenses that OSI purports to defend a communist or a cancer? Why should we see this seeking of approval as anything but yet another attack in the guise of friendliness?

-- Chris DiBona

I'm unclear how some of your questions are related to our license submissions, which is what I believe this list and the submission process are designed to facilitate. You're questioning things such as Microsoft's marketing terms, press quotes, where we put licenses on our web site, and how we work with OEMs - none of which I could find at http://opensource.org/docs/osd.
-- Bill Hilf

Be careful what you ask for. Do you really want everything RMS says about the BSD and similar licenses to be on-topic for approval of future FSF licenses? Should it be? Or should we do the right thing and restrict our review to the licenses themselves?
-- Chris Travers

Hey, I can sympathize - personally, I really don't approve of the FSF, and I'd love to see the OSI turn down the GPLv3.

Except I wouldn't, really, because then the OSI would lose every shred of credibility and quickly become irrelevant - just like it would if it failed to carefully consider the licenses submitted by Microsoft, or to approve them if they were found to adhere to the OSD.

-- Dag-Erling Smørgrav

This comes back to an old question on this list: is the OSI simply responsible for mechanically approving licenses? Or is the OSI responsible for, as it says on the web site, "maintaining the Open Source Definition for the good of the community"? In my opinion, which I acknowledge is not widely held, the good of the community does not require approving every applicable license.

That said, I personally would be in favor of approving the Microsoft licenses. I think it is overall a benefit to the community to acknowledge that code under these licenses is open source.

-- Ian Lance Taylor

OSI's role is merely to certify the licences that meet OSD criteria, and promote the concept of open source in general.
-- Rick Moen

The OSI board's anti-proliferation efforts appear to take them one step beyond certification though. It would seem to be that otherwise compliant licenses could be rejected if they simply duplicate the terms or purpose of an existing license... I would guess that a license that copied the Apache license and replaced all instances of Apache with some other abstract word would be rejected, no matter what the compatibility matrix looked like. How about a license that had exactly the same requirements as Apache, but restated them in a completely different way? From there, what's the *smallest* difference in licensing terms that would be worth adding yet another license?
-- Brian Behlendorf

I think (as I thought two years ago) that this is a case where the anti-proliferation rules should be set aside. We are dealing with an organization that has the potential of being a major player in free and open source software (and if they don't like the GPL, there are plenty of other FLOSS-producing organizations that don't like it either). If they can only bring themselves to release such software under their own particular licenses, so much the worse; but not more the worse than if they never released any FLOSS software at all
-- John Cowan

So the question becomes, should OSI discriminate? Will a farmer let a fox into the henhouse if the fox puts on a chicken suit?

I think not. Not if he wants to have any chickens. A fox in a chicken suit is still a fox and is still planning to eat his chickens. So only a stupid farmer would reason that a fox in a chicken suit, even one made from real chicken feathers, should now be allowed to reside in his chicken coop with his tasty chickens. Farmers are supposed to consider what foxes are known to do to chickens and what a fox's motives and likely purpose might be in putting on a chicken suit and sweetly pawing on the door to the henhouse.

-- Groklaw

Over time, it will probably become obvious that MS-PL and MS-CL are merely yet more additions to the horde of insignificant/redundant licences that, nonetheless, do pass OSD muster. They aren't innovative or particularly useful, though they do have the minor excellence of brevity...

There's really nothing new, here. However, if OSI were to surrender the integrity of its certification program, that would be something new, and particularly bad. Which is easily a sufficient reason for that not to occur.

-- Rick Moen

The actual decision must wait for the recommendation from the OSI license approval committee and the vote of the board of directors.

Comments (14 posted)

Page editor: Jonathan Corbet

Security

The Skype outage

By Jake Edge
August 22, 2007

A recent outage at Voice over IP (VoIP) provider Skype has caused quite a stir. For nearly two days, users of the VoIP software could not make calls, which set off a storm of blog postings wondering about the cause. Skype released an official explanation that did not ring true to some, leading to further speculation.

Sometime early Thursday, 16 August, Skype users could no longer authenticate and connect to the network. On Friday, right in the middle of the outage, a posting to Bugtraq purported to have information about the vulnerability that was being exploited to cause the outage. Skype has since categorically denied that any attack was responsible, but suspicions persist that the denial-of-service (DoS) vulnerability reported was actually responsible for the outage.

On Monday, Skype posted the following to their Heartbeat blog:

On Thursday, 16th August 2007, the Skype peer-to-peer network became unstable and suffered a critical disruption. The disruption was triggered by a massive restart of our users' computers across the globe within a very short timeframe as they re-booted after receiving a routine set of patches through Windows Update.

The high number of restarts affected Skype's network resources. This caused a flood of log-in requests, which, combined with the lack of peer-to-peer network resources, prompted a chain reaction that had a critical impact.

Though they never blamed Microsoft or the updates themselves, many in the media did it for them, which led Skype to clarify their explanation of the outage.

The new message provided more details, but still remained mute on one of the central puzzles: why did updates on Tuesday cause an outage starting on Thursday? While they acknowledge a bug in their software, there is also no mention of how the situation was resolved, presumably through an automatic update of their own. Overall, the explanations are fairly thin on technical detail which allows others to conjecture to try and fill in the holes.

There are many millions of Skype users – the software is available for Windows, OS X and x86 Linux – for the no-cost PC-to-PC calling as well as the other services that Skype does charge for. Hopefully the free users are not depending on the service, but there are companies which use Skype exclusively; an outage for two weekdays must have been rather painful. Certainly the landline and cellular phone companies have had their problems along the way, but those tend to be regional rather than worldwide.

All software even minimally more complicated than "hello world" has bugs, and those bugs will be triggered in surprising ways. Taking the Skype "perfect storm" explanation at face value, it is nearly amazing that millions of reboots could result in a network storm so severe that it would take two days to resolve. Somehow, in the interface between the Skype's centralized authentication and their P2P routing code, things went horribly awry. It does, however, give one pause about the power of the near-monoculture in desktop operating systems.

It is hard, but not completely impossible, to imagine a similar scenario for Linux boxes. To start with, it is uncommon that a software upgrade requires a reboot. Within the Linux user community, there is a wide range of kernel versions running, so even if there were a critical security fix that required "all" Linux kernels to be upgraded, it would not be very synchronized – the distributions tend to have different response times. This is a bit of a double-edged sword, of course, those varying response times could leave a hole that a worm or attacker could exploit. But, because Linux boxes are controlled by their owners rather than by their distribution provider, synchronized reboots are probably not a major cause for concern.

Beyond monocultural issues, there is the question of how a P2P system can be taken down by the lack of a centralized resource, in this case credentials from an authentication server. That provides a single point of failure to what is supposed to be a robust architecture, resistant to exactly those kinds of problems. There are also those who wonder if the outage was caused by an "upgrade" mandated by the US government so that they can more easily monitor Skype calls.

Skype is proprietary and closed source; there is no easy way to determine whether the problem has been fixed, or even whether the problem is being accurately described. If Skype decides, or is forced, to change their software to be more easily monitored, it will be hard to detect. It might look an awful lot like a multi-day outage that clears up somewhat mysteriously. Trusting closed source software for vital communications is not the best of plans, at least when there are alternatives.

Free software would not necessarily avoid these kinds of problems, but a completely decentralized network with multiple clients sharing a protocol, but little else, would certainly be more resistant to this kind of outage. More importantly, it would also be more transparent. Over time, projects like openwengo, Linphone, Asterisk and others can hopefully provide those benefits to a larger audience

Comments (31 posted)

Brief items

Ubuntu Servers Hijacked, Used to Launch Attack (eWeek)

eWeek reports on a recent security breach of five Ubuntu-hosted community servers. "It was suggested during an IRC (Internet relay chat) meeting of the Ubuntu colocation team Aug. 14 that the source of the troubles might have been a Chinese IP address trying to log onto the servers by brute force "for a long time now it seems," said a participant. On Aug. 14, the community began to bring the machines back up in a safe state so that they could recover data from them. Unfortunately, according to Ubuntu Community Manager Jono Bacon, the servers were all found to be out of date, stuffed with Web software, and missing security patches—at least in the instances where it was easy to determine what version they're running. "An attacker could have gotten a shell through almost any of these sites," [Bacon] wrote in a posting, regarding a change to location server policy that resulted from the incident."

Comments (39 posted)

New vulnerabilities

kdebase: several vulnerabilities

Package(s):kdebase CVE #(s):CVE-2007-3820 CVE-2007-4224 CVE-2007-4225
Created:August 20, 2007 Updated:October 8, 2007
Description: konqueror/konq_combo.cc in Konqueror 3.5.7 allows remote attackers to spoof the data: URI scheme in the address bar via a long URI with trailing whitespace, which prevents the beginning of the URI from being displayed. (CVE-2007-3820)

KDE Konqueror 3.5.7 allows remote attackers to spoof the URL address bar by calling setInterval with a small interval and changing the window.location property. (CVE-2007-4224)

Visual truncation vulnerability in KDE Konqueror 3.5.7 allows remote attackers to spoof the URL address bar via an http URI with a large amount of whitespace in the user/password portion. (CVE-2007-4225)

Alerts:
Red Hat RHSA-2007:0909-01 2007-10-08
Red Hat RHSA-2007:0905-01 2007-10-08
Fedora FEDORA-2007-716 2007-10-08
Mandriva MDKSA-2007:176 2007-09-06
rPath rPSA-2007-0177-1 2007-09-05
Ubuntu USN-502-1 2007-08-23
Fedora FEDORA-2007-1699 2007-08-20
Fedora FEDORA-2007-1700 2007-08-20

Comments (none posted)

kernel: several vulnerabilities

Package(s):kernel CVE #(s):CVE-2007-3851 CVE-2007-3848 CVE-2007-3105
Created:August 17, 2007 Updated:January 8, 2009
Description: The drm/i915 component in the Linux kernel before 2.6.22.2, when used with i965G and later chipsets, allows local users with access to an X11 session and Direct Rendering Manager (DRM) to write to arbitrary memory locations and gain privileges via a crafted batchbuffer. (CVE-2007-3851)

Linux kernel 2.4.35 and other versions allows local users to send arbitrary signals to a child process that is running at higher privileges by causing a setuid-root parent process to die, which delivers an attacker-controlled parent process death signal (PR_SET_PDEATHSIG). (CVE-2007-3848)

Stack-based buffer overflow in the random number generator (RNG) implementation in the Linux kernel before 2.6.22 might allow local root users to cause a denial of service or gain privileges by setting the default wakeup threshold to a value greater than the output pool size, which triggers writing random numbers to the stack by the pool transfer function involving "bound check ordering". NOTE: this issue might only cross privilege boundaries in environments that have granular assignment of privileges for root. (CVE-2007-3105)

Alerts:
Red Hat RHSA-2008:0787-01 2009-01-05
Red Hat RHSA-2009:0001-01 2009-01-08
Mandriva MDVSA-2008:105 2007-05-21
SuSE SUSE-SA:2008:017 2008-03-28
Debian DSA-1504 2008-02-22
Debian DSA-1503-2 2008-03-06
Debian DSA-1503 2008-02-22
SuSE SUSE-SA:2008:006 2008-02-07
Red Hat RHSA-2007:1049-01 2007-12-03
SuSE SUSE-SA:2007:053 2007-10-12
Debian DSA-1356-1 2007-08-15
Mandriva MDKSA-2007:216 2007-11-13
Red Hat RHSA-2007:0939-01 2007-11-01
Red Hat RHSA-2007:0940-01 2007-10-22
Red Hat RHSA-2007:0705-01 2007-09-13
SuSE SUSE-SA:2007:051 2007-09-06
Fedora FEDORA-2007-679 2007-09-04
Ubuntu USN-510-1 2007-08-31
Debian DSA-1363-1 2007-08-31
Ubuntu USN-508-1 2007-08-31
Ubuntu USN-509-1 2007-08-31
Fedora FEDORA-2007-1785 2007-08-23
rPath rPSA-2007-0164-1 2007-08-16

Comments (1 posted)

nvidia-drivers: insecure file permissions

Package(s):nvidia-drivers CVE #(s):CVE-2007-3532
Created:August 20, 2007 Updated:August 22, 2007
Description: Gregory Shikhman discovered that the default Gentoo setup of NVIDIA drivers creates the /dev/nvidia* with insecure file permissions.
Alerts:
Gentoo 200708-14 2007-08-19

Comments (none posted)

rsync: off-by-one errors

Package(s):rsync CVE #(s):CVE-2007-4091
Created:August 20, 2007 Updated:December 3, 2007
Description: Multiple off-by-one errors in the sender.c in rsync 2.6.9 might allow remote attackers to execute arbitrary code via directory names that are not properly handled when calling the f_name function.
Alerts:
Slackware SSA:2007-335-01 2007-12-03
Gentoo 200709-13 2007-09-20
Debian DSA-1360 2007-08-28
Foresight FLEA-2007-0047-1 2007-08-23
rPath rPSA-2007-0168-1 2007-08-22
Ubuntu USN-500-1 2007-08-20
Mandriva MDKSA-2007:166 2007-08-18

Comments (1 posted)

sysstat: insecure temporary files

Package(s):sysstat CVE #(s):CVE-2007-3852
Created:August 20, 2007 Updated:September 23, 2011
Description: The init script (sysstat.in) in sysstat 5.1.2 up to 7.1.6 creates /tmp/sysstat.run insecurely, which allows local users to execute arbitrary code.
Alerts:
CentOS CESA-2011:1005 2011-09-22
Scientific Linux SL-syss-20110721 2011-07-21
Red Hat RHSA-2011:1005-01 2011-07-21
Fedora FEDORA-2007-675 2007-08-27
Fedora FEDORA-2007-1697 2007-08-20

Comments (1 posted)

tor: compromised anonymity

Package(s):tor CVE #(s):CVE-2007-3165 CVE-2007-4174
Created:August 20, 2007 Updated:August 22, 2007
Description: Tor before 0.1.2.14 can construct circuits in which an entry guard is in the same family as the exit node, which might compromise the anonymity of traffic sources and destinations by exposing traffic to inappropriate remote observers. (CVE-2007-3165)

An unspecified vulnerability in Tor before 0.1.2.16, when ControlPort is enabled, might allow remote attackers to modify the torrc configuration file, compromise anonymity, and have other unspecified impact, related to improper handling of multiple ControlPort authentication attempts. (CVE-2007-4174)

Alerts:
Fedora FEDORA-2007-1674 2007-08-19

Comments (1 posted)

Updated vulnerabilities

acroread: multiple vulnerabilities

Package(s):acroread CVE #(s):CVE-2006-5857 CVE-2007-0045 CVE-2007-0046
Created:January 11, 2007 Updated:October 26, 2009
Description: Adobes acrobat reader has the following vulnerabilities:

The Adobe Reader Plugin has a cross site scripting vulnerability that can be triggered by processes malformed URLs. Arbitrary JavaScript can be served by a malicious web server, leading to a cross-site scripting attack.

Maliciously crafted PDF files can be used to trigger two vulnerabilities, if an attacker can trick a user into viewing the files, arbitrary code can be executed with the user's privileges.

Alerts:
SuSE SUSE-SA:2009:049 2009-10-26
Gentoo 200910-03 2009-10-25
Red Hat RHSA-2007:0021-01 2007-01-22
Gentoo 200701-16 2007-01-22
SuSE SUSE-SA:2007:011 2007-01-22
Red Hat RHSA-2007:0017-01 2007-01-11

Comments (1 posted)

apache2: information disclosure

Package(s):apache CVE #(s):CVE-2007-1862
Created:June 20, 2007 Updated:February 18, 2008
Description: From the Mandriva advisory: "The recall_headers function in mod_mem_cache in Apache 2.2.4 does not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously-used data, which could be used to obtain potentially sensitive information by unauthorized users."
Alerts:
Fedora FEDORA-2008-1711 2008-02-15
Fedora FEDORA-2007-0704 2007-06-26
Mandriva MDKSA-2007:127 2007-06-19

Comments (2 posted)

apache: multiple vulnerabilities

Package(s):apache CVE #(s):CVE-2007-3304 CVE-2006-5752
Created:June 27, 2007 Updated:February 18, 2008
Description: The Apache HTTP Server did not verify that a process was an Apache child process before sending it signals. A local attacker who has the ability to run scripts on the Apache HTTP Server could manipulate the scoreboard and cause arbitrary processes to be terminated, which could lead to a denial of service. (CVE-2007-3304)

A flaw was found in the Apache HTTP Server mod_status module. Sites with the server-status page publicly accessible and ExtendedStatus enabled were vulnerable to a cross-site scripting attack. On Red Hat Enterprise Linux the server-status page is not enabled by default and it is best practice to not make this publicly available. (CVE-2006-5752)

Alerts:
Fedora FEDORA-2008-1711 2008-02-15
SuSE SUSE-SA:2007:061 2007-11-19
Fedora FEDORA-2007-2214 2007-09-18
rPath rPSA-2007-0182-1 2007-09-14
Ubuntu USN-499-1 2007-08-16
Red Hat RHSA-2007:0662-01 2007-07-13
Red Hat RHSA-2007:0557-01 2007-07-13
Fedora FEDORA-2007-615 2007-07-12
Mandriva MDKSA-2007:142 2007-07-04
Mandriva MDKSA-2007:141 2007-07-04
Mandriva MDKSA-2007:140 2007-07-04
Fedora FEDORA-2007-617 2007-07-02
rPath rPSA-2007-0136-1 2007-06-27
Red Hat RHSA-2007:0556-01 2007-06-26
Red Hat RHSA-2007:0534-01 2007-06-26
Red Hat RHSA-2007:0533-01 2007-06-27
Red Hat RHSA-2007:0532-01 2007-06-26

Comments (1 posted)

apache: cross-site scripting

Package(s):apache CVE #(s):CVE-2006-3918
Created:August 9, 2006 Updated:April 4, 2008
Description: From the Red Hat advisory: "A bug was found in Apache where an invalid Expect header sent to the server was returned to the user in an unescaped error message. This could allow an attacker to perform a cross-site scripting attack if a victim was tricked into connecting to a site and sending a carefully crafted Expect header."
Alerts:
SuSE SUSE-SA:2008:021 2008-04-04
Ubuntu USN-575-1 2008-02-04
SuSE SUSE-SA:2006:051 2006-09-08
Debian DSA-1167-1 2005-09-04
Red Hat RHSA-2006:0619-01 2006-08-10
Red Hat RHSA-2006:0618-01 2006-08-08

Comments (none posted)

Asterisk: two SIP denial of service vulnerabilities

Package(s):Asterisk CVE #(s):CVE-2007-1561 CVE-2007-1594
Created:April 3, 2007 Updated:August 27, 2007
Description: The Madynes research team at INRIA has discovered that Asterisk contains a null pointer dereferencing error in the SIP channel when handling INVITE messages. Furthermore qwerty1979 discovered that Asterisk 1.2.x fails to properly handle SIP responses with return code 0. A remote attacker could cause an Asterisk server listening for SIP messages to crash by sending a specially crafted SIP message or answering with a 0 return code.
Alerts:
Debian DSA-1358-1 2007-08-26
SuSE SUSE-SA:2007:034 2007-06-06
Gentoo 200704-01 2007-04-02

Comments (none posted)

avahi: denial of service

Package(s):avahi CVE #(s):CVE-2007-3372
Created:June 28, 2007 Updated:December 23, 2008
Description: Avahi is vulnerable to a local denial of service that can be caused by making an erroneous call to the assert() function.
Alerts:
Debian DSA-1690-1 2008-12-22
Ubuntu USN-696-1 2008-12-18
Mandriva MDKSA-2007:185 2007-09-17
Foresight FLEA-2007-0030-1 2007-06-28

Comments (none posted)

bind: DNS cache poisoning

Package(s):bind CVE #(s):CVE-2007-2926
Created:July 24, 2007 Updated:August 20, 2007
Description: A flaw was found in the way BIND generates outbound DNS query ids. If an attacker is able to acquire a finite set of query IDs, it becomes possible to accurately predict future query IDs. Future query ID prediction may allow an attacker to conduct a DNS cache poisoning attack, which can result in the DNS server returning incorrect client query data.
Alerts:
Gentoo 200708-13 2007-08-18
SuSE SUSE-SA:2007:047 2007-08-01
Trustix TSLSA-2007-0023 2007-07-28
Slackware SSA:2007-207-01 2007-07-27
rPath rPSA-2007-0149-1 2007-07-27
Fedora FEDORA-2007-647 2007-07-26
Debian DSA-1341-2 2007-07-25
Mandriva MDKSA-2007:149 2007-12-31
Debian DSA-1341-1 2007-07-25
Ubuntu USN-491-1 2007-07-25
OpenPKG OpenPKG-SA-2007.022 2007-07-25
Fedora FEDORA-2007-1247 2007-07-24
Red Hat RHSA-2007:0740-01 2007-07-24

Comments (none posted)

bochs: buffer overflow

Package(s):bochs CVE #(s):CVE-2007-2893
Created:July 20, 2007 Updated:November 19, 2007
Description: A heap-based buffer overflow in the bx_ne2k_c::rx_frame function in iodev/ne2k.cc in the emulated NE2000 device in Bochs 2.3 allows local users of the guest operating system to write to arbitrary memory locations and gain privileges on the host operating system via vectors that cause TXCNT register values to exceed the device memory size, aka "RX Frame heap overflow."
Alerts:
Gentoo 200711-21 2007-11-17
Fedora FEDORA-2007-1778 2007-08-23
Debian DSA-1351-1 2007-08-07
Fedora FEDORA-2007-1153 2007-07-19

Comments (none posted)

bugzilla: multiple vulnerabilities

Package(s):bugzilla CVE #(s):CVE-2006-5453 CVE-2006-5454 CVE-2006-5455
Created:November 10, 2006 Updated:August 28, 2007
Description: Bugzilla has the following vulnerabilities:

Input data passed to various fields is not properly sanitized before being passed back to users.

Users can gain unauthorized access to read attachment descriptions while using diff mode.

HTTP GET and HTTP POST requests can be used to perform unauthorized actions due to improper verification.

Input that is passed to showdependencygraph.cgi is not properly sanitized before being returned to users.

Alerts:
Debian DSA-1208-1 2006-11-11
Gentoo 200611-04 2006-11-09

Comments (none posted)

centericq: buffer overflows

Package(s):centericq CVE #(s):CVE-2007-3713
Created:July 20, 2007 Updated:December 17, 2007
Description: Multiple buffer overflows in Konst CenterICQ 4.9.11 through 4.21 allow remote attackers to execute arbitrary code via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this might overlap CVE-2007-0160.
Alerts:
Debian DSA-1433-1 2007-12-16
Debian-Testing DTSA-55-1 2007-09-03
Fedora FEDORA-2007-1160 2007-07-19

Comments (none posted)

clamav: denial of service

Package(s):clamav CVE #(s):CVE-2007-3725
Created:July 24, 2007 Updated:February 27, 2008
Description: A NULL pointer dereference has been discovered in the RAR VM of Clam Antivirus (ClamAV) which allows user-assisted remote attackers to cause a denial of service via a specially crafted RAR archives.
Alerts:
SuSE SUSE-SR:2007:015 2007-08-03
Gentoo 200708-04 2007-08-09
Mandriva MDKSA-2007:150 2007-07-25
Debian DSA-1340-1 2007-07-24

Comments (none posted)

cpio: arbitrary code execution

Package(s):cpio CVE #(s):CVE-2005-4268
Created:January 2, 2006 Updated:March 17, 2010
Description: Richard Harms discovered that cpio did not sufficiently validate file properties when creating archives. Files with e. g. a very large size caused a buffer overflow. By tricking a user or an automatic backup system into putting a specially crafted file into a cpio archive, a local attacker could probably exploit this to execute arbitrary code with the privileges of the target user (which is likely root in an automatic backup system).
Alerts:
CentOS CESA-2010:0145 2010-03-17
Red Hat RHSA-2010:0145-01 2010-03-15
rPath rPSA-2007-0094-1 2007-05-07
Red Hat RHSA-2007:0245-02 2007-05-01
Ubuntu USN-234-1 2006-01-02

Comments (none posted)

vixie-cron: privilege escalation

Package(s):cron CVE #(s):CVE-2006-2607
Created:May 31, 2006 Updated:June 1, 2009
Description: The Vixie cron daemon does not check the return code from setuid(); if that call can be made to fail, a local attacker may be able to execute commands as root.
Alerts:
Ubuntu USN-778-1 2009-06-01
Red Hat RHSA-2006:0539-01 2006-07-12
Gentoo 200606-07 2006-06-09
SuSE SUSE-SA:2006:027 2006-05-31
rPath rPSA-2006-0082-1 2006-05-25

Comments (1 posted)

cscope: buffer overflows

Package(s):cscope CVE #(s):CVE-2006-4262
Created:October 2, 2006 Updated:June 16, 2009
Description: Will Drewry of the Google Security Team discovered several buffer overflows in cscope, a source browsing tool, which might lead to the execution of arbitrary code.
Alerts:
CentOS CESA-2009:1101 2009-06-16
Red Hat RHSA-2009:1101-01 2009-06-15
Gentoo 200610-08 2006-10-20
Debian DSA-1186-1 2006-09-30

Comments (none posted)

cscope: buffer overflows

Package(s):cscope CVE #(s):CVE-2004-2541
Created:May 22, 2006 Updated:June 19, 2009
Description: A buffer overflow in Cscope 15.5, and possibly multiple overflows, allows remote attackers to execute arbitrary code via a C file with a long #include line that is later browsed by the target.
Alerts:
CentOS CESA-2009:1102 2009-06-19
CentOS CESA-2009:1101 2009-06-16
Red Hat RHSA-2009:1102-01 2009-06-15
Red Hat RHSA-2009:1101-01 2009-06-15
Gentoo 200606-10 2006-06-11
Debian DSA-1064-1 2006-05-19

Comments (1 posted)

cups: denial of service

Package(s):cups CVE #(s):CVE-2007-0720
Created:March 26, 2007 Updated:February 7, 2008
Description: Previous versions of the cups package could be forced to hang via a client "partially negotiating" an ssl connection. In this state, cups would not allow other connections to be made, a denial of service.
Alerts:
Mandriva MDVSA-2008:036 2007-02-06
Mandriva MDKSA-2007:086 2007-04-16
Red Hat RHSA-2007:0123-01 2007-04-16
Gentoo 200703-28 2007-03-31
Foresight FLEA-2007-0003-1 2007-03-25

Comments (none posted)

gpdf: integer overflow

Package(s):cups poppler xpdf CVE #(s):CVE-2007-3387
Created:July 31, 2007 Updated:November 28, 2007
Description: The gpdf library contains an integer overflow which can be exploited via a malicious PDF file. This code finds its way into multiple packages, including xpdf, kpdf, poppler, cups, and more.
Alerts:
Fedora FEDORA-2007-3390 2007-11-20
Fedora FEDORA-2007-3308 2007-11-20
Gentoo 200710-20 2007-10-18
Gentoo 200710-08 2007-10-09
Gentoo 200709-12 2007-09-19
Fedora FEDORA-2007-685 2007-08-30
Debian-Testing DTSA-54-1 2007-08-22
Fedora FEDORA-2007-669 2007-08-13
Fedora FEDORA-2007-644 2007-08-13
Debian DSA-1357-1 2007-08-19
Mandriva MDKSA-2007:162 2007-08-14
Mandriva MDKSA-2007:165 2007-08-15
Foresight FLEA-2007-0046-1 2007-08-14
Fedora FEDORA-2007-1614 2007-08-15
Mandriva MDKSA-2007:164 2007-08-14
Mandriva MDKSA-2007:163 2007-08-14
Foresight FLEA-2007-0045-1 2007-08-14
Foresight FLEA-2007-0044-1 2007-08-14
Mandriva MDKSA-2007:158 2007-08-13
Mandriva MDKSA-2007:160 2007-08-13
Mandriva MDKSA-2007:161 2007-08-13
Mandriva MDKSA-2007:159 2007-08-13
Fedora FEDORA-2007-1594 2007-08-13
Debian DSA-1355-1 2007-08-13
Slackware SSA:2007-222-05 2007-08-13
Slackware SSA:2007-222-02 2007-08-13
Fedora FEDORA-2007-1547 2007-08-10
Fedora FEDORA-2007-1541 2007-08-10
Debian DSA-1354-1 2007-08-13
rPath rPSA-2007-0154-1 2007-08-10
SuSE SUSE-SR:2007:016 2007-08-10
Ubuntu USN-496-2 2007-08-07
Debian DSA-1352-1 2007-08-07
Debian DSA-1350-1 2007-08-06
Debian DSA-1349-1 2007-08-05
Debian DSA-1348-1 2007-08-04
Debian DSA-1347-1 2007-08-04
SuSE SUSE-SR:2007:015 2007-08-03
Ubuntu USN-496-1 2007-08-03
Red Hat RHSA-2007:0731-01 2007-08-01
Red Hat RHSA-2007:0735-01 2007-07-30
Red Hat RHSA-2007:0732-01 2007-07-30
Red Hat RHSA-2007:0729-01 2007-07-30
Red Hat RHSA-2007:0730-01 2007-07-30
Red Hat RHSA-2007:0720-01 2007-07-30

Comments (1 posted)

Cyrus-SASL: DIGEST-MD5 Pre-Authentication Denial of Service

Package(s):cyrus-sasl CVE #(s):CVE-2006-1721
Created:April 21, 2006 Updated:September 4, 2007
Description: Cyrus-SASL contains an unspecified vulnerability in the DIGEST-MD5 process that could lead to a Denial of Service. An attacker could possibly exploit this vulnerability by sending specially crafted data stream to the Cyrus-SASL server, resulting in a Denial of Service even if the attacker is not able to authenticate.
Alerts:
Red Hat RHSA-2007:0878-01 2007-09-04
Red Hat RHSA-2007:0795-01 2007-09-04
SuSE SUSE-SA:2006:025 2006-05-05
Fedora FEDORA-2006-515 2006-05-04
Debian DSA-1042-1 2006-04-25
Mandriva MDKSA-2006:073 2006-04-24
Ubuntu USN-272-1 2006-04-24
Gentoo 200604-09 2006-04-21

Comments (none posted)

dovecot: privilege escalation

Package(s):dovecot CVE #(s):CVE-2007-4211
Created:August 15, 2007 Updated:May 21, 2008
Description: From the rPath advisory: "Previous versions of the dovecot package are vulnerable to a minor privilege escalation attack in which an authenticated user may exploit an ACL plugin weakness to save message flags without having proper permissions."
Alerts:
Red Hat RHSA-2008:0297-02 2008-05-21
Fedora FEDORA-2007-664 2007-08-20
rPath rPSA-2007-0161-1 2007-08-14

Comments (none posted)

dovecot: directory traversal

Package(s):dovecot CVE #(s):CVE-2007-2231
Created:May 8, 2007 Updated:May 21, 2008
Description: Directory traversal vulnerability in index/mbox/mbox-storage.c in Dovecot before 1.0.rc29, when using the zlib plugin, allows remote attackers to read arbitrary gzipped (.gz) mailboxes (mbox files) via a .. (dot dot) sequence in the mailbox name.
Alerts:
Red Hat RHSA-2008:0297-02 2008-05-21
Debian DSA-1359-1 2007-08-28
Ubuntu USN-487-1 2007-07-17
Fedora FEDORA-2007-493 2007-05-07

Comments (none posted)

elinks: code execution

Package(s):elinks CVE #(s):CVE-2007-2027
Created:May 7, 2007 Updated:October 30, 2009
Description: Arnaud Giersch discovered that elinks incorrectly attempted to load gettext catalogs from a relative path. If a user were tricked into running elinks from a specific directory, a local attacker could execute code with user privileges.
Alerts:
Red Hat RHSA-2009:1471-01 2009-10-01
CentOS CESA-2009:1471 2009-10-06
CentOS CESA-2009:1471 2009-10-30
Gentoo 200706-03 2007-06-06
Ubuntu USN-457-1 2007-05-07
Oracle ELSA-2013-0250 2013-02-11

Comments (none posted)

elinks: arbitrary file access

Package(s):elinks CVE #(s):CVE-2006-5925
Created:November 16, 2006 Updated:October 22, 2009
Description: The elinks text-mode browser has an arbitrary file access vulnerability in the Elinks SMB protocol handler. If a user can be tricked into visiting a specially crafted web page, arbitrary files may be read or written with the user's permissions.
Alerts:
Ubuntu USN-851-1 2009-10-21
Gentoo 200701-27 2007-01-30
OpenPKG OpenPKG-SA-2006.043 2006-12-26
Debian DSA-1240-1 2006-12-21
Gentoo 200612-16 2006-12-14
Debian DSA-1228-1 2006-12-05
Debian DSA-1226-1 2006-12-03
Fedora FEDORA-2006-1278 2006-11-21
Fedora FEDORA-2006-1277 2006-11-21
Mandriva MDKSA-2006:216 2006-11-20
Red Hat RHSA-2006:0742-01 2006-11-15

Comments (none posted)

emacs21: denial of service

Package(s):emacs21 CVE #(s):CVE-2007-2833
Created:June 21, 2007 Updated:August 29, 2007
Description: The emacs21 editor has a denial of service vulnerability. emacs21 can be made to crash by viewing "certain types of images".
Alerts:
Ubuntu USN-504-1 2007-08-28
rPath rPSA-2007-0133-1 2007-06-25
Mandriva MDKSA-2007:133 2007-06-21
Debian DSA 1316-1 2007-06-21

Comments (none posted)

evolution: format string error

Package(s):evolution CVE #(s):CVE-2007-1002
Created:March 27, 2007 Updated:February 27, 2008
Description: A format string error in the "write_html()" function in calendar/gui/ e-cal-component-memo-preview.c when displaying a memo's categories can potentially be exploited to execute arbitrary code via a specially crafted shared memo containing format specifiers.
Alerts:
SuSE SUSE-SR:2007:015 2007-08-03
Gentoo 200706-02 2007-06-06
Red Hat RHSA-2007:0158-01 2007-05-03
Foresight FLEA-2007-0010-1 2007-04-05
Fedora FEDORA-2007-404 2007-04-04
Fedora FEDORA-2007-393 2007-04-04
Mandriva MDKSA-2007:070 2007-03-27

Comments (1 posted)

evolution-data-server: malicious server arbitrary code execution

Package(s):evolution-data-server CVE #(s):CVE-2007-3257
Created:June 18, 2007 Updated:November 7, 2007
Description: From the GNOME bugzilla: "The "SEQUENCE" value in the GData of the IMAP code (camel-imap-folder.c) is converted from a string using strtol. This allows for negative values. The imap_rescan uses this value as an int. It checks for !seq and seq>summary.length. It doesn't check for seq < 0. Although seq is used as the index of an array."
Alerts:
Gentoo 200711-04 2007-11-06
Gentoo 200707-03 2007-07-02
SuSE SUSE-SA:2007:042 2007-07-05
Debian DSA-1325-1 2007-06-29
Fedora FEDORA-2007-594 2007-06-27
Fedora FEDORA-2007-595 2007-06-27
Mandriva MDKSA-2007:136 2007-06-26
Red Hat RHSA-2007:0510-01 2007-06-25
Red Hat RHSA-2007:0509-01 2007-06-25
Debian DSA-1321-1 2007-06-23
Ubuntu USN-475-1 2007-06-21
Fedora FEDORA-2007-0464 2007-06-16

Comments (1 posted)

pop mail man-in-the-middle attacks

Package(s):evolution thunderbird mutt fetchmail CVE #(s):CVE-2007-1558
Created:May 8, 2007 Updated:July 3, 2009
Description: The APOP protocol allows remote attackers to guess the first 3 characters of a password via man-in-the-middle (MITM) attacks that use crafted message IDs and MD5 collisions. NOTE: this design-level issue potentially affects all products that use APOP, including (1) Thunderbird, (2) Evolution, (3) mutt, and (4) fetchmail.
Alerts:
CentOS CESA-2009:1140 2009-07-02
Red Hat RHSA-2009:1140-02 2009-07-02
Fedora FEDORA-2007-1447 2007-08-06
rPath rPSA-2007-0127-1 2007-06-19
Foresight FLEA-2007-0026-1 2007-06-18
rPath rPSA-2007-0122-1 2007-06-14
Red Hat RHSA-2007:0385-01 2007-06-07
rPath rPSA-2007-0114-1 2007-06-04
Mandriva MDKSA-2007:113 2007-06-04
Red Hat RHSA-2007:0386-01 2007-06-04
Fedora FEDORA-2007-0001 2007-06-01
Fedora FEDORA-2007-552 2007-05-31
Fedora FEDORA-2007-552 2007-05-31
Fedora FEDORA-2007-552 2007-05-31
Fedora FEDORA-2007-552 2007-05-31
Fedora FEDORA-2007-550 2007-05-31
Fedora FEDORA-2007-551 2007-05-31
Red Hat RHSA-2007:0401-01 2007-05-30
Fedora FEDORA-2007-539 2007-05-30
Fedora FEDORA-2007-540 2007-05-30
Red Hat RHSA-2007:0344-01 2007-05-30
Mandriva MDKSA-2007:107 2007-05-19
Mandriva MDKSA-2007:105 2007-05-17
Red Hat RHSA-2007:0353-01 2007-05-17
Fedora FEDORA-2007-484 2007-05-07
Fedora FEDORA-2007-485 2007-05-07

Comments (none posted)

file: integer overflow

Package(s):file CVE #(s):CVE-2007-2799
Created:June 1, 2007 Updated:October 19, 2007
Description: Colin Percival from FreeBSD reported that the previous fix for the file_printf() buffer overflow introduced a new integer overflow. A remote attacker could entice a user to run the file program on an overly large file (more than 1Gb) that would trigger an integer overflow on 32-bit systems, possibly leading to the execution of arbitrary code with the rights of the user running file.
Alerts:
Gentoo 200710-19 2007-10-18
Debian DSA-1343-2 2007-09-25
Debian DSA-1343-1 2007-07-31
SuSE SUSE-SA:2007:040 2007-07-04
Fedora FEDORA-2007-0836 2007-07-03
Fedora FEDORA-2007-538 2007-06-11
Fedora FEDORA-2007-541 2007-06-11
Ubuntu USN-439-2 2007-06-11
Mandriva MDKSA-2007:114 2007-06-05
Gentoo 200705-25 2007-05-31

Comments (3 posted)

firebird: buffer overflow

Package(s):firebird CVE #(s):CVE-2007-3181
Created:July 2, 2007 Updated:March 27, 2008
Description: The Firebird DBMS has a buffer overflow vulnerability involving the processing of connect requests with an overly large p_cnct_count value. Remote attackers can send a specially crafted request to the server in order to potentially execute arbitrary code with the permissions of the Firebird user.
Alerts:
Debian DSA-1529-1 2008-03-24
Gentoo 200707-01 2007-07-01

Comments (none posted)

firefox: multiple vulnerabilities

Package(s):firefox CVE #(s):CVE-2007-3844 CVE-2007-3845
Created:August 1, 2007 Updated:February 20, 2008
Description:

A flaw was discovered in handling of "about:blank" windows used by addons. A malicious web site could exploit this to modify the contents, or steal confidential data (such as passwords), of other web pages. (CVE-2007-3844)

Jesper Johansson discovered that spaces and double-quotes were not correctly handled when launching external programs. In rare configurations, after tricking a user into opening a malicious web page, an attacker could execute helpers with arbitrary arguments with the user's privileges. (CVE-2007-3845)

Alerts:
Mandriva MDVSA-2007:047 2007-02-19
Fedora FEDORA-2007-3414 2007-11-16
Fedora FEDORA-2007-3431 2007-11-16
Red Hat RHSA-2007:0981-01 2007-10-19
Red Hat RHSA-2007:0980-01 2007-10-19
Red Hat RHSA-2007:0979-01 2007-10-19
Debian DSA-1391-1 2007-10-19
Gentoo 200708-09 2007-08-14
rPath rPSA-2007-0157-1 2007-08-10
Slackware SSA:2007-215-01 2007-08-06
Debian DSA-1346-1 2007-08-04
Debian DSA-1345-1 2007-08-04
Debian DSA-1344-1 2007-08-03
Foresight FLEA-2007-0040-1 2007-08-03
Slackware SSA:2007-213-01 2007-08-02
Mandriva MDKSA-2007:152 2007-08-01
Foresight FLEA-2007-0039-1 2007-08-01
Ubuntu USN-493-1 2007-07-31

Comments (none posted)

firefox: multiple vulnerabilities

Package(s):firefox mozilla seamonkey thunderbird CVE #(s):CVE-2007-1362 CVE-2007-2867 CVE-2007-2868 CVE-2007-2869 CVE-2007-2870 CVE-2007-2871
Created:June 4, 2007 Updated:August 29, 2007
Description: Various flaws were discovered in the layout and JavaScript engines. By tricking a user into opening a malicious web page, an attacker could execute arbitrary code with the user's privileges. (CVE-2007-2867, CVE-2007-2868)

A flaw was discovered in the form autocomplete feature. By tricking a user into opening a malicious web page, an attacker could cause a persistent denial of service. (CVE-2007-2869)

Nicolas Derouet discovered flaws in cookie handling. By tricking a user into opening a malicious web page, an attacker could force the browser to consume large quantities of disk or memory while processing long cookie paths. (CVE-2007-1362)

A flaw was discovered in the same-origin policy handling of the addEventListener JavaScript method. A malicious web site could exploit this to modify the contents, or steal confidential data (such as passwords), of other web pages. (CVE-2007-2870) Chris Thomas discovered a flaw in XUL popups. A malicious web site could exploit this to spoof or obscure portions of the browser UI, such as the location bar. (CVE-2007-2871)

Alerts:
Ubuntu USN-469-2 2007-08-29
SuSE SUSE-SA:2007:036 2007-06-27
Mandriva MDKSA-2007:131 2007-06-20
Gentoo 200706-06 2007-06-19
Foresight FLEA-2007-0027-1 2007-06-20
Fedora FEDORA-2007-0544 2007-06-18
Mandriva MDKSA-2007:126-1 2007-06-16
Mandriva MDKSA-2007:126 2007-06-15
Slackware SSA:2007-165-01 2007-06-15
Debian DSA-1308-1 2007-06-14
Mandriva MDKSA-2007:120 2007-06-12
Mandriva MDKSA-2007:119 2007-06-12
Debian DSA-1305-1 2007-06-13
Debian DSA-1306-1 2007-06-12
Debian DSA-1300-1 2007-06-07
Ubuntu USN-469-1 2007-06-05
Slackware SSA:2007-152-02 2007-06-04
Ubuntu USN-468-1 2007-06-01

Comments (3 posted)

firefox, thunderbird, seamonkey: multiple vulnerabilities

Package(s):firefox, thunderbird, seamonkey CVE #(s):CVE-2007-3738 CVE-2007-3656 CVE-2007-3670 CVE-2007-3285 CVE-2007-3737 CVE-2007-3089 CVE-2007-3736 CVE-2007-3734 CVE-2007-3735
Created:July 18, 2007 Updated:May 12, 2008
Description: shutdown and moz_bug_r_a4 reported two separate ways to modify an XPCNativeWrapper such that subsequent access by the browser would result in executing user-supplied code. (CVE-2007-3738)

Michal Zalewski reported that it was possible to bypass the same-origin checks and read from cached (wyciwyg) documents It is possible to access wyciwyg:// documents without proper same domain policy checks through the use of HTTP 302 redirects. This enables the attacker to steal sensitive data displayed on dynamically generated pages; perform cache poisoning; and execute own code or display own content with URL bar and SSL certificate data of the attacked page (URL spoofing++). (CVE-2007-3656)

Internet Explorer calls registered URL protocols without escaping quotes and may be used to pass unexpected and potentially dangerous data to the application that registers that URL Protocol. (CVE-2007-3670)

Ronald van den Heetkamp reported that a filename URL containing %00 (encoded null) can cause Firefox to interpret the file extension differently than the underlying Windows operating system potentially leading to unsafe actions such as running a program. This is only accessible locally. (CVE-2007-3285)

An attacker can use an element outside of a document to call an event handler allowing content to run arbitrary code with chrome privileges. (CVE-2007-3737)

Ronen Zilberman and Michal Zalewski both reported that it was possible to exploit a timing issue to inject content into about:blank frames in a page. When opening a window from a script, it is possible to spoof the content of the newly opened window's frames within a short time frame, while the window is loading. (CVE-2007-3089)

Mozilla contributor moz_bug_r_a4 demonstrated that the methods addEventListener and setTimeout could be used to inject script into another site in violation of the browser's same-origin policy. This could be used to access or modify private or valuable information from that other site. (CVE-2007-3736)

As part of the Firefox 2.0.0.5 update releases Mozilla developers fixed many bugs to improve the stability of the product. Some of these crashes that showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Note: Thunderbird shares the browser engine with Firefox and could be vulnerable if JavaScript were to be enabled in mail. This is not the default setting and we strongly discourage users from running JavaScript in mail. Without further investigation we cannot rule out the possibility that for some of these an attacker might be able to prepare memory for exploitation through some means other than JavaScript, such as large images. (CVE-2007-3734, CVE-2007-3735)

Alerts:
Debian DSA-1574-1 2008-05-12
Debian DSA-1534-2 2008-04-24
Debian DSA-1535-1 2008-03-30
Debian DSA-1534-1 2008-03-28
Debian DSA-1532-1 2008-03-27
Mandriva MDVSA-2007:047 2007-02-19
Ubuntu USN-503-1 2007-08-24
Slackware SSA:2007-222-04 2007-08-13
SuSE SUSE-SA:2007:049 2007-08-02
Slackware SSA:2007-205-02 2007-07-25
Slackware SSA:2007-205-01 2007-07-25
Foresight FLEA-2007-0033-1 2007-07-24
Debian DSA-1339-1 2007-07-23
Debian DSA-1338-1 2007-07-23
Fedora FEDORA-2007-1181 2007-07-20
Fedora FEDORA-2007-1180 2007-07-20
Debian DSA-1337-1 2007-07-22
Fedora FEDORA-2007-642 2007-07-20
Fedora FEDORA-2007-641 2007-07-20
rPath rPSA-2007-0148-1 2007-07-20
Ubuntu USN-490-1 2007-07-19
Slackware SSA:2007-200-01 2007-07-20
Fedora FEDORA-2007-1159 2007-07-19
Fedora FEDORA-2007-1157 2007-07-19
Fedora FEDORA-2007-1155 2007-07-19
Red Hat RHSA-2007:0724-01 2007-07-18
Red Hat RHSA-2007:0723-01 2007-07-18
Red Hat RHSA-2007:0722-01 2007-07-18
Fedora FEDORA-2007-1143 2007-07-18
Fedora FEDORA-2007-1144 2007-07-18
Fedora FEDORA-2007-1142 2007-07-18
Fedora FEDORA-2007-1138 2007-07-18

Comments (none posted)

flac123: arbitrary code execution

Package(s):flac123 CVE #(s):CVE-2007-3507
Created:July 13, 2007 Updated:October 22, 2007
Description: A stack-based buffer overflow in the local__vcentry_parse_value function in vorbiscomment.c in flac123 (aka flac-tools or flac) before 0.0.10 allows user-assisted remote attackers to execute arbitrary code via a large comment value_length.
Alerts:
Gentoo 200709-06 2007-09-14
Fedora FEDORA-2007-1045 2007-07-12

Comments (none posted)

freetype: arbitrary code execution

Package(s):freetype CVE #(s):CVE-2007-2754
Created:May 24, 2007 Updated:June 1, 2010
Description: The Freetype font rendering library versions 2.3.4 and below has an integer sign error. Remote attackers may be able to create a specially crafted TrueType Font file with a negative n_points value that will cause an integer overflow and heap-based buffer overflow, allowing the execution of arbitrary code.
Alerts:
Gentoo 201006-01 2010-06-01
Fedora FEDORA-2009-5644 2009-05-28
Fedora FEDORA-2009-5558 2009-05-28
CentOS CESA-2009:0329 2009-05-22
Red Hat RHSA-2009:1062-01 2009-05-22
Red Hat RHSA-2009:0329-02 2009-05-22
Debian DSA-1334 2007-07-18
SuSE SUSE-SA:2007:041 2007-07-04
Fedora FEDORA-2007-561 2007-06-18
Mandriva MDKSA-2007:121 2007-06-13
Foresight FLEA-2007-0025-1 2007-06-13
Red Hat RHSA-2007:0403-01 2007-06-11
Debian DSA-1302-1 2007-06-10
Fedora FEDORA-2007-0033 2007-06-01
Ubuntu USN-466-1 2007-05-30
Gentoo 200705-22 2007-05-30
Trustix TSLSA-2007-0019 2007-05-25
rPath rPSA-2007-0108-1 2007-05-23
Foresight FLEA-2007-0020-1 2007-05-21
OpenPKG OpenPKG-SA-2007.018 2007-05-24

Comments (none posted)

freetype: integer overflows

Package(s):freetype CVE #(s):CVE-2006-0747 CVE-2006-1861 CVE-2006-2493 CVE-2006-2661 CVE-2006-3467
Created:June 8, 2006 Updated:June 1, 2010
Description: The FreeType library has several integer overflow vulnerabilities. If a user can be tricked into installing a specially crafted font file, arbitrary code can be executed with the privilege of the user.
Alerts:
Gentoo 201006-01 2010-06-01
Fedora FEDORA-2009-5644 2009-05-28
Fedora FEDORA-2009-5558 2009-05-28
CentOS CESA-2009:0329 2009-05-22
Red Hat RHSA-2009:1062-01 2009-05-22
Red Hat RHSA-2009:0329-02 2009-05-22
Gentoo 200710-09 2007-10-09
Debian DSA-1178-1 2006-09-16
Ubuntu USN-341-1 2006-09-06
Gentoo 200609-04 2006-09-06
rPath rPSA-2006-0157-1 2006-08-25
Mandriva MDKSA-2006:148 2006-08-24
Red Hat RHSA-2006:0635-01 2006-08-21
Red Hat RHSA-2006:0634-01 2006-08-21
Fedora FEDORA-2006-912 2006-08-14
SuSE SUSE-SA:2006:045 2006-08-01
OpenPKG OpenPKG-SA-2006.017 2006-07-28
Ubuntu USN-324-1 2006-07-27
Slackware SSA:2006-207-02 2006-07-27
Mandriva MDKSA-2006:129 2006-07-20
Gentoo 200607-02 2006-07-09
SuSE SUSE-SA:2006:037 2006-06-27
Mandriva MDKSA-2006:099-1 2006-06-13
Mandriva MDKSA-2006:099 2006-06-12
rPath rPSA-2006-0100-1 2006-06-12
Debian DSA-1095-1 2006-06-10
Ubuntu USN-291-1 2006-06-08

Comments (none posted)

gcc: file overwrite vulnerability

Package(s):gcc CVE #(s):CVE-2006-3619
Created:September 6, 2006 Updated:March 14, 2008
Description: The fastjar utility found in the GNU compiler collection does not perform adequate file path checking, allowing the creation or overwriting of files outside of the current directory tree.
Alerts:
Mandriva MDVSA-2008:066 2007-03-13
Red Hat RHSA-2007:0473-01 2007-06-11
Red Hat RHSA-2007:0220-02 2007-05-01
Debian DSA-1170-1 2006-09-06

Comments (none posted)

gd: buffer overflow

Package(s):gd CVE #(s):CVE-2007-0455
Created:February 7, 2007 Updated:November 18, 2009
Description: The gd graphics library contains a buffer overflow which could enable a remote attacker to execute arbitrary code. Note that various other packages include code from gd and could also be vulnerable.
Alerts:
Debian DSA-1936-1 2009-11-17
Red Hat RHSA-2008:0146-01 2008-02-28
Ubuntu USN-473-1 2007-06-11
OpenPKG OpenPKG-SA-2007.016 2007-05-18
Trustix TSLSA-2007-0007 2007-02-13
Fedora FEDORA-2007-150 2007-02-12
Fedora FEDORA-2007-149 2007-02-12
rPath rPSA-2007-0028-1 2007-02-08
Mandriva MDKSA-2007:038 2006-02-06
Mandriva MDKSA-2007:036 2006-02-06
Mandriva MDKSA-2007:035 2006-02-06

Comments (2 posted)

gd: multiple vulnerabilities

Package(s):gd CVE #(s):CVE-2007-3472 CVE-2007-3473 CVE-2007-3474 CVE-2007-3475 CVE-2007-3476 CVE-2007-3477 CVE-2007-3478
Created:August 6, 2007 Updated:November 6, 2009
Description: Integer overflow in gdImageCreateTrueColor function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to have unspecified remote attack vectors and impact. (CVE-2007-3472)

The gdImageCreateXbm function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors involving a gdImageCreate failure. (CVE-2007-3473)

Multiple unspecified vulnerabilities in the GIF reader in the GD Graphics Library (libgd) before 2.0.35 allow user-assisted remote attackers to have unspecified attack vectors and impact. (CVE-2007-3474)

The GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via a GIF image that has no global color map. (CVE-2007-3475)

Array index error in gd_gif_in.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash and heap corruption) via large color index values in crafted image data, which results in a segmentation fault. (CVE-2007-3476)

The (a) imagearc and (b) imagefilledarc functions in GD Graphics Library (libgd) before 2.0.35 allows attackers to cause a denial of service (CPU consumption) via a large (1) start or (2) end angle degree value. (CVE-2007-3477)

Race condition in gdImageStringFTEx (gdft_draw_bitmap) in gdft.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors, possibly involving truetype font (TTF) support. (CVE-2007-3478)

Alerts:
Ubuntu USN-854-1 2009-11-05
Debian DSA-1613-1 2008-07-22
Red Hat RHSA-2008:0146-01 2008-02-28
SuSE SUSE-SR:2007:015 2007-08-03
Fedora FEDORA-2007-692 2007-09-18
Fedora FEDORA-2007-2055 2007-09-07
Foresight FLEA-2007-0052-1 2007-09-06
rPath rPSA-2007-0176-1 2007-09-05
Trustix TSLSA-2007-0024 2007-08-10
Gentoo 200708-05 2007-08-09
Mandriva MDKSA-2007:153 2007-08-03

Comments (none posted)

gd: denial of service

Package(s):gd CVE #(s):CVE-2007-2756
Created:June 14, 2007 Updated:February 28, 2008
Description: Libgd2 has a denial of service vulnerability involving the incorrect validation of PNG callback results. If an application that is linked against libgd2 is used to process a specially-crafted PNG file, a denial of service involving CPU resource consumption can be caused.
Alerts:
Red Hat RHSA-2008:0146-01 2008-02-28
Slackware SSA:2007-178-01 2007-06-27
SuSE SUSE-SR:2007:013 2007-06-22
Mandriva MDKSA-2007:124 2007-06-13
Mandriva MDKSA-2007:123 2007-06-13
Mandriva MDKSA-2007:122 2007-06-13

Comments (none posted)

gdm: denial of service

Package(s):gdm CVE #(s):CVE-2007-3381
Created:August 1, 2007 Updated:September 20, 2007
Description: JLANTHEA reported a denial of service flaw in the way that gdm listens on its Unix domain socket. Any local user can crash the locally running X session.
Alerts:
rPath rPSA-2007-0193-1 2007-09-19
Gentoo 200709-11 2007-09-18
Mandriva MDKSA-2007:169 2007-08-21
Red Hat RHSA-2007:0777-01 2007-08-07
Foresight FLEA-2007-0041-1 2007-08-03
Fedora FEDORA-2007-653 2007-08-01
Fedora FEDORA-2007-1362 2007-07-31

Comments (none posted)

gedit: format string vulnerability

Package(s):gedit CVE #(s):CAN-2005-1686
Created:June 9, 2005 Updated:February 5, 2009
Description: A format string vulnerability has been discovered in gedit. Calling the program with specially crafted file names caused a buffer overflow, which could be exploited to execute arbitrary code with the privileges of the gedit user.
Alerts:
Fedora FEDORA-2009-1189 2009-01-29
Fedora FEDORA-2009-1187 2009-01-29
Debian DSA-753-1 2005-07-12
Mandriva MDKSA-2005:102 2005-06-15
Red Hat RHSA-2005:499-01 2005-06-13
Gentoo 200506-09 2005-06-11
Ubuntu USN-138-1 2005-06-09

Comments (1 posted)

gimp: multiple vulnerabilities

Package(s):gimp CVE #(s):CVE-2007-2949
Created:June 28, 2007 Updated:February 27, 2008
Description: The gimp image editor has several vulnerabilities, including a problem where it can open PSD files with excessive dimensions and a possible stack overflow in the Sunras loader.
Alerts:
SuSE SUSE-SR:2007:015 2007-08-03
Red Hat RHSA-2007:0513-01 2007-09-26
Mandriva MDKSA-2007:170 2007-08-23
Slackware SSA:2007-222-01 2007-08-13
Foresight FLEA-2007-0038-1 2007-08-01
Gentoo 200707-09 2007-07-25
Fedora FEDORA-2007-627 2007-07-16
Debian DSA-1335-1 2007-07-18
Fedora FEDORA-2007-1099 2007-07-16
Fedora FEDORA-2007-1044 2007-07-12
rPath rPSA-2007-0138-1 2007-07-11
Ubuntu USN-480-1 2007-07-04
Fedora FEDORA-2007-618 2007-06-27
Fedora FEDORA-2007-619 2007-06-27
Fedora FEDORA-2007-0725 2007-06-27

Comments (none posted)

grip: buffer overflow

Package(s):grip CVE #(s):CAN-2005-0706
Created:March 10, 2005 Updated:November 19, 2008
Description: Grip, a CD ripper, has a buffer overflow vulnerability that can occur when the CDDB server returns more than 16 matches.
Alerts:
Fedora FEDORA-2008-9604 2008-11-19
Fedora FEDORA-2008-9521 2008-11-19
Fedora-Legacy FLSA:152919 2005-09-15
Mandriva MDKSA-2005:074 2005-04-20
Mandriva MDKSA-2005:075 2005-04-20
Gentoo 200504-07 2005-04-08
Mandrake MDKSA-2005:066 2005-04-01
Red Hat RHSA-2005:304-01 2005-03-28
Gentoo 200503-21 2005-03-17
Fedora FEDORA-2005-203 2005-03-09
Fedora FEDORA-2005-202 2005-03-09

Comments (none posted)

gzip: multiple vulnerabilities

Package(s):gzip CVE #(s):CVE-2006-4334 CVE-2006-4335 CVE-2006-4336 CVE-2006-4337 CVE-2006-4338
Created:September 19, 2006 Updated:January 20, 2010
Description: Tavis Ormandy of the Google Security Team discovered two denial of service flaws in the way gzip expanded archive files. If a victim expanded a specially crafted archive, it could cause the gzip executable to hang or crash.

Tavis Ormandy of the Google Security Team discovered several code execution flaws in the way gzip expanded archive files. If a victim expanded a specially crafted archive, it could cause the gzip executable to crash or execute arbitrary code.

Alerts:
Debian DSA-1974-1 2010-01-20
Fedora FEDORA-2007-557 2007-05-31
Gentoo 200611-24 2006-11-28
Fedora-Legacy FLSA:211760 2006-11-13
Fedora FEDORA-2006-989 2006-10-10
SuSE SUSE-SA:2006:056 2006-09-26
Gentoo 200609-13 2006-09-23
Trustix TSLSA-2006-0052 2006-09-22
Mandriva MDKSA-2006:167 2006-09-20
Slackware SSA:2006-262-01 2006-09-20
OpenPKG OpenPKG-SA-2006.020 2006-09-20
Debian DSA-1181-1 2006-09-19
rPath rPSA-2006-0170-1 2006-09-19
Ubuntu USN-349-1 2006-09-19
Red Hat RHSA-2006:0667-01 2006-09-19

Comments (1 posted)

HelixPlayer: arbitrary code execution

Package(s):HelixPlayer CVE #(s):CVE-2007-3410
Created:June 27, 2007 Updated:September 17, 2007
Description: A buffer overflow flaw was found in the way HelixPlayer processed Synchronized Multimedia Integration Language (SMIL) files. It was possible for a malformed SMIL file to execute arbitrary code with the permissions of the user running HelixPlayer. (CVE-2007-3410)
Alerts:
Gentoo 200709-05 2007-09-14
Red Hat RHSA-2007:0841-01 2007-08-17
Fedora FEDORA-2007-0756 2007-06-29
Red Hat RHSA-2007:0605-01 2007-06-27

Comments (1 posted)

horde-kronolith: local file inclusion

Package(s):horde-kronolith CVE #(s):CVE-2006-6175
Created:January 17, 2007 Updated:March 7, 2008
Description: Kronolith contains a mistake in lib/FBView.php where a raw, unfiltered string is used instead of a sanitized string to view local files. An authenticated attacker could craft an HTTP GET request that uses directory traversal techniques to execute any file on the web server as PHP code, which could allow information disclosure or arbitrary code execution with the rights of the user running the PHP application (usually the webserver user).
Alerts:
Gentoo 200701-11 2007-01-16

Comments (none posted)

ImageMagick: integer overflows

Package(s):imagemagick CVE #(s):CVE-2007-1797
Created:April 4, 2007 Updated:August 11, 2009
Description: Multiple integer overflows in ImageMagick before 6.3.3-5 allow remote attackers to execute arbitrary code via (1) a crafted DCM image, which results in a heap-based overflow in the ReadDCMImage function, or (2) the (a) colors or (b) comments field in a crafted XWD image, which results in a heap-based overflow in the ReadXWDImage function, different issues than CVE-2007-1667.
Alerts:
Debian DSA-1858-1 2009-08-10
Red Hat RHSA-2008:0165-01 2008-04-16
Red Hat RHSA-2008:0145-01 2008-04-16
Fedora FEDORA-2007-1340 2007-07-30
Mandriva MDKSA-2007:147 2007-07-20
Ubuntu USN-481-1 2007-07-10
Gentoo 200705-13 2007-05-10
Fedora FEDORA-2007-414 2007-04-17
Fedora FEDORA-2007-413 2007-04-05
rPath rPSA-2007-0064-1 2007-04-04

Comments (none posted)

ipsec-tools: denial of service

Package(s):ipsec-tools CVE #(s):CVE-2007-1841
Created:April 10, 2007 Updated:August 28, 2007
Description: A flaw was discovered in the IPSec key exchange server "racoon". Remote attackers could send a specially crafted packet and disrupt established IPSec tunnels, leading to a denial of service.
Alerts:
Fedora FEDORA-2007-665 2007-08-27
Debian DSA-1299-1 2007-06-07
Red Hat RHSA-2007:0342-01 2007-05-17
Gentoo 200705-09 2007-05-08
SuSE SUSE-SR:2007:008 2007-04-27
Mandriva MDKSA-2007:084 2007-04-16
Ubuntu USN-450-1 2007-04-09

Comments (none posted)

jasper: denial of service

Package(s):jasper CVE #(s):CVE-2007-2721
Created:June 1, 2007 Updated:April 19, 2010
Description: The jpc_qcx_getcompparms function in jpc/jpc_cs.c could allow remote user-assisted attackers to cause a denial of service (crash) and possibly corrupt the heap via malformed image files.
Alerts:
Debian DSA-2036-1 2010-04-17
Mandriva MDVSA-2009:142-1 2009-12-03
Mandriva MDVSA-2009:164 2009-07-28
Mandriva MDVSA-2009:142 2009-06-26
CentOS CESA-2009:0012 2009-02-11
Red Hat RHSA-2009:0012-01 2009-02-11
Mandriva MDKSA-2007:209 2007-11-05
Mandriva MDKSA-2007:208 2007-11-05
Ubuntu USN-501-2 2007-10-22
Ubuntu USN-501-1 2007-08-20
Mandriva MDKSA-2007:129 2007-06-19
Fedora FEDORA-2007-0001 2007-06-01

Comments (none posted)

java: multiple vulnerabilities

Package(s):java CVE #(s):CVE-2006-4339 CVE-2006-4790 CVE-2006-6731 CVE-2006-6736 CVE-2006-6737 CVE-2006-6745
Created:January 18, 2007 Updated:June 4, 2010
Description: java has multiple vulnerabilities, these include: an RSA exponent padding attack vulnerability, two vulnerabilities which allow untrusted applets to access data in other applets, vulnerabilities that involve applets gaining privileges due to serialization bugs in the JRE and buffer overflows in the java image handling routines that can give attackers read/write/execute capabilities for local files.
Alerts:
Pardus 2010-67 2010-06-04
Gentoo 200705-20 2007-05-26
Red Hat RHSA-2007:0073-01 2007-02-09
Red Hat RHSA-2007:0072-01 2007-02-08
Red Hat RHSA-2007:0062-02 2007-02-07
Gentoo 200701-15 2007-01-22
SuSE SUSE-SA:2007:010 2007-01-18

Comments (1 posted)

java-1.5.0-sun: multiple vulnerabilities

Package(s):java-1.5.0-sun CVE #(s):CVE-2007-3503 CVE-2007-3655 CVE-2007-3698 CVE-2007-3922
Created:August 6, 2007 Updated:June 24, 2008
Description: The Javadoc tool was able to generate HTML documentation pages that contained cross-site scripting (XSS) vulnerabilities. A remote attacker could use this to inject arbitrary web script or HTML. (CVE-2007-3503)

The Java Web Start URL parsing component contained a buffer overflow vulnerability within the parsing code for JNLP files. A remote attacker could create a malicious JNLP file that could trigger this flaw and execute arbitrary code when opened. (CVE-2007-3655)

The JSSE component did not correctly process SSL/TLS handshake requests. A remote attacker who is able to connect to a JSSE-based service could trigger this flaw leading to a denial-of-service. (CVE-2007-3698)

A flaw was found in the applet class loader. An untrusted applet could use this flaw to circumvent network access restrictions, possibly connecting to services hosted on the machine that executed the applet. (CVE-2007-3922)

Alerts:
Red Hat RHSA-2008:0133-01 2008-06-24
SuSE SUSE-SA:2008:025 2008-04-25
Gentoo 200804-20 2008-04-17
Red Hat RHSA-2008:0132-01 2008-02-14
Red Hat RHSA-2007:1086-01 2007-12-12
SuSE SUSE-SA:2007:056 2007-10-18
Red Hat RHSA-2007:0956-01 2007-10-16
Slackware SSA:2007-243-01 2007-08-31
Red Hat RHSA-2007:0829-01 2007-08-07
Red Hat RHSA-2007:0818-01 2007-08-06

Comments (none posted)

kdebase: information leak

Package(s):kdebase CVE #(s):CVE-2007-2022
Created:June 13, 2007 Updated:September 19, 2007
Description: A problem with the interaction between the Flash Player and the Konqueror web browser was found. The problem could lead to key presses leaking to the Flash Player applet instead of the browser. NOTE: CVE number may be incorrect, see CVE entry
Alerts:
rPath rPSA-2007-0190-1 2007-09-18
Mandriva MDKSA-2007:138 2007-07-03
Red Hat RHSA-2007:0494-01 2007-06-13

Comments (1 posted)

kdelibs: kate backup file permission leak

Package(s):kdelibs kate kwrite CVE #(s):CAN-2005-1920
Created:July 19, 2005 Updated:September 21, 2010
Description: Kate / Kwrite, as shipped with KDE 3.2.x up to including 3.4.0, creates a file backup before saving a modified file. These backup files are created with default permissions, even if the original file had more strict permissions set. See this advisory for more information.
Alerts:
Gentoo 200611-21 2006-11-27
Debian DSA-804-2 2005-11-10
Debian DSA-804-1 2005-09-08
Red Hat RHSA-2005:612-01 2005-07-27
Ubuntu USN-150-1 2005-07-21
Mandriva MDKSA-2005:122 2005-07-20
Fedora FEDORA-2005-594 2005-07-19

Comments (1 posted)

kernel: denial of service

Package(s):kernel CVE #(s):CVE-2007-1357
Created:April 16, 2007 Updated:November 14, 2007
Description: The atalk_sum_skb function in AppleTalk for Linux kernel 2.6.x before 2.6.21, and possibly 2.4.x, allows remote attackers to cause a denial of service (crash) via an AppleTalk frame that is shorter than the specified length, which triggers a BUG_ON call when an attempt is made to perform a checksum.
Alerts:
SuSE SUSE-SA:2007:035 2007-06-14
Ubuntu USN-464-1 2007-05-23
SuSE SUSE-SA:2007:030 2007-05-10
SuSE SUSE-SA:2007:029 2007-05-03
rPath rPSA-2007-0071-1 2007-04-16
Fedora FEDORA-2007-432 2007-04-13
Fedora FEDORA-2007-433 2007-04-13

Comments (none posted)

kernel: denial of service

Package(s):kernel CVE #(s):CVE-2006-4623
Created:October 18, 2006 Updated:November 14, 2007
Description: The kernel DVB layer can be caused to crash with maliciously-formatted unidirectional lightweight encapsulation (ULE) data.
Alerts:
Ubuntu USN-489-1 2007-07-19
rPath rPSA-2006-0194-1 2006-10-17

Comments (none posted)

kernel: denial of service

Package(s):kernel CVE #(s):CVE-2007-3642
Created:July 23, 2007 Updated:November 14, 2007
Description: The decode_choice function in net/netfilter/bf_conntrack_h323_asn1.c in the Linux kernel before 2.6.22 allows remote attackers to cause a denial of service (crash) via an encoded, out-of-range index value for a choice field, which triggers a NULL pointer dereference.
Alerts:
Ubuntu USN-510-1 2007-08-31
Debian DSA-1356-1 2007-08-15
Fedora FEDORA-2007-655 2007-08-09
Fedora FEDORA-2007-1130 2007-07-20

Comments (none posted)

kernel: multiple vulnerabilities

Package(s):kernel CVE #(s):CVE-2007-0005 CVE-2007-1000
Created:March 15, 2007 Updated:November 14, 2007
Description: The Linux kernel has a boundary error problem with the Omnikey CardMan 4040 driver read and write functions. This can be used to cause a buffer overflow and possible execution or arbitrary code with kernel privileges.

The ipv6_getsockopt_sticky function in net/ipv6/ipv6_sockglue.c is vulnerable to a NULL pointer dereference. Local users can use this to crash the kernel or to disclose kernel memory.

Alerts:
Fedora FEDORA-2007-599 2007-06-21
Ubuntu USN-489-1 2007-07-19
Ubuntu USN-486-1 2007-07-17
Debian DSA-1286-1 2007-05-02
Red Hat RHSA-2007:0169-01 2007-04-30
Mandriva MDKSA-2007:078 2007-04-04
Fedora FEDORA-2007-336 2007-03-14
Fedora FEDORA-2007-335 2007-03-14

Comments (none posted)

kernel: denial of service

Package(s):kernel CVE #(s):CVE-2006-0007 CVE-2007-0006
Created:February 15, 2007 Updated:November 14, 2007
Description: Linux kernel versions from 2.6.9 to 2.6.20 have a denial of service vulnerability. A remote attacker can cause the key_alloc_serial function's key serial number collision avoidance code to have a null dereference, resulting in a crash.
Alerts:
Fedora FEDORA-2007-599 2007-06-21
Red Hat RHSA-2007:0099-02 2007-03-14
rPath rPSA-2007-0050-1 2007-03-06
Red Hat RHSA-2007:0085-01 2007-02-27
Mandriva MDKSA-2007:047 2007-02-21
Fedora FEDORA-2007-226 2007-02-13
Fedora FEDORA-2007-225 2007-02-13

Comments (1 posted)

kernel: denial of service

Package(s):kernel CVE #(s):CVE-2006-4535 CVE-2006-4538
Created:September 18, 2006 Updated:January 5, 2009
Description: Sridhar Samudrala discovered a local denial of service vulnerability in the handling of SCTP sockets. By opening such a socket with a special SO_LINGER value, a local attacker could exploit this to crash the kernel. (CVE-2006-4535)

Kirill Korotaev discovered that the ELF loader on the ia64 and sparc platforms did not sufficiently verify the memory layout. By attempting to execute a specially crafted executable, a local user could exploit this to crash the kernel. (CVE-2006-4538)

Alerts:
Red Hat RHSA-2008:0787-01 2009-01-05
Red Hat RHSA-2007:1049-01 2007-12-03
Mandriva MDKSA-2006:182 2006-10-11
Red Hat RHSA-2006:0689-01 2006-10-05
Debian DSA-1184-2 2006-09-26
Debian DSA-1184-1 2006-09-25
Debian DSA-1183-1 2006-09-25
Ubuntu USN-347-1 2006-09-18

Comments (none posted)

kernel: denial of service

Package(s):kernel CVE #(s):CVE-2007-1861 CVE-2007-2242
Created:May 1, 2007 Updated:February 8, 2008
Description: The netlink protocol has an infinite recursion bug that allows users to cause a kernel crash. Also the IPv6 protocol allows remote attackers to cause a denial of service via crafted IPv6 type 0 route headers (IPV6_RTHDR_TYPE_0) that create network amplification between two routers.
Alerts:
SuSE SUSE-SA:2008:006 2008-02-07
Ubuntu USN-508-1 2007-08-31
Mandriva MDKSA-2007:171 2007-08-28
Ubuntu USN-489-1 2007-07-19
Ubuntu USN-486-1 2007-07-17
SuSE SUSE-SA:2007:051 2007-09-06
Mandriva MDKSA-2007:216 2007-11-13
Red Hat RHSA-2007:0347-01 2007-05-16
Debian DSA-1289-1 2007-05-13
Foresight FLEA-2007-0016-1 2007-05-08
rPath rPSA-2007-0084-1 2007-05-01
Fedora FEDORA-2007-483 2007-05-01
Fedora FEDORA-2007-482 2007-05-01

Comments (none posted)

kernel: denial of service by memory consumption

Package(s):kernel CVE #(s):CVE-2006-2936
Created:July 17, 2006 Updated:November 14, 2007
Description: The ftdi_sio driver (usb/serial/ftdi_sio.c) in Linux kernel 2.6.x up to 2.6.17, and possibly later versions, allows local users to cause a denial of service (memory consumption) by writing more data to the serial port than the driver can handle, which causes the data to be queued.
Alerts:
SuSE SUSE-SA:2007:035 2007-06-14
Mandriva MDKSA-2006:151 2006-08-25
Mandriva MDKSA-2006:150 2006-08-25
Ubuntu USN-331-1 2006-08-03
rPath rPSA-2006-0130-1 2006-07-17

Comments (none posted)

kernel: denial of service

Package(s):kernel CVE #(s):CVE-2007-0772
Created:February 23, 2007 Updated:November 14, 2007
Description: The Linux kernel before 2.6.20.1 allows remote attackers to cause a denial of service (oops) via a crafted NFSACL 2 ACCESS request that triggers a free of an incorrect pointer.
Alerts:
Fedora FEDORA-2007-599 2007-06-21
Ubuntu USN-451-1 2007-04-10
SuSE SUSE-SA:2007:021 2007-03-16
Mandriva MDKSA-2007:060 2006-03-09
Fedora FEDORA-2007-291 2007-03-02
Fedora FEDORA-2007-277 2007-03-02
SuSE SUSE-SA:2007:018 2007-02-27
rPath rPSA-2007-0036-1 2007-02-23

Comments (none posted)

kernel: several vulnerabilities

Package(s):kernel CVE #(s):CVE-2007-1353 CVE-2007-2451 CVE-2007-2453
Created:June 11, 2007 Updated:March 6, 2008
Description: Ilja van Sprundel discovered that Bluetooth setsockopt calls could leak kernel memory contents via an uninitialized stack buffer. A local attacker could exploit this flaw to view sensitive kernel information. (CVE-2007-1353)

The GEODE-AES driver did not correctly initialize its encryption key. Any data encrypted using this type of device would be easily compromised. (CVE-2007-2451)

The random number generator was hashing a subset of the available entropy, leading to slightly less random numbers. Additionally, systems without an entropy source would be seeded with the same inputs at boot time, leading to a repeatable series of random numbers. (CVE-2007-2453)

Alerts:
Debian DSA-1504 2008-02-22
Debian DSA-1503-2 2008-03-06
Debian DSA-1503 2008-02-22
Red Hat RHSA-2007:0488-01 2007-06-25
Debian DSA-1356-1 2007-08-15
SuSE SUSE-SA:2007:051 2007-09-06
Mandriva MDKSA-2007:216 2007-11-13
Mandriva MDKSA-2007:171 2007-08-28
Red Hat RHSA-2007:0671-01 2007-08-16
Red Hat RHSA-2007:0673-01 2007-08-08
Red Hat RHSA-2007:0672-01 2007-08-08
Ubuntu USN-489-1 2007-07-19
Ubuntu USN-486-1 2007-07-17
Fedora FEDORA-2007-600 2007-06-25
Fedora FEDORA-2007-599 2007-06-21
SuSE SUSE-SA:2007:035 2007-06-14
Red Hat RHSA-2007:0376-01 2007-06-14
Fedora FEDORA-2007-0409 2007-06-13
Ubuntu USN-470-1 2007-06-08

Comments (none posted)

kernel: signal handling flaw on PPC

Package(s):kernel CVE #(s):CVE-2007-3107
Created:July 10, 2007 Updated:February 4, 2008
Description: A flaw in the signal handling on PowerPC-based systems that allowed a local user to cause a denial of service (floating point corruption).
Alerts:
Ubuntu USN-574-1 2008-02-04
SuSE SUSE-SA:2007:053 2007-10-12
SuSE SUSE-SA:2007:051 2007-09-06
Red Hat RHSA-2007:0595-01 2007-07-10

Comments (none posted)

kernel: several vulnerabilities

Package(s):kernel CVE #(s):CVE-2006-5823 CVE-2006-6054 CVE-2007-1592
Created:June 12, 2007 Updated:March 21, 2011
Description: A flaw in the cramfs file system allows invalid compressed data to cause memory corruption (CVE-2006-5823)

A flaw in the ext2 file system allows an invalid inode size to cause a denial of service (system hang) (CVE-2006-6054)

A flaw in IPV6 flow label handling allows a local user to cause a denial of service (crash) (CVE-2007-1592)

Alerts:
Mandriva MDVSA-2011:051 2011-03-18
Debian DSA-1503-2 2008-03-06
Debian DSA-1504 2008-02-22
Debian DSA-1503 2008-02-22
Red Hat RHSA-2007:0673-01 2007-08-08
Red Hat RHSA-2007:0672-01 2007-08-08
SuSE SUSE-SA:2007:035 2007-06-14
Red Hat RHSA-2007:0347-01 2007-05-16
SuSE SUSE-SA:2007:043 2007-07-09
Debian DSA-1304-1 2007-06-16
rPath rPSA-2007-0124-1 2007-06-14
Red Hat RHSA-2007:0436-01 2007-06-11

Comments (none posted)

kernel: denial of service

Package(s):kernel CVE #(s):CVE-2006-5757
Created:November 13, 2006 Updated:November 14, 2007
Description: From the MOKB-05-11-2006 advisory: "The ISO9660 filesystem handling code of the Linux 2.6.x kernel fails to properly handle corrupted data structures, leading to an exploitable denial of service condition. This particular vulnerability seems to be caused by a race condition and a signedness issue. When performing a read operation on a corrupted ISO9660 fs stream, the isofs_get_blocks() function will enter an infinite loop when __find_get_block_slow() callback from sb_getblk() fails ("due to various races between file io on the block device and getblk")."
Alerts:
Fedora FEDORA-2007-599 2007-06-21
Fedora FEDORA-2006-1223 2006-11-12
Fedora FEDORA-2006-1221 2006-11-10

Comments (none posted)

kernel: denial of service

Package(s):kernel CVE #(s):CVE-2006-2935 CVE-2006-4145 CVE-2006-3745
Created:September 1, 2006 Updated:July 30, 2008
Description: Previous versions of the kernel package are subject to several vulnerabilities. Certain malformed UDF filesystems can cause the system to crash (denial of service). Malformed CDROM firmware or USB storage devices (such as USB keys) could cause system crash (denial of service), and if they were intentionally malformed, can cause arbitrary code to run with elevated privileges. In addition, the SCTP protocol is subject to a remote system crash (denial of service) attack.
Alerts:
Red Hat RHSA-2008:0665-01 2008-07-24
SuSE SUSE-SA:2007:053 2007-10-12
SuSE SUSE-SA:2006:064 2006-11-10
Red Hat RHSA-2006:0710-01 2006-10-19
SuSE SUSE-SA:2006:057 2006-09-28
Trustix TSLSA-2006-0051 2006-09-15
Ubuntu USN-346-2 2006-09-14
Ubuntu USN-346-1 2006-09-14
rPath rPSA-2006-0162-1 2006-08-31

Comments (none posted)

kernel: multiple vulnerabilities

Package(s):kernel CVE #(s):CVE-2006-5749 CVE-2006-4814 CVE-2006-6106
Created:January 5, 2007 Updated:January 8, 2009
Description: A security issue has been reported in Linux kernel due to an error in drivers/isdn/i4l/isdn_ppp.c as the "isdn_ppp_ccp_reset_alloc_state()" function never initializes an event timer before scheduling it with the "add_timer()" function.

The mincore function in the kernel does not properly lock access to user space, which has unspecified impact and attack vectors, possibly related to a deadlock.

Another vulnerability has been reported in Linux kernel caused by a boundary error within the handling of incoming CAPI messages in net/bluetooth/cmtp/capi.c. This can be exploited to overwrite certain Kernel data structures.

Alerts:
Red Hat RHSA-2008:0787-01 2009-01-05
Red Hat RHSA-2009:0001-01 2009-01-08
CentOS CESA-2008:0211 2008-05-07
Red Hat RHSA-2008:0211-01 2008-05-07
Debian DSA-1503 2008-02-22
Debian DSA-1503-2 2008-03-06
SuSE SUSE-SA:2007:035 2007-06-14
SuSE SUSE-SA:2007:053 2007-10-12
Ubuntu USN-416-2 2007-03-01
Ubuntu USN-416-1 2007-02-01
rPath rPSA-2007-0031-1 2007-02-09
Mandriva MDKSA-2007:040 2007-02-07
Red Hat RHSA-2007:0014-01 2007-01-30
Mandriva MDKSA-2007:025 2007-01-23
Fedora FEDORA-2007-058 2007-01-18
Mandriva MDKSA-2007:012 2006-01-12
Trustix TSLSA-2007-0002 2007-01-05

Comments (none posted)

krb5: multiple vulnerabilities

Package(s):krb5 CVE #(s):CVE-2007-2442 CVE-2007-2443 CVE-2007-2798
Created:June 27, 2007 Updated:March 24, 2008
Description: David Coffey discovered an uninitialized pointer free flaw in the RPC library used by kadmind. A remote unauthenticated attacker who could access kadmind could trigger the flaw causing kadmind to crash or possibly execute arbitrary code (CVE-2007-2442).

David Coffey also discovered an overflow flaw in the same RPC library. A remote unauthenticated attacker who could access kadmind could trigger the flaw causing kadmind to crash or possibly execute arbitrary code (CVE-2007-2443).

Finally, a stack buffer overflow vulnerability was found in kadmind that allowed an unauthenticated user able to access kadmind the ability to trigger the vulnerability and possibly execute arbitrary code (CVE-2007-2798).

Alerts:
Gentoo 200707-11 2007-07-25
SuSE SUSE-SA:2007:038 2007-07-03
Trustix TSLSA-2007-0021 2007-06-29
Fedora FEDORA-2007-0740 2007-06-27
Debian DSA-1323-1 2007-06-28
rPath rPSA-2007-0135-1 2007-06-27
Foresight FLEA-2007-0029-1 2007-06-27
Fedora FEDORA-2007-621 2007-06-28
Fedora FEDORA-2007-620 2007-06-28
Ubuntu USN-477-1 2007-06-26
Red Hat RHSA-2007:0562-01 2007-06-26
Red Hat RHSA-2007:0384-01 2007-06-26
Mandriva MDKSA-2007:137 2007-06-26

Comments (none posted)

krb5: uninitialized pointers

Package(s):krb5 CVE #(s):CVE-2006-6143 CVE-2006-3084
Created:January 10, 2007 Updated:July 7, 2010
Description: The kdamind daemon can, in some situations, perform operations on uninitialized pointers. This bug could conceivably open up the system to a code execution attack by an unauthenticated remote attacker, but it appears to be difficult to exploit. See this advisory for details.
Alerts:
Mandriva MDVSA-2010:129 2010-07-07
Gentoo 200701-21 2007-01-24
Ubuntu USN-408-1 2007-01-15
rPath rPSA-2007-0006-1 2007-01-11
Mandriva MDKSA-2007:008 2006-01-10
SuSE SUSE-SA:2007:004 2007-01-10
OpenPKG OpenPKG-SA-2007.006 2007-01-10
Fedora FEDORA-2007-033 2007-01-09
Fedora FEDORA-2007-034 2007-01-09

Comments (1 posted)

krb5: local privilege escalation

Package(s):krb5 CVE #(s):CVE-2006-3083
Created:August 9, 2006 Updated:July 7, 2010
Description: Some kerberos applications fail to check the results of setuid() calls, with the result that, if that call fails, they could continue to execute as root after thinking they had switched to a nonprivileged user. A local attacker who can cause these calls to fail (through resource exhaustion, presumably) could exploit this bug to gain root privileges.
Alerts:
Mandriva MDVSA-2010:129 2010-07-07
SuSE SUSE-SR:2006:022 2006-09-08
Gentoo 200608-21 2006-08-23
Ubuntu USN-334-1 2006-08-16
Fedora FEDORA-2006-905 2006-08-09
Mandriva MDKSA-2006:139 2006-09-09
Gentoo 200608-15 2006-08-10
rPath rPSA-2006-0150-1 2006-08-09
Red Hat RHSA-2006:0612-01 2006-08-08
Debian DSA-1146-1 2006-08-09

Comments (none posted)

krb5: multiple vulnerabilities

Package(s):krb5 CVE #(s):CVE-2007-0956 CVE-2007-0957 CVE-2007-1216
Created:April 3, 2007 Updated:March 24, 2008
Description: A flaw was found in the username handling of the MIT krb5 telnet daemon (telnetd). A remote attacker who can access the telnet port of a target machine could log in as root without requiring a password. MIT krb5 Security Advisory 2007-001

Buffer overflows were found which affect the Kerberos KDC and the kadmin server daemon. A remote attacker who can access the KDC could exploit this bug to run arbitrary code with the privileges of the KDC or kadmin server processes. MIT krb5 Security Advisory 2007-002

A double-free flaw was found in the GSSAPI library used by the kadmin server daemon. MIT krb5 Security Advisory 2007-003

Alerts:
Mandriva MDKSA-2007:077-1 2007-04-10
Foresight FLEA-2007-0008-1 2007-04-05
SuSE SUSE-SA:2007:025 2007-04-05
Mandriva MDKSA-2007:077 2006-04-04
rPath rPSA-2007-0063-1 2007-04-04
Ubuntu USN-449-1 2007-04-04
Gentoo 200704-02 2007-04-03
Fedora FEDORA-2007-409 2007-04-03
Fedora FEDORA-2007-408 2007-04-03
Debian DSA-1276-1 2007-04-03
Red Hat RHSA-2007:0095-01 2007-04-03

Comments (none posted)

ktorrent: incorrect validation

Package(s):ktorrent CVE #(s):CVE-2007-1384 CVE-2007-1385 CVE-2007-1799
Created:March 13, 2007 Updated:October 24, 2007
Description: Bryan Burns of Juniper Networks discovered that KTorrent did not correctly validate the destination file paths nor the HAVE statements sent by torrent peers. A malicious remote peer could send specially crafted messages to overwrite files or execute arbitrary code with user privileges.
Alerts:
Debian DSA-1373-2 2007-10-23
Debian DSA-1373-1 2007-09-11
Ubuntu USN-436-2 2007-05-18
Mandriva MDKSA-2007:095 2007-05-01
Gentoo 200705-01 2007-05-01
Slackware SSA:2007-093-02 2007-04-04
Ubuntu USN-436-1 2007-03-12

Comments (1 posted)

lftp: shell command execution

Package(s):lftp CVE #(s):CVE-2007-2348
Created:May 4, 2007 Updated:September 16, 2009
Description: mirror --script in lftp before 3.5.9 does not properly quote shell metacharacters, which might allow remote user-assisted attackers to execute shell commands via a malicious script. NOTE: it is not clear whether this issue crosses security boundaries, since the script already supports commands such as "get" which could overwrite executable files.
Alerts:
CentOS CESA-2009:1278 2009-09-15
Red Hat RHSA-2009:1278-02 2009-09-02
rPath rPSA-2007-0085-1 2007-05-03

Comments (none posted)

libarchive: pax extension header vulnerabilities

Package(s):libarchive CVE #(s):CVE-2007-3641 CVE-2007-3644 CVE-2007-3645
Created:August 9, 2007 Updated:February 27, 2008
Description: libarchive, a library for manipulating different streaming archive formats, has a number of pax extension header vulnerabilities. These may be used to cause a denial of service or for the execution of arbitrary code.
Alerts:
SuSE SUSE-SR:2007:015 2007-08-03
Debian DSA-1455-1 2008-01-08
Gentoo 200708-03 2007-08-08

Comments (none posted)

libexif: integer overflow

Package(s):libexif CVE #(s):CVE-2007-2645
Created:June 1, 2007 Updated:February 11, 2008
Description: Integer overflow in the exif_data_load_data_entry function in exif-data.c in libexif before 0.6.14 allows user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted EXIF data, involving the (1) doff or (2) s variable.
Alerts:
Debian DSA-1487-1 2008-02-08
Slackware SSA:2007-164-01 2007-06-14
Fedora FEDORA-2007-0414 2007-06-13
Fedora FEDORA-2007-548 2007-06-11
Ubuntu USN-471-1 2007-06-11
Mandriva MDKSA-2007:118 2007-06-08
Gentoo 200706-01 2007-06-05
rPath rPSA-2007-0115-1 2007-06-04
Foresight FLEA-2007-0024-1 2007-06-04
Fedora FEDORA-2007-0001 2007-06-01

Comments (none posted)

libmodplug: boundary errors

Package(s):libmodplug CVE #(s):CVE-2006-4192
Created:December 11, 2006 Updated:May 4, 2011
Description: Luigi Auriemma has reported various boundary errors in load_it.cpp and a boundary error in the "CSoundFile::ReadSample()" function in sndfile.cpp. A remote attacker can entice a user to read crafted modules or ITP files, which may trigger a buffer overflow resulting in the execution of arbitrary code with the privileges of the user running the application.
Alerts:
CentOS CESA-2011:0477 2011-05-04
Red Hat RHSA-2011:0477-01 2011-05-02
Ubuntu USN-521-1 2007-09-27
Mandriva MDKSA-2007:001 2007-01-02
Gentoo 200612-04 2006-12-10

Comments (none posted)

libphp-phpmailer: command execution

Package(s):libphp-phpmailer CVE #(s):CVE-2007-3215
Created:June 20, 2007 Updated:June 25, 2009
Description: libphp-phpmailer does not do sufficient input validation, enabling shell command injection attacks.
Alerts:
Ubuntu USN-791-1 2009-06-24
Debian DSA-1315-1 2007-06-19

Comments (none posted)

libpng: denial of service

Package(s):libpng CVE #(s):CVE-2007-2445
Created:May 17, 2007 Updated:March 23, 2009
Description: Libpng can be crashed when processing malformed PNG files. It may also be possible to exploit this vulnerability to execute arbitrary code.
Alerts:
Debian DSA-1750-1 2009-03-22
Debian DSA-1613-1 2008-07-22
Fedora FEDORA-2008-3979 2008-05-28
Ubuntu USN-472-1 2007-06-11
Mandriva MDKSA-2007:116 2007-06-05
Gentoo 200705-24 2007-05-31
Fedora FEDORA-2007-0001 2007-06-01
Fedora FEDORA-2007-529 2007-05-24
Fedora FEDORA-2007-528 2007-05-24
Red Hat RHSA-2007:0356-01 2007-05-17
OpenPKG OpenPKG-SA-2007.013 2007-05-18
Foresight FLEA-2007-0018-1 2007-05-17
Slackware SSA:2007-136-01 2007-05-17
rPath rPSA-2007-0102-1 2007-05-16
Oracle ELSA-2012-0317 2012-02-21

Comments (none posted)

libpng: buffer overflow

Package(s):libpng CVE #(s):CVE-2006-3334
Created:July 19, 2006 Updated:December 15, 2008
Description: In pngrutil.c, the function png_decompress_chunk() allocates insufficient space for an error message, potentially overwriting stack data, leading to a buffer overflow.
Alerts:
Gentoo 200812-15 2008-12-14
Mandriva MDKSA-2006:213 2006-11-16
rPath rPSA-2006-0133-1 2006-07-19
Gentoo 200607-06 2006-07-19

Comments (none posted)

libpng: heap based buffer overflow

Package(s):libpng CVE #(s):CVE-2006-0481
Created:February 13, 2006 Updated:December 15, 2008
Description: A heap based buffer overflow bug was found in the way libpng strips alpha channels from a PNG image. An attacker could create a carefully crafted PNG image file in such a way that it could cause an application linked with libpng to crash or execute arbitrary code when the file is opened by a victim.
Alerts:
Gentoo 200812-15 2008-12-14
Red Hat RHSA-2006:0205-01 2006-02-13

Comments (1 posted)

libtiff: buffer overflow

Package(s):libtiff CVE #(s):CVE-2006-2193
Created:June 15, 2006 Updated:September 1, 2008
Description: The t2p_write_pdf_string function in libtiff 3.8.2 and earlier is vulnerable to a buffer overflow. Attackers can use a TIFF file with UTF-8 characters in the DocumentName tag to overflow a buffer, causing a denial of service, and possibly the execution of arbitrary code.
Alerts:
CentOS CESA-2008:0848 2008-08-30
Red Hat RHSA-2008:0848-01 2008-08-28
Fedora FEDORA-2006-952 2006-09-05
SuSE SUSE-SA:2006:044 2006-08-01
Gentoo 200607-03 2006-07-09
SuSE SUSE-SR:2006:014 2006-06-20
Trustix TSLSA-2006-0036 2006-06-16
Mandriva MDKSA-2006:102 2006-06-14

Comments (none posted)

libvorbis: multiple memory corruption flaws

Package(s):libvorbis CVE #(s):CVE-2007-3106 CVE-2007-4029
Created:July 27, 2007 Updated:January 22, 2008
Description: This iSEC Partners security advisory has details on multiple memory corruption flaws in libvorbis.
Alerts:
Debian DSA-1471-1 2008-01-21
Gentoo 200710-03 2007-10-07
Red Hat RHSA-2007:0845-02 2007-09-19
Fedora FEDORA-2007-677 2007-08-30
Fedora FEDORA-2007-1765 2007-08-23
Mandriva MDKSA-2007:167-1 2007-08-20
Mandriva MDKSA-2007:167 2007-08-18
Ubuntu USN-498-1 2007-08-16
Foresight FLEA-2007-0035-1 2007-07-27
rPath rPSA-2007-0150-1 2007-07-27

Comments (none posted)

libxml2 - arbitrary code execution

Package(s):libxml2 CVE #(s):CAN-2004-0110
Created:February 26, 2004 Updated:August 19, 2009
Description: Yuuichi Teranishi discovered a flaw in libxml2 versions prior to 2.6.6. When fetching a remote resource via FTP or HTTP, libxml2 uses special parsing routines. These routines can overflow a buffer if passed a very long URL. If an attacker is able to find an application using libxml2 that parses remote resources and allows them to influence the URL, then this flaw could be used to execute arbitrary code.
Alerts:
Fedora FEDORA-2009-8594 2009-08-15
Fedora FEDORA-2009-8582 2009-08-15
Fedora-Legacy FLSA:1324 2004-07-19
Conectiva CLA-2004:836 2004-03-31
Gentoo 200403-01 2004-03-06
Trustix TSLSA-2004-0010 2004-03-05
OpenPKG OpenPKG-SA-2004.003 2004-03-05
Netwosix NW-2004-0004 2004-03-04
Debian DSA-455-1 2004-03-03
Mandrake MDKSA-2004:018 2004-03-03
Red Hat RHSA-2004:091-02 2004-03-03
Whitebox WBSA-2004:090-01 2004-03-01
Red Hat RHSA-2004:090-01 2004-02-26
Fedora FEDORA-2004-087 2004-02-25
Red Hat RHSA-2004:091-01 2004-02-26

Comments (none posted)

libxml2: multiple buffer overflows

Package(s):libxml2 CVE #(s):CAN-2004-0989
Created:October 28, 2004 Updated:August 19, 2009
Description: libxml2 prior to version 2.6.14 has multiple buffer overflow vulnerabilities, if a local user passes a specially crafted FTP URL, arbitrary code may be executed.
Alerts:
Fedora FEDORA-2009-8594 2009-08-15
Fedora FEDORA-2009-8582 2009-08-15
Ubuntu USN-89-1 2005-02-28
Red Hat RHSA-2004:650-01 2004-12-16
Conectiva CLA-2004:890 2004-11-18
Red Hat RHSA-2004:615-01 2004-11-12
Mandrake MDKSA-2004:127 2004-11-04
Debian DSA-582-1 2004-11-02
Gentoo 200411-05 2004-11-02
Trustix TSLSA-2004-0055 2004-10-29
OpenPKG OpenPKG-SA-2004.050 2004-10-31
Ubuntu USN-10-1 2004-10-28
Fedora FEDORA-2004-353 2004-10-28

Comments (none posted)

lighttpd: denial of service

Package(s):lighttpd CVE #(s):CVE-2007-3946 CVE-2007-3947 CVE-2007-3948 CVE-2007-3949 CVE-2007-3950
Created:July 19, 2007 Updated:July 15, 2008
Description: The lighttpd web server has multiple vulnerabilities involving a remote access-control setting circumvention that is performed by the sending of malformed requests. This can be used to crash the server and cause a denial of service.
Alerts:
Debian DSA-1609-1 2008-07-15
SuSE SUSE-SR:2007:015 2007-08-03
Debian DSA-1362 2007-08-29
Gentoo 200708-11 2007-08-16
Fedora FEDORA-2007-1299 2007-07-26
Foresight FLEA-2007-0034-1 2007-07-26
rPath rPSA-2007-0145-1 2007-07-19

Comments (none posted)

lookup-el: insecure temporary file

Package(s):lookup-el CVE #(s):CVE-2007-0237
Created:March 19, 2007 Updated:December 10, 2007
Description: Tatsuya Kinoshita discovered that Lookup, a search interface to electronic dictionaries on emacsen, creates a temporary file in an insecure fashion when the ndeb-binary feature is used, which allows a local attacker to craft a symlink attack to overwrite arbitrary files.
Alerts:
Gentoo 200712-07 2007-12-09
Debian DSA-1269-1 2007-03-18

Comments (none posted)

lynx: arbitrary command execution

Package(s):lynx CVE #(s):CVE-2005-2929
Created:November 14, 2005 Updated:September 14, 2009
Description: An arbitrary command execute bug was found in the lynx "lynxcgi:" URI handler. An attacker could create a web page redirecting to a malicious URL which could execute arbitrary code as the user running lynx.
Alerts:
Gentoo 200909-15 2009-09-12
Fedora-Legacy FLSA:152832 2005-12-17
OpenPKG OpenPKG-SA-2005.026 2005-12-03
Fedora FEDORA-2005-1079 2005-11-14
Fedora FEDORA-2005-1078 2005-11-14
Gentoo 200511-09 2005-11-13
Mandriva MDKSA-2005:211 2005-11-12
Red Hat RHSA-2005:839-01 2005-11-11

Comments (none posted)

mod_jk: proxy bypass

Package(s):mod_jk CVE #(s):CVE-2007-1860
Created:May 30, 2007 Updated:March 7, 2008
Description: From the Red Hat advisory: "Versions of mod_jk before 1.2.23 decoded request URLs by default inside Apache httpd and forwarded the encoded URL to Tomcat, which itself did a second decoding. If Tomcat was used behind mod_jk and configured to only proxy some contexts, an attacker could construct a carefully crafted HTTP request to work around the context restriction and potentially access non-proxied content."
Alerts:
SuSE SUSE-SR:2008:005 2008-03-06
Gentoo 200708-15 2007-08-19
Debian DSA-1312-1 2007-06-18
Red Hat RHSA-2007:0380-01 2007-05-30
Red Hat RHSA-2007:0379-01 2007-05-30

Comments (none posted)

moin: arbitrary JavaScript execution

Package(s):moin CVE #(s):CVE-2007-2423
Created:May 8, 2007 Updated:March 10, 2008
Description: A flaw was discovered in MoinMoin's error reporting when using the AttachFile action. By tricking a user into viewing a crafted MoinMoin URL, an attacker could execute arbitrary JavaScript as the current MoinMoin user, possibly exposing the user's authentication information for the domain where MoinMoin was hosted.
Alerts:
Debian DSA-1514-1 2008-03-09
Ubuntu USN-458-1 2007-05-07

Comments (none posted)

moodle: cross-site scripting

Package(s):moodle CVE #(s):CVE-2007-3555
Created:August 7, 2007 Updated:December 22, 2008
Description: A cross-site scripting (XSS) vulnerability in index.php in Moodle 1.7.1 allows remote attackers to inject arbitrary web script or HTML via a style expression in the search parameter.
Alerts:
Debian DSA-1691-1 2008-12-22
Fedora FEDORA-2008-0610 2008-01-15
Fedora FEDORA-2007-1445 2007-08-06

Comments (none posted)

mplayer: buffer overflow

Package(s):mplayer CVE #(s):CVE-2007-1246
Created:March 8, 2007 Updated:April 1, 2008
Description: MPlayer versions up to 1.0rc1 have a buffer overflow in the loader/dmo/DMO_VideoDecoder.c DMO_VideoDecoder_Open function. user-assisted remote attackers can use this to create a buffer overflow and possibly execute arbitrary code.
Alerts:
Debian DSA-1536-1 2008-03-31
Gentoo 200705-21 2007-05-30
Foresight FLEA-2007-0013-1 2007-04-23
Slackware SSA:2007-109-02 2007-04-20
Gentoo 200704-09 2007-04-14
Ubuntu USN-433-1 2007-03-09
Mandriva MDKSA-2007:057 2007-03-08
Mandriva MDKSA-2007:055 2007-03-08

Comments (none posted)

mydns: buffer overflows

Package(s):mydns CVE #(s):CVE-2007-2362
Created:May 23, 2007 Updated:December 17, 2007
Description: Multiple buffer overflows in MyDNS allow remote attackers to cause a denial of service (daemon crash) and possibly execution of arbitrary code.
Alerts:
Debian DSA-1434-1 2007-12-16
Debian-Testing DTSA-36-1 2007-05-22

Comments (none posted)

mysql: denial of service

Package(s):mysql CVE #(s):CVE-2007-1420
Created:March 22, 2007 Updated:May 21, 2008
Description: MySQL subselect queries using "ORDER BY" can be used by an attacker with access to a MySQL instance in order to create an intermittent denial of service.
Alerts:
Red Hat RHSA-2008:0364-01 2008-05-21
Mandriva MDKSA-2007:139 2007-07-04
rPath rPSA-2007-0107-1 2007-05-23
Gentoo 200705-11 2007-05-08
Ubuntu USN-440-1 2007-03-21

Comments (none posted)

mysql: format string bug

Package(s):mysql CVE #(s):CVE-2006-3469
Created:July 21, 2006 Updated:July 30, 2008
Description: Jean-David Maillefer discovered a format string bug in the date_format() function's error reporting. By calling the function with invalid arguments, an authenticated user could exploit this to crash the server.
Alerts:
Red Hat RHSA-2008:0768-01 2008-07-24
Slackware SSA:2006-211-01 2006-07-31
Ubuntu USN-321-1 2006-07-21

Comments (none posted)

MySQL: privilege violations

Package(s):mysql CVE #(s):CVE-2006-4031 CVE-2006-4226
Created:August 25, 2006 Updated:July 30, 2008
Description: MySQL 4.1 before 4.1.21 and 5.0 before 5.0.24 allows a local user to access a table through a previously created MERGE table, even after the user's privileges are revoked for the original table, which might violate intended security policy (CVE-2006-4031).

MySQL 4.1 before 4.1.21, 5.0 before 5.0.25, and 5.1 before 5.1.12, when run on case-sensitive filesystems, allows remote authenticated users to create or access a database when the database name differs only in case from a database for which they have permissions (CVE-2006-4226).

Alerts:
Red Hat RHSA-2008:0768-01 2008-07-24
Red Hat RHSA-2008:0364-01 2008-05-21
Red Hat RHSA-2007:0152-01 2007-04-03
Red Hat RHSA-2007:0083-01 2007-02-19
Fedora FEDORA-2006-1298 2006-11-27
Fedora FEDORA-2006-1297 2006-11-27
Ubuntu USN-338-1 2006-09-05
Mandriva MDKSA-2006:149 2006-08-24

Comments (none posted)

mysql: multiple vulnerabilities

Package(s):mysql CVE #(s):CVE-2007-3780
Created:July 17, 2007 Updated:November 27, 2007
Description: MySQL Community Server before v5.0.45 has multiple vulnerabilities. See the MySQL Community Server 5.0.45 release announcement for details.
Alerts:
Debian DSA-1413-1 2007-11-26
Ubuntu USN-528-1 2007-10-11
Red Hat RHSA-2007:0894-01 2007-09-10
Mandriva MDKSA-2007:177 2007-09-06
Red Hat RHSA-2007:0875-01 2007-08-30
Gentoo 200708-10 2007-08-16
rPath rPSA-2007-0143-1 2007-07-17

Comments (none posted)

MySQL: logging bypass

Package(s):mysql CVE #(s):CVE-2006-0903
Created:April 4, 2006 Updated:May 21, 2008
Description: MySQL 5.0.18 and earlier allows local users to bypass logging mechanisms via SQL queries that contain the NULL character, which are not properly handled by the mysql_real_query function. NOTE: this issue was originally reported for the mysql_query function, but the vendor states that since mysql_query expects a null character, this is not an issue for mysql_query.
Alerts:
Red Hat RHSA-2008:0364-01 2008-05-21
Ubuntu USN-274-2 2006-05-15
Ubuntu USN-274-1 2006-04-27
Mandriva MDKSA-2006:064 2006-04-03

Comments (2 posted)

nbd: arbitrary code execution

Package(s):nbd CVE #(s):CVE-2005-3534
Created:January 6, 2006 Updated:March 7, 2011
Description: Kurt Fitzner discovered that the NBD (network block device) server did not correctly verify the maximum size of request packets. By sending specially crafted large request packets, a remote attacker who is allowed to access the server could exploit this to execute arbitrary code with root privileges.
Alerts:
SuSE SUSE-SR:2006:001 2006-01-13
Ubuntu USN-237-1 2006-01-06

Comments (none posted)

ncompress: buffer underflow

Package(s):ncompress CVE #(s):CVE-2006-1168
Created:August 10, 2006 Updated:February 21, 2012
Description: The ncompress compression utility has a missing boundary check. A local user can use a maliciously created file to cause a a .bss buffer underflow.
Alerts:
Gentoo 200610-03 2006-10-06
Red Hat RHSA-2006:0663-01 2006-09-12
Mandriva MDKSA-2006:140 2006-08-09
Debian DSA-1149-1 2006-08-10
Red Hat RHSA-2012:0308-03 2012-02-21
Scientific Linux SL-busy-20120321 2012-03-21
Red Hat RHSA-2012:0810-04 2012-06-20
Scientific Linux SL-busy-20120709 2012-07-09
Mageia MGASA-2012-0171 2012-07-19
Mandriva MDVSA-2012:129 2012-08-10
Mandriva MDVSA-2012:129-1 2012-08-10

Comments (none posted)

nginx: cross site scripting

Package(s):nginx CVE #(s):
Created:July 20, 2007 Updated:September 14, 2009
Description: Nginx [engine x] is an HTTP(S) server, HTTP(S) reverse proxy and IMAP/POP3 proxy server written by Igor Sysoev. The "msie_refresh" directive could allow cross site scripting.
Alerts:
Fedora FEDORA-2007-1158 2007-07-19

Comments (none posted)

OpenOffice.org: arbitrary code execution

Package(s):openoffice.org CVE #(s):CVE-2007-0245
Created:June 13, 2007 Updated:June 12, 2008
Description: A specially crafted RTF file could cause the filter to overwrite data on the heap, which may lead to the execution of arbitrary code.
Alerts:
Fedora FEDORA-2008-5239 2008-06-11
Fedora FEDORA-2008-4104 2008-05-17
rPath rPSA-2007-0160-1 2007-08-14
Ubuntu USN-482-1 2007-07-10
Mandriva MDKSA-2007:144 2007-07-10
Gentoo 200707-02 2007-07-02
SuSE SUSE-SA:2007:037 2007-06-28
Fedora FEDORA-2007-606 2007-06-25
Fedora FEDORA-2007-0410 2007-06-13
Fedora FEDORA-2007-572 2007-06-12
Red Hat RHSA-2007:0406-01 2007-06-13
Debian DSA-1307-1 2007-06-12

Comments (none posted)

OpenSSH: denial of service

Package(s):openssh CVE #(s):CVE-2006-4925 CVE-2006-5052
Created:October 6, 2006 Updated:November 15, 2007
Description: packet.c in ssh in OpenSSH allows remote attackers to cause a denial of service (crash) by sending an invalid protocol sequence with USERAUTH_SUCCESS before NEWKEYS, which causes newkeys[mode] to be NULL.

An unspecified vulnerability in portable OpenSSH before 4.4, when running on some platforms, allows remote attackers to determine the validity of usernames via unknown vectors involving a GSSAPI "authentication abort."

Alerts:
Red Hat RHSA-2007:0703-02 2007-11-15
Red Hat RHSA-2007:0540-04 2007-11-07
Fedora FEDORA-2007-394 2007-04-03
Gentoo 200611-06 2006-11-13
SuSE SUSE-SA:2006:062 2006-10-20
rPath rPSA-2006-0185-1 2006-10-05

Comments (none posted)

openssh: remote denial of service

Package(s):openssh CVE #(s):CVE-2006-4924 CVE-2006-5051
Created:September 27, 2006 Updated:September 17, 2008
Description: Openssh 4.4 fixes some security issues, including a pre-authentication denial of service, an unsafe signal hander and on portable OpenSSH a GSSAPI authentication abort could be used to determine the validity of usernames on some platforms.
Alerts:
Debian DSA-1638-1 2008-09-16
Debian DSA-1212-1 2006-11-15
Fedora FEDORA-2006-1011 2006-10-03
Debian DSA-1189-1 2006-10-04
Mandriva MDKSA-2006:179 2006-10-03
Ubuntu USN-355-1 2006-10-02
OpenPKG OpenPKG-SA-2006.022 2006-10-01
Slackware SSA:2006-272-02 2006-09-29
Red Hat RHSA-2006:0698-01 2006-09-28
Red Hat RHSA-2006:0697-01 2006-09-28
Gentoo 200609-17:02 2006-09-27
rPath rPSA-2006-0174-1 2006-09-27
Gentoo 200609-17 2006-09-27

Comments (none posted)

openssl: private key attack

Package(s):openssl CVE #(s):CVE-2007-3108
Created:August 7, 2007 Updated:May 13, 2008
Description: OpenSSL could allow a local user in certain circumstances to divulge information about private keys being used.
Alerts:
Debian DSA-1571-1 2008-05-13
Red Hat RHSA-2007:1003-02 2007-11-15
Ubuntu USN-522-1 2007-09-29
rPath rPSA-2007-0199-1 2007-09-25
Fedora FEDORA-2007-661 2007-08-13
Foresight FLEA-2007-0043-1 2007-08-13
rPath rPSA-2007-0155-1 2007-08-10
Fedora FEDORA-2007-1444 2007-08-06

Comments (none posted)

pam: privilege escalation

Package(s):pam CVE #(s):CVE-2007-1716
Created:June 12, 2007 Updated:November 15, 2007
Description: A flaw was found in the way pam_console set console device permissions. It was possible for various console devices to retain ownership of the console user after logging out, possibly leaking information to an unauthorized user.
Alerts:
Red Hat RHSA-2007:0737-02 2007-11-15
Red Hat RHSA-2007:0555-04 2007-11-07
Fedora FEDORA-2007-546 2007-06-11
Red Hat RHSA-2007:0465-01 2007-06-11

Comments (none posted)

perl-Net-DNS: predictable id sequence

Package(s):perl-Net-DNS CVE #(s):CVE-2007-3377
Created:June 26, 2007 Updated:March 12, 2008
Description: Net::DNS before 0.60 uses an id sequence that is predictable and the same in all child processes.
Alerts:
Debian DSA-1515-1 2008-03-11
SuSE SUSE-SR:2007:017 2007-08-17
Gentoo 200708-06 2007-08-11
rPath rPSA-2007-0142-1 2007-07-17
Ubuntu USN-483-1 2007-07-11
Mandriva MDKSA-2007:146 2007-07-12
Red Hat RHSA-2007:0675-01 2007-07-12
Red Hat RHSA-2007:0674-01 2007-07-12
Fedora FEDORA-2007-609 2007-07-02
Fedora FEDORA-2007-612 2007-07-02
Fedora FEDORA-2007-0668 2007-06-25

Comments (none posted)

php: multiple vulnerabilities

Package(s):php CVE #(s):CVE-2007-1001 CVE-2007-1285 CVE-2007-1718 CVE-2007-1583
Created:April 16, 2007 Updated:December 4, 2007
Description: A denial of service flaw was found in the way PHP processed a deeply nested array. A remote attacker could cause the PHP interpreter to crash by submitting an input variable with a deeply nested array. (CVE-2007-1285)

A flaw was found in the way the mbstring extension set global variables. A script which used the mb_parse_str() function to set global variables could be forced to enable the register_globals configuration option, possibly resulting in global variable injection. (CVE-2007-1583)

A flaw was discovered in the way PHP's mail() function processed header data. If a script sent mail using a Subject header containing a string from an untrusted source, a remote attacker could send bulk e-mail to unintended recipients. (CVE-2007-1718)

A heap based buffer overflow flaw was discovered in PHP's gd extension. A script that could be forced to process WBMP images from an untrusted source could result in arbitrary code execution. (CVE-2007-1001)

Alerts:
Ubuntu USN-549-2 2007-12-03
Ubuntu USN-549-1 2007-11-29
OpenPKG OpenPKG-SA-2007.019 2007-05-28
Fedora FEDORA-2007-526 2007-05-24
SuSE SUSE-SA:2007:032 2007-05-23
Slackware SSA:2007-127-01 2007-05-08
Debian DSA-1283-1 2007-04-29
Ubuntu USN-455-1 2007-04-27
Debian DSA-1282-1 2007-04-26
Red Hat RHSA-2007:0153-01 2007-04-20
Mandriva MDKSA-2007:090 2007-04-18
Mandriva MDKSA-2007:089 2007-04-18
Mandriva MDKSA-2007:088 2007-04-18
Mandriva MDKSA-2007:087 2007-04-18
Fedora FEDORA-2007-455 2007-04-18
rPath rPSA-2007-0073-1 2007-04-18
Fedora FEDORA-2007-415 2007-04-17
Red Hat RHSA-2007:0155-01 2007-04-16
Red Hat RHSA-2007:0154-01 2007-04-16
Red Hat RHSA-2007:0162-01 2007-04-16

Comments (none posted)

php: several vulnerabilities

Package(s):php CVE #(s):CVE-2006-4481 CVE-2006-4484 CVE-2006-4485
Created:September 8, 2006 Updated:June 13, 2008
Description: The file_exists and imap_reopen functions in PHP before 5.1.5 do not check for the safe_mode and open_basedir settings, which allows local users to bypass the settings (CVE-2006-4481).

A buffer overflow in the LWZReadByte function in ext/gd/libgd/gd_gif_in.c in the GD extension in PHP before 5.1.5 allows remote attackers to have an unknown impact via a GIF file with input_code_size greater than MAX_LWZ_BITS, which triggers an overflow when initializing the table array (CVE-2006-4484).

The stripos function in PHP before 5.1.5 has unknown impact and attack vectors related to an out-of-bounds read (CVE-2006-4485).

Alerts:
SuSE SUSE-SR:2008:013 2008-06-13
Mandriva MDVSA-2008:077 2007-03-26
SuSE SUSE-SR:2008:005 2008-03-06
Red Hat RHSA-2008:0146-01 2008-02-28
Fedora FEDORA-2008-1643 2008-02-13
Foresight FLEA-2008-0007-1 2008-02-11
Fedora FEDORA-2008-1122 2008-02-05
Fedora FEDORA-2008-1131 2008-02-05
SuSE SUSE-SR:2008:003 2008-02-07
Mandriva MDVSA-2008:038 2007-02-07
rPath rPSA-2008-0046-1 2008-02-06
Gentoo 200802-01 2008-02-06
rPath rPSA-2006-0182-1 2006-10-05
SuSE SUSE-SA:2006:052 2006-09-21
Red Hat RHSA-2006:0669-01 2006-09-21
Mandriva MDKSA-2006:162 2006-09-07

Comments (1 posted)

php: multiple vulnerabilities

Package(s):php CVE #(s):CVE-2007-2872 CVE-2007-2756
Created:June 1, 2007 Updated:January 29, 2008
Description: According to a vendor release announcement multiple security enhancements and fixes were fixed in version 5.2.3 of the programming language PHP.
Alerts:
SuSE SUSE-SA:2008:004 2008-01-29
Ubuntu USN-549-2 2007-12-03
Red Hat RHSA-2007:0891-01 2007-10-25
Ubuntu USN-549-1 2007-11-29
Red Hat RHSA-2007:0888-01 2007-10-23
Gentoo 200710-02 2007-10-07
Red Hat RHSA-2007:0889-01 2007-09-26
Fedora FEDORA-2007-709 2007-09-24
Mandriva MDKSA-2007:187 2007-09-21
Red Hat RHSA-2007:0890-02 2007-09-20
Fedora FEDORA-2007-2215 2007-09-18
rPath rPSA-2007-0188-1 2007-09-17
Slackware SSA:2007-255-03 2007-09-13
rPath rPSA-2007-0117-1 2007-06-07
Slackware SSA:2007-152-01 2007-06-04
OpenPKG OpenPKG-SA-2007.020 2007-06-01

Comments (none posted)

php: buffer overflows

Package(s):php CVE #(s):CVE-2006-5465
Created:November 3, 2006 Updated:January 18, 2010
Description: The Hardened-PHP Project discovered buffer overflows in htmlentities/htmlspecialchars internal routines to the PHP Project. Of course the whole purpose of these functions is to be filled with user input. (The overflow can only be when UTF-8 is used)
Alerts:
Mandriva MDVSA-2010:007 2010-01-15
SuSE SUSE-SA:2006:067 2006-11-15
rPath rPSA-2006-0205-1 2006-11-09
Red Hat RHSA-2006:0731-01 2006-11-10
Red Hat RHSA-2006:0730-01 2006-11-06
Debian DSA-1206-1 2006-11-06
Fedora FEDORA-2006-1169 2006-11-06
Fedora FEDORA-2006-1168 2006-11-06
Slackware SSA:2006-307-01 2006-11-06
OpenPKG OpenPKG-SA-2006.028 2006-11-06
Ubuntu USN-375-1 2006-11-02
Mandriva MDKSA-2006:196 2006-11-02

Comments (none posted)

phpbb2: missing input sanitizing

Package(s):phpbb2 CVE #(s):CVE-2006-1896
Created:May 22, 2006 Updated:February 11, 2008
Description: It was discovered that phpbb2, a web based bulletin board, insufficiently sanitizes values passed to the "Font Color 3" setting, which might lead to the execution of injected code by admin users.
Alerts:
Debian DSA-1066-1 2006-05-20

Comments (none posted)

phpbb2: multiple vulnerabilities

Package(s):phpbb2 CVE #(s):CVE-2005-3310 CVE-2005-3415 CVE-2005-3416 CVE-2005-3417 CVE-2005-3418 CVE-2005-3419 CVE-2005-3420 CVE-2005-3536 CVE-2005-3537
Created:December 22, 2005 Updated:February 11, 2008
Description: The phpbb2 web forum has a number of vulnerabilities including: a web script injection problem, a protection mechanism bypass, a security check bypass, a remote global variable bypass, cross site scripting vulnerabilities, an SQL injection vulnerability, a remote regular expression modification problem, missing input sanitizing, and a missing request validation problem.
Alerts:
Debian DSA-925-1 2005-12-22

Comments (none posted)

phpPgAdmin: cross-site scripting

Package(s):phppgadmin CVE #(s):CVE-2007-2865 CVE-2007-5728
Created:June 18, 2007 Updated:January 21, 2009
Description: A cross-site scripting (XSS) vulnerability in sqledit.php in phpPgAdmin 4.1.1 allows remote attackers to inject arbitrary web script or HTML via the server parameter.
Alerts:
Debian DSA-1693-1 2008-12-27
Debian DSA-1693-2 2009-01-21
SuSE SUSE-SR:2007:024 2007-11-22
Fedora FEDORA-2007-1013 2007-07-11
Fedora FEDORA-2007-0469 2007-06-16

Comments (none posted)

phpwiki: remote code execution

Package(s):phpwiki CVE #(s):CVE-2007-2024 CVE-2007-2025
Created:May 17, 2007 Updated:September 12, 2007
Description: The phpwiki Upload page does not properly check the extension of a file. This can be used by a remote attacker to upload a specially crafted PHP file and execute arbitrary PHP code with the privileges of the PhpWiki user.
Alerts:
Debian DSA-1371-1 2007-09-11
Gentoo 200705-16 2007-05-17

Comments (none posted)

pptpd: denial of service

Package(s):pptpd CVE #(s):CVE-2007-0244
Created:May 9, 2007 Updated:September 3, 2007
Description: The PoPToP server daemon contains a bug which allows an attacker to tear down a connection through a malformed GRE packet.
Alerts:
Debian DSA-1288-2 2007-09-02
Ubuntu USN-459-2 2007-05-21
Gentoo 200705-18 2007-05-20
Ubuntu USN-459-1 2007-05-14
SuSE SUSE-SR:2007:010 2007-05-11
Debian DSA-1288-1 2007-05-08

Comments (none posted)

proftpd: authentication bypass

Package(s):proftpd CVE #(s):CVE-2007-2165
Created:June 21, 2007 Updated:November 5, 2007
Description: The ProFTPD Auth API has an authentication bypass vulnerability. When multiple simultaneous authentication modules are configured, the ProFTPD module that checks authentication is not necessarily the same module that retrieves authentication data. This can be used by remote attackers to bypass the authentication system.
Alerts:
Fedora FEDORA-2007-2613 2007-11-05
Mandriva MDKSA-2007:130 2007-06-20

Comments (none posted)

pulseaudio: denial of service

Package(s):pulseaudio CVE #(s):CVE-2007-1804
Created:May 30, 2007 Updated:March 10, 2008
Description: The pulseaudio network code suffers from a denial of service vulnerability exploitable by an unauthenticated attacker.
Alerts:
Mandriva MDVSA-2008:065 2007-03-09
Ubuntu USN-465-1 2007-05-25

Comments (none posted)

python: information disclosure

Package(s):python CVE #(s):CVE-2007-2052
Created:May 9, 2007 Updated:July 30, 2009
Description: Python 2.4 and 2.5 contain a bug in PyLocale_strxfrm() which could enable an attacker to read portions of unrelated memory.
Alerts:
CentOS CESA-2009:1176 2009-07-29
Red Hat RHSA-2009:1176-01 2009-07-27
Debian DSA-1620-1 2008-07-27
Debian DSA-1551-1 2008-04-19
Ubuntu USN-585-1 2008-03-11
Red Hat RHSA-2007:1076-02 2007-12-10
Red Hat RHSA-2007:1077-01 2007-12-10
Foresight FLEA-2007-0019-1 2007-05-21
rPath rPSA-2007-0104-1 2007-05-17
Mandriva MDKSA-2007:099 2007-05-08

Comments (none posted)

qemu: multiple vulnerabilities

Package(s):qemu CVE #(s):CVE-2007-1320 CVE-2007-1321 CVE-2007-1322 CVE-2007-1323 CVE-2007-1366
Created:May 1, 2007 Updated:January 19, 2009
Description: Several vulnerabilities have been discovered in the QEMU processor emulator, which may lead to the execution of arbitrary code or denial of service.
Alerts:
Fedora FEDORA-2008-11705 2008-12-24
Fedora FEDORA-2008-10000 2008-11-22
Fedora FEDORA-2008-9556 2008-11-12
SuSE SUSE-SR:2009:002 2009-01-19
Mandriva MDVSA-2008:162 2008-08-07
Fedora FEDORA-2008-4386 2008-05-28
Fedora FEDORA-2008-4604 2008-05-28
Fedora FEDORA-2007-713 2007-10-08
Debian DSA-1384-1 2007-10-05
Fedora FEDORA-2007-2270 2007-10-03
Red Hat RHSA-2007:0323-01 2007-10-02
Debian-Testing DTSA-38-1 2007-05-26
Debian DSA-1284-1 2007-05-01

Comments (none posted)

qt: arbitrary code execution

Package(s):qt CVE #(s):CVE-2007-3388
Created:August 1, 2007 Updated:December 10, 2007
Description: Format string bugs were found in several Qt warning messages. Applications using Qt for processing certain data types could trigger them if the data caused Qt to print warnings. The bugs potentially allow to execute arbitrary code via specially crafted files (CVE-2007-3388).
Alerts:
Debian DSA-1426-1 2007-12-08
Gentoo 200708-16 2007-08-22
Slackware SSA:2007-222-03 2007-08-13
Foresight FLEA-2007-0042-1 2007-08-03
Ubuntu USN-495-1 2007-08-03
rPath rPSA-2007-0153-1 2007-08-01
Mandriva MDKSA-2007:151 2007-08-01
SuSE SUSE-SA:2007:048 2007-08-01
Red Hat RHSA-2007:0721-01 2007-07-31

Comments (none posted)

qt: "/../" injection

Package(s):qt CVE #(s):CVE-2007-0242
Created:April 4, 2007 Updated:September 13, 2007
Description: Andreas Nolden discovered a bug in qt3, where the UTF8 decoder does not reject overlong sequences, which can cause "/../" injection or (in the case of konqueror) a "<script>" tag injection.
Alerts:
CentOS CESA-2011:1324 2011-09-22
Scientific Linux SL-qt4-20110921 2011-09-21
Red Hat RHSA-2011:1324-01 2011-09-21
Red Hat RHSA-2007:0883-01 2007-09-13
Debian DSA-1292-1 2007-05-15
SuSE SUSE-SR:2007:006 2007-04-13
Ubuntu USN-452-1 2007-04-11
Mandriva MDKSA-2007:075-1 2007-04-10
rPath rPSA-2007-0066-1 2007-04-04
Slackware SSA:2007-093-03 2007-04-04
Mandriva MDKSA-2007:075 2007-04-03
Mandriva MDKSA-2007:076 2007-04-03
Mandriva MDKSA-2007:074 2007-04-03

Comments (2 posted)

qtpfsgui: arbitrary code execution

Package(s):qtpfsgui CVE #(s):CVE-2007-2956
Created:August 13, 2007 Updated:August 15, 2007
Description: There is a boundary error in Qtpfsgui and pfstools when reading the header of a Radiance RGBE (*.hdr) file within the "readRadianceHeader()" function in src/fileformat/rgbeio.cpp (Qtpfsgui) or src/Fileformat/rgbeio.cpp (pfstools) which can lead to arbitrary code execution.
Alerts:
Fedora FEDORA-2007-1581 2007-08-13

Comments (none posted)

quake: buffer overflow

Package(s):quake3-bin CVE #(s):CVE-2006-2236
Created:May 10, 2006 Updated:January 12, 2009
Description: Games based on the Quake 3 engine are vulnerable to a buffer overflow exploitable by a hostile game server.
Alerts:
Gentoo 200901-06 2009-01-11
Gentoo 200605-12 2006-05-10

Comments (none posted)

redhat-cluster-suite: denial of service

Package(s):redhat-cluster-suite CVE #(s):CVE-2007-3380
Created:July 19, 2007 Updated:November 14, 2007
Description: The redhat cluster suite's cluster manager is vulnerable to a remote attack. Attackers can connect to the DLM port and block subsequent DLM operations, resulting in a denial of service.
Alerts:
Ubuntu USN-489-1 2007-07-19
Red Hat RHSA-2007:0940-01 2007-10-22
Ubuntu USN-489-2 2007-07-19

Comments (1 posted)

rpm: arbitrary code execution

Package(s):rpm CVE #(s):CVE-2006-5466
Created:November 6, 2006 Updated:August 28, 2007
Description: An error was found in the RPM library's handling of query reports. In some locales, certain RPM packages would cause the library to crash. If a user was tricked into querying a specially crafted RPM package, the flaw could be exploited to execute arbitrary code with the user's privileges.
Alerts:
Fedora FEDORA-2007-668 2007-08-27
Gentoo 200611-08 2006-11-13
Mandriva MDKSA-2006:200 2006-11-07
Ubuntu USN-378-1 2006-11-04

Comments (none posted)

slocate: information disclosure

Package(s):slocate CVE #(s):CVE-2007-0227
Created:February 22, 2007 Updated:September 4, 2012
Description: The slocate permission checking code has a local information disclosure vulnerability. During the reporting of matching files, slocate does not respect the parent directory's read permissions, resulting in hidden filenames being viewable by other local users.
Alerts:
Foresight FLEA-2007-0005-1 2007-03-29
Ubuntu USN-425-1 2007-02-22
Slackware SSA:2012-244-05 2012-08-31

Comments (none posted)

snort: remote arbitrary code execution

Package(s):snort CVE #(s):CVE-2006-5276
Created:March 2, 2007 Updated:September 7, 2007
Description: The Snort intrusion detection system is vulnerable to a buffer overflow in the DCE/RPC preprocessor code. Remote attackers can send specially crafted fragmented SMB or DCE/RPC packets which can be used to allow the the remote execution of arbitrary code.
Alerts:
Fedora FEDORA-2007-2060 2007-09-07
Gentoo 200703-01:02 2007-02-23
Gentoo 200703-01 2007-02-23

Comments (1 posted)

squirrelmail: arbitrary code execution

Package(s):squirrelmail CVE #(s):CVE-2005-1924 CVE-2006-4169
Created:August 13, 2007 Updated:August 15, 2007
Description: There is a vulnerability in the squirrelmail G/PGP plugin:

An authenticated user could use the plugin to execute arbitrary code on the server, or a remote attacker could send a specially crafted e-mail to a SquirrelMail user, possibly leading to the execution of arbitrary code with the privileges of the user running the underlying web server. Note that the G/PGP plugin is disabled by default.

Alerts:
Gentoo 200708-08 2007-08-11

Comments (1 posted)

Sun JDK/JRE: multiple vulnerabilities

Package(s):Sun JDK/JRE CVE #(s):CVE-2007-2435 CVE-2007-2788 CVE-2007-2789
Created:June 1, 2007 Updated:April 18, 2008
Description: An unspecified vulnerability involving an "incorrect use of system classes" was reported by the Fujitsu security team. Additionally, Chris Evans from the Google Security Team reported an integer overflow resulting in a buffer overflow in the ICC parser used with JPG or BMP files, and an incorrect open() call to /dev/tty when processing certain BMP files.
Alerts:
Gentoo 200804-20 2008-04-17
Red Hat RHSA-2007:1086-01 2007-12-12
Red Hat RHSA-2007:0817-01 2007-08-06
SuSE SUSE-SA:2007:045 2007-07-18
Gentoo 200706-08 2007-06-26
Gentoo 200705-23 2007-05-31

Comments (none posted)

tcpdump: integer overflow

Package(s):tcpdump CVE #(s):CVE-2007-3798
Created:July 20, 2007 Updated:November 15, 2007
Description: An integer overflow in print-bgp.c in the BGP dissector in tcpdump 3.9.6 and earlier allows remote attackers to execute arbitrary code via crafted TLVs in a BGP packet, related to an unchecked return value.
Alerts:
Red Hat RHSA-2007:0387-02 2007-11-15
Red Hat RHSA-2007:0368-03 2007-11-07
Slackware SSA:2007-230-01 2007-08-20
Debian DSA-1353-1 2007-08-11
Fedora FEDORA-2007-654 2007-08-01
Fedora FEDORA-2007-1361 2007-07-31
Ubuntu USN-492-1 2007-07-30
Gentoo 200707-14 2007-07-28
Mandriva MDKSA-2007:148 2007-07-25
rPath rPSA-2007-0147-1 2007-07-20

Comments (none posted)

tcpdump: denial of service

Package(s):tcpdump CVE #(s):CVE-2007-1218
Created:March 5, 2007 Updated:November 15, 2007
Description: Off-by-one buffer overflow in the parse_elements function in the 802.11 printer code (print-802_11.c) for tcpdump 3.9.5 and earlier allows remote attackers to cause a denial of service (crash) via a crafted 802.11 frame. NOTE: this was originally referred to as heap-based, but it might be stack-based.
Alerts:
Red Hat RHSA-2007:0387-02 2007-11-15
Mandriva MDKSA-2007:155 2007-08-09
Debian DSA-1272-1 2007-03-22
Fedora FEDORA-2007-348 2007-03-15
Fedora FEDORA-2007-347 2007-03-15
Mandriva MDKSA-2007:056 2006-03-08
Ubuntu USN-429-1 2007-03-06
rPath rPSA-2007-0048-1 2007-03-03

Comments (none posted)

terminal: arbitrary code execution

Package(s):terminal CVE #(s):CVE-2007-3770
Created:August 13, 2007 Updated:December 19, 2007
Description: A vulnerability was found in the Xfce terminal program:

Lasse Karkkainen discovered that the function terminal_helper_execute() in file terminal-helper.c does not properly escape the URIs before processing.

Alerts:
Fedora FEDORA-2007-4368 2007-12-15
Fedora FEDORA-2007-4385 2007-12-15
Debian DSA-1393-1 2007-10-23
Fedora FEDORA-2007-1620 2007-08-15
Ubuntu USN-497-1 2007-08-14
Gentoo 200708-07 2007-08-11

Comments (none posted)

tetex: buffer overflow

Package(s):tetex CVE #(s):CVE-2007-0650
Created:May 8, 2007 Updated:May 13, 2008
Description: A buffer overflow in the open_sty function in mkind.c for makeindex 2.14 in teTeX might allow user-assisted remote attackers to overwrite files and possibly execute arbitrary code via a long filename. NOTE: other overflows exist but might not be exploitable, such as a heap-based overflow in the check_idx function.
Alerts:
Gentoo 200805-13 2008-05-12
Gentoo 200709-17 2007-09-27
Mandriva MDKSA-2007:109 2007-05-23
rPath rPSA-2007-0092-1 2007-05-07

Comments (1 posted)

tomcat: directory traversal

Package(s):tomcat CVE #(s):CVE-2007-0450
Created:May 2, 2007 Updated:February 27, 2008
Description: Versions of tomcat prior to 5.5.22 do not properly filter filename separator characters, enabling information disclosure attacks.
Alerts:
SuSE SUSE-SR:2007:015 2007-08-03
Mandriva MDKSA-2007:241 2007-12-10
Red Hat RHSA-2007:0360-01 2007-05-24
Red Hat RHSA-2007:0328-01 2007-05-24
Fedora FEDORA-2007-514 2007-05-21
Red Hat RHSA-2007:0326-01 2007-05-21
Red Hat RHSA-2007:0327-01 2007-05-14
Gentoo 200705-03 2007-05-01

Comments (none posted)

tomcat: cross-site scripting

Package(s):tomcat CVE #(s):CVE-2007-2449 CVE-2007-2450
Created:July 17, 2007 Updated:February 17, 2009
Description: Some JSPs within the 'examples' web application did not escape user provided data. If the JSP examples were accessible, this flaw could allow a remote attacker to perform cross-site scripting attacks (CVE-2007-2449).

Note: it is recommended the 'examples' web application not be installed on a production system.

The Manager and Host Manager web applications did not escape user provided data. If a user is logged in to the Manager or Host Manager web application, an attacker could perform a cross-site scripting attack (CVE-2007-2450).

Alerts:
SuSE SUSE-SR:2009:004 2009-02-17
Fedora FEDORA-2008-8130 2008-09-16
SuSE SUSE-SR:2008:007 2008-03-28
Fedora FEDORA-2008-1603 2008-02-13
Fedora FEDORA-2008-1467 2008-02-13
Debian DSA-1468-1 2008-01-20
Mandriva MDKSA-2007:241 2007-12-10
Fedora FEDORA-2007-3474 2007-11-17
Fedora FEDORA-2007-3456 2007-11-17
Red Hat RHSA-2007:0569-01 2007-07-17

Comments (1 posted)

vim: arbitrary code execution

Package(s):vim CVE #(s):CVE-2007-2953
Created:July 30, 2007 Updated:November 27, 2008
Description: vim is vulnerable to a user-assisted attack in which vim may execute arbitrary code when helptags is run on data that has been maliciously crafted.
Alerts:
CentOS CESA-2008:0580 2008-11-26
CentOS CESA-2008:0617 2008-11-25
Red Hat RHSA-2008:0617-01 2008-11-25
Red Hat RHSA-2008:0580-01 2008-11-25
Debian DSA-1364-2 2007-09-19
Debian DSA-1364-1 2007-09-01
Ubuntu USN-505-1 2007-08-28
Mandriva MDKSA-2007:168 2007-08-21
rPath rPSA-2007-0151-1 2007-07-31
Foresight FLEA-2007-0036-1 2007-07-30

Comments (none posted)

vixie-cron: weak permissions may cause errors

Package(s):vixie-cron CVE #(s):CVE-2007-1856
Created:April 17, 2007 Updated:December 4, 2007
Description: During an internal audit, Raphael Marichez of the Gentoo Linux Security Team found that Vixie Cron has weak permissions set on Gentoo, allowing for a local user to create hard links to system and users cron files, while a st_nlink check in database.c will generate a superfluous error.
Alerts:
Mandriva MDKSA-2007:234 2007-12-03
Red Hat RHSA-2007:0345-01 2007-05-17
Gentoo 200704-11 2007-04-16

Comments (1 posted)

vlc: several vulnerabilities

Package(s):vlc CVE #(s):CVE-2007-3316 CVE-2007-3467 CVE-2007-3468
Created:July 10, 2007 Updated:March 10, 2008
Description: Several remote vulnerabilities have been discovered in the VideoLan multimedia player and streamer, which may lead to the execution of arbitrary code.
Alerts:
Gentoo 200803-13 2008-03-07
Gentoo 200707-12 2007-07-28
Debian DSA-1332-1 2007-07-09

Comments (none posted)

wireshark: multiple vulnerabilities

Package(s):wireshark CVE #(s):CVE-2007-3390 CVE-2007-3392 CVE-2007-3393
Created:June 28, 2007 Updated:February 27, 2008
Description: The wireshark network traffic analyzer has three vulnerabilities that can be used to create a denial of service. These include off-by-one overflows in the iSeries dissector, vulnerabilities in the MMS and SSL dissectors that can cause an infinite loop and an off-by-one overflow in the DHCP/BOOTP dissector.
Alerts:
SuSE SUSE-SR:2007:015 2007-08-03
Red Hat RHSA-2008:0059-01 2008-01-21
Red Hat RHSA-2007:0709-02 2007-11-15
Red Hat RHSA-2007:0710-04 2007-11-07
Gentoo 200708-12 2007-08-16
Fedora FEDORA-2007-628 2007-07-09
rPath rPSA-2007-0137-1 2007-07-11
Mandriva MDKSA-2007:145 2007-07-10
Fedora FEDORA-2007-0982 2007-07-09
Debian DSA-1322-1 2007-06-27

Comments (none posted)

XFree86 X.org: integer overflows

Package(s):xfree86 x.org CVE #(s):CVE-2007-1003 CVE-2007-1667 CVE-2007-1351 CVE-2007-1352
Created:April 3, 2007 Updated:August 11, 2009
Description: iDefense reported an integer overflow flaw in the XFree86 XC-MISC extension. A malicious authorized client could exploit this issue to cause a denial of service (crash) or potentially execute arbitrary code with root privileges on the XFree86 server. (CVE-2007-1003)

iDefense reported two integer overflows in the way X.org handled various font files. A malicious local user could exploit these issues to potentially execute arbitrary code with the privileges of the X.org server. (CVE-2007-1351, CVE-2007-1352)

An integer overflow flaw was found in the XFree86 XGetPixel() function. Improper use of this function could cause an application calling it to function improperly, possibly leading to a crash or arbitrary code execution. (CVE-2007-1667)

Alerts:
Debian DSA-1858-1 2009-08-10
SuSE SUSE-SR:2008:008 2008-04-04
Debian DSA-1454-1 2008-01-07
Debian DSA-1294-1 2007-05-17
Gentoo 200705-10 2007-05-08
Gentoo 200705-06 2007-05-05
Gentoo 200705-02 2007-05-01
Ubuntu USN-453-2 2007-04-26
SuSE SUSE-SA:2007:027 2007-04-20
Slackware SSA:2007-109-01 2007-04-20
Ubuntu USN-453-1 2007-04-18
Red Hat RHSA-2007:0157-01 2007-04-16
Red Hat RHSA-2007:0150-01 2007-04-16
Mandriva MDKSA-2007:079-1 2007-04-11
Mandriva MDKSA-2007:080-1 2007-04-10
Mandriva MDKSA-2007:081-1 2007-04-10
Fedora FEDORA-2007-427 2007-04-10
Fedora FEDORA-2007-426 2007-04-10
Fedora FEDORA-2007-425 2007-04-10
Fedora FEDORA-2007-424 2007-04-10
Fedora FEDORA-2007-423 2007-04-09
Fedora FEDORA-2007-422 2007-04-09
Foresight FLEA-2007-0009-1 2007-04-05
Mandriva MDKSA-2007:080 2007-04-04
Mandriva MDKSA-2007:081 2007-04-04
Mandriva MDKSA-2007:079 2007-04-04
rPath rPSA-2007-0065-1 2007-04-04
Ubuntu USN-448-1 2007-04-03
Red Hat RHSA-2007:0132-01 2007-04-03
Red Hat RHSA-2007:0127-01 2007-04-03
Red Hat RHSA-2007:0126-01 2007-04-03
Red Hat RHSA-2007:0125-01 2007-04-03

Comments (none posted)

xfsdump: insecure temp dir

Package(s):xfsdump CVE #(s):CVE-2007-2654
Created:June 22, 2007 Updated:September 21, 2007
Description: xfs_fsr in xfsdump creates a .fsr temporary directory with insecure permissions, which allows local users to read or overwrite arbitrary files on xfs filesystems.
Alerts:
Ubuntu USN-516-1 2007-09-20
Mandriva MDKSA-2007:134 2007-06-21

Comments (none posted)

xine-lib: arbitrary code execution

Package(s):xine-lib CVE #(s):CVE-2007-1387
Created:March 13, 2007 Updated:April 1, 2008
Description: Moritz Jodeit discovered that the DirectShow loader of Xine did not correctly validate the size of an allocated buffer. By tricking a user into opening a specially crafted media file, an attacker could execute arbitrary code with the user's privileges.
Alerts:
Debian DSA-1536-1 2008-03-31
Mandriva MDKSA-2007:062 2007-03-13
Mandriva MDKSA-2007:061 2007-03-13
Ubuntu USN-435-1 2007-03-12

Comments (none posted)

xine-lib: buffer overflow

Package(s):xine-lib CVE #(s):CVE-2006-1664
Created:April 27, 2006 Updated:February 27, 2008
Description: xine-lib does an improper input data boundary check on MPEG streams. A specially crafted MPEG file can be created that can cause arbitrary code execution when the file is accessed.
Alerts:
Gentoo 200802-12 2008-02-26
Gentoo 200604-16 2006-04-26

Comments (none posted)

xmms: BMP handling vulnerability

Package(s):xmms CVE #(s):CVE-2007-0653 CVE-2007-0654
Created:March 28, 2007 Updated:July 26, 2011
Description: xmms suffers from vulnerabilities in its handling of BMP images. Should a hostile image be included in an xmms skin, it could lead to code execution on the user's system.
Alerts:
Fedora FEDORA-2011-9421 2011-07-16
Fedora FEDORA-2011-9413 2011-07-16
Debian DSA-1277-1 2007-04-04
Mandriva MDKSA-2007:071 2007-03-29
Ubuntu USN-445-1 2007-03-27

Comments (none posted)

X.org: temp file vulnerability

Package(s):X.org CVE #(s):CVE-2007-3103
Created:July 12, 2007 Updated:July 2, 2009
Description: The X.Org X11 xfs font server has a temp file vulnerability in the startup script. A local user can modify the permissions of the script in order to elevate their local privileges.
Alerts:
Fedora FEDORA-2009-3651 2009-04-14
Fedora FEDORA-2009-3666 2009-04-14
Debian DSA-1342-1 2007-07-30
rPath rPSA-2007-0141-1 2007-07-17
Foresight FLEA-2007-0031-1 2007-07-12
Red Hat RHSA-2007:0520-01 2007-07-12
Red Hat RHSA-2007:0519-01 2007-07-12

Comments (none posted)

xvid: array indexing vulnerabilities

Package(s):xvid CVE #(s):CVE-2007-3329
Created:August 9, 2007 Updated:August 15, 2007
Description: The Xvid video codec has a number of array indexing vulnerabilities. It may be possible for an attacker to maliciously create a video that causes the execution of arbitrary code.
Alerts:
Gentoo 200708-02 2007-08-08

Comments (none posted)

zziplib: buffer overflow

Package(s):zziplib CVE #(s):CVE-2007-1614
Created:April 4, 2007 Updated:September 5, 2007
Description: dmcox discovered a boundary error in the zzip_open_shared_io() function from zzip/file.c . A remote attacker could entice a user to run a zziplib function with an overly long string as an argument which would trigger the buffer overflow and may lead to the execution of arbitrary code.
Alerts:
Debian-Testing DTSA-56-1 2007-09-04
Mandriva MDKSA-2007:093 2007-04-23
Gentoo 200704-05 2007-04-03

Comments (none posted)

Page editor: Jake Edge

Kernel development

Brief items

Kernel release status

The current 2.6 prepatch remains 2.6.23-rc3; the 2.6.23-rc4 release is somewhat overdue as of this writing. There has been a steady flow of fixes into the mainline git repository over the last week.

The current -mm tree is 2.6.23-rc3-mm1. Recent changes to -mm include the long-awaited ath5k wireless driver (mac80211-based support for Atheros 5xxx wireless cards), a long list of x86_64 patches, a new PID namespaces patch, and the PIE executable randomization patch from ExecShield.

The current stable 2.6 kernel is 2.6.22.4, released on August 20. This one contains a single patch - a security fix for the signal vulnerability which allows, under some circumstances, an arbitrary signal to be sent to a setuid process. (Note that the 2.6.22.5 process has already begun with that update being due on or after the 23rd).

For older kernels: 2.6.20.16 was released on August 16 with a couple dozen fixes. The next 2.6.20 stable update is currently in review; it is a large patch set with quite a few fixes.

Comments (none posted)

Kernel development news

Quotes of the week

Why can DOS delete an infinite number of files and rm can't? Because rm was written using the "vi" editor and it causes brain damage and that's why after 20 years rm hasn't caught up with del.
-- Marc Perkel has solutions for all our problems

Asserting that critics should patch the holes in your handwaving is unlikely to impress anybody; arrogance is not in short supply around here and yours is not even original.
-- Al Viro responds (thanks to Dag Bakke).

Comments (49 posted)

Distributed storage

By Jonathan Corbet
August 21, 2007
Evgeniy Polyakov is not an easily discouraged developer. He has been the source of a great deal of interesting kernel code - including a network channels implementation, an asynchronous crypto framework, the kevent subsystem, the "network tree" memory management layer, and the netlink connector code. Of all of those patches, only the netlink connector has made it into the mainline kernel - and that was back in 2005. Undeterred, Evgeniy has come forward with another significant patch set for consideration. His ambitions are no lower this time around: he would like to replace much of the functionality offered by the device mapper, iSCSI, and network block device (NBD) layers. He calls the new subsystem distributed storage, or DST for short. The goal is to allow the creation of high-performance storage networks in a reliable and easy manner.

At the lowest level, the DST code implements a simple network protocol which allows block devices to be exported across a network. The number of operations supported is small: block read and write operations and a "how big is your disk?" information request is about it. But it is intended to be fast, non-blocking, and able to function without copying the data on the way through. The zero-copy nature of the code allows it to perform I/O operations with no memory allocations at all - though the underlying network subsystem might do some allocations of its own.

There is no data integrity checking built into the DST networking layer; it relies on the networking code to handle that aspect of things. There is also no real security support at all. If a block device is exported for use in DST, it is exported to anybody who can reach the host. The addition of explicit export lists could certainly be done in the future, but, for now, hosts exporting drives via DST are probably best not exposed to anything beyond an immediate local network.

The upper layer of the DST code enables the creation of local disks. A simple ioctl() call would create a local disk from a remote drive, essentially reproducing the functionality offered by NBD. Evgeniy claims better performance than NBD, though, with non-blocking processing, no user-space threads, and a lack of busy-wait loops. There is also a simple failure recovery mechanism which will reconnect to remote hosts which go away temporarily.

Beyond that, though, the DST code can be used to join multiple devices - both local and remote - into larger arrays. There are currently two algorithms available: linear and mirrored. In a linear array, each device is added to the end of what looks like a much larger block device. The mirroring algorithm replicates data across each device to provide redundancy and generally faster read performance. There is infrastructure in place for tracking which blocks must be updated on each component of a mirrored array, so if one device drops out for a while it can be quickly brought up to date on its return. Interestingly, that information is not stored on each component; this is presented as a feature, in that one part of a mirrored array can be removed and mounted independently as a sort of snapshot. Block information also does not appear, in this iteration, to be stored persistently anywhere, meaning that a crash of the DST server could make recovery of an inconsistent mirrored array difficult or impossible.

Storage arrays created with DST can, in turn, be exported for use in other arrays. So a series of drives located on a fast local network can be combined in a sort of tree structure into one large, redundant array of disks. There is no support for the creation of higher-level RAID arrays at this time. Support for more algorithms is on the "to do" list, though Evgeniy has said that the Reed-Solomon codes used for traditional RAID are not fast enough for distributed arrays. He suggests that WEAVER codes might be used instead.

At this level, DST looks much like the device mapper and MD layers already supported by Linux. Evgeniy claims that the DST code is better in that it does all processing in a non-blocking manner, works with more network protocols, has simple automatic configuration, does not copy data, and can perform operations with no memory allocations. The zero-allocation feature is important in situations where deadlocks are a worry - and they are often a worry when remote storage is in use. Making the entire DST stack safe against memory-allocation deadlocks would require some support in the network layer as well - but, predictably, Evgeniy has some ideas for how that can be done.

This patch set is clearly in a very early state; quite a bit of work would be required before it would be ready for production use with data that somebody actually cares about. Like all of Evgeniy's patches, DST contains a number of interesting ideas. If the remaining little details can be taken care of, the DST code could eventually reach a point where it is seen as a useful addition to the Linux storage subsystem.

Comments (13 posted)

Who maintains this file?

By Jonathan Corbet
August 21, 2007
Kernel developers are generally encouraged to split patches into small pieces before posting them to the mailing lists. Making each change self-contained and easy to understand helps reviewers do their job and is thus a good thing. That said, anybody who doubted that one can get too much of a good thing surely learned the truth when Joe Perches submitted this patch set made up of almost 550 patches, all to the same file. It is fair to say that this deluge of patches was not universally welcomed.

Packaging aside, the ultimate goal of Joe's patch was not particularly controversial: he would like to make it possible to easily find out who is the maintainer of a specific file in the kernel tree. So, for each entry in the MAINTAINERS file, he added one or more lines with patterns describing which files belong to that entry. With that information in place, his get_maintainer.pl script can quickly identify who is responsible for any file in the tree. No more digging through MAINTAINERS or trying to extract email addresses from copyright notices in the source.

It's an appealing idea, but nobody seems to be entirely clear on how to implement it. Keeping this information in a central file has a number of obvious disadvantages. It would clearly go out of date quickly, for example. The MAINTAINERS file tends to get stale as it is; the chances of it being patched for every new or renamed file seem quite small. If developers, contrary to expectations, do keep this file up to date, one can expect large numbers of conflicts as all the resulting patches try to touch the same file.

The patch conflict problem could be mitigated by splitting up the MAINTAINERS file into per-directory versions, much like what was done with the kernel configuration file in the past. There are now over 400 Kconfig files in the mainline tree; some developers have expressed dismay at the idea of similar numbers of MAINTAINERS files being scattered around the tree. And, in any case, per-directory files aren't much more likely to be updated than the single, central file.

So around came another idea: why not just put the maintainer information into the source files? The result would be nicely split documentation which gets put in front of the relevant developers every time they edit the file. The record for maintenance of documentation in the code is far from perfect, but it is much better than the record for completely out-of-line documentation.

One question which comes up when this approach is considered is whether the resulting information should go into the binary kernel image or not. It would be easy to define a new tag like:

    MODULE_MAINTAINER("Your name here");

The provided information could then go into a special section in the kernel image where special tools could find it. Doing things this way would make it possible for people who don't have a kernel tree handy to look up a maintainer. On the other hand, it would bloat the kernel image and fix information in a binary, widely-distributed form where it could persist long after it goes out of date. So ex-maintainers could continue receiving mail for years after they have changed all of the relevant documentation.

An alternative would be to just put the maintainer information at the top of the file as a comment. Then it would only be in the source, and would, presumably, be relatively easy to keep up to date. At least, until, say, a mailing list for a major subsystem moves and all of the associated source files have to be changed. For example, Adrian Bunk noted that the move of the netdev mailing list to vger would have forced patches to about 1300 files.

Yet another approach is to find a way to store the information in the git repository. Git already maintains quite a bit of metadata about source files; to some it seems natural to add maintainer information as well. So far, the git developers have not shown a lot of appetite for adding this sort of feature. But Linus did point out that one could already use git to a similar effect with a simple command:

Do a script like this:

	#!/bin/sh
	git log --since=6.months.ago -- "$@" |
		grep -i '^    [-a-z]*by:.*@' |
		sort | uniq -c |
		sort -r -n | head

and it gives you a rather good picture of who is involved with a particular subdirectory or file.

The advantage of doing things this way is that the resulting output gives a current picture of who has actually been working on a file - a picture which requires no explicit maintenance at all. That list of people is probably a much better group to send copies of patches to than whoever might be listed in a maintainers file; they are the ones who know about what is happening in that part of the tree now.

No real resolution has been reached on this topic. It may be that Linus's approach may be the one taken by default; it already works without the need to merge any patches at all. The question may well stay around for a while, though. Approximately 2,000 developers put patches into the mainline over the course of one year; keeping track of which of those developers is the best to notify of changes to a particular file is never going to be easy.

Comments (5 posted)

Network transmit batching

By Jonathan Corbet
August 22, 2007
At the core of most network drivers is the hard_start_xmit() method, which is called once for every packet which is to be transmitted. This method will normally acquire locks and insert the packet into the adapter's transmit queue. As a rule, outgoing packets do not accumulate in the kernel; they are handed to the driver, one at a time, when they are ready to go. There are times, though, when packets cannot be handed off immediately. If, for example, the hardware transmit queue is currently full, the networking subsystem will have to hold on to the packet until things clear out. Once the driver is able to accept packets for the device again, the one-at-a-time behavior will resume.

The networking developers are always looking for ways to squeeze a little more performance from their code. Krishna Kumar took a look at the behavior described above and wondered: why not pass the list of accumulated packets to the driver in a single call? Batching of transmission operations in this way has the potential to minimize the cost of locking and device preparation overhead, making packet transmission as a whole more efficient. To explore this idea, Krishna has posted a few versions of the SKB batching patch set.

Implementing SKB batching requires a couple of driver API changes - but they are small and only required for batching-aware drivers. The first step is to set the NETIF_F_BATCH_SKBS bit in the features field of the net_device structure. That flag tells the network stack that the driver can handle batched transmissions.

The prototype for hard_start_xmit() is:

    int (*hard_start_xmit)(struct sk_buff *skb, struct net_device *dev);

That prototype does not change, but a driver which has indicated that batching is acceptable for dev may find its hard_start_xmit() method called with skb set to NULL. The NULL value is an indication that there is a batch of packets to transmit; that batch will be found enqueued on the (new) list found at dev->skb_blist. So the (much simplified) form of a batching-aware driver's hard_start_xmit() function will look something like:

    driver_specific_locking_and_setup();
    if (skb)
	ret = send_a_packet(internal_dev, skb);
    else {
	while ((skb = __skb_dequeue(dev->skb_blist)) != NULL) {
	    ret = send_a_packet(internal_dev, skb);
	    if (ret)
	        break;
        }
    }
    driver_specific_cleanup();

The reality of the situation can be a bit more complicated, especially if the driver implements optimizations like suppressing completion interrupts until the last packet of the batch has been sent. But the core of the change is as described here - not a whole lot to it.

As of this writing, the networking developers are still trying to determine what the performance effects of this patch are. There is particular interest in seeing how batching compares with TCP segmentation offloading, which is also, at its core, a transmission batching mechanism. The proof is very much in the benchmarks for a patch like this; if the results are good enough, the patch will likely be merged.

Comments (none posted)

Patches and updates

Kernel trees

Core kernel code

Development tools

Device drivers

Documentation

Filesystems and block I/O

Memory management

Networking

Architecture-specific

Security-related

Virtualization and containers

Miscellaneous

Page editor: Jonathan Corbet

Distributions

News and Editorials

Debian's anniversary

By Rebecca Sobol
August 22, 2007
On August 16, 1993 Ian Murdock announced "the imminent completion of a brand-new Linux release, which I'm calling the Debian Linux Release."

Versions 0.01 through 0.90 were released over the next few months, with 0.91 release in January 1994 followed by two 0.93Rx releases in 1995. The number of developers grew and many of the policy and procedures that are used today have their roots in these earlier times, when each package was assigned a developer and a new master server was donated to Debian by HP.

New package management tools dpkg and dselect were the first new tools developed for Debian. The beginnings of Ian's vision of an easy-to-update system.

By the time the first official 1.x version was released (June 17, 1996), Ian Murdock was no longer the Debian Leader. Bruce Perens took over that role in March 1996. Bruce was working at Pixar at that time and the movie Toy Story was produced by Pixar, so it came to be that Debian releases are named after Toy Story characters, beginning with Debian 1.1 "Buzz".

Overall, Debian today stacks up pretty well with Ian's early vision. In some ways it has exceeded anything that could be imagined in 1993. It can be installed as a sleek and slim system, though with nearly 19,000 packages just an apt-get away, an installation may not stay so slim.

A stable Debian install will not contain the most up-to-date of everything, but then for many people running Debian on production servers, that is a good thing. Debian unstable "sid" does provide the up-to-date and easily updatable system Ian wanted to create.

Back in 1993 many people didn't have Internet connections, or had very slow dial-up modems. Part of Ian's vision was to make it easy for the non-connected to get packages and updates. These days that is no longer a priority, though it is always possible to obtain installation CDs.

Debian's Social Contract has guided thousands of volunteers to create perhaps the largest repository of free/open source software anywhere. So thanks Ian, and to all the volunteers that make Debian great.

Historical facts for this article came from A Brief History of Debian.

Comments (none posted)

New Releases

Ark Linux releases 2007.1

Ark Linux has released 2007.1 and 2007.1 Live. The release includes KDE 3.5.7, OpenOffice.org 2.2.1 with full KDE integration, glibc 2.6.1, gcc 4.2.1, Xorg 7.3, amaroK 1.4.7, better hardware detection, and many bug fixes and updates.

Comments (none posted)

Debian GNU/Linux 4.0 updated

The Debian project has announced the first update of its stable distribution Debian GNU/Linux 4.0 "etch". This update mainly adds corrections for security problems to the stable release, along with a few adjustment to serious problems. The first update also corrects a few important issues that have been noticed too late in the release process.

Full Story (comments: 4)

Announcing Opyum 0.0.2 for Fedora

Opyum 0.0.2 is the first stable release of a new Offline Package Manager for Fedora. Opyum was developed by Debarshi Ray as part of the Summer of Code.

Full Story (comments: none)

SmoothWall Express 3.0 Released

SmoothWall Express 3.0 has been released. SmoothWall is a hardened distribution intended for use on dedicated router/firewall systems. New features include ClamAV email filtering, tools for filtering (and recording!) instant messaging sessions, real-time statistics, time-based traffic blocking, a developer edition, and more.

Comments (none posted)

New Distributions

LinuxMCE

LinuxMCE is a free, open source distribution based on Kubuntu. It includes a complete whole-house media solution with PVR and distributed media, and the most advanced smarthome solution available. It is stable, easy to use, and requires no knowledge of Linux and only basic computer skills. The current version is 0704.

Comments (1 posted)

Distribution Newsletters

Fedora Weekly News Issue 101

The Fedora Weekly News for August 13, 2007 is out. Ask Fedora looks at "Location For Menu Entries And Customization" and "64-bit Java Plugin". Also "Fedora Daily Package Articles in Chinese", "MediaWiki - Collaborative publishing", "RenRot - Rename and rotate photos", "Wednesday Why: Logins and Sessions", "GKrellM - System monitoring tool", "TaxiPilot - Drive a Space Taxi" and "Fedora Daily Package Weekly Video Summary", and other topics.

Full Story (comments: none)

Gentoo Weekly Newsletter

The Gentoo Weekly Newsletter for August 13, 2007 covers LWE San Francisco, Simplified Chinese Gentoo Handbook, Gentoo Screenshot Contest and more.

Comments (none posted)

Ubuntu Weekly News: Issue #53

The Ubuntu Weekly Newsletter for August 18, 2007 covers Celebratory Hug Day for GNOME, updates on compromised community servers and LoCo options, LinuxMCE Media Centre addon for Kubuntu, the Portuguese Team's effort to put FOSS in schools, and much much more.

Full Story (comments: none)

DistroWatch Weekly, Issue 216

The DistroWatch Weekly for August 20, 2007 is out. "Another busy week of beta testing ahead, with Mandriva, openSUSE and Ubuntu all readying their latest development builds to be released later this week. In the news section: the Ubuntu developers worry about regressions in Compiz Fusion, Puppy Linux introduces experimental features, NimbleX delivers a world's first 100 MB live CD with KDE, and Trustix Secure Linux finds itself being slowly abandoned - both by its developers and its users. In the featured article of the week we'll take a look at the current status of Gentoo Linux and question the project's ever increasing complexity."

Comments (none posted)

Newsletters and articles of interest

Ark Linux Releases 2007.1 and Announces KDE 4 Plans (KDE.News)

KDE.News looks forward to Ark Linux 2007.2, which will preview KDE 4.0. "The release of Ark Linux 2007.1 also marks the beginning of the development cycle for Ark Linux 2007.2 - over the next few days, we will upgrade our development tree "dockyard-devel" to snapshots of the upcoming KDE 4.0 desktop. Ark Linux 2007.2 is expected to be released shortly after KDE 4.0 - a pre-release for developers and people who are curious about KDE 4.0 will be made available as soon as the migration is complete."

Comments (none posted)

Technalign releases new community based distribution, Pioneer Linux (DesktopLinux)

DesktopLinux looks at Technalign, the company behind Pioneer Linux. "Technalign, developers of both the community and commercial Pioneer Linux operating systems, recently announced the release of Pioneer Explorer 1.0 and the Programs folder. In the past, Technalign built its Linux distributions from Ubuntu, Debian and MEPIS codebases. While this new distribution still shows its Ubuntu/Debian roots, it's now going in its own direction."

Comments (none posted)

Distribution reviews

Freespire aspires, but fails to inspire (Linux.com)

Linux.com has a review of Freespire. "Freespire, the free as in beer version of the Linspire Linux distribution, this month released Freespire 2.0, the first version of the operating system based on the popular Ubuntu distribution, and the first to contain proprietary codecs and drivers. Despite its attractive appearance, it left me with mixed feelings."

Comments (none posted)

Page editor: Rebecca Sobol

Development

Google Summer of Code: Mozilla Projects

August 20, 2007

This article was contributed by Nathan Sanders

This is the fifth in LWN's series of Google Summer of Code (GSoC) 2007 articles. The first four articles covered the program launch, Ubuntu's projects, the OpenMRS organization, and one student who is tackling Direct3D 10 support for Wine.

After breaking into the Google Summer of Code last year, Mozilla is back again as a major mentoring organization. They were delegated nine projects last year and are hosting ten this year, the sixteenth most of the 137 participating organizations in the GSoC 2007. Moreover, due to the mainstream popularity of Firefox and Thunderbird, the code that Mozilla's students are developing this summer will likely be among the most visible of any organization's. This summer's code is made all the more interesting by the concurrent ramp up in development prompted by the impending release of Firefox 3. Read on to learn about four of this prominent mentoring organization's most interesting projects and hear from both the students and the mentors as they rush to complete their projects by Google's final code deadline on August 20th.

Nick Kreeger's "Enable Roaming Support in Thunderbird" (mentored by David Bienvenu)

Student Nick Kreeger has a great idea for anyone that reads their email with Thunderbird, Seamonkey, or his own Mac OSX mail client Correo from multiple computers at home, work, and anywhere else. Kreeger is integrating functionality into the Mail/News framework component that will allow all Mozilla-based email clients to synchronize preferences and address books through IMAP and POP accounts, though the feature must be integrated into the interface of each application. Kreeger has already coded the core roaming service for Mail/News with full support for IMAP (POP support is "coming along smoothly"). He will begin developing a Thunderbird interface to the service before the end of the GSoC, but he notes that it may wind up in an extension.

The synchronization is performed by passing email messages through the user's mail account. The message will either contain a list of the changes a user has made to his preferences and address book or, after a set number of those "delta messages," a full copy of the data for good measure. In an IMAP setup, these messages will be sequestered from users in hidden-unsubscribed folders, while for POP the mail client will simply hide the messages in the inbox. The core roaming service sends and retrieves these updates from the server and notifies the interface when new data is available. Kreeger notes, "We want to expand this synchronization to include saved searches, RSS feeds, mail filters, .newsrc files, tag definitions, views, and more." He also intends to deliver full documentation on his code, but perhaps not until after the GSoC deadline.

A simple security precaution should keep at bay the potential security risk presented by accepting emails as application configurations. He explains, "We are planning to implement a PIN system for signing update messages in a similar fashion to how you can sign a messages with a certificate in Thunderbird." Project updates can be found on Kreeger's blog. The student recently graduated with a a Bachelors Degree in Information and Computer Science (Software Engineering Emphasis) from Park University near Kansas City, MO. Mentor David Bienvenu, who Kreeger credits with developing the concept behind the project, is a Mozilla module owner for the Thunderbird project and the Mail/News component.

Kunal Jain's "Places: Indexing Visited Pages" (mentored by Dietrich Ayala)

Student Kunal Jain is vying to resolve one of Firefox's longstanding feature requests, full-text search for visited pages. While Firefox derivative Flock has beat him to the punch by using CLucene for full text search, Jain is seeking a lighter-weight solution that will integrate seamlessly with the SQLite database which is already being used in Firefox 3's Places bookmarking and history system. He settled on the FTS2 SQLite module and has developed a detailed strategy for its implementation.

The full text search feature will hook into the Places query system via the existing nsNavHistoryQuery class, which allows for searches constrained by date and time. The nsNavFullTextIndex class will be responsible for calling FTS2 to rifle through visited pages for search terms, and will index them when called by nsNavFullTextIndexHelper upon page request events. One last class, nsNavFullTextTokenizer, is a wrapper for FTS 2's tokenizer that will prepare web pages for indexing by recognizing important terms and stripping HTML tags. Jain's design underwent substantial renovation during the GSoC before reaching its final form. Mentor Dietrich Ayala writes, "We had to re-orient the design as the understanding of SQLite's internals increased. We had terrific input from a hacker on SQLite's full-text-indexing module, which was quite helpful."

Unfortunately, not everything has gone as hoped for the project. As of August 8th, the design had been reworked and finalized, but no code had been written due to time-restricting duties at the student's job. Jain insists that he would like to have a prototype ready by the end of the GSoC, but Ayala is not confident that it will be ready for inclusion in Firefox 3 when the code freeze begins on September fifth. Nonetheless, both mentor and student are pleased to present to the community with a strong foundation from which this valuable and widely-requested feature can be implemented correctly, perhaps for Firefox 4. Ayala explains, "This has been on Mozilla's radar for a long time, and it's great that Kunal has been able to lay the foundation for making this happen."

Jain stresses that he will continue contributing to Mozilla past the impending GSoC deadline. Project updates may be found at his project's page on the Mozilla wiki. Kunal Jain recently graduated with a Bachelor of Technology, Information Technology degree from Sri Venkateswara College of Engineering in Chennai, India. Dietrich Ayala has been a developer with Firefox since February of 2006 and has been involved with the session restore feature and, pertinently, Places.

Benjamin Karel "JPEG2000 Support for Firefox" (mentored by Stuart Parmenter)

JPEG2000, the revamped JPEG format with "state-of-the-art compression techniques based on wavelet technology," was introduced about seven years ago. While the merits of JPEG2000 for various applications are debatable, its arguably higher image quality at high compression rates would seem to make it a good fit for the web. While compression and decompression are costlier with JPEG2000, the price of bandwidth versus processor time may justify the newer format for everyday web applications. Unfortunately, JPEG2000 support among browsers remains a rarity. Computer Imaging developer Mike Chaney argued two years ago on the reputable Steve's Digicams that "software manufacturers... are waiting for camera manufacturers to start supporting JPEG2000 as a native format in cameras and other devices. In turn, the camera manufacturers are waiting for global acceptance of the format in tools like web browsers, image management tools, photo editors, and other software." The situation today seems identical to that at the time of his writing and, indeed, to the climate surrounding the release of JPEG2000 seven years ago - just look at the Mozilla bug report (assigned to mentor Stuart Parmenter) where, year after year, users encourage Firefox to "stand out from the crowd" with JPEG2000 support.

This summer, student Benjamin Karel has done his part to spur mainstream JPEG2000 support. He has developed an extension for rendering JPEG 2000 which is compatible with both Firefox 2 and 3 (the codebase for them is the same, though he notes that each version requires a separate extension). His extension implements the free software JasPer decoder and can correctly render all nine JPEG2000 conformance test files, though Karel raises issue with JasPer's documentation and some aspects of its compatibility with particular caveats of the JPEG2000 specification. Despite various time-consuming personal obligations and wisdom tooth surgery, his project has been a success.

Nonetheless, roadblocks remain to the mainstream adoption of JPEG2000, even among the distinct subset of web users which Firefox represents. Both Karel and Parmenter agree that it would be inappropriate to integrate the feature with the Firefox trunk where it would see more widespread use than as an extension. Karel's code would add about 150KB to the browser's famously stingy download size and contribute that much more to Mozilla's support obligations. Karel notes that his code would be more likely to be accepted if the state of JPEG2000 support was better in graphics editing tools, but he admits, "It's a chicken-and-egg problem, yes, but it's not Mozilla's problem. Their job is to spend their limited resources as efficiently as possible." Parmenter says, "Once the extension gets published we can get a lot more eyes on it and get some of that additional testing we would want before shipping it with our main product."

Karel would like to develop an image-decoder finding service for Firefox that would recommend extensions like his own when users come up against an unsupported image format. Parmenter adds, "I would love to see an extension for things such as HD Photo and TIFF." It seems likely that Mozilla will elect to use a model like this for supporting burgeoning image formats in their sheltered flagship product. Karel's blog carries updates on his project. Karel is an undergraduate Computer Science student at the University of Delaware, while Parmenter is a Mozilla veteran since 1998, heavily involved in nearly every aspect of their products' graphics technology.

Edward Lee's "Link Fingerprints" (mentored by Gervase Markham)

Over two years ago, now, mentor Gervase Markham posted an ingenious idea to his blog. Even the best of us, he realized, are often too lazy to compare the checksums that are posted alongside Linux ISOs and other content online. Others may not even be aware of the process. The consequence is corrupted downloads and an increased risk for trojaned files being exchanged over the Internet. His solution was to include the checksum as metadata in the URL of the file itself so that browser download managers could automatically verify files. The implementation would not affect older browsers and those which choose not to support it and would appear transparent to users. Having been involved with the Firefox community for a few years as a bug sweeper, student Edward Lee jumped on the old idea this summer in order to give himself a crash course on the browser's codebase.

Lee developed the idea into a draft specification for the Internet Engineering Task Force. His submitted design states that the checksum would be included as a fragment identifier, meaning that it would be information appended to a URL specifically for the user agent (web browser or download manager). URLs with link fingerprints would look like this: http://mirror.com/file#hash(sha256:abc123). While any hashing algorithm could be supported in this fashion, Lee chose to encourage initial standardization around sha256. A file's hash would be calculated incrementally while downloading so that it could be compared immediately once transferred. In the uncommon event that the file fails to verify with the checksum, the user would be notified and advised to alert the content provider.

By the mid-term evaluation deadline on July 9th, Lee had an implementation of the system working and tested. He had integrated his code with Necko, Mozilla's low-lying networking library whose features automatically filter up to Firefox, Thunderbird, and other products built on the Mozilla Platform. Soon afterward, Lee writes, things came to a halt: "The decision to not implement Link Fingerprints in Necko came from Brendan Eich (Mozilla CTO) and Christian Biesinger (Necko module owner) who felt that implementing this non-standardized feature in a way that coupled itself closely to the networking code would potentially hurt everything else built on top of Necko in the long run." After some fidgeting with different implementations, the project was more or less abandoned. Meanwhile, Lee notes critical reception from the IETF community: "Major complaints include unnecessarily overloading the URI with additional metadata in a way that would make it difficult for new uses of the fragment identifier for other MIME types, as well as using the fragment identifier for a purpose that it wasn't intended for." While things seem bleak for link fingerprinting, Markham does indicate that there is some interest among download manager developers and there remains a slight possibility that the feature will eventually appear in the Firefox 3 download manager. Updates may be found on Mozilla's Bugzilla entry for Link Fingerprints.

Lee has been able to expend his newfound familiarity with the Firefox codebase into other development areas. He has begun working on features for the Firefox 3 download manager and the new JavaScript engine ActionMonkey. He reports favorably of his experience with the project: "For those interested in hacking on Firefox, it turns out it's not too difficult to do so; just hop on IRC and ask around and people are bound to help if one asks nicely and remains patient." Lee will begin pursuing a Ph.D. in Computer Architecture/Compilers this Fall at the University of Illinois at Urbana Champaign. Markham has been, in his own words, a "Loose Cannon" at Mozilla since January 2000, principally involved with project governance.

Comments (14 posted)

System Applications

Backup Software

Areca Backup v5.3.1 is available (SourceForge)

Version 5.3.1 of Areca Backup has been announced. "Areca Backup is a file backup tool written in java. It supports data compression & encryption, incremental backup, file history explorer and many other features. Areca Backup also includes a transaction mechanism which guarantees your backups' integrity".

Comments (none posted)

Database Software

phpMyAdmin 2.11.0 is released (SourceForge)

Version 2.11.0 of phpMyAdmin, a web-based MySQL administration tool, has been announced. "Welcome to phpMyAdmin 2.11, which will probably be the last series supporting PHP 4. This version supports creating VIEWs from query results and can manage triggers, procedures and functions. It also supports MySQL 5.0.37 query profiling and has an improved interface for servers hosting thousands of databases and tables."

Comments (none posted)

PostgreSQL Weekly News

The August 19, 2007 edition of the PostgreSQL Weekly News is online with the latest PostgreSQL DBMS articles and resources.

Full Story (comments: none)

Filesystem Utilities

announcing Allmydata-Tahoe v0.5

Version 0.5 of Allmydata-Tahoe, a secure, decentralized storage grid, is out with several new capabilities. "With Tahoe, you can store your files in a distributed way across a set of computers, such that if some of the computers fail or become unavailable, you can still retrieve your data from the remaining computers. You can also securely share your files with other users. This release is targeted at hackers and users who are willing to use a text-oriented web user interface, or a command-line user interface."

Full Story (comments: 2)

TestDisk version 6.8 announced

Stable version 6.8 of TestDisk has been announced. "TestDisk is a tool to check and undelete partitions. It works with the following partitions: FAT12, FAT16, FAT32, Linux (EXT2/EXT3/HFS/JFS/RFS/XFS), LInux Raid, Linux swap, NTFS (Windows), BeFS (BeOS), UFS (BSD), and Netware NSS."

Comments (none posted)

Interoperability

Samba 3.0.25c available for download

Version 3.0.25c of Samba has been announced. "This is the latest production release of the Samba 3.0.25 code base and is the version that servers should be run for for all current bug fixes. Major bug fixes included in Samba 3.0.25c are: File sharing with Widows 9x clients. Winbind running out of file descriptors due to stalled child processes. MS-DFS interoperability issues."

Full Story (comments: none)

Web Site Development

Gallery 1.5.7 released (SourceForge)

Version 1.5.7 of Gallery has been announced. "Gallery is a slick Web-based photo album written using PHP. It is easy to install, includes a config wizard, and provides users with the ability to create and maintain their own albums in the album collection via an intuitive Web interface. Photo management includes automatic thumbnail creation, image resizing, rotation, ordering, captioning and more. Albums can have read, write, and caption permissions per individual authenticated user for an additional level of privacy."

Comments (none posted)

Plone 3.0 released

Version 3.0 of Plone - a Zope-based content management system - has been released. New features include much improved version management, tighter security, Ajax-based editing, and much more. See the community announcement, the Plone 3.0 feature list, or the press release for details.

Comments (2 posted)

Django Roundup

The August 19, 2007 edition of the Django Roundup covers the latest news from the Django web platform.

Comments (none posted)

Miscellaneous

Supervisor 3.0a1 released

Version 3.0a1 of Supervisor, a Python-based UNIX process controller, has been announced. "v3.0a1 is a major feature release version. Most of the features were commissioned by Maintainable Software . As well as contributing development funding, members of Maintainable have contributed a good deal of code to the supervisor codebase." (Thanks to Chris McDonough).

Comments (none posted)

Desktop Applications

Audio Applications

TkEca 4.2.0 released

Version 4.2.0 of TkEca, a GUI interface to the ecasound audio utility, is out with a long list of new features.

Full Story (comments: none)

BitTorrent Applications

Azureus 3.0.2.0 released (SourceForge)

Version 3.0.2.0 of Azureus, a cross-platform bittorrent client, has been announced. "Azureus 3.0.2.0 brings the version numbering back into line and should reduce confusion over which 2.x version maps to which 3.x version. Existing 2.x users will get the classic UI, while new and existing 3.x users will get the Vuze client UI, with the option to switch back to the 2.x UI if you choose."

Comments (none posted)

Business Applications

JasperServer 2.0.1 released (SourceForge)

Version 2.0.1 of JasperServer is available with some new capabilities and bug fixes. "JasperServer is a business intelligence platform based on JasperReports. It is a Web and Web services based application for reporting, data analysis (OLAP UI and server) and data integration."

Comments (none posted)

OrangeHRM 2.2.0.2 released (SourceForge)

Version 2.2.0.2 of OrangeHRM has been announced. "The new version of OrangeHRM – Open Source Human Resource Management has just been released. The OrangeHRM 2.2.0.2 contains the improvements of upgrade software and eliminates the bugs that were noticed while trying to update OrangeHRM to the latest stable 2.2 release. The version also contains the bug fixes for the bugs reported in PIM module as well as the bugs, related to using the application applying different language pack."

Comments (none posted)

What's the Matter with JMatter? (O'Reilly)

Eitan Suez introduces JMatter on O'Reilly. "JMatter proposes that you, the developer of a small business application, concern yourself primarily with the business logic or the domain in question, for example, say we're developing a solution for a school, perhaps to administer or manage a curriculum. Alternatively, perhaps we're trying to write a system to better manage parts at an automotive shop, or perhaps we're dealing with real estate properties for sale. You get the picture. JMatter further proposes that you consider most software development tasks that are not directly related to the business domain (such as persistence, writing the user interface, authentication, deployment, and more) as plumbing: it's someone else's job. In fact it's JMatter's job."

Comments (none posted)

Desktop Environments

GARNOME 2.19.90 announced

Version 2.19.90 of GARNOME, the bleeding-edge GNOME distribution, is out. "This release includes all of GNOME 2.19.90 plus a bunch of updates that were released after the GNOME freeze date."

Full Story (comments: none)

GNOME 2.19.90 released

Version 2.19.90 of GNOME, also called GNOME 2.20.0 Beta 1, is out. "This is our seventh development release on our road towards GNOME 2.20.0, which will be released in September 2007. New features are still arriving, so your mission is simple : Go download it. Go compile it. Go test it. And go hack on it, document it, translate it, fix it."

Full Story (comments: none)

GNOME Software Announcements

The following new GNOME software has been announced this week: You can find more new GNOME software releases at gnomefiles.org.

Comments (none posted)

KDE Commit-Digest (KDE.News)

The August 19, 2007 edition of the KDE Commit-Digest has been announced. The content summary says: "The Summer of Code for 2007 nears its end. Implementation of more features in the Step physics simulation package. More graphical game themes in KMahjongg, KWin4 KShisen, KGoldRunner and KJumpingCube. The start of a new game, KDiplomacy. More development in the Blitz graphics library. Lyrics Plasma applet and other interface work for Amarok 2. The start of the implementation of panels, and a clipboard engine in Plasma. More features in the ODBC Data Sources KControl module. Animation support in the Raptor menu..."

Comments (none posted)

Quickies: Amarok 1.4.7, MEPIS KDE 4, Desktop Survey, Lugradio Talk (KDE.News)

KDE.News has published a new Quickies article with the following topics: "Amarok 1.4.7 was released with improved collection backend, new streams, altered icon and bugfixes. The annual Desktoplinux.org Survey is under way. MEPIS released a KDE 4 Beta 1 live DVD using packages from Kubuntu. The videos from Lugradio Live are up including Ben Lambs' Conquering the Desktop with KDE 4. Finally, following the 10th anniversary of the free desktop last year, congratulations to another project which has gained double figures in age, but whatever did happen to those Scheme applets?"

Comments (none posted)

KDE Software Announcements

The following new KDE software has been announced this week: You can find more new KDE software releases at kde-apps.org.

Comments (none posted)

XFree86 Release 4.7.0

Release 4.7.0 of XFree86 has been announced. Changes include security fixes, video driver enhancements, XKB updates, X Server and Extension updates, Library, Client and Utility updates and more. See the release notes for details.

Comments (1 posted)

Xorg Software Announcements

The following new Xorg software has been announced this week: More information can be found on the X.Org Foundation wiki.

Comments (none posted)

Encryption Software

GnuPG 2.0.6 released

Version 2.0.6 GnuPG has been announced. "This is maintenance release with a few minor enhancements. The GNU Privacy Guard (GnuPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data, create digital signatures, help authenticating using Secure Shell and to provide a framework for public key cryptography."

Full Story (comments: none)

Games

KoLmafia version 11.4 released (SourceForge)

Version 11.4 of KoLmafia has been announced. "KoLmafia is a cross-platform desktop tool which interfaces with the online adventure game, Kingdom of Loathing. KoLmafia is written in Java (J2SE 1.4 compliant), with binary releases in JAR format."

Comments (none posted)

Robocode 1.4 released (SourceForge)

Version 1.4 of Robocode has been announced. "Robocode is a Java based programming game, where the goal is to develop robot battle tank to battle against competitor tanks. The moto of Robocode is: Build the best, destroy the rest! Robocode requires a Java SE 5.0 Runtime Environment (JRE) to run."

Comments (none posted)

Medical Applications

Mirth 1.6 released (LinuxMedNews)

LinuxMedNews has announced the release of Mirth 1.6, a health information system. "This is a significant upgrade which includes both critical bug fixes and new features. The functionality and stability of existing connectors has been improved to fully integrate with even more third-party systems. The user interface has also been enhanced to make channel development and maintenance even easier. Additionally, this release includes NCPDP support, real-time connection monitoring and plug-in functionality."

Comments (none posted)

Multimedia

MediaInfo 0.7.5.2 released (SourceForge)

Version 0.7.5.2 of MediaInfo has been announced. "MediaInfo supplies technical and tag information about video or audio files (MKV/AVI/MOV/MPEG1, 2, 4/M4A/M4V/MP3/AAC/RM/...) There are several versions: Graphical interface, Command line, or DLL for third-party software develo[p]ers (like emule). GUI is multi-language. In this release: Correction of crashes in the PPC version, better Linux handling, some bugs correction."

Comments (none posted)

Music Applications

horgand 1.10 released

Version 1.10 of horgand, an organ synthesizer, is out. "New features including percussion drawbars, new DSP chorus effect and delay line buffers that coexist with rotary effect, restore program and visual settings each session, JACK support improved reducing CPU usage and new presets."

Full Story (comments: none)

midish 0.3.0 released

Version 0.3.0 of midish, a shell-like MIDI sequencer/filter, is out. "Changes include: Support for 14bit controller and NRPN/RPN events has been added. Now the complete MIDI state can be restored at any song position. Two tracks can be merged resolving all conflicts. New editing functions always keep controllers/bender in a consistent state. Improved documentation, usability and code quality."

Full Story (comments: none)

Miscellaneous

Magstriper 0.2 released (SourceForge)

Initial release version 0.2 of Magstripper is available. "Magstripper is a magnetic card reader and decoder that takes raw waveform information from a magnetic audio head and processes it via a mic input. It also includes a multi-user access control system with the ability to control a magnetic strike."

Comments (none posted)

PocketSphinx 0.4, SphinxBase 0.3 released (SourceForge)

Version 0.4 of PocketSphinx has been announced. "Sphinx is a speaker-independent large vocabulary continuous speech recognizer released under a BSD style license. It is also a collection of open source tools and resources that allows researchers and developers to build speech recognition systems. The latest release of PocketSphinx is now available. It requires SphinxBase 0.3, which has been released simultaneously." Version 0.7 of the associated Sphinx3 has also been announced.

Comments (none posted)

PyKeylogger 0.8.2 released (SourceForge)

Version 0.8.2 of PyKeylogger has been announced. "PyKeylogger is a simple keylogger written in python. It is primarily designed for personal backup purposes, rather than stealth keylogging (though it can do that, too). It does not raise any trust issues, since it is a short python script that you can easily examine. This is a bugfix release."

Comments (none posted)

Languages and Tools

JSP

Advanced JavaScript II (O'ReillyNet)

O'Reilly has published part two in a series on advanced JavaScript. "Continuing on from the first part of this series, Howard Feldman dives deeper into all the ways you can morph your web pages with a little JavaScript magic. This month he shows us how to swap photos, do tabbed panes, expand and contract tree lists, and do drop-and-drag item ordering."

Comments (1 posted)

Python

Python-URL! - weekly Python news and links

The August 20, 2007 edition of the Python-URL! is online with a new collection of Python article links.

Full Story (comments: none)

Tcl/Tk

Tcl-URL! - weekly Tcl news and links

The August 22, 2007 edition of the Tcl-URL! is online with new Tcl/Tk articles and resources.

Full Story (comments: none)

XML

XForms, XML Schema, and ROX (O'Reilly)

Kurt Cagle writes about XForms, XML Schema and ROX on O'Reilly's XML.com. ""If I have an XML schema, is there any way that I can work with that schema to build forms for populating instances of that schema?" Over the years, I've seen a number of variations on this same question, and generally for a pretty good reason. It takes a lot of work to create a schema in the first place, but when you're done, what you end up with, in general, is something that seems like it should be good to generate something; you have data type information, constraint information, enumerations, and enough other pieces that it would seem that making forms from them should be a cake walk. However, the process is generally fraught with more land mines than you might expect."

Comments (none posted)

Version Control

GIT 1.5.2.5 announced

Version 1.5.2.5 of GIT has been announced. "Although 1.5.3 has been in -rc cycle for quite some time, there was a rather nasty data corruption bug discovered, so here is primarily to push that fix out."

Full Story (comments: none)

Page editor: Forrest Cook

Linux in the news

Recommended Reading

How many Linux desktop users are there? (DesktopLinux)

DesktopLinux looks at a project to count desktop Linux users. "Desktop operating systems numbers, even when gathered by top research companies, such as IDG and Gartner, are often a bit fuzzy. When it comes to uncommon desktop operating systems, like Linux, the numbers often amount to little more than an educated guess. Now, a new open-source program, statix, promises to give accurate data on how many Linux desktops are actually in use."

Comments (25 posted)

Selling software that sells itself: An interview with Matt Asay (LinuxWorld)

Don Marti interviews Matt Asay. "Open source is changing not just how companies make software, but how they sell it. Alfresco's Matt Asay explains the new sales cycle and the skills that today's software sales people need to close deals."

Comments (2 posted)

Linus Torvalds interview (EFYTimes.com)

EFYTimes.com has an interview with Linus Torvalds. "Did Microsoft's Men In Black ever met Linus Torvalds? But why is he so critical of GPLv3? Why does he slam Subversion? What would happen to the kernel development if he chooses to do something else more important? These are some of the questions Linux/open source community from around the globe wanted to ask Linus. And, here is Linus candid and blunt, and at times diplomatic, answering your questions. Check if the question you wanted to ask to the father of Linux is here and what does he have to say..."

Comments (none posted)

Trade Shows and Conferences

Hands-on Linux training at SHARE (Linux.com)

Nathan Willis covers the SHARE conference on Linux.com. "San Diego -- Mainframe programmers and sysadmins get more than just sales pitches and informational talks at SHARE this week -- they also get real-world training. I sat in on a number of educational sessions and hands-on labs at the conference, taught by engineers from IBM, Novell, and independent software vendors."

Comments (none posted)

The SCO Problem

Judge Kimball Sets the Rules of the Road for SCO v. Novell (Groklaw)

Groklaw covers the process for the remainder of the SCO v. Novell trial. "But September 17 at 8:30 AM is the date set for the trial to begin. Judge Kimball states in this document that while it was originally pencilled in to last 3 weeks, it should be 'substantially shorter' now."

Comments (13 posted)

Companies

Novell: 'We're not SCO' and we won't sue (Computerworld UK)

Computerworld UK reports on comments made by Novell spokesman Bruce Lowry after the recent SCO/IBM court ruling. "Lowry said the ruling means "the cloud has lifted over Linux." Users and distributors of the open-source OS finally can breathe a sigh of relief that they are not in violation of Unix copyrights. "We don't believe there is Unix in Linux," Lowry said. "We've been fighting that all along. It wouldn't be consistent for Novell to say, 'Oh gosh, now that this has been confirmed, we're going to suddenly take a different position' and sue companies for copyright infringement.""

Comments (none posted)

Is VMware too close to Linux? (The Register)

The Register looks at VMWare's IPO, which could be in trouble before it happens. "Writing on his blog VentureCake, Linux specialist Mike MacCana thinks he might have found a bit of rust on VMware's shining armor. He claims that VMware's ESX server is derived from Linux, and therefore is not legally re-distributable as proprietary software."

Comments (32 posted)

Xandros + Microsoft Deal Gives Linux E-mail Server a Second Chance (BetaNews)

BetaNews examines the history behind the Microsoft/Xandros partnership and the Scalix email server. "In the latest stage of a collaboration that's looking more and more like it was planned to work out this way months ago, Microsoft announced today the extent of the intellectual property it's licensing to newly acquired Linux client Xandros. In addition to some systems management protocols, it's getting access to ActiveSync, a crown jewel of Microsoft IP that may come just in time to resuscitate Xandros' newest division."

Comments (none posted)

Yahoo challenge to Google has roots in open source (Baseline)

Baseline Magazine takes a look at Hadoop. "If you want to get your hands on an open source version of some of Google's core technologies, maybe you should ask Yahoo. Yahoo has emerged as one of a major sponsor of Hadoop, an open source project that aims to replicate Google's techniques for storing and processing large amounts of data distributed across hundreds or thousands of commodity PCs (see Baseline's report: How Google Works). Last year, Hadoop project founder Doug Cutting became a Yahoo employee, and at July's Oscon open source conference he and Yahoo's director of grid computing Eric Baldeschwieler detailed how they are applying the technology."

Comments (2 posted)

Interviews

People Behind KDE: Summer of Code 2007 (2/4) (KDE.News)

KDE.News introduces this People Behind KDE interview with some of the Summer of Code participants. "People Behind KDE releases the second of in its series of four interviews with students who are working on KDE as part of the Google Summer of Code 2007 - meet Bertjan Broeksema, Carlos Licea, Pierre Ducroquet and Gavin Beatty!"

Comments (none posted)

Plone Foundation unwraps major content management release (LinuxWorld)

LinuxWorld talks with Plone co-founder Alexander Limi about the Plone 3.0 release. "Versioning was the single most requested feature by Plone's user community, Limi said. As changes are made in online content, Plone 3.0 now automatically keeps track of those alterations, providing a trail of who edited what information as well as the ability to roll back to earlier versions of the content."

Comments (5 posted)

Resources

Troubleshooting Linux Audio, Part 3 (Linux Journal)

Dave Phillips has the final installment in his Troubleshooting Linux Audio series. "At last we reach the final installment of this series, the question & answer stage in which we'll consider some of the common problems encountered with audio and MIDI on Linux, along with some common and perhaps not-so-common solutions to those problems. We've looked at some indispensable items for your Linux system troubleshooting toolkit, now let's see how they are applied."

Comments (none posted)

Hardening your systems with Bastille Linux (Linux.com)

Linux.com takes a look at Bastille. "System administrators need to secure their systems while avoiding locking them down so strictly that they become useless. Bastille is a software tool that eases the process of hardening a Linux system, giving you the choice of what to lock down and what not to, depending on your security requirements. It bundles many of the tasks routinely done to securely configure a Linux system into one package."

Comments (none posted)

How Linux became a mobile phone OS (LinuxDevices)

LinuxDevices has announced a new paper on the Linux transformation to the embedded space. "Linux started out on desktops and servers, but has now shipped on about 20 million mobile phones. Ever wonder how it made the jump? In a new whitepaper, embedded industry pioneer Jim Ready offers a concise technical retrospective on Linux's transition into a mobile phone OS."

Comments (14 posted)

A step-by-step guide to building a new SELinux policy module (Red Hat Magazine)

Red Hat Magazine provides a howto on building SELinux policies. "Before we start, let’s review why we work with policy modules. In the past, in order to modify the current SELinux policy on a system running Red Hat Enterprise Linux 4, a system administrator would have had to to download the policy source, edit the policy source code, and rebuild and install the policy using tools like make install. The introduction of policy modules made this process easier and less error-prone. A system administrator could use the audit2allow utility to generate policy module updates directly from audit.log error messages. These modules function in a way similar to kernel modules in that they enable system administrators to modify part of the policy (a specific module) without having to rebuild the entire thing."

Comments (5 posted)

Reviews

Open Source Stack Delivers The Most Affordable EMR (LinuxMedNews)

LinuxMedNews looks at Waiting Room Solutions version 3.0. "Waiting Room Solutions Version 3.0 is a CCHIT certified EMR and Practice Management system. It was completely built on open source technologies of Linux, Apache, MySQL and PHP. Without the extra costs of paying expensive Microsoft or third party licensing fees, this service can be offered to the physician's office through the Internet in the SaaS model at an extremely affordable price."

Comments (none posted)

Fine-tune RSS feeds with ListGarden (Linux.com)

Linux.com reviews ListGarden. "Most Web publishing systems on the market can automatically generate RSS feeds, but there are situations where you might want to have fine-grained control over your RSS feeds. For example, you might want to provide alternative RSS item descriptions, or to manually select which RSS items to publish. While you can code an RSS feed by hand, you'd be better off using a dedicated tool like ListGarden. It can help you to not only create and manage RSS feeds, but also to do more advanced tasks like publish the feeds on a remote server, back up the feeds, generate an HTML page, and much more."

Comments (none posted)

Miscellaneous

LinuxMCE Partners with KDE for New Release (KDE.News)

Aaron J. Seigo writes about a collaboration between developers of the LinuxMCE media solution and KDE Plasma. "LinuxMCE uses X.org's window compositing functionality to provide a simple to use fullscreen interface that is blended on top of the media being played. This interface is a key focus of LinuxMCE according to lead developer Paul Webber. "The traditional PC user interface doesn't work well on a TV. So a different interface is needed, which is called the '10 foot' interface (in reference to the fact that people interact with media devices such as televisions from a distance). The '10 foot' interface is still in the same state as the desktop was pre 1983. There is no standardisation and each application has to figure out how to present its functionality to a user.""

Comments (1 posted)

Linux Standard Base Broadens ISV Support (OpenEnterprise1)

OpenEnterprise1 looks at ISV support for the LSB. "The non-profit Free Standards Group is getting big support from ISVs for its latest effort to make sure Linux doesn't split into a variety of non-conformant versions. The FSG project, called the Linux Standards Base (LSB), already a core standard among Linux platform vendors, is gaining support from commercial and Open Source software makers -- including IBM, Novell Oracle, Veritas and MySQL."

Comments (1 posted)

Bringing the free software message to TV (Linux.com)

Bruce Byfield talks up GNU/Linux on TV. "As a former course designer and academic, I used to be experienced in talking in front of people. However, one thing I hadn't done until now is appear on television. That, more than anything, is why I agreed to appear on the computer show Lab with Leo Laporte in a five-minute spot about the GNU/Linux desktop. The show is scheduled to appear October 11 on G4TechTV in Canada and the How-To Channel in Australia, with my spot being posted to Google Video on the same day. I won't know if I look savvy or imbecilic until I see how the segment is edited, but the experience taught me several points about appearing on TV in general, and evangelizing for GNU/Linux in the studio in particular."

Comments (3 posted)

Page editor: Forrest Cook

Announcements

Non-Commercial announcements

New job and expert lists on elinux wiki

New job and expert lists are being hosted on the elinux wiki. "In an attempt to try something new (but which we've discussed for some time now), we have added a job and expert list to the new embedded Linux wiki. These are meant to be places where companies with embedded linux work (either contract work or full-time positions) can post them, and for Linux developers to post their job skills. Posting and access to these pages is free of charge."

Full Story (comments: none)

GNOME turns 10

The GNOME community is celebrating ten years of existence. "A one month, world-wide celebration of GNOME's tenth anniversary begins this week, culminating in mid-September with Software Freedom Day and the release of GNOME 2.20. During the celebration month, GNOME contributors will create a scrapbook wiki recording their ten year history, and a commemorative cookery book with 'Open Source' recipes contributed by GNOME community members from around the world."

Full Story (comments: 1)

NIH’s National Database for Autism Research deploys with OpenClinica (LinuxMedNews)

LinuxMedNews reports on the use of OpenClinica, an open-source web-based electronic data capture platform for clinical research, by the NIH National Database for Autism. "The National Database for Autism Research, or NDAR, is a collaborative biomedical informatics system created by the National Institutes of Health to provide a common, nationwide resource to support and accelerate research on autism. NDAR will make it easier and faster for researchers to gather, evaluate, and share autism research data from a variety of sources."

Comments (none posted)

Commercial announcements

Levanta launches free Linux management virtual appliance

Levanta has launched their Intrepid VM Linux Management Appliance. "Levanta® (www.levanta.com), the leader in Linux data center automation, today announced the release of the Intrepid VM Linux Management Appliance. The Intrepid VM is a VMware appliance version of the award-winning Levanta Intrepid line of Linux life-cycle management products, which automate provisioning, change control, migration and disaster recovery processes for Linux systems."

Full Story (comments: none)

New Matrox Graphics 1.4.5 Linux Drivers Provide Enhanced Features for Thin Client Users

Matrox Graphics has introduced new 1.4.5 Linux drivers providing enhanced features and additional support to its Matrox EpicA TC2 and EpicA TC4 multi-display graphics cards for thin computing.

Full Story (comments: none)

OpenEMR HQ Launches total EMR Solution (LinuxMedNews)

LinuxMedNews has announced the launch of OpenEMR HQ. "September 1, 2007 will see the official launch of OpenEMR HQ, a solutions provider offering several "enterprise level" EMR solutions to small to mid-sized clinics. The service will offer both hosted and on-site installations of the OpenEMR electronic medical records software package and a pre-configured, semi-managed appliance called "EMR-RACK" which promises to offer clinics an easy and affordable way to implement OpenEMR."

Comments (none posted)

Citrix acquires XenSource

Citrix Systems has announced a definitive agreement to acquire XenSource, for approximately $500 million in a combination of cash and stock, which includes the assumption of approximately $107 million in unvested stock options. (Thanks to Nathan Lutchansky)

Comments (none posted)

Sourcefire buys ClamAV

Sourcefire has announced the acquisition of the ClamAV anti-virus project. "Under terms of the transaction, Sourcefire has acquired the ClamAV project and related trademarks, as well as the copyrights held by the five principal members of the ClamAV team including project founder Tomasz Kojm. Sourcefire will also assume control of the open source ClamAV project including the ClamAV.org domain, web site and web site content and the ClamAV Sourceforge project page." The announcement posted to the ClamAV list says: "The core team will continue to lead the advancement of ClamAV and the CVD as employees of Sourcefire. Both the ClamAV engine and the signature database will remain under GPL." (Thanks to Alan J. Wylie).

Comments (1 posted)

New Books

JavaScript and DHTML Cookbook, 2nd Ed--New from O'Reilly Media

O'Reilly has published the book JavaScript & DHTML Cookbook, 2nd Edition by Danny Goodman.

Full Story (comments: none)

Programming Collective Intelligence--New from O'Reilly

O'Reilly has published the book Programming Collective Intelligence by Toby Segaran.

Full Story (comments: none)

Contests and Awards

Submit your review and win a year's technical support on 64 Studio

The 64 Studio Ltd. company will give away a technical support package for the 64 Studio multimedia distribution in exchange for reviews. "To enter this contest, all you have to do is download 64 Studio (either 64-bit or 32-bit), try it on your own computer, and write up your experiences. We're looking for the most insightful review, so just writing "64 Studio rocks!" will not win you the prize :-)"

Full Story (comments: none)

Surveys

Git User's Survey 2007

A User's Survey is being held for the Git version control system. "We would like to ask you a few questions about your use of the GIT version control system. This survey is mainly to understand who is using GIT, how and why. The results will be discussed on the git mailing list and published to the GIT wiki at http://git.or.cz/gitwiki/GitSurvey2007. We'll close the survey in three weeks starting from 20 August 2007, on 10 September 2007."

Full Story (comments: none)

Education and Certification

LPI to host discounted exam labs in England and Sweden in September

The Linux Professional Institute will hold exams in England and Sweden in September. "The Linux Professional Institute (LPI), the premier Linux certification organization worldwide, will provide discounted certification testing at LinuxConf Europe on Tuesday September 4th in Cambridge, England and at the Linux Summit Sweden, Wednesday, September 5 in Stockholm."

Full Story (comments: none)

LPI Certification Exams top 150,000 worldwide

The Linux Professional Institute has announced the giving of 150,000 Linux certification exams. "Jim Lacey, President and CEO of the Linux Professional Institute noted the organization's notable growth in the last two years: "In February 2005, five years after our program's inception, we announced that we had achieved 75,000 exams worldwide. In half that time we have doubled the number. This demonstrates the growing momentum and importance of Linux professionalism in the IT industry. Furthermore, it firmly establishes LPI as the global leader in Linux certification.""

Full Story (comments: none)

Calls for Presentations

Call for Papers: 5th Karlsruhe Workshop on Software Radios

A call for papers has gone out for the 5th Karlsruhe Workshop on Software Radios. "The event will be held on March 5-6, 2008 in Karlsruhe, located in the southwest of Germany. This will be a great opportunity to bring the GNU Radio Community together." Submissions are due by November 30, 2007.

Full Story (comments: none)

CFP: LCA SysAdmin Miniconf

Linux.conf.au 2008 (starting January 28 in Melbourne) is beginning to take shape, and the list of miniconfs has been posted. One of them - the system administration miniconf - has posted its call for participation; click below for the details.

Full Story (comments: none)

No cON Name 2007 - Call for Papers

A call for papers has gone out for No cON Name 2007. The event will take place in Palma de Mallorca, Spain on October 11-13, 2007, the submission deadline is September 20.

Full Story (comments: none)

ToorCon 9 CFP

A call for papers has gone out for ToorCon 9, a hacker conference. "Papers and presentations are being accepted for ToorCon 9 to be held at the Convention Center in San Diego, CA on October 19th-21st, 2007. Please email your submissions to cfp [at] toorcon.org; submissions will be accepted until September 9th, 2007."

Full Story (comments: none)

Upcoming Events

Register now for the OpenOffice.org Annual Conference (OOoCon)

The OpenOffice.org Annual Conference will take place in Barcelona, Spain on September 19-21, 2007. "Highlights this year include keynotes from Louis Suarez-Potts and Hu Cai Yong. Louis Suarez-Potts, Community Manager for OpenOffice.org at Sun Microsystems, will present a paper about "OpenOffice.org 3.0 and beyond". Hu Cai Yong is CEO of the Community's newest major corporate sponsor, Redflag CH2000, and will be challenging delegates to think truly global: "designing good applications for the citizens of the world means thinking beyond technology"."

Full Story (comments: none)

Events: August 30, 2007 to October 29, 2007

The following event listing is taken from the LWN.net Calendar.

Date(s)EventLocation
August 27
September 1
International Computer Music Conference 2007 Copenhagen, Denmark
August 29
August 31
KVM Forum 2007 Tucson, AZ, United States
September 1 ENOS 2007 Caldas da Rainha, Leiria, Portugal
September 2
September 4
LinuxConf Europe 2007 Cambridge, England
September 3
September 6
HITBSecConf2007 Kuala Lumpur, Malaysia
September 5
September 7
RAID 2007 Gold Coast, QL, Australia
September 5
September 6
2007 Linux Kernel Developers Summit Cambridge, UK
September 5
September 7
Office 2.0 Conference San Francisco, CA, USA
September 6
September 8
Intelligent Data Acquisition and Advanced Computing Systems Dortmund, Germany
September 7
September 8
LinuxWorld China 2007 Beijing, China
September 7
September 8
LinuxChix Brasil Asa Sul, Brazil
September 8
September 12
GITEX Technology Week Dubai, United Arab Emirates
September 8
September 9
PyCon UK 2007 Birmingham, UK
September 10
September 14
Django Bootcamp with Juan Pablo Claude Atlanta, GA, USA
September 10
September 12
X Developers' Summit Cambridge, UK
September 10
September 12
Sun Grid Engine Workshop 2007 Regensburg, Germany
September 11
September 12
3rd International Conference on IT-Incident Management and IT-Forensics Stuttgart, Germany
September 11
September 14
5th Netfilter Workshop Karlsruhe, Germany
September 11
September 13
VMworld 2007 San Francisco, CA, USA
September 14
September 15
EuroBSDCon 2007 Copenhagen, Denmark
September 14 Django Sprint online,
September 15
September 16
Texas Python Unconference Houston, TX, USA
September 15 Software Freedom Day The Internet, Worldwide
September 17
September 19
RailsConf Europe 2007 Berlin, Germany
September 17 Bruce Perens to speak in Berkeley, September 17 Berkeley, CA, USA
September 18
September 21
Embedded Systems Conference Boston, MA, USA
September 18
September 20
High Performance Embedded Computing Workshop Lexington, MA, USA
September 19
September 21
OpenOffice.org Conference 2007 Barcelona, Spain
September 19
September 21
Gartner Open Source Summit Las Vegas, NV, USA
September 22
September 25
Cell Hack-a-thon II Austin, TX, USA
September 24
September 27
14th Annual Tcl/Tk Conference New Orleans, USA
September 24
September 25
Power Architecture Developer Conference Austin, TX, USA
September 24
September 27
Free and Open Source Software for Geospatial 2007 Victoria, BC, Canada
September 27
September 28
Audio Mostly 2007 Ilmenau, Germany
September 28
September 30
Ohio LinuxFest 2007 Columbus, USA
September 28
September 29
Freed.in Delhi, India
September 28 IRC discussion on AGPLv3 and GPLv3 online, world
September 30
October 3
Gelato ICE: Itanium® Conference & Expo Biopolis, Singapore, Singapore
October 2
October 3
Openmind 2007 Tampere, Finland
October 3
October 5
Apache Cocoon Get Together Rome, Italy
October 6
October 7
Wineconf 2007 Zurich, Switzerland
October 6
October 8
GNOME Boston Summit Boston, MA, USA
October 7
October 9
Graphing Social Patterns San Jose, CA, USA
October 8
October 10
VISION 2007 Embedded Linux Developer Conference Santa Clara, USA
October 8 Embedded Linux Bootcamp for Beginners Santa Clara, CA, USA
October 9
October 10
Profoss Brussels, Belgium
October 10
October 12
Plone Conference 2007 Naples, Italy
October 12 Legal Summit for Software Freedom New York, NY, USA
October 13
October 14
T-DOSE 2007 (Technical Dutch Open Source Event) Eindhoven, The Netherlands
October 13 The Ontario Linux Fest Conference Toronto, Canada
October 13 Aka Linux Kernel Developer Conference Beijing, China
October 16 Databases and the Web London, England
October 17
October 19
2007 WebGUI Users Conference Madison, WI, USA
October 17
October 19
Web 2.0 Summit San Francisco, CA, USA
October 18
October 20
HackLu 2007 Kirchberg, Luxembourg
October 19
October 21
ToorCon 9 San Diego, CA, USA
October 20
October 21
Ubucon.de Krefeld (Köln), Germany
October 20 PostgreSQL Conference Fall 2007 Portland, OR, USA
October 20 ./freedom & opensource day - PERU Lima, PERU
October 21
October 25
OOPSLA 2007 Montreal, Canada
October 21
October 26
Colorado Software Summit Keystone, CO, USA
October 22
October 26
OpenGL Bootcamp with Rocco Bowling Atlanta, GA, USA
October 22
October 23
She's Geeky - A Women's Tech (un)Conference Mountain View, CA, USA
October 23
October 25
Open aLANtejo 07 - CNSL07 Évora, Portugal
October 23
October 26
Black Hat Japan Tokyo, Japan
October 25
October 26
FSOSS 2007 - Free Software and Open Source Symposium Toronto, Canada
October 27
October 28
FOSSCamp 2007 Cambridge, MA, USA
October 27 Linux Day Italy many cities around country, Italy
October 28
November 2
Ubuntu Developer Summit Cambridge, Massachusetts, USA

If your event does not appear here, please tell us about it.

Web sites

MacForge.net: Now Over 45,000 Mac Open Source Projects

MacTech(r) Magazine has announced that its MacForge(tm) Mac open source project index now has over 45,000 projects. MacForge.net was created for not only the experienced open source user, but to introduce the Mac technical community to the wonderful array of projects available.

Full Story (comments: none)

Page editor: Forrest Cook

Copyright © 2007, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds