LWN.net Logo

LWN.net Weekly Edition for September 27, 2007

Two free software choices for the Neo phone

By Jake Edge
September 26, 2007

In a rather brief period of time, we have gone from having no choice of free software to run on our mobile phones to having two. With the announcement of Qtopia Phone Edition (QPE) for the Neo 1973, two software stacks are available for users to choose from. A choice of GUIs will not be a surprise to Linux users, with GNOME, KDE, and others available on that platform, but it is quite a breath of fresh air in the normally locked-down mobile phone arena.

Also tucked into the Trolltech press release was an announcement that all of QPE was being released under the GPLv2. Prior to that, certain components of QPE – telephony, Digital Rights Management (DRM), and the safe execution environment modules – were only available under a commercial source license. The other choice, OpenMoko, which was reviewed in August, is also available under the GPL (v2 or later). Paralleling the differences between the two major desktop environments for Linux, QPE is based on Trolltech's Qtopia – a Qt derived GUI library – like KDE, whereas OpenMoko is GTK-based, like GNOME.

[QPE dialer]

QPE is the more mature software of the two, and it shows in the interface. The Neo port of QPE is more responsive and more consistent than the early versions of OpenMoko, which is not surprising as QPE is already in use. There are millions of QPE phones in the hands of customers, mostly in Asia, so QPE has been put through its paces already, while OpenMoko is still under rapid development.

QPE on the Neo suffered from some of the same audio issues – mediocre quality and echo canceling problems – that were found with OpenMoko, which could easily be caused by the hardware or Linux drivers. It is, after all, an early developer release. OpenMoko is still working on the final hardware design for the "mass market" version, scheduled for December, presumably these kinds of issues are high on their list. With additional hardware being added - accelerometers, graphics hardware, and Wi-Fi networking - there is still a great deal to do.

[QPE main menu]

The QPE applications are more numerous and offer more functionality than those found on OpenMoko. The current version does suffer from a number of glitches, though, as audio must be enabled manually and the suspend functionality is flaky at best. It does have most of the features that users have come to expect from a mobile phone, which gives it quite a bit of a lead on OpenMoko.

Trolltech has a hardware platform available to developers as well, the Greenphone, but it is more of a reference platform, rather than a consumer-oriented device. Changing the license on the entire QPE platform, while providing the software on a device that developers can actually use as a phone is a good strategic move for Trolltech. It should attract free software developers, resulting in additional software available for their phones.

It is nice to see the OpenMoko and QPE developers play nicely together; much of the infrastructure that OpenMoko put in place is being used by QPE and the two groups have been cooperating to port QPE to the Neo. OpenMoko behaves quite differently from other companies in the embedded device space. They have little interest in lock-in, preferring to build a useful hardware device for which multiple different software stacks can be written. They put together an infrastructure layer based on Linux and invited anyone to join in.

It is quite possible that other software vendors will do just that. Sun had a demo of its JavaFX Mobile phone software running on the Neo in May and has promised to GPL that code at some point. All of these options will allow users to pick an interface that works well for them, taking their data, ringtones, and, in many cases, favorite free applications along with them. Choices are not something that mobile phone users are used to – they are generally stuck with annoying, crippled interfaces forced on them by the manufacturers and carriers. – but it is something they could get used to.

Comments (9 posted)

GPL enforcement: waiting for the Monsoon

By Jonathan Corbet
September 26, 2007
Some lawsuits begin quietly, others are launched with great fanfare. The Software Freedom Law Center and two BusyBox developers have recently decided to take the latter approach to address a GPL compliance problem. The SFLC's press release reads:

The Software Freedom Law Center (SFLC) today announced that it has filed the first ever U.S. copyright infringement lawsuit based on a violation of the GNU General Public License (GPL) on behalf of its clients, two principal developers of BusyBox, against Monsoon Multimedia, Inc.

Before getting into the meat of the matter, it is hard to resist quibbling about the details. To that end, one could look at another GPL lawsuit press release, this one from the FSF:

Eben Moglen, General Counsel to the Free Software Foundation (FSF), will testify as an expert witness in the Progress Software Corporation vs. MySQL AB case currently pending in United States District Court in Massachusetts. The current focus of this case is a preliminary injunction sought by MySQL AB concerning a violation of the GNU General Public License (GPL) by Progress Software Corp.

In this case, the judge declined to enforce the GPL in a summary judgment motion, though the ruling acknowledged that MySQL appeared to have the stronger argument. The dispute was eventually settled, with Progress releasing its proprietary MySQL enhancements. It should also be remembered that IBM has brought GPL-violation charges against the SCO Group. So this suit might be the first which is exclusively about GPL enforcement in the US, but it is not the first time that the GPL has been the subject of a suit.

The dispute this time around relates to Monsoon Media's HAVA series of products designed to control and distribute television signals throughout the home. In March, 2007, a HAVA owner started a forum topic by asking if the product contained Linux. Nothing happened until the end of August, when another participant noticed that the firmware image clearly contained a version of BusyBox. On September 5, a Monsoon employee replied:

I have a little secret to let you in on - HAVA runs Linux! Yes, much of the source is GPL and we should publish those sections which we have modified per the terms of GPL. A project is underway to pull this together.

This person went on to suggest that, by looking inside the HAVA firmware, the forum posters were violating the end user license agreement for that software and that they should desist. The EULA talk did not go very far (it was pointed out that anybody can download the firmware without agreeing to the EULA), but the "project to pull this together" on GPL compliance also did not seem to go very far. Responses to questions on when a release could be expected were vague at best, and often absent entirely. Evidently private communications from the BusyBox developers went unanswered.

So, September 20, the SFLC filed suit on behalf of BusyBox developers Erik Andersen and Rob Landley. The complaint could be a textbook example of a straightforward GPL-violation charge; it complains of copyright infringement and asks for remedies in the form of an injunction against further distribution and monetary damages. The suit appears to have been successful in focusing minds at Monsoon Multimedia; on September 24 the company sent out a press release stating that it was in settlement negotiations and intended to comply with all of the relevant license requirements. The company also posted a comment on LWN stating that it plans to fix the problem:

We wish at this point to apologize for this oversight, both to the copyright holders of the code which we have used and modified, and to the free software community in general. We take full responsibility for these actions. We fully endorse the concepts of free software. We are now working closely with the copyright holders to make sure that our obligations under the GPL are met in full measure.

Thus far, no settlement has been announced. Given that Monsoon has stated its intent to comply with the GPL, the sticking points can only be (1) the timing of the code release, and (2) what else Monsoon might have to do to make the developers happy. Previous GPL-related settlements elsewhere in the world have generally involved compensation for expenses incurred in the enforcement action and, perhaps, a donation to a free software-related project. There is no way to know what the plaintiffs are asking for here, and the final settlement - if and when it happens - may never be made public.

From the outside, this case does not have the look of a deliberate attempt to ignore the GPL. Instead, it looks like a small company which found free software useful in the creation of its product and which put the GPL-compliance part of the job - if it really even understood its obligations in that regard - on the back burner. Anybody who has ever worked in a small operation knows that it can be a long time before anybody has a spare moment to work on perceived low-priority jobs like that. So Monsoon never got around to its source release, even when people started asking questions. It took the filing of a lawsuit to get the company to put some resources into fulfilling its obligations.

It has been suggested that the BusyBox developers acted hastily, given that less than a month passed between the discovery of the problem and the filing of a lawsuit. Unlike some jurisdictions, the U.S. does not require that copyright actions be filed quickly in order to preserve the right to sue. The BusyBox developers might answer that there was nothing else they could do when Monsoon refused to respond to them and that they are generally tired of companies ignoring the license on their code. Whatever their reasons, it seems likely that the BusyBox developers stand a good chance of being taken more seriously the next time they ask a company to comply with the license on their code.

This case may not be the first time that the GPL has found its way into a U.S. court. Its (presumed) quick resolution does suggest that another invariant - that no U.S. court has ever ruled on the validity of the GPL - still holds. Unless the SCO Group somehow manages to continue to exist long enough to push the IBM case through to the end, it appears this situation will not change anytime soon. This is an interesting situation, considering the value of the code licensed under the GPL and how long the GPL has been in use. The conclusion is clear: there are no potential GPL violators out there with enough confidence to try to challenge the GPL in court. The GPL looks well positioned to continue to do the job it was created for all those years ago.

Comments (47 posted)

What every programmer should know about memory, Part 1

September 21, 2007

This article was contributed by Ulrich Drepper

[Editor's introduction: Ulrich Drepper recently approached us asking if we would be interested in publishing a lengthy document he had written on how memory and software interact. We did not have to look at the text for long to realize that it would be of interest to many LWN readers. Memory usage is often the determining factor in how software performs, but good information on how to avoid memory bottlenecks is hard to find. This series of articles should change that situation.

The original document prints out at over 100 pages. We will be splitting it into about seven segments, each run 1-2 weeks after its predecessor. Once the entire series is out, Ulrich will be releasing the full text.

Reformatting the text from the original LaTeX has been a bit of a challenge, but the results, hopefully, will be good. For ease of online reading, Ulrich's footnotes have been placed {inline in the text}. Hyperlinked cross-references (and [bibliography references]) will not be possible until the full series is published.

Many thanks to Ulrich for allowing LWN to publish this material; we hope that it will lead to more memory-efficient software across our systems in the near future.]

1 Introduction

In the early days computers were much simpler. The various components of a system, such as the CPU, memory, mass storage, and network interfaces, were developed together and, as a result, were quite balanced in their performance. For example, the memory and network interfaces were not (much) faster than the CPU at providing data.

This situation changed once the basic structure of computers stabilized and hardware developers concentrated on optimizing individual subsystems. Suddenly the performance of some components of the computer fell significantly behind and bottlenecks developed. This was especially true for mass storage and memory subsystems which, for cost reasons, improved more slowly relative to other components.

The slowness of mass storage has mostly been dealt with using software techniques: operating systems keep most often used (and most likely to be used) data in main memory, which can be accessed at a rate orders of magnitude faster than the hard disk. Cache storage was added to the storage devices themselves, which requires no changes in the operating system to increase performance. {Changes are needed, however, to guarantee data integrity when using storage device caches.} For the purposes of this paper, we will not go into more details of software optimizations for the mass storage access.

Unlike storage subsystems, removing the main memory as a bottleneck has proven much more difficult and almost all solutions require changes to the hardware. Today these changes mainly come in the following forms:

  • RAM hardware design (speed and parallelism).

  • Memory controller designs.

  • CPU caches.

  • Direct memory access (DMA) for devices.

For the most part, this document will deal with CPU caches and some effects of memory controller design. In the process of exploring these topics, we will explore DMA and bring it into the larger picture. However, we will start with an overview of the design for today's commodity hardware. This is a prerequisite to understanding the problems and the limitations of efficiently using memory subsystems. We will also learn about, in some detail, the different types of RAM and illustrate why these differences still exist.

This document is in no way all inclusive and final. It is limited to commodity hardware and further limited to a subset of that hardware. Also, many topics will be discussed in just enough detail for the goals of this paper. For such topics, readers are recommended to find more detailed documentation.

When it comes to operating-system-specific details and solutions, the text exclusively describes Linux. At no time will it contain any information about other OSes. The author has no interest in discussing the implications for other OSes. If the reader thinks s/he has to use a different OS they have to go to their vendors and demand they write documents similar to this one.

One last comment before the start. The text contains a number of occurrences of the term “usually” and other, similar qualifiers. The technology discussed here exists in many, many variations in the real world and this paper only addresses the most common, mainstream versions. It is rare that absolute statements can be made about this technology, thus the qualifiers.

1.1 Document Structure

This document is mostly for software developers. It does not go into enough technical details of the hardware to be useful for hardware-oriented readers. But before we can go into the practical information for developers a lot of groundwork must be laid.

To that end, the second section describes random-access memory (RAM) in technical detail. This section's content is nice to know but not absolutely critical to be able to understand the later sections. Appropriate back references to the section are added in places where the content is required so that the anxious reader could skip most of this section at first.

The third section goes into a lot of details of CPU cache behavior. Graphs have been used to keep the text from being as dry as it would otherwise be. This content is essential for an understanding of the rest of the document. Section 4 describes briefly how virtual memory is implemented. This is also required groundwork for the rest.

Section 5 goes into a lot of detail about Non Uniform Memory Access (NUMA) systems.

Section 6 is the central section of this paper. It brings together all the previous sections' information and gives programmers advice on how to write code which performs well in the various situations. The very impatient reader could start with this section and, if necessary, go back to the earlier sections to freshen up the knowledge of the underlying technology.

Section 7 introduces tools which can help the programmer do a better job. Even with a complete understanding of the technology it is far from obvious where in a non-trivial software project the problems are. Some tools are necessary.

In section 8 we finally give an outlook of technology which can be expected in the near future or which might just simply be good to have.

1.2 Reporting Problems

The author intends to update this document for some time. This includes updates made necessary by advances in technology but also to correct mistakes. Readers willing to report problems are encouraged to send email.

1.3 Thanks

I would like to thank Johnray Fuller and especially Jonathan Corbet for taking on part of the daunting task of transforming the author's form of English into something more traditional. Markus Armbruster provided a lot of valuable input on problems and omissions in the text.

1.4 About this Document

The title of this paper is an homage to David Goldberg's classic paper “What Every Computer Scientist Should Know About Floating-Point Arithmetic” [goldberg]. Goldberg's paper is still not widely known, although it should be a prerequisite for anybody daring to touch a keyboard for serious programming.

2 Commodity Hardware Today

Understanding commodity hardware is important because specialized hardware is in retreat. Scaling these days is most often achieved horizontally instead of vertically, meaning today it is more cost-effective to use many smaller, connected commodity computers instead of a few really large and exceptionally fast (and expensive) systems. This is the case because fast and inexpensive network hardware is widely available. There are still situations where the large specialized systems have their place and these systems still provide a business opportunity, but the overall market is dwarfed by the commodity hardware market. Red Hat, as of 2007, expects that for future products, the “standard building blocks” for most data centers will be a computer with up to four sockets, each filled with a quad core CPU that, in the case of Intel CPUs, will be hyper-threaded. {Hyper-threading enables a single processor core to be used for two or more concurrent executions with just a little extra hardware.} This means the standard system in the data center will have up to 64 virtual processors. Bigger machines will be supported, but the quad socket, quad CPU core case is currently thought to be the sweet spot and most optimizations are targeted for such machines.

Large differences exist in the structure of commodity computers. That said, we will cover more than 90% of such hardware by concentrating on the most important differences. Note that these technical details tend to change rapidly, so the reader is advised to take the date of this writing into account.

Over the years the personal computers and smaller servers standardized on a chipset with two parts: the Northbridge and Southbridge. Figure 2.1 shows this structure.

Figure 2.1: Structure with Northbridge and Southbridge

All CPUs (two in the previous example, but there can be more) are connected via a common bus (the Front Side Bus, FSB) to the Northbridge. The Northbridge contains, among other things, the memory controller, and its implementation determines the type of RAM chips used for the computer. Different types of RAM, such as DRAM, Rambus, and SDRAM, require different memory controllers.

To reach all other system devices, the Northbridge must communicate with the Southbridge. The Southbridge, often referred to as the I/O bridge, handles communication with devices through a variety of different buses. Today the PCI, PCI Express, SATA, and USB buses are of most importance, but PATA, IEEE 1394, serial, and parallel ports are also supported by the Southbridge. Older systems had AGP slots which were attached to the Northbridge. This was done for performance reasons related to insufficiently fast connections between the Northbridge and Southbridge. However, today the PCI-E slots are all connected to the Southbridge.

Such a system structure has a number of noteworthy consequences:

  • All data communication from one CPU to another must travel over the same bus used to communicate with the Northbridge.

  • All communication with RAM must pass through the Northbridge.

  • The RAM has only a single port. {We will not discuss multi-port RAM in this document as this type of RAM is not found in commodity hardware, at least not in places where the programmer has access to it. It can be found in specialized hardware such as network routers which depend on utmost speed.}

  • Communication between a CPU and a device attached to the Southbridge is routed through the Northbridge.

A couple of bottlenecks are immediately apparent in this design. One such bottleneck involves access to RAM for devices. In the earliest days of the PC, all communication with devices on either bridge had to pass through the CPU, negatively impacting overall system performance. To work around this problem some devices became capable of direct memory access (DMA). DMA allows devices, with the help of the Northbridge, to store and receive data in RAM directly without the intervention of the CPU (and its inherent performance cost). Today all high-performance devices attached to any of the buses can utilize DMA. While this greatly reduces the workload on the CPU, it also creates contention for the bandwidth of the Northbridge as DMA requests compete with RAM access from the CPUs. This problem, therefore, must to be taken into account.

A second bottleneck involves the bus from the Northbridge to the RAM. The exact details of the bus depend on the memory types deployed. On older systems there is only one bus to all the RAM chips, so parallel access is not possible. Recent RAM types require two separate buses (or channels as they are called for DDR2, see Figure 2.8) which doubles the available bandwidth. The Northbridge interleaves memory access across the channels. More recent memory technologies (FB-DRAM, for instance) add more channels.

With limited bandwidth available, it is important to schedule memory access in ways that minimize delays. As we will see, processors are much faster and must wait to access memory, despite the use of CPU caches. If multiple hyper-threads, cores, or processors access memory at the same time, the wait times for memory access are even longer. This is also true for DMA operations.

There is more to accessing memory than concurrency, however. Access patterns themselves also greatly influence the performance of the memory subsystem, especially with multiple memory channels. Refer to Section 2.2 for more details of RAM access patterns.

On some more expensive systems, the Northbridge does not actually contain the memory controller. Instead the Northbridge can be connected to a number of external memory controllers (in the following example, four of them).

Figure 2.2: Northbridge with External Controllers

The advantage of this architecture is that more than one memory bus exists and therefore total bandwidth increases. This design also supports more memory. Concurrent memory access patterns reduce delays by simultaneously accessing different memory banks. This is especially true when multiple processors are directly connected to the Northbridge, as in Figure 2.2. For such a design, the primary limitation is the internal bandwidth of the Northbridge, which is phenomenal for this architecture (from Intel). {For completeness it should be mentioned that such a memory controller arrangement can be used for other purposes such as “memory RAID” which is useful in combination with hotplug memory.}

Using multiple external memory controllers is not the only way to increase memory bandwidth. One other increasingly popular way is to integrate memory controllers into the CPUs and attach memory to each CPU. This architecture is made popular by SMP systems based on AMD's Opteron processor. Figure 2.3 shows such a system. Intel will have support for the Common System Interface (CSI) starting with the Nehalem processors; this is basically the same approach: an integrated memory controller with the possibility of local memory for each processor.

Figure 2.3: Integrated Memory Controller

With an architecture like this there are as many memory banks available as there are processors. On a quad-CPU machine the memory bandwidth is quadrupled without the need for a complicated Northbridge with enormous bandwidth. Having a memory controller integrated into the CPU has some additional advantages; we will not dig deeper into this technology here.

There are disadvantages to this architecture, too. First of all, because the machine still has to make all the memory of the system accessible to all processors, the memory is not uniform anymore (hence the name NUMA - Non-Uniform Memory Architecture - for such an architecture). Local memory (memory attached to a processor) can be accessed with the usual speed. The situation is different when memory attached to another processor is accessed. In this case the interconnects between the processors have to be used. To access memory attached to CPU2 from CPU1 requires communication across one interconnect. When the same CPU accesses memory attached to CPU4 two interconnects have to be crossed.

Each such communication has an associated cost. We talk about “NUMA factors” when we describe the extra time needed to access remote memory. The example architecture in Figure 2.3 has two levels for each CPU: immediately adjacent CPUs and one CPU which is two interconnects away. With more complicated machines the number of levels can grow significantly. There are also machine architectures (for instance IBM's x445 and SGI's Altix series) where there is more than one type of connection. CPUs are organized into nodes; within a node the time to access the memory might be uniform or have only small NUMA factors. The connection between nodes can be very expensive, though, and the NUMA factor can be quite high.

Commodity NUMA machines exist today and will likely play an even greater role in the future. It is expected that, from late 2008 on, every SMP machine will use NUMA. The costs associated with NUMA make it important to recognize when a program is running on a NUMA machine. In Section 5 we will discuss more machine architectures and some technologies the Linux kernel provides for these programs.

Beyond the technical details described in the remainder of this section, there are several additional factors which influence the performance of RAM. They are not controllable by software, which is why they are not covered in this section. The interested reader can learn about some of these factors in Section 2.1. They are really only needed to get a more complete picture of RAM technology and possibly to make better decisions when purchasing computers.

The following two sections discuss hardware details at the gate level and the access protocol between the memory controller and the DRAM chips. Programmers will likely find this information enlightening since these details explain why RAM access works the way it does. It is optional knowledge, though, and the reader anxious to get to topics with more immediate relevance for everyday life can jump ahead to Section 2.2.5.

2.1 RAM Types

There have been many types of RAM over the years and each type varies, sometimes significantly, from the other. The older types are today really only interesting to the historians. We will not explore the details of those. Instead we will concentrate on modern RAM types; we will only scrape the surface, exploring some details which are visible to the kernel or application developer through their performance characteristics.

The first interesting details are centered around the question why there are different types of RAM in the same machine. More specifically, why there are both static RAM (SRAM {In other contexts SRAM might mean “synchronous RAM”.}) and dynamic RAM (DRAM). The former is much faster and provides the same functionality. Why is not all RAM in a machine SRAM? The answer is, as one might expect, cost. SRAM is much more expensive to produce and to use than DRAM. Both these cost factors are important, the second one increasing in importance more and more. To understand these difference we look at the implementation of a bit of storage for both SRAM and DRAM.

In the remainder of this section we will discuss some low-level details of the implementation of RAM. We will keep the level of detail as low as possible. To that end, we will discuss the signals at a “logic level” and not at a level a hardware designer would have to use. That level of detail is unnecessary for our purpose here.

2.1.1 Static RAM

Figure 2.4: 6-T Static RAM

Figure 2.4 shows the structure of a 6 transistor SRAM cell. The core of this cell is formed by the four transistors M1 to M4 which form two cross-coupled inverters. They have two stable states, representing 0 and 1 respectively. The state is stable as long as power on Vdd is available.

If access to the state of the cell is needed the word access line WL is raised. This makes the state of the cell immediately available for reading on BL and BL. If the cell state must be overwritten the BL and BL lines are first set to the desired values and then WL is raised. Since the outside drivers are stronger than the four transistors (M1 through M4) this allows the old state to be overwritten.

See [sramwiki] for a more detailed description of the way the cell works. For the following discussion it is important to note that

  • one cell requires six transistors. There are variants with four transistors but they have disadvantages.

  • maintaining the state of the cell requires constant power.

  • the cell state is available for reading almost immediately once the word access line WL is raised. The signal is as rectangular (changing quickly between the two binary states) as other transistor-controlled signals.

  • the cell state is stable, no refresh cycles are needed.

There are other, slower and less power-hungry, SRAM forms available, but those are not of interest here since we are looking at fast RAM. These slow variants are mainly interesting because they can be more easily used in a system than dynamic RAM because of their simpler interface.

2.1.2 Dynamic RAM

Dynamic RAM is, in its structure, much simpler than static RAM. Figure 2.5 shows the structure of a usual DRAM cell design. All it consists of is one transistor and one capacitor. This huge difference in complexity of course means that it functions very differently than static RAM.

Figure 2.5: 1-T Dynamic RAM

A dynamic RAM cell keeps its state in the capacitor C. The transistor M is used to guard the access to the state. To read the state of the cell the access line AL is raised; this either causes a current to flow on the data line DL or not, depending on the charge in the capacitor. To write to the cell the data line DL is appropriately set and then AL is raised for a time long enough to charge or drain the capacitor.

There are a number of complications with the design of dynamic RAM. The use of a capacitor means that reading the cell discharges the capacitor. The procedure cannot be repeated indefinitely, the capacitor must be recharged at some point. Even worse, to accommodate the huge number of cells (chips with 109 or more cells are now common) the capacity to the capacitor must be low (in the femto-farad range or lower). A fully charged capacitor holds a few 10's of thousands of electrons. Even though the resistance of the capacitor is high (a couple of tera-ohms) it only takes a short time for the capacity to dissipate. This problem is called “leakage”.

This leakage is why a DRAM cell must be constantly refreshed. For most DRAM chips these days this refresh must happen every 64ms. During the refresh cycle no access to the memory is possible. For some workloads this overhead might stall up to 50% of the memory accesses (see [highperfdram]).

A second problem resulting from the tiny charge is that the information read from the cell is not directly usable. The data line must be connected to a sense amplifier which can distinguish between a stored 0 or 1 over the whole range of charges which still have to count as 1.

A third problem is that charging and draining a capacitor is not instantaneous. The signals received by the sense amplifier are not rectangular, so a conservative estimate as to when the output of the cell is usable has to be used. The formulas for charging and discharging a capacitor are

[Formulas]

This means it takes some time (determined by the capacity C and resistance R) for the capacitor to be charged and discharged. It also means that the current which can be detected by the sense amplifiers is not immediately available. Figure 2.6 shows the charge and discharge curves. The X—axis is measured in units of RC (resistance multiplied by capacitance) which is a unit of time.

Figure 2.6: Capacitor Charge and Discharge Timing

Unlike the static RAM case where the output is immediately available when the word access line is raised, it will always take a bit of time until the capacitor discharges sufficiently. This delay severely limits how fast DRAM can be.

The simple approach has its advantages, too. The main advantage is size. The chip real estate needed for one DRAM cell is many times smaller than that of an SRAM cell. The SRAM cells also need individual power for the transistors maintaining the state. The structure of the DRAM cell is also simpler and more regular which means packing many of them close together on a die is simpler.

Overall, the (quite dramatic) difference in cost wins. Except in specialized hardware — network routers, for example — we have to live with main memory which is based on DRAM. This has huge implications on the programmer which we will discuss in the remainder of this paper. But first we need to look into a few more details of the actual use of DRAM cells.

2.1.3 DRAM Access

A program selects a memory location using a virtual address. The processor translates this into a physical address and finally the memory controller selects the RAM chip corresponding to that address. To select the individual memory cell on the RAM chip, parts of the physical address are passed on in the form of a number of address lines.

It would be completely impractical to address memory locations individually from the memory controller: 4GB of RAM would require 232 address lines. Instead the address is passed encoded as a binary number using a smaller set of address lines. The address passed to the DRAM chip this way must be demultiplexed first. A demultiplexer with N address lines will have 2N output lines. These output lines can be used to select the memory cell. Using this direct approach is no big problem for chips with small capacities.

But if the number of cells grows this approach is not suitable anymore. A chip with 1Gbit {I hate those SI prefixes. For me a giga-bit will always be 230 and not 109 bits.} capacity would need 30 address lines and 230 select lines. The size of a demultiplexer increases exponentially with the number of input lines when speed is not to be sacrificed. A demultiplexer for 30 address lines needs a whole lot of chip real estate in addition to the complexity (size and time) of the demultiplexer. Even more importantly, transmitting 30 impulses on the address lines synchronously is much harder than transmitting “only” 15 impulses. Fewer lines have to be laid out at exactly the same length or timed appropriately. {Modern DRAM types like DDR3 can automatically adjust the timing but there is a limit as to what can be tolerated.}

Figure 2.7: Dynamic RAM Schematic

Figure 2.7 shows a DRAM chip at a very high level. The DRAM cells are organized in rows and columns. They could all be aligned in one row but then the DRAM chip would need a huge demultiplexer. With the array approach the design can get by with one demultiplexer and one multiplexer of half the size. {Multiplexers and demultiplexers are equivalent and the multiplexer here needs to work as a demultiplexer when writing. So we will drop the differentiation from now on.} This is a huge saving on all fronts. In the example the address lines a0 and a1 through the row address selection (RAS) demultiplexer select the address lines of a whole row of cells. When reading, the content of all cells is thusly made available to the column address selection (CAS) {The line over the name indicates that the signal is negated} multiplexer. Based on the address lines a2 and a3 the content of one column is then made available to the data pin of the DRAM chip. This happens many times in parallel on a number of DRAM chips to produce a total number of bits corresponding to the width of the data bus.

For writing, the new cell value is put on the data bus and, when the cell is selected using the RAS and CAS, it is stored in the cell. A pretty straightforward design. There are in reality — obviously — many more complications. There need to be specifications for how much delay there is after the signal before the data will be available on the data bus for reading. The capacitors do not unload instantaneously, as described in the previous section. The signal from the cells is so weak that it needs to be amplified. For writing it must be specified how long the data must be available on the bus after the RAS and CAS is done to successfully store the new value in the cell (again, capacitors do not fill or drain instantaneously). These timing constants are crucial for the performance of the DRAM chip. We will talk about this in the next section.

A secondary scalability problem is that having 30 address lines connected to every RAM chip is not feasible either. Pins of a chip are a precious resources. It is “bad” enough that the data must be transferred as much as possible in parallel (e.g., in 64 bit batches). The memory controller must be able to address each RAM module (collection of RAM chips). If parallel access to multiple RAM modules is required for performance reasons and each RAM module requires its own set of 30 or more address lines, then the memory controller needs to have, for 8 RAM modules, a whopping 240+ pins only for the address handling.

To counter these secondary scalability problems DRAM chips have, for a long time, multiplexed the address itself. That means the address is transferred in two parts. The first part consisting of address bits a0 and a1 in the example in Figure 2.7) select the row. This selection remains active until revoked. Then the second part, address bits a2 and a3, select the column. The crucial difference is that only two external address lines are needed. A few more lines are needed to indicate when the RAS and CAS signals are available but this is a small price to pay for cutting the number of address lines in half. This address multiplexing brings its own set of problems, though. We will discuss them in Section 2.2.

2.1.4 Conclusions

Do not worry if the details in this section are a bit overwhelming. The important things to take away from this section are:

  • there are reasons why not all memory is SRAM

  • memory cells need to be individually selected to be used

  • the number of address lines is directly responsible for the cost of the memory controller, motherboards, DRAM module, and DRAM chip

  • it takes a while before the results of the read or write operation are available

The following section will go into more details about the actual process of accessing DRAM memory. We are not going into more details of accessing SRAM, which is usually directly addressed. This happens for speed and because the SRAM memory is limited in size. SRAM is currently used in CPU caches and on-die where the connections are small and fully under control of the CPU designer. CPU caches are a topic which we discuss later but all we need to know is that SRAM cells have a certain maximum speed which depends on the effort spent on the SRAM. The speed can vary from only slightly slower than the CPU core to one or two orders of magnitude slower.

2.2 DRAM Access Technical Details

In the section introducing DRAM we saw that DRAM chips multiplex the addresses in order to save resources. We also saw that accessing DRAM cells takes time since the capacitors in those cells do not discharge instantaneously to produce a stable signal; we also saw that DRAM cells must be refreshed. Now it is time to put this all together and see how all these factors determine how the DRAM access has to happen.

We will concentrate on current technology; we will not discuss asynchronous DRAM and its variants as they are simply not relevant anymore. Readers interested in this topic are referred to [highperfdram] and [arstechtwo]. We will also not talk about Rambus DRAM (RDRAM) even though the technology is not obsolete. It is just not widely used for system memory. We will concentrate exclusively on Synchronous DRAM (SDRAM) and its successors Double Data Rate DRAM (DDR).

Synchronous DRAM, as the name suggests, works relative to a time source. The memory controller provides a clock, the frequency of which determines the speed of the Front Side Bus (FSB) — the memory controller interface used by the DRAM chips. As of this writing, frequencies of 800MHz, 1,066MHz, or even 1,333MHz are available with higher frequencies (1,600MHz) being announced for the next generation. This does not mean the frequency used on the bus is actually this high. Instead, today's buses are double- or quad-pumped, meaning that data is transported two or four times per cycle. Higher numbers sell so the manufacturers like to advertise a quad-pumped 200MHz bus as an “effective” 800MHz bus.

For SDRAM today each data transfer consists of 64 bits — 8 bytes. The transfer rate of the FSB is therefore 8 bytes multiplied by the effective bus frequency (6.4GB/s for the quad-pumped 200MHz bus). That sounds like a lot but it is the burst speed, the maximum speed which will never be surpassed. As we will see now the protocol for talking to the RAM modules has a lot of downtime when no data can be transmitted. It is exactly this downtime which we must understand and minimize to achieve the best performance.

2.2.1 Read Access Protocol

Figure 2.8: SDRAM Read Access Timing

Figure 2.8 shows the activity on some of the connectors of a DRAM module which happens in three differently colored phases. As usual, time flows from left to right. A lot of details are left out. Here we only talk about the bus clock, RAS and CAS signals, and the address and data buses. A read cycle begins with the memory controller making the row address available on the address bus and lowering the RAS signal. All signals are read on the rising edge of the clock (CLK) so it does not matter if the signal is not completely square as long as it is stable at the time it is read. Setting the row address causes the RAM chip to start latching the addressed row.

The CAS signal can be sent after tRCD (RAS-to-CAS Delay) clock cycles. The column address is then transmitted by making it available on the address bus and lowering the CAS line. Here we can see how the two parts of the address (more or less halves, nothing else makes sense) can be transmitted over the same address bus.

Now the addressing is complete and the data can be transmitted. The RAM chip needs some time to prepare for this. The delay is usually called CAS Latency (CL). In Figure 2.8 the CAS latency is 2. It can be higher or lower, depending on the quality of the memory controller, motherboard, and DRAM module. The latency can also have half values. With CL=2.5 the first data would be available at the first falling flank in the blue area.

With all this preparation to get to the data it would be wasteful to only transfer one data word. This is why DRAM modules allow the memory controller to specify how much data is to be transmitted. Often the choice is between 2, 4, or 8 words. This allows filling entire lines in the caches without a new RAS/CAS sequence. It is also possible for the memory controller to send a new CAS signal without resetting the row selection. In this way, consecutive memory addresses can be read from or written to significantly faster because the RAS signal does not have to be sent and the row does not have to be deactivated (see below). Keeping the row “open” is something the memory controller has to decide. Speculatively leaving it open all the time has disadvantages with real-world applications (see [highperfdram]). Sending new CAS signals is only subject to the Command Rate of the RAM module (usually specified as Tx, where x is a value like 1 or 2; it will be 1 for high-performance DRAM modules which accept new commands every cycle).

In this example the SDRAM spits out one word per cycle. This is what the first generation does. DDR is able to transmit two words per cycle. This cuts down on the transfer time but does not change the latency. In principle, DDR2 works the same although in practice it looks different. There is no need to go into the details here. It is sufficient to note that DDR2 can be made faster, cheaper, more reliable, and is more energy efficient (see [ddrtwo] for more information).

2.2.2 Precharge and Activation

Figure 2.8 does not cover the whole cycle. It only shows parts of the full cycle of accessing DRAM. Before a new RAS signal can be sent the currently latched row must be deactivated and the new row must be precharged. We can concentrate here on the case where this is done with an explicit command. There are improvements to the protocol which, in some situations, allows this extra step to be avoided. The delays introduced by precharging still affect the operation, though.

Figure 2.9: SDRAM Precharge and Activation

Figure 2.9 shows the activity starting from one CAS signal to the CAS signal for another row. The data requested with the first CAS signal is available as before, after CL cycles. In the example two words are requested which, on a simple SDRAM, takes two cycles to transmit. Alternatively, imagine four words on a DDR chip.

Even on DRAM modules with a command rate of one the precharge command cannot be issued right away. It is necessary to wait as long as it takes to transmit the data. In this case it takes two cycles. This happens to be the same as CL but that is just a coincidence. The precharge signal has no dedicated line; instead, some implementations issue it by lowering the Write Enable (WE) and RAS line simultaneously. This combination has no useful meaning by itself (see [micronddr] for encoding details).

Once the precharge command is issued it takes tRP (Row Precharge time) cycles until the row can be selected. In Figure 2.9 much of the time (indicated by the purplish color) overlaps with the memory transfer (light blue). This is good! But tRP is larger than the transfer time and so the next RAS signal is stalled for one cycle.

If we were to continue the timeline in the diagram we would find that the next data transfer happens 5 cycles after the previous one stops. This means the data bus is only in use two cycles out of seven. Multiply this with the FSB speed and the theoretical 6.4GB/s for a 800MHz bus become 1.8GB/s. That is bad and must be avoided. The techniques described in Section 6 help to raise this number. But the programmer usually has to do her share.

There is one more timing value for a SDRAM module which we have not discussed. In Figure 2.9 the precharge command was only limited by the data transfer time. Another constraint is that an SDRAM module needs time after a RAS signal before it can precharge another row (denoted as tRAS). This number is usually pretty high, in the order of two or three times the tRP value. This is a problem if, after a RAS signal, only one CAS signal follows and the data transfer is finished in a few cycles. Assume that in Figure 2.9 the initial CAS signal was preceded directly by a RAS signal and that tRAS is 8 cycles. Then the precharge command would have to be delayed by one additional cycle since the sum of tRCD, CL, and tRP (since it is larger than the data transfer time) is only 7 cycles.

DDR modules are often described using a special notation: w-x-y-z-T. For instance: 2-3-2-8-T1. This means:

w 2 CAS Latency (CL)
x 3 RAS-to-CAS delay (tRCD)
y 2 RAS Precharge (tRP)
z 8 Active to Precharge delay (tRAS)
T T1 Command Rate

There are numerous other timing constants which affect the way commands can be issued and are handled. Those five constants are in practice sufficient to determine the performance of the module, though.

It is sometimes useful to know this information for the computers in use to be able to interpret certain measurements. It is definitely useful to know these details when buying computers since they, along with the FSB and SDRAM module speed, are among the most important factors determining a computer's speed.

The very adventurous reader could also try to tweak a system. Sometimes the BIOS allows changing some or all these values. SDRAM modules have programmable registers where these values can be set. Usually the BIOS picks the best default value. If the quality of the RAM module is high it might be possible to reduce the one or the other latency without affecting the stability of the computer. Numerous overclocking websites all around the Internet provide ample of documentation for doing this. Do it at your own risk, though and do not say you have not been warned.

2.2.3 Recharging

A mostly-overlooked topic when it comes to DRAM access is recharging. As explained in Section 2.1.2, DRAM cells must constantly be refreshed. This does not happen completely transparently for the rest of the system. At times when a row {Rows are the granularity this happens with despite what [highperfdram] and other literature says (see [micronddr]).} is recharged no access is possible. The study in [highperfdram] found that “[s]urprisingly, DRAM refresh organization can affect performance dramatically”.

Each DRAM cell must be refreshed every 64ms according to the JEDEC specification. If a DRAM array has 8,192 rows this means the memory controller has to issue a refresh command on average every 7.8125µs (refresh commands can be queued so in practice the maximum interval between two requests can be higher). It is the memory controller's responsibility to schedule the refresh commands. The DRAM module keeps track of the address of the last refreshed row and automatically increases the address counter for each new request.

There is really not much the programmer can do about the refresh and the points in time when the commands are issued. But it is important to keep this part to the DRAM life cycle in mind when interpreting measurements. If a critical word has to be retrieved from a row which currently is being refreshed the processor could be stalled for quite a long time. How long each refresh takes depends on the DRAM module.

2.2.4 Memory Types

It is worth spending some time on the current and soon-to-be current memory types in use. We will start with SDR (Single Data Rate) SDRAMs since they are the basis of the DDR (Double Data Rate) SDRAMs. SDRs were pretty simple. The memory cells and the data transfer rate were identical.

Figure 2.10: SDR SDRAM Operation

In Figure 2.10 the DRAM cell array can output the memory content at the same rate it can be transported over the memory bus. If the DRAM cell array can operate at 100MHz, the data transfer rate of the bus is thus 100Mb/s. The frequency f for all components is the same. Increasing the throughput of the DRAM chip is expensive since the energy consumption rises with the frequency. With a huge number of array cells this is prohibitively expensive. {Power = Dynamic Capacity × Voltage2 × Frequency.} In reality it is even more of a problem since increasing the frequency usually also requires increasing the voltage to maintain stability of the system. DDR SDRAM (called DDR1 retroactively) manages to improve the throughput without increasing any of the involved frequencies.

Figure 2.11: DDR1 SDRAM Operation

The difference between SDR and DDR1 is, as can be seen in Figure 2.11 and guessed from the name, that twice the amount of data is transported per cycle. I.e., the DDR1 chip transports data on the rising and falling edge. This is sometimes called a “double-pumped” bus. To make this possible without increasing the frequency of the cell array a buffer has to be introduced. This buffer holds two bits per data line. This in turn requires that, in the cell array in Figure 2.7, the data bus consists of two lines. Implementing this is trivial: one only has the use the same column address for two DRAM cells and access them in parallel. The changes to the cell array to implement this are also minimal.

The SDR DRAMs were known simply by their frequency (e.g., PC100 for 100MHz SDR). To make DDR1 DRAM sound better the marketers had to come up with a new scheme since the frequency did not change. They came with a name which contains the transfer rate in bytes a DDR module (they have 64-bit busses) can sustain:

100MHz × 64bit × 2 = 1,600MB/s

Hence a DDR module with 100MHz frequency is called PC1600. With 1600 > 100 all marketing requirements are fulfilled; it sounds much better although the improvement is really only a factor of two. {I will take the factor of two but I do not have to like the inflated numbers.}

Figure 2.12: DDR2 SDRAM Operation

To get even more out of the memory technology DDR2 includes a bit more innovation. The most obvious change that can be seen in Figure 2.12 is the doubling of the frequency of the bus. Doubling the frequency means doubling the bandwidth. Since this doubling of the frequency is not economical for the cell array it is now required that the I/O buffer gets four bits in each clock cycle which it then can send on the bus. This means the changes to the DDR2 modules consist of making only the I/O buffer component of the DIMM capable of running at higher speeds. This is certainly possible and will not require measurably more energy, it is just one tiny component and not the whole module. The names the marketers came up with for DDR2 are similar to the DDR1 names only in the computation of the value the factor of two is replaced by four (we now have a quad-pumped bus). Figure 2.13 shows the names of the modules in use today.

Array
Freq.
Bus
Freq.
Data
Rate
Name
(Rate)
Name
(FSB)
133MHz 266MHz 4,256MB/s PC2-4200 DDR2-533
166MHz 333MHz 5,312MB/s PC2-5300 DDR2-667
200MHz 400MHz 6,400MB/s PC2-6400 DDR2-800
250MHz 500MHz 8,000MB/s PC2-8000 DDR2-1000
266MHz 533MHz 8,512MB/s PC2-8500 DDR2-1066

Figure 2.13: DDR2 Module Names

There is one more twist to the naming. The FSB speed used by CPU, motherboard, and DRAM module is specified by using the effective frequency. I.e., it factors in the transmission on both flanks of the clock cycle and thereby inflates the number. So, a 133MHz module with a 266MHz bus has an FSB “frequency” of 533MHz.

The specification for DDR3 (the real one, not the fake GDDR3 used in graphics cards) calls for more changes along the lines of the transition to DDR2. The voltage will be reduced from 1.8V for DDR2 to 1.5V for DDR3. Since the power consumption equation is calculated using the square of the voltage this alone brings a 30% improvement. Add to this a reduction in die size plus other electrical advances and DDR3 can manage, at the same frequency, to get by with half the power consumption. Alternatively, with higher frequencies, the same power envelope can be hit. Or with double the capacity the same heat emission can be achieved.

The cell array of DDR3 modules will run at a quarter of the speed of the external bus which requires an 8 bit I/O buffer, up from 4 bits for DDR2. See Figure 2.14 for the schematics.

Figure 2.14: DDR3 SDRAM Operation

Initially DDR3 modules will likely have slightly higher CAS latencies just because the DDR2 technology is more mature. This would cause DDR3 to be useful only at frequencies which are higher than those which can be achieved with DDR2, and, even then, mostly when bandwidth is more important than latency. There is already talk about 1.3V modules which can achieve the same CAS latency as DDR2. In any case, the possibility of achieving higher speeds because of faster buses will outweigh the increased latency.

One possible problem with DDR3 is that, for 1,600Mb/s transfer rate or higher, the number of modules per channel may be reduced to just one. In earlier versions this requirement held for all frequencies, so one can hope that the requirement will at some point be lifted for all frequencies. Otherwise the capacity of systems will be severely limited.

Figure 2.15 shows the names of the expected DDR3 modules. JEDEC agreed so far on the first four types. Given that Intel's 45nm processors have an FSB speed of 1,600Mb/s, the 1,866Mb/s is needed for the overclocking market. We will likely see more of this towards the end of the DDR3 lifecycle.

Array
Freq.
Bus
Freq.
Data
Rate
Name
(Rate)
Name
(FSB)
100MHz 400MHz 6,400MB/s PC3-6400 DDR3-800
133MHz 533MHz 8,512MB/s PC3-8500 DDR3-1066
166MHz 667MHz 10,667MB/s PC3-10667 DDR3-1333
200MHz 800MHz 12,800MB/s PC3-12800 DDR3-1600
233MHz 933MHz 14,933MB/s PC3-14900 DDR3-1866

Figure 2.15: DDR3 Module Names

All DDR memory has one problem: the increased bus frequency makes it hard to create parallel data busses. A DDR2 module has 240 pins. All connections to data and address pins must be routed so that they have approximately the same length. Even more of a problem is that, if more than one DDR module is to be daisy-chained on the same bus, the signals get more and more distorted for each additional module. The DDR2 specification allow only two modules per bus (aka channel), the DDR3 specification only one module for high frequencies. With 240 pins per channel a single Northbridge cannot reasonably drive more than two channels. The alternative is to have external memory controllers (as in Figure 2.2) but this is expensive.

What this means is that commodity motherboards are restricted to hold at most four DDR2 or DDR3 modules. This restriction severely limits the amount of memory a system can have. Even old 32-bit IA-32 processors can handle 64GB of RAM and memory demand even for home use is growing, so something has to be done.

One answer is to add memory controllers into each processor as explained in Section 2. AMD does it with the Opteron line and Intel will do it with their CSI technology. This will help as long as the reasonable amount of memory a processor is able to use can be connected to a single processor. In some situations this is not the case and this setup will introduce a NUMA architecture and its negative effects. For some situations another solution is needed.

Intel's answer to this problem for big server machines, at least for the next years, is called Fully Buffered DRAM (FB-DRAM). The FB-DRAM modules use the same components as today's DDR2 modules which makes them relatively cheap to produce. The difference is in the connection with the memory controller. Instead of a parallel data bus FB-DRAM utilizes a serial bus (Rambus DRAM had this back when, too, and SATA is the successor of PATA, as is PCI Express for PCI/AGP). The serial bus can be driven at a much higher frequency, reverting the negative impact of the serialization and even increasing the bandwidth. The main effects of using a serial bus are

  1. more modules per channel can be used.
  2. more channels per Northbridge/memory controller can be used.
  3. the serial bus is designed to be fully-duplex (two lines).

An FB-DRAM module has only 69 pins, compared with the 240 for DDR2. Daisy chaining FB-DRAM modules is much easier since the electrical effects of the bus can be handled much better. The FB-DRAM specification allows up to 8 DRAM modules per channel.

Compared with the connectivity requirements of a dual-channel Northbridge it is now possible to drive 6 channels of FB-DRAM with fewer pins: 2×240 pins versus 6×69 pins. The routing for each channel is much simpler which could also help reducing the cost of the motherboards.

Fully duplex parallel busses are prohibitively expensive for the traditional DRAM modules, duplicating all those lines is too costly. With serial lines (even if they are differential, as FB-DRAM requires) this is not the case and so the serial bus is designed to be fully duplexed, which means, in some situations, that the bandwidth is theoretically doubled alone by this. But it is not the only place where parallelism is used for bandwidth increase. Since an FB-DRAM controller can run up to six channels at the same time the bandwidth can be increased even for systems with smaller amounts of RAM by using FB-DRAM. Where a DDR2 system with four modules has two channels, the same capacity can handled via four channels using an ordinary FB-DRAM controller. The actual bandwidth of the serial bus depends on the type of DDR2 (or DDR3) chips used on the FB-DRAM module.

We can summarize the advantages like this:

DDR2 FB-DRAM

Pins 240 69
Channels 2 6
DIMMs/Channel 2 8
Max Memory 16GB 192GB
Throughput ~10GB/s ~40GB/s

There are a few drawbacks to FB-DRAMs if multiple DIMMs on one channel are used. The signal is delayed—albeit minimally—at each DIMM in the chain, which means the latency increases. But for the same amount of memory with the same frequency FB-DRAM can always be faster than DDR2 and DDR3 since only one DIMM per channel is needed; for large memory systems DDR simply has no answer using commodity components.

2.2.5 Conclusions

This section should have shown that accessing DRAM is not an arbitrarily fast process. At least not fast compared with the speed the processor is running and with which it can access registers and cache. It is important to keep in mind the differences between CPU and memory frequencies. An Intel Core 2 processor running at 2.933GHz and a 1.066GHz FSB have a clock ratio of 11:1 (note: the 1.066GHz bus is quad-pumped). Each stall of one cycle on the memory bus means a stall of 11 cycles for the processor. For most machines the actual DRAMs used are slower, thusly increasing the delay. Keep these numbers in mind when we are talking about stalls in the upcoming sections.

The timing charts for the read command have shown that DRAM modules are capable of high sustained data rates. Entire DRAM rows could be transported without a single stall. The data bus could be kept occupied 100%. For DDR modules this means two 64-bit words transferred each cycle. With DDR2-800 modules and two channels this means a rate of 12.8GB/s.

But, unless designed this way, DRAM access is not always sequential. Non-continuous memory regions are used which means precharging and new RAS signals are needed. This is when things slow down and when the DRAM modules need help. The sooner the precharging can happen and the RAS signal sent the smaller the penalty when the row is actually used.

Hardware and software prefetching (see Section 6.3) can be used to create more overlap in the timing and reduce the stall. Prefetching also helps shift memory operations in time so that there is less contention at later times, right before the data is actually needed. This is a frequent problem when the data produced in one round has to be stored and the data required for the next round has to be read. By shifting the read in time, the write and read operations do not have to be issued at basically the same time.

2.3 Other Main Memory Users

Beside the CPUs there are other system components which can access the main memory. High-performance cards such as network and mass-storage controllers cannot afford to pipe all the data they need or provide through the CPU. Instead, they read or write the data directly from/to the main memory (Direct Memory Access, DMA). In Figure 2.1 we can see that the cards can talk through the South- and Northbridge directly with the memory. Other buses, like USB, also require FSB bandwidth—even though they do not use DMA—since the Southbridge is connected to the Northbridge through the FSB, too.

While DMA is certainly beneficial, it means that there is more competition for the FSB bandwidth. In times with high DMA traffic the CPU might stall more than usual while waiting for data from the main memory. There are ways around this given the right hardware. With an architecture as in Figure 2.3 one can make sure the computation uses memory on nodes which are not affected by DMA. It is also possible to attach a Southbridge to each node, equally distributing the load on the FSB of all the nodes. There are a myriad of possibilities. In Section 6 we will introduce techniques and programming interfaces which help achieving the improvements which are possible in software.

Finally it should be mentioned that some cheap systems have graphics systems without separate, dedicated video RAM. Those systems use parts of the main memory as video RAM. Since access to the video RAM is frequent (for a 1024x768 display with 16 bpp at 60Hz we are talking 94MB/s) and system memory, unlike RAM on graphics cards, does not have two ports this can substantially influence the systems performance and especially the latency. It is best to ignore such systems when performance is a priority. They are more trouble than they are worth. People buying those machines know they will not get the best performance.

Continue to:

  • Part 2 (CPU caches)
  • Part 3 (Virtual memory)
  • Part 4 (NUMA systems)
  • Part 5 (What programmers can do - cache optimization)
  • Part 6 (What programmers can do - multi-threaded optimizations)
  • Part 7 (Memory performance tools)
  • Part 8 (Future technologies)
  • Part 9 (Appendices and bibliography)

Comments (76 posted)

Page editor: Jonathan Corbet

Security

Bandit: multi-protocol identity management

By Jake Edge
September 26, 2007

The Novell-sponsored Bandit project is a relatively new entry into the somewhat crowded digital identity space. Bandit is trying to unify the disparate protocols and mechanisms for authentication into a consistent view for users and applications. This would allow a user to be independent of the underlying authentication method used, while allowing them full control over what information is released to a site requesting personal information.

One of the more annoying "features" of the web is the necessity of signing up with various sites, often using the same information (name, email address, mailing address, etc.). Once that is done, users need to remember their password at each site, which often means taking a very insecure shortcut by using the same one everywhere. Even a quick correction or pointer added into a comment thread will often require creating an account and logging in, definitely a barrier to quick and easy internet discourse. LWN is as "guilty" as most other sites, as there is no other simple solution to reducing comment spam.

The idea behind Bandit, and the other identity management systems, is to provide a means for users to manage this information, present it to sites they wish to use, without retyping their full name and contact information all over the place. It can also store more sensitive information, credit card numbers and the like. Unlike other, centralized schemes, the user information can be stored locally, with external servers used to validate a connection between an identity and the credentials presented.

Where Bandit is different is that it intends to try and encompass various other free authentication mechanisms and interoperate with them. In some ways it is like a web browser, in that it incorporates multiple different protocols (http, ftp, local file access, etc.) into a single view for the user. Bandit extends the browser by providing a plug-in for Firefox that communicates with their DigitalMe identity manager.

DigitalMe will do the heavy lifting of keeping track of the identities, where and how they are stored, as well as how to communicate that to the requesting site (aka relying party). The Firefox plug-in will present the stored identities to the user allowing them to choose one. It will also display the information requested by the relying party and allow the user to select which they will allow to be sent, keeping the user firmly in control.

An auditing framework is also part of Bandit, to allow companies to ensure that the identities are used in compliance with regulations or company standards. One of the use cases described for Bandit is for a company with identity cards that their employees use to log in to their systems. All of the identity information for those users would be stored by the company, rather than the employee, which would allow the company to recover them when an employee leaves. The identities would correspond to various company-run services as well as vendor or customer systems that are used by the employee.

Because it incorporates so many different standards and protocols, Bandit is even more of an alphabet soup than other identity systems. It is difficult to see, yet, whether it lives up to its grand vision. The project has released some code, but DigitalMe is currently only packaged for SuSE Linux distributions. But it is all free software, mostly licensed under the LGPL and certainly has some interesting ideas.

Windows has its own idea of identity management, CardSpace, that Bandit can also interoperate with in some fashion. Novell is demonstrating the technology and its interoperability with CardSpace at the Digital ID World conference this week. In conjunction with the conference, Novell is also promoting a "Control Your Identity" campaign that is encouraging users to get Bandit cards.

Like much of the work in this area, Bandit shows a lot of promise, but in order for it, or any other identity management framework, to succeed, there must be user interest. Plenty of complaints are heard about identity handling and the need to sign on seemingly everywhere on the web, but so far, no solution has really made a lot of headway. Because it intends to incorporate most of the solutions out there, Bandit may have a better chance than most.

Comments (4 posted)

New vulnerabilities

bugzilla: unauthorized account creation

Package(s):bugzilla CVE #(s):CVE-2007-5038
Created:September 25, 2007 Updated:September 26, 2007
Description: The offer_account_by_email function in User.pm in the WebService for Bugzilla before 3.0.2, and 3.1.x before 3.1.2, does not check the value of the createemailregexp parameter, which allows remote attackers to bypass intended restrictions on account creation.
Alerts:
Fedora FEDORA-2007-2299 2007-09-25

Comments (1 posted)

elinks: remote data sniffing

Package(s):elinks CVE #(s):CVE-2007-5034
Created:September 25, 2007 Updated:October 9, 2007
Description: ELinks before 0.11.3, when sending a POST request for an https URL, appends the body and content headers of the POST request to the CONNECT request in cleartext, which allows remote attackers to sniff sensitive data that would have been protected by TLS. NOTE: this issue only occurs when a proxy is defined for https.
Alerts:
Fedora FEDORA-2007-710 2007-10-08
rPath rPSA-2007-0209-1 2007-10-05
Red Hat RHSA-2007:0933-01 2007-10-03
Debian DSA-1380-1 2007-10-02
Ubuntu USN-519-1 2007-09-25
Fedora FEDORA-2007-2224 2007-09-24

Comments (none posted)

fuse: incorrect file access permissions

Package(s):fuse CVE #(s):
Created:September 26, 2007 Updated:September 26, 2007
Description: It was discovered that members of the group fuse can get access to devices which they normally should not have access to. For ntfs-3g mounts, this was because /sbin/mount.ntfs-3g was setuid root. This update fixes /sbin/mount.ntfs-3g so that it is no longer has the setuid bit enabled. The fuse package is also being updated to correct an error in the previous testing package which incorrectly changed the permissions on /dev/fuse.
Alerts:
Fedora FEDORA-2007-2295 2007-09-25

Comments (none posted)

httpd: denial of service, cross-site scripting

Package(s):apache httpd CVE #(s):CVE-2007-3847 CVE-2007-4465
Created:September 25, 2007 Updated:February 15, 2008
Description: A flaw was found in the mod_proxy module. On sites where a reverse proxy is configured, a remote attacker could send a carefully crafted request that would cause the Apache child process handling that request to crash. On sites where a forward proxy is configured, an attacker could cause a similar crash if a user could be persuaded to visit a malicious site using the proxy. This could lead to a denial of service if using a threaded Multi-Processing Module. (CVE-2007-3847)

A flaw was found in the mod_autoindex module. On sites where directory listings are used, and the AddDefaultCharset directive has been removed from the configuration, a cross-site-scripting attack may be possible against browsers which do not correctly derive the response character set following the rules in RFC 2616. (CVE-2007-4465)

Alerts:
Slackware SSA:2008-045-02 2008-02-15
Ubuntu USN-575-1 2008-02-04
Red Hat RHSA-2008:0008-01 2008-01-15
Red Hat RHSA-2008:0006-01 2008-01-15
Red Hat RHSA-2008:0005-01 2008-01-15
Red Hat RHSA-2008:0004-01 2008-01-15
Mandriva MDKSA-2007:235 2007-12-03
SuSE SUSE-SA:2007:061 2007-11-19
Red Hat RHSA-2007:0747-02 2007-11-15
Gentoo 200711-06 2007-11-07
Red Hat RHSA-2007:0746-04 2007-11-07
Red Hat RHSA-2007:0911-01 2007-10-25
Fedora FEDORA-2007-707 2007-09-24

Comments (none posted)

JRockit: multiple vulnerabilities

Package(s):jrockit-jdk-bin CVE #(s):CVE-2007-2788 CVE-2007-4381 CVE-2007-3716 CVE-2007-2789 CVE-2007-3004 CVE-2007-3005 CVE-2007-3503 CVE-2007-3698 CVE-2007-3922
Created:September 24, 2007 Updated:June 24, 2008
Description: An integer overflow vulnerability exists in the embedded ICC profile image parser (CVE-2007-2788), an unspecified vulnerability exists in the font parsing implementation (CVE-2007-4381), and an error exists when processing XSLT stylesheets contained in XSLT Transforms in XML signatures (CVE-2007-3716), among other vulnerabilities.
Alerts:
Red Hat RHSA-2008:0133-01 2008-06-24
SuSE SUSE-SA:2008:025 2008-04-25
Gentoo 200804-20 2008-04-17
Red Hat RHSA-2008:0100-01 2008-03-11
Red Hat RHSA-2008:0132-01 2008-02-14
Red Hat RHSA-2007:1086-01 2007-12-12
Gentoo 200709-15 2007-09-23

Comments (none posted)

kdebase: kdm passwordless login vulnerability

Package(s):kdebase kdm CVE #(s):CVE-2007-4569
Created:September 21, 2007 Updated:November 13, 2007
Description: According to this KDE advisory KDM can be tricked into performing a password-less login even for accounts with a password set under certain circumstances, namely autologin to be configured and "shutdown with password" enabled. KDE versions 3.3.0 up to including 3.5.7 are vulnerable.
Alerts:
Gentoo 200710-15 2007-10-14
Fedora FEDORA-2007-716 2007-10-08
Fedora FEDORA-2007-2361 2007-10-03
Mandriva MDKSA-2007:190 2007-09-27
Ubuntu USN-517-1 2007-09-24
Slackware SSA:2007-264-01 2007-09-24
rPath rPSA-2007-0194-1 2007-09-20
Debian DSA-1376 2007-09-21

Comments (none posted)

kernel: out-of-bounds access

Package(s):kernel CVE #(s):CVE-2007-4573
Created:September 25, 2007 Updated:December 6, 2010
Description: The IA32 system call emulation functionality in Linux kernel 2.4.x and 2.6.x before 2.6.22.7, when running on the x86_64 architecture, does not zero extend the eax register after the 32bit entry path to ptrace is used, which might allow local users to gain privileges by triggering an out-of-bounds access to the system call table using the %RAX register.
Alerts:
Mandriva MDVSA-2010:247 2010-12-03
Mandriva MDVSA-2010:188 2010-09-23
Mandriva MDVSA-2010:198 2010-10-07
Mandriva MDVSA-2008:105 2007-05-21
Debian DSA-1504 2008-02-22
Mandriva MDVSA-2008:008 2008-01-11
SuSE SUSE-SA:2007:064 2007-12-04
SuSE SUSE-SA:2007:053 2007-10-12
Mandriva MDKSA-2007:195 2007-10-15
Mandriva MDKSA-2007:196 2007-10-15
Debian DSA-1381-2 2007-10-12
Debian DSA-1381-1 2007-10-02
Debian DSA-1378-2 2007-09-28
Debian DSA-1378-1 2007-09-27
Red Hat RHSA-2007:0938-01 2007-09-27
Red Hat RHSA-2007:0937-01 2007-09-27
Red Hat RHSA-2007:0936-01 2007-09-27
Ubuntu USN-518-1 2007-09-25
rPath rPSA-2007-0198-1 2007-09-24
Fedora FEDORA-2007-712 2007-09-24
Fedora FEDORA-2007-2298 2007-09-25

Comments (none posted)

libsndfile: heap-based buffer overflow

Package(s):libsndfile CVE #(s):CVE-2007-4974
Created:September 25, 2007 Updated:January 9, 2008
Description: Heap-based buffer overflow in libsndfile 1.0.17 and earlier might allow remote attackers to execute arbitrary code via a FLAC file with crafted PCM data containing a block with a size that exceeds the previous block size.
Alerts:
SuSE SUSE-SR:2008:001 2008-01-09
Debian DSA-1442-1 2007-12-29
Gentoo 200710-04 2007-10-07
Ubuntu USN-525-1 2007-10-04
Mandriva MDKSA-2007:191 2007-10-01
Fedora FEDORA-2007-2236 2007-09-24

Comments (none posted)

postgresql: several vulnerabilities

Package(s):postgresql CVE #(s):CVE-2007-3278 CVE-2007-3279 CVE-2007-3280
Created:September 25, 2007 Updated:February 1, 2008
Description: PostgreSQL 8.1 and probably later and earlier versions, when local trust authentication is enabled and the Database Link library (dblink) is installed, allows remote attackers to access arbitrary accounts and execute arbitrary SQL queries via a dblink host parameter that proxies the connection from 127.0.0.1. (CVE-2007-3278)

PostgreSQL 8.1 and probably later and earlier versions, when the PL/pgSQL (plpgsql) language has been created, grants certain plpgsql privileges to the PUBLIC domain, which allows remote attackers to create and execute functions, as demonstrated by functions that perform local brute-force password guessing attacks, which may evade intrusion detection. (CVE-2007-3279)

The Database Link library (dblink) in PostgreSQL 8.1 implements functions via CREATE statements that map to arbitrary libraries based on the C programming language, which allows remote authenticated superusers to map and execute a function from any library, as demonstrated by using the system function in libc.so.6 to gain shell access. (CVE-2007-3280)

Alerts:
Red Hat RHSA-2008:0040-01 2008-02-01
Gentoo 200801-15 2008-01-29
Ubuntu USN-568-1 2008-01-14
Debian DSA-1463-1 2008-01-14
Debian DSA-1460-1 2008-01-13
Red Hat RHSA-2008:0039-01 2008-01-11
Red Hat RHSA-2008:0038-01 2008-01-11
Mandriva MDKSA-2007:188 2007-09-25

Comments (1 posted)

t1lib: buffer overflow

Package(s):t1lib CVE #(s):CVE-2007-4033
Created:September 20, 2007 Updated:February 12, 2008
Description: T1lib, an enhanced rasterizer for X11 Type 1 fonts, does not properly perform bounds checking. An attacker can send specially crafted input to applications linked against the library in order to create a buffer overflow, resulting in a denial of service or the execution of arbitrary code.
Alerts:
Foresight FLEA-2008-0006-1 2008-02-11
rPath rPSA-2008-0007-1 2008-01-04
Mandriva MDKSA-2007:230 2007-11-20
Fedora FEDORA-2007-3308 2007-11-20
Fedora FEDORA-2007-750 2007-11-21
Fedora FEDORA-2007-3390 2007-11-20
Red Hat RHSA-2007:1027-02 2007-11-08
Debian DSA-1390-1 2007-10-18
Gentoo 200710-12 2007-10-12
Fedora FEDORA-2007-2343 2007-09-28
Mandriva MDKSA-2007:189 2007-09-27
Ubuntu USN-515-1 2007-09-19

Comments (none posted)

tomcat: multiple vulnerabilities

Package(s):tomcat CVE #(s):CVE-2007-3382 CVE-2007-3385 CVE-2007-3386
Created:September 26, 2007 Updated:September 13, 2010
Description: Tomcat was found treating single quote characters -- ' -- as delimiters in cookies. This could allow remote attackers to obtain sensitive information, such as session IDs, for session hijacking attacks (CVE-2007-3382).

It was reported Tomcat did not properly handle the following character sequence in a cookie: \" (a backslash followed by a double-quote). It was possible remote attackers could use this failure to obtain sensitive information, such as session IDs, for session hijacking attacks (CVE-2007-3385).

A cross-site scripting (XSS) vulnerability existed in the Host Manager Servlet. This allowed remote attackers to inject arbitrary HTML and web script via crafted requests (CVE-2007-3386).

Alerts:
Mandriva MDVSA-2010:176 2010-09-12
SuSE SUSE-SR:2009:004 2009-02-17
Fedora FEDORA-2008-8130 2008-09-16
Red Hat RHSA-2008:0195-01 2008-04-28
SuSE SUSE-SR:2008:005 2008-03-06
Fedora FEDORA-2008-1603 2008-02-13
Fedora FEDORA-2008-1467 2008-02-13
Debian DSA-1447-1 2008-01-03
Mandriva MDKSA-2007:241 2007-12-10
Fedora FEDORA-2007-3456 2007-11-17
Fedora FEDORA-2007-3474 2007-11-17
Red Hat RHSA-2007:0950-01 2007-11-05
Red Hat RHSA-2007:0876-01 2007-10-11
Red Hat RHSA-2007:0871-01 2007-09-26

Comments (none posted)

Updated vulnerabilities

acroread: multiple vulnerabilities

Package(s):acroread CVE #(s):CVE-2006-5857 CVE-2007-0045 CVE-2007-0046
Created:January 11, 2007 Updated:October 26, 2009
Description: Adobes acrobat reader has the following vulnerabilities:

The Adobe Reader Plugin has a cross site scripting vulnerability that can be triggered by processes malformed URLs. Arbitrary JavaScript can be served by a malicious web server, leading to a cross-site scripting attack.

Maliciously crafted PDF files can be used to trigger two vulnerabilities, if an attacker can trick a user into viewing the files, arbitrary code can be executed with the user's privileges.

Alerts:
SuSE SUSE-SA:2009:049 2009-10-26
Gentoo 200910-03 2009-10-25
Red Hat RHSA-2007:0021-01 2007-01-22
Gentoo 200701-16 2007-01-22
SuSE SUSE-SA:2007:011 2007-01-22
Red Hat RHSA-2007:0017-01 2007-01-11

Comments (1 posted)

apache2: information disclosure

Package(s):apache CVE #(s):CVE-2007-1862
Created:June 20, 2007 Updated:February 18, 2008
Description: From the Mandriva advisory: "The recall_headers function in mod_mem_cache in Apache 2.2.4 does not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously-used data, which could be used to obtain potentially sensitive information by unauthorized users."
Alerts:
Fedora FEDORA-2008-1711 2008-02-15
Fedora FEDORA-2007-0704 2007-06-26
Mandriva MDKSA-2007:127 2007-06-19

Comments (2 posted)

apache: multiple vulnerabilities

Package(s):apache CVE #(s):CVE-2007-3304 CVE-2006-5752
Created:June 27, 2007 Updated:February 18, 2008
Description: The Apache HTTP Server did not verify that a process was an Apache child process before sending it signals. A local attacker who has the ability to run scripts on the Apache HTTP Server could manipulate the scoreboard and cause arbitrary processes to be terminated, which could lead to a denial of service. (CVE-2007-3304)

A flaw was found in the Apache HTTP Server mod_status module. Sites with the server-status page publicly accessible and ExtendedStatus enabled were vulnerable to a cross-site scripting attack. On Red Hat Enterprise Linux the server-status page is not enabled by default and it is best practice to not make this publicly available. (CVE-2006-5752)

Alerts:
Fedora FEDORA-2008-1711 2008-02-15
SuSE SUSE-SA:2007:061 2007-11-19
Fedora FEDORA-2007-2214 2007-09-18
rPath rPSA-2007-0182-1 2007-09-14
Ubuntu USN-499-1 2007-08-16
Red Hat RHSA-2007:0662-01 2007-07-13
Red Hat RHSA-2007:0557-01 2007-07-13
Fedora FEDORA-2007-615 2007-07-12
Mandriva MDKSA-2007:142 2007-07-04
Mandriva MDKSA-2007:141 2007-07-04
Mandriva MDKSA-2007:140 2007-07-04
Fedora FEDORA-2007-617 2007-07-02
rPath rPSA-2007-0136-1 2007-06-27
Red Hat RHSA-2007:0556-01 2007-06-26
Red Hat RHSA-2007:0534-01 2007-06-26
Red Hat RHSA-2007:0533-01 2007-06-27
Red Hat RHSA-2007:0532-01 2007-06-26

Comments (1 posted)

apache: cross-site scripting

Package(s):apache CVE #(s):CVE-2006-3918
Created:August 9, 2006 Updated:April 4, 2008
Description: From the Red Hat advisory: "A bug was found in Apache where an invalid Expect header sent to the server was returned to the user in an unescaped error message. This could allow an attacker to perform a cross-site scripting attack if a victim was tricked into connecting to a site and sending a carefully crafted Expect header."
Alerts:
SuSE SUSE-SA:2008:021 2008-04-04
Ubuntu USN-575-1 2008-02-04
SuSE SUSE-SA:2006:051 2006-09-08
Debian DSA-1167-1 2005-09-04
Red Hat RHSA-2006:0619-01 2006-08-10
Red Hat RHSA-2006:0618-01 2006-08-08

Comments (none posted)

avahi: denial of service

Package(s):avahi CVE #(s):CVE-2007-3372
Created:June 28, 2007 Updated:December 23, 2008
Description: Avahi is vulnerable to a local denial of service that can be caused by making an erroneous call to the assert() function.
Alerts:
Debian DSA-1690-1 2008-12-22
Ubuntu USN-696-1 2008-12-18
Mandriva MDKSA-2007:185 2007-09-17
Foresight FLEA-2007-0030-1 2007-06-28

Comments (none posted)

bochs: buffer overflow

Package(s):bochs CVE #(s):CVE-2007-2893
Created:July 20, 2007 Updated:November 19, 2007
Description: A heap-based buffer overflow in the bx_ne2k_c::rx_frame function in iodev/ne2k.cc in the emulated NE2000 device in Bochs 2.3 allows local users of the guest operating system to write to arbitrary memory locations and gain privileges on the host operating system via vectors that cause TXCNT register values to exceed the device memory size, aka "RX Frame heap overflow."
Alerts:
Gentoo 200711-21 2007-11-17
Fedora FEDORA-2007-1778 2007-08-23
Debian DSA-1351-1 2007-08-07
Fedora FEDORA-2007-1153 2007-07-19

Comments (none posted)

cacti: denial of service

Package(s):cacti CVE #(s):CVE-2007-3112 CVE-2007-3113
Created:September 18, 2007 Updated:December 16, 2009
Description: A vulnerability in Cacti 0.8.6i and earlier versions allows remote authenticated users to cause a denial of service (CPU consumption) via large values of the graph_start, graph_end, graph_height, or graph_width parameters.
Alerts:
Debian DSA-1954-1 2009-12-16
Fedora FEDORA-2008-1737 2008-02-15
Fedora FEDORA-2007-3683 2007-11-22
Fedora FEDORA-2007-2199 2007-09-18
Mandriva MDKSA-2007:184 2007-09-17

Comments (none posted)

centericq: buffer overflows

Package(s):centericq CVE #(s):CVE-2007-3713
Created:July 20, 2007 Updated:December 17, 2007
Description: Multiple buffer overflows in Konst CenterICQ 4.9.11 through 4.21 allow remote attackers to execute arbitrary code via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this might overlap CVE-2007-0160.
Alerts:
Debian DSA-1433-1 2007-12-16
Debian-Testing DTSA-55-1 2007-09-03
Fedora FEDORA-2007-1160 2007-07-19

Comments (none posted)

clamav: denial of service

Package(s):clamav CVE #(s):CVE-2007-3725
Created:July 24, 2007 Updated:February 27, 2008
Description: A NULL pointer dereference has been discovered in the RAR VM of Clam Antivirus (ClamAV) which allows user-assisted remote attackers to cause a denial of service via a specially crafted RAR archives.
Alerts:
SuSE SUSE-SR:2007:015 2007-08-03
Gentoo 200708-04 2007-08-09
Mandriva MDKSA-2007:150 2007-07-25
Debian DSA-1340-1 2007-07-24

Comments (none posted)

clamav: multiple vulnerabilities

Package(s):clamav CVE #(s):CVE-2007-4510 CVE-2007-4560
Created:September 3, 2007 Updated:February 13, 2008
Description: Several remote vulnerabilities have been discovered in the Clam anti-virus toolkit. The Common Vulnerabilities and Exposures project identifies the following problems:

CVE-2007-4510: It was discovered that the RTF and RFC2397 parsers can be tricked into dereferencing a NULL pointer, resulting in denial of service.

CVE-2007-4560: It was discovered clamav-milter performs insufficient input sanitizing, resulting in the execution of arbitrary shell commands.

Alerts:
Fedora FEDORA-2008-1608 2008-02-13
Fedora FEDORA-2008-0170 2008-01-22
Gentoo 200709-14 2007-09-20
Fedora FEDORA-2007-2050 2007-09-07
Mandriva MDKSA-2007:172 2007-08-31
Debian DSA-1366-1 2007-09-01

Comments (none posted)

cpio: arbitrary code execution

Package(s):cpio CVE #(s):CVE-2005-4268
Created:January 2, 2006 Updated:March 17, 2010
Description: Richard Harms discovered that cpio did not sufficiently validate file properties when creating archives. Files with e. g. a very large size caused a buffer overflow. By tricking a user or an automatic backup system into putting a specially crafted file into a cpio archive, a local attacker could probably exploit this to execute arbitrary code with the privileges of the target user (which is likely root in an automatic backup system).
Alerts:
CentOS CESA-2010:0145 2010-03-17
Red Hat RHSA-2010:0145-01 2010-03-15
rPath rPSA-2007-0094-1 2007-05-07
Red Hat RHSA-2007:0245-02 2007-05-01
Ubuntu USN-234-1 2006-01-02

Comments (none posted)

vixie-cron: privilege escalation

Package(s):cron CVE #(s):CVE-2006-2607
Created:May 31, 2006 Updated:June 1, 2009
Description: The Vixie cron daemon does not check the return code from setuid(); if that call can be made to fail, a local attacker may be able to execute commands as root.
Alerts:
Ubuntu USN-778-1 2009-06-01
Red Hat RHSA-2006:0539-01 2006-07-12
Gentoo 200606-07 2006-06-09
SuSE SUSE-SA:2006:027 2006-05-31
rPath rPSA-2006-0082-1 2006-05-25

Comments (1 posted)

cscope: buffer overflows

Package(s):cscope CVE #(s):CVE-2006-4262
Created:October 2, 2006 Updated:June 16, 2009
Description: Will Drewry of the Google Security Team discovered several buffer overflows in cscope, a source browsing tool, which might lead to the execution of arbitrary code.
Alerts:
CentOS CESA-2009:1101 2009-06-16
Red Hat RHSA-2009:1101-01 2009-06-15
Gentoo 200610-08 2006-10-20
Debian DSA-1186-1 2006-09-30

Comments (none posted)

cscope: buffer overflows

Package(s):cscope CVE #(s):CVE-2004-2541
Created:May 22, 2006 Updated:June 19, 2009
Description: A buffer overflow in Cscope 15.5, and possibly multiple overflows, allows remote attackers to execute arbitrary code via a C file with a long #include line that is later browsed by the target.
Alerts:
CentOS CESA-2009:1102 2009-06-19
CentOS CESA-2009:1101 2009-06-16
Red Hat RHSA-2009:1102-01 2009-06-15
Red Hat RHSA-2009:1101-01 2009-06-15
Gentoo 200606-10 2006-06-11
Debian DSA-1064-1 2006-05-19

Comments (1 posted)

cups: denial of service

Package(s):cups CVE #(s):CVE-2007-0720
Created:March 26, 2007 Updated:February 7, 2008
Description: Previous versions of the cups package could be forced to hang via a client "partially negotiating" an ssl connection. In this state, cups would not allow other connections to be made, a denial of service.
Alerts:
Mandriva MDVSA-2008:036 2007-02-06
Mandriva MDKSA-2007:086 2007-04-16
Red Hat RHSA-2007:0123-01 2007-04-16
Gentoo 200703-28 2007-03-31
Foresight FLEA-2007-0003-1 2007-03-25

Comments (none posted)

gpdf: integer overflow

Package(s):cups poppler xpdf CVE #(s):CVE-2007-3387
Created:July 31, 2007 Updated:November 28, 2007
Description: The gpdf library contains an integer overflow which can be exploited via a malicious PDF file. This code finds its way into multiple packages, including xpdf, kpdf, poppler, cups, and more.
Alerts:
Fedora FEDORA-2007-3390 2007-11-20
Fedora FEDORA-2007-3308 2007-11-20
Gentoo 200710-20 2007-10-18
Gentoo 200710-08 2007-10-09
Gentoo 200709-12 2007-09-19
Fedora FEDORA-2007-685 2007-08-30
Debian-Testing DTSA-54-1 2007-08-22
Fedora FEDORA-2007-669 2007-08-13
Fedora FEDORA-2007-644 2007-08-13
Debian DSA-1357-1 2007-08-19
Mandriva MDKSA-2007:162 2007-08-14
Mandriva MDKSA-2007:165 2007-08-15
Foresight FLEA-2007-0046-1 2007-08-14
Fedora FEDORA-2007-1614 2007-08-15
Mandriva MDKSA-2007:164 2007-08-14
Mandriva MDKSA-2007:163 2007-08-14
Foresight FLEA-2007-0045-1 2007-08-14
Foresight FLEA-2007-0044-1 2007-08-14
Mandriva MDKSA-2007:158 2007-08-13
Mandriva MDKSA-2007:160 2007-08-13
Mandriva MDKSA-2007:161 2007-08-13
Mandriva MDKSA-2007:159 2007-08-13
Fedora FEDORA-2007-1594 2007-08-13
Debian DSA-1355-1 2007-08-13
Slackware SSA:2007-222-05 2007-08-13
Slackware SSA:2007-222-02 2007-08-13
Fedora FEDORA-2007-1547 2007-08-10
Fedora FEDORA-2007-1541 2007-08-10
Debian DSA-1354-1 2007-08-13
rPath rPSA-2007-0154-1 2007-08-10
SuSE SUSE-SR:2007:016 2007-08-10
Ubuntu USN-496-2 2007-08-07
Debian DSA-1352-1 2007-08-07
Debian DSA-1350-1 2007-08-06
Debian DSA-1349-1 2007-08-05
Debian DSA-1348-1 2007-08-04
Debian DSA-1347-1 2007-08-04
SuSE SUSE-SR:2007:015 2007-08-03
Ubuntu USN-496-1 2007-08-03
Red Hat RHSA-2007:0731-01 2007-08-01
Red Hat RHSA-2007:0735-01 2007-07-30
Red Hat RHSA-2007:0732-01 2007-07-30
Red Hat RHSA-2007:0729-01 2007-07-30
Red Hat RHSA-2007:0730-01 2007-07-30
Red Hat RHSA-2007:0720-01 2007-07-30

Comments (1 posted)

dovecot: privilege escalation

Package(s):dovecot CVE #(s):CVE-2007-4211
Created:August 15, 2007 Updated:May 21, 2008
Description: From the rPath advisory: "Previous versions of the dovecot package are vulnerable to a minor privilege escalation attack in which an authenticated user may exploit an ACL plugin weakness to save message flags without having proper permissions."
Alerts:
Red Hat RHSA-2008:0297-02 2008-05-21
Fedora FEDORA-2007-664 2007-08-20
rPath rPSA-2007-0161-1 2007-08-14

Comments (none posted)

dovecot: directory traversal

Package(s):dovecot CVE #(s):CVE-2007-2231
Created:May 8, 2007 Updated:May 21, 2008
Description: Directory traversal vulnerability in index/mbox/mbox-storage.c in Dovecot before 1.0.rc29, when using the zlib plugin, allows remote attackers to read arbitrary gzipped (.gz) mailboxes (mbox files) via a .. (dot dot) sequence in the mailbox name.
Alerts:
Red Hat RHSA-2008:0297-02 2008-05-21
Debian DSA-1359-1 2007-08-28
Ubuntu USN-487-1 2007-07-17
Fedora FEDORA-2007-493 2007-05-07

Comments (none posted)

eggdrop: stack-based buffer overflow

Package(s):eggdrop CVE #(s):CVE-2007-2807
Created:September 7, 2007 Updated:December 8, 2009
Description: A stack-based buffer overflow in mod/server.mod/servrmsg.c in Eggdrop 1.6.18, and possibly earlier, allows user-assisted, malicious remote IRC servers to execute arbitrary code via a long private message.
Alerts:
Mandriva MDVSA-2009:126-1 2009-12-08
Debian DSA-1826-1 2009-07-04
Mandriva MDVSA-2009:126 2009-06-01
Fedora FEDORA-2009-5572 2009-05-28
Fedora FEDORA-2009-5568 2009-05-28
Debian DSA-1448-1 2008-01-05
Fedora FEDORA-2007-4325 2007-12-10
Fedora FEDORA-2007-4305 2007-12-10
Gentoo 200709-07 2007-09-15
Mandriva MDKSA-2007:175 2007-09-06

Comments (none posted)

elinks: code execution

Package(s):elinks CVE #(s):CVE-2007-2027
Created:May 7, 2007 Updated:October 30, 2009
Description: Arnaud Giersch discovered that elinks incorrectly attempted to load gettext catalogs from a relative path. If a user were tricked into running elinks from a specific directory, a local attacker could execute code with user privileges.
Alerts:
Red Hat RHSA-2009:1471-01 2009-10-01
CentOS CESA-2009:1471 2009-10-06
CentOS CESA-2009:1471 2009-10-30
Gentoo 200706-03 2007-06-06
Ubuntu USN-457-1 2007-05-07
Oracle ELSA-2013-0250 2013-02-11

Comments (none posted)

elinks: arbitrary file access

Package(s):elinks CVE #(s):CVE-2006-5925
Created:November 16, 2006 Updated:October 22, 2009
Description: The elinks text-mode browser has an arbitrary file access vulnerability in the Elinks SMB protocol handler. If a user can be tricked into visiting a specially crafted web page, arbitrary files may be read or written with the user's permissions.
Alerts:
Ubuntu USN-851-1 2009-10-21
Gentoo 200701-27 2007-01-30
OpenPKG OpenPKG-SA-2006.043 2006-12-26
Debian DSA-1240-1 2006-12-21
Gentoo 200612-16 2006-12-14
Debian DSA-1228-1 2006-12-05
Debian DSA-1226-1 2006-12-03
Fedora FEDORA-2006-1278 2006-11-21
Fedora FEDORA-2006-1277 2006-11-21
Mandriva MDKSA-2006:216 2006-11-20
Red Hat RHSA-2006:0742-01 2006-11-15

Comments (none posted)

evolution: format string error

Package(s):evolution CVE #(s):CVE-2007-1002
Created:March 27, 2007 Updated:February 27, 2008
Description: A format string error in the "write_html()" function in calendar/gui/ e-cal-component-memo-preview.c when displaying a memo's categories can potentially be exploited to execute arbitrary code via a specially crafted shared memo containing format specifiers.
Alerts:
SuSE SUSE-SR:2007:015 2007-08-03
Gentoo 200706-02 2007-06-06
Red Hat RHSA-2007:0158-01 2007-05-03
Foresight FLEA-2007-0010-1 2007-04-05
Fedora FEDORA-2007-404 2007-04-04
Fedora FEDORA-2007-393 2007-04-04
Mandriva MDKSA-2007:070 2007-03-27

Comments (1 posted)

evolution-data-server: malicious server arbitrary code execution

Package(s):evolution-data-server CVE #(s):CVE-2007-3257
Created:June 18, 2007 Updated:November 7, 2007
Description: From the GNOME bugzilla: "The "SEQUENCE" value in the GData of the IMAP code (camel-imap-folder.c) is converted from a string using strtol. This allows for negative values. The imap_rescan uses this value as an int. It checks for !seq and seq>summary.length. It doesn't check for seq < 0. Although seq is used as the index of an array."
Alerts:
Gentoo 200711-04 2007-11-06
Gentoo 200707-03 2007-07-02
SuSE SUSE-SA:2007:042 2007-07-05
Debian DSA-1325-1 2007-06-29
Fedora FEDORA-2007-594 2007-06-27
Fedora FEDORA-2007-595 2007-06-27
Mandriva MDKSA-2007:136 2007-06-26
Red Hat RHSA-2007:0510-01 2007-06-25
Red Hat RHSA-2007:0509-01 2007-06-25
Debian DSA-1321-1 2007-06-23
Ubuntu USN-475-1 2007-06-21
Fedora FEDORA-2007-0464 2007-06-16

Comments (1 posted)

pop mail man-in-the-middle attacks

Package(s):evolution thunderbird mutt fetchmail CVE #(s):CVE-2007-1558
Created:May 8, 2007 Updated:July 3, 2009
Description: The APOP protocol allows remote attackers to guess the first 3 characters of a password via man-in-the-middle (MITM) attacks that use crafted message IDs and MD5 collisions. NOTE: this design-level issue potentially affects all products that use APOP, including (1) Thunderbird, (2) Evolution, (3) mutt, and (4) fetchmail.
Alerts:
CentOS CESA-2009:1140 2009-07-02
Red Hat RHSA-2009:1140-02 2009-07-02
Fedora FEDORA-2007-1447 2007-08-06
rPath rPSA-2007-0127-1 2007-06-19
Foresight FLEA-2007-0026-1 2007-06-18
rPath rPSA-2007-0122-1 2007-06-14
Red Hat RHSA-2007:0385-01 2007-06-07
rPath rPSA-2007-0114-1 2007-06-04
Mandriva MDKSA-2007:113 2007-06-04
Red Hat RHSA-2007:0386-01 2007-06-04
Fedora FEDORA-2007-0001 2007-06-01
Fedora FEDORA-2007-552 2007-05-31
Fedora FEDORA-2007-552 2007-05-31
Fedora FEDORA-2007-552 2007-05-31
Fedora FEDORA-2007-552 2007-05-31
Fedora FEDORA-2007-550 2007-05-31
Fedora FEDORA-2007-551 2007-05-31
Red Hat RHSA-2007:0401-01 2007-05-30
Fedora FEDORA-2007-539 2007-05-30
Fedora FEDORA-2007-540 2007-05-30
Red Hat RHSA-2007:0344-01 2007-05-30
Mandriva MDKSA-2007:107 2007-05-19
Mandriva MDKSA-2007:105 2007-05-17
Red Hat RHSA-2007:0353-01 2007-05-17
Fedora FEDORA-2007-484 2007-05-07
Fedora FEDORA-2007-485 2007-05-07

Comments (none posted)

fetchmail: denial of service

Package(s):fetchmail CVE #(s):CVE-2007-4565
Created:September 5, 2007 Updated:October 30, 2009
Description: fetchmail before 6.3.9 allows context-dependent attackers to cause a denial of service (NULL dereference and application crash) by refusing certain warning messages that are sent over SMTP.
Alerts:
CentOS CESA-2009:1427 2009-09-08
Red Hat RHSA-2009:1427-01 2009-09-08
CentOS CESA-2009:1427 2009-10-30
Ubuntu USN-520-1 2007-09-26
Debian DSA-1377-2 2007-09-21
Debian DSA-1377 2007-09-21
Mandriva MDKSA-2007:179 2007-09-11
Foresight FLEA-2007-0053-1 2007-09-06
rPath rPSA-2007-0178-1 2007-09-05
Fedora FEDORA-2007-1983 2007-09-04
Fedora FEDORA-2007-689 2007-09-04

Comments (none posted)

file: integer overflow

Package(s):file CVE #(s):CVE-2007-2799
Created:June 1, 2007 Updated:October 19, 2007
Description: Colin Percival from FreeBSD reported that the previous fix for the file_printf() buffer overflow introduced a new integer overflow. A remote attacker could entice a user to run the file program on an overly large file (more than 1Gb) that would trigger an integer overflow on 32-bit systems, possibly leading to the execution of arbitrary code with the rights of the user running file.
Alerts:
Gentoo 200710-19 2007-10-18
Debian DSA-1343-2 2007-09-25
Debian DSA-1343-1 2007-07-31
SuSE SUSE-SA:2007:040 2007-07-04
Fedora FEDORA-2007-0836 2007-07-03
Fedora FEDORA-2007-538 2007-06-11
Fedora FEDORA-2007-541 2007-06-11
Ubuntu USN-439-2 2007-06-11
Mandriva MDKSA-2007:114 2007-06-05
Gentoo 200705-25 2007-05-31

Comments (3 posted)

firebird: buffer overflow

Package(s):firebird CVE #(s):CVE-2007-3181
Created:July 2, 2007 Updated:March 27, 2008
Description: The Firebird DBMS has a buffer overflow vulnerability involving the processing of connect requests with an overly large p_cnct_count value. Remote attackers can send a specially crafted request to the server in order to potentially execute arbitrary code with the permissions of the Firebird user.
Alerts:
Debian DSA-1529-1 2008-03-24
Gentoo 200707-01 2007-07-01

Comments (none posted)

firefox: multiple vulnerabilities

Package(s):firefox CVE #(s):CVE-2007-3844 CVE-2007-3845
Created:August 1, 2007 Updated:February 20, 2008
Description:

A flaw was discovered in handling of "about:blank" windows used by addons. A malicious web site could exploit this to modify the contents, or steal confidential data (such as passwords), of other web pages. (CVE-2007-3844)

Jesper Johansson discovered that spaces and double-quotes were not correctly handled when launching external programs. In rare configurations, after tricking a user into opening a malicious web page, an attacker could execute helpers with arbitrary arguments with the user's privileges. (CVE-2007-3845)

Alerts:
Mandriva MDVSA-2007:047 2007-02-19
Fedora FEDORA-2007-3414 2007-11-16
Fedora FEDORA-2007-3431 2007-11-16
Red Hat RHSA-2007:0981-01 2007-10-19
Red Hat RHSA-2007:0980-01 2007-10-19
Red Hat RHSA-2007:0979-01 2007-10-19
Debian DSA-1391-1 2007-10-19
Gentoo 200708-09 2007-08-14
rPath rPSA-2007-0157-1 2007-08-10
Slackware SSA:2007-215-01 2007-08-06
Debian DSA-1346-1 2007-08-04
Debian DSA-1345-1 2007-08-04
Debian DSA-1344-1 2007-08-03
Foresight FLEA-2007-0040-1 2007-08-03
Slackware SSA:2007-213-01 2007-08-02
Mandriva MDKSA-2007:152 2007-08-01
Foresight FLEA-2007-0039-1 2007-08-01
Ubuntu USN-493-1 2007-07-31

Comments (none posted)

firefox, thunderbird, seamonkey: multiple vulnerabilities

Package(s):firefox, thunderbird, seamonkey CVE #(s):CVE-2007-3738 CVE-2007-3656 CVE-2007-3670 CVE-2007-3285 CVE-2007-3737 CVE-2007-3089 CVE-2007-3736 CVE-2007-3734 CVE-2007-3735
Created:July 18, 2007 Updated:May 12, 2008
Description: shutdown and moz_bug_r_a4 reported two separate ways to modify an XPCNativeWrapper such that subsequent access by the browser would result in executing user-supplied code. (CVE-2007-3738)

Michal Zalewski reported that it was possible to bypass the same-origin checks and read from cached (wyciwyg) documents It is possible to access wyciwyg:// documents without proper same domain policy checks through the use of HTTP 302 redirects. This enables the attacker to steal sensitive data displayed on dynamically generated pages; perform cache poisoning; and execute own code or display own content with URL bar and SSL certificate data of the attacked page (URL spoofing++). (CVE-2007-3656)

Internet Explorer calls registered URL protocols without escaping quotes and may be used to pass unexpected and potentially dangerous data to the application that registers that URL Protocol. (CVE-2007-3670)

Ronald van den Heetkamp reported that a filename URL containing %00 (encoded null) can cause Firefox to interpret the file extension differently than the underlying Windows operating system potentially leading to unsafe actions such as running a program. This is only accessible locally. (CVE-2007-3285)

An attacker can use an element outside of a document to call an event handler allowing content to run arbitrary code with chrome privileges. (CVE-2007-3737)

Ronen Zilberman and Michal Zalewski both reported that it was possible to exploit a timing issue to inject content into about:blank frames in a page. When opening a window from a script, it is possible to spoof the content of the newly opened window's frames within a short time frame, while the window is loading. (CVE-2007-3089)

Mozilla contributor moz_bug_r_a4 demonstrated that the methods addEventListener and setTimeout could be used to inject script into another site in violation of the browser's same-origin policy. This could be used to access or modify private or valuable information from that other site. (CVE-2007-3736)

As part of the Firefox 2.0.0.5 update releases Mozilla developers fixed many bugs to improve the stability of the product. Some of these crashes that showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Note: Thunderbird shares the browser engine with Firefox and could be vulnerable if JavaScript were to be enabled in mail. This is not the default setting and we strongly discourage users from running JavaScript in mail. Without further investigation we cannot rule out the possibility that for some of these an attacker might be able to prepare memory for exploitation through some means other than JavaScript, such as large images. (CVE-2007-3734, CVE-2007-3735)

Alerts:
Debian DSA-1574-1 2008-05-12
Debian DSA-1534-2 2008-04-24
Debian DSA-1535-1 2008-03-30
Debian DSA-1534-1 2008-03-28
Debian DSA-1532-1 2008-03-27
Mandriva MDVSA-2007:047 2007-02-19
Ubuntu USN-503-1 2007-08-24
Slackware SSA:2007-222-04 2007-08-13
SuSE SUSE-SA:2007:049 2007-08-02
Slackware SSA:2007-205-02 2007-07-25
Slackware SSA:2007-205-01 2007-07-25
Foresight FLEA-2007-0033-1 2007-07-24
Debian DSA-1339-1 2007-07-23
Debian DSA-1338-1 2007-07-23
Fedora FEDORA-2007-1181 2007-07-20
Fedora FEDORA-2007-1180 2007-07-20
Debian DSA-1337-1 2007-07-22
Fedora FEDORA-2007-642 2007-07-20
Fedora FEDORA-2007-641 2007-07-20
rPath rPSA-2007-0148-1 2007-07-20
Ubuntu USN-490-1 2007-07-19
Slackware SSA:2007-200-01 2007-07-20
Fedora FEDORA-2007-1159 2007-07-19
Fedora FEDORA-2007-1157 2007-07-19
Fedora FEDORA-2007-1155 2007-07-19
Red Hat RHSA-2007:0724-01 2007-07-18
Red Hat RHSA-2007:0723-01 2007-07-18
Red Hat RHSA-2007:0722-01 2007-07-18
Fedora FEDORA-2007-1143 2007-07-18
Fedora FEDORA-2007-1144 2007-07-18
Fedora FEDORA-2007-1142 2007-07-18
Fedora FEDORA-2007-1138 2007-07-18

Comments (none posted)

flac123: arbitrary code execution

Package(s):flac123 CVE #(s):CVE-2007-3507
Created:July 13, 2007 Updated:October 22, 2007
Description: A stack-based buffer overflow in the local__vcentry_parse_value function in vorbiscomment.c in flac123 (aka flac-tools or flac) before 0.0.10 allows user-assisted remote attackers to execute arbitrary code via a large comment value_length.
Alerts:
Gentoo 200709-06 2007-09-14
Fedora FEDORA-2007-1045 2007-07-12

Comments (none posted)

freetype: arbitrary code execution

Package(s):freetype CVE #(s):CVE-2007-2754
Created:May 24, 2007 Updated:June 1, 2010
Description: The Freetype font rendering library versions 2.3.4 and below has an integer sign error. Remote attackers may be able to create a specially crafted TrueType Font file with a negative n_points value that will cause an integer overflow and heap-based buffer overflow, allowing the execution of arbitrary code.
Alerts:
Gentoo 201006-01 2010-06-01
Fedora FEDORA-2009-5644 2009-05-28
Fedora FEDORA-2009-5558 2009-05-28
CentOS CESA-2009:0329 2009-05-22
Red Hat RHSA-2009:1062-01 2009-05-22
Red Hat RHSA-2009:0329-02 2009-05-22
Debian DSA-1334 2007-07-18
SuSE SUSE-SA:2007:041 2007-07-04
Fedora FEDORA-2007-561 2007-06-18
Mandriva MDKSA-2007:121 2007-06-13
Foresight FLEA-2007-0025-1 2007-06-13
Red Hat RHSA-2007:0403-01 2007-06-11
Debian DSA-1302-1 2007-06-10
Fedora FEDORA-2007-0033 2007-06-01
Ubuntu USN-466-1 2007-05-30
Gentoo 200705-22 2007-05-30
Trustix TSLSA-2007-0019 2007-05-25
rPath rPSA-2007-0108-1 2007-05-23
Foresight FLEA-2007-0020-1 2007-05-21
OpenPKG OpenPKG-SA-2007.018 2007-05-24

Comments (none posted)

freetype: integer overflows

Package(s):freetype CVE #(s):CVE-2006-0747 CVE-2006-1861 CVE-2006-2493 CVE-2006-2661 CVE-2006-3467
Created:June 8, 2006 Updated:June 1, 2010
Description: The FreeType library has several integer overflow vulnerabilities. If a user can be tricked into installing a specially crafted font file, arbitrary code can be executed with the privilege of the user.
Alerts:
Gentoo 201006-01 2010-06-01
Fedora FEDORA-2009-5644 2009-05-28
Fedora FEDORA-2009-5558 2009-05-28
CentOS CESA-2009:0329 2009-05-22
Red Hat RHSA-2009:1062-01 2009-05-22
Red Hat RHSA-2009:0329-02 2009-05-22
Gentoo 200710-09 2007-10-09
Debian DSA-1178-1 2006-09-16
Ubuntu USN-341-1 2006-09-06
Gentoo 200609-04 2006-09-06
rPath rPSA-2006-0157-1 2006-08-25
Mandriva MDKSA-2006:148 2006-08-24
Red Hat RHSA-2006:0635-01 2006-08-21
Red Hat RHSA-2006:0634-01 2006-08-21
Fedora FEDORA-2006-912 2006-08-14
SuSE SUSE-SA:2006:045 2006-08-01
OpenPKG OpenPKG-SA-2006.017 2006-07-28
Ubuntu USN-324-1 2006-07-27
Slackware SSA:2006-207-02 2006-07-27
Mandriva MDKSA-2006:129 2006-07-20
Gentoo 200607-02 2006-07-09
SuSE SUSE-SA:2006:037 2006-06-27
Mandriva MDKSA-2006:099-1 2006-06-13
Mandriva MDKSA-2006:099 2006-06-12
rPath rPSA-2006-0100-1 2006-06-12
Debian DSA-1095-1 2006-06-10
Ubuntu USN-291-1 2006-06-08

Comments (none posted)

gallery2: multiple unspecified vulnerabilities

Package(s):gallery2 CVE #(s):CVE-2007-4650
Created:September 5, 2007 Updated:November 9, 2007
Description: Multiple unspecified vulnerabilities in Gallery before 2.2.3 allow attackers to (1) rename items, (2) read and modify item properties, or (3) lock and replace items via unknown vectors in (a) the WebDAV module; and (4) edit unspecified data files using "linked items" in (a) WebDAV and (b) Reupload modules.
Alerts:
Debian DSA-1404-1 2007-11-08
Gentoo 200711-03 2007-11-01
Fedora FEDORA-2007-2020 2007-09-04

Comments (none posted)

gcc: file overwrite vulnerability

Package(s):gcc CVE #(s):CVE-2006-3619
Created:September 6, 2006 Updated:March 14, 2008
Description: The fastjar utility found in the GNU compiler collection does not perform adequate file path checking, allowing the creation or overwriting of files outside of the current directory tree.
Alerts:
Mandriva MDVSA-2008:066 2007-03-13
Red Hat RHSA-2007:0473-01 2007-06-11
Red Hat RHSA-2007:0220-02 2007-05-01
Debian DSA-1170-1 2006-09-06

Comments (none posted)

gd: buffer overflow

Package(s):gd CVE #(s):CVE-2007-0455
Created:February 7, 2007 Updated:November 18, 2009
Description: The gd graphics library contains a buffer overflow which could enable a remote attacker to execute arbitrary code. Note that various other packages include code from gd and could also be vulnerable.
Alerts:
Debian DSA-1936-1 2009-11-17
Red Hat RHSA-2008:0146-01 2008-02-28
Ubuntu USN-473-1 2007-06-11
OpenPKG OpenPKG-SA-2007.016 2007-05-18
Trustix TSLSA-2007-0007 2007-02-13
Fedora FEDORA-2007-150 2007-02-12
Fedora FEDORA-2007-149 2007-02-12
rPath rPSA-2007-0028-1 2007-02-08
Mandriva MDKSA-2007:038 2006-02-06
Mandriva MDKSA-2007:036 2006-02-06
Mandriva MDKSA-2007:035 2006-02-06

Comments (2 posted)

gd: multiple vulnerabilities

Package(s):gd CVE #(s):CVE-2007-3472 CVE-2007-3473 CVE-2007-3474 CVE-2007-3475 CVE-2007-3476 CVE-2007-3477 CVE-2007-3478
Created:August 6, 2007 Updated:November 6, 2009
Description: Integer overflow in gdImageCreateTrueColor function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to have unspecified remote attack vectors and impact. (CVE-2007-3472)

The gdImageCreateXbm function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors involving a gdImageCreate failure. (CVE-2007-3473)

Multiple unspecified vulnerabilities in the GIF reader in the GD Graphics Library (libgd) before 2.0.35 allow user-assisted remote attackers to have unspecified attack vectors and impact. (CVE-2007-3474)

The GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via a GIF image that has no global color map. (CVE-2007-3475)

Array index error in gd_gif_in.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash and heap corruption) via large color index values in crafted image data, which results in a segmentation fault. (CVE-2007-3476)

The (a) imagearc and (b) imagefilledarc functions in GD Graphics Library (libgd) before 2.0.35 allows attackers to cause a denial of service (CPU consumption) via a large (1) start or (2) end angle degree value. (CVE-2007-3477)

Race condition in gdImageStringFTEx (gdft_draw_bitmap) in gdft.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors, possibly involving truetype font (TTF) support. (CVE-2007-3478)

Alerts:
Ubuntu USN-854-1 2009-11-05
Debian DSA-1613-1 2008-07-22
Red Hat RHSA-2008:0146-01 2008-02-28
SuSE SUSE-SR:2007:015 2007-08-03
Fedora FEDORA-2007-692 2007-09-18
Fedora FEDORA-2007-2055 2007-09-07
Foresight FLEA-2007-0052-1 2007-09-06
rPath rPSA-2007-0176-1 2007-09-05
Trustix TSLSA-2007-0024 2007-08-10
Gentoo 200708-05 2007-08-09
Mandriva MDKSA-2007:153 2007-08-03

Comments (none posted)

gd: denial of service

Package(s):gd CVE #(s):CVE-2007-2756
Created:June 14, 2007 Updated:February 28, 2008
Description: Libgd2 has a denial of service vulnerability involving the incorrect validation of PNG callback results. If an application that is linked against libgd2 is used to process a specially-crafted PNG file, a denial of service involving CPU resource consumption can be caused.
Alerts:
Red Hat RHSA-2008:0146-01 2008-02-28
Slackware SSA:2007-178-01 2007-06-27
SuSE SUSE-SR:2007:013 2007-06-22
Mandriva MDKSA-2007:124 2007-06-13
Mandriva MDKSA-2007:123 2007-06-13
Mandriva MDKSA-2007:122 2007-06-13

Comments (none posted)

gdm: denial of service

Package(s):gdm CVE #(s):CVE-2007-3381
Created:August 1, 2007 Updated:September 20, 2007
Description: JLANTHEA reported a denial of service flaw in the way that gdm listens on its Unix domain socket. Any local user can crash the locally running X session.
Alerts:
rPath rPSA-2007-0193-1 2007-09-19
Gentoo 200709-11 2007-09-18
Mandriva MDKSA-2007:169 2007-08-21
Red Hat RHSA-2007:0777-01 2007-08-07
Foresight FLEA-2007-0041-1 2007-08-03
Fedora FEDORA-2007-653 2007-08-01
Fedora FEDORA-2007-1362 2007-07-31

Comments (none posted)

gedit: format string vulnerability

Package(s):gedit CVE #(s):CAN-2005-1686
Created:June 9, 2005 Updated:February 5, 2009
Description: A format string vulnerability has been discovered in gedit. Calling the program with specially crafted file names caused a buffer overflow, which could be exploited to execute arbitrary code with the privileges of the gedit user.
Alerts:
Fedora FEDORA-2009-1189 2009-01-29
Fedora FEDORA-2009-1187 2009-01-29
Debian DSA-753-1 2005-07-12
Mandriva MDKSA-2005:102 2005-06-15
Red Hat RHSA-2005:499-01 2005-06-13
Gentoo 200506-09 2005-06-11
Ubuntu USN-138-1 2005-06-09

Comments (1 posted)

gimp: multiple vulnerabilities

Package(s):gimp CVE #(s):CVE-2007-2949
Created:June 28, 2007 Updated:February 27, 2008
Description: The gimp image editor has several vulnerabilities, including a problem where it can open PSD files with excessive dimensions and a possible stack overflow in the Sunras loader.
Alerts:
SuSE SUSE-SR:2007:015 2007-08-03
Red Hat RHSA-2007:0513-01 2007-09-26
Mandriva MDKSA-2007:170 2007-08-23
Slackware SSA:2007-222-01 2007-08-13
Foresight FLEA-2007-0038-1 2007-08-01
Gentoo 200707-09 2007-07-25
Fedora FEDORA-2007-627 2007-07-16
Debian DSA-1335-1 2007-07-18
Fedora FEDORA-2007-1099 2007-07-16
Fedora FEDORA-2007-1044 2007-07-12
rPath rPSA-2007-0138-1 2007-07-11
Ubuntu USN-480-1 2007-07-04
Fedora FEDORA-2007-618 2007-06-27
Fedora FEDORA-2007-619 2007-06-27
Fedora FEDORA-2007-0725 2007-06-27

Comments (none posted)

openssh: inappropriate use of trusted cookies

Package(s):gnome-ssh-askpass openssh CVE #(s):CVE-2007-4752
Created:September 11, 2007 Updated:August 25, 2008
Description: OpenSSH in versions prior 4.7 could use a trusted X11 cookie if the creation of an untrusted cookie failed.
Alerts:
CentOS CESA-2008:0855 2008-08-22
Red Hat RHSA-2008:0855-01 2008-08-22
Debian DSA-1576-1 2008-05-14
Ubuntu USN-566-1 2008-01-09
Mandriva MDKSA-2007:236 2007-12-04
Gentoo 200711-02 2007-11-01
Fedora FEDORA-2007-715 2007-10-15
Foresight FLEA-2007-0055-1 2007-09-17
Slackware SSA:2007-255-01 2007-09-13
rPath rPSA-2007-0181-1 2007-09-10

Comments (none posted)

grip: buffer overflow

Package(s):grip CVE #(s):CAN-2005-0706
Created:March 10, 2005 Updated:November 19, 2008
Description: Grip, a CD ripper, has a buffer overflow vulnerability that can occur when the CDDB server returns more than 16 matches.
Alerts:
Fedora FEDORA-2008-9604 2008-11-19
Fedora FEDORA-2008-9521 2008-11-19
Fedora-Legacy FLSA:152919 2005-09-15
Mandriva MDKSA-2005:074 2005-04-20
Mandriva MDKSA-2005:075 2005-04-20
Gentoo 200504-07 2005-04-08
Mandrake MDKSA-2005:066 2005-04-01
Red Hat RHSA-2005:304-01 2005-03-28
Gentoo 200503-21 2005-03-17
Fedora FEDORA-2005-203 2005-03-09
Fedora FEDORA-2005-202 2005-03-09

Comments (none posted)

gzip: multiple vulnerabilities

Package(s):gzip CVE #(s):CVE-2006-4334 CVE-2006-4335 CVE-2006-4336 CVE-2006-4337 CVE-2006-4338
Created:September 19, 2006 Updated:January 20, 2010
Description: Tavis Ormandy of the Google Security Team discovered two denial of service flaws in the way gzip expanded archive files. If a victim expanded a specially crafted archive, it could cause the gzip executable to hang or crash.

Tavis Ormandy of the Google Security Team discovered several code execution flaws in the way gzip expanded archive files. If a victim expanded a specially crafted archive, it could cause the gzip executable to crash or execute arbitrary code.

Alerts:
Debian DSA-1974-1 2010-01-20
Fedora FEDORA-2007-557 2007-05-31
Gentoo 200611-24 2006-11-28
Fedora-Legacy FLSA:211760 2006-11-13
Fedora FEDORA-2006-989 2006-10-10
SuSE SUSE-SA:2006:056 2006-09-26
Gentoo 200609-13 2006-09-23
Trustix TSLSA-2006-0052 2006-09-22
Mandriva MDKSA-2006:167 2006-09-20
Slackware SSA:2006-262-01 2006-09-20
OpenPKG OpenPKG-SA-2006.020 2006-09-20
Debian DSA-1181-1 2006-09-19
rPath rPSA-2006-0170-1 2006-09-19
Ubuntu USN-349-1 2006-09-19
Red Hat RHSA-2006:0667-01 2006-09-19

Comments (1 posted)

horde-kronolith: local file inclusion

Package(s):horde-kronolith CVE #(s):CVE-2006-6175
Created:January 17, 2007 Updated:March 7, 2008
Description: Kronolith contains a mistake in lib/FBView.php where a raw, unfiltered string is used instead of a sanitized string to view local files. An authenticated attacker could craft an HTTP GET request that uses directory traversal techniques to execute any file on the web server as PHP code, which could allow information disclosure or arbitrary code execution with the rights of the user running the PHP application (usually the webserver user).
Alerts:
Gentoo 200701-11 2007-01-16

Comments (none posted)

id3lib: insecure tmpfile creation

Package(s):id3lib CVE #(s):CVE-2007-4460
Created:August 27, 2007 Updated:October 2, 2007
Description: The RenderV2ToFile function in tag_file.cpp in id3lib (aka libid3) 3.8.3 allows local users to overwrite arbitrary files via a symlink attack on a temporary file whose name is constructed from the name of a file being tagged.
Alerts:
Debian DSA-1365-3 2007-10-02
Gentoo 200709-08 2007-09-15
Mandriva MDKSA-2007:180 2007-09-12
Debian DSA-1365-2 2007-09-09
Debian DSA-1365-1 2007-09-01
Fedora FEDORA-2007-1774 2007-08-23

Comments (none posted)

ImageMagick: integer overflows

Package(s):imagemagick CVE #(s):CVE-2007-1797
Created:April 4, 2007 Updated:August 11, 2009
Description: Multiple integer overflows in ImageMagick before 6.3.3-5 allow remote attackers to execute arbitrary code via (1) a crafted DCM image, which results in a heap-based overflow in the ReadDCMImage function, or (2) the (a) colors or (b) comments field in a crafted XWD image, which results in a heap-based overflow in the ReadXWDImage function, different issues than CVE-2007-1667.
Alerts:
Debian DSA-1858-1 2009-08-10
Red Hat RHSA-2008:0165-01 2008-04-16
Red Hat RHSA-2008:0145-01 2008-04-16
Fedora FEDORA-2007-1340 2007-07-30
Mandriva MDKSA-2007:147 2007-07-20
Ubuntu USN-481-1 2007-07-10
Gentoo 200705-13 2007-05-10
Fedora FEDORA-2007-414 2007-04-17
Fedora FEDORA-2007-413 2007-04-05
rPath rPSA-2007-0064-1 2007-04-04

Comments (none posted)

jasper: denial of service

Package(s):jasper CVE #(s):CVE-2007-2721
Created:June 1, 2007 Updated:April 19, 2010
Description: The jpc_qcx_getcompparms function in jpc/jpc_cs.c could allow remote user-assisted attackers to cause a denial of service (crash) and possibly corrupt the heap via malformed image files.
Alerts:
Debian DSA-2036-1 2010-04-17
Mandriva MDVSA-2009:142-1 2009-12-03
Mandriva MDVSA-2009:164 2009-07-28
Mandriva MDVSA-2009:142 2009-06-26
CentOS CESA-2009:0012 2009-02-11
Red Hat RHSA-2009:0012-01 2009-02-11
Mandriva MDKSA-2007:209 2007-11-05
Mandriva MDKSA-2007:208 2007-11-05
Ubuntu USN-501-2 2007-10-22
Ubuntu USN-501-1 2007-08-20
Mandriva MDKSA-2007:129 2007-06-19
Fedora FEDORA-2007-0001 2007-06-01

Comments (none posted)

java: multiple vulnerabilities

Package(s):java CVE #(s):CVE-2006-4339 CVE-2006-4790 CVE-2006-6731 CVE-2006-6736 CVE-2006-6737 CVE-2006-6745
Created:January 18, 2007 Updated:June 4, 2010
Description: java has multiple vulnerabilities, these include: an RSA exponent padding attack vulnerability, two vulnerabilities which allow untrusted applets to access data in other applets, vulnerabilities that involve applets gaining privileges due to serialization bugs in the JRE and buffer overflows in the java image handling routines that can give attackers read/write/execute capabilities for local files.
Alerts:
Pardus 2010-67 2010-06-04
Gentoo 200705-20 2007-05-26
Red Hat RHSA-2007:0073-01 2007-02-09
Red Hat RHSA-2007:0072-01 2007-02-08
Red Hat RHSA-2007:0062-02 2007-02-07
Gentoo 200701-15 2007-01-22
SuSE SUSE-SA:2007:010 2007-01-18

Comments (1 posted)

java-1.5.0-sun: multiple vulnerabilities

Package(s):java-1.5.0-sun CVE #(s):CVE-2007-3503 CVE-2007-3655 CVE-2007-3698 CVE-2007-3922
Created:August 6, 2007 Updated:June 24, 2008
Description: The Javadoc tool was able to generate HTML documentation pages that contained cross-site scripting (XSS) vulnerabilities. A remote attacker could use this to inject arbitrary web script or HTML. (CVE-2007-3503)

The Java Web Start URL parsing component contained a buffer overflow vulnerability within the parsing code for JNLP files. A remote attacker could create a malicious JNLP file that could trigger this flaw and execute arbitrary code when opened. (CVE-2007-3655)

The JSSE component did not correctly process SSL/TLS handshake requests. A remote attacker who is able to connect to a JSSE-based service could trigger this flaw leading to a denial-of-service. (CVE-2007-3698)

A flaw was found in the applet class loader. An untrusted applet could use this flaw to circumvent network access restrictions, possibly connecting to services hosted on the machine that executed the applet. (CVE-2007-3922)

Alerts:
Red Hat RHSA-2008:0133-01 2008-06-24
SuSE SUSE-SA:2008:025 2008-04-25
Gentoo 200804-20 2008-04-17
Red Hat RHSA-2008:0132-01 2008-02-14
Red Hat RHSA-2007:1086-01 2007-12-12
SuSE SUSE-SA:2007:056 2007-10-18
Red Hat RHSA-2007:0956-01 2007-10-16
Slackware SSA:2007-243-01 2007-08-31
Red Hat RHSA-2007:0829-01 2007-08-07
Red Hat RHSA-2007:0818-01 2007-08-06

Comments (none posted)

kdebase: information leak

Package(s):kdebase CVE #(s):CVE-2007-2022
Created:June 13, 2007 Updated:September 19, 2007
Description: A problem with the interaction between the Flash Player and the Konqueror web browser was found. The problem could lead to key presses leaking to the Flash Player applet instead of the browser. NOTE: CVE number may be incorrect, see CVE entry
Alerts:
rPath rPSA-2007-0190-1 2007-09-18
Mandriva MDKSA-2007:138 2007-07-03
Red Hat RHSA-2007:0494-01 2007-06-13

Comments (1 posted)

kdebase: several vulnerabilities

Package(s):kdebase CVE #(s):CVE-2007-3820 CVE-2007-4224 CVE-2007-4225
Created:August 20, 2007 Updated:October 8, 2007
Description: konqueror/konq_combo.cc in Konqueror 3.5.7 allows remote attackers to spoof the data: URI scheme in the address bar via a long URI with trailing whitespace, which prevents the beginning of the URI from being displayed. (CVE-2007-3820)

KDE Konqueror 3.5.7 allows remote attackers to spoof the URL address bar by calling setInterval with a small interval and changing the window.location property. (CVE-2007-4224)

Visual truncation vulnerability in KDE Konqueror 3.5.7 allows remote attackers to spoof the URL address bar via an http URI with a large amount of whitespace in the user/password portion. (CVE-2007-4225)

Alerts:
Red Hat RHSA-2007:0909-01 2007-10-08
Red Hat RHSA-2007:0905-01 2007-10-08
Fedora FEDORA-2007-716 2007-10-08
Mandriva MDKSA-2007:176 2007-09-06
rPath rPSA-2007-0177-1 2007-09-05
Ubuntu USN-502-1 2007-08-23
Fedora FEDORA-2007-1699 2007-08-20
Fedora FEDORA-2007-1700 2007-08-20

Comments (none posted)

kdelibs: kate backup file permission leak

Package(s):kdelibs kate kwrite CVE #(s):CAN-2005-1920
Created:July 19, 2005 Updated:September 21, 2010
Description: Kate / Kwrite, as shipped with KDE 3.2.x up to including 3.4.0, creates a file backup before saving a modified file. These backup files are created with default permissions, even if the original file had more strict permissions set. See this advisory for more information.
Alerts:
Gentoo 200611-21 2006-11-27
Debian DSA-804-2 2005-11-10
Debian DSA-804-1 2005-09-08
Red Hat RHSA-2005:612-01 2005-07-27
Ubuntu USN-150-1 2005-07-21
Mandriva MDKSA-2005:122 2005-07-20
Fedora FEDORA-2005-594 2005-07-19

Comments (1 posted)

kernel: denial of service

Package(s):kernel CVE #(s):CVE-2007-1357
Created:April 16, 2007 Updated:November 14, 2007
Description: The atalk_sum_skb function in AppleTalk for Linux kernel 2.6.x before 2.6.21, and possibly 2.4.x, allows remote attackers to cause a denial of service (crash) via an AppleTalk frame that is shorter than the specified length, which triggers a BUG_ON call when an attempt is made to perform a checksum.
Alerts:
SuSE SUSE-SA:2007:035 2007-06-14
Ubuntu USN-464-1 2007-05-23
SuSE SUSE-SA:2007:030 2007-05-10
SuSE SUSE-SA:2007:029 2007-05-03
rPath rPSA-2007-0071-1 2007-04-16
Fedora FEDORA-2007-432 2007-04-13
Fedora FEDORA-2007-433 2007-04-13

Comments (none posted)

kernel: denial of service

Package(s):kernel CVE #(s):CVE-2006-4623
Created:October 18, 2006 Updated:November 14, 2007
Description: The kernel DVB layer can be caused to crash with maliciously-formatted unidirectional lightweight encapsulation (ULE) data.
Alerts:
Ubuntu USN-489-1 2007-07-19
rPath rPSA-2006-0194-1 2006-10-17

Comments (none posted)

kernel: denial of service

Package(s):kernel CVE #(s):CVE-2007-3642
Created:July 23, 2007 Updated:November 14, 2007
Description: The decode_choice function in net/netfilter/bf_conntrack_h323_asn1.c in the Linux kernel before 2.6.22 allows remote attackers to cause a denial of service (crash) via an encoded, out-of-range index value for a choice field, which triggers a NULL pointer dereference.
Alerts:
Ubuntu USN-510-1 2007-08-31
Debian DSA-1356-1 2007-08-15
Fedora FEDORA-2007-655 2007-08-09
Fedora FEDORA-2007-1130 2007-07-20

Comments (none posted)

kernel: multiple vulnerabilities

Package(s):kernel CVE #(s):CVE-2007-0005 CVE-2007-1000
Created:March 15, 2007 Updated:November 14, 2007
Description: The Linux kernel has a boundary error problem with the Omnikey CardMan 4040 driver read and write functions. This can be used to cause a buffer overflow and possible execution or arbitrary code with kernel privileges.

The ipv6_getsockopt_sticky function in net/ipv6/ipv6_sockglue.c is vulnerable to a NULL pointer dereference. Local users can use this to crash the kernel or to disclose kernel memory.

Alerts:
Fedora FEDORA-2007-599 2007-06-21
Ubuntu USN-489-1 2007-07-19
Ubuntu USN-486-1 2007-07-17
Debian DSA-1286-1 2007-05-02
Red Hat RHSA-2007:0169-01 2007-04-30
Mandriva MDKSA-2007:078 2007-04-04
Fedora FEDORA-2007-336 2007-03-14
Fedora FEDORA-2007-335 2007-03-14

Comments (none posted)

kernel: denial of service

Package(s):kernel CVE #(s):CVE-2006-0558 CVE-2007-1217
Created:September 4, 2007 Updated:November 14, 2007
Description: A flaw in the ISDN CAPI subsystem could allow a remote user to cause a denial of service or potential remote access. Exploitation would require the attacker to be able to send arbitrary frames over the ISDN network to the victim's machine.

A flaw in the perfmon subsystem on ia64 platforms could allow a local user to cause a denial of service.

Alerts:
Red Hat RHSA-2007:0671-01 2007-08-16
Red Hat RHSA-2007:0673-01 2007-08-08
Red Hat RHSA-2007:0672-01 2007-08-08
Red Hat RHSA-2007:0705-01 2007-09-13
Red Hat RHSA-2007:0774-01 2007-09-04

Comments (none posted)

kernel: denial of service

Package(s):kernel CVE #(s):CVE-2006-0007 CVE-2007-0006
Created:February 15, 2007 Updated:November 14, 2007
Description: Linux kernel versions from 2.6.9 to 2.6.20 have a denial of service vulnerability. A remote attacker can cause the key_alloc_serial function's key serial number collision avoidance code to have a null dereference, resulting in a crash.
Alerts:
Fedora FEDORA-2007-599 2007-06-21
Red Hat RHSA-2007:0099-02 2007-03-14
rPath rPSA-2007-0050-1 2007-03-06
Red Hat RHSA-2007:0085-01 2007-02-27
Mandriva MDKSA-2007:047 2007-02-21
Fedora FEDORA-2007-226 2007-02-13
Fedora FEDORA-2007-225 2007-02-13

Comments (1 posted)

kernel: denial of service

Package(s):kernel CVE #(s):CVE-2006-4535 CVE-2006-4538
Created:September 18, 2006 Updated:January 5, 2009
Description: Sridhar Samudrala discovered a local denial of service vulnerability in the handling of SCTP sockets. By opening such a socket with a special SO_LINGER value, a local attacker could exploit this to crash the kernel. (CVE-2006-4535)

Kirill Korotaev discovered that the ELF loader on the ia64 and sparc platforms did not sufficiently verify the memory layout. By attempting to execute a specially crafted executable, a local user could exploit this to crash the kernel. (CVE-2006-4538)

Alerts:
Red Hat RHSA-2008:0787-01 2009-01-05
Red Hat RHSA-2007:1049-01 2007-12-03
Mandriva MDKSA-2006:182 2006-10-11
Red Hat RHSA-2006:0689-01 2006-10-05
Debian DSA-1184-2 2006-09-26
Debian DSA-1184-1 2006-09-25
Debian DSA-1183-1 2006-09-25
Ubuntu USN-347-1 2006-09-18

Comments (none posted)

kernel: denial of service

Package(s):kernel CVE #(s):CVE-2007-1861 CVE-2007-2242
Created:May 1, 2007 Updated:February 8, 2008
Description: The netlink protocol has an infinite recursion bug that allows users to cause a kernel crash. Also the IPv6 protocol allows remote attackers to cause a denial of service via crafted IPv6 type 0 route headers (IPV6_RTHDR_TYPE_0) that create network amplification between two routers.
Alerts:
SuSE SUSE-SA:2008:006 2008-02-07
Ubuntu USN-508-1 2007-08-31
Mandriva MDKSA-2007:171 2007-08-28
Ubuntu USN-489-1 2007-07-19
Ubuntu USN-486-1 2007-07-17
SuSE SUSE-SA:2007:051 2007-09-06
Mandriva MDKSA-2007:216 2007-11-13
Red Hat RHSA-2007:0347-01 2007-05-16
Debian DSA-1289-1 2007-05-13
Foresight FLEA-2007-0016-1 2007-05-08
rPath rPSA-2007-0084-1 2007-05-01
Fedora FEDORA-2007-483 2007-05-01
Fedora FEDORA-2007-482 2007-05-01

Comments (none posted)

kernel: denial of service by memory consumption

Package(s):kernel CVE #(s):CVE-2006-2936
Created:July 17, 2006 Updated:November 14, 2007
Description: The ftdi_sio driver (usb/serial/ftdi_sio.c) in Linux kernel 2.6.x up to 2.6.17, and possibly later versions, allows local users to cause a denial of service (memory consumption) by writing more data to the serial port than the driver can handle, which causes the data to be queued.
Alerts:
SuSE SUSE-SA:2007:035 2007-06-14
Mandriva MDKSA-2006:151 2006-08-25
Mandriva MDKSA-2006:150 2006-08-25
Ubuntu USN-331-1 2006-08-03
rPath rPSA-2006-0130-1 2006-07-17

Comments (none posted)

kernel: denial of service

Package(s):kernel CVE #(s):CVE-2007-0772
Created:February 23, 2007 Updated:November 14, 2007
Description: The Linux kernel before 2.6.20.1 allows remote attackers to cause a denial of service (oops) via a crafted NFSACL 2 ACCESS request that triggers a free of an incorrect pointer.
Alerts:
Fedora FEDORA-2007-599 2007-06-21
Ubuntu USN-451-1 2007-04-10
SuSE SUSE-SA:2007:021 2007-03-16
Mandriva MDKSA-2007:060 2006-03-09
Fedora FEDORA-2007-291 2007-03-02
Fedora FEDORA-2007-277 2007-03-02
SuSE SUSE-SA:2007:018 2007-02-27
rPath rPSA-2007-0036-1 2007-02-23

Comments (none posted)

kernel: several vulnerabilities

Package(s):kernel CVE #(s):CVE-2007-1353 CVE-2007-2451 CVE-2007-2453
Created:June 11, 2007 Updated:March 6, 2008
Description: Ilja van Sprundel discovered that Bluetooth setsockopt calls could leak kernel memory contents via an uninitialized stack buffer. A local attacker could exploit this flaw to view sensitive kernel information. (CVE-2007-1353)

The GEODE-AES driver did not correctly initialize its encryption key. Any data encrypted using this type of device would be easily compromised. (CVE-2007-2451)

The random number generator was hashing a subset of the available entropy, leading to slightly less random numbers. Additionally, systems without an entropy source would be seeded with the same inputs at boot time, leading to a repeatable series of random numbers. (CVE-2007-2453)

Alerts:
Debian DSA-1504 2008-02-22
Debian DSA-1503-2 2008-03-06
Debian DSA-1503 2008-02-22
Red Hat RHSA-2007:0488-01 2007-06-25
Debian DSA-1356-1 2007-08-15
SuSE SUSE-SA:2007:051 2007-09-06
Mandriva MDKSA-2007:216 2007-11-13
Mandriva MDKSA-2007:171 2007-08-28
Red Hat RHSA-2007:0671-01 2007-08-16
Red Hat RHSA-2007:0673-01 2007-08-08
Red Hat RHSA-2007:0672-01 2007-08-08
Ubuntu USN-489-1 2007-07-19
Ubuntu USN-486-1 2007-07-17
Fedora FEDORA-2007-600 2007-06-25
Fedora FEDORA-2007-599 2007-06-21
SuSE SUSE-SA:2007:035 2007-06-14
Red Hat RHSA-2007:0376-01 2007-06-14
Fedora FEDORA-2007-0409 2007-06-13
Ubuntu USN-470-1 2007-06-08

Comments (none posted)

kernel: signal handling flaw on PPC

Package(s):kernel CVE #(s):CVE-2007-3107
Created:July 10, 2007 Updated:February 4, 2008
Description: A flaw in the signal handling on PowerPC-based systems that allowed a local user to cause a denial of service (floating point corruption).
Alerts:
Ubuntu USN-574-1 2008-02-04
SuSE SUSE-SA:2007:053 2007-10-12
SuSE SUSE-SA:2007:051 2007-09-06
Red Hat RHSA-2007:0595-01 2007-07-10

Comments (none posted)

kernel: several vulnerabilities

Package(s):kernel CVE #(s):CVE-2006-5823 CVE-2006-6054 CVE-2007-1592
Created:June 12, 2007 Updated:March 21, 2011
Description: A flaw in the cramfs file system allows invalid compressed data to cause memory corruption (CVE-2006-5823)

A flaw in the ext2 file system allows an invalid inode size to cause a denial of service (system hang) (CVE-2006-6054)

A flaw in IPV6 flow label handling allows a local user to cause a denial of service (crash) (CVE-2007-1592)

Alerts:
Mandriva MDVSA-2011:051 2011-03-18
Debian DSA-1503-2 2008-03-06
Debian DSA-1504 2008-02-22
Debian DSA-1503 2008-02-22
Red Hat RHSA-2007:0673-01 2007-08-08
Red Hat RHSA-2007:0672-01 2007-08-08
SuSE SUSE-SA:2007:035 2007-06-14
Red Hat RHSA-2007:0347-01 2007-05-16
SuSE SUSE-SA:2007:043 2007-07-09
Debian DSA-1304-1 2007-06-16
rPath rPSA-2007-0124-1 2007-06-14
Red Hat RHSA-2007:0436-01 2007-06-11

Comments (none posted)

kernel: denial of service

Package(s):kernel CVE #(s):CVE-2006-5757
Created:November 13, 2006 Updated:November 14, 2007
Description: From the MOKB-05-11-2006 advisory: "The ISO9660 filesystem handling code of the Linux 2.6.x kernel fails to properly handle corrupted data structures, leading to an exploitable denial of service condition. This particular vulnerability seems to be caused by a race condition and a signedness issue. When performing a read operation on a corrupted ISO9660 fs stream, the isofs_get_blocks() function will enter an infinite loop when __find_get_block_slow() callback from sb_getblk() fails ("due to various races between file io on the block device and getblk")."
Alerts:
Fedora FEDORA-2007-599 2007-06-21
Fedora FEDORA-2006-1223 2006-11-12
Fedora FEDORA-2006-1221 2006-11-10

Comments (none posted)

kernel: denial of service

Package(s):kernel CVE #(s):CVE-2006-2935 CVE-2006-4145 CVE-2006-3745
Created:September 1, 2006 Updated:July 30, 2008
Description: Previous versions of the kernel package are subject to several vulnerabilities. Certain malformed UDF filesystems can cause the system to crash (denial of service). Malformed CDROM firmware or USB storage devices (such as USB keys) could cause system crash (denial of service), and if they were intentionally malformed, can cause arbitrary code to run with elevated privileges. In addition, the SCTP protocol is subject to a remote system crash (denial of service) attack.
Alerts:
Red Hat RHSA-2008:0665-01 2008-07-24
SuSE SUSE-SA:2007:053 2007-10-12
SuSE SUSE-SA:2006:064 2006-11-10
Red Hat RHSA-2006:0710-01 2006-10-19
SuSE SUSE-SA:2006:057 2006-09-28
Trustix TSLSA-2006-0051 2006-09-15
Ubuntu USN-346-2 2006-09-14
Ubuntu USN-346-1 2006-09-14
rPath rPSA-2006-0162-1 2006-08-31

Comments (none posted)

kernel: multiple vulnerabilities

Package(s):kernel CVE #(s):CVE-2006-5749 CVE-2006-4814 CVE-2006-6106
Created:January 5, 2007 Updated:January 8, 2009
Description: A security issue has been reported in Linux kernel due to an error in drivers/isdn/i4l/isdn_ppp.c as the "isdn_ppp_ccp_reset_alloc_state()" function never initializes an event timer before scheduling it with the "add_timer()" function.

The mincore function in the kernel does not properly lock access to user space, which has unspecified impact and attack vectors, possibly related to a deadlock.

Another vulnerability has been reported in Linux kernel caused by a boundary error within the handling of incoming CAPI messages in net/bluetooth/cmtp/capi.c. This can be exploited to overwrite certain Kernel data structures.

Alerts:
Red Hat RHSA-2008:0787-01 2009-01-05
Red Hat RHSA-2009:0001-01 2009-01-08
CentOS CESA-2008:0211 2008-05-07
Red Hat RHSA-2008:0211-01 2008-05-07
Debian DSA-1503 2008-02-22
Debian DSA-1503-2 2008-03-06
SuSE SUSE-SA:2007:035 2007-06-14
SuSE SUSE-SA:2007:053 2007-10-12
Ubuntu USN-416-2 2007-03-01
Ubuntu USN-416-1 2007-02-01
rPath rPSA-2007-0031-1 2007-02-09
Mandriva MDKSA-2007:040 2007-02-07
Red Hat RHSA-2007:0014-01 2007-01-30
Mandriva MDKSA-2007:025 2007-01-23
Fedora FEDORA-2007-058 2007-01-18
Mandriva MDKSA-2007:012 2006-01-12
Trustix TSLSA-2007-0002 2007-01-05

Comments (none posted)

kernel: several vulnerabilities

Package(s):kernel CVE #(s):CVE-2007-3851 CVE-2007-3848 CVE-2007-3105
Created:August 17, 2007 Updated:January 8, 2009
Description: The drm/i915 component in the Linux kernel before 2.6.22.2, when used with i965G and later chipsets, allows local users with access to an X11 session and Direct Rendering Manager (DRM) to write to arbitrary memory locations and gain privileges via a crafted batchbuffer. (CVE-2007-3851)

Linux kernel 2.4.35 and other versions allows local users to send arbitrary signals to a child process that is running at higher privileges by causing a setuid-root parent process to die, which delivers an attacker-controlled parent process death signal (PR_SET_PDEATHSIG). (CVE-2007-3848)

Stack-based buffer overflow in the random number generator (RNG) implementation in the Linux kernel before 2.6.22 might allow local root users to cause a denial of service or gain privileges by setting the default wakeup threshold to a value greater than the output pool size, which triggers writing random numbers to the stack by the pool transfer function involving "bound check ordering". NOTE: this issue might only cross privilege boundaries in environments that have granular assignment of privileges for root. (CVE-2007-3105)

Alerts:
Red Hat RHSA-2008:0787-01 2009-01-05
Red Hat RHSA-2009:0001-01 2009-01-08
Mandriva MDVSA-2008:105 2007-05-21
SuSE SUSE-SA:2008:017 2008-03-28
Debian DSA-1504 2008-02-22
Debian DSA-1503-2 2008-03-06
Debian DSA-1503 2008-02-22
SuSE SUSE-SA:2008:006 2008-02-07
Red Hat RHSA-2007:1049-01 2007-12-03
SuSE SUSE-SA:2007:053 2007-10-12
Debian DSA-1356-1 2007-08-15
Mandriva MDKSA-2007:216 2007-11-13
Red Hat RHSA-2007:0939-01 2007-11-01
Red Hat RHSA-2007:0940-01 2007-10-22
Red Hat RHSA-2007:0705-01 2007-09-13
SuSE SUSE-SA:2007:051 2007-09-06
Fedora FEDORA-2007-679 2007-09-04
Ubuntu USN-510-1 2007-08-31
Debian DSA-1363-1 2007-08-31
Ubuntu USN-508-1 2007-08-31
Ubuntu USN-509-1 2007-08-31
Fedora FEDORA-2007-1785 2007-08-23
rPath rPSA-2007-0164-1 2007-08-16

Comments (1 posted)

krb5: multiple vulnerabilities

Package(s):krb5 CVE #(s):CVE-2007-2442 CVE-2007-2443 CVE-2007-2798
Created:June 27, 2007 Updated:March 24, 2008
Description: David Coffey discovered an uninitialized pointer free flaw in the RPC library used by kadmind. A remote unauthenticated attacker who could access kadmind could trigger the flaw causing kadmind to crash or possibly execute arbitrary code (CVE-2007-2442).

David Coffey also discovered an overflow flaw in the same RPC library. A remote unauthenticated attacker who could access kadmind could trigger the flaw causing kadmind to crash or possibly execute arbitrary code (CVE-2007-2443).

Finally, a stack buffer overflow vulnerability was found in kadmind that allowed an unauthenticated user able to access kadmind the ability to trigger the vulnerability and possibly execute arbitrary code (CVE-2007-2798).

Alerts:
Gentoo 200707-11 2007-07-25
SuSE SUSE-SA:2007:038 2007-07-03
Trustix TSLSA-2007-0021 2007-06-29
Fedora FEDORA-2007-0740 2007-06-27
Debian DSA-1323-1 2007-06-28
rPath rPSA-2007-0135-1 2007-06-27
Foresight FLEA-2007-0029-1 2007-06-27
Fedora FEDORA-2007-621 2007-06-28
Fedora FEDORA-2007-620 2007-06-28
Ubuntu USN-477-1 2007-06-26
Red Hat RHSA-2007:0562-01 2007-06-26
Red Hat RHSA-2007:0384-01 2007-06-26
Mandriva MDKSA-2007:137 2007-06-26

Comments (none posted)

krb5: uninitialized pointers

Package(s):krb5 CVE #(s):CVE-2006-6143 CVE-2006-3084
Created:January 10, 2007 Updated:July 7, 2010
Description: The kdamind daemon can, in some situations, perform operations on uninitialized pointers. This bug could conceivably open up the system to a code execution attack by an unauthenticated remote attacker, but it appears to be difficult to exploit. See this advisory for details.
Alerts:
Mandriva MDVSA-2010:129 2010-07-07
Gentoo 200701-21 2007-01-24
Ubuntu USN-408-1 2007-01-15
rPath rPSA-2007-0006-1 2007-01-11
Mandriva MDKSA-2007:008 2006-01-10
SuSE SUSE-SA:2007:004 2007-01-10
OpenPKG OpenPKG-SA-2007.006 2007-01-10
Fedora FEDORA-2007-033 2007-01-09
Fedora FEDORA-2007-034 2007-01-09

Comments (1 posted)

krb5: local privilege escalation

Package(s):krb5 CVE #(s):CVE-2006-3083
Created:August 9, 2006 Updated:July 7, 2010
Description: Some kerberos applications fail to check the results of setuid() calls, with the result that, if that call fails, they could continue to execute as root after thinking they had switched to a nonprivileged user. A local attacker who can cause these calls to fail (through resource exhaustion, presumably) could exploit this bug to gain root privileges.
Alerts:
Mandriva MDVSA-2010:129 2010-07-07
SuSE SUSE-SR:2006:022 2006-09-08
Gentoo 200608-21 2006-08-23
Ubuntu USN-334-1 2006-08-16
Fedora FEDORA-2006-905 2006-08-09
Mandriva MDKSA-2006:139 2006-09-09
Gentoo 200608-15 2006-08-10
rPath rPSA-2006-0150-1 2006-08-09
Red Hat RHSA-2006:0612-01 2006-08-08
Debian DSA-1146-1 2006-08-09

Comments (none posted)

krb5: buffer overflow, uninitialized pointer

Package(s):krb5 CVE #(s):CVE-2007-3999 CVE-2007-4000
Created:September 4, 2007 Updated:March 24, 2008
Description: Tenable Network Security discovered a stack buffer overflow flaw in the RPC library used by kadmind. A remote unauthenticated attacker who can access kadmind could trigger this flaw and cause kadmind to crash.

Garrett Wollman discovered an uninitialized pointer flaw in kadmind. A remote unauthenticated attacker who can access kadmind could trigger this flaw and cause kadmind to crash.

Alerts:
Fedora FEDORA-2008-1017 2008-03-06
SuSE SUSE-SR:2007:024 2007-11-22
Debian DSA-1387 2007-10-15
Gentoo 200710-01 2007-10-04
Red Hat RHSA-2007:0951-01 2007-10-02
Red Hat RHSA-2007:0913-01 2007-09-19
Trustix TSLSA-2007-0026 2007-09-17
Mandriva MDKSA-2007:181 2007-09-12
Gentoo 200709-01 2007-09-11
Ubuntu USN-511-2 2007-09-07
Mandriva MDKSA-2007:174-1 2007-09-07
Fedora FEDORA-2007-694 2007-09-07
Fedora FEDORA-2007-2066 2007-09-07
Debian DSA-1367-2 2007-09-06
Foresight FLEA-2007-0050-1 2007-09-06
Mandriva MDKSA-2007:174 2007-09-06
Red Hat RHSA-2007:0892-01 2007-09-07
rPath rPSA-2007-0179-1 2007-09-06
Ubuntu USN-511-1 2007-09-04
Fedora FEDORA-2007-2017 2007-09-04
Fedora FEDORA-2007-690 2007-09-04
Debian DSA-1368-1 2007-09-04
Debian DSA-1367-1 2007-09-04
Red Hat RHSA-2007:0858-01 2007-09-04

Comments (none posted)

krb5: multiple vulnerabilities

Package(s):krb5 CVE #(s):CVE-2007-0956 CVE-2007-0957 CVE-2007-1216
Created:April 3, 2007 Updated:March 24, 2008
Description: A flaw was found in the username handling of the MIT krb5 telnet daemon (telnetd). A remote attacker who can access the telnet port of a target machine could log in as root without requiring a password. MIT krb5 Security Advisory 2007-001

Buffer overflows were found which affect the Kerberos KDC and the kadmin server daemon. A remote attacker who can access the KDC could exploit this bug to run arbitrary code with the privileges of the KDC or kadmin server processes. MIT krb5 Security Advisory 2007-002

A double-free flaw was found in the GSSAPI library used by the kadmin server daemon. MIT krb5 Security Advisory 2007-003

Alerts:
Mandriva MDKSA-2007:077-1 2007-04-10
Foresight FLEA-2007-0008-1 2007-04-05
SuSE SUSE-SA:2007:025 2007-04-05
Mandriva MDKSA-2007:077 2006-04-04
rPath rPSA-2007-0063-1 2007-04-04
Ubuntu USN-449-1 2007-04-04
Gentoo 200704-02 2007-04-03
Fedora FEDORA-2007-409 2007-04-03
Fedora FEDORA-2007-408 2007-04-03
Debian DSA-1276-1 2007-04-03
Red Hat RHSA-2007:0095-01 2007-04-03

Comments (none posted)

ktorrent: incorrect validation

Package(s):ktorrent CVE #(s):CVE-2007-1384 CVE-2007-1385 CVE-2007-1799
Created:March 13, 2007 Updated:October 24, 2007
Description: Bryan Burns of Juniper Networks discovered that KTorrent did not correctly validate the destination file paths nor the HAVE statements sent by torrent peers. A malicious remote peer could send specially crafted messages to overwrite files or execute arbitrary code with user privileges.
Alerts:
Debian DSA-1373-2 2007-10-23
Debian DSA-1373-1 2007-09-11
Ubuntu USN-436-2 2007-05-18
Mandriva MDKSA-2007:095 2007-05-01
Gentoo 200705-01 2007-05-01
Slackware SSA:2007-093-02 2007-04-04
Ubuntu USN-436-1 2007-03-12

Comments (1 posted)

kvirc: remote arbitrary code execution

Package(s):kvirc CVE #(s):CVE-2007-2951
Created:September 14, 2007 Updated:February 27, 2008
Description: Stefan Cornelius from Secunia Research discovered that the "parseIrcUrl()" function in file src/kvirc/kernel/kvi_ircurl.cpp does not properly sanitize parts of the URI when building the command for KVIrc's internal script system.
Alerts:
SuSE SUSE-SR:2007:015 2007-08-03
Gentoo 200709-02 2007-09-13

Comments (none posted)

lftp: shell command execution

Package(s):lftp CVE #(s):CVE-2007-2348
Created:May 4, 2007 Updated:September 16, 2009
Description: mirror --script in lftp before 3.5.9 does not properly quote shell metacharacters, which might allow remote user-assisted attackers to execute shell commands via a malicious script. NOTE: it is not clear whether this issue crosses security boundaries, since the script already supports commands such as "get" which could overwrite executable files.
Alerts:
CentOS CESA-2009:1278 2009-09-15
Red Hat RHSA-2009:1278-02 2009-09-02
rPath rPSA-2007-0085-1 2007-05-03

Comments (none posted)

libarchive: pax extension header vulnerabilities

Package(s):libarchive CVE #(s):CVE-2007-3641 CVE-2007-3644 CVE-2007-3645
Created:August 9, 2007 Updated:February 27, 2008
Description: libarchive, a library for manipulating different streaming archive formats, has a number of pax extension header vulnerabilities. These may be used to cause a denial of service or for the execution of arbitrary code.
Alerts:
SuSE SUSE-SR:2007:015 2007-08-03
Debian DSA-1455-1 2008-01-08
Gentoo 200708-03 2007-08-08

Comments (none posted)

libexif: integer overflow

Package(s):libexif CVE #(s):CVE-2007-2645
Created:June 1, 2007 Updated:February 11, 2008
Description: Integer overflow in the exif_data_load_data_entry function in exif-data.c in libexif before 0.6.14 allows user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted EXIF data, involving the (1) doff or (2) s variable.
Alerts:
Debian DSA-1487-1 2008-02-08
Slackware SSA:2007-164-01 2007-06-14
Fedora FEDORA-2007-0414 2007-06-13
Fedora FEDORA-2007-548 2007-06-11
Ubuntu USN-471-1 2007-06-11
Mandriva MDKSA-2007:118 2007-06-08
Gentoo 200706-01 2007-06-05
rPath rPSA-2007-0115-1 2007-06-04
Foresight FLEA-2007-0024-1 2007-06-04
Fedora FEDORA-2007-0001 2007-06-01

Comments (none posted)

libmodplug: boundary errors

Package(s):libmodplug CVE #(s):CVE-2006-4192
Created:December 11, 2006 Updated:May 4, 2011
Description: Luigi Auriemma has reported various boundary errors in load_it.cpp and a boundary error in the "CSoundFile::ReadSample()" function in sndfile.cpp. A remote attacker can entice a user to read crafted modules or ITP files, which may trigger a buffer overflow resulting in the execution of arbitrary code with the privileges of the user running the application.
Alerts:
CentOS CESA-2011:0477 2011-05-04
Red Hat RHSA-2011:0477-01 2011-05-02
Ubuntu USN-521-1 2007-09-27
Mandriva MDKSA-2007:001 2007-01-02
Gentoo 200612-04 2006-12-10

Comments (none posted)

libphp-phpmailer: command execution

Package(s):libphp-phpmailer CVE #(s):CVE-2007-3215
Created:June 20, 2007 Updated:June 25, 2009
Description: libphp-phpmailer does not do sufficient input validation, enabling shell command injection attacks.
Alerts:
Ubuntu USN-791-1 2009-06-24
Debian DSA-1315-1 2007-06-19

Comments (none posted)

libpng: denial of service

Package(s):libpng CVE #(s):CVE-2007-2445
Created:May 17, 2007 Updated:March 23, 2009
Description: Libpng can be crashed when processing malformed PNG files. It may also be possible to exploit this vulnerability to execute arbitrary code.
Alerts:
Debian DSA-1750-1 2009-03-22
Debian DSA-1613-1 2008-07-22
Fedora FEDORA-2008-3979 2008-05-28
Ubuntu USN-472-1 2007-06-11
Mandriva MDKSA-2007:116 2007-06-05
Gentoo 200705-24 2007-05-31
Fedora FEDORA-2007-0001 2007-06-01
Fedora FEDORA-2007-529 2007-05-24
Fedora FEDORA-2007-528 2007-05-24
Red Hat RHSA-2007:0356-01 2007-05-17
OpenPKG OpenPKG-SA-2007.013 2007-05-18
Foresight FLEA-2007-0018-1 2007-05-17
Slackware SSA:2007-136-01 2007-05-17
rPath rPSA-2007-0102-1 2007-05-16
Oracle ELSA-2012-0317 2012-02-21

Comments (none posted)

libpng: buffer overflow

Package(s):libpng CVE #(s):CVE-2006-3334
Created:July 19, 2006 Updated:December 15, 2008
Description: In pngrutil.c, the function png_decompress_chunk() allocates insufficient space for an error message, potentially overwriting stack data, leading to a buffer overflow.
Alerts:
Gentoo 200812-15 2008-12-14
Mandriva MDKSA-2006:213 2006-11-16
rPath rPSA-2006-0133-1 2006-07-19
Gentoo 200607-06 2006-07-19

Comments (none posted)

libpng: heap based buffer overflow

Package(s):libpng CVE #(s):CVE-2006-0481
Created:February 13, 2006 Updated:December 15, 2008
Description: A heap based buffer overflow bug was found in the way libpng strips alpha channels from a PNG image. An attacker could create a carefully crafted PNG image file in such a way that it could cause an application linked with libpng to crash or execute arbitrary code when the file is opened by a victim.
Alerts:
Gentoo 200812-15 2008-12-14
Red Hat RHSA-2006:0205-01 2006-02-13

Comments (1 posted)

libtiff: buffer overflow

Package(s):libtiff CVE #(s):CVE-2006-2193
Created:June 15, 2006 Updated:September 1, 2008
Description: The t2p_write_pdf_string function in libtiff 3.8.2 and earlier is vulnerable to a buffer overflow. Attackers can use a TIFF file with UTF-8 characters in the DocumentName tag to overflow a buffer, causing a denial of service, and possibly the execution of arbitrary code.
Alerts:
CentOS CESA-2008:0848 2008-08-30
Red Hat RHSA-2008:0848-01 2008-08-28
Fedora FEDORA-2006-952 2006-09-05
SuSE SUSE-SA:2006:044 2006-08-01
Gentoo 200607-03 2006-07-09
SuSE SUSE-SR:2006:014 2006-06-20
Trustix TSLSA-2006-0036 2006-06-16
Mandriva MDKSA-2006:102 2006-06-14

Comments (none posted)

libvorbis: multiple memory corruption flaws

Package(s):libvorbis CVE #(s):CVE-2007-3106 CVE-2007-4029
Created:July 27, 2007 Updated:January 22, 2008
Description: This iSEC Partners security advisory has details on multiple memory corruption flaws in libvorbis.
Alerts:
Debian DSA-1471-1 2008-01-21
Gentoo 200710-03 2007-10-07
Red Hat RHSA-2007:0845-02 2007-09-19
Fedora FEDORA-2007-677 2007-08-30
Fedora FEDORA-2007-1765 2007-08-23
Mandriva MDKSA-2007:167-1 2007-08-20
Mandriva MDKSA-2007:167 2007-08-18
Ubuntu USN-498-1 2007-08-16
Foresight FLEA-2007-0035-1 2007-07-27
rPath rPSA-2007-0150-1 2007-07-27

Comments (none posted)

libxml2 - arbitrary code execution

Package(s):libxml2 CVE #(s):CAN-2004-0110
Created:February 26, 2004 Updated:August 19, 2009
Description: Yuuichi Teranishi discovered a flaw in libxml2 versions prior to 2.6.6. When fetching a remote resource via FTP or HTTP, libxml2 uses special parsing routines. These routines can overflow a buffer if passed a very long URL. If an attacker is able to find an application using libxml2 that parses remote resources and allows them to influence the URL, then this flaw could be used to execute arbitrary code.
Alerts:
Fedora FEDORA-2009-8594 2009-08-15
Fedora FEDORA-2009-8582 2009-08-15
Fedora-Legacy FLSA:1324 2004-07-19
Conectiva CLA-2004:836 2004-03-31
Gentoo 200403-01 2004-03-06
Trustix TSLSA-2004-0010 2004-03-05
OpenPKG OpenPKG-SA-2004.003 2004-03-05
Netwosix NW-2004-0004 2004-03-04
Debian DSA-455-1 2004-03-03
Mandrake MDKSA-2004:018 2004-03-03
Red Hat RHSA-2004:091-02 2004-03-03
Whitebox WBSA-2004:090-01 2004-03-01
Red Hat RHSA-2004:090-01 2004-02-26
Fedora FEDORA-2004-087 2004-02-25
Red Hat RHSA-2004:091-01 2004-02-26

Comments (none posted)

libxml2: multiple buffer overflows

Package(s):libxml2 CVE #(s):CAN-2004-0989
Created:October 28, 2004 Updated:August 19, 2009
Description: libxml2 prior to version 2.6.14 has multiple buffer overflow vulnerabilities, if a local user passes a specially crafted FTP URL, arbitrary code may be executed.
Alerts:
Fedora FEDORA-2009-8594 2009-08-15
Fedora FEDORA-2009-8582 2009-08-15
Ubuntu USN-89-1 2005-02-28
Red Hat RHSA-2004:650-01 2004-12-16
Conectiva CLA-2004:890 2004-11-18
Red Hat RHSA-2004:615-01 2004-11-12
Mandrake MDKSA-2004:127 2004-11-04
Debian DSA-582-1 2004-11-02
Gentoo 200411-05 2004-11-02
Trustix TSLSA-2004-0055 2004-10-29
OpenPKG OpenPKG-SA-2004.050 2004-10-31
Ubuntu USN-10-1 2004-10-28
Fedora FEDORA-2004-353 2004-10-28

Comments (none posted)

lighttpd: buffer overflow

Package(s):lighttpd CVE #(s):CVE-2007-4727
Created:September 12, 2007 Updated:October 8, 2007
Description: From the Fedora advisory: Lighttpd (1.4.17 and earlier) is prone to a header overflow when using the mod_fastcgi extension, this can lead to arbitrary code execution in the fastcgi application.
Alerts:
Debian DSA 1362-2 2007-10-07
Gentoo 200709-16 2007-09-27
Foresight FLEA-2007-0054-1 2007-09-17
rPath rPSA-2007-0183-1 2007-09-14
Fedora FEDORA-2007-2132 2007-09-12

Comments (none posted)

lighttpd: denial of service

Package(s):lighttpd CVE #(s):CVE-2007-3946 CVE-2007-3947 CVE-2007-3948 CVE-2007-3949 CVE-2007-3950
Created:July 19, 2007 Updated:July 15, 2008
Description: The lighttpd web server has multiple vulnerabilities involving a remote access-control setting circumvention that is performed by the sending of malformed requests. This can be used to crash the server and cause a denial of service.
Alerts:
Debian DSA-1609-1 2008-07-15
SuSE SUSE-SR:2007:015 2007-08-03
Debian DSA-1362 2007-08-29
Gentoo 200708-11 2007-08-16
Fedora FEDORA-2007-1299 2007-07-26
Foresight FLEA-2007-0034-1 2007-07-26
rPath rPSA-2007-0145-1 2007-07-19

Comments (none posted)

lookup-el: insecure temporary file

Package(s):lookup-el CVE #(s):CVE-2007-0237
Created:March 19, 2007 Updated:December 10, 2007
Description: Tatsuya Kinoshita discovered that Lookup, a search interface to electronic dictionaries on emacsen, creates a temporary file in an insecure fashion when the ndeb-binary feature is used, which allows a local attacker to craft a symlink attack to overwrite arbitrary files.
Alerts:
Gentoo 200712-07 2007-12-09
Debian DSA-1269-1 2007-03-18

Comments (none posted)

lynx: arbitrary command execution

Package(s):lynx CVE #(s):CVE-2005-2929
Created:November 14, 2005 Updated:September 14, 2009
Description: An arbitrary command execute bug was found in the lynx "lynxcgi:" URI handler. An attacker could create a web page redirecting to a malicious URL which could execute arbitrary code as the user running lynx.
Alerts:
Gentoo 200909-15 2009-09-12
Fedora-Legacy FLSA:152832 2005-12-17
OpenPKG OpenPKG-SA-2005.026 2005-12-03
Fedora FEDORA-2005-1079 2005-11-14
Fedora FEDORA-2005-1078 2005-11-14
Gentoo 200511-09 2005-11-13
Mandriva MDKSA-2005:211 2005-11-12
Red Hat RHSA-2005:839-01 2005-11-11

Comments (none posted)

mapserver: multiple cross-site scripting vulnerabilities

Package(s):mapserver CVE #(s):CVE-2007-4542 CVE-2007-4629
Created:September 5, 2007 Updated:April 7, 2008
Description:

CVE-2007-4542: Multiple cross-site scripting (XSS) vulnerabilities in MapServer before 4.10.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving the (1) processLine function in maptemplate.c and the (2) writeError function in mapserv.c in the mapserv CGI program.

CVE-2007-4629: Buffer overflow in the processLine function in maptemplate.c in MapServer before 4.10.3 allows attackers to cause a denial of service and possibly execute arbitrary code via a mapfile with a long layer name, group name, or metadata entry name.

Alerts:
Debian DSA-1539-1 2008-04-04
Fedora FEDORA-2007-2018 2007-09-04

Comments (none posted)

mediawiki: cross-site scripting

Package(s):mediawiki CVE #(s):CVE-2007-4828
Created:September 19, 2007 Updated:September 19, 2007
Description: The API pretty-printing mode in mediawiki suffers from a cross-site scripting vulnerability. Only sites which have enabled the API interface are vulnerable. See this advisory for more information.
Alerts:
Fedora FEDORA-2007-2189 2007-09-18

Comments (1 posted)

mod_jk: proxy bypass

Package(s):mod_jk CVE #(s):CVE-2007-1860
Created:May 30, 2007 Updated:March 7, 2008
Description: From the Red Hat advisory: "Versions of mod_jk before 1.2.23 decoded request URLs by default inside Apache httpd and forwarded the encoded URL to Tomcat, which itself did a second decoding. If Tomcat was used behind mod_jk and configured to only proxy some contexts, an attacker could construct a carefully crafted HTTP request to work around the context restriction and potentially access non-proxied content."
Alerts:
SuSE SUSE-SR:2008:005 2008-03-06
Gentoo 200708-15 2007-08-19
Debian DSA-1312-1 2007-06-18
Red Hat RHSA-2007:0380-01 2007-05-30
Red Hat RHSA-2007:0379-01 2007-05-30

Comments (none posted)

moin: arbitrary JavaScript execution

Package(s):moin CVE #(s):CVE-2007-2423
Created:May 8, 2007 Updated:March 10, 2008
Description: A flaw was discovered in MoinMoin's error reporting when using the AttachFile action. By tricking a user into viewing a crafted MoinMoin URL, an attacker could execute arbitrary JavaScript as the current MoinMoin user, possibly exposing the user's authentication information for the domain where MoinMoin was hosted.
Alerts:
Debian DSA-1514-1 2008-03-09
Ubuntu USN-458-1 2007-05-07

Comments (none posted)

moodle: cross-site scripting

Package(s):moodle CVE #(s):CVE-2007-3555
Created:August 7, 2007 Updated:December 22, 2008
Description: A cross-site scripting (XSS) vulnerability in index.php in Moodle 1.7.1 allows remote attackers to inject arbitrary web script or HTML via a style expression in the search parameter.
Alerts:
Debian DSA-1691-1 2008-12-22
Fedora FEDORA-2008-0610 2008-01-15
Fedora FEDORA-2007-1445 2007-08-06

Comments (none posted)

mplayer: buffer overflow

Package(s):mplayer CVE #(s):CVE-2007-1246
Created:March 8, 2007 Updated:April 1, 2008
Description: MPlayer versions up to 1.0rc1 have a buffer overflow in the loader/dmo/DMO_VideoDecoder.c DMO_VideoDecoder_Open function. user-assisted remote attackers can use this to create a buffer overflow and possibly execute arbitrary code.
Alerts:
Debian DSA-1536-1 2008-03-31
Gentoo 200705-21 2007-05-30
Foresight FLEA-2007-0013-1 2007-04-23
Slackware SSA:2007-109-02 2007-04-20
Gentoo 200704-09 2007-04-14
Ubuntu USN-433-1 2007-03-09
Mandriva MDKSA-2007:057 2007-03-08
Mandriva MDKSA-2007:055 2007-03-08

Comments (none posted)

mydns: buffer overflows

Package(s):mydns CVE #(s):CVE-2007-2362
Created:May 23, 2007 Updated:December 17, 2007
Description: Multiple buffer overflows in MyDNS allow remote attackers to cause a denial of service (daemon crash) and possibly execution of arbitrary code.
Alerts:
Debian DSA-1434-1 2007-12-16
Debian-Testing DTSA-36-1 2007-05-22

Comments (none posted)

mysql: denial of service

Package(s):mysql CVE #(s):CVE-2007-1420
Created:March 22, 2007 Updated:May 21, 2008
Description: MySQL subselect queries using "ORDER BY" can be used by an attacker with access to a MySQL instance in order to create an intermittent denial of service.
Alerts:
Red Hat RHSA-2008:0364-01 2008-05-21
Mandriva MDKSA-2007:139 2007-07-04
rPath rPSA-2007-0107-1 2007-05-23
Gentoo 200705-11 2007-05-08
Ubuntu USN-440-1 2007-03-21

Comments (none posted)

mysql: format string bug

Package(s):mysql CVE #(s):CVE-2006-3469
Created:July 21, 2006 Updated:July 30, 2008
Description: Jean-David Maillefer discovered a format string bug in the date_format() function's error reporting. By calling the function with invalid arguments, an authenticated user could exploit this to crash the server.
Alerts:
Red Hat RHSA-2008:0768-01 2008-07-24
Slackware SSA:2006-211-01 2006-07-31
Ubuntu USN-321-1 2006-07-21

Comments (none posted)

MySQL: privilege violations

Package(s):mysql CVE #(s):CVE-2006-4031 CVE-2006-4226
Created:August 25, 2006 Updated:July 30, 2008
Description: MySQL 4.1 before 4.1.21 and 5.0 before 5.0.24 allows a local user to access a table through a previously created MERGE table, even after the user's privileges are revoked for the original table, which might violate intended security policy (CVE-2006-4031).

MySQL 4.1 before 4.1.21, 5.0 before 5.0.25, and 5.1 before 5.1.12, when run on case-sensitive filesystems, allows remote authenticated users to create or access a database when the database name differs only in case from a database for which they have permissions (CVE-2006-4226).

Alerts:
Red Hat RHSA-2008:0768-01 2008-07-24
Red Hat RHSA-2008:0364-01 2008-05-21
Red Hat RHSA-2007:0152-01 2007-04-03
Red Hat RHSA-2007:0083-01 2007-02-19
Fedora FEDORA-2006-1298 2006-11-27
Fedora FEDORA-2006-1297 2006-11-27
Ubuntu USN-338-1 2006-09-05
Mandriva MDKSA-2006:149 2006-08-24

Comments (none posted)

mysql: multiple vulnerabilities

Package(s):mysql CVE #(s):CVE-2007-3780
Created:July 17, 2007 Updated:November 27, 2007
Description: MySQL Community Server before v5.0.45 has multiple vulnerabilities. See the MySQL Community Server 5.0.45 release announcement for details.
Alerts:
Debian DSA-1413-1 2007-11-26
Ubuntu USN-528-1 2007-10-11
Red Hat RHSA-2007:0894-01 2007-09-10
Mandriva MDKSA-2007:177 2007-09-06
Red Hat RHSA-2007:0875-01 2007-08-30
Gentoo 200708-10 2007-08-16
rPath rPSA-2007-0143-1 2007-07-17

Comments (none posted)

MySQL: logging bypass

Package(s):mysql CVE #(s):CVE-2006-0903
Created:April 4, 2006 Updated:May 21, 2008
Description: MySQL 5.0.18 and earlier allows local users to bypass logging mechanisms via SQL queries that contain the NULL character, which are not properly handled by the mysql_real_query function. NOTE: this issue was originally reported for the mysql_query function, but the vendor states that since mysql_query expects a null character, this is not an issue for mysql_query.
Alerts:
Red Hat RHSA-2008:0364-01 2008-05-21
Ubuntu USN-274-2 2006-05-15
Ubuntu USN-274-1 2006-04-27
Mandriva MDKSA-2006:064 2006-04-03

Comments (2 posted)

nbd: arbitrary code execution

Package(s):nbd CVE #(s):CVE-2005-3534
Created:January 6, 2006 Updated:March 7, 2011
Description: Kurt Fitzner discovered that the NBD (network block device) server did not correctly verify the maximum size of request packets. By sending specially crafted large request packets, a remote attacker who is allowed to access the server could exploit this to execute arbitrary code with root privileges.
Alerts:
SuSE SUSE-SR:2006:001 2006-01-13
Ubuntu USN-237-1 2006-01-06

Comments (none posted)

ncompress: buffer underflow

Package(s):ncompress CVE #(s):CVE-2006-1168
Created:August 10, 2006 Updated:February 21, 2012
Description: The ncompress compression utility has a missing boundary check. A local user can use a maliciously created file to cause a a .bss buffer underflow.
Alerts:
Gentoo 200610-03 2006-10-06
Red Hat RHSA-2006:0663-01 2006-09-12
Mandriva MDKSA-2006:140 2006-08-09
Debian DSA-1149-1 2006-08-10
Red Hat RHSA-2012:0308-03 2012-02-21
Scientific Linux SL-busy-20120321 2012-03-21
Red Hat RHSA-2012:0810-04 2012-06-20
Scientific Linux SL-busy-20120709 2012-07-09
Mageia MGASA-2012-0171 2012-07-19
Mandriva MDVSA-2012:129 2012-08-10
Mandriva MDVSA-2012:129-1 2012-08-10

Comments (none posted)

nginx: cross site scripting

Package(s):nginx CVE #(s):
Created:July 20, 2007 Updated:September 14, 2009
Description: Nginx [engine x] is an HTTP(S) server, HTTP(S) reverse proxy and IMAP/POP3 proxy server written by Igor Sysoev. The "msie_refresh" directive could allow cross site scripting.
Alerts:
Fedora FEDORA-2007-1158 2007-07-19

Comments (none posted)

OpenOffice.org: arbitrary code execution

Package(s):openoffice.org CVE #(s):CVE-2007-0245
Created:June 13, 2007 Updated:June 12, 2008
Description: A specially crafted RTF file could cause the filter to overwrite data on the heap, which may lead to the execution of arbitrary code.
Alerts:
Fedora FEDORA-2008-5239 2008-06-11
Fedora FEDORA-2008-4104 2008-05-17
rPath rPSA-2007-0160-1 2007-08-14
Ubuntu USN-482-1 2007-07-10
Mandriva MDKSA-2007:144 2007-07-10
Gentoo 200707-02 2007-07-02
SuSE SUSE-SA:2007:037 2007-06-28
Fedora FEDORA-2007-606 2007-06-25
Fedora FEDORA-2007-0410 2007-06-13
Fedora FEDORA-2007-572 2007-06-12
Red Hat RHSA-2007:0406-01 2007-06-13
Debian DSA-1307-1 2007-06-12

Comments (none posted)

openoffice.org: arbitrary code execution via TIFF images

Package(s):openoffice.org CVE #(s):CVE-2007-2834
Created:September 17, 2007 Updated:June 12, 2008
Description: A heap overflow vulnerability has been discovered in the TIFF parsing code of the OpenOffice.org suite. The parser uses untrusted values from the TIFF file to calculate the number of bytes of memory to allocate. A specially crafted TIFF image could trigger an integer overflow and subsequently a buffer overflow that could cause the execution of arbitrary code.
Alerts:
Fedora FEDORA-2008-5239 2008-06-11
Fedora FEDORA-2008-4104 2008-05-17
Gentoo 200710-24 2007-10-23
Ubuntu USN-524-1 2007-10-04
Fedora FEDORA-2007-2372 2007-10-03
SuSE SUSE-SA:2007:052 2007-09-21
Mandriva MDKSA-2007:186 2007-09-17
rPath rPSA-2007-0189-1 2007-09-18
Foresight FLEA-2007-0056-1 2007-09-18
Fedora FEDORA-2007-700 2007-09-18
Red Hat RHSA-2007:0848-01 2007-09-18
Debian DSA-1375-1 2007-09-17

Comments (none posted)

OpenSSH: denial of service

Package(s):openssh CVE #(s):CVE-2006-4925 CVE-2006-5052
Created:October 6, 2006 Updated:November 15, 2007
Description: packet.c in ssh in OpenSSH allows remote attackers to cause a denial of service (crash) by sending an invalid protocol sequence with USERAUTH_SUCCESS before NEWKEYS, which causes newkeys[mode] to be NULL.

An unspecified vulnerability in portable OpenSSH before 4.4, when running on some platforms, allows remote attackers to determine the validity of usernames via unknown vectors involving a GSSAPI "authentication abort."

Alerts:
Red Hat RHSA-2007:0703-02 2007-11-15
Red Hat RHSA-2007:0540-04 2007-11-07
Fedora FEDORA-2007-394 2007-04-03
Gentoo 200611-06 2006-11-13
SuSE SUSE-SA:2006:062 2006-10-20
rPath rPSA-2006-0185-1 2006-10-05

Comments (none posted)

openssh: remote denial of service

Package(s):openssh CVE #(s):CVE-2006-4924 CVE-2006-5051
Created:September 27, 2006 Updated:September 17, 2008
Description: Openssh 4.4 fixes some security issues, including a pre-authentication denial of service, an unsafe signal hander and on portable OpenSSH a GSSAPI authentication abort could be used to determine the validity of usernames on some platforms.
Alerts:
Debian DSA-1638-1 2008-09-16
Debian DSA-1212-1 2006-11-15
Fedora FEDORA-2006-1011 2006-10-03
Debian DSA-1189-1 2006-10-04
Mandriva MDKSA-2006:179 2006-10-03
Ubuntu USN-355-1 2006-10-02
OpenPKG OpenPKG-SA-2006.022 2006-10-01
Slackware SSA:2006-272-02 2006-09-29
Red Hat RHSA-2006:0698-01 2006-09-28
Red Hat RHSA-2006:0697-01 2006-09-28
Gentoo 200609-17:02 2006-09-27
rPath rPSA-2006-0174-1 2006-09-27
Gentoo 200609-17 2006-09-27

Comments (none posted)

openssl: private key attack

Package(s):openssl CVE #(s):CVE-2007-3108
Created:August 7, 2007 Updated:May 13, 2008
Description: OpenSSL could allow a local user in certain circumstances to divulge information about private keys being used.
Alerts:
Debian DSA-1571-1 2008-05-13
Red Hat RHSA-2007:1003-02 2007-11-15
Ubuntu USN-522-1 2007-09-29
rPath rPSA-2007-0199-1 2007-09-25
Fedora FEDORA-2007-661 2007-08-13
Foresight FLEA-2007-0043-1 2007-08-13
rPath rPSA-2007-0155-1 2007-08-10
Fedora FEDORA-2007-1444 2007-08-06

Comments (none posted)

opera: multiple vulnerabilities

Package(s):opera CVE #(s):CVE-2007-4367 CVE-2007-3929 CVE-2007-3142 CVE-2007-3819
Created:August 23, 2007 Updated:February 27, 2008
Description: The Opera browser has multiple vulnerabilities. The JavaScript engine is vulnerable to a virtual function call on an invalid pointer that can be triggered by specially crafted JavaScript. A freed pointer in the BitTorrent support may be accessed, this can be used for malicious code execution. The browser is vulnerable to several memory read protection errors. There are URI display errors that can be used to trick users into visiting arbitrary web sites.
Alerts:
SuSE SUSE-SR:2007:015 2007-08-03
SuSE SUSE-SA:2007:050 2007-08-30
Gentoo 200708-17 2007-08-22

Comments (none posted)

pam: privilege escalation

Package(s):pam CVE #(s):CVE-2007-1716
Created:June 12, 2007 Updated:November 15, 2007
Description: A flaw was found in the way pam_console set console device permissions. It was possible for various console devices to retain ownership of the console user after logging out, possibly leaking information to an unauthorized user.
Alerts:
Red Hat RHSA-2007:0737-02 2007-11-15
Red Hat RHSA-2007:0555-04 2007-11-07
Fedora FEDORA-2007-546 2007-06-11
Red Hat RHSA-2007:0465-01 2007-06-11

Comments (none posted)

perl-Net-DNS: predictable id sequence

Package(s):perl-Net-DNS CVE #(s):CVE-2007-3377
Created:June 26, 2007 Updated:March 12, 2008
Description: Net::DNS before 0.60 uses an id sequence that is predictable and the same in all child processes.
Alerts:
Debian DSA-1515-1 2008-03-11
SuSE SUSE-SR:2007:017 2007-08-17
Gentoo 200708-06 2007-08-11
rPath rPSA-2007-0142-1 2007-07-17
Ubuntu USN-483-1 2007-07-11
Mandriva MDKSA-2007:146 2007-07-12
Red Hat RHSA-2007:0675-01 2007-07-12
Red Hat RHSA-2007:0674-01 2007-07-12
Fedora FEDORA-2007-609 2007-07-02
Fedora FEDORA-2007-612 2007-07-02
Fedora FEDORA-2007-0668 2007-06-25

Comments (none posted)

php: multiple vulnerabilities

Package(s):php CVE #(s):CVE-2007-1001 CVE-2007-1285 CVE-2007-1718 CVE-2007-1583
Created:April 16, 2007 Updated:December 4, 2007
Description: A denial of service flaw was found in the way PHP processed a deeply nested array. A remote attacker could cause the PHP interpreter to crash by submitting an input variable with a deeply nested array. (CVE-2007-1285)

A flaw was found in the way the mbstring extension set global variables. A script which used the mb_parse_str() function to set global variables could be forced to enable the register_globals configuration option, possibly resulting in global variable injection. (CVE-2007-1583)

A flaw was discovered in the way PHP's mail() function processed header data. If a script sent mail using a Subject header containing a string from an untrusted source, a remote attacker could send bulk e-mail to unintended recipients. (CVE-2007-1718)

A heap based buffer overflow flaw was discovered in PHP's gd extension. A script that could be forced to process WBMP images from an untrusted source could result in arbitrary code execution. (CVE-2007-1001)

Alerts:
Ubuntu USN-549-2 2007-12-03
Ubuntu USN-549-1 2007-11-29
OpenPKG OpenPKG-SA-2007.019 2007-05-28
Fedora FEDORA-2007-526 2007-05-24
SuSE SUSE-SA:2007:032 2007-05-23
Slackware SSA:2007-127-01 2007-05-08
Debian DSA-1283-1 2007-04-29
Ubuntu USN-455-1 2007-04-27
Debian DSA-1282-1 2007-04-26
Red Hat RHSA-2007:0153-01 2007-04-20
Mandriva MDKSA-2007:090 2007-04-18
Mandriva MDKSA-2007:089 2007-04-18
Mandriva MDKSA-2007:088 2007-04-18
Mandriva MDKSA-2007:087 2007-04-18
Fedora FEDORA-2007-455 2007-04-18
rPath rPSA-2007-0073-1 2007-04-18
Fedora FEDORA-2007-415 2007-04-17
Red Hat RHSA-2007:0155-01 2007-04-16
Red Hat RHSA-2007:0154-01 2007-04-16
Red Hat RHSA-2007:0162-01 2007-04-16

Comments (none posted)

php: several vulnerabilities

Package(s):php CVE #(s):CVE-2006-4481 CVE-2006-4484 CVE-2006-4485
Created:September 8, 2006 Updated:June 13, 2008
Description: The file_exists and imap_reopen functions in PHP before 5.1.5 do not check for the safe_mode and open_basedir settings, which allows local users to bypass the settings (CVE-2006-4481).

A buffer overflow in the LWZReadByte function in ext/gd/libgd/gd_gif_in.c in the GD extension in PHP before 5.1.5 allows remote attackers to have an unknown impact via a GIF file with input_code_size greater than MAX_LWZ_BITS, which triggers an overflow when initializing the table array (CVE-2006-4484).

The stripos function in PHP before 5.1.5 has unknown impact and attack vectors related to an out-of-bounds read (CVE-2006-4485).

Alerts:
SuSE SUSE-SR:2008:013 2008-06-13
Mandriva MDVSA-2008:077 2007-03-26
SuSE SUSE-SR:2008:005 2008-03-06
Red Hat RHSA-2008:0146-01 2008-02-28
Fedora FEDORA-2008-1643 2008-02-13
Foresight FLEA-2008-0007-1 2008-02-11
Fedora FEDORA-2008-1122 2008-02-05
Fedora FEDORA-2008-1131 2008-02-05
SuSE SUSE-SR:2008:003 2008-02-07
Mandriva MDVSA-2008:038 2007-02-07
rPath rPSA-2008-0046-1 2008-02-06
Gentoo 200802-01 2008-02-06
rPath rPSA-2006-0182-1 2006-10-05
SuSE SUSE-SA:2006:052 2006-09-21
Red Hat RHSA-2006:0669-01 2006-09-21
Mandriva MDKSA-2006:162 2006-09-07

Comments (1 posted)

php: multiple vulnerabilities

Package(s):php CVE #(s):CVE-2007-2872 CVE-2007-2756
Created:June 1, 2007 Updated:January 29, 2008
Description: According to a vendor release announcement multiple security enhancements and fixes were fixed in version 5.2.3 of the programming language PHP.
Alerts:
SuSE SUSE-SA:2008:004 2008-01-29
Ubuntu USN-549-2 2007-12-03
Red Hat RHSA-2007:0891-01 2007-10-25
Ubuntu USN-549-1 2007-11-29
Red Hat RHSA-2007:0888-01 2007-10-23
Gentoo 200710-02 2007-10-07
Red Hat RHSA-2007:0889-01 2007-09-26
Fedora FEDORA-2007-709 2007-09-24
Mandriva MDKSA-2007:187 2007-09-21
Red Hat RHSA-2007:0890-02 2007-09-20
Fedora FEDORA-2007-2215 2007-09-18
rPath rPSA-2007-0188-1 2007-09-17
Slackware SSA:2007-255-03 2007-09-13
rPath rPSA-2007-0117-1 2007-06-07
Slackware SSA:2007-152-01 2007-06-04
OpenPKG OpenPKG-SA-2007.020 2007-06-01

Comments (none posted)

php: buffer overflows

Package(s):php CVE #(s):CVE-2006-5465
Created:November 3, 2006 Updated:January 18, 2010
Description: The Hardened-PHP Project discovered buffer overflows in htmlentities/htmlspecialchars internal routines to the PHP Project. Of course the whole purpose of these functions is to be filled with user input. (The overflow can only be when UTF-8 is used)
Alerts:
Mandriva MDVSA-2010:007 2010-01-15
SuSE SUSE-SA:2006:067 2006-11-15
rPath rPSA-2006-0205-1 2006-11-09
Red Hat RHSA-2006:0731-01 2006-11-10
Red Hat RHSA-2006:0730-01 2006-11-06
Debian DSA-1206-1 2006-11-06
Fedora FEDORA-2006-1169 2006-11-06
Fedora FEDORA-2006-1168 2006-11-06
Slackware SSA:2006-307-01 2006-11-06
OpenPKG OpenPKG-SA-2006.028 2006-11-06
Ubuntu USN-375-1 2006-11-02
Mandriva MDKSA-2006:196 2006-11-02

Comments (none posted)

phpbb2: missing input sanitizing

Package(s):phpbb2 CVE #(s):CVE-2006-1896
Created:May 22, 2006 Updated:February 11, 2008
Description: It was discovered that phpbb2, a web based bulletin board, insufficiently sanitizes values passed to the "Font Color 3" setting, which might lead to the execution of injected code by admin users.
Alerts:
Debian DSA-1066-1 2006-05-20

Comments (none posted)

phpbb2: multiple vulnerabilities

Package(s):phpbb2 CVE #(s):CVE-2005-3310 CVE-2005-3415 CVE-2005-3416 CVE-2005-3417 CVE-2005-3418 CVE-2005-3419 CVE-2005-3420 CVE-2005-3536 CVE-2005-3537
Created:December 22, 2005 Updated:February 11, 2008
Description: The phpbb2 web forum has a number of vulnerabilities including: a web script injection problem, a protection mechanism bypass, a security check bypass, a remote global variable bypass, cross site scripting vulnerabilities, an SQL injection vulnerability, a remote regular expression modification problem, missing input sanitizing, and a missing request validation problem.
Alerts:
Debian DSA-925-1 2005-12-22

Comments (none posted)

phpmyadmin: multiple vulnerabilities

Package(s):phpmyadmin CVE #(s):CVE-2006-6942 CVE-2006-6944 CVE-2007-1325 CVE-2007-1395 CVE-2007-2245
Created:September 10, 2007 Updated:March 19, 2009
Description: Several remote vulnerabilities have been discovered in phpMyAdmin, a program to administrate MySQL over the web. The Common Vulnerabilities and Exposures project identifies the following problems:

CVE-2007-1325: The PMA_ArrayWalkRecursive function in libraries/common.lib.php does not limit recursion on arrays provided by users, which allows context-dependent attackers to cause a denial of service (web server crash) via an array with many dimensions.

CVE-2007-1395: Incomplete blacklist vulnerability in index.php allows remote attackers to conduct cross-site scripting (XSS) attacks by injecting arbitrary JavaScript or HTML in a (1) db or (2) table parameter value followed by an uppercase </SCRIPT> end tag, which bypasses the protection against lowercase </script>.

CVE-2007-2245: Multiple cross-site scripting (XSS) vulnerabilities allow remote attackers to inject arbitrary web script or HTML via (1) the fieldkey parameter to browse_foreigners.php or (2) certain input to the PMA_sanitize function.

CVE-2006-6942: Multiple cross-site scripting (XSS) vulnerabilities allow remote attackers to inject arbitrary HTML or web script via (1) a comment for a table name, as exploited through (a) db_operations.php, (2) the db parameter to (b) db_create.php, (3) the newname parameter to db_operations.php, the (4) query_history_latest, (5) query_history_latest_db, and (6) querydisplay_tab parameters to (c) querywindow.php, and (7) the pos parameter to (d) sql.php.

CVE-2006-6944: phpMyAdmin allows remote attackers to bypass Allow/Deny access rules that use IP addresses via false headers.

Alerts:
Gentoo 200903-32 2009-03-18
Mandriva MDKSA-2007:199 2007-10-17
Debian DSA-1370-2 2007-09-10
Debian DSA-1370-1 2007-09-09

Comments (none posted)

phpPgAdmin: cross-site scripting

Package(s):phppgadmin CVE #(s):CVE-2007-2865 CVE-2007-5728
Created:June 18, 2007 Updated:January 21, 2009
Description: A cross-site scripting (XSS) vulnerability in sqledit.php in phpPgAdmin 4.1.1 allows remote attackers to inject arbitrary web script or HTML via the server parameter.
Alerts:
Debian DSA-1693-1 2008-12-27
Debian DSA-1693-2 2009-01-21
SuSE SUSE-SR:2007:024 2007-11-22
Fedora FEDORA-2007-1013 2007-07-11
Fedora FEDORA-2007-0469 2007-06-16

Comments (none posted)

phpwiki: authentication bypass

Package(s):phpwiki CVE #(s):CVE-2007-3193
Created:September 19, 2007 Updated:September 19, 2007
Description: Versions of phpwiki prior to 1.3.14 suffer from an authentication bypass vulnerability when using an LDAP server containing an account with an empty password.
Alerts:
Gentoo 200709-10 2007-09-18

Comments (1 posted)

proftpd: authentication bypass

Package(s):proftpd CVE #(s):CVE-2007-2165
Created:June 21, 2007 Updated:November 5, 2007
Description: The ProFTPD Auth API has an authentication bypass vulnerability. When multiple simultaneous authentication modules are configured, the ProFTPD module that checks authentication is not necessarily the same module that retrieves authentication data. This can be used by remote attackers to bypass the authentication system.
Alerts:
Fedora FEDORA-2007-2613 2007-11-05
Mandriva MDKSA-2007:130 2007-06-20

Comments (none posted)

pulseaudio: denial of service

Package(s):pulseaudio CVE #(s):CVE-2007-1804
Created:May 30, 2007 Updated:March 10, 2008
Description: The pulseaudio network code suffers from a denial of service vulnerability exploitable by an unauthenticated attacker.
Alerts:
Mandriva MDVSA-2008:065 2007-03-09
Ubuntu USN-465-1 2007-05-25

Comments (none posted)

python: information disclosure

Package(s):python CVE #(s):CVE-2007-2052
Created:May 9, 2007 Updated:July 30, 2009
Description: Python 2.4 and 2.5 contain a bug in PyLocale_strxfrm() which could enable an attacker to read portions of unrelated memory.
Alerts:
CentOS CESA-2009:1176 2009-07-29
Red Hat RHSA-2009:1176-01 2009-07-27
Debian DSA-1620-1 2008-07-27
Debian DSA-1551-1 2008-04-19
Ubuntu USN-585-1 2008-03-11
Red Hat RHSA-2007:1076-02 2007-12-10
Red Hat RHSA-2007:1077-01 2007-12-10
Foresight FLEA-2007-0019-1 2007-05-21
rPath rPSA-2007-0104-1 2007-05-17
Mandriva MDKSA-2007:099 2007-05-08

Comments (none posted)

qemu: multiple vulnerabilities

Package(s):qemu CVE #(s):CVE-2007-1320 CVE-2007-1321 CVE-2007-1322 CVE-2007-1323 CVE-2007-1366
Created:May 1, 2007 Updated:January 19, 2009
Description: Several vulnerabilities have been discovered in the QEMU processor emulator, which may lead to the execution of arbitrary code or denial of service.
Alerts:
Fedora FEDORA-2008-11705 2008-12-24
Fedora FEDORA-2008-10000 2008-11-22
Fedora FEDORA-2008-9556 2008-11-12
SuSE SUSE-SR:2009:002 2009-01-19
Mandriva MDVSA-2008:162 2008-08-07
Fedora FEDORA-2008-4386 2008-05-28
Fedora FEDORA-2008-4604 2008-05-28
Fedora FEDORA-2007-713 2007-10-08
Debian DSA-1384-1 2007-10-05
Fedora FEDORA-2007-2270 2007-10-03
Red Hat RHSA-2007:0323-01 2007-10-02
Debian-Testing DTSA-38-1 2007-05-26
Debian DSA-1284-1 2007-05-01

Comments (none posted)

qgit: arbitrary code execution

Package(s):qgit CVE #(s):CVE-2007-4631
Created:September 10, 2007 Updated:October 8, 2007
Description: Not only does QGit construct a predictable file name here, and doesn't check if the files already exist, which can be leveraged into information leak or arbitrary file overwrite in case they're symlinks, but later on executes one of them. This is not just problem when /tmp is mounted with noexec option, but might be exploited into arbitrary code execution under time-dependent race condition.
Alerts:
Gentoo 200710-05 2007-10-07
Fedora FEDORA-2007-2108 2007-09-10

Comments (none posted)

qt: arbitrary code execution

Package(s):qt CVE #(s):CVE-2007-3388
Created:August 1, 2007 Updated:December 10, 2007
Description: Format string bugs were found in several Qt warning messages. Applications using Qt for processing certain data types could trigger them if the data caused Qt to print warnings. The bugs potentially allow to execute arbitrary code via specially crafted files (CVE-2007-3388).
Alerts:
Debian DSA-1426-1 2007-12-08
Gentoo 200708-16 2007-08-22
Slackware SSA:2007-222-03 2007-08-13
Foresight FLEA-2007-0042-1 2007-08-03
Ubuntu USN-495-1 2007-08-03
rPath rPSA-2007-0153-1 2007-08-01
Mandriva MDKSA-2007:151 2007-08-01
SuSE SUSE-SA:2007:048 2007-08-01
Red Hat RHSA-2007:0721-01 2007-07-31

Comments (none posted)

qt: buffer overflow

Package(s):qt CVE #(s):CVE-2007-4137
Created:September 14, 2007 Updated:December 10, 2007
Description: A buffer overflow was found in how Qt expanded malformed Unicode strings. If an application linked against Qt parsed a malicious Unicode string, it could lead to a denial of service or potentially allow for the execution of arbitrary code.
Alerts:
Debian DSA-1426-1 2007-12-08
Gentoo 200710-28 2007-10-25
rPath rPSA-2007-0204-1 2007-10-03
Foresight FLEA-2007-0059-1 2007-10-04
SuSE SUSE-SR:2007:019 2007-09-28
Ubuntu USN-513-1 2007-09-18
Fedora FEDORA-2007-703 2007-09-18
Fedora FEDORA-2007-2216 2007-09-18
Mandriva MDKSA-2007:183 2007-09-13

Comments (none posted)

quagga: denial of service

Package(s):quagga CVE #(s):CVE-2007-4826
Created:September 14, 2007 Updated:October 25, 2010
Description: The bgpd daemon in Quagga prior to 0.99.9 allowed remote BGP peers to cause a denial of service crash via a malformed OPEN message or COMMUNITY attribute.
Alerts:
CentOS CESA-2010:0785 2010-10-25
CentOS CESA-2010:0785 2010-10-20
Red Hat RHSA-2010:0785-01 2010-10-20
Debian DSA-1379-1 2007-10-01
Trustix TSLSA-2007-0028 2007-09-21
Fedora FEDORA-2007-2196 2007-09-18
Ubuntu USN-512-1 2007-09-15
Mandriva MDKSA-2007:182 2007-09-13
Oracle ELSA-2012-1258 2012-09-13

Comments (none posted)

quake: buffer overflow

Package(s):quake3-bin CVE #(s):CVE-2006-2236
Created:May 10, 2006 Updated:January 12, 2009
Description: Games based on the Quake 3 engine are vulnerable to a buffer overflow exploitable by a hostile game server.
Alerts:
Gentoo 200901-06 2009-01-11
Gentoo 200605-12 2006-05-10

Comments (none posted)

redhat-cluster-suite: denial of service

Package(s):redhat-cluster-suite CVE #(s):CVE-2007-3380
Created:July 19, 2007 Updated:November 14, 2007
Description: The redhat cluster suite's cluster manager is vulnerable to a remote attack. Attackers can connect to the DLM port and block subsequent DLM operations, resulting in a denial of service.
Alerts:
Ubuntu USN-489-1 2007-07-19
Red Hat RHSA-2007:0940-01 2007-10-22
Ubuntu USN-489-2 2007-07-19

Comments (1 posted)

rsync: off-by-one errors

Package(s):rsync CVE #(s):CVE-2007-4091
Created:August 20, 2007 Updated:December 3, 2007
Description: Multiple off-by-one errors in the sender.c in rsync 2.6.9 might allow remote attackers to execute arbitrary code via directory names that are not properly handled when calling the f_name function.
Alerts:
Slackware SSA:2007-335-01 2007-12-03
Gentoo 200709-13 2007-09-20
Debian DSA-1360 2007-08-28
Foresight FLEA-2007-0047-1 2007-08-23
rPath rPSA-2007-0168-1 2007-08-22
Ubuntu USN-500-1 2007-08-20
Mandriva MDKSA-2007:166 2007-08-18

Comments (1 posted)

samba: incorrect group assignment

Package(s):samba CVE #(s):CVE-2007-4138
Created:September 12, 2007 Updated:November 15, 2007
Description: From the Samba advisory: When the rfc2307 or sfu nss_info plugin has been enabled, in the absence of either the RFC2307 or SFU primary group attribute, Winbind will assign a primary group ID of 0 to the domain user queried using the getpwnam() C library call.
Alerts:
Red Hat RHSA-2007:1017-01 2007-11-15
Red Hat RHSA-2007:1016-01 2007-11-15
rPath rPSA-2007-0184-1 2007-09-14
Slackware SSA:2007-255-02 2007-09-13
Fedora FEDORA-2007-2145 2007-09-12

Comments (1 posted)

slocate: information disclosure

Package(s):slocate CVE #(s):CVE-2007-0227
Created:February 22, 2007 Updated:September 4, 2012
Description: The slocate permission checking code has a local information disclosure vulnerability. During the reporting of matching files, slocate does not respect the parent directory's read permissions, resulting in hidden filenames being viewable by other local users.
Alerts:
Foresight FLEA-2007-0005-1 2007-03-29
Ubuntu USN-425-1 2007-02-22
Slackware SSA:2012-244-05 2012-08-31

Comments (none posted)

star: directory traversal vulnerability

Package(s):star CVE #(s):CVE-2007-4134
Created:August 28, 2007 Updated:October 23, 2007
Description: Star saves many files together into a single tape or disk archive, and can restore individual files from the archive. Star supports ACL. Version 1.5a84 fixes a directory traversal vulnerability.
Alerts:
Gentoo 200710-23 2007-10-22
Foresight FLEA-2007-0051-1 2007-09-06
Red Hat RHSA-2007:0873-01 2007-09-04
Fedora FEDORA-2007-1852 2007-08-27

Comments (none posted)

streamripper: buffer overflow

Package(s):streamripper CVE #(s):CVE-2007-4337
Created:September 14, 2007 Updated:December 9, 2008
Description: Chris Rohlf discovered several boundary errors in the httplib_parse_sc_header() function when processing HTTP headers.
Alerts:
Debian DSA-1683-1 2008-12-08
Gentoo 200709-03 2007-09-13

Comments (none posted)

Sun JDK/JRE: multiple vulnerabilities

Package(s):Sun JDK/JRE CVE #(s):CVE-2007-2435 CVE-2007-2788 CVE-2007-2789
Created:June 1, 2007 Updated:April 18, 2008
Description: An unspecified vulnerability involving an "incorrect use of system classes" was reported by the Fujitsu security team. Additionally, Chris Evans from the Google Security Team reported an integer overflow resulting in a buffer overflow in the ICC parser used with JPG or BMP files, and an incorrect open() call to /dev/tty when processing certain BMP files.
Alerts:
Gentoo 200804-20 2008-04-17
Red Hat RHSA-2007:1086-01 2007-12-12
Red Hat RHSA-2007:0817-01 2007-08-06
SuSE SUSE-SA:2007:045 2007-07-18
Gentoo 200706-08 2007-06-26
Gentoo 200705-23 2007-05-31

Comments (none posted)

sylpheed: format string vulnerability

Package(s):sylpheed CVE #(s):CVE-2007-2958
Created:August 28, 2007 Updated:October 26, 2007
Description: Ulf Harnhammar (Secunia Research) has discovered a format string vulnerability in sylpheed and claws-mail in inc_put_error() function in src/inc.c when displaying POP3 error reply. The problem can be exploited by malicious POP3 server via specially crafted POP3 server replies containing format specifiers. See this Secunia advisory for more information.
Alerts:
Gentoo 200710-29 2007-10-25
Fedora FEDORA-2007-2009 2007-09-04
Fedora FEDORA-2007-1841 2007-08-27

Comments (none posted)

sysstat: insecure temporary files

Package(s):sysstat CVE #(s):CVE-2007-3852
Created:August 20, 2007 Updated:September 23, 2011
Description: The init script (sysstat.in) in sysstat 5.1.2 up to 7.1.6 creates /tmp/sysstat.run insecurely, which allows local users to execute arbitrary code.
Alerts:
CentOS CESA-2011:1005 2011-09-22
Scientific Linux SL-syss-20110721 2011-07-21
Red Hat RHSA-2011:1005-01 2011-07-21
Fedora FEDORA-2007-675 2007-08-27
Fedora FEDORA-2007-1697 2007-08-20

Comments (1 posted)

tar: symlink path traversal vulnerability

Package(s):tar CVE #(s):CVE-2007-4131
Created:August 23, 2007 Updated:December 28, 2007
Description: The tar utility has a symlink path traversal vulnerability involving extracted archives. Maliciously created tar archives can be used to write arbitrary data to files that the tar user has write access to.
Alerts:
Debian DSA-1438-1 2007-12-28
Gentoo 200709-09 2007-09-15
Mandriva MDKSA-2007:173 2007-09-04
Fedora FEDORA-2007-683 2007-08-30
SuSE SUSE-SR:2007:018 2007-08-31
Fedora FEDORA-2007-1890 2007-08-29
Ubuntu USN-506-1 2007-08-28
rPath rPSA-2007-0172-1 2007-08-25
Foresight FLEA-2007-0049-1 2007-08-27
Red Hat RHSA-2007:0860-01 2007-08-23

Comments (none posted)

tcpdump: integer overflow

Package(s):tcpdump CVE #(s):CVE-2007-3798
Created:July 20, 2007 Updated:November 15, 2007
Description: An integer overflow in print-bgp.c in the BGP dissector in tcpdump 3.9.6 and earlier allows remote attackers to execute arbitrary code via crafted TLVs in a BGP packet, related to an unchecked return value.
Alerts:
Red Hat RHSA-2007:0387-02 2007-11-15
Red Hat RHSA-2007:0368-03 2007-11-07
Slackware SSA:2007-230-01 2007-08-20
Debian DSA-1353-1 2007-08-11
Fedora FEDORA-2007-654 2007-08-01
Fedora FEDORA-2007-1361 2007-07-31
Ubuntu USN-492-1 2007-07-30
Gentoo 200707-14 2007-07-28
Mandriva MDKSA-2007:148 2007-07-25
rPath rPSA-2007-0147-1 2007-07-20

Comments (none posted)

tcpdump: denial of service

Package(s):tcpdump CVE #(s):CVE-2007-1218
Created:March 5, 2007 Updated:November 15, 2007
Description: Off-by-one buffer overflow in the parse_elements function in the 802.11 printer code (print-802_11.c) for tcpdump 3.9.5 and earlier allows remote attackers to cause a denial of service (crash) via a crafted 802.11 frame. NOTE: this was originally referred to as heap-based, but it might be stack-based.
Alerts:
Red Hat RHSA-2007:0387-02 2007-11-15
Mandriva MDKSA-2007:155 2007-08-09
Debian DSA-1272-1 2007-03-22
Fedora FEDORA-2007-348 2007-03-15
Fedora FEDORA-2007-347 2007-03-15
Mandriva MDKSA-2007:056 2006-03-08
Ubuntu USN-429-1 2007-03-06
rPath rPSA-2007-0048-1 2007-03-03

Comments (none posted)

tcp-wrappers: unauthorized access

Package(s):tcp-wrappers CVE #(s):CVE-2007-5137
Created:August 30, 2007 Updated:October 13, 2007
Description: The TCP wrapper library can improperly allow connections to services that do not have server-side connection details specified. Remote attackers can connect to blocked services.
Alerts:
Ubuntu USN-507-1 2007-08-30

Comments (none posted)

terminal: arbitrary code execution

Package(s):terminal CVE #(s):CVE-2007-3770
Created:August 13, 2007 Updated:December 19, 2007
Description: A vulnerability was found in the Xfce terminal program:

Lasse Karkkainen discovered that the function terminal_helper_execute() in file terminal-helper.c does not properly escape the URIs before processing.

Alerts:
Fedora FEDORA-2007-4368 2007-12-15
Fedora FEDORA-2007-4385 2007-12-15
Debian DSA-1393-1 2007-10-23
Fedora FEDORA-2007-1620 2007-08-15
Ubuntu USN-497-1 2007-08-14
Gentoo 200708-07 2007-08-11

Comments (none posted)

tetex: buffer overflow

Package(s):tetex CVE #(s):CVE-2007-0650
Created:May 8, 2007 Updated:May 13, 2008
Description: A buffer overflow in the open_sty function in mkind.c for makeindex 2.14 in teTeX might allow user-assisted remote attackers to overwrite files and possibly execute arbitrary code via a long filename. NOTE: other overflows exist but might not be exploitable, such as a heap-based overflow in the check_idx function.
Alerts:
Gentoo 200805-13 2008-05-12
Gentoo 200709-17 2007-09-27
Mandriva MDKSA-2007:109 2007-05-23
rPath rPSA-2007-0092-1 2007-05-07

Comments (1 posted)

tomcat: directory traversal

Package(s):tomcat CVE #(s):CVE-2007-0450
Created:May 2, 2007 Updated:February 27, 2008
Description: Versions of tomcat prior to 5.5.22 do not properly filter filename separator characters, enabling information disclosure attacks.
Alerts:
SuSE SUSE-SR:2007:015 2007-08-03
Mandriva MDKSA-2007:241 2007-12-10
Red Hat RHSA-2007:0360-01 2007-05-24
Red Hat RHSA-2007:0328-01 2007-05-24
Fedora FEDORA-2007-514 2007-05-21
Red Hat RHSA-2007:0326-01 2007-05-21
Red Hat RHSA-2007:0327-01 2007-05-14
Gentoo 200705-03 2007-05-01

Comments (none posted)

tomcat: cross-site scripting

Package(s):tomcat CVE #(s):CVE-2007-2449 CVE-2007-2450
Created:July 17, 2007 Updated:February 17, 2009
Description: Some JSPs within the 'examples' web application did not escape user provided data. If the JSP examples were accessible, this flaw could allow a remote attacker to perform cross-site scripting attacks (CVE-2007-2449).

Note: it is recommended the 'examples' web application not be installed on a production system.

The Manager and Host Manager web applications did not escape user provided data. If a user is logged in to the Manager or Host Manager web application, an attacker could perform a cross-site scripting attack (CVE-2007-2450).

Alerts:
SuSE SUSE-SR:2009:004 2009-02-17
Fedora FEDORA-2008-8130 2008-09-16
SuSE SUSE-SR:2008:007 2008-03-28
Fedora FEDORA-2008-1603 2008-02-13
Fedora FEDORA-2008-1467 2008-02-13
Debian DSA-1468-1 2008-01-20
Mandriva MDKSA-2007:241 2007-12-10
Fedora FEDORA-2007-3474 2007-11-17
Fedora FEDORA-2007-3456 2007-11-17
Red Hat RHSA-2007:0569-01 2007-07-17

Comments (1 posted)

vim: arbitrary code execution

Package(s):vim CVE #(s):CVE-2007-2953
Created:July 30, 2007 Updated:November 27, 2008
Description: vim is vulnerable to a user-assisted attack in which vim may execute arbitrary code when helptags is run on data that has been maliciously crafted.
Alerts:
CentOS CESA-2008:0580 2008-11-26
CentOS CESA-2008:0617 2008-11-25
Red Hat RHSA-2008:0617-01 2008-11-25
Red Hat RHSA-2008:0580-01 2008-11-25
Debian DSA-1364-2 2007-09-19
Debian DSA-1364-1 2007-09-01
Ubuntu USN-505-1 2007-08-28
Mandriva MDKSA-2007:168 2007-08-21
rPath rPSA-2007-0151-1 2007-07-31
Foresight FLEA-2007-0036-1 2007-07-30

Comments (none posted)

vixie-cron: weak permissions may cause errors

Package(s):vixie-cron CVE #(s):CVE-2007-1856
Created:April 17, 2007 Updated:December 4, 2007
Description: During an internal audit, Raphael Marichez of the Gentoo Linux Security Team found that Vixie Cron has weak permissions set on Gentoo, allowing for a local user to create hard links to system and users cron files, while a st_nlink check in database.c will generate a superfluous error.
Alerts:
Mandriva MDKSA-2007:234 2007-12-03
Red Hat RHSA-2007:0345-01 2007-05-17
Gentoo 200704-11 2007-04-16

Comments (1 posted)

vlc: several vulnerabilities

Package(s):vlc CVE #(s):CVE-2007-3316 CVE-2007-3467 CVE-2007-3468
Created:July 10, 2007 Updated:March 10, 2008
Description: Several remote vulnerabilities have been discovered in the VideoLan multimedia player and streamer, which may lead to the execution of arbitrary code.
Alerts:
Gentoo 200803-13 2008-03-07
Gentoo 200707-12 2007-07-28
Debian DSA-1332-1 2007-07-09

Comments (none posted)

wireshark: multiple vulnerabilities

Package(s):wireshark CVE #(s):CVE-2007-3390 CVE-2007-3392 CVE-2007-3393
Created:June 28, 2007 Updated:February 27, 2008
Description: The wireshark network traffic analyzer has three vulnerabilities that can be used to create a denial of service. These include off-by-one overflows in the iSeries dissector, vulnerabilities in the MMS and SSL dissectors that can cause an infinite loop and an off-by-one overflow in the DHCP/BOOTP dissector.
Alerts:
SuSE SUSE-SR:2007:015 2007-08-03
Red Hat RHSA-2008:0059-01 2008-01-21
Red Hat RHSA-2007:0709-02 2007-11-15
Red Hat RHSA-2007:0710-04 2007-11-07
Gentoo 200708-12 2007-08-16
Fedora FEDORA-2007-628 2007-07-09
rPath rPSA-2007-0137-1 2007-07-11
Mandriva MDKSA-2007:145 2007-07-10
Fedora FEDORA-2007-0982 2007-07-09
Debian DSA-1322-1 2007-06-27

Comments (none posted)

XFree86 X.org: integer overflows

Package(s):xfree86 x.org CVE #(s):CVE-2007-1003 CVE-2007-1667 CVE-2007-1351 CVE-2007-1352
Created:April 3, 2007 Updated:August 11, 2009
Description: iDefense reported an integer overflow flaw in the XFree86 XC-MISC extension. A malicious authorized client could exploit this issue to cause a denial of service (crash) or potentially execute arbitrary code with root privileges on the XFree86 server. (CVE-2007-1003)

iDefense reported two integer overflows in the way X.org handled various font files. A malicious local user could exploit these issues to potentially execute arbitrary code with the privileges of the X.org server. (CVE-2007-1351, CVE-2007-1352)

An integer overflow flaw was found in the XFree86 XGetPixel() function. Improper use of this function could cause an application calling it to function improperly, possibly leading to a crash or arbitrary code execution. (CVE-2007-1667)

Alerts:
Debian DSA-1858-1 2009-08-10
SuSE SUSE-SR:2008:008 2008-04-04
Debian DSA-1454-1 2008-01-07
Debian DSA-1294-1 2007-05-17
Gentoo 200705-10 2007-05-08
Gentoo 200705-06 2007-05-05
Gentoo 200705-02 2007-05-01
Ubuntu USN-453-2 2007-04-26
SuSE SUSE-SA:2007:027 2007-04-20
Slackware SSA:2007-109-01 2007-04-20
Ubuntu USN-453-1 2007-04-18
Red Hat RHSA-2007:0157-01 2007-04-16
Red Hat RHSA-2007:0150-01 2007-04-16
Mandriva MDKSA-2007:079-1 2007-04-11
Mandriva MDKSA-2007:080-1 2007-04-10
Mandriva MDKSA-2007:081-1 2007-04-10
Fedora FEDORA-2007-427 2007-04-10
Fedora FEDORA-2007-426 2007-04-10
Fedora FEDORA-2007-425 2007-04-10
Fedora FEDORA-2007-424 2007-04-10
Fedora FEDORA-2007-423 2007-04-09
Fedora FEDORA-2007-422 2007-04-09
Foresight FLEA-2007-0009-1 2007-04-05
Mandriva MDKSA-2007:080 2007-04-04
Mandriva MDKSA-2007:081 2007-04-04
Mandriva MDKSA-2007:079 2007-04-04
rPath rPSA-2007-0065-1 2007-04-04
Ubuntu USN-448-1 2007-04-03
Red Hat RHSA-2007:0132-01 2007-04-03
Red Hat RHSA-2007:0127-01 2007-04-03
Red Hat RHSA-2007:0126-01 2007-04-03
Red Hat RHSA-2007:0125-01 2007-04-03

Comments (none posted)

xfsdump: insecure temp dir

Package(s):xfsdump CVE #(s):CVE-2007-2654
Created:June 22, 2007 Updated:September 21, 2007
Description: xfs_fsr in xfsdump creates a .fsr temporary directory with insecure permissions, which allows local users to read or overwrite arbitrary files on xfs filesystems.
Alerts:
Ubuntu USN-516-1 2007-09-20
Mandriva MDKSA-2007:134 2007-06-21

Comments (none posted)

xine-lib: arbitrary code execution

Package(s):xine-lib CVE #(s):CVE-2007-1387
Created:March 13, 2007 Updated:April 1, 2008
Description: Moritz Jodeit discovered that the DirectShow loader of Xine did not correctly validate the size of an allocated buffer. By tricking a user into opening a specially crafted media file, an attacker could execute arbitrary code with the user's privileges.
Alerts:
Debian DSA-1536-1 2008-03-31
Mandriva MDKSA-2007:062 2007-03-13
Mandriva MDKSA-2007:061 2007-03-13
Ubuntu USN-435-1 2007-03-12

Comments (none posted)

xine-lib: buffer overflow

Package(s):xine-lib CVE #(s):CVE-2006-1664
Created:April 27, 2006 Updated:February 27, 2008
Description: xine-lib does an improper input data boundary check on MPEG streams. A specially crafted MPEG file can be created that can cause arbitrary code execution when the file is accessed.
Alerts:
Gentoo 200802-12 2008-02-26
Gentoo 200604-16 2006-04-26

Comments (none posted)

xmms: BMP handling vulnerability

Package(s):xmms CVE #(s):CVE-2007-0653 CVE-2007-0654
Created:March 28, 2007 Updated:July 26, 2011
Description: xmms suffers from vulnerabilities in its handling of BMP images. Should a hostile image be included in an xmms skin, it could lead to code execution on the user's system.
Alerts:
Fedora FEDORA-2011-9421 2011-07-16
Fedora FEDORA-2011-9413 2011-07-16
Debian DSA-1277-1 2007-04-04
Mandriva MDKSA-2007:071 2007-03-29
Ubuntu USN-445-1 2007-03-27

Comments (none posted)

X.org: temp file vulnerability

Package(s):X.org CVE #(s):CVE-2007-3103
Created:July 12, 2007 Updated:July 2, 2009
Description: The X.Org X11 xfs font server has a temp file vulnerability in the startup script. A local user can modify the permissions of the script in order to elevate their local privileges.
Alerts:
Fedora FEDORA-2009-3651 2009-04-14
Fedora FEDORA-2009-3666 2009-04-14
Debian DSA-1342-1 2007-07-30
rPath rPSA-2007-0141-1 2007-07-17
Foresight FLEA-2007-0031-1 2007-07-12
Red Hat RHSA-2007:0520-01 2007-07-12
Red Hat RHSA-2007:0519-01 2007-07-12

Comments (none posted)

xorg-server: local privilege escalation

Package(s):xorg-server CVE #(s):CVE-2007-4730
Created:September 10, 2007 Updated:January 24, 2008
Description: Aaron Plattner discovered a buffer overflow in the Composite extension of the X.org X server, which can lead to local privilege escalation.
Alerts:
Mandriva MDVSA-2008:022 2008-01-23
Gentoo 200710-16 2007-10-14
Ubuntu USN-514-1 2007-09-18
Red Hat RHSA-2007:0898-01 2007-09-19
rPath rPSA-2007-0187-1 2007-09-14
Mandriva MDKSA-2007:178 2007-09-11
Debian DSA-1372-1 2007-09-09

Comments (none posted)

xterm: local user unauthorized access

Package(s):xterm CVE #(s):CVE-2007-2797
Created:August 27, 2007 Updated:November 15, 2007
Description: Previous versions of the xterm package assigned incorrect ownership and write permissions to pseudo-terminal devices, permitting local users to direct output to other users' xterm sessions.
Alerts:
Red Hat RHSA-2007:0701-02 2007-11-15
rPath rPSA-2007-0169-1 2007-08-23
Foresight FLEA-2007-0048-1 2007-08-23

Comments (1 posted)

Page editor: Jake Edge

Kernel development

Brief items

Kernel release status

The current 2.6 prepatch is 2.6.23-rc8, released on September 24. It contains a relatively small number of fixes, and Linus is confident that the final release is getting close. "Of course, me feeling happy is usually immediately followed by some nasty person finding new problems, but I'll just ignore that and enjoy the feeling anyway, however fleeting it may be."

As of this writing, about 50 post-rc8 patches have gone into the mainline repository.

The current -mm tree is 2.6.23-rc8-mm1. Recent changes to -mm include some ext4 enhancements, support for read-only bind mounts, some kdump improvements, and a rework of the NFS export code.

The current stable 2.6 kernel is 2.6.22.9, released on September 26. It contains a few dozen fixes for problems throughout the kernel. 2.6.22.8, released on September 24, contains a single security fix for a privilege escalation vulnerability in the sound subsystem. 2.6.22.7, released on the 21st, is also a single-fix update; this one addresses an x86_64-only privilege escalation problem. There is a larger 2.6.22 update in the works which should be released shortly.

For older kernels: 2.6.20.20, released on September 23, fixes the x86_64 vulnerability and one other bug. The 2.6.16 series returned on September 25 with 2.6.16.54-rc1, which contains a fair number of fixes. 2.4.35.3 (September 23) also has the x86_64 fix and a couple of others.

Comments (none posted)

Kernel development news

Quotes of the week

Currently, sysfs files which want to kill themselves should ask someone else (workqueue) to kill it, which is so inhumane. This patchset updates sysfs file implementation such that sysfs files can commit suicide peacefully.
-- Tejun Heo creates a more compassionate kernel

Allowing users to turn off security is generally better than assuming they will read the manual and turn it on.
-- Alan Cox

Comments (none posted)

MadWifi developers move to ath5k

The developers for the MadWifi project have announced their intention to move away from their current Atheros driver (which contains a binary-only component) and, instead, work on the development of the free ath5k driver. "To underline our decision and commitment to ath5k we now declare MadWifi 'legacy.'. In the long run ath5k will replace the MadWifi driver. For the time being MadWifi will still be supported, bugs will get fixed and HAL updates will be applied where possible. But it becomes unlikely that we'll see new features or go through major changes on that codebase."

Full Story (comments: 17)

Reviving linux-tiny

By Jake Edge
September 26, 2007

An announcement of the revival of linux-tiny, a set of patches aimed at reducing the footprint of the kernel, mainly for the embedded world, has led to a number of linux-kernel threads. The conversations range from the proper place for linux-tiny to reside to the removal of the enormous number of printk() strings in the kernel. They provide an interesting glimpse into the kernel development process.

The linux-tiny project was started by Matt Mackall in December 2003 with the aim to "collect patches that reduce kernel disk and memory footprint as well as tools for working on small systems." LWN covered the announcement at the time and tried out the patches more than a year ago. Many of the linux-tiny features have found their way into the mainline, but quite a few still remain outside.

The Consumer Electronics Linux Forum (CELF) is behind the effort to revive the project, with Tim Bird, architecture group chair, announcing the plan, including a new maintainer, Michael Opdenacker. The first step has been mostly completed, bringing the patches forward from the 2.6.14 kernel to 2.6.22. A status page has been established to track the progress of updating the patches, but it is clear that moving them into the mainline, rather than maintaining them as patches, is a big motivation behind the revival.

Andrew Morton immediately volunteered to manage the linux-tiny patches in an answer to the revival message:

Seriously, putting this stuff into some private patch collection should be a complete last resort - you should only do this with patches which you (and the rest of us) agree have no hope of ever getting into mainline.

Reactions were quite favorable, with the maintainer, Opdenacker responding:

Andrew, you're completely right... The patches should all aim at being included into mainline or die.

I'm finishing a sequence of crazy weeks and I will have time to send you patches one by one next week, starting with the easiest ones.

The full patchset will live in a separate repository as the individual patches are being worked on for inclusion, but it is clear that no one wants to continuously maintain and out-of-tree patchset for a long time. The cost of ensuring that the patches do not bitrot is large and their inclusion in the mainline will get them in the hands of more developers.

From there, more detailed discussion of how to structure the patches - and tiny features in general - ensued. A separate discussion also came about regarding printk() and the large amounts of memory it consumes with all of its static strings. printk() has long been seen as an area that could be improved to reduce the memory footprint of the kernel.

All sorts of kernel messages are printed to logfiles or the console via printk(); there are something on the order of 60,000 calls in 2.6. There can be a severity level associated with a specific call, which provides a primitive syslog-style categorization of the messages. Unfortunately, in the mainline, those calls are either present, with all the associated memory for the strings, or completely absent, compiled out via a config option. It is rather difficult to diagnose problems without at least some printk() information, but keeping all of the data in can increase the size of the kernel 5-10%.

Rob Landley started things off with a way to make it possible to only compile in messages based on their severity level. An embedded developer could remove KERN_NOTICE, KERN_DEBUG and similar low severity messages while keeping the more critical messages:

[...] the compiler's dead code eliminator zaps the printks you don't care about so they don't bloat the kernel image. But this doesn't _completely_ eliminate printks, so you can still get the panic() calls and such. You tweak precisely how much bloat you want, using the granularity information that's already there in the source code.

Landley's suggestion has a drawback in that it would require a flag day for printk() or the creation of a new function that implemented his suggestion with relevant changes trickling into the kernel over time. In the meantime, small-system developers would still be looking for ways to get the messages they want, while removing the others from the code. There was also discussion of using separate calls for each severity level, where pr_info(), or some similar name, would produce messages with that level. The preprocessor could then be used to remove those that a developer is not interested in.

The discussion led Vegard Nossum to put together an RFC for a new kernel-message logging API. He starts with requirements that the API be backwards-compatible with the existing printk() usage, with the output format being extensible at either compile or run time. The RFC also tries to handle the case of multiple printk() calls to emit what is essentially a single message, but it seems like an over-engineered solution to what should be a fairly straightforward problem.

Another contender, one that is already part of the linux-tiny patchset, is Tim Bird's DoPrintk patch. This allows developers to selectively choose source code files for which printk() will be enabled, removing it from the rest of the code and resulting kernel image. While not allowing fine-grained selection of messages based on severity, it does put more control into the hands of developers.

It is too early to say which, if any, printk() changes are coming down the pike. There does seem to be a lot of interest in helping small systems reduce their kernel footprint without sacrificing all diagnostic messages. printk() is claimed to be one of the lowest hanging fruit for significant kernel size reduction, which would seem to make it a likely candidate for change.

Comments (18 posted)

The new timerfd() API

By Jonathan Corbet
September 25, 2007
The timerfd() system call was added in the 2.6.22 kernel. The core idea behind timerfd() - allowing a process to associate a file descriptor with timer events - is not controversial, but the implementation of this idea did, belatedly, raise a few eyebrows. In particular, Michael Kerrisk pointed out that timerfd() was inconsistent with (and less powerful than) the existing timer-related system calls, and, besides, the 2.6.22 version did not even work as advertised. After a fair amount of discussion, it became clear that the issues with this system call would not be worked out in the 2.6.23 time frame. So the 2.6.23-rc7 prepatch disabled timerfd() altogether in an attempt to prevent application developers from using an API which is going to change.

Prompted by all of this, Davide Libenzi (the creator of the original timerfd() system call) has posted a proposal for a revised timerfd() API. The single system call has turned into three different calls with a few new features.

Under the new API, an application wanting to create a file descriptor for timer events would make a call to:

    int timerfd_create(int clockid);

Where clockid describes which clock should be used; it will be either CLOCK_MONOTONIC or CLOCK_REALTIME. The return value will, if all goes well, be the requested file descriptor.

A timer event can be requested with:

    int timerfd_settime(int fd, int flags, const struct itimerspec *timer,
			struct itimerspec *previous);

Here, fd is a file descriptor obtained from timerfd_create(), and timer gives the desired expiration time (and re-arming interval value, if desired). This time is normally a relative time, but if the timer sets the TFD_TIMER_ABSTIME bit in flags, it will be interpreted as an absolute time instead. If previous is not NULL, the pointed-to structure will be filled with the previous value of the timer. This ability to obtain the previous value is one of the features which was lacking in the original timerfd() implementation.

That implementation also had no way for an application to simply ask what the current value of the timer was. The new API provides a function for querying a timer non-destructively:

    int timerfd_gettime(int fd, struct itimerspec *timer);

This system call will store the current expiration time (if any) associated with fd into timer.

The read() interface is essentially unchanged. A process which reads on a timer file descriptor will block if the timer has not yet expired. It will then read a 64-bit integer value indicating how many times the timer has expired since it was last read. A timer file descriptor can be passed to poll(), allowing timers to be handled in an applications main event loop.

Responses to the new API proposal have been muted at best; hopefully this silence means that developers are happy with the new system calls. The alternative is that this iteration of timerfd() will not be reviewed any more extensively than its predecessor was. As things stand, the new set of system calls looks likely to be merged for 2.6.24.

Comments (7 posted)

Credential records

By Jonathan Corbet
September 25, 2007
Every Linux process carries with it a set of credentials which describe its privileges within the system. Credentials include the user ID, group membership, capabilities, security context, and more. These credentials are currently stored in the task_struct structure associated with each process; an operation which changes credentials does so by operating directly on the task_struct structure. This approach has worked for many years, but it occasionally shows its age.

In particular, the current scheme makes life hard for kernel code which needs to adopt a different set of credentials for a limited time. In an attempt to remedy that situation, David Howells has posted a patch which significantly changes the handling of process credentials. The result is a more complex system, but also a system which is more flexible, and, with luck, more secure.

The core idea behind this patch is that all process credentials (attributes which describe how a process can operate on other objects) should be pulled out of the task structure into a separate structure of their own. The result is struct cred, which holds the effective filesystem user and group IDs, the list of group memberships, the effective capabilities, the process keyrings, a generic pointer for security modules, and some housekeeping information. The result is quite a bit of code churn as every access to the old credential information is changed to look into the new cred structure instead.

That churn is complicated by the fact that quite a bit of the credential information has not really moved to the cred structure; instead it is mirrored there. One of the fundamental rules for how struct cred works is that the structure can only be changed by the process it describes. So anything in the structure which can be changed by somebody else - capabilities and keyrings, for example - remain in the task_struct structure and are copied into the cred structure as needed. "As needed," for all practical purposes, means anytime those credentials are to be checked. So most system calls get decorated with this extra bit of code:

    result = update_current_cred();
    if (result < 0)
        return result;

The next rule says that the cred structure can never be altered once it has been attached to a task. Instead, a read-copy-update technique must be used, wherein the cred structure is copied, the new copy is changed, then the pointer from the task_struct structure is set to the new structure. The old one, which is reference counted, persists while it is in use and is eventually disposed of via RCU.

There is a whole set of utility functions for dealing with credentials, a few of which are:

    struct cred *get_current_cred();
    void put_cred(struct cred *cred);

A call to get_current_cred() takes a reference to the current process's cred structure and returns a pointer to that structure. put_cred() releases a reference.

A change to a credentials structure usually involves a set of calls to:

    struct cred *dup_cred(const struct cred *cred);
    void set_current_cred(struct cred *cred);

The current credentials can be copied with dup_cred(); the duplicate, once modified, can be made current with set_current_cred(). A set of new hooks has been added to allow security modules to participate in the duplication and setting of credentials.

So far, this infrastructure may seem like a bunch of extra work with the gain yet to be explained. The direction that David is going with this change can be seen with this new function:

    struct cred *get_kernel_cred(const char *service,
			         struct task_struct *daemon);

The purpose of this function is to create a new credentials structure with the requisite privileges for the given service. The daemon pointer indicates a current process which should be used as the source for the new credentials - essentially, the new cred structure will enable its holder to act as if it were the daemon process. The current security module gets a chance to change how those credentials are set up; in fact, the interpretation of the "service" string is only done in security modules. In the absence of a security module, get_kernel_cred() will just duplicate the credentials held by daemon.

This capability is used in a new version of David's venerable FS-Cache (formerly cachefs) patch set. FS-Cache implements a local cache for network-based filesystems; the locally-stored cache will, naturally, have all of the security concerns as the remote filesystem. There is a daemon which does a certain amount of the cache management work, but other accesses to the cache are performed by FS-Cache code running in the context of a process which is working with files on the remote filesystem. Using the above function, the FS-Cache code is able to empower any process to work with the privileges of the daemon process for just as long as is needed to get the filesystem work done.

The end result is that security policies can be carried further into the kernel than before. In the FS-Cache case, kernel code doing caching work always operates under the effective capabilities of the cache management daemon. So any protections, SELinux policies, etc. which apply to the daemon will also apply when FS-Cache work is being done in a different context. This should result in a more secure system overall.

The credential work is still in a relatively early state with a fair amount of work yet to be done. It will be quite a big patch by the time the required changes are made throughout the kernel. So this is not a 2.6.24 candidate. The work is progressing, though, so it will likely be knocking on the mainline door at some point.

Comments (2 posted)

Patches and updates

Kernel trees

Core kernel code

Development tools

Device drivers

Documentation

Filesystems and block I/O

Memory management

Networking

Security-related

Virtualization and containers

Miscellaneous

Page editor: Jonathan Corbet

Distributions

News and Editorials

Multimedia with dyne:bolic 2.5

By Rebecca Sobol
September 26, 2007
Multimedia creation is one area where free software still lags behind proprietary software. The dyne:bolic GNU/Linux distribution does a pretty good job of filling in that gap, and the recently announced 2.5 release has narrowed it further.

Dyne:bolic is easy to use and comes as a live CD full of software for multimedia production, all of it Free Software. Simply copying the /dyne directory from the CD to the users hard disk will install the distribution, without destroying the existing OS. Artists are often not technically inclined, so dyne:bolic strives to make it easy for them to get creating without having to understand the technical aspects of hardware detection and operating systems.

Denis "Jaromil" Rojo is the creator of Rasta Software and dyne:bolic:

while ( love & passion ) {
  for( fight = 0 ; rights < freedom ; rights++ )
    fight = standup( rights );
  free( babylon );
}

Jaromil has been joined by an international community of artists, teachers and developers, all of whom help to adapt dyne:bolic to a variety of uses. The core code, bug tracking, and developers lounge can be found at dyne.org. This core is an important part of dyne:bolic, of course, but the additional applications make it a full-featured distribution. Dyne:bolic includes MuSE for streaming audio, FreeJ for realtime video manipulation, and HasciiCam which makes it possible to have live ascii video on the web.

This version of dyne:bolic also has updated versions of Ardour2, Gimp, Audacity, Nicotine+, Pidgin, Ktorrent, Rox and toolkit libraries such as Gtk, Cairo and Wx. New software in this release includes Ekiga, Guarddog and Wireshark plus all the GtkPython and WxPython libraries. Text console usage has been enhanced by a fully functional mail setup with Mutt, Msmtp, Fetchmail, Procmail and Spamassassin. There's also the text based presentation tool TPP and the Rtorrent download client. A graphical desktop repair button and a mount utility for SSH accounts are also new in this release.

As if all this wouldn't be enough, the dyne:bolic community is
blossoming several specialized modules, developed by and for musicians
and media artists ___  _ _ 
                      ____  ___   _  _ http://lab.dyne.org/DyneModules

Comments (none posted)

New Releases

Foresight Linux 1.4.0 released

Foresight Linux has announced the release of version 1.4.0. The release announcement has more information: "Foresight Linux is a Linux distribution for your desktop that features a rolling release schedule that always keeps your desktop up to date; a revolutionary package manager, Conary; the latest GNOME desktop environment and an innovative set of excellent, up to date packages. Foresight is proud to be the first distribution to ship with GNOME 2.20 and be the basis for the GNOME Live Media available at http://torrents.gnome.org. Foresight Linux 1.4 features the latest GNOME mentioned above, including updates to Evolution Email and Calendar, Tomboy Notes, Power Manager, Epiphany Web Browser the GNOME Image Viewer, Eye of GNOME and more."

Comments (none posted)

Mandriva Linux 2008 RC2 released

Mandriva Linux 2008 RC2 'Kepler' has been released. New features since the release of RC1 include the final release of GNOME 2.20, the inclusion of the new 8.41.7 version of ATI's proprietary driver in the non-free repository to support Radeon HD cards, significant kernel updates that improve support for certain ATA controllers and many audio chipsets, some new features in the urpmi and rpmdrake package management tools, and over 500 bug fixes since RC1.

Full Story (comments: none)

Announcing openSUSE 10.3 RC1

The first release candidate of openSUSE 10.3 is out. Click below to see the recent changes, most annoying bugs, the call for testing and download information. The second release candidate will not be distributed to mirror sites, but live CD images will be available.

Full Story (comments: none)

PC-BSD 1.4 Released

The PC-BSD team has announced the release of PC-BSD 1.4. PC-BSD 1.4 is based on FreeBSD 6-STABLE and includes X.org 7.2, KDE 3.5.7, Compiz-Fusion 0.5.2 and more.

Comments (none posted)

Ubuntu's Launchpad 1.1.9 released

Launchpad is the suite of tools used to develop Ubuntu and siblings. Click below to see what's new in version 1.1.9.

Full Story (comments: none)

Distribution News

New dpkg in Debian experimental

A new version of dpkg is in Debian's experimental branch. "So please test this version. While rewriting/improving dpkg-shlibdeps I dealt with all the outstanding bugs and I made it a bit more strict. Most notably, packages which generate the warning "unable to find dependency information for shared library" will FTBFS. You'll find a list at the end of this mail."

Full Story (comments: none)

First CFV for Debian Constitutional amendment: reduce the length of DPL election process

A call for votes has gone out on a Constitutional amendment that would reduce the length of the Debian Project Leader election process.

Full Story (comments: none)

Cast your vote for the Fedora 8 Codename!

Those who have a Fedora Account are asked to vote for the Fedora 8 codename before October 5.

Full Story (comments: 2)

Mandriva simplifies its new range of products: Mandriva Linux 2008

Mandriva describes the various flavors of Mandriva Linux 2008 that will be available once this version is finalized.

Full Story (comments: none)

Advance notice of discontinuation of SUSE Linux 10.0

SUSE Security has announced that SUSE Linux 10.0 will be discontinued soon. "Having provided security-relevant fixes for more than two years, vulnerabilities found in SUSE Linux 10.0 after November 15th 2007 will not be fixed any more for this product. We expect to release the last updates around November 30th 2007." SUSE Linux 10.0 is not SUSE Linux Enterprise Server 10. The Enterprise Server has a longer support cycle.

Full Story (comments: none)

2007 Google Summer of Code in Ubuntu - project results

The 2007 Google Summer of Code is over, and most projects mentored by Ubuntu were successfully completed. This code will find its way into forthcoming Ubuntu releases.

Full Story (comments: none)

Ubuntu September 2007 Team Reports

Various Ubuntu teams have made gutsy progress reports. Reports have been included from the Desktop Team, Kernel Team, Kubuntu, MOTU (Masters of The Universe), Mythbuntu, Screencast Team, Server Team, Ubuntu-IRC, Ubuntu Women, and US LoCo Teams Project.

Comments (none posted)

Distribution Newsletters

Gentoo Weekly Newsletter

The Gentoo Weekly Newsletter for September 17, 2007 looks at GWN seeking writers, forums upgrade, GUIs project, Developer of the Week (cla), and several other topics.

Comments (none posted)

Ubuntu Weekly News: Issue #58

The Ubuntu Weekly Newsletter for September 22, 2007 covers the Gutsy Gibbon 7.10 beta release, new MOTU members, new Launchpad release, Software Freedom Day organized by the Ubuntu Nicaragua Team, and much more.

Full Story (comments: none)

DistroWatch Weekly, Issue 221

The DistroWatch Weekly for September 24, 2007 is out. "GNOME 2.20 is finally here and we can soon look forward to a range of releases from all the major distributions incorporating the new version into their products; Mandriva Linux 2008 is expected later this week, but openSUSE 10.3 won't be far behind. In other news: Fedora introduces a new desktop theme called Nodoka, Mandriva simplifies its product range before the upcoming release of version 2008, and Ian Murdock reveals some details about Project Indiana, Sun Microsystems' new Solaris-based desktop distribution. The featured story in this week's issue looks at the security and bug fix infrastructure in today's leading distributions, while those readers who were curious about DistroWatch's recent migration from FreeBSD to Debian GNU/Linux will find the answer in the "Site News" section."

Comments (none posted)

Newsletters and articles of interest

Fedora 8 Nodoka Theme

Jonathan Roberts talks with Martin Sourada, creator of the Nodoka theme. "For a while now, Clearlooks has been the default theme in Fedora; in fact, for a long time, Clearlooks has been the default theme in a number of distros thanks to its place as Gnome's default. Aiming to give Fedora its own distinct and modern appearance is Nodoka: based on its own theme engine it's extremely fast, and when seen in combination with the rest of the artwork for Fedora 8 is beautiful."

Comments (10 posted)

Distribution reviews

KateOS - Getting Better with Age (TuxMachines)

TuxMachines reviews KateOS 3.6. "KateOS 3.6 was released a few days ago. Since KateOS has always been one of my favorite distributions and since I haven't looked at it recently, I decided to take it for a test run on my HP Pavillion laptop. It always supported the hardware on my desktop, so I was interested to see how it would fare with wireless ethernet and powersaving features. There are two versions available: a full 2.4 GB DVD and a 700 MB live CD. I chose the 700 MB live CD."

Comments (none posted)

The best desktop Linux for Windows users: Xandros 4 (DesktopLinux)

DesktopLinux begins a series on the "best Linux desktop" with a look at the best system for a Windows user. "What's the best desktop Linux? For me, it's SimplyMEPIS 6.5, soon to be replaced by 7.0. But this is both a dumb question and a dumb answer. The real question is: What's the best desktop operating system for you?"

Comments (6 posted)

Page editor: Rebecca Sobol

Development

Run Linux apps on other platforms with LINA

By Forrest Cook
September 26, 2007

LINA is an interoperability product that is being developed by Lina Software:

With LINA, applications written for Linux run with native look and feel on Windows, Mac OS X and UNIX operating systems. LINA is a thin virtual layer that enables developers to write and compile code using ordinary Linux tools, then run that code on a variety of operating systems. For users, LINA runs invisibly in the background, enabling them to install and run these Linux applications as if they were native to that users' operating system.

[LINA]

The LINA FAQ explains some of the project details. LINA has been in development for four years and there are several patents pending on the LINA technology. In addition:

  • LINA is written in C and C++ and uses some Python build tools.
  • LINA currently runs on Fedora7, OpenSUSE 10.2, Ubuntu 7.04, Mac OS X v. , Windows Vista, Windows XP and Windows 2003.
  • Plans to support Solaris and OpenBSD are underway.
  • Command line and web applications can be run on LINA.
  • GUI applications that use the LINA library are supported.
  • Plans are underway for support of GUI applications that use Qt and GTK+.
  • Supported languages include C and C++ with plans to add Perl, Python and Ruby.
  • LINA packages consist of Linux binaries packed into a .zip file.
  • LINA applications currently have a 2X performance hit, that should improve with time.
  • The LINA platform is approximately 75MB in size.
  • LINA does not currently support 3D graphics acceleration or X11 over SSL.
  • Lina Software is offering support for LINA.

See the LINA technology description for more information on the project.

Lina Software recently announced the release of LINA (starting with version 0.7.0) under the GPLv2 license:

The operating systems supported in this release include Windows XP, Windows Vista, Windows 2003, Mac OSX, Fedora 7, OpenSUSE 10.2, and Ubuntu 7.04. The LINA library currently supports C++ development. Future releases of LINA will support applications written in any language native to Linux. "Open Source is pivotal to our rapid growth, and it's critical that we engage the worldwide developer community," said Nile Geisinger, CTO of Lina Software. "We're very interested in developer feedback as we improve usability." Over the next several months, our engineers will focus on enhancing usability and incorporating community feedback. In Q4 2007, Lina Software will release developer binaries and application program interfaces for building cross-platform applications. We will also port the GTK and QT libraries to the LINA APIs to allow applications written to these libraries to run on LINA.

The LINA source code is available for download here, the build instructions explain how to compile the software. Some LINA screenshots show the software in action.

If you have some simple Linux command line applications that you need to run across numerous platforms, LINA may be a solution that is worth further investigation.

Comments (9 posted)

System Applications

Audio Projects

Rivendell 0.9.82 released

Version 0.9.82 of Rivendell, a radio station automation system, is out with new functionality.

Full Story (comments: none)

Clusters and Grids

Allmydata-Tahoe 0.6 announced

Version 0.6 of Allmydata-Tahoe, a secure, decentralized storage grid, has been announced. This release includes new features, improved performance and bug fixes.

Full Story (comments: 1)

Database Software

MySQL Toolkit version 896 released (SourceForge)

Version 896 of MySQL Toolkit has been announced. "This toolkit contains essential command-line utilities for MySQL, such as a table checksum tool and query profiler. It provides missing features such as checking slaves for data consistency, with emphasis on quality and scriptability. This release of MySQL Toolkit adds a new tool, fixes some minor bugs and adds new functionality (especially the ability to run as a daemon) to several of the tools."

Comments (none posted)

PostgreSQL Weekly News

The September 24, 2007 edition of the PostgreSQL Weekly News is online with the latest PostgreSQL DBMS articles and resources.

Full Story (comments: none)

Printing

Common UNIX Printing System 1.3.2 announced

Version 1.3.2 of CUPS, the Common UNIX Printing System, has been announced. "CUPS 1.3.2 replaces the invalid 1.3.1 release tarballs and fixes some scheduler and printing issues."

Comments (none posted)

Miscellaneous

OpenHPI 2.10 released (SourceForge)

Version 2.10 of OpenHPI is available. "Open HPI is an open source implementation of the SA Forum's Hardware Platform Interface (HPI). HPI provides an abstracted interface to managing computer hardware, typically for chassis and rack based servers."

Comments (none posted)

Desktop Applications

Audio Applications

Amarok's Summer of Code Review (KDE.News)

KDE.News looks at the Google Summer of Code contributions to the Amarok music player application. "This year, Amarok had two summer of code projects under the KDE umbrella. Both of these projects have finished while remaining in continued development and were extremely successful. Read on to learn about two innovative additions to the Amarok project."

Comments (none posted)

Snd-ls 0.9.8.3 released

Version 0.9.8.3 of Snd-ls, a distribution of the sound editor SND, is out with the following fix: "Screwed up the rt_readin_tag fix by adding the wrong file. Big thanks to "edu" for reporting the problem so quickly."

Full Story (comments: none)

BitTorrent Applications

Azureus 3.0.3.0 released (SourceForge)

Version 3.0.3.0 of Azureus, a cross-platform bittorrent client, has been announced. "Azureus 3.0.3.0 brings the version numbering back into line and should reduce confusion over which 2.x version maps to which 3.x version. Existing 2.x users will get the classic UI, while new and existing 3.x users will get the Vuze client UI, with the option to switch back to the 2.x UI if you choose."

Comments (none posted)

Desktop Environments

GNOME Software Announcements

The following new GNOME software has been announced this week: You can find more new GNOME software releases at gnomefiles.org.

Comments (none posted)

KDE Software Announcements

The following new KDE software has been announced this week: You can find more new KDE software releases at kde-apps.org.

Comments (none posted)

Xorg Software Announcements

The following new Xorg software has been announced this week: More information can be found on the X.Org Foundation wiki.

Comments (none posted)

Electronics

GNU Radio Companion 0.69 released

Version 0.69 of GNU Radio Companion (GRC), a GUI front-end for the GNU Radio software programmable radio platform, is out. "GRC and gnuradio have been through many changes these past few months; especially, the adoption of hier2, which has temporarily broken GRC a few times. With the gnuradio trunk stabilized, and 3.1 com[]ing up, a GRC release has been long overdue."

Full Story (comments: none)

PCB development snapshot 20070912 announced

Development snapshot 20070912 of PCB, an interactive printed circuit board editor for the X11 window system, has been announced. "This release represents nearly 200 commits and as such this summary clearly is not complete."

Comments (none posted)

Financial Applications

Buddi 2.9.3.0 released (SourceForge)

Version 2.9.3.0 of Buddi has been announced "Buddi is a simple budgeting program targeted for users with little or no financial background. It allows users to set up accounts and categories, record transactions, check spending habits, etc. I am pleased to announce the release of Buddi 2.9.3.0. This is the first release in the 3.0 Development branch which is recommended for production use. I have converted my finances to this new version, and I greatly appreciate all those who are able and willing to help me test it."

Comments (none posted)

Fonts and Images

Font rasterization techniques

The Anti-Grain Geometry project has an article on font rendering, covering Linux, Mac, and Windows techniques. It looks at various ways to make text look better on a monitor, including sub-pixel rendering, hinting, and gamma correction. "The Windows way of text rendering is bad, the Linux way is much worse. In all Linux systems I've seen they use FreeType by David Turner, Robert Wilhelm, and Werner Lemberg. It is a great library, really, but the way of using it is not so good." (thanks to Michael Kofler)

Comments (18 posted)

Games

FreeCol 0.7.2 released (SourceForge)

Version 0.7.2 of FreeCol has been announced. "FreeCol is an open version of the turn based strategy game Colonization. We have now released version 0.7.2 of FreeCol: - The game can now switch between fullscreen and windowed mode. - The application window can be resized. - Zooming on the mapboard has been implemented"

Comments (none posted)

Instant Messaging

Zimbra Collaboration Suite 4.5.7 released (SourceForge)

Version 4.5.7 of the Zimbra Collaboration Suite has been released. "Zimbra is an open source server and client technology for next-generation enterprise messaging and collaboration. Zimbra delivers innovation for both the administrator and the end-user as well as compatibility with exis[t]ing infrastructure and applications. ZCS 4.5.7 contains 160 fixed issues."

Comments (none posted)

Multimedia

Mpeg4ip 1.6 released (SourceForge)

Version 1.6 of Mpeg4ip, a cross-platform MPEG and IETF standards-based system for encoding, streaming, and playing audio and video, has been announced. "This will be my last release of mpeg4ip; I am changing jobs and can no longer contribute to this project. I will be able to answer questions about it in the forums and email list, but will not be able to actively make changes or maintain it."

Comments (none posted)

Music Applications

horgand 1.12 released

Version 1.12 of horgand, an organ synthesizer, is out with a lot of new capabilities and some bug fixes.

Full Story (comments: none)

News Readers

Liferea 1.4.3 released (SourceForge)

Stable version 1.4.3 of Liferea, a news aggregator for news feeds and weblogs, has been announced. "While this release fixes several functional issues it also fixes a grave feed update bug that causes continuous feed updates in v1.4.2b when your global default feed update interval was set to zero. "

Comments (none posted)

Video Applications

Theora 1.0beta1 released

After several years of development, the first beta release for Ogg Theora 1.0 - a free video codec - is now available. Now all we have to do is to get some content in the Theora format.

Full Story (comments: 29)

Miscellaneous

Sweet Home 3D 1.1 released (SourceForge)

Stable version 1.1 of Sweet Home 3D has been announced. "Sweet Home 3D is an interior design Java application for quickly choosing and placing furniture on a house 2D plan drawn by the end-user, with a final 3D preview."

Comments (none posted)

Languages and Tools

Caml

Caml Weekly News

The September 25, 2007 edition of the Caml Weekly News is out with new Caml language articles.

Full Story (comments: none)

Haskell

Haskell Weekly News

The September 23, 2007 edition of the Haskell Weekly News is online. This week brings a ridiculous number of new libraries and tools for Haskell programming, and the appearance of half a dozen new user groups, on several continents.

Comments (none posted)

Perl

PDF Processing with Perl (O'Reilly)

Detlef Groth discusses PDF Processing with Perl on O'Reilly. "Adobe's PDF is a well-established format for transferring pixel-perfect documents. It's not nearly as malleable as plain text, but several CPAN modules make creating, manipulating, and reusing PDFs much easier. Detlef Groth demonstrates how to use PDF::Reuse."

Comments (none posted)

Python

Python-URL! - weekly Python news and links

The September 24, 2007 edition of the Python-URL! is online with a new collection of Python article links.

Full Story (comments: none)

Ruby

Behavior Driven Development Using Ruby (Part 3) (O'ReillyNet)

O'Reilly has published part three of the Behavior Driven Development Using Ruby series. "Gregory Brown has been testing the heck out of his dots and lines game! In the last portion of his dive into behavior driven development, he looks at custom matchers and introduces us to RCov, a coverage visualizer."

Comments (none posted)

Tcl/Tk

Tcl-URL! - weekly Tcl news and links

The September 24, 2007 edition of the Tcl-URL! is online with new Tcl/Tk articles and resources.

Full Story (comments: none)

Build Tools

JPlate: Parser 0.2 released (SourceForge)

Version 0.2 of the Parser for JPlate has been announced. "JPlate is a framework/toolkit to build applications - think of it as the template for application development. If for some reason releases are not happening in a timely fashion please examine the Subversion repository as you may find more there. This releases fixes documentation, adds a new parser (colon delimited values) and moved some files around to be in more logical locations."

Comments (none posted)

Version Control

GIT 1.5.3.2 announced

Version 1.5.3.2 of GIT, a distributed version control system, is available. This is a maintenance release with numerous bug fixes.

Full Story (comments: none)

Page editor: Forrest Cook

Linux in the news

Recommended Reading

Defending Openness (Linux Journal)

Glyn Moody looks at challenges to open access and open data. "What this shows is that however many battles are won, the war against closed, proprietary approaches goes on. Open source and open standards have made huge strides, but in other areas - open access and open data, for example - the fight is only beginning. If you want to track what's happening here the best place to go is Peter Suber's Open Access News. This will not only keep you completely up to date on the latest developments in the open access and open data worlds (with a fair amount of related open source stuff thrown in for good measure), but it will also highlight all the important campaigns and petitions that need your help. As recent events in the open source and open standards world have shown, individuals can make a real difference."

Comments (none posted)

Printing Trends in Linux (O'ReillyNet)

Andy Oram covers efforts by the Linux Foundation's Open Printing Working Group on O'Reilly. "Printing has been a notoriously difficult capability to configure in Linux, but work by the Open Printing Working Group is designed to change that. Andy Oram has been examining what we can expect in the future from this initiative, which includes distribution-independent drivers."

Comments (25 posted)

Looking for Algae--the Next Voyage (Linux Journal)

Jon maddog Hall spent the winter in Brazil before setting sail in a search for algae. "How does [algae] fit in with computing? Most of the readers of Linux Journal have at least one computer in their houses. I lost count of my own computer stock at about 15, and some of them are real electrical power-eaters. A lot of them have really dangerous chemicals in them, like lead and acidic materials. Fortunately, over time, power requirements per CPU and graphics cycles have gone down, as have costs for the hardware. Manufacturers, either through legislation or social and civic concern, have moved to making their systems from more environmentally-friendly components."

Comments (7 posted)

The SCO Problem

Snowed By SCO (Forbes)

As SCO fades away, some of the pro-SCO journalists are being asked some hard questions. Here is the closest thing we'll get to an answer from Dan Lyons on Forbes. "This time, I figured I should at least give SCO the benefit of the doubt. I flew to Utah and interviewed their managers. I attended a SCO conference in Las Vegas and did more interviews. They told me all sorts of things, like they'd found a 'smoking gun' that proved IBM was guilty, and that they were preparing to sue big Hollywood companies that use Linux server farms to make movies. I reported what they said. Turns out I was getting played. They never produced a smoking gun. They never sued any Hollywood company."

Comments (42 posted)

SCO, Linux and Rob Enderle: A Conclusion (TG Daily)

For anybody who has wanted to see Rob Enderle explain himself with regard to SCO, TG Daily has that explanation at great length. "I thought I'd run into the cover up of the century. I was even told, as the senior research fellow, I was not allowed to talk about Linux anymore and I was lectured by the Head of Research on how I should have written the column who, upon actually reading it, agreed I had done everything he had just lectured me to do. He concluded that he must be thinking of another column I had written (this was my first column and there was no 'other' column). I saw this as a clear ethics problem and resigned the next day, focused like a laser on the Linux supporters I then viewed as criminals. And if they were criminals, than SCO must be the victim, right? Well, that was my thought back then."

Comments (72 posted)

Linux Adoption

Russian OS to be installed in every school (CNews)

Russia plans to install a Linux-derived "Russian OS" in every school in that country, as reported by CNews. Pilot programs are to start in three regions in 2008, with 2009 being targeted for a full rollout. "The main aim of the given work is to reduce dependence on foreign commercial software and provide education institutions with the possibility to choose whether to pay for commercial items or to use the software, provided by the government."

Comments (10 posted)

Legal

Microsoft's secretive standards orgs in Former Yugoslavia (LinuxWorld)

Ivan Jelic, a member of the Free Software Foundation Europe, looks at which European countries voted for the OpenXML format as a standard. "Romania and Bulgaria, members of European Union, together with Bosnia and Herzegovina, Croatia and Serbia, gave a green light for Microsoft's format, with comments from Bulgaria. In this story, we take a look at the decision processes and reactions in those countries."

Comments (5 posted)

Interviews

Want to meet four men who dared to fight MS -- and won? (Groklaw)

Groklaw features an interview with Georg Greve, Jeremy Allison, Volker Lendecke and Carlo Piana on the recent EU Commission's antitrust ruling against Microsoft. "Sean Daly: Now, tell me a little bit more about the "blue bubble" because I wasn't present at the hearings, but in the hallway, coming out of the hearings, I kept hearing about this blue bubble bursting. What's going on here? Georg Greve: Well, the blue bubble was a theory that Microsoft invented in order to justify that it had kept parts of the protocol secret. They said that there's a difference between the internal protocols and the external protocols, if you want to describe them like that. They said that certain protocols that are so secret that they are in this blue bubble, because they had visualized this with a blue bubble, that this could never be shared without actually sharing source code, without sharing how the program exactly works."

Comments (9 posted)

Resources

Building a community around your open source project (Red Hat Magazine)

Red Hat Magazine has some nice ideas about building a community around an open source project. "If you have an open source project, most likely you are a designer/developer and not a marketer. Marketing is part of the job though (sorry!), but it doesn't have to take a lot of effort. For starters, think of the related mailing lists you are active on. If you aren't active on any mailing lists, start! Open source lives through free exchange of email. If you see a problem posted that might be solved by your software, it's perfectly acceptable to mention your app. Other projects may exist as alternatives to your own, and you want to respect them, as you want to also respect other users on the lists. Help, but don't advertise."

Comments (7 posted)

Reviews

GNOME 2.20 arrives on Linux desktops (DesktopLinux)

DesktopLinux takes a look at GNOME 2.20, with screenshots. "The first major update of GNOME, version 2.20, has arrived almost two and a half years after GNOME 2.10, its last big step forward. GNOME 2.20 boasts not just improvements to the desktop itself, but multiple significant improvements to GNOME's applications as well."

Comments (3 posted)

MontaVista readies new Linux mobile phone OS (LinuxDevices)

LinuxDevices.com looks at MontaVista's Mobilinux 5.0, an upcoming distribution aimed at mobile phone use. "'Typical' phones based on Mobilinux 5.0 are said to be capable of booting in under five seconds, and placing calls within 10. Boot times are reduced through XIP (execute-in-place) technology that runs applications directly from flash, without first instantiating them in RAM. Application startup times are reduced by prelinking, including to glibc."

Comments (none posted)

Miscellaneous

My Fabulous Geek Career (O'ReillyNet)

Carla Schroder, author of the Linux Cookbook pens this installment in the Women in Technology series. "[You] definitely need a thick skin in the FOSS world. It's a self-selected group, so it's chock-full of mavericks, the socially-inept, just plain trolls, and all manner of folks who don't understand the importance of courtesy and respect. But these are not representative of the excellent people who really do things. The best FOSS people are polite and pleasant. I do not believe that anyone is so invaluable and indispensable that they can be excused from common courtesy. The world itself is full of mean people, and there is no remedy other than learning how to deal with it. Girls are still often raised to be passive doormats, and they are not taught how to set and achieve goals, or that they are even worthy of going after what they really want. There are no shortcuts; all we can do is dig in, do our best, and not allow the naysayers to derail us."

Comments (82 posted)

Page editor: Forrest Cook

Announcements

Non-Commercial announcements

SFLC files first U.S. GPL violation lawsuit

The Software Freedom Law Center has filed a GPL violation lawsuit. "The Software Freedom Law Center (SFLC) today announced that it has filed the first ever U.S. copyright infringement lawsuit based on a violation of the GNU General Public License (GPL) on behalf of its clients, two principal developers of BusyBox, against Monsoon Multimedia, Inc. BusyBox is a lightweight set of standard Unix utilities commonly used in embedded systems and is open source software licensed under GPL version 2."

Full Story (comments: 14)

Monsoon Multimedia gives in on GPL

Monsoon Multimedia, which was just the subject of a GPL-violation complaint from the Busybox project, has announced its intent to comply with the requirements of the Busybox license. "Monsoon is in settlement negotiations with BusyBox to resolve the matter and intends to fully comply with all open-source software license requirements. Monsoon will make modified BusyBox source code publicly available on the company web-site at http://www.myhava.com in the coming weeks."

Comments (17 posted)

Commercial announcements

Autodesk releases coordinate system software

Autodesk, Inc. has announced plans to release some coordinate system and map projection technology under an open-source license. "The software, acquired from Mentor Software and its founder Norm Olsen, will help users to more easily support geographic coordinate conversions and allow accurate and precise geospatial analysis. The announcement was made today at the annual Free and Open Source Software for Geospatial (FOSS4G) conference in Victoria, British Columbia, Canada, where geospatial open source developers and users join to learn, present and network."

Comments (none posted)

Holonyx launches reseller partner program for Linux support

Holonyx Inc. has announced its Partner Program to provide Linux support and open source software support to Value Added Resellers and System Integrators. This program will allow Holonyx Partners to expand the technology solutions they offer to their customers by implementing fully supported open source solutions in their customer accounts.

Full Story (comments: none)

OLPC starts "Give 1 Get 1" program

The One Laptop Per Child project is starting a new program for people interested in getting the XO laptop for their children. The Give 1 Get 1 promotion, starting November 12, allows people to buy an XO for someone they know while sending one to a student in a developing country, all for $399. "While children are by nature eager for knowledge, many countries have little resources to devote to education – sometimes less than $20 a year per child. Imagine the potential that could be unlocked by giving every child in the world the tools they need to learn, no matter who they are, no matter where they live, no matter how little they may have. "

Comments (7 posted)

OpenLogic launches OpenLogic Exchange

OpenLogic, Inc. has announced the launch of the OpenLogic Exchange web site. "OpenLogic, Inc., a provider of enterprise open source software solutions encompassing hundreds of open source packages, today announced the launch of OpenLogic Exchange (OLEX) -- a free web site where companies can find, research, and download certified, enterprise-ready open source packages."

Comments (none posted)

Purple Labs raises $14.5 million of venture capital

Purple Labs, a supplier of embedded Linux solutions for the wireless industry, has announced that it secured $14.5 Million in an initial round of venture capital funding.

Full Story (comments: none)

Qumranet de-cloaks

Qumranet, the company behind the KVM virtualization subsystem which quickly found its way into the mainline kernel last year, has finally unveiled its business plans. The press release is available in PDF format. "Solid ICE enables enterprises to host desktops in KVM virtual machines on servers in the corporate data center, and allows users to connect to them via a remote protocol called SPICE. The benefits for IT include centralized provisioning, management, policy enforcement and compliance for desktops. In addition, due to the KVM and SPICE combination, Solid ICE delivers a superior end-user experience, especially with respect to graphics and multimedia."

Comments (23 posted)

SiteScape unifies workspaces and workflow

SiteScape, Inc. has announced that its ICEcoreT Open Source project and ICEcoreT Enterprise collaboration software suite will be available starting October 20, 2007. ICEcore is a fully integrated Open Source collaboration suite, licensed under the OSI-certified Common Public Attribution License (CPAL).

Full Story (comments: none)

New Books

The Essential Blender--New from No Starch Press

No Starch Press has published the book The Essential Blender by members of the Blender community.

Full Story (comments: none)

Fonts and Encodings--New from O'Reilly Media

O'Reilly has published the book Fonts & Encodings by Yannis Haralambous, translated by P. Scott Horne.

Full Story (comments: none)

Education and Certification

LPI offers discounted exams at Ohio LinuxFest

The Linux Professional Institute will be offering discounted LPIC-1, LPIC-2 and Ubuntu Certified Professional exams at the Ohio LinuxFest 2007 in Columbus, Ohio on Sunday, September 30, 2007.

Full Story (comments: none)

Event Reports

RailsConf Europe gathers Rails enthusiasts

O'Reilly has sent out an event report for RailsConf Europe. "RailsConf Europe, which took place 17-19 September, was a global melting pot for Rails developers, industry luminaries, Ruby hackers, web-based entrepreneurs, and IT managers. The conference brought attendees from as far away as Peru, Iceland, and South Africa, giving further evidence that Ruby on Rails is truly a global movement. Held over three days at the Maritim Pro Arte Hotel in Berlin, the conference was co-presented by Ruby Central, Inc. and O'Reilly Media, Inc. "

Full Story (comments: none)

Calls for Presentations

FOSS.IN Call for Participation announced

FOSS.IN, the Free and Open Source software conference in India has put out their Call for Participation. This is the seventh FOSS.IN and will be held in Bangalore December 4-8, 2007. The conference starts with two "Project Days" dedicated to individual free software projects, followed by three days of the main conference. "The main objective of FOSS.IN is to promote involvement in FOSS projects, so presentations about actual contribution to FOSS projects would be of primary importance."

Comments (none posted)

LCA 2008 Virtualisation Miniconf CFP

A call for presentations has gone out for the LCA 2008 Virtualisation Miniconf. The event takes place on January 28, 2008 in Melbourne, Australia, submissions are due by October 7.

Full Story (comments: none)

Upcoming Events

Tim O'Reilly to Keynote Graphing Social Patterns

Tim O'Reilly will present a keynote at Graphing Social Patterns, the event will be held on October 7-9, 2007 in San Jose, California. "Chaired and produced by Dave McClure, Graphing Social Patterns is the premier conference covering Facebook business and technology issues. and related social networking platforms."

Full Story (comments: none)

Events: October 4, 2007 to December 3, 2007

The following event listing is taken from the LWN.net Calendar.

Date(s)EventLocation
October 3
October 5
Apache Cocoon Get Together Rome, Italy
October 6
October 7
Wineconf 2007 Zurich, Switzerland
October 6
October 8
GNOME Boston Summit Boston, MA, USA
October 7
October 9
Graphing Social Patterns San Jose, CA, USA
October 8
October 10
VISION 2007 Embedded Linux Developer Conference Santa Clara, USA
October 8 Embedded Linux Bootcamp for Beginners Santa Clara, CA, USA
October 9
October 10
Profoss Brussels, Belgium
October 10
October 12
Plone Conference 2007 Naples, Italy
October 12 Legal Summit for Software Freedom New York, NY, USA
October 13
October 14
T-DOSE 2007 (Technical Dutch Open Source Event) Eindhoven, The Netherlands
October 13 The Ontario Linux Fest Conference Toronto, Canada
October 13 Aka Linux Kernel Developer Conference Beijing, China
October 16 Databases and the Web London, England
October 17
October 19
2007 WebGUI Users Conference Madison, WI, USA
October 17
October 19
Web 2.0 Summit San Francisco, CA, USA
October 18
October 20
HackLu 2007 Kirchberg, Luxembourg
October 19
October 21
ToorCon 9 San Diego, CA, USA
October 20
October 21
Ubucon.de Krefeld (Köln), Germany
October 20 PostgreSQL Conference Fall 2007 Portland, OR, USA
October 20 ./freedom & opensource day - PERU Lima, PERU
October 21
October 25
OOPSLA 2007 Montreal, Canada
October 21
October 26
Colorado Software Summit Keystone, CO, USA
October 22
October 26
OpenGL Bootcamp with Rocco Bowling Atlanta, GA, USA
October 22
October 23
She's Geeky - A Women's Tech (un)Conference Mountain View, CA, USA
October 23
October 25
Open aLANtejo 07 - CNSL07 Évora, Portugal
October 23
October 26
Black Hat Japan Tokyo, Japan
October 25
October 26
FSOSS 2007 - Free Software and Open Source Symposium Toronto, Canada
October 27
October 28
FOSSCamp 2007 Cambridge, MA, USA
October 27 Linux Day Italy many cities around country, Italy
October 28
November 2
Ubuntu Developer Summit Cambridge, Massachusetts, USA
October 29 3rd International Workshop on Storage Security and Survivability Alexandria, VA, USA
October 29
November 1
Fall VON Conference and Expo Boston, MA, USA
October 30
October 31
BCS'07 Jakarta, Indonesia
October 31
November 1
LinuxWorld Conference & Expo Utrecht, Netherlands
November 1
November 2
The Linux Foundation Japan Symposium Tokyo, Japan
November 2 5th ACM Workshop on Recurring Malcode Alexandria, VA, USA
November 2
November 3
Embedded Linux Conference, Europe Linz, Austria
November 2
November 4
Real-Time Linux Workshop Linz, Austria
November 3 Linux-Info-Tag Dresden Dresden, Germany
November 5
November 9
Python Bootcamp with Dave Beazley Atlanta, USA
November 7 NLUUG 25th anniversary conference Beurs van Berlage, Amsterdam, The Netherlands
November 7 Alfresco North American Community Conference 2007 New York, NY, USA
November 8
November 9
Blog World Expo Las Vegas, NV, USA
November 10
November 11
Linuxtage Essen, NRW, Germany
November 11
November 17
Large Installation System Administration Conference Dallas, TX, USA
November 12
November 16
Ruby on Rails Bootcamp with Charles B. Quinn Atlanta, USA
November 12
November 15
OWASP & WASC AppSec 2007 Conference San Jose, USA
November 12
November 16
ApacheCon US 2007 Atlanta, GA, USA
November 13
November 14
IV Latin American Free Software Conference Foz do Iguacu, Brazil
November 15
November 18
Piksel07 Bergen, Norway
November 15 Alfresco European Community Conference Paris, France
November 16
November 18
aKademy-es 2007 Zaragoza, Spain
November 20
November 23
DeepSec ISDC 2007 Vienna, Austria
November 22
November 23
Conferencia Rails Hispana Madrid, Spain
November 24 LinuxDay in Vorarlberg (Deutschland, Schweiz, Liechtenstein und Österreich) Dornbirn, Austria
November 26
November 29
Open Source Developers' Conference Brisbane, Australia
November 28
November 30
Mono Summit 2007 Madrid, Spain
November 29
November 30
PacSec 2007 Tokyo, Japan
December 1 Django Worldwide Sprint Online, World
December 1 London Perl Workshop 2007 London, UK

If your event does not appear here, please tell us about it.

Web sites

LessWatts.org launches

Intel has launched LessWatts.org, a site dedicated to reducing power consumption by Linux systems. "LessWatts is about creating a community around saving power on Linux, bringing developers, users, and sysadmins together to share software, optimizations, and tips and tricks."

Comments (42 posted)

Page editor: Forrest Cook

Copyright © 2007, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds