|
|
| |
|
| |
LWN.net Weekly Edition for November 29, 2007
By Jake Edge
November 28, 2007
The next battle in the war for software and data freedom is likely to be in
the online services realm. There are already calls for legislation to
govern what Gmail and Facebook can do with your data along with efforts to
provide free alternatives to some popular web applications. Coming at the
problem from a different direction, the Forkolator project is looking toward a
world where free web applications are not only free to change, but those
changes are immediately available to use on the same site.
Many of the web applications that people use today are not free in any
sense other than price. There are also lots of applications that are free
software – Wikipedia and Wordpress are often used as examples –
but changing the source code for them does little to change the user's
experience, because the service controls the software version that they
run. This is as it should be, few would argue that Wikipedia
should be forced to run some modified version of their code. Vast
quantities of collaboratively developed data reside there, however, that
any modified version of Wikipedia would want to access. Currently, one
could work with the Wikipedia folks to get the change integrated into their
codebase and eventually rolled-out for users, or one could fork the project.
The Forkolator vision – at this point it is not much more than that
– is to provide a third choice. In a mockup of the
Wordpress management interface, Forkolator founder Erik Pukinskis added
a "fork this page" button. Somewhere down the road, if Wordpress were written to support
Forkolator, that button would instantiate a copy of the server code running
on the server, with access to all the same data. It
would then allow a user to change the underlying code to fix a bug or add a
feature, which would then run live in that instance. Users who accessed
the weblog or management screen would use the updated code.
Obviously, people that are able to host their own Wordpress instances are
able to do this already – it is free software after all. What
may be missing is the collaborative environment that a blog hosted at
wordpress.com provides. Wordpress is free software, but wordpress.com
does not provide a free, as in freedom, service. Likewise for Wikipedia,
most of the value is in the site itself and the data; even forking it only
gives a static version at the point of the fork. The Forkolator concept
would provide another level of freedom; one could have their
own view of Wikipedia running side-by-side with the standard code, allowing
users to decide which they preferred.
At the moment, Forkolator is a PHP application that provides a web-based
integrated development
environment (IDE) that can be forked and modified live. It
provides a kind of proof-of-concept; an IDE running in the browser may
not provide the ideal development environment. Ruby on Rails already has
Heroku, which shares many traits with the
Forkolator vision. The focus of Heroku seems to be avoiding the pain of
deploying an individual web application rather than Forkolator's explicit
push for freedom in the web services arena.
The problems inherent in allowing users to modify the function of a
server-side application are legion. Forkolator advocate Sandy Armstrong
calls
the problems "staggering" and they are; providing security, privacy,
and stability while still allowing user modification is uncharted
territory. Solving those problems in a sensible fashion will make or break
the project and it is far from clear that they can be solved.
There is talk that some of the problems inherent in the model could be
solved in the same way that wiki defacements are handled; by the community.
If a rogue user modified the web application to be a spambot, for example,
other users could shut down or quarantine the fork. Data access is another
area that will need close attention. Obviously the application needs read
and write access to the database, but how can you keep rogue applications
from trashing the data for everyone else? This goes well beyond defacing
individual pages, wholesale removal of all content could be effected by a
malicious application. The Forkolator team will need to come up with ways
to deal with all of these kinds of problems and more.
Forkolator is in its infancy – perhaps gestation is more accurate
– with an enormous number of serious technical hurdles to overcome,
but it does provide an interesting view of how free web services could
work. It is not a model that all web applications will adopt, with good
reason, but for sites that are largely collaborative in nature, it could make a
great deal of sense. Whether Forkolator, Heroku, or some other framework
can actually deliver the vision remains to be seen. We will be watching.
Comments (18 posted)
By Jake Edge
November 28, 2007
The Ninth Real-Time Linux Workshop, held in early November in Linz Austria,
provides a look into the current direction of realtime Linux research as
well as applications of the technology. LinuxDevices has collected up the
available papers from the workshop which make for interesting reading.
Roughly half of the papers cover applications, from robotics to train
monitoring, while the other half cover realtime development and measuring
the impacts of various techniques.
Realtime Linux solutions have branched out quite a bit since the original
RTLinux. Because that solution is patented, now owned by Wind River, and largely unmaintained, various other
solutions are maturing. In addition, the realtime preemption (RT_PREEMPT)
patches are also making their way into
the mainline kernel. For "hard" realtime, guarantees must be made about
the interrupt (and other) latencies in the system; so far Linux with
RT_PREEMPT has not been proven to make those guarantees. It does provide a
solution described by some of the authors as "good enough"
for many hard realtime applications, however.
Several of the papers covered various aspects of the performance of the
RT_PREEMPT kernel. Worst-case latencies for low-end PowerPC and
ARM processors (suitable for embedded applications) were measured and
reported. Two different clock frequencies were used for each processor
to determine if there was a simple relationship between processor speed and
latency: "A better realtime behavior cannot be achieved by simply
choosing a processor with a higher clock frequency."
Another paper measured the impact of RT_PREEMPT on general system
performance to try and gauge the cost of those kernel changes. They found
"no significant impact of [RT_PREEMPT] on the general performance of the system
unlike the preempt patches of earlier kernel versions." They also
measured latencies and jitter to try to determine its suitability for hard
realtime tasks, finding that even though there are no guaranteed worst case
latencies, RT_PREEMPT kernels are not "definitely unsuitable".
The third paper measuring performance looked at the performance
characteristics of an RT_PREEMPT kernel on an industrial controller
board. In addition, the measurements were validated using a paint robot.
Their conclusion provides a nice summary of the progress the Linux kernel
has made for realtime applications:
Linux has for a long time proven that its stability is excellent, and now
we see that the real-time performance is really moving towards other
commercial real-time operating systems. The ability to be able to run a
real-time application on the same processor as other standard applications
is a winning combination. This is really what favors Linux as a real-time
operating system compared to other dedicated real-time operating systems.
Research into how to effectively use multi-processor and multi-core systems
for realtime tasks was the topic of another of the presentation.
LITMUSRT
is a kernel modification that implements pluggable schedulers. It was created to test different kinds of
scheduling policies to discover which algorithms
work best for realtime
applications on multiple processors.
An area that generally receives little notice in the realtime community is
disk I/O, but a paper
presented looks to change that. The authors looked at existing I/O
schedulers for realtime systems and found them lacking – the models
used are too simplistic and do not take into account prefetching and
write-caching. They implemented a more realistic model into an I/O
scheduler for RTLinux and report their results.
The XtratuM "nanokernel" is a
virtualization solution used in realtime applications. Linux has
also been ported to run on XtratuM for the x86 architecture, which allows
it to run alongside a realtime OS. Two papers were concerned with
XtratuM, one covering a FIFO
implementation between XtratuM domains, allowing communication between
guest OSes. The other covered porting it to the
PowerPC architecture.
PaRTiKle
OS is a compatible replacement for RTLinux, allowing applications built
for that platform to run unchanged. It uses an entirely different
technique, implementing the kernel system calls itself, rather than using
the Linux kernel. This makes the connection to Linux a bit tenuous, but
because it avoids the RTLinux patents and is LGPL licensed, it may be a
useful migration path for RTLinux users.
The participation of Universities at the workshop is something that stands out right away.
The vast majority of the papers came from Universities, mostly European
– unsurprising given the location – but from
China and Mexico as well. LWN raised some questions about the lack
of
University participation in Linux development back in July, perhaps part
of the answer lies in the realtime realm. It is unclear how much of the
code will actually
reach the mainline, but the number of University participants in the
workshop is impressive.
This article just notes some of the papers presented, for those interested,
there is much more available. The papers covering various applications where
realtime Linux is actually being used are very detailed. We can expect to
see Linux used more frequently in these kinds of applications in the future.
Comments (none posted)
By Jonathan Corbet
November 27, 2007
The GNOME Foundation is charged with several tasks, including serving as
the official voice of the project, coordinating releases, deciding which
projects fit under the GNOME umbrella, supporting events, and more. Once a
year, a board of directors is chosen by the Foundation's members. This
time around, there are ten
candidates running for the seven available positions. This
election may seem like another boring bureaucratic exercise, but its
results are important: GNOME is the desktop used by a great many free
software users, and it is the platform supported by the Free Software
Foundation.
In a number of ways, this seems like one of the more tense elections of its
kind in our community. A number of items discussed last year (such as the
hiring of a business development manager and/or executive director) remain
undone. The workings of the board seem distant and obscure to some GNOME
developers. There are clear
tensions between some of the project's leaders. Criticism of the
project's participation in the OOXML standardization process seems unlikely
to let up anytime soon. And there seems to be a general sense of
frustration that the board's members are too busy to get things done and too unwilling to delegate things to others. It's also worth noting that the winners will be serving a relatively long term; a change in the Foundation's bylaws means that the next election will happen sometime around June, 2009.
Given that, the themes which have come out in the electoral debate should
be clear. How should the whole OOXML participation process have been
handled? What should be done with the Foundation's money (about $150,000
in the bank and $50,000 in receivables, according to the minutes from a recent board meeting)?
How should GNOME push forward into interesting areas, such as mobile
applications and web-hosted services? And how can the board become more
effective than it has been in the past?
Along with deciding on these issues, the new board will have one other new
decision ahead of it. Until very recently, the Foundation has operated
under a single president: a certain Miguel de Icaza. Miguel has been
absent from the GNOME development community for some time, and many of the
developers in that community have not found themselves in agreement with
the public positions he has taken. The current board has convinced
Miguel to resign the presidency, and has changed the
by-laws its practices to the effect
that, in the future, the president will be appointed by the board. The
interim president will be Quim Gil.
In that context, here are a few selections from recent statements by this
year's candidates.
Brian Cameron
I think it is an important part of the Foundation to encourage new
people to get involved with volunteer aspects of the community. I
would like to encourage more participation from communities that
are not so well represented today. For example, users with
accessibility needs. I think having someone on the board with
accessibility experience is important to foster these sorts of
things.
Full posting.
I think it would add value to spend more on marketing and on
evangelical community building opportunities. For example, Windows
and MacOS have flashy "Welcome to the desktop" presentations.
Perhaps it is time for the GNOME community to find ways to better
advertise itself.
Full posting.
Behdad Esfahbod
One tipping point for GNOME would be when the membership/community
stops thinking of board as visionaries who set the direction and
happenings of project and starts seeing that it's just set of
trusted people who volunteered to do the boring and frustrating
tasks (take my word for that) that are so essential to the project
but no-one else is doing. [...]
As for the issue of single standards, I hate it when people use
standardization as a tool to take advantage over their competitors.
"I got here first, so you can't" is exactly what's broken about the
patent system right now. Think about it.
.
George Kraft
Personally, I would not mind it if GNOME were more compatible with
web services; however, I would not want a desktop which is
dependent on them. A danger of an online desktop would be the
dependency on non libre software services where we are not invited
to make changes. [...]
There are important topics like the Online Desktop and OOXML which
many are interested in; however, I would like to bring to
everyone's attention that GNOME accessibility could be positioned
as a clear winner over Windows's MSAA and KDE accessibility, but
instead GNOME's accessibility is on the defensive. From an
accessibility perspective, GNOME could be winning the hearts and
minds of corporations and government agencies; however, GNOME
accessibility is being threatened by the deprecation of Orbit2 &
its migration to DBus, and the migration of Microsoft's UIA to
GNU/Linux. Why regress and/or re-engineer when we can beat the
competition now?
.
Og Maciel
[T]he Online Desktop could be the one thing that will tip the scale
when users choose their desktop environment. I've had the
opportunity to see a few demos and was fairly impressed with its
potential. I believe that it is not up to the Board to decide on
the implementation or even which tools/languages to use, but serve
as a facilitator and guiding light to make sure that the project
stays on track and focused... GNOME users have become used to
expect innovation and great software in every release, so the
Online Desktop could definitely provide that extra buzz!
Full posting.
I'd like to see more support going for the guys behind Abiword,
Glom, Gnumeric, Epiphany, etc... Open Office and Firefox are GREAT
examples of good software but I happen to believe that we already
have great software in our code base that has been delegated to
second place. How about we promote a an event where people who are
involved with the software mentioned before plus anyone who can be
of help and offer insight can sit down and jot down what needs to
be done in order to bring them out of the closet?
Full posting.
John Palmieri
I see the GNOME Online push as pulling us into the Wild West of the
Web platform where everyone is staking their claims and there is
yet to be monopolies to stifle innovation. Sure Google is big but
sites like Facebook and Wikipedia were able to emerge. The only
way to defeat entrenched adversaries in business is to outflank
them with disruptive technology. Microsoft did it to IBM with the
Desktop, Google did it to Microsoft with web search and we have the
chance to bring in integrated Open Source web applications to the
mix and even define a new era of Open Services.
Full posting.
Well one weak point is the board seems almost foreign to the every
day GNOME contributor. People vote and pretty much forget about
the inner workings until Slashdot gets a hold on some
sensationalized story and a press release is put out and still to
the outside world the role of the foundation is unclear. It is
hard to figure out weak points because it is hard to see exactly
what the foundation does. I would fix this by communicating any
decision, from the mundane to the sensational, in an easy to digest
format on my blog. Meeting minutes and press releases are just not
enough. Active engagement of the community is a must.
Full posting.
Lucas Rocha
I think the Online Desktop initiative is a great opportunity for us
to enwide the scope of GNOME project from a specific desktop
environment to a broader user experiences set. This means taking
advantage of this huge amount of funny, socially powerful, useful
information and services available on the Web. Embracing Online
Desktop also means trying to bring a new set of goals to GNOME
which are related to a more social and entertaining user
experience, something that, in my opinion, has been lacking in
GNOME for a long time.
Full posting.
I think the most serious problem about GNOME Foundation
participation on ECMA TC45-M was that it wasn't properly explained
and clarified to the community at the time it started. The
statement came after a lot of noise.
Full posting.
Vincent Untz
About the GNOME Foundation being part of the OOXML ECMA committee:
I've supported this decision and I still do. If we can have someone
asking for clarifications and maybe even have the ability to
improve the format, it'd be wrong to not do it and just complain
about the format. We want our users to read their files, and some
will have OOXML files. This means I'll want our applications to be
able to read such files, and therefore that a better documentation
of the format is good.
Full posting.
We've seen this year that hiring an "executive director" is hard,
very hard. I'm hopeful that hiring a sysadmin would be
(comparatively) easier. And I'm also hopeful that we can get some
funding to hire the sysadmin. So my plan is to hire a sysadmin
using part of what we have in our back account now and using some
new funding, and keep enough cash so that we can hire an "executive
director" too. It might sound too ambitious, but I think it's
doable and that it's the best way to go.
Full posting.
Diego Escalante Urrelo
Support initiatives in Latin America for getting people involved as
users and developers. Concretely, I would like to "deploy" 2 or 3
of our rockstars next year to a LA-tour, as seen on marketing-list
and later gugmasters
the idea has had a positive response. I would like to serve as a
direct link to this initiative and hopefully other similar ones.
.
I would have included a line in all-caps saying "GNOME Foundation
doesn't like OOXML, we have someone in the committee because
standard or not Ms is gonna push it everywhere, so we are taking
the chance to ask questions and raise concern on all the problems
we can find."
Full posting.
Luis Villa
I'll be running again for the Board this year. This will be an
unusual candidacy. I will not be running to do various and sundry
board tasks; I'll be running to do exactly one thing: legal work- a
vote for me is a vote that says 'Luis should be the coordinator of
all GNOME-related legal issues.'
Full posting.
I think it is inevitable that GNOME, or GNOME partners, will be
offering web-backed services to GNOME users. My personal vision for
that is to dot the i's and cross the t's on the legal parts- to
make sure that as we sail into uncharted waters, the rights of
GNOME users and contributors are being protected.
Full posting.
I wish [the statement on OOXML] were more explicit about how the
Foundation feels that the ODF folks have been undermining the
standards process. It isn't obvious to everyone that ODF shares
much of the blame for the politicization of the process, so the
statements about that in the statement are a little vague.
Full posting.
Jeff Waugh
It is ISO's role to facilitate the development of standards in a
coherent, transparent manner, not to determine the market demand
for a given standard. I think it's extremely short-sighted to
protest OOXML on the basis of "competing standards" given that
standards exist for technologies that we are very likely to want
true Free standards for in the future - for example, video encoders
and decoders.
Full posting.
We must have a full time staff member to manage any further hires,
as there is no way our part time administrator should have to deal
with any duties related to management. So, of the two, I'd prefer a
full time, management capable hire before a sysadmin hire.
Full posting
Ballots must be returned by December 9, and the initial results from
the election are due to be announced on December 11; stay tuned.
Comments (10 posted)
Page editor: Jonathan Corbet
Security
By Jake Edge
November 28, 2007
Botnets are an increasing problem in today's internet. They can do much
harm in the way of spam propagation and distributed denial of service
attacks, but they also tend to
evolve much more quickly than preventative measures. The International
Telecommunication Union, an organization that predates the internet
by more than 100 years, wants to do something about that. To that end,
they are creating a Botnet
Mitigation Toolkit.
The ITU is now an agency of the United Nations, which puts it in the right
place to assist with botnet mitigation. Much like the internet, botnets do
not respect political boundaries; it is often the case that a botnet is
attacking a target in one country, from hosts in multiple countries, using
a command and control (C&C) infrastructure in yet another country. It will
take an international response to thwart an attack of that sort.
The toolkit is primarily focused at developing countries; it is meant to provide
guidelines and best practice information to entities that need it. There
are three types of information in the toolkit: legal, technical, and
social. Each has a role to play in successfully handling botnets and their
effects.
From a legal standpoint, many developing countries do not have laws
governing "cybercrime" that could be used to shut down or redirect botnet
traffic. The toolkit will contain recommendations for how such legislation
might be structured, what kind of jurisdiction requirements make sense, as
well as the kinds of evidence that are likely to be available. One of the more
serious difficulties is rectifying the needs of botnet fighters with
the privacy of internet users. A country's privacy laws may cover what
information can be gathered. A paper
describing the toolkit (PDF), which is still in draft form, has some
information about the intersection of privacy rights and internet security,
but this is clearly an area that will need to be handled carefully.
Another policy area that will be covered by the toolkit is in establishing
a framework for handling incidents that occur. How to establish
monitoring, putting together a collaboration between the government and
internet service providers, along with deterring internet criminals from
setting up shop in the country are all facets of a national "cybersecurity"
policy. If a country is starting from a point where none of this kind of
organization exists, which is true for much of the developing world, the
toolkit will provide the government with the right questions to ask and
areas that need a decision. At a
minimum, it will also make recommendations that may be followed or ignored.
From a technical standpoint, internet service providers may need information on
best practices for securing their networks from external threats. They
also may need information on handling malicious traffic originating in
their networks. The toolkit intends to provide information on both. The
contents of the paper contain a great deal of good information for those
that are interested. Even for ISPs in developed countries, there is much
that could be learned.
The social aspect of dealing with botnets is perhaps the most difficult part,
but, if successful, may provide the best defense. Like the technical
measures, this is by no means a problem only in developing countries.
Users everywhere need to learn good habits when using the internet.
Free software is specifically called out as part of the solution in the social
section of the paper, not because it is more resistant to malware (which is
unclear), but because it can always be upgraded to fix security flaws.
Many users in developing countries use unlicensed software from proprietary vendors
that is difficult or impossible to upgrade.
The ITU toolkit is a worthy project, which will hopefully be well received
by countries around the world. Due care needs to be taken so that it is
not seen as something being imposed by the developed world. Even if botnets
are not currently causing any major pain for a country, they certainly
will some day. Getting out ahead of that curve would be of great benefit,
hopefully most countries will see it that way.
A pilot project is planned for Malaysia, in cooperation with the government
there, in 2008 that will
allow the ITU to fine tune its message and the toolkit. After that, it can
start rolling it out in other interested
countries. It may be a few years off, but bot herders may start feeling
the heat.
Comments (19 posted)
Brief items
Jeremy Allison, of the Samba project, reflects on the recent security flaws in Samba, how responses (and response times) have changed over time, and how they try to avoid new security problems. " What we do now on seeing a security bug is immediately audit the entire code-base to discover if there are any similar problems, or even similar coding practices that might cause future problems, and re-write or remove all such code. It takes longer, but is much safer in the long run. If you examine parts of the Samba code you'll find common functions that are known to be insecure simply won't compile if added to our code. A set of automated macros warns of any use of known bad functions."
(thanks to Richard Hillesley)
Comments (79 posted)
The Electronic Frontier Foundation has announced the release of a set of
reports on ISP manipulation of IP traffic and some comprehensive
documentation on how to detect that manipulation for yourself. The document on
detecting packet injection appears to mostly be a set of detailed
instructions on using Wireshark to compare TCP streams at both ends.
Full Story (comments: none)
New vulnerabilities
cacti: SQL injection vulnerability
| Package(s): | cacti |
CVE #(s): | CVE-2007-6035
|
| Created: | November 22, 2007 |
Updated: | February 18, 2008 |
| Description: |
Versions of Cacti prior to 0.8.7a have an SQL injection vulnerability.
Remote attackers can execute arbitrary SQL commands via unspecified vectors. |
| Alerts: |
|
Comments (none posted)
CSTeX: multiple vulnerabilities
| Package(s): | CSTeX |
CVE #(s): | |
| Created: | November 26, 2007 |
Updated: | November 28, 2007 |
| Description: |
From the Gentoo advisory:
Remote attackers could possibly execute arbitrary code and local
attackers could possibly overwrite arbitrary files with the privileges
of the user running CSTeX via multiple vectors. |
| Alerts: |
|
Comments (none posted)
feynmf: symlink vulnerability
| Package(s): | feynmf |
CVE #(s): | CVE-2007-5940
|
| Created: | November 28, 2007 |
Updated: | November 28, 2007 |
| Description: |
The feynmf drawing package suffers from a symbolic link vulnerability. |
| Alerts: |
|
Comments (none posted)
firefox: multiple vulnerabilities
| Package(s): | firefox seamonkey |
CVE #(s): | CVE-2007-5947
CVE-2007-5959
CVE-2007-5960
|
| Created: | November 27, 2007 |
Updated: | March 3, 2008 |
| Description: |
A cross-site scripting flaw was found in the way Firefox handled the
jar: URI scheme. It was possible for a malicious website to leverage this
flaw and conduct a cross-site scripting attack against a user running
Firefox. (CVE-2007-5947)
Several flaws were found in the way Firefox processed certain malformed web
content. A webpage containing malicious content could cause Firefox to
crash, or potentially execute arbitrary code as the user running Firefox.
(CVE-2007-5959)
A race condition existed when Firefox set the "window.location" property
for a webpage. This flaw could allow a webpage to set an arbitrary Referer
header, which may lead to a Cross-site Request Forgery (CSRF) attack
against websites that rely only on the Referer header for protection.
(CVE-2007-5960)
|
| Alerts: |
|
Comments (1 posted)
kernel: denial of service
| Package(s): | kernel |
CVE #(s): | CVE-2007-5500
|
| Created: | November 28, 2007 |
Updated: | July 8, 2008 |
| Description: |
The wait_task_stopped function in the Linux kernel before 2.6.23.8 checks a TASK_TRACED bit instead of an exit_state value, which allows local users to cause a denial of service (machine crash) via unspecified vectors. |
| Alerts: |
|
Comments (none posted)
kernel: denial of service
| Package(s): | kernel |
CVE #(s): | CVE-2007-5501
|
| Created: | November 28, 2007 |
Updated: | March 7, 2008 |
| Description: |
The tcp_sacktag_write_queue function in net/ipv4/tcp_input.c in Linux kernel 2.6.21 through 2.6.23.7, and 2.6.24-rc through 2.6.24-rc2, allows remote attackers to cause a denial of service (crash) via crafted ACK responses that trigger a NULL pointer dereference. |
| Alerts: |
|
Comments (none posted)
lcms: stack-based buffer overflow
| Package(s): | lcms |
CVE #(s): | CVE-2007-2741
|
| Created: | November 23, 2007 |
Updated: | October 14, 2008 |
| Description: |
Stack-based buffer overflow in Little CMS (lmcs) before 1.15 allows remote
attackers to execute arbitrary code or cause a denial of service
(application crash) via a crafted ICC profile in a JPG file. |
| Alerts: |
|
Comments (none posted)
mysql-dfsg: multiple vulnerabilities
| Package(s): | mysql-dfsg |
CVE #(s): | CVE-2007-2583
CVE-2007-2691
CVE-2007-2692
CVE-2007-3782
|
| Created: | November 27, 2007 |
Updated: | July 30, 2008 |
| Description: |
The in_decimal::set function in item_cmpfunc.cc in MySQL before 5.0.40, and
5.1 before 5.1.18-beta, allows context-dependent attackers to cause a
denial of service (crash) via a crafted IF clause that results in a
divide-by-zero error and a NULL pointer dereference. (CVE-2007-2583)
MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 does not
require the DROP privilege for RENAME TABLE statements, which allows remote
authenticated users to rename arbitrary tables. (CVE-2007-2691)
The mysql_change_db function in MySQL 5.0.x before 5.0.40 and 5.1.x before
5.1.18 does not restore THD::db_access privileges when returning from SQL
SECURITY INVOKER stored routines, which allows remote authenticated users
to gain privileges. (CVE-2007-2692)
MySQL Community Server before 5.0.45 allows remote authenticated users to
gain update privileges for a table in another database via a view that
refers to this external table. (CVE-2007-3782) |
| Alerts: |
|
Comments (none posted)
nss_ldap: credential or other information disclosure
| Package(s): | nss_ldap |
CVE #(s): | CVE-2007-5794
|
| Created: | November 26, 2007 |
Updated: | July 30, 2008 |
| Description: |
From the Gentoo advisory:
Josh Burley reported that nss_ldap does not properly handle the LDAP
connections due to a race condition that can be triggered by
multi-threaded applications using nss_ldap, which might lead to
requested data being returned to a wrong process.
|
| Alerts: |
|
Comments (none posted)
openldap: denial of service
| Package(s): | openldap |
CVE #(s): | CVE-2007-5708
|
| Created: | November 23, 2007 |
Updated: | April 9, 2008 |
| Description: |
slapo-pcache (overlays/pcache.c) in slapd in OpenLDAP before 2.3.39, when
running as a proxy-caching server, allocates memory using a malloc variant
instead of calloc, which prevents an array from being initialized properly
and might allow attackers to cause a denial of service (segmentation fault)
via unknown vectors that prevent the array from being null terminated. |
| Alerts: |
|
Comments (none posted)
pcre: buffer overflows in library
| Package(s): | pcre |
CVE #(s): | CVE-2006-7228
CVE-2006-7230
CVE-2007-1661
CVE-2007-4766
CVE-2007-4767
|
| Created: | November 23, 2007 |
Updated: | July 16, 2008 |
| Description: |
Specially crafted regular expressions could lead to buffer overflows in the pcre library. Applications using pcre to process regular expressions from untrusted sources could therefore potentially be exploited by attackers to execute arbitrary code as the user running the application. |
| Alerts: |
|
Comments (1 posted)
pcre: buffer overflows
| Package(s): | pcre3 |
CVE #(s): | CVE-2007-1662
CVE-2007-4768
|
| Created: | November 27, 2007 |
Updated: | May 7, 2008 |
| Description: |
Perl-Compatible Regular Expression (PCRE) library before 7.3 reads past the
end of the string when searching for unmatched brackets and parentheses,
which allows context-dependent attackers to cause a denial of service
(crash), possibly involving forward references. (CVE-2007-1662)
Heap-based buffer overflow in Perl-Compatible Regular Expression (PCRE)
library before 7.3 allows context-dependent attackers to execute arbitrary
code via a singleton Unicode sequence in a character class in a regex
pattern, which is incorrectly optimized. (CVE-2007-4768) |
| Alerts: |
|
Comments (none posted)
phpMyAdmin: SQL injection
| Package(s): | phpMyAdmin |
CVE #(s): | CVE-2007-5976
CVE-2007-5977
|
| Created: | November 22, 2007 |
Updated: | March 19, 2009 |
| Description: |
phpMyAdmin prior to version 2.11.2.1 has an SQL injection vulnerability
in db_create.php. Remote authenticated users with CREATE DATABASE privileges can use this to execute arbitrary SQL commands via the db parameter.
db_create.php also has a related cross-site scripting vulnerability.
Remote authenticated users can inject arbitrary web scripts or HTML
using a hex-encoded IMG element in the db parameter in a POST request. |
| Alerts: |
|
Comments (none posted)
Tk: buffer overflow
| Package(s): | tk8.3 |
CVE #(s): | CVE-2007-5378
|
| Created: | November 28, 2007 |
Updated: | March 17, 2009 |
| Description: |
The Tk toolkit's GIF-reading code contains a buffer overflow which could be exploited via a malicious image file. Fixes may be found in versions 8.4.12 and 8.3.5. |
| Alerts: |
|
Comments (none posted)
wireshark: multiple vulnerabilities
| Package(s): | wireshark |
CVE #(s): | CVE-2007-6114
CVE-2007-6117
CVE-2007-6118
CVE-2007-6120
CVE-2007-6121
|
| Created: | November 27, 2007 |
Updated: | December 24, 2007 |
| Description: |
Several remote vulnerabilities have been discovered in the Wireshark
network traffic analyzer, which may lead to denial of service or the
execution of arbitrary code. |
| Alerts: |
|
Comments (none posted)
zaptel: possible privilege escalation
| Package(s): | zaptel |
CVE #(s): | CVE-2007-5690
|
| Created: | November 28, 2007 |
Updated: | November 28, 2007 |
| Description: |
Asterisk Zaptel 1.4.5.1 contains a buffer overflow which might be exploitable by local users - though the actual exploitability of this problem is disputed. |
| Alerts: |
|
Comments (none posted)
Updated vulnerabilities
acroread: multiple vulnerabilities
| Package(s): | acroread |
CVE #(s): | CVE-2006-5857
CVE-2007-0045
CVE-2007-0046
|
| Created: | January 11, 2007 |
Updated: | October 26, 2009 |
| Description: |
Adobes acrobat reader has the following vulnerabilities:
The Adobe Reader Plugin has a cross site scripting vulnerability that
can be triggered by processes malformed URLs. Arbitrary JavaScript can
be served by a malicious web server, leading to a cross-site scripting
attack.
Maliciously crafted PDF files can be used to trigger two vulnerabilities,
if an attacker can trick a user into viewing the files, arbitrary code
can be executed with the user's privileges. |
| Alerts: |
|
Comments (1 posted)
apache2: information disclosure
| Package(s): | apache |
CVE #(s): | CVE-2007-1862
|
| Created: | June 20, 2007 |
Updated: | February 18, 2008 |
| Description: |
From the Mandriva advisory: "The recall_headers function in mod_mem_cache in Apache 2.2.4 does not
properly copy all levels of header data, which can cause Apache to
return HTTP headers containing previously-used data, which could be
used to obtain potentially sensitive information by unauthorized users." |
| Alerts: |
|
Comments (2 posted)
apache: multiple vulnerabilities
| Package(s): | apache |
CVE #(s): | CVE-2007-3304
CVE-2006-5752
|
| Created: | June 27, 2007 |
Updated: | February 18, 2008 |
| Description: |
The Apache HTTP Server did not verify that a process was an Apache child
process before sending it signals. A local attacker who has the ability to
run scripts on the Apache HTTP Server could manipulate the scoreboard and
cause arbitrary processes to be terminated, which could lead to a denial of
service. (CVE-2007-3304)
A flaw was found in the Apache HTTP Server mod_status module. Sites with
the server-status page publicly accessible and ExtendedStatus enabled were
vulnerable to a cross-site scripting attack. On Red Hat Enterprise Linux
the server-status page is not enabled by default and it is best practice to
not make this publicly available. (CVE-2006-5752) |
| Alerts: |
|
Comments (1 posted)
apache: cross-site scripting
| Package(s): | apache |
CVE #(s): | CVE-2006-3918
|
| Created: | August 9, 2006 |
Updated: | April 4, 2008 |
| Description: |
From the Red Hat advisory: "A bug was found in Apache where an invalid Expect header sent to the server
was returned to the user in an unescaped error message. This could
allow an attacker to perform a cross-site scripting attack if a victim was
tricked into connecting to a site and sending a carefully crafted Expect
header." |
| Alerts: |
|
Comments (none posted)
apache2: denial of service
| Package(s): | apache2 |
CVE #(s): | CVE-2007-1863
|
| Created: | November 19, 2007 |
Updated: | February 18, 2008 |
| Description: |
From the CVE entry:
cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value. |
| Alerts: |
|
Comments (1 posted)
httpd: denial of service, cross-site scripting
| Package(s): | apache httpd |
CVE #(s): | CVE-2007-3847
CVE-2007-4465
|
| Created: | September 25, 2007 |
Updated: | February 15, 2008 |
| Description: |
A flaw was found in the mod_proxy module. On sites where a reverse proxy is
configured, a remote attacker could send a carefully crafted request that
would cause the Apache child process handling that request to crash. On
sites where a forward proxy is configured, an attacker could cause a
similar crash if a user could be persuaded to visit a malicious site using
the proxy. This could lead to a denial of service if using a threaded
Multi-Processing Module. (CVE-2007-3847)
A flaw was found in the mod_autoindex module. On sites where directory
listings are used, and the AddDefaultCharset directive has been removed
from the configuration, a cross-site-scripting attack may be possible
against browsers which do not correctly derive the response character set
following the rules in RFC 2616. (CVE-2007-4465) |
| Alerts: |
|
Comments (none posted)
avahi: denial of service
| Package(s): | avahi |
CVE #(s): | CVE-2007-3372
|
| Created: | June 28, 2007 |
Updated: | December 23, 2008 |
| Description: |
Avahi is vulnerable to a local denial of service that can be caused by
making an erroneous call to the assert() function. |
| Alerts: |
|
Comments (none posted)
bochs: denial of service
| Package(s): | bochs |
CVE #(s): | CVE-2007-2894
|
| Created: | November 19, 2007 |
Updated: | November 21, 2007 |
| Description: |
From the CVE entry:
The emulated floppy disk controller in Bochs 2.3 allows local users of the guest operating system to cause a denial of service (virtual machine crash) via unspecified vectors, resulting in a divide-by-zero error. |
| Alerts: |
|
Comments (none posted)
cacti: denial of service
| Package(s): | cacti |
CVE #(s): | CVE-2007-3112
CVE-2007-3113
|
| Created: | September 18, 2007 |
Updated: | December 16, 2009 |
| Description: |
A vulnerability in Cacti 0.8.6i and earlier versions allows remote
authenticated users to cause a denial of service (CPU consumption) via
large values of the graph_start, graph_end, graph_height, or graph_width
parameters. |
| Alerts: |
|
Comments (none posted)
centericq: buffer overflows
| Package(s): | centericq |
CVE #(s): | CVE-2007-3713
|
| Created: | July 20, 2007 |
Updated: | December 17, 2007 |
| Description: |
Multiple buffer overflows in Konst CenterICQ 4.9.11 through 4.21 allow
remote attackers to execute arbitrary code via unspecified vectors. NOTE:
the provenance of this information is unknown; the details are obtained
solely from third party information. NOTE: this might overlap
CVE-2007-0160. |
| Alerts: |
|
Comments (none posted)
clamav: denial of service
| Package(s): | clamav |
CVE #(s): | CVE-2007-3725
|
| Created: | July 24, 2007 |
Updated: | February 27, 2008 |
| Description: |
A NULL pointer dereference has been discovered in the RAR VM of Clam
Antivirus (ClamAV) which allows user-assisted remote attackers to
cause a denial of service via a specially crafted RAR archives. |
| Alerts: |
|
Comments (none posted)
clamav: multiple vulnerabilities
| Package(s): | clamav |
CVE #(s): | CVE-2007-4510
CVE-2007-4560
|
| Created: | September 3, 2007 |
Updated: | February 13, 2008 |
| Description: |
Several remote vulnerabilities have been discovered in the Clam anti-virus
toolkit. The Common Vulnerabilities and Exposures project identifies the
following problems:
CVE-2007-4510:
It was discovered that the RTF and RFC2397 parsers can be tricked
into dereferencing a NULL pointer, resulting in denial of service.
CVE-2007-4560:
It was discovered clamav-milter performs insufficient input
sanitizing, resulting in the execution of arbitrary shell commands.
|
| Alerts: |
|
Comments (none posted)
conga: denial of service
| Package(s): | conga |
CVE #(s): | CVE-2007-4136
|
| Created: | November 7, 2007 |
Updated: | November 22, 2007 |
| Description: |
A flaw was found in ricci during a code audit. A remote attacker who is
able to connect to ricci could cause ricci to temporarily refuse additional
connections, a denial of service (CVE-2007-4136). |
| Alerts: |
|
Comments (none posted)
cpio: arbitrary code execution
| Package(s): | cpio |
CVE #(s): | CVE-2005-4268
|
| Created: | January 2, 2006 |
Updated: | March 17, 2010 |
| Description: |
Richard Harms discovered that cpio did not sufficiently validate file
properties when creating archives. Files with e. g. a very large size
caused a buffer overflow. By tricking a user or an automatic backup
system into putting a specially crafted file into a cpio archive, a
local attacker could probably exploit this to execute arbitrary code
with the privileges of the target user (which is likely root in an
automatic backup system). |
| Alerts: |
|
Comments (none posted)
vixie-cron: privilege escalation
| Package(s): | cron |
CVE #(s): | CVE-2006-2607
|
| Created: | May 31, 2006 |
Updated: | June 1, 2009 |
| Description: |
The Vixie cron daemon does not check the return code from setuid(); if that call can be made to fail, a local attacker may be able to execute commands as root. |
| Alerts: |
|
Comments (1 posted)
cscope: buffer overflows
| Package(s): | cscope |
CVE #(s): | CVE-2006-4262
|
| Created: | October 2, 2006 |
Updated: | June 16, 2009 |
| Description: |
Will Drewry of the Google Security Team discovered several buffer overflows
in cscope, a source browsing tool, which might lead to the execution of
arbitrary code. |
| Alerts: |
|
Comments (none posted)
cscope: buffer overflows
| Package(s): | cscope |
CVE #(s): | CVE-2004-2541
|
| Created: | May 22, 2006 |
Updated: | June 19, 2009 |
| Description: |
A buffer overflow in Cscope 15.5, and possibly multiple overflows, allows
remote attackers to execute arbitrary code via a C file with a long
#include line that is later browsed by the target. |
| Alerts: |
|
Comments (1 posted)
cups: denial of service
| Package(s): | cups |
CVE #(s): | CVE-2007-0720
|
| Created: | March 26, 2007 |
Updated: | February 7, 2008 |
| Description: |
Previous versions of the cups package could be forced to hang via a client
"partially negotiating" an ssl connection. In this state, cups would not
allow other connections to be made, a denial of service. |
| Alerts: |
|
Comments (none posted)
gpdf: integer overflow
| Package(s): | cups poppler xpdf |
CVE #(s): | CVE-2007-3387
|
| Created: | July 31, 2007 |
Updated: | November 28, 2007 |
| Description: |
The gpdf library contains an integer overflow which can be exploited via a malicious PDF file. This code finds its way into multiple packages, including xpdf, kpdf, poppler, cups, and more. |
| Alerts: |
|
Comments (1 posted)
debian-goodies: privilege escalation
| Package(s): | debian-goodies |
CVE #(s): | CVE-2007-3912
|
| Created: | October 5, 2007 |
Updated: | March 24, 2008 |
| Description: |
Thomas de Grenier de Latour discovered that the checkrestart program included
in debian-goodies did not correctly handle shell meta-characters. A local
attacker could exploit this to gain the privileges of the user running
checkrestart. |
| Alerts: |
|
Comments (none posted)
Django: denial of service
| Package(s): | Django |
CVE #(s): | CVE-2007-5712
|
| Created: | November 12, 2007 |
Updated: | September 22, 2008 |
| Description: |
From the CVE notice:
The internationalization (i18n) framework in Django 0.91, 0.95, 0.95.1, and 0.96, and as used in other products such as PyLucid, when the USE_I18N option and the i18n component are enabled, allows remote attackers to cause a denial of service (memory consumption) via many HTTP requests with large Accept-Language headers. |
| Alerts: |
|
Comments (none posted)
dovecot: privilege escalation
| Package(s): | dovecot |
CVE #(s): | CVE-2007-4211
|
| Created: | August 15, 2007 |
Updated: | May 21, 2008 |
| Description: |
From the rPath advisory: "Previous versions of the dovecot package are vulnerable to a
minor privilege escalation attack in which an authenticated
user may exploit an ACL plugin weakness to save message flags
without having proper permissions." |
| Alerts: |
|
Comments (none posted)
dovecot: directory traversal
| Package(s): | dovecot |
CVE #(s): | CVE-2007-2231
|
| Created: | May 8, 2007 |
Updated: | May 21, 2008 |
| Description: |
Directory traversal vulnerability in index/mbox/mbox-storage.c in Dovecot
before 1.0.rc29, when using the zlib plugin, allows remote attackers to
read arbitrary gzipped (.gz) mailboxes (mbox files) via a .. (dot dot)
sequence in the mailbox name. |
| Alerts: |
|
Comments (none posted)
drupal: multiple vulnerabilities
| Package(s): | drupal |
CVE #(s): | CVE-2007-5593
CVE-2007-5594
CVE-2007-5595
CVE-2007-5596
CVE-2007-5597
|
| Created: | October 24, 2007 |
Updated: | December 7, 2007 |
| Description: |
From the Fedora advisory:
- Upgrade to 5.3, fixes:
- HTTP response splitting.
- Arbitrary code execution.
- Cross-site scripting.
- Cross-site request forgery.
- Access bypass.
|
| Alerts: |
|
Comments (none posted)
eggdrop: stack-based buffer overflow
| Package(s): | eggdrop |
CVE #(s): | CVE-2007-2807
|
| Created: | September 7, 2007 |
Updated: | December 8, 2009 |
| Description: |
A stack-based buffer overflow in mod/server.mod/servrmsg.c in Eggdrop
1.6.18, and possibly earlier, allows user-assisted, malicious remote IRC
servers to execute arbitrary code via a long private message. |
| Alerts: |
|
Comments (none posted)
elinks: code execution
| Package(s): | elinks |
CVE #(s): | CVE-2007-2027
|
| Created: | May 7, 2007 |
Updated: | October 30, 2009 |
| Description: |
Arnaud Giersch discovered that elinks incorrectly attempted to load
gettext catalogs from a relative path. If a user were tricked into
running elinks from a specific directory, a local attacker could execute
code with user privileges. |
| Alerts: |
|
Comments (none posted)
elinks: arbitrary file access
| Package(s): | elinks |
CVE #(s): | CVE-2006-5925
|
| Created: | November 16, 2006 |
Updated: | October 22, 2009 |
| Description: |
The elinks text-mode browser has an arbitrary file access vulnerability
in the Elinks SMB protocol handler. If a user can be tricked into
visiting a specially crafted web page, arbitrary files may be read or
written with the user's permissions. |
| Alerts: |
|
Comments (none posted)
emacs: command execution via local variables
| Package(s): | emacs |
CVE #(s): | CVE-2007-5795
|
| Created: | November 14, 2007 |
Updated: | February 5, 2008 |
| Description: |
From the original Debian problem report: "In Debian's version of GNU Emacs 22.1+1-2, the `hack-local-variables'
function does not behave correctly when `enable-local-variables' is
set to :safe. The documentation of `enable-local-variables' states
that the value :safe means to set only safe variables, as determined
by `safe-local-variable-p' and `risky-local-variable-p' (and the data
driving them), but Emacs ignores this and instead sets all the local
variables." When this setting (which is not the default) is in effect, opening a hostile file could lead to the execution of arbitrary commands. |
| Alerts: |
|
Comments (1 posted)
evolution: format string error
| Package(s): | evolution |
CVE #(s): | CVE-2007-1002
|
| Created: | March 27, 2007 |
Updated: | February 27, 2008 |
| Description: |
A format string error in the "write_html()" function in calendar/gui/
e-cal-component-memo-preview.c when displaying a memo's categories can
potentially be exploited to execute arbitrary code via a specially crafted
shared memo containing format specifiers. |
| Alerts: |
|
Comments (1 posted)
pop mail man-in-the-middle attacks
| Package(s): | evolution thunderbird mutt fetchmail |
CVE #(s): | CVE-2007-1558
|
| Created: | May 8, 2007 |
Updated: | July 3, 2009 |
| Description: |
The APOP protocol allows remote attackers to guess the first 3 characters
of a password via man-in-the-middle (MITM) attacks that use crafted message
IDs and MD5 collisions. NOTE: this design-level issue potentially affects
all products that use APOP, including (1) Thunderbird, (2) Evolution, (3)
mutt, and (4) fetchmail. |
| Alerts: |
|
Comments (none posted)
fetchmail: denial of service
| Package(s): | fetchmail |
CVE #(s): | CVE-2007-4565
|
| Created: | September 5, 2007 |
Updated: | October 30, 2009 |
| Description: |
fetchmail before 6.3.9 allows context-dependent attackers to cause a denial of service (NULL dereference and application crash) by refusing certain warning messages that are sent over SMTP. |
| Alerts: |
|
Comments (none posted)
firebird: buffer overflow
| Package(s): | firebird |
CVE #(s): | CVE-2007-3181
|
| Created: | July 2, 2007 |
Updated: | March 27, 2008 |
| Description: |
The Firebird DBMS has a buffer overflow vulnerability involving
the processing of connect requests with an overly large p_cnct_count
value. Remote attackers can send a specially crafted
request to the server in order to potentially execute arbitrary code with
the permissions of the Firebird user. |
| Alerts: |
|
Comments (none posted)
firefox: multiple vulnerabilities
| Package(s): | firefox |
CVE #(s): | CVE-2007-3844
CVE-2007-3845
|
| Created: | August 1, 2007 |
Updated: | February 20, 2008 |
| Description: |
A flaw was discovered in handling of "about:blank" windows used by
addons. A malicious web site could exploit this to modify the contents,
or steal confidential data (such as passwords), of other web pages.
(CVE-2007-3844)
Jesper Johansson discovered that spaces and double-quotes were
not correctly handled when launching external programs. In rare
configurations, after tricking a user into opening a malicious web page,
an attacker could execute helpers with arbitrary arguments with the
user's privileges. (CVE-2007-3845) |
| Alerts: |
|
Comments (none posted)
firefox, thunderbird, seamonkey: multiple vulnerabilities
| Package(s): | firefox, thunderbird, seamonkey |
CVE #(s): | CVE-2007-3738
CVE-2007-3656
CVE-2007-3670
CVE-2007-3285
CVE-2007-3737
CVE-2007-3089
CVE-2007-3736
CVE-2007-3734
CVE-2007-3735
|
| Created: | July 18, 2007 |
Updated: | May 12, 2008 |
| Description: |
shutdown and moz_bug_r_a4 reported two separate ways to modify an
XPCNativeWrapper such that subsequent access by the browser would result in
executing user-supplied code. (CVE-2007-3738)
Michal Zalewski reported that it was possible to bypass the same-origin
checks and read from cached (wyciwyg) documents It is possible to access
wyciwyg:// documents without proper same domain policy checks through the
use of HTTP 302 redirects. This enables the attacker to steal sensitive
data displayed on dynamically generated pages; perform cache poisoning; and
execute own code or display own content with URL bar and SSL certificate
data of the attacked page (URL spoofing++). (CVE-2007-3656)
Internet Explorer calls registered URL protocols without escaping quotes
and may be used to pass unexpected and potentially dangerous data to the
application that registers that URL Protocol. (CVE-2007-3670)
Ronald van den Heetkamp reported that a filename URL containing %00
(encoded null) can cause Firefox to interpret the file extension
differently than the underlying Windows operating system potentially
leading to unsafe actions such as running a program. This is only
accessible locally. (CVE-2007-3285)
An attacker can use an element outside of a document to call an event
handler allowing content to run arbitrary code with chrome
privileges. (CVE-2007-3737)
Ronen Zilberman and Michal Zalewski both reported that it was possible to
exploit a timing issue to inject content into about:blank frames in a
page. When opening a window from a script, it is possible to spoof the
content of the newly opened window's frames within a short time frame,
while the window is loading. (CVE-2007-3089)
Mozilla contributor moz_bug_r_a4 demonstrated that the methods
addEventListener and setTimeout could be used to inject script into another
site in violation of the browser's same-origin policy. This could be used
to access or modify private or valuable information from that other
site. (CVE-2007-3736)
As part of the Firefox 2.0.0.5 update releases Mozilla developers fixed
many bugs to improve the stability of the product. Some of these crashes
that showed evidence of memory corruption under certain circumstances and
we presume that with enough effort at least some of these could be
exploited to run arbitrary code. Note: Thunderbird shares the browser
engine with Firefox and could be vulnerable if JavaScript were to be
enabled in mail. This is not the default setting and we strongly discourage
users from running JavaScript in mail. Without further investigation we
cannot rule out the possibility that for some of these an attacker might be
able to prepare memory for exploitation through some means other than
JavaScript, such as large images. (CVE-2007-3734, CVE-2007-3735) |
| Alerts: |
|
Comments (none posted)
flac: arbitrary code execution
| Package(s): | flac |
CVE #(s): | CVE-2007-4619
|
| Created: | October 22, 2007 |
Updated: | January 21, 2008 |
| Description: |
From the Red Hat advisory:
A security flaw was found in the way flac processed audio data. An
attacker could create a carefully crafted FLAC audio file in such a way that
it could cause an application linked with flac libraries to crash or execute
arbitrary code when it was opened. (CVE-2007-4619)
|
| Alerts: |
|
Comments (none posted)
freetype: arbitrary code execution
| Package(s): | freetype |
CVE #(s): | CVE-2007-2754
|
| Created: | May 24, 2007 |
Updated: | June 1, 2010 |
| Description: |
The Freetype font rendering library versions 2.3.4 and below
has an integer sign error. Remote attackers may be able to
create a specially crafted TrueType Font file with a negative
n_points value that will cause an integer overflow and heap-based
buffer overflow, allowing the execution of arbitrary code. |
| Alerts: |
|
Comments (none posted)
freetype: integer overflows
| Package(s): | freetype |
CVE #(s): | CVE-2006-0747
CVE-2006-1861
CVE-2006-2493
CVE-2006-2661
CVE-2006-3467
|
| Created: | June 8, 2006 |
Updated: | June 1, 2010 |
| Description: |
The FreeType library has several integer overflow vulnerabilities.
If a user can be tricked into installing a specially
crafted font file, arbitrary code can be executed with the privilege
of the user. |
| Alerts: |
|
Comments (none posted)
gcc: file overwrite vulnerability
| Package(s): | gcc |
CVE #(s): | CVE-2006-3619
|
| Created: | September 6, 2006 |
Updated: | March 14, 2008 |
| Description: |
The fastjar utility found in the GNU compiler collection does not perform adequate file path checking, allowing the creation or overwriting of files outside of the current directory tree. |
| Alerts: |
|
Comments (none posted)
gd: buffer overflow
| Package(s): | gd |
CVE #(s): | CVE-2007-0455
|
| Created: | February 7, 2007 |
Updated: | November 18, 2009 |
| Description: |
The gd graphics library contains a buffer overflow which could enable a remote attacker to execute arbitrary code. Note that various other packages include code from gd and could also be vulnerable. |
| Alerts: |
|
Comments (2 posted)
gd: multiple vulnerabilities
| Package(s): | gd |
CVE #(s): | CVE-2007-3472
CVE-2007-3473
CVE-2007-3474
CVE-2007-3475
CVE-2007-3476
CVE-2007-3477
CVE-2007-3478
|
| Created: | August 6, 2007 |
Updated: | November 6, 2009 |
| Description: |
Integer overflow in gdImageCreateTrueColor function in the GD Graphics
Library (libgd) before 2.0.35 allows user-assisted remote attackers
to have unspecified remote attack vectors and impact. (CVE-2007-3472)
The gdImageCreateXbm function in the GD Graphics Library (libgd)
before 2.0.35 allows user-assisted remote attackers to cause a denial
of service (crash) via unspecified vectors involving a gdImageCreate
failure. (CVE-2007-3473)
Multiple unspecified vulnerabilities in the GIF reader in the
GD Graphics Library (libgd) before 2.0.35 allow user-assisted
remote attackers to have unspecified attack vectors and
impact. (CVE-2007-3474)
The GD Graphics Library (libgd) before 2.0.35 allows user-assisted
remote attackers to cause a denial of service (crash) via a GIF image
that has no global color map. (CVE-2007-3475)
Array index error in gd_gif_in.c in the GD Graphics Library (libgd)
before 2.0.35 allows user-assisted remote attackers to cause
a denial of service (crash and heap corruption) via large color
index values in crafted image data, which results in a segmentation
fault. (CVE-2007-3476)
The (a) imagearc and (b) imagefilledarc functions in GD Graphics
Library (libgd) before 2.0.35 allows attackers to cause a denial
of service (CPU consumption) via a large (1) start or (2) end angle
degree value. (CVE-2007-3477)
Race condition in gdImageStringFTEx (gdft_draw_bitmap) in gdft.c in the
GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote
attackers to cause a denial of service (crash) via unspecified vectors,
possibly involving truetype font (TTF) support. (CVE-2007-3478) |
| Alerts: |
|
Comments (none posted)
gd: denial of service
| Package(s): | gd |
CVE #(s): | CVE-2007-2756
|
| Created: | June 14, 2007 |
Updated: | February 28, 2008 |
| Description: |
Libgd2 has a denial of service vulnerability involving the incorrect
validation of PNG callback results. If an application that is linked
against libgd2 is used to process a specially-crafted PNG file,
a denial of service involving CPU resource consumption can be
caused. |
| Alerts: |
|
Comments (none posted)
gedit: format string vulnerability
| Package(s): | gedit |
CVE #(s): | CAN-2005-1686
|
| Created: | June 9, 2005 |
Updated: | February 5, 2009 |
| Description: |
A format string vulnerability has been discovered in gedit. Calling
the program with specially crafted file names caused a buffer
overflow, which could be exploited to execute arbitrary code with the
privileges of the gedit user. |
| Alerts: |
|
Comments (1 posted)
gftp: buffer overflows
| Package(s): | gftp |
CVE #(s): | CVE-2007-3962
CVE-2007-3961
|
| Created: | November 2, 2007 |
Updated: | January 22, 2008 |
| Description: |
Kalle Olavi Niemitalo discovered two boundary errors in fsplib code
included in gFTP when processing overly long directory or file names. A
remote attacker could trigger these vulnerabilities by enticing a user to
download a file with a specially crafted directory or file name, possibly
resulting in the execution of arbitrary code (CVE-2007-3962) or a Denial of
Service (CVE-2007-3961). |
| Alerts: |
|
Comments (none posted)
gimp: multiple vulnerabilities
| Package(s): | gimp |
CVE #(s): | CVE-2007-2949
|
| Created: | June 28, 2007 |
Updated: | February 27, 2008 |
| Description: |
The gimp image editor has several vulnerabilities, including
a problem where it can open PSD files with excessive dimensions
and a possible stack overflow in the Sunras loader. |
| Alerts: |
|
Comments (none posted)
gnome-screensaver: keyboard lock bypass
| Package(s): | gnome-screensaver |
CVE #(s): | CVE-2007-3920
|
| Created: | October 24, 2007 |
Updated: | October 15, 2009 |
| Description: |
From the Ubuntu advisory:
Jens Askengren discovered that gnome-screensaver became confused when
running under Compiz, and could lose keyboard lock focus. A local
attacker could exploit this to bypass the user's locked screen saver. |
| Alerts: |
|
Comments (none posted)
openssh: inappropriate use of trusted cookies
| Package(s): | gnome-ssh-askpass openssh |
CVE #(s): | CVE-2007-4752
|
| Created: | September 11, 2007 |
Updated: | August 25, 2008 |
| Description: |
OpenSSH in versions prior
4.7 could use a trusted X11 cookie if the creation of an untrusted
cookie failed. |
| Alerts: |
|
Comments (none posted)
grip: buffer overflow
| Package(s): | grip |
CVE #(s): | CAN-2005-0706
|
| Created: | March 10, 2005 |
Updated: | November 19, 2008 |
| Description: |
Grip, a CD ripper, has a buffer overflow vulnerability that can
occur when the CDDB server returns more than 16 matches. |
| Alerts: |
|
Comments (none posted)
gzip: multiple vulnerabilities
| Package(s): | gzip |
CVE #(s): | CVE-2006-4334
CVE-2006-4335
CVE-2006-4336
CVE-2006-4337
CVE-2006-4338
|
| Created: | September 19, 2006 |
Updated: | January 20, 2010 |
| Description: |
Tavis Ormandy of the Google Security Team discovered two denial of service
flaws in the way gzip expanded archive files. If a victim expanded a
specially crafted archive, it could cause the gzip executable to hang or
crash.
Tavis Ormandy of the Google Security Team discovered several code execution
flaws in the way gzip expanded archive files. If a victim expanded a
specially crafted archive, it could cause the gzip executable to crash or
execute arbitrary code. |
| Alerts: |
|
Comments (1 posted)
horde-kronolith: local file inclusion
| Package(s): | horde-kronolith |
CVE #(s): | CVE-2006-6175
|
| Created: | January 17, 2007 |
Updated: | March 7, 2008 |
| Description: |
Kronolith contains a mistake in lib/FBView.php where a raw, unfiltered
string is used instead of a sanitized string to view local files. An
authenticated attacker could craft an HTTP GET request that uses directory
traversal techniques to execute any file on the web server as PHP code,
which could allow information disclosure or arbitrary code execution with
the rights of the user running the PHP application (usually the webserver
user). |
| Alerts: |
|
Comments (none posted)
hplip: arbitrary command execution
| Package(s): | hplip |
CVE #(s): | CVE-2007-5208
|
| Created: | October 12, 2007 |
Updated: | January 14, 2008 |
| Description: |
Kees Cook discovered a flaw in the way the hplip hpssd daemon handled user
input. A local attacker could send a specially crafted request to the hpssd
daemon, possibly allowing them to run arbitrary commands as the root user. |
| Alerts: |
|
Comments (none posted)
hugin: unsafe temporary file usage
| Package(s): | hugin |
CVE #(s): | CVE-2007-5200
|
| Created: | November 6, 2007 |
Updated: | December 6, 2007 |
| Description: |
hugin in SUSE openSUSE 10.2 and 10.3 allows local users to overwrite
arbitrary files via a symlink attack on a temporary file. |
| Alerts: |
|
Comments (none posted)
imagemagick: multiple vulnerabilities
| Package(s): | imagemagick |
CVE #(s): | CVE-2007-4985
CVE-2007-4986
CVE-2007-4987
CVE-2007-4988
|
| Created: | October 4, 2007 |
Updated: | August 11, 2009 |
| Description: |
The ImageMagick image decoders have multiple vulnerabilities.
If a user can be tricked into processing a specially crafted
DCM, DIB, XBM, XCF, or XWD image, arbitrary code may be executed with
the user's privileges. |
| Alerts: |
|
Comments (none posted)
ImageMagick: integer overflows
| Package(s): | imagemagick |
CVE #(s): | CVE-2007-1797
|
| Created: | April 4, 2007 |
Updated: | August 11, 2009 |
| Description: |
Multiple integer overflows in ImageMagick before 6.3.3-5 allow remote
attackers to execute arbitrary code via (1) a crafted DCM image, which
results in a heap-based overflow in the ReadDCMImage function, or (2) the
(a) colors or (b) comments field in a crafted XWD image, which results in a
heap-based overflow in the ReadXWDImage function, different issues than
CVE-2007-1667. |
| Alerts: |
|
Comments (none posted)
inotify-tools: arbitrary code execution
| Package(s): | inotify-tools |
CVE #(s): | CVE-2007-5037
|
| Created: | November 12, 2007 |
Updated: | December 28, 2007 |
| Description: |
From the Fedora advisory:
A vulnerability has been reported in inotify-tools, which can potentially be
exploited by malicious users to compromise an application using the library.
Successful exploitation may allow the execution of arbitrary code with
privileges of the application using the affected library.
NOTE: The programs shipped with inotify-tools are reportedly not affected.
The vulnerability is reported in versions prior to 3.11. |
| Alerts: |
|
Comments (none posted)
jasper: denial of service
| Package(s): | jasper |
CVE #(s): | CVE-2007-2721
|
| Created: | June 1, 2007 |
Updated: | April 19, 2010 |
| Description: |
The jpc_qcx_getcompparms function in jpc/jpc_cs.c could allow remote
user-assisted attackers to cause a denial of service (crash) and possibly
corrupt the heap via malformed image files. |
| Alerts: |
|
Comments (none posted)
java: multiple vulnerabilities
| Package(s): | java |
CVE #(s): | CVE-2006-4339
CVE-2006-4790
CVE-2006-6731
CVE-2006-6736
CVE-2006-6737
CVE-2006-6745
|
| Created: | January 18, 2007 |
Updated: | June 4, 2010 |
| Description: |
java has multiple vulnerabilities, these include:
an RSA exponent padding attack vulnerability, two vulnerabilities
which allow untrusted applets to access data in other applets,
vulnerabilities that involve applets gaining privileges due to
serialization bugs in the JRE and buffer overflows in the java image
handling routines that can give attackers read/write/execute capabilities
for local files. |
| Alerts: |
|
Comments (1 posted)
java-1.5.0-sun: multiple vulnerabilities
| Package(s): | java-1.5.0-sun |
CVE #(s): | CVE-2007-3503
CVE-2007-3655
CVE-2007-3698
CVE-2007-3922
|
| Created: | August 6, 2007 |
Updated: | June 24, 2008 |
| Description: |
The Javadoc tool was able to generate HTML documentation pages that
contained cross-site scripting (XSS) vulnerabilities. A remote attacker
could use this to inject arbitrary web script or HTML. (CVE-2007-3503)
The Java Web Start URL parsing component contained a buffer overflow
vulnerability within the parsing code for JNLP files. A remote attacker
could create a malicious JNLP file that could trigger this flaw and execute
arbitrary code when opened. (CVE-2007-3655)
The JSSE component did not correctly process SSL/TLS handshake requests. A
remote attacker who is able to connect to a JSSE-based service could
trigger this flaw leading to a denial-of-service. (CVE-2007-3698)
A flaw was found in the applet class loader. An untrusted applet could use
this flaw to circumvent network access restrictions, possibly connecting to
services hosted on the machine that executed the applet. (CVE-2007-3922)
|
| Alerts: |
|
Comments (none posted)
java-1.5.0-sun: multiple vulnerabilities
| Package(s): | java-1.5.0-sun |
CVE #(s): | CVE-2007-5232
CVE-2007-5238
CVE-2007-5239
CVE-2007-5240
CVE-2007-5273
CVE-2007-5274
|
| Created: | October 12, 2007 |
Updated: | April 25, 2008 |
| Description: |
Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier,
JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier,
and SDK and JRE 1.3.1_20 and earlier, when applet caching is enabled,
allows remote attackers to violate the security model for an applet's
outbound connections via a DNS rebinding attack. (CVE-2007-5232)
Java Web Start in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0
Update 12 and earlier, and SDK and JRE 1.4.2_15 and earlier does not
properly enforce access restrictions for untrusted applications, which
allows user-assisted remote attackers to obtain sensitive information (the
Java Web Start cache location) via an untrusted application, aka "three
vulnerabilities." (CVE-2007-5238)
Java Web Start in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0
Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE
1.3.1_20 and earlier does not properly enforce access restrictions for
untrusted (1) applications and (2) applets, which allows user-assisted
remote attackers to copy or rename arbitrary files when local users perform
drag-and-drop operations from the untrusted application or applet window
onto certain types of desktop applications. (CVE-2007-5239)
Visual truncation vulnerability in the Java Runtime Environment in Sun JDK
and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK
and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier allows
remote attackers to circumvent display of the untrusted-code warning banner
by creating a window larger than the workstation screen. (CVE-2007-5240)
Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier,
JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier,
and SDK and JRE 1.3.1_20 and earlier, when an HTTP proxy server is used,
allows remote attackers to violate the security model for an applet's
outbound connections via a multi-pin DNS rebinding attack in which the
applet download relies on DNS resolution on the proxy server, but the
applet's socket operations rely on DNS resolution on the local machine, a
different issue than CVE-2007-5274. NOTE: this is similar to
CVE-2007-5232. (CVE-2007-5273)
Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier,
JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier,
and SDK and JRE 1.3.1_20 and earlier, when Firefox or Opera is used, allows
remote attackers to violate the security model for JavaScript outbound
connections via a multi-pin DNS rebinding attack dependent on the
LiveConnect API, in which JavaScript download relies on DNS resolution by
the browser, but JavaScript socket operations rely on separate DNS
resolution by a Java Virtual Machine (JVM), a different issue than
CVE-2007-5273. NOTE: this is similar to CVE-2007-5232. (CVE-2007-5274) |
| Alerts: |
|
Comments (1 posted)
JRockit: multiple vulnerabilities
Comments (none posted)
kdelibs: kate backup file permission leak
| Package(s): | kdelibs kate kwrite |
CVE #(s): | CAN-2005-1920
|
| Created: | July 19, 2005 |
Updated: | September 21, 2010 |
| Description: |
Kate / Kwrite, as shipped with KDE 3.2.x up to including 3.4.0, creates a file backup before saving a modified file. These backup files are created with default permissions, even if the original file had more strict permissions set. See this advisory for more information. |
| Alerts: |
|
Comments (1 posted)
kernel: out-of-bounds access
| Package(s): | kernel |
CVE #(s): | CVE-2007-4573
|
| Created: | September 25, 2007 |
Updated: | December 6, 2010 |
| Description: |
The IA32 system call emulation functionality in Linux kernel 2.4.x and
2.6.x before 2.6.22.7, when running on the x86_64 architecture, does not
zero extend the eax register after the 32bit entry path to ptrace is used,
which might allow local users to gain privileges by triggering an
out-of-bounds access to the system call table using the %RAX register. |
| Alerts: |
|
Comments (none posted)
kernel: ALSA returns incorrect write size
| Package(s): | kernel |
CVE #(s): | CVE-2007-4571
|
| Created: | September 28, 2007 |
Updated: | June 20, 2008 |
| Description: |
The snd_mem_proc_read function in sound/core/memalloc.c in the Advanced
Linux Sound Architecture (ALSA) in the Linux kernel before 2.6.22.8 does
not return the correct write size, which allows local users to obtain
sensitive information (kernel memory contents) via a small count argument,
as demonstrated by multiple reads of /proc/driver/snd-page-alloc. |
| Alerts: |
|
Comments (none posted)
kernel: denial of service
| Package(s): | kernel |
CVE #(s): | CVE-2006-4535
CVE-2006-4538
|
| Created: | September 18, 2006 |
Updated: | January 5, 2009 |
| Description: |
Sridhar Samudrala discovered a local denial of service vulnerability
in the handling of SCTP sockets. By opening such a socket with a
special SO_LINGER value, a local attacker could exploit this to crash
the kernel. (CVE-2006-4535)
Kirill Korotaev discovered that the ELF loader on the ia64 and sparc
platforms did not sufficiently verify the memory layout. By attempting
to execute a specially crafted executable, a local user could exploit
this to crash the kernel. (CVE-2006-4538) |
| Alerts: |
|
Comments (none posted)
kernel: denial of service
| Package(s): | kernel |
CVE #(s): | CVE-2007-1861
CVE-2007-2242
|
| Created: | May 1, 2007 |
Updated: | February 8, 2008 |
| Description: |
The netlink protocol has an infinite recursion bug that allows users to
cause a kernel crash. Also the IPv6 protocol allows remote attackers to
cause a denial of service via crafted IPv6 type 0 route headers
(IPV6_RTHDR_TYPE_0) that create network amplification between two routers. |
| Alerts: |
|
Comments (none posted)
kernel: remote denial of service
| Package(s): | kernel |
CVE #(s): | CVE-2006-6058
CVE-2007-4997
|
| Created: | November 9, 2007 |
Updated: | June 13, 2008 |
| Description: |
The Minix filesystem code in Linux kernel 2.6.x up to 2.6.18, and possibly
other versions, allows local users to cause a denial of service (hang) via
a malformed minix file stream that triggers an infinite loop in the
minix_bmap function. NOTE: this issue might be due to an integer overflow
or signedness error.
Integer underflow in the ieee80211_rx function in
net/ieee80211/ieee80211_rx.c in the Linux kernel 2.6.x before 2.6.23 allows
remote attackers to cause a denial of service (crash) via a crafted SKB
length value in a runt IEEE 802.11 frame when the IEEE80211_STYPE_QOS_DATA
flag is set, aka an "off-by-two error." |
| Alerts: |
|
Comments (1 posted)
kernel: several vulnerabilities
| Package(s): | kernel |
CVE #(s): | CVE-2007-1353
CVE-2007-2451
CVE-2007-2453
|
| Created: | June 11, 2007 |
Updated: | March 6, 2008 |
| Description: |
Ilja van Sprundel discovered that Bluetooth setsockopt calls could leak
kernel memory contents via an uninitialized stack buffer. A local attacker
could exploit this flaw to view sensitive kernel information.
(CVE-2007-1353)
The GEODE-AES driver did not correctly initialize its encryption key.
Any data encrypted using this type of device would be easily compromised.
(CVE-2007-2451)
The random number generator was hashing a subset of the available
entropy, leading to slightly less random numbers. Additionally, systems
without an entropy source would be seeded with the same inputs at boot
time, leading to a repeatable series of random numbers. (CVE-2007-2453) |
| Alerts: |
|
Comments (none posted)
kernel: signal handling flaw on PPC
| Package(s): | kernel |
CVE #(s): | CVE-2007-3107
|
| Created: | July 10, 2007 |
Updated: | February 4, 2008 |
| Description: |
A flaw in the signal handling on PowerPC-based systems that allowed a
local user to cause a denial of service (floating point corruption). |
| Alerts: |
|
Comments (none posted)
kernel: several vulnerabilities
| Package(s): | kernel |
CVE #(s): | CVE-2006-5823
CVE-2006-6054
CVE-2007-1592
|
| Created: | June 12, 2007 |
Updated: | March 21, 2011 |
| Description: |
A flaw in the cramfs file system allows invalid compressed data to cause
memory corruption (CVE-2006-5823)
A flaw in the ext2 file system allows an invalid inode size to cause a
denial of service (system hang) (CVE-2006-6054)
A flaw in IPV6 flow label handling allows a local user to cause a denial of
service (crash) (CVE-2007-1592) |
| Alerts: |
|
Comments (none posted)
kernel: denial of service
| Package(s): | kernel |
CVE #(s): | CVE-2006-2935
CVE-2006-4145
CVE-2006-3745
|
| Created: | September 1, 2006 |
Updated: | July 30, 2008 |
| Description: |
Previous versions of the kernel package are subject to several
vulnerabilities. Certain malformed UDF filesystems can cause the system to
crash (denial of service). Malformed CDROM firmware or USB storage devices
(such as USB keys) could cause system crash (denial of service), and if
they were intentionally malformed, can cause arbitrary code to run with
elevated privileges. In addition, the SCTP protocol is subject to a remote
system crash (denial of service) attack. |
| Alerts: |
|
Comments (none posted)
kernel: multiple vulnerabilities
| Package(s): | kernel |
CVE #(s): | CVE-2006-5749
CVE-2006-4814
CVE-2006-6106
|
| Created: | January 5, 2007 |
Updated: | January 8, 2009 |
| Description: |
A security issue has been reported in Linux kernel due to an error in
drivers/isdn/i4l/isdn_ppp.c as the "isdn_ppp_ccp_reset_alloc_state()"
function never initializes an event timer before scheduling it with the
"add_timer()" function.
The mincore function in the kernel does not properly lock access to user
space, which has unspecified impact and attack vectors, possibly related to
a deadlock.
Another vulnerability has been reported in Linux kernel caused by a
boundary error within the handling of incoming CAPI messages in
net/bluetooth/cmtp/capi.c. This can be exploited to overwrite certain
Kernel data structures. |
| Alerts: |
|
Comments (none posted)
kernel: several vulnerabilities
| Package(s): | kernel |
CVE #(s): | CVE-2007-3851
CVE-2007-3848
CVE-2007-3105
|
| Created: | August 17, 2007 |
Updated: | January 8, 2009 |
| Description: |
The drm/i915 component in the Linux kernel before 2.6.22.2, when used with
i965G and later chipsets, allows local users with access to an X11 session
and Direct Rendering Manager (DRM) to write to arbitrary memory locations
and gain privileges via a crafted batchbuffer. (CVE-2007-3851)
Linux kernel 2.4.35 and other versions allows local users to send arbitrary
signals to a child process that is running at higher privileges by causing
a setuid-root parent process to die, which delivers an attacker-controlled
parent process death signal (PR_SET_PDEATHSIG). (CVE-2007-3848)
Stack-based buffer overflow in the random number generator (RNG)
implementation in the Linux kernel before 2.6.22 might allow local root
users to cause a denial of service or gain privileges by setting the
default wakeup threshold to a value greater than the output pool size,
which triggers writing random numbers to the stack by the pool transfer
function involving "bound check ordering". NOTE: this issue might only
cross privilege boundaries in environments that have granular assignment of
privileges for root. (CVE-2007-3105) |
| Alerts: |
|
Comments (1 posted)
krb5: multiple vulnerabilities
| Package(s): | krb5 |
CVE #(s): | CVE-2007-2442
CVE-2007-2443
CVE-2007-2798
|
| Created: | June 27, 2007 |
Updated: | March 24, 2008 |
| Description: |
David Coffey discovered an uninitialized pointer free flaw in the
RPC library used by kadmind. A remote unauthenticated attacker who
could access kadmind could trigger the flaw causing kadmind to crash
or possibly execute arbitrary code (CVE-2007-2442).
David Coffey also discovered an overflow flaw in the same RPC library.
A remote unauthenticated attacker who could access kadmind could
trigger the flaw causing kadmind to crash or possibly execute arbitrary
code (CVE-2007-2443).
Finally, a stack buffer overflow vulnerability was found in kadmind
that allowed an unauthenticated user able to access kadmind the
ability to trigger the vulnerability and possibly execute arbitrary
code (CVE-2007-2798). |
| Alerts: |
|
Comments (none posted)
krb5: uninitialized pointers
| Package(s): | krb5 |
CVE #(s): | CVE-2006-6143
CVE-2006-3084
|
| Created: | January 10, 2007 |
Updated: | July 7, 2010 |
| Description: |
The kdamind daemon can, in some situations, perform operations on uninitialized pointers. This bug could conceivably open up the system to a code execution attack by an unauthenticated remote attacker, but it appears to be difficult to exploit. See this advisory for details. |
| Alerts: |
|
Comments (1 posted)
krb5: local privilege escalation
| Package(s): | krb5 |
CVE #(s): | CVE-2006-3083
|
| Created: | August 9, 2006 |
Updated: | July 7, 2010 |
| Description: |
Some kerberos applications fail to check the results of setuid() calls, with the result that, if that call fails, they could continue to execute as root after thinking they had switched to a nonprivileged user. A local attacker who can cause these calls to fail (through resource exhaustion, presumably) could exploit this bug to gain root privileges. |
| Alerts: |
|
Comments (none posted)
krb5: buffer overflow, uninitialized pointer
| Package(s): | krb5 |
CVE #(s): | CVE-2007-3999
CVE-2007-4000
|
| Created: | September 4, 2007 |
Updated: | March 24, 2008 |
| Description: |
Tenable Network Security discovered a stack buffer overflow flaw in the RPC
library used by kadmind. A remote unauthenticated attacker who can access
kadmind could trigger this flaw and cause kadmind to crash.
Garrett Wollman discovered an uninitialized pointer flaw in kadmind. A
remote unauthenticated attacker who can access kadmind could trigger this
flaw and cause kadmind to crash. |
| Alerts: |
|
Comments (none posted)
krb5: multiple vulnerabilities
| Package(s): | krb5 |
CVE #(s): | CVE-2007-0956
CVE-2007-0957
CVE-2007-1216
|
| Created: | April 3, 2007 |
Updated: | March 24, 2008 |
| Description: |
A flaw was found in the username handling of the MIT krb5 telnet daemon
(telnetd). A remote attacker who can access the telnet port of a target
machine could log in as root without requiring a password. MIT krb5 Security Advisory 2007-001
Buffer overflows were found which affect the Kerberos KDC and the kadmin
server daemon. A remote attacker who can access the KDC could exploit this
bug to run arbitrary code with the privileges of the KDC or kadmin server
processes. MIT krb5 Security Advisory
2007-002
A double-free flaw was found in the GSSAPI library used by the kadmin
server daemon. MIT krb5 Security Advisory
2007-003 |
| Alerts: |
|
Comments (none posted)
kvirc: remote arbitrary code execution
| Package(s): | kvirc |
CVE #(s): | CVE-2007-2951
|
| Created: | September 14, 2007 |
Updated: | February 27, 2008 |
| Description: |
Stefan Cornelius from Secunia Research discovered that the
"parseIrcUrl()" function in file src/kvirc/kernel/kvi_ircurl.cpp does
not properly sanitize parts of the URI when building the command for
KVIrc's internal script system. |
| Alerts: |
|
Comments (none posted)
lftp: shell command execution
| Package(s): | lftp |
CVE #(s): | CVE-2007-2348
|
| Created: | May 4, 2007 |
Updated: | September 16, 2009 |
| Description: |
mirror --script in lftp before 3.5.9 does not properly quote shell
metacharacters, which might allow remote user-assisted attackers to execute
shell commands via a malicious script. NOTE: it is not clear whether this
issue crosses security boundaries, since the script already supports
commands such as "get" which could overwrite executable files. |
| Alerts: |
|
Comments (none posted)
libarchive: pax extension header vulnerabilities
| Package(s): | libarchive |
CVE #(s): | CVE-2007-3641
CVE-2007-3644
CVE-2007-3645
|
| Created: | August 9, 2007 |
Updated: | February 27, 2008 |
| Description: |
libarchive, a library for manipulating different streaming archive
formats, has a number of pax extension header vulnerabilities.
These may be used to cause a denial of service or for the execution
of arbitrary code. |
| Alerts: |
|
Comments (none posted)
libexif: integer overflow
| Package(s): | libexif |
CVE #(s): | CVE-2007-2645
|
| Created: | June 1, 2007 |
Updated: | February 11, 2008 |
| Description: |
Integer overflow in the exif_data_load_data_entry function in exif-data.c
in libexif before 0.6.14 allows user-assisted remote attackers to cause a
denial of service (crash) or possibly execute arbitrary code via crafted
EXIF data, involving the (1) doff or (2) s variable. |
| Alerts: |
|
Comments (none posted)
libmodplug: boundary errors
| Package(s): | libmodplug |
CVE #(s): | CVE-2006-4192
|
| Created: | December 11, 2006 |
Updated: | May 4, 2011 |
| Description: |
Luigi Auriemma has reported various boundary errors in load_it.cpp and
a boundary error in the "CSoundFile::ReadSample()" function in
sndfile.cpp. A remote attacker can entice a user to read crafted modules
or ITP files, which may trigger a buffer overflow resulting in the
execution of arbitrary code with the privileges of the user running the
application. |
| Alerts: |
|
Comments (none posted)
libphp-phpmailer: command execution
| Package(s): | libphp-phpmailer |
CVE #(s): | CVE-2007-3215
|
| Created: | June 20, 2007 |
Updated: | June 25, 2009 |
| Description: |
libphp-phpmailer does not do sufficient input validation, enabling shell command injection attacks. |
| Alerts: |
|
Comments (none posted)
libpng: several vulnerabilities
| Package(s): | libpng |
CVE #(s): | CVE-2007-5266
CVE-2007-5267
CVE-2007-5268
CVE-2007-5269
|
| Created: | October 19, 2007 |
Updated: | March 23, 2009 |
| Description: |
Certain chunk handlers in libpng before 1.0.29 and 1.2.x before 1.2.21
allow remote attackers to cause a denial of service (crash) via crafted (1)
pCAL (png_handle_pCAL), (2) sCAL (png_handle_sCAL), (3) tEXt
(png_push_read_tEXt), (4) iTXt (png_handle_iTXt), and (5) ztXT
(png_handle_ztXt) chunking in PNG images, which trigger out-of-bounds read
operations. (CVE-2007-5269)
pngrtran.c in libpng before 1.0.29 and 1.2.x before 1.2.21 use (1) logical
instead of bitwise operations and (2) incorrect comparisons, which might
allow remote attackers to cause a denial of service (crash) via a crafted
PNG image. (CVE-2007-5268)
Off-by-one error in ICC profile chunk handling in the png_set_iCCP function
in pngset.c in libpng before 1.2.22 beta1 allows remote attackers to cause
a denial of service (crash) via a crafted PNG image, due to an incorrect
fix for CVE-2007-5266. (CVE-2007-5267)
Off-by-one error in ICC profile chunk handling in the png_set_iCCP function
in pngset.c in libpng before 1.0.29 beta1 and 1.2.x before 1.2.21 beta1
allows remote attackers to cause a denial of service (crash) via a crafted
PNG image that prevents a name field from being NULL terminated.
(CVE-2007-5266) |
| Alerts: |
|
Comments (none posted)
libpng: denial of service
| Package(s): | libpng |
CVE #(s): | CVE-2007-2445
|
| Created: | May 17, 2007 |
Updated: | March 23, 2009 |
| Description: |
Libpng can be crashed when processing malformed PNG files.
It may also be possible to exploit this vulnerability to execute arbitrary
code. |
| Alerts: |
|
Comments (none posted)
libpng: buffer overflow
| Package(s): | libpng |
CVE #(s): | CVE-2006-3334
|
| Created: | July 19, 2006 |
Updated: | December 15, 2008 |
| Description: |
In pngrutil.c, the function png_decompress_chunk() allocates
insufficient space for an error message, potentially overwriting stack
data, leading to a buffer overflow. |
| Alerts: |
|
Comments (none posted)
libpng: heap based buffer overflow
| Package(s): | libpng |
CVE #(s): | CVE-2006-0481
|
| Created: | February 13, 2006 |
Updated: | December 15, 2008 |
| Description: |
A heap based buffer overflow bug was found in the way libpng strips alpha
channels from a PNG image. An attacker could create a carefully crafted PNG
image file in such a way that it could cause an application linked with
libpng to crash or execute arbitrary code when the file is opened by a
victim. |
| Alerts: |
|
Comments (1 posted)
libsndfile: heap-based buffer overflow
| Package(s): | libsndfile |
CVE #(s): | CVE-2007-4974
|
| Created: | September 25, 2007 |
Updated: | January 9, 2008 |
| Description: |
Heap-based buffer overflow in libsndfile 1.0.17 and earlier might allow
remote attackers to execute arbitrary code via a FLAC file with crafted PCM
data containing a block with a size that exceeds the previous block size. |
| Alerts: |
|
Comments (none posted)
libtiff: buffer overflow
| Package(s): | libtiff |
CVE #(s): | CVE-2006-2193
|
| Created: | June 15, 2006 |
Updated: | September 1, 2008 |
| Description: |
The t2p_write_pdf_string function in libtiff 3.8.2 and earlier is vulnerable
to a buffer overflow. Attackers can use a TIFF file with UTF-8 characters
in the DocumentName tag to overflow a buffer, causing a denial of service,
and possibly the execution of arbitrary code. |
| Alerts: |
|
Comments (none posted)
libvorbis: multiple memory corruption flaws
| Package(s): | libvorbis |
CVE #(s): | CVE-2007-3106
CVE-2007-4029
|
| Created: | July 27, 2007 |
Updated: | January 22, 2008 |
| Description: |
This iSEC Partners security advisory has
details on multiple memory corruption flaws in libvorbis. |
| Alerts: |
|
Comments (none posted)
libvorbis: multiple vulnerabilities
| Package(s): | libvorbis |
CVE #(s): | CVE-2007-4065
CVE-2007-4066
|
| Created: | October 11, 2007 |
Updated: | January 22, 2008 |
| Description: |
libvorbis has a number of vulnerabilities that can be triggered by
opening a specially crafted Ogg file. Vulnerabilities include
crashing and the execution of arbitrary code. |
| Alerts: |
|
Comments (1 posted)
libxml2 - arbitrary code execution
| Package(s): | libxml2 |
CVE #(s): | CAN-2004-0110
|
| Created: | February 26, 2004 |
Updated: | August 19, 2009 |
| Description: |
Yuuichi Teranishi discovered a flaw in libxml2 versions prior to 2.6.6.
When fetching a remote resource via FTP or HTTP, libxml2 uses special
parsing routines. These routines can overflow a buffer if passed a very
long URL. If an attacker is able to find an application using libxml2 that
parses remote resources and allows them to influence the URL, then this
flaw could be used to execute arbitrary code. |
| Alerts: |
|
Comments (none posted)
libxml2: multiple buffer overflows
| Package(s): | libxml2 |
CVE #(s): | CAN-2004-0989
|
| Created: | October 28, 2004 |
Updated: | August 19, 2009 |
| Description: |
libxml2 prior to version 2.6.14 has multiple buffer overflow
vulnerabilities, if a local user passes a specially crafted
FTP URL, arbitrary code may be executed. |
| Alerts: |
|
Comments (none posted)
liferea: weak permissions
| Package(s): | liferea |
CVE #(s): | CVE-2007-5751
|
| Created: | November 2, 2007 |
Updated: | December 22, 2008 |
| Description: |
Liferea before 1.4.6 uses weak permissions (0644) for the feedlist.opml backup file, which allows local users to obtain credentials. |
| Alerts: |
|
Comments (1 posted)
lighttpd: denial of service
| Package(s): | lighttpd |
CVE #(s): | CVE-2007-3946
CVE-2007-3947
CVE-2007-3948
CVE-2007-3949
CVE-2007-3950
|
| Created: | July 19, 2007 |
Updated: | July 15, 2008 |
| Description: |
The lighttpd web server has multiple vulnerabilities involving
a remote access-control setting circumvention that is performed
by the sending of malformed requests. This can be used to crash
the server and cause a denial of service. |
| Alerts: |
|
Comments (none posted)
link-grammar: stack-based buffer overflow
| Package(s): | link-grammar |
CVE #(s): | CVE-2007-5395
|
| Created: | November 13, 2007 |
Updated: | December 17, 2007 |
| Description: |
Stack-based buffer overflow in the separate_word function in tokenize.c in
Link Grammar 4.1b and possibly other versions, as used in AbiWord Link
Grammar 4.2.4, allows remote attackers to execute arbitrary code via a long
word, as reachable through the separate_sentence function. |
| Alerts: |
|
Comments (none posted)
vmware-player-kernel: several vulnerabilities
| Package(s): | linux-restricted-modules-2.6.17/20, vmware-player-kernel-2.6.15 |
CVE #(s): | CVE-2007-0061
CVE-2007-0062
CVE-2007-0063
CVE-2007-4496
CVE-2007-4497
|
| Created: | November 16, 2007 |
Updated: | March 13, 2009 |
| Description: |
Neel Mehta and Ryan Smith discovered that the VMWare Player DHCP server
did not correctly handle certain packet structures. Remote attackers
could send specially crafted packets and gain root privileges.
(CVE-2007-0061, CVE-2007-0062, CVE-2007-0063)
Rafal Wojtczvk discovered multiple memory corruption issues in VMWare
Player. Attackers with administrative privileges in a guest operating
system could cause a denial of service or possibly execute arbitrary
code on the host operating system. (CVE-2007-4496, CVE-2007-4497)
|
| Alerts: |
|
Comments (none posted)
lookup-el: insecure temporary file
| Package(s): | lookup-el |
CVE #(s): | CVE-2007-0237
|
| Created: | March 19, 2007 |
Updated: | December 10, 2007 |
| Description: |
Tatsuya Kinoshita discovered that Lookup, a search interface to electronic
dictionaries on emacsen, creates a temporary file in an insecure fashion
when the ndeb-binary feature is used, which allows a local attacker to
craft a symlink attack to overwrite arbitrary files. |
| Alerts: |
|
Comments (none posted)
lynx: arbitrary command execution
| Package(s): | lynx |
CVE #(s): | CVE-2005-2929
|
| Created: | November 14, 2005 |
Updated: | September 14, 2009 |
| Description: |
An arbitrary command execute bug was found in the lynx "lynxcgi:" URI
handler. An attacker could create a web page redirecting to a malicious URL
which could execute arbitrary code as the user running lynx. |
| Alerts: |
|
Comments (none posted)
madwifi: denial of service
| Package(s): | madwifi |
CVE #(s): | CVE-2007-5448
|
| Created: | November 8, 2007 |
Updated: | January 11, 2008 |
| Description: |
The MadWifi driver for Atheros Wireless Lan cards
does not process beacon frames correctly. This can be
used by a remote attacker to cause a denial of service. |
| Alerts: |
|
Comments (none posted)
mailman: error log spoof
| Package(s): | mailman |
CVE #(s): | CVE-2006-4624
|
| Created: | November 15, 2007 |
Updated: | November 21, 2007 |
| Description: |
The Mailman mailing list manager is vulnerable to log file spoofing.
A remote attacker can insert carriage return/line feed sequences,
causing invalid error log messages to be recorded. This makes
it possible to trick the administrator into visiting malicious URLs. |
| Alerts: |
|
Comments (1 posted)
mapserver: multiple cross-site scripting vulnerabilities
| Package(s): | mapserver |
CVE #(s): | CVE-2007-4542
CVE-2007-4629
|
| Created: | September 5, 2007 |
Updated: | April 7, 2008 |
| Description: |
CVE-2007-4542: Multiple cross-site scripting (XSS) vulnerabilities in MapServer before 4.10.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving the (1) processLine function in maptemplate.c and the (2) writeError function in mapserv.c in the mapserv CGI program.
CVE-2007-4629: Buffer overflow in the processLine function in maptemplate.c in MapServer before 4.10.3 allows attackers to cause a denial of service and possibly execute arbitrary code via a mapfile with a long layer name, group name, or metadata entry name. |
| Alerts: |
|
Comments (none posted)
mod_jk: proxy bypass
| Package(s): | mod_jk |
CVE #(s): | CVE-2007-1860
|
| Created: | May 30, 2007 |
Updated: | March 7, 2008 |
| Description: |
From the Red Hat advisory: "Versions of mod_jk before 1.2.23 decoded request URLs by default inside
Apache httpd and forwarded the encoded URL to Tomcat, which itself did a
second decoding. If Tomcat was used behind mod_jk and configured to only
proxy some contexts, an attacker could construct a carefully crafted HTTP
request to work around the context restriction and potentially access
non-proxied content." |
| Alerts: |
|
Comments (none posted)
moin: arbitrary JavaScript execution
| Package(s): | moin |
CVE #(s): | CVE-2007-2423
|
| Created: | May 8, 2007 |
Updated: | March 10, 2008 |
| Description: |
A flaw was discovered in MoinMoin's error reporting when using the
AttachFile action. By tricking a user into viewing a crafted MoinMoin
URL, an attacker could execute arbitrary JavaScript as the current
MoinMoin user, possibly exposing the user's authentication information
for the domain where MoinMoin was hosted. |
| Alerts: |
|
Comments (none posted)
mono: arbitrary code execution via integer overflow
| Package(s): | mono |
CVE #(s): | CVE-2007-5197
|
| Created: | November 6, 2007 |
Updated: | December 7, 2009 |
| Description: |
From the Debian advisory: An integer overflow in the BigInteger data type implementation has been
discovered in the free .NET runtime Mono.
|
| Alerts: |
|
Comments (none posted)
moodle: cross-site scripting
| Package(s): | moodle |
CVE #(s): | CVE-2007-3555
|
| Created: | August 7, 2007 |
Updated: | December 22, 2008 |
| Description: |
A cross-site scripting (XSS) vulnerability in index.php in Moodle 1.7.1
allows remote attackers to inject arbitrary web script or HTML via a style
expression in the search parameter. |
| Alerts: |
|
Comments (none posted)
mplayer: buffer overflow
| Package(s): | mplayer |
CVE #(s): | CVE-2007-1246
|
| Created: | March 8, 2007 |
Updated: | April 1, 2008 |
| Description: |
MPlayer versions up to 1.0rc1 have a buffer overflow in the
loader/dmo/DMO_VideoDecoder.c DMO_VideoDecoder_Open function.
user-assisted remote attackers can use this to create a buffer overflow
and possibly execute arbitrary code. |
| Alerts: |
|
Comments (none posted)
mydns: buffer overflows
| Package(s): | mydns |
CVE #(s): | CVE-2007-2362
|
| Created: | May 23, 2007 |
Updated: | December 17, 2007 |
| Description: |
Multiple buffer overflows in MyDNS allow remote attackers to cause a denial of
service (daemon crash) and possibly execution of arbitrary code. |
| Alerts: |
|
Comments (none posted)
MySQL: denial of service
| Package(s): | mysql |
CVE #(s): | CVE-2007-5925
|
| Created: | November 19, 2007 |
Updated: | February 8, 2008 |
| Description: |
From the CVE entry:
The convert_search_mode_to_innobase function in ha_innodb.cc in the InnoDB engine in MySQL 5.1.23-BK and earlier allows remote authenticated users to cause a denial of service (database crash) via a certain CONTAINS operation on an indexed column, which triggers an assertion error. |
| Alerts: |
|
Comments (none posted)
mysql: denial of service
| Package(s): | mysql |
CVE #(s): | CVE-2007-1420
|
| Created: | March 22, 2007 |
Updated: | May 21, 2008 |
| Description: |
MySQL subselect queries using "ORDER BY" can be used by an attacker with
access to a MySQL instance in order to create an intermittent denial
of service. |
| Alerts: |
|
Comments (none posted)
mysql: format string bug
| Package(s): | mysql |
CVE #(s): | CVE-2006-3469
|
| Created: | July 21, 2006 |
Updated: | July 30, 2008 |
| Description: |
Jean-David Maillefer discovered a format string bug in the
date_format() function's error reporting. By calling the function with
invalid arguments, an authenticated user could exploit this to crash
the server. |
| Alerts: |
|
Comments (none posted)
MySQL: privilege violations
| Package(s): | mysql |
CVE #(s): | CVE-2006-4031
CVE-2006-4226
|
| Created: | August 25, 2006 |
Updated: | July 30, 2008 |
| Description: |
MySQL 4.1 before 4.1.21 and 5.0 before 5.0.24 allows a local user to access
a table through a previously created MERGE table, even after the user's
privileges are revoked for the original table, which might violate intended
security policy (CVE-2006-4031).
MySQL 4.1 before 4.1.21, 5.0 before 5.0.25, and 5.1 before 5.1.12, when run
on case-sensitive filesystems, allows remote authenticated users to create
or access a database when the database name differs only in case from a
database for which they have permissions (CVE-2006-4226). |
| Alerts: |
|
Comments (none posted)
mysql: multiple vulnerabilities
Comments (none posted)
MySQL: logging bypass
| Package(s): | mysql |
CVE #(s): | CVE-2006-0903
|
| Created: | April 4, 2006 |
Updated: | May 21, 2008 |
| Description: |
MySQL 5.0.18 and earlier allows local users to bypass logging mechanisms
via SQL queries that contain the NULL character, which are not properly
handled by the mysql_real_query function. NOTE: this issue was originally
reported for the mysql_query function, but the vendor states that since
mysql_query expects a null character, this is not an issue for mysql_query. |
| Alerts: |
|
Comments (2 posted)
nagios-plugins: buffer overflow
| Package(s): | nagios-plugins |
CVE #(s): | CVE-2007-5198
|
| Created: | October 23, 2007 |
Updated: | April 17, 2008 |
| Description: |
Buffer overflow in the redir function in check_http.c in Nagios Plugins
before 1.4.10 allows remote web servers to execute arbitrary code via long
Location header responses (redirects). |
| Alerts: |
|
Comments (none posted)
nagios-plugins: check_snmp buffer overflow
| Package(s): | nagios-plugins |
CVE #(s): | CVE-2007-5623
|
| Created: | November 2, 2007 |
Updated: | April 17, 2008 |
| Description: |
Buffer overflow in the check_snmp function in Nagios Plugins (nagios-plugins) 1.4.10 allows remote attackers to cause a denial of service (crash) via crafted snmpget replies. |
| Alerts: |
|
Comments (none posted)
nbd: arbitrary code execution
| Package(s): | nbd |
CVE #(s): | CVE-2005-3534
|
| Created: | January 6, 2006 |
Updated: | March 7, 2011 |
| Description: |
Kurt Fitzner discovered that the NBD (network block device) server did not
correctly verify the maximum size of request packets. By sending specially
crafted large request packets, a remote attacker who is allowed to access
the server could exploit this to execute arbitrary code with root
privileges. |
| Alerts: |
|
Comments (none posted)
ncompress: buffer underflow
| Package(s): | ncompress |
CVE #(s): | CVE-2006-1168
|
| Created: | August 10, 2006 |
Updated: | February 21, 2012 |
| Description: |
The ncompress compression utility has a missing boundary check.
A local user can use a maliciously created file to cause a
a .bss buffer underflow. |
| Alerts: |
|
Comments (none posted)
net-snmp: denial of service
| Package(s): | net-snmp |
CVE #(s): | CVE-2007-5846
|
| Created: | November 16, 2007 |
Updated: | February 7, 2008 |
| Description: |
A flaw was discovered in the way net-snmp handled certain requests. A
remote attacker who can connect to the snmpd UDP port (161 by default)
could send a malicious packet causing snmpd to crash, resulting in a
denial of service. |
| Alerts: |
|
Comments (none posted)
nginx: cross site scripting
| Package(s): | nginx |
CVE #(s): | |
| Created: | July 20, 2007 |
Updated: | September 14, 2009 |
| Description: |
Nginx [engine x] is an HTTP(S) server, HTTP(S) reverse proxy and IMAP/POP3
proxy server written by Igor Sysoev. The "msie_refresh" directive could
allow cross site scripting. |
| Alerts: |
|
Comments (none posted)
opal: denial of service
| Package(s): | opal |
CVE #(s): | CVE-2007-4924
|
| Created: | October 8, 2007 |
Updated: | January 9, 2008 |
| Description: |
From the Red Hat advisory: A flaw was discovered in the way opal handled certain Session Initiation
Protocol (SIP) packets. An attacker could use this flaw to crash an
application, such as Ekiga, which is linked with opal. (CVE-2007-4924) |
| Alerts: |
|
Comments (none posted)
openldap: denial of service
| Package(s): | openldap |
CVE #(s): | CVE-2007-5707
|
| Created: | November 8, 2007 |
Updated: | April 9, 2008 |
| Description: |
The OpenLDAP Lightweight Directory Access Protocol suite has a problem
with handling of malformed objectClasses LDAP attributes by the slapd
daemon. Both local and remote attackers can use this to crash slapd,
causing a denial of service. |
| Alerts: |
|
Comments (none posted)
OpenOffice.org: arbitrary code execution
| Package(s): | openoffice.org |
CVE #(s): | CVE-2007-0245
|
| Created: | June 13, 2007 |
Updated: | June 12, 2008 |
| Description: |
A specially crafted RTF file could cause the
filter to overwrite data on the heap, which may lead to the execution
of arbitrary code. |
| Alerts: |
|
Comments (none posted)
openoffice.org: arbitrary code execution via TIFF images
| Package(s): | openoffice.org |
CVE #(s): | CVE-2007-2834
|
| Created: | September 17, 2007 |
Updated: | June 12, 2008 |
| Description: |
A heap overflow vulnerability has been discovered in the TIFF parsing
code of the OpenOffice.org suite. The parser uses untrusted values
from the TIFF file to calculate the number of bytes of memory to
allocate. A specially crafted TIFF image could trigger an integer
overflow and subsequently a buffer overflow that could cause the
execution of arbitrary code. |
| Alerts: |
|
Comments (none posted)
openssh: log file corruption
| Package(s): | openssh |
CVE #(s): | CVE-2007-3102
|
| Created: | November 15, 2007 |
Updated: | November 21, 2007 |
| Description: |
The ssh server can incorrectly write account names to the
audit subsystem. A remote attacker can inject strings with
parts of audit messages in order to corrupt logs. This can
mislead administrators and confuse log parsing tools.
|
| Alerts: |
|
Comments (1 posted)
openssh: remote denial of service
| Package(s): | openssh |
CVE #(s): | CVE-2006-4924
CVE-2006-5051
|
| Created: | September 27, 2006 |
Updated: | September 17, 2008 |
| Description: |
Openssh 4.4 fixes some
security issues, including a pre-authentication denial of service, an
unsafe signal hander and on portable OpenSSH a GSSAPI authentication abort
could be used to determine the validity of usernames on some platforms. |
| Alerts: |
|
Comments (none posted)
openssl: off-by-one error
| Package(s): | openssl |
CVE #(s): | CVE-2007-4995
|
| Created: | October 23, 2007 |
Updated: | May 13, 2008 |
| Description: |
Off-by-one error in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8f
and 0.9.7 allows remote attackers to execute arbitrary code via unspecified
vectors. |
| Alerts: |
|
Comments (none posted)
openssl: off-by-one error
| Package(s): | openssl |
CVE #(s): | CVE-2007-5135
|
| Created: | October 3, 2007 |
Updated: | July 31, 2008 |
| Description: |
From the Debian advisory: An off-by-one error has been identified in the SSL_get_shared_ciphers()
routine in the libssl library from OpenSSL, an implementation of Secure
Socket Layer cryptographic libraries and utilities. This error could
allow an attacker to crash an application making use of OpenSSL's libssl
library, or potentially execute arbitrary code in the security context
of the user running such an application. |
| Alerts: |
|
Comments (none posted)
openssl: private key attack
| Package(s): | openssl |
CVE #(s): | CVE-2007-3108
|
| Created: | August 7, 2007 |
Updated: | May 13, 2008 |
| Description: |
OpenSSL could allow a local user in certain circumstances to divulge
information about private keys being used. |
| Alerts: |
|
Comments (none posted)
opera: multiple vulnerabilities
| Package(s): | opera |
CVE #(s): | CVE-2007-4367
CVE-2007-3929
CVE-2007-3142
CVE-2007-3819
|
| Created: | August 23, 2007 |
Updated: | February 27, 2008 |
| Description: |
The Opera browser has multiple vulnerabilities.
The JavaScript engine is vulnerable to a virtual function call on an invalid pointer that can be triggered by specially crafted JavaScript.
A freed pointer in the BitTorrent support may be
accessed, this can be used for malicious code execution.
The browser is vulnerable to several memory read protection
errors. There are URI display errors that can be used to trick
users into visiting arbitrary web sites. |
| Alerts: |
|
Comments (none posted)
pcre: CVE consolidation
| Package(s): | pcre |
CVE #(s): | CVE-2005-4872
CVE-2006-7227
CVE-2006-7224
|
| Created: | November 15, 2007 |
Updated: | May 13, 2008 |
| Description: |
PCRE has flaws in the way it handles malformed regular
expressions.
If an application linked against PCRE, such as Konqueror,
encounters a maliciously created regular expression, it may be possible
to run arbitrary code. Vulnerabilities CVE-2005-4872 and CVE-2006-7227
have been combined into CVE-2006-7224. |
| Alerts: |
|
Comments (5 posted)
pcre: two arbitrary code execution vulnerabilities
| Package(s): | pcre |
CVE #(s): | CVE-2007-1659
CVE-2007-1660
|
| Created: | November 6, 2007 |
Updated: | July 16, 2008 |
| Description: |
Multiple flaws were found in the way pcre handles certain malformed regular
expressions. If an application linked against pcre, such as Konqueror,
parses a malicious regular expression, it may be possible to run arbitrary
code as the user running the application. (CVE-2007-1659, CVE-2007-1660) |
| Alerts: |
|
Comments (none posted)
perl: arbitrary code execution
| Package(s): | Perl |
CVE #(s): | CVE-2007-5116
|
| Created: | November 6, 2007 |
Updated: | December 5, 2007 |
| Description: |
A flaw was found in Perl's regular expression engine. Specially crafted
input to a regular expression can cause Perl to improperly allocate memory,
possibly resulting in arbitrary code running with the permissions of the
user running Perl. (CVE-2007-5116)
|
| Alerts: |
|
Comments (none posted)
perl-Net-DNS: predictable id sequence
| Package(s): | perl-Net-DNS |
CVE #(s): | CVE-2007-3377
|
| Created: | June 26, 2007 |
Updated: | March 12, 2008 |
| Description: |
Net::DNS before 0.60 uses an id sequence that is predictable and the same
in all child processes. |
| Alerts: |
|
Comments (none posted)
php: multiple vulnerabilities
| Package(s): | php |
CVE #(s): | CVE-2007-1001
CVE-2007-1285
CVE-2007-1718
CVE-2007-1583
|
| Created: | April 16, 2007 |
Updated: | December 4, 2007 |
| Description: |
A denial of service flaw was found in the way PHP processed a deeply nested
array. A remote attacker could cause the PHP interpreter to crash by
submitting an input variable with a deeply nested array. (CVE-2007-1285)
A flaw was found in the way the mbstring extension set global variables. A
script which used the mb_parse_str() function to set global variables could
be forced to enable the register_globals configuration option, possibly
resulting in global variable injection. (CVE-2007-1583)
A flaw was discovered in the way PHP's mail() function processed header
data. If a script sent mail using a Subject header containing a string from
an untrusted source, a remote attacker could send bulk e-mail to unintended
recipients. (CVE-2007-1718)
A heap based buffer overflow flaw was discovered in PHP's gd extension. A
script that could be forced to process WBMP images from an untrusted source
could result in arbitrary code execution. (CVE-2007-1001) |
| Alerts: |
|
Comments (none posted)
php: several vulnerabilities
| Package(s): | php |
CVE #(s): | CVE-2006-4481
CVE-2006-4484
CVE-2006-4485
|
| Created: | September 8, 2006 |
Updated: | June 13, 2008 |
| Description: |
The file_exists and imap_reopen functions in PHP before 5.1.5 do not check
for the safe_mode and open_basedir settings, which allows local users to
bypass the settings (CVE-2006-4481).
A buffer overflow in the LWZReadByte function in ext/gd/libgd/gd_gif_in.c
in the GD extension in PHP before 5.1.5 allows remote attackers to have an
unknown impact via a GIF file with input_code_size greater than
MAX_LWZ_BITS, which triggers an overflow when initializing the table array
(CVE-2006-4484).
The stripos function in PHP before 5.1.5 has unknown impact and attack
vectors related to an out-of-bounds read (CVE-2006-4485). |
| Alerts: |
|
Comments (1 posted)
php: multiple vulnerabilities
| Package(s): | php |
CVE #(s): | CVE-2007-2872
CVE-2007-2756
|
| Created: | June 1, 2007 |
Updated: | January 29, 2008 |
| Description: |
According to a vendor release announcement multiple
security enhancements and fixes were fixed in version 5.2.3 of the
programming language PHP. |
| Alerts: |
|
Comments (none posted)
php: multiple vulnerabilities
| Package(s): | php |
CVE #(s): | CVE-2007-3799
CVE-2007-3998
CVE-2007-4659
CVE-2007-4658
CVE-2007-4670
CVE-2007-4661
|
| Created: | October 23, 2007 |
Updated: | May 19, 2008 |
| Description: |
From the Red Hat advisory:
Various integer overflow flaws were found in the PHP gd extension. A
script that could be forced to resize images from an untrusted source could
possibly allow a remote attacker to execute arbitrary code as the apache
user. (CVE-2007-3996)
A previous security update introduced a bug into PHP session cookie
handling. This could allow an attacker to stop a victim from viewing a
vulnerable web site if the victim has first visited a malicious web page
under the control of the attacker, and that page can set a cookie for the
vulnerable web site. (CVE-2007-4670)
A flaw was found in the PHP money_format function. If a remote attacker
was able to pass arbitrary data to the money_format function this could
possibly result in an information leak or denial of service. Note that is
is unusual for a PHP script to pass user-supplied data to the money_format
function. (CVE-2007-4658)
A flaw was found in the PHP wordwrap function. If a remote attacker was
able to pass arbitrary data to the wordwrap function this could possibly
result in a denial of service. (CVE-2007-3998)
A bug was found in PHP session cookie handling. This could allow an
attacker to create a cross-site cookie insertion attack if a victim follows
an untrusted carefully-crafted URL. (CVE-2007-3799)
A flaw was found in handling of dynamic changes to global variables. A
script which used certain functions which change global variables could
be forced to enable the register_globals configuration option, possibly
resulting in global variable injection. (CVE-2007-4659)
An integer overflow flaw was found in the PHP chunk_split function. If a
remote attacker was able to pass arbitrary data to the third argument of
chunk_split they could possibly execute arbitrary code as the apache user.
Note that it is unusual for a PHP script to use the chunk_split function
with a user-supplied third argument. (CVE-2007-4661) |
| Alerts: |
|
Comments (none posted)
php: buffer overflows
| Package(s): | php |
CVE #(s): | CVE-2006-5465
|
| Created: | November 3, 2006 |
Updated: | January 18, 2010 |
| Description: |
The Hardened-PHP Project discovered buffer overflows in
htmlentities/htmlspecialchars internal routines to the PHP Project. Of
course the whole purpose of these functions is to be filled with user
input. (The overflow can only be when UTF-8 is used) |
| Alerts: |
|
Comments (none posted)
php5: multiple vulnerabilities
| Package(s): | php5 |
CVE #(s): | CVE-2007-4783
CVE-2007-4840
CVE-2007-5898
CVE-2007-5899
CVE-2007-5900
|
| Created: | November 20, 2007 |
Updated: | January 18, 2010 |
| Description: |
The php5 package contains multiple vulnerabilities, the most serious of which involve several Denial of Service attacks (application crashes and temporary application hangs). It is not currently known that these vulnerabilities can be exploited to execute malicious code. |
| Alerts: |
|
Comments (none posted)
phpbb2: missing input sanitizing
| Package(s): | phpbb2 |
CVE #(s): | CVE-2006-1896
|
| Created: | May 22, 2006 |
Updated: | February 11, 2008 |
| Description: |
It was discovered that phpbb2, a web based bulletin board, insufficiently
sanitizes values passed to the "Font Color 3" setting, which might lead to
the execution of injected code by admin users. |
| Alerts: |
|
Comments (none posted)
phpbb2: multiple vulnerabilities
| Package(s): | phpbb2 |
CVE #(s): | CVE-2005-3310
CVE-2005-3415
CVE-2005-3416
CVE-2005-3417
CVE-2005-3418
CVE-2005-3419
CVE-2005-3420
CVE-2005-3536
CVE-2005-3537
|
| Created: | December 22, 2005 |
Updated: | February 11, 2008 |
| Description: |
The phpbb2 web forum has a number of vulnerabilities including:
a web script injection problem, a protection mechanism bypass, a
security check bypass, a remote global variable bypass, cross site
scripting vulnerabilities, an SQL injection vulnerability,
a remote regular expression modification problem, missing input
sanitizing, and a missing request validation problem. |
| Alerts: |
|
Comments (none posted)
phpmyadmin: multiple vulnerabilities
| Package(s): | phpmyadmin |
CVE #(s): | CVE-2006-6942
CVE-2006-6944
CVE-2007-1325
CVE-2007-1395
CVE-2007-2245
|
| Created: | September 10, 2007 |
Updated: | March 19, 2009 |
| Description: |
Several remote vulnerabilities have been discovered in phpMyAdmin, a
program to administrate MySQL over the web. The Common Vulnerabilities
and Exposures project identifies the following problems:
CVE-2007-1325:
The PMA_ArrayWalkRecursive function in libraries/common.lib.php
does not limit recursion on arrays provided by users, which allows
context-dependent attackers to cause a denial of service (web
server crash) via an array with many dimensions.
CVE-2007-1395:
Incomplete blacklist vulnerability in index.php allows remote
attackers to conduct cross-site scripting (XSS) attacks by
injecting arbitrary JavaScript or HTML in a (1) db or (2) table
parameter value followed by an uppercase </SCRIPT> end tag,
which bypasses the protection against lowercase </script>.
CVE-2007-2245:
Multiple cross-site scripting (XSS) vulnerabilities allow remote
attackers to inject arbitrary web script or HTML via (1) the
fieldkey parameter to browse_foreigners.php or (2) certain input
to the PMA_sanitize function.
CVE-2006-6942:
Multiple cross-site scripting (XSS) vulnerabilities allow remote
attackers to inject arbitrary HTML or web script via (1) a comment
for a table name, as exploited through (a) db_operations.php,
(2) the db parameter to (b) db_create.php, (3) the newname parameter
to db_operations.php, the (4) query_history_latest,
(5) query_history_latest_db, and (6) querydisplay_tab parameters to
(c) querywindow.php, and (7) the pos parameter to (d) sql.php.
CVE-2006-6944:
phpMyAdmin allows remote attackers to bypass Allow/Deny access rules
that use IP addresses via false headers.
|
| Alerts: |
|
Comments (none posted)
phpMyAdmin: cross-site scripting vulnerabilities
| Package(s): | phpMyAdmin |
CVE #(s): | CVE-2007-5386
CVE-2007-5589
|
| Created: | November 2, 2007 |
Updated: | March 14, 2008 |
| Description: |
Cross-site scripting (XSS) vulnerability in scripts/setup.php in phpMyAdmin
2.11.1, when accessed by a browser that does not URL-encode requests,
allows remote attackers to inject arbitrary web script or HTML via the
query string.
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before
2.11.1.2 allow remote attackers to inject arbitrary web script or HTML via
certain input available in (1) PHP_SELF in (a) server_status.php, and (b)
grab_globals.lib.php, (c) display_change_password.lib.php, and (d)
common.lib.php in libraries/; and certain input available in PHP_SELF and
(2) PATH_INFO in libraries/common.inc.php. NOTE: there might also be other
vectors related to (3) REQUEST_URI. |
| Alerts: |
|
Comments (none posted)
php-pear-MDB2: URL injection
| Package(s): | php-pear-MDB2-Driver-mysql |
CVE #(s): | CVE-2007-5934
|
| Created: | November 16, 2007 |
Updated: | December 10, 2007 |
| Description: |
The PEAR MDB2 in versions prior to 2.5.0a1 can interpret a request to
store a URL string as a request to retrieve and store the contents of the URL. This can allow remote attackers to obtain information by inserting
a URL in a form field in an MDB2 application. |
| Alerts: |
|
Comments (none posted)
phpPgAdmin: cross-site scripting
| Package(s): | phppgadmin |
CVE #(s): | CVE-2007-2865
CVE-2007-5728
|
| Created: | June 18, 2007 |
Updated: | January 21, 2009 |
| Description: |
A cross-site scripting (XSS) vulnerability in sqledit.php in phpPgAdmin
4.1.1 allows remote attackers to inject arbitrary web script or HTML via
the server parameter. |
| Alerts: |
|
Comments (none posted)
pidgin: denial of service
| Package(s): | pidgin |
CVE #(s): | CVE-2007-4999
|
| Created: | November 2, 2007 |
Updated: | November 29, 2007 |
| Description: |
libpurple in Pidgin 2.1.0 through 2.2.1, when using HTML logging, allows
remote attackers to cause a denial of service (NULL dereference and
application crash) via a message that contains invalid HTML data, a
different vector than CVE-2007-4996. |
| Alerts: |
|
Comments (none posted)
pioneers: denial of service
| Package(s): | pioneers |
CVE #(s): | CVE-2007-5933
|
| Created: | November 15, 2007 |
Updated: | November 30, 2007 |
| Description: |
Bas Wijnen discovered a vulnerability in the Pioneers server.
Sessions objects may be freed while in use, allowing unauthorized
memory access. A remote attacker can use this to cause a denial of service. |
| Alerts: |
|
Comments (none posted)
poppler and xpdf: multiple vulnerabilities
| Package(s): | poppler xpdf |
CVE #(s): | CVE-2007-4352
CVE-2007-5392
CVE-2007-5393
|
| Created: | November 8, 2007 |
Updated: | February 26, 2008 |
| Description: |
The xpdf and poppler PDF libraries contain several vulnerabilities which can lead to arbitrary command execution via hostile PDF files. Numerous other applications which use these libraries (PDF viewers, CUPS, etc.) will be affected by the vulnerabilities as well. |
| Alerts: |
|
Comments (none posted)
postgresql: several vulnerabilities
| Package(s): | postgresql |
CVE #(s): | CVE-2007-3278
CVE-2007-3279
CVE-2007-3280
|
| Created: | September 25, 2007 |
Updated: | February 1, 2008 |
| Description: |
PostgreSQL 8.1 and probably later and earlier versions, when local trust
authentication is enabled and the Database Link library (dblink) is
installed, allows remote attackers to access arbitrary accounts and execute
arbitrary SQL queries via a dblink host parameter that proxies the
connection from 127.0.0.1. (CVE-2007-3278)
PostgreSQL 8.1 and probably later and earlier versions, when the PL/pgSQL
(plpgsql) language has been created, grants certain plpgsql privileges to
the PUBLIC domain, which allows remote attackers to create and execute
functions, as demonstrated by functions that perform local brute-force
password guessing attacks, which may evade intrusion
detection. (CVE-2007-3279)
The Database Link library (dblink) in PostgreSQL 8.1 implements functions
via CREATE statements that map to arbitrary libraries based on the C
programming language, which allows remote authenticated superusers to map
and execute a function from any library, as demonstrated by using the
system function in libc.so.6 to gain shell access. (CVE-2007-3280) |
| Alerts: |
|
Comments (1 posted)
pulseaudio: denial of service
| Package(s): | pulseaudio |
CVE #(s): | CVE-2007-1804
|
| Created: | May 30, 2007 |
Updated: | March 10, 2008 |
| Description: |
The pulseaudio network code suffers from a denial of service vulnerability exploitable by an unauthenticated attacker. |
| Alerts: |
|
Comments (none posted)
pwlib: denial of service
| Package(s): | pwlib |
CVE #(s): | CVE-2007-4897
|
| Created: | October 8, 2007 |
Updated: | January 9, 2008 |
| Description: |
From the Red Hat advisory: A memory management flaw was discovered in PWLib. An attacker could use this
flaw to crash an application, such as Ekiga, which is linked with pwlib
(CVE-2007-4897).
|
| Alerts: |
|
Comments (none posted)
python: information disclosure
| Package(s): | python |
CVE #(s): | CVE-2007-2052
|
| Created: | May 9, 2007 |
Updated: | July 30, 2009 |
| Description: |
Python 2.4 and 2.5 contain a bug in PyLocale_strxfrm() which could enable an attacker to read portions of unrelated memory. |
| Alerts: |
|
Comments (none posted)
python: integer overflows
| Package(s): | python |
CVE #(s): | CVE-2007-4965
|
| Created: | October 30, 2007 |
Updated: | July 30, 2009 |
| Description: |
Multiple integer overflows in the imageop module in Python 2.5.1 and
earlier allow context-dependent attackers to cause a denial of service
(application crash) and possibly obtain sensitive information (memory
contents) via crafted arguments to (1) the tovideo method, and unspecified
other vectors related to (2) imageop.c, (3) rbgimgmodule.c, and other
files, which trigger heap-based buffer overflows. |
| Alerts: |
|
Comments (none posted)
qemu: multiple vulnerabilities
Comments (none posted)
qt: arbitrary code execution
| Package(s): | qt |
CVE #(s): | CVE-2007-3388
|
| Created: | August 1, 2007 |
Updated: | December 10, 2007 |
| Description: |
Format string bugs were found in several Qt warning messages.
Applications using Qt for processing certain data types could
trigger them if the data caused Qt to print warnings. The bugs
potentially allow to execute arbitrary code via specially crafted
files (CVE-2007-3388). |
| Alerts: |
|
Comments (none posted)
qt: buffer overflow
| Package(s): | qt |
CVE #(s): | CVE-2007-4137
|
| Created: | September 14, 2007 |
Updated: | December 10, 2007 |
| Description: |
A buffer overflow was found in how Qt expanded malformed Unicode strings.
If an application linked against Qt parsed a malicious Unicode string, it
could lead to a denial of service or potentially allow for the execution of
arbitrary code. |
| Alerts: |
|
Comments (none posted)
quagga: denial of service
| Package(s): | quagga |
CVE #(s): | CVE-2007-4826
|
| Created: | September 14, 2007 |
Updated: | October 25, 2010 |
| Description: |
The bgpd daemon in Quagga prior to 0.99.9 allowed remote BGP peers to cause
a denial of service crash via a malformed OPEN message or COMMUNITY
attribute. |
| Alerts: |
|
Comments (none posted)
quake: buffer overflow
| Package(s): | quake3-bin |
CVE #(s): | CVE-2006-2236
|
| Created: | May 10, 2006 |
Updated: | January 12, 2009 |
| Description: |
Games based on the Quake 3 engine are vulnerable to a buffer overflow exploitable by a hostile game server. |
| Alerts: |
|
Comments (none posted)
rails: multiple vulnerabilities
| Package(s): | rails |
CVE #(s): | CVE-2007-5380
CVE-2007-3227
CVE-2007-5379
|
| Created: | November 15, 2007 |
Updated: | December 21, 2009 |
| Description: |
Ruby on Rails has the following vulnerabilities:
ActiveResource does not properly sanitize filenames in the Hash.from_xml() function.
The session_id can be set from the URL from the session management.
The to_json() function does not properly sanitize input before it is
returned to the user. |
| Alerts: |
|
Comments (none posted)
rsync: off-by-one errors
| Package(s): | rsync |
CVE #(s): | CVE-2007-4091
|
| Created: | August 20, 2007 |
Updated: | December 3, 2007 |
| Description: |
Multiple off-by-one errors in the sender.c in rsync 2.6.9 might allow
remote attackers to execute arbitrary code via directory names that are not
properly handled when calling the f_name function. |
| Alerts: |
|
Comments (1 posted)
ruby: insufficient SSL certificate validation
| Package(s): | ruby |
CVE #(s): | CVE-2007-5162
CVE-2007-5770
|
| Created: | October 8, 2007 |
Updated: | October 10, 2008 |
| Description: |
The connect method in lib/net/http.rb in the (1) Net::HTTP and (2) Net::HTTPS libraries in Ruby 1.8.5 and 1.8.6 does not verify that the commonName (CN) field in a server certificate matches the domain name in an HTTPS request, which makes it easier for remote attackers to intercept SSL transmissions via a man-in-the-middle attack or spoofed web site. |
| Alerts: |
|
Comments (none posted)
samba: buffer overflow
| Package(s): | samba |
CVE #(s): | CVE-2007-4572
|
| Created: | November 15, 2007 |
Updated: | December 3, 2008 |
| Description: |
The Samba user authentication is vulnerable to a heap-based buffer overflow.
Remote unauthenticated users can use this to crash the Samba server
and cause a denial of service. |
| Alerts: |
|
Comments (none posted)
samba: buffer overflow
| Package(s): | samba |
CVE #(s): | CVE-2007-5398
|
| Created: | November 15, 2007 |
Updated: | December 3, 2008 |
| Description: |
Samba's mechanism for creating NetBIOS replies is vulnerable to a
buffer overflow. Samba servers that are configured to run as a
WINS server can be crashed by a remote unauthenticated user,
execution of arbitrary code may also be possible. |
| Alerts: |
|
Comments (none posted)
sitebar: multiple vulnerabilities
| Package(s): | sitebar |
CVE #(s): | CVE-2007-5491
CVE-2007-5694
CVE-2007-5492
CVE-2007-5693
CVE-2007-5695
CVE-2007-5692
|
| Created: | November 7, 2007 |
Updated: | December 7, 2007 |
| Description: |
Tim Brown discovered these multiple issues: the translation module does
not properly sanitize the value to the "dir" parameter (CVE-2007-5491,
CVE-2007-5694); the translation module also does not sanitize the
values of the "edit" and "value" parameters which it passes to eval()
and include() (CVE-2007-5492, CVE-2007-5693); the log-in command does
not validate the URL to redirect users to after logging in
(CVE-2007-5695); SiteBar also contains several cross-site scripting
vulnerabilities (CVE-2007-5692).
|
| Alerts: |
|
Comments (none posted)
slocate: information disclosure
| Package(s): | slocate |
CVE #(s): | CVE-2007-0227
|
| Created: | February 22, 2007 |
Updated: | September 4, 2012 |
| Description: |
The slocate permission checking code has a local information disclosure
vulnerability. During the reporting of matching files, slocate does not
respect the parent directory's read permissions, resulting in hidden
filenames being viewable by other local users. |
| Alerts: |
|
Comments (none posted)
streamripper: buffer overflow
| Package(s): | streamripper |
CVE #(s): | CVE-2007-4337
|
| Created: | September 14, 2007 |
Updated: | December 9, 2008 |
| Description: |
Chris Rohlf discovered several boundary errors in the
httplib_parse_sc_header() function when processing HTTP headers. |
| Alerts: |
|
Comments (none posted)
subversion: possible information leak
| Package(s): | subversion |
CVE #(s): | CVE-2007-2448
|
| Created: | October 30, 2007 |
Updated: | February 1, 2011 |
| Description: |
Subversion 1.4.3 and earlier does not properly implement the "partial
access" privilege for users who have access to changed paths but not copied
paths, which allows remote authenticated users to obtain sensitive
information (revision properties) via svn (1) propget, (2) proplist, or (3)
propedit. |
| Alerts: |
|
Comments (none posted)
Sun JDK/JRE: multiple vulnerabilities
| Package(s): | Sun JDK/JRE |
CVE #(s): | CVE-2007-2435
CVE-2007-2788
CVE-2007-2789
|
| Created: | June 1, 2007 |
Updated: | April 18, 2008 |
| Description: |
An unspecified vulnerability involving an "incorrect use of system
classes" was reported by the Fujitsu security team. Additionally, Chris
Evans from the Google Security Team reported an integer overflow
resulting in a buffer overflow in the ICC parser used with JPG or BMP
files, and an incorrect open() call to /dev/tty when processing certain
BMP files. |
| Alerts: |
|
Comments (none posted)
sysstat: insecure temporary files
| Package(s): | sysstat |
CVE #(s): | CVE-2007-3852
|
| Created: | August 20, 2007 |
Updated: | September 23, 2011 |
| Description: |
The init script (sysstat.in) in sysstat 5.1.2 up to 7.1.6 creates
/tmp/sysstat.run insecurely, which allows local users to execute arbitrary
code. |
| Alerts: |
|
Comments (1 posted)
t1lib: buffer overflow
| Package(s): | t1lib |
CVE #(s): | CVE-2007-4033
|
| Created: | September 20, 2007 |
Updated: | February 12, 2008 |
| Description: |
T1lib, an enhanced rasterizer for X11 Type 1 fonts, does
not properly perform bounds checking. An attacker can send
specially crafted input to applications linked against the library in
order to create a buffer overflow, resulting in a denial of service
or the execution of arbitrary code. |
| Alerts: |
|
Comments (none posted)
tar: buffer overflow
| Package(s): | tar |
CVE #(s): | CVE-2007-4476
|
| Created: | October 16, 2007 |
Updated: | March 17, 2010 |
| Description: |
Buffer overflow in the safer_name_suffix function in GNU tar has unspecified attack vectors and impact, resulting in a "crashing stack." |
| Alerts: |
|
Comments (none posted)
tar: symlink path traversal vulnerability
| Package(s): | tar |
CVE #(s): | CVE-2007-4131
|
| Created: | August 23, 2007 |
Updated: | December 28, 2007 |
| Description: |
The tar utility has a symlink path traversal vulnerability involving
extracted archives. Maliciously created tar archives can be used to
write arbitrary data to files that the tar user has write access to. |
| Alerts: |
|
Comments (none posted)
terminal: arbitrary code execution
| Package(s): | terminal |
CVE #(s): | CVE-2007-3770
|
| Created: | August 13, 2007 |
Updated: | December 19, 2007 |
| Description: |
A vulnerability was found in the Xfce terminal program:
Lasse Karkkainen discovered that the function terminal_helper_execute()
in file terminal-helper.c does not properly escape the URIs before
processing.
|
| Alerts: |
|
Comments (none posted)
tetex: buffer overflow
| Package(s): | tetex |
CVE #(s): | CVE-2007-0650
|
| Created: | May 8, 2007 |
Updated: | May 13, 2008 |
| Description: |
A buffer overflow in the open_sty function in mkind.c for makeindex 2.14 in
teTeX might allow user-assisted remote attackers to overwrite files and
possibly execute arbitrary code via a long filename. NOTE: other overflows
exist but might not be exploitable, such as a heap-based overflow in the
check_idx function. |
| Alerts: |
|
Comments (1 posted)
teTeX: multiple vulnerabilities
| Package(s): | tetex |
CVE #(s): | CVE-2007-5937
CVE-2007-5936
CVE-2007-5935
|
| Created: | November 19, 2007 |
Updated: | May 10, 2010 |
| Description: |
From the Gentoo advisory:
Joachim Schrod discovered several buffer overflow vulnerabilities and
an insecure temporary file creation in the "dvilj" application that is
used by dvips to convert DVI files to printer formats (CVE-2007-5937,
CVE-2007-5936). Bastien Roucaries reported that the "dvips" application
is vulnerable to two stack-based buffer overflows when processing DVI
documents with long \href{} URIs (CVE-2007-5935). teTeX also includes
code from Xpdf that is vulnerable to a memory corruption and two
heap-based buffer overflows (GLSA 200711-22); and it contains code from
T1Lib that is vulnerable to a buffer overflow when processing an overly
long font filename (GLSA 200710-12). |
| Alerts: |
|
Comments (none posted)
tk: denial of service
| Package(s): | tk8.3 tk8.4 |
CVE #(s): | CVE-2007-5137
|
| Created: | October 12, 2007 |
Updated: | March 17, 2009 |
| Description: |
It was discovered that Tk could be made to overrun a buffer when loading
certain images. If a user were tricked into opening a specially crafted GIF
image, remote attackers could cause a denial of service or execute
arbitrary code with user privileges. |
| Alerts: |
|
Comments (none posted)
tomboy: execution of arbitrary code
| Package(s): | tomboy |
CVE #(s): | CVE-2005-4790
|
| Created: | November 9, 2007 |
Updated: | February 22, 2011 |
| Description: |
Jan Oravec reported that the "/usr/bin/tomboy" script sets the
"LD_LIBRARY_PATH" environment variable incorrectly, which might result
in the current working directory (.) to be included when searching for
dynamically linked libraries of the Mono Runtime application.
Note that the tomboy vulnerability was added in 2007. |
| Alerts: |
|
Comments (none posted)
tomcat: directory traversal
| Package(s): | tomcat |
CVE #(s): | CVE-2007-0450
|
| Created: | May 2, 2007 |
Updated: | February 27, 2008 |
| Description: |
Versions of tomcat prior to 5.5.22 do not properly filter filename separator characters, enabling information disclosure attacks. |
| Alerts: |
|
Comments (none posted)
tomcat: cross-site scripting
| Package(s): | tomcat |
CVE #(s): | CVE-2007-2449
CVE-2007-2450
|
| Created: | July 17, 2007 |
Updated: | February 17, 2009 |
| Description: |
Some JSPs within the 'examples' web application did not escape user
provided data. If the JSP examples were accessible, this flaw could allow a
remote attacker to perform cross-site scripting attacks (CVE-2007-2449).
Note: it is recommended the 'examples' web application not be installed on
a production system.
The Manager and Host Manager web applications did not escape user provided
data. If a user is logged in to the Manager or Host Manager web
application, an attacker could perform a cross-site scripting attack
(CVE-2007-2450). |
| Alerts: |
|
Comments (1 posted)
tomcat: multiple vulnerabilities
| Package(s): | tomcat |
CVE #(s): | CVE-2007-3382
CVE-2007-3385
CVE-2007-3386
|
| Created: | September 26, 2007 |
Updated: | September 13, 2010 |
| Description: |
Tomcat was found treating single quote characters -- ' -- as delimiters in
cookies. This could allow remote attackers to obtain sensitive information,
such as session IDs, for session hijacking attacks (CVE-2007-3382).
It was reported Tomcat did not properly handle the following character
sequence in a cookie: \" (a backslash followed by a double-quote). It was
possible remote attackers could use this failure to obtain sensitive
information, such as session IDs, for session hijacking attacks
(CVE-2007-3385).
A cross-site scripting (XSS) vulnerability existed in the Host Manager
Servlet. This allowed remote attackers to inject arbitrary HTML and web
script via crafted requests (CVE-2007-3386). |
| Alerts: |
|
Comments (none posted)
tomcat: arbitrary file disclosure via path traversal
| Package(s): | tomcat5 |
CVE #(s): | CVE-2007-5461
|
| Created: | November 19, 2007 |
Updated: | February 17, 2009 |
| Description: |
From the CVE entry:
Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag. |
| Alerts: |
|
Comments (none posted)
util-linux: privilege escalation
| Package(s): | util-linux |
CVE #(s): | CVE-2007-5191
|
| Created: | October 9, 2007 |
Updated: | January 7, 2008 |
| Description: |
mount and umount in util-linux call the setuid and setgid functions in the
wrong order and do not check the return values, which might allow attackers
to gain privileges via helpers such as mount.nfs. |
| Alerts: |
|
Comments (none posted)
vim: arbitrary code execution
| Package(s): | vim |
CVE #(s): | CVE-2007-2953
|
| Created: | July 30, 2007 |
Updated: | November 27, 2008 |
| Description: |
vim is vulnerable to a user-assisted attack in which vim may execute arbitrary code when helptags is run on data that has been maliciously crafted. |
| Alerts: |
|
Comments (none posted)
vixie-cron: weak permissions may cause errors
| Package(s): | vixie-cron |
CVE #(s): | CVE-2007-1856
|
| Created: | April 17, 2007 |
Updated: | December 4, 2007 |
| Description: |
During an internal audit, Raphael Marichez of the Gentoo Linux Security
Team found that Vixie Cron has weak permissions set on Gentoo, allowing
for a local user to create hard links to system and users cron files,
while a st_nlink check in database.c will generate a superfluous error. |
| Alerts: |
|
Comments (1 posted)
vlc: several vulnerabilities
| Package(s): | vlc |
CVE #(s): | CVE-2007-3316
CVE-2007-3467
CVE-2007-3468
|
| Created: | July 10, 2007 |
Updated: | March 10, 2008 |
| Description: |
Several remote vulnerabilities have been discovered in the VideoLan
multimedia player and streamer, which may lead to the execution of
arbitrary code. |
| Alerts: |
|
Comments (none posted)
VMware: unspecified vulnerability
| Package(s): | VMware |
CVE #(s): | CVE-2007-5617
|
| Created: | November 19, 2007 |
Updated: | November 21, 2007 |
| Description: |
From the CVE entry:
Unspecified vulnerability in VMware Player 1.0.x before 1.0.5 and 2.0 before 2.0.1, and Workstation 5.x before 5.5.5 and 6.x before 6.0.1, prevents it from launching, which has unspecified impact, related to untrusted virtual machine images. |
| Alerts: |
|
Comments (none posted)
wesnoth: denial of service
| Package(s): | wesnoth |
CVE #(s): | CVE-2007-3917
|
| Created: | October 12, 2007 |
Updated: | December 3, 2007 |
| Description: |
A malicious user could send a long chat message with multibyte characters,
the server would truncate the message on a fixed length, without paying
attention to the multibyte characters. This led to invalid utf-8 on the
client and an uncaught exception was thrown. |
| Alerts: |
|
Comments (none posted)
wireshark: multiple vulnerabilities
| Package(s): | wireshark |
CVE #(s): | CVE-2007-3390
CVE-2007-3392
CVE-2007-3393
|
| Created: | June 28, 2007 |
Updated: | February 27, 2008 |
| Description: |
The wireshark network traffic analyzer has three vulnerabilities
that can be used to create a denial of service. These include
off-by-one overflows in the iSeries dissector, vulnerabilities in
the MMS and SSL dissectors that can cause an infinite loop and
an off-by-one overflow in the DHCP/BOOTP dissector. |
| Alerts: |
|
Comments (none posted)
x11: xfs font server overflows
| Package(s): | x11 |
CVE #(s): | CVE-2007-4568
CVE-2007-4989
CVE-2007-4990
|
| Created: | October 4, 2007 |
Updated: | January 18, 2008 |
| Description: |
xorg-x11 has a number of integer and heap overflow vulnerabilities in
the xfs font server. A local attacker may be able to use these for
the execution of arbitrary code with elevated privileges. |
| Alerts: |
|
Comments (none posted)
xen-utils: insecure temp files
| Package(s): | xen-utils |
CVE #(s): | CVE-2007-3919
|
| Created: | October 25, 2007 |
Updated: | May 16, 2008 |
| Description: |
The xen-utils collection of XEN administrative tools uses temporary files
insecurely. Local users can use this to truncate arbitrary files. |
| Alerts: |
|
Comments (none posted)
XFree86 X.org: integer overflows
| Package(s): | xfree86 x.org |
CVE #(s): | CVE-2007-1003
CVE-2007-1667
CVE-2007-1351
CVE-2007-1352
|
| Created: | April 3, 2007 |
Updated: | August 11, 2009 |
| Description: |
iDefense reported an integer overflow flaw in the XFree86 XC-MISC
extension. A malicious authorized client could exploit this issue to cause
a denial of service (crash) or potentially execute arbitrary code with root
privileges on the XFree86 server. (CVE-2007-1003)
iDefense reported two integer overflows in the way X.org handled various
font files. A malicious local user could exploit these issues to
potentially execute arbitrary code with the privileges of the X.org server.
(CVE-2007-1351, CVE-2007-1352)
An integer overflow flaw was found in the XFree86 XGetPixel() function.
Improper use of this function could cause an application calling it to
function improperly, possibly leading to a crash or arbitrary code
execution. (CVE-2007-1667) |
| Alerts: |
|
Comments (none posted)
xine-lib: arbitrary code execution
| Package(s): | xine-lib |
CVE #(s): | CVE-2007-1387
|
| Created: | March 13, 2007 |
Updated: | April 1, 2008 |
| Description: |
Moritz Jodeit discovered that the DirectShow loader of Xine did not
correctly validate the size of an allocated buffer. By tricking a user
into opening a specially crafted media file, an attacker could execute
arbitrary code with the user's privileges. |
| Alerts: |
|
Comments (none posted)
xine-lib: buffer overflow
| Package(s): | xine-lib |
CVE #(s): | CVE-2006-1664
|
| Created: | April 27, 2006 |
Updated: | February 27, 2008 |
| Description: |
xine-lib does an improper input data boundary check on
MPEG streams. A specially crafted MPEG file can be
created that can cause arbitrary code execution when the
file is accessed. |
| Alerts: |
|
Comments (none posted)
xmms: BMP handling vulnerability
| Package(s): | xmms |
CVE #(s): | CVE-2007-0653
CVE-2007-0654
|
| Created: | March 28, 2007 |
Updated: | July 26, 2011 |
| Description: |
xmms suffers from vulnerabilities in its handling of BMP images. Should a hostile image be included in an xmms skin, it could lead to code execution on the user's system. |
| Alerts: |
|
Comments (none posted)
X.org: temp file vulnerability
| Package(s): | X.org |
CVE #(s): | CVE-2007-3103
|
| Created: | July 12, 2007 |
Updated: | July 2, 2009 |
| Description: |
The X.Org X11 xfs font server has a temp file vulnerability in the
startup script. A local user can modify the permissions of the script
in order to elevate their local privileges. |
| Alerts: |
|
Comments (none posted)
xorg-server: local privilege escalation
| Package(s): | xorg-server |
CVE #(s): | CVE-2007-4730
|
| Created: | September 10, 2007 |
Updated: | January 24, 2008 |
| Description: |
Aaron Plattner discovered a buffer overflow in the Composite extension
of the X.org X server, which can lead to local privilege escalation. |
| Alerts: |
|
Comments (none posted)
xulrunner, firefox, thunderbird: multiple vulnerabilities
| Package(s): | xulrunner, firefox, thunderbird |
CVE #(s): | CVE-2007-1095
CVE-2007-2292
CVE-2007-3511
CVE-2007-5334
CVE-2007-5337
CVE-2007-5338
CVE-2007-5339
CVE-2007-5340
CVE-2006-2894
|
| Created: | October 22, 2007 |
Updated: | May 12, 2008 |
| Description: |
From the Debian advisory:
CVE-2007-1095:
Michal Zalewski discovered that the unload event handler had access to
the address of the next page to be loaded, which could allow information
disclosure or spoofing.
CVE-2007-2292:
Stefano Di Paola discovered that insufficient validation of user names
used in Digest authentication on a web site allows HTTP response splitting
attacks.
CVE-2007-3511:
It was discovered that insecure focus handling of the file upload
control can lead to information disclosure. This is a variant of
CVE-2006-2894.
CVE-2007-5334:
Eli Friedman discovered that web pages written in Xul markup can hide the
titlebar of windows, which can lead to spoofing attacks.
CVE-2007-5337:
Georgi Guninski discovered the insecure handling of smb:// and sftp:// URI
schemes may lead to information disclosure. This vulnerability is only
exploitable if Gnome-VFS support is present on the system.
CVE-2007-5338:
"moz_bug_r_a4" discovered that the protection scheme offered by XPCNativeWrappers
could be bypassed, which might allow privilege escalation.
CVE-2007-5339:
L. David Baron, Boris Zbarsky, Georgi Guninski, Paul Nickerson, Olli Pettay,
Jesse Ruderman, Vladimir Sukhoy, Daniel Veditz, and Martijn Wargers discovered
crashes in the layout engine, which might allow the execution of arbitrary code.
CVE-2007-5340:
Igor Bukanov, Eli Friedman, and Jesse Ruderman discovered crashes in the
Javascript engine, which might allow the execution of arbitrary code.
|
| Alerts: |
|
Comments (1 posted)
zope-cmfplone: arbitrary code execution
| Package(s): | zope-cmfplone |
CVE #(s): | CVE-2007-5741
|
| Created: | November 12, 2007 |
Updated: | December 28, 2007 |
| Description: |
From the Debian advisory:
It was discovered that Plone, a web content management system, allows
remote attackers to execute arbitrary code via specially crafted web
browser cookies.
|
| Alerts: |
|
Comments (none posted)
Page editor: Jake Edge
Kernel development
Brief items
The current 2.6 prepatch remains 2.6.24-rc3. Fixes continue to flow
into the mainline git repository at a relatively high rate; 2.6.24-rc4 must
be due sometime in the very near future.
The current -mm tree is 2.6.24-rc3-mm2. Recent changes
to -mm include the new timerfd API (see below), a number of driver core
changes, a per-process capability bounding set feature, and an updated
version of the SMACK security module.
The current stable 2.6 kernel is 2.6.23.9, released on November 26.
There are a couple dozen or so important fixes in this update.
For older kernels: 2.6.22.14 was released on
November 21.
Comments (none posted)
Kernel development news
The Linux kernel requires that any needed documentation accompany
all changes requiring said documentation -- part of the source-code
patch must apply to the Documentation/ directory.
-- Donnie Berkholz engages in some wishful thinking
Comments (none posted)
By Jonathan Corbet
November 27, 2007
The kernel's loadable module mechanism does not give modules access to
all
parts of the kernel. Instead, any kernel symbol which is intended to be
usable by loadable modules must be explicitly exported to them via one of
the variants of the EXPORT_SYMBOL() macro. The idea behind this
restriction is to place limits on the reach of modules and to provide a
relatively well-defined module API. In practice, there have been few
limits placed on the exporting of symbols, with the result that many
thousands of symbols are available to modules. Loadable modules can access
many of the obviously useful symbols ( printk(), say, or
kmalloc()), but they can also get at generic symbols like
edd, tpm_pm_suspend(), vr41xx_set_irq_trigger(),
or flexcop_dump_reg().
There are reasons for the concern over excessive symbol exports felt by
some developers. Wrongly exported symbols can lead module authors to use
incorrect interfaces; for example, the exporting of sys_open() is
an active inducement for developers to open files directly inside the
kernel, which is almost never a good idea. But such symbols, once
exported, can prove hard to
unexport. While the official line says that the internal kernel API
can change at any time, the truth of the matter is that at least some
developers are reluctant to break external modules when that can be
avoided.
A more timely example would be init_level4_pgt, a low-level symbol
exported only by the x86_64 architecture. The current -mm tree removes
that export, breaking the proprietary NVIDIA module in the process. Andrew
Morton describes this removal as "our
clever way of reducing the tester base so we don't get so many bug
reports." While many developers make a show of not caring about
binary-only modules, there is still a good chance that this particular
export removal (of a symbol which should not really be available globally)
may not make it into the mainline as a result of this breakage.
The end result of all this is that there has long been interest in somehow
cleaning up the modular API, though there have not been a whole lot of
people who have put a lot of time toward that end. Occasionally somebody
has remarked upon one piece of low-hanging fruit: symbols which are
exported only to make it possible to modularize other bits of mainline
kernel code. One example is a whole set of TCP stack symbols (things like
__tcp_put_md5sig_pool()) which have exactly one user: the IPv6
module. Restricting these special-purpose exports has the potential to
significantly narrow the modular API without making it harder to modularize
the mainline.
Andi Kleen's module symbol
namespace patch is meant to enable just this sort of narrowing of the
API. With this patch, symbols can be exported into specific "namespaces"
which are only available to modules appearing on an associated
whitelist. In a sense, the term "namespace" is a poor fit here; there is
still a single, global namespace within which all exported symbols must be
unique. These "namespaces" are more like special exclusion zones
containing symbols which are not globally accessible. They
work like GPL-only exports, which also restrict the availability of symbols
to a subset of modules.
To create a restricted export, an ordinary EXPORT_SYMBOL()
declaration is changed to:
EXPORT_SYMBOL_NS(namespace, symbol);
Where namespace is the name of a restricted symbol namespace. So,
going back to the TCP example, Andi's patch contains a number of changes
like:
-EXPORT_SYMBOL(__tcp_put_md5sig_pool);
+EXPORT_SYMBOL_NS(tcp, __tcp_put_md5sig_pool);
Note that there is no _GPL version; any symbol which is exported
into a specific namespace is treated as GPL-only by default.
The other part of the equation is to enable access to a namespace. That is
done with:
MODULE_NAMESPACE_ALLOW(namespace, module);
Such a declaration (which must appear in a module exporting symbols into
the namespace) says that the given module can access
symbols in that namespace. Andi's patch creates three namespaces
(tcp, tcpcong for congestion control modules, and
udp), removing about 30 symbols from the global namespace.
A number of developers welcomed this patch, seeing it as a step forward in
the rationalization of the loadable module API. It is seen as a way to
prevent out-of-tree modules from using symbols which they should not be
using. It also reduces the number of interfaces which must be kept stable
in situations (enterprise kernels, for example) where changes are not
allowed. And, finally, the symbol namespaces offer the ability to organize
exports somewhat and document who the intended users are.
There is a bit of dissent, though. In particular, Rusty Russell fears that
the patch adds unneeded complexity and threatens to make life harder for
out-of-tree developers for little (if any) gain. Says Rusty:
For example, you put all the udp functions in the "udp" namespace.
But what have we gained? What has become easier to maintain? All
those function start with "udp_": are people having trouble telling
what they're for?
If you really want to reduce "public interfaces" then it's much simpler to
mark explicitly what out-of-tree modules can use.
Herbert Xu has similar concerns:
These symbols are exported because they're needed by protocols. If
they weren't available to everyone then it would be difficult to
start writing new protocols....
So based on the network code at least I'm kind of starting to agree
with Rusty now: if a symbol is needed by more than one in-tree
module chances are we want it to be exported for all.
While these voices seem to be in the minority, they still carry quite a bit
of weight. So your editor is unwilling to make any sort of guess as to
whether this patch will be merged, or in what form. The desire to clean up
the modular API is unlikely to go away, though, so, sooner or later,
something is likely to happen.
Comments (12 posted)
By Jonathan Corbet
November 27, 2007
Using uninitialized memory can lead to some seriously annoying bugs. If
you are lucky, the kernel will crash with the telltale slab poisoning
pattern ( 0x5a5a5a5a or similar) in the traceback. Other times,
though, something more subtly wrong happens, forcing a long hunt for the
stupid mistake. Wouldn't it be nicer if the kernel could simply detect
references to uninitialized memory and scream loudly at the time?
The kmemcheck patch recently
posted by Vegard Nossum offers just that functionality, though, perhaps, in
a somewhat heavy-handed manner. A kernel with kmemcheck enabled is
unlikely to be suitable for production use, but it should, indeed, do a
good job at finding code using memory which has not yet been set to a
useful value.
Kmemcheck is a relatively simple patch; the approach used is, essentially,
this:
- Every memory allocation is trapped at the page-allocator level. For
each allocation, the requested order is increased by one, doubling the
size of the allocation. The additional ("shadow") pages are initialized to zero
and kept hidden.
- The allocated memory is returned to the caller, but with the "present"
bit cleared in the page tables. As a result, every attempt to access
that memory will cause a page fault.
- Once the fault happens, kmemcheck (through some ugly,
architecture-specific code) determines the exact address and size of
the attempted access. If the access is a write, the corresponding
bytes in the shadow page are set to 0xff and the operation is
allowed to complete.
- For read accesses, the corresponding shadow page bytes are tested; if
any of them are zero, the code concludes that the read is trying to
access uninitialized data. A stack traceback is printed to enable the
developer to find the location where this access is happening.
As should be evident, running with kmemcheck enabled will have certain
performance impacts. Taking a page fault on every access to slab memory
just cannot be fast. Doubling the size of every allocation will impose
costs of its own, including the cache effects of simply working with twice
as much memory. But that is a cost which can be paid when the kernel is
being run in a debugging mode.
Vegard has posted some sample
output which shows how the system responds to reads from uninitialized
memory. If this output is to be believed, access to unset memory is not an
especially uncommon occurrence in current kernels. If some of references
flagged here, once tracked down, turn out to be real bugs, the kmemcheck
patch will have earned its keep, even if it never finds its way into the
mainline.
Comments (8 posted)
By Jonathan Corbet
November 28, 2007
Last week's discussion of the
proposed indirect() system call ended with some complaints from
developers on the ugliness of the interface. Since then there has been
some talk about system call interfaces in general, but not a whole lot of
ideas for how indirect() could be done better.
The leading alternative would be that pushed by H. Peter Anvin: rather than
use indirect() to extend a system call, simply make a new system
call with the desired additional parameters. Then, usually, the old
implementation can be replaced with a simple stub which calls the new
version with the default values for the new parameters. It is a simple
approach which easily maintains binary compatibility with very little
runtime cost. Since there is no particular shortage of system call
numbers, this is a process which could go on for a long time.
The management of increasing numbers of system calls does impose a cost,
though; each one of those system calls is a user-space API which cannot
ever be broken. The indirect() approach, instead, does not add
more system calls. As long as the addition of parameters (with default
values of zero) is done with care, avoiding API problems should be
relatively easy to do.
There are also limits on how many parameters can be easily passed to system
calls; on most systems, that limit is around six. Any system call requiring
more arguments must already do uncomfortable things with indirect blocks.
Creating new system calls with additional parameters will create more cases
where this sort of indirect parameter handling is required. So the
approach used by indirect() will find itself being used, in some
form, anyway.
The key argument, though, still appears to be the syslet/threadlet
mechanism. The ability to make any system call asynchronous has a lot of
appeal, but doing so requires some additional information - a place to
store the result of the call, if nothing else. Asynchronous system calls,
in Linux, are, for all practical purposes, a type of indirect call. The
proposed indirect() interface looks like it should be able to
accommodate asynchronous calls nicely - though the precise API has not,
yet, been nailed down.
As a result of all this, chances are that some form of indirect()
will find its way into the mainline - though there is still time for
somebody to come up with a better idea.
Meanwhile, the last time timerfd() was discussed here, it had been
disabled in the 2.6.23 kernel as a result of complaints about its
interface. Since then, little has happened with timerfd(), with
the result that it will almost certainly not be present in 2.6.24 either.
Some work has been done with this system call, though, and a new API proposal has been
posted. This version has three system calls, the first of which is
timerfd_create():
int timerfd_create(int clockid, int flags);
The clockid argument tells the system which clock should be used:
CLOCK_MONOTONIC or CLOCK_REALTIME. The flags
argument is a recent addition; it is currently unused and must be zero. It
was added on the assumption that somebody, somewhere, will always want some
sort of behavior modification and one might as well avoid the need for an
indirect version while it's easy. The return value from
timerfd_create() is a file descriptor which can be passed to
read() or any of the poll() variants. But, first, the
timer should probably be programmed with:
int timerfd_settime(int fd,
int flags,
const struct itimerspec *timer,
struct itimerspec *old_timer);
Here, fd is a file descriptor obtained from
timerfd_create(),
flags contains TFD_TIMER_ABSTIME if the timer is being
set to an absolute time, and timer is the expiration time for the
timer. If old_timer is not NULL, the location pointed to
will be set to the previous value of the timer.
It is also possible to query the value of the timer with:
int timerfd_gettime(int fd, struct itimerspec *timer);
The value returned in *timer will be the current setting of the
timer associated with fd.
There's not been a whole lot of comments on this version of the API, so
something very similar to it will probably be merged. It would normally be
considered to be too late to put a change like this into 2.6.24, but the 2.6.24-rc3-mm2 patch log says
"Probably 2.6.24?". So one never knows. If this change is not merged
soon, it will almost certainly
become available for 2.6.25.
Finally, the hijack() system call continues to be developed on
relatively quiet kernel subsystem lists. This call (described here in October)
behaves much like clone() in that it creates a new process.
Unlike clone(), however, hijack() causes the new process
to share resources with a specified third process rather than with the
parent. Its main reason for existence is to make it easy to enter
different namespaces.
The hijack() interface remains almost unchanged:
int hijack(unsigned long clone_flags, int which, int id);
The specified id value is interpreted according to which,
which now has three possible values:
- HIJACK_PID says that id is a process ID; the
newly-created process will share resources (including namespaces) with
the indicated process.
- HIJACK_CG says that id is an open file descriptor
for the tasks file in a target control group. In this case,
the kernel will find a process within that control group and use it as
the source for resources and namespaces.
- HIJACK_NS is the newest option; like HIJACK_CG, it
is an open file descriptor indicating a control group. In this case,
though, only the control group itself and any associated namespaces
will be inherited by the new process. This version is intended for
use when entry into an empty control group (where there are no
processes to inherit from) is desired.
This new system call still has not seen any exposure on linux-kernel; it
may well not survive its first experience there in its current form. If
nothing else, a name change (to something which is more descriptive of the
real function and, preferably, which does not put users onto intelligence
agency watch lists) may well be called for. But a full container
implementation on Linux will clearly need some sort of
enter_container() system call at some point.
Comments (1 posted)
Patches and updates
Kernel trees
Core kernel code
Development tools
Device drivers
Documentation
Memory management
Networking
Architecture-specific
Security-related
Virtualization and containers
Miscellaneous
Page editor: Jonathan Corbet
Distributions
News and Editorials
By Rebecca Sobol
November 28, 2007
The openSUSE project has announced that
it is seeking a radical new design for the YaST Control Center. This
announcement was followed by a long discussion of ways to completely
redesign YaST (Yet another Setup Tool), rather than just the Control
Center.  Stefan Hundhammer posted a
second try:
The first thread was not meant to be about generic wishes about YaST and
related. It was not about a complete rewrite of everything. It was not about
what could be improved in various individual YaST modules. It was not about
bugs that could be reported with Bugzilla. It was not about dropping the
ncurses text mode (we don't plan to do anything like that).
Rather, it was about
The YaST Control Center
in particular the Qt version.
This is the small, very basic, Qt-only (very little dependencies, in
particular not to the entire YaST engine) application that starts YaST
modules. Some people call it the YaST shell.
Ideas are being collected in this new
control center page, which includes the goals for the new design and
the perceived problems with the old design.
In particular, the old design, seen on this
page, is very crowded and not intuitive for a non-geek user.
A study
was conducted, in which thirty experienced users were asked to sort the
modules in the Control Center. A quick glance at the results identified
the following issues (in no particular order):
- Better sort criteria, though the subjects had no clear preference.
- New tab with favorites. Of all the subjects, only three chose the
full 20 modules which are allowed here; the average was closer to
eleven.
- Merge related modules (e.g. AppArmor becomes a single icon in "Security"
that will start the AppArmor Manager Module)
- Enhance the startup speed of the modules.
- A better search function
- YaST should use the desktop theme.
The new
control center page has several mockups of what the YaST Control Center
might look like. If you are a SUSE user you probably use the Control
Center, and may have some good ideas on how to improve it. Now is the time
to be heard.
Comments (4 posted)
New Releases
Heise Online has a release
announcement for MontaVista Carrier Grade Linux 5.0. " Linux
Carrier Grade Edition (CGE) 5.0 uses version 2.6.21 of the kernel and
supports Multicore and SMP processors. New features include the Run-Time
Application Patcher, which makes it possible to install patches on a live
system without rebooting, and the Flight Recorder, which, by analogy to a
plane's black box, logs system events to make identification of the cause
in the event of a system crash easier and more accurate."
Comments (none posted)
Update 6 of Pie Box Enterprise Linux 4 has been released. Click below for
a list of enhancements included in this release.
Full Story (comments: none)
Novell has announced the availability of SUSE Linux Enterprise Real Time 10, "the only open source, enterprise-class real-time operating system available in the market today." " Enhancements to SUSE Linux Enterprise Real Time 10 include the latest enterprise-hardened open source technologies that reduce system latency or delay and improve predictability, such as CPU shielding, priority inheritance, sleeping spinlocks, interrupt threads, high-resolution timers and the latest OpenFabrics Enterprise Distribution for commodity high-speed interconnects, OFED 1.2.5. As a result, customers gain time advantage over competitors to make more money or avoid financial losses."
Comments (21 posted)
Launchpad, Ubuntu's suite of development tools, has released 1.1.11. Click
below for a look at what's new in this version.
Full Story (comments: none)
Distribution News
Debian GNU/Linux
Martin Michlmayr reports on the status of GCC 4.3 on SPARC. " I
recently compiled the entire Debian archive (around 6500 packages that need
to be compiled) on SPARC using trunk to identify new issues before GCC 4.3
is released. I compiled the archive twice, once with default optimization
levels specified by packages and once with optimization set to -O3. I only
found two new ICEs that were not reported already: PR33993, which has since
been fixed, and PR34005, for which a patch has been suggested." The
IA64 port has also been tested and a few
issues found.
Full Story (comments: none)
Fedora
Fedora has a new Astronomy Special
Interest Group (SIG) for people interested in improving support for
astronomers and astrophysicists on Fedora.
Full Story (comments: none)
The Fedora Board consists of 9 seats, only one is up for election this time
around. Nominations are open until December 6th.
Full Story (comments: none)
KDE 4 will be landing in Fedora rawhide the week of December 1 - 7, 2007.
Rawhide testers should expect some breakage during this process.
Full Story (comments: none)
Red Hat Enterprise Linux
Red Hat has announced
the public beta availability of Red Hat Enterprise Linux on Amazon Elastic
Compute Cloud (Amazon EC2), a web service that provides resizeable compute
capacity in the cloud and changes the economics of computing by allowing
customers to pay only for the infrastructure software services and capacity
that they actually use. " Subscriptions to the beta are $19 per
month, per account for access to support and services. Once subscribed,
customers may instantiate small, large or extra-large server instances on
the Amazon EC2 cloud computing environment at $0.21, $0.53 and $0.94 per
hour respectively. Any bandwidth usage or additional storage will be billed
at additional per GB rates."
Comments (none posted)
SUSE Linux and openSUSE
openSUSE has made its testing repositories open to the public. All new
pending updates will first land into one of these test-update repositories
before being transferred directly to the standard and official respective
update repository. Test updates are available for openSUSE 10.3, openSUSE
10.2, SUSE Linux 10.1 and SUSE Linux 10.0. " Note, however, that
these repositories will _always_ be in a highly experimental state, and
hence are not for the faint-hearted. The updates contained in these
repositories might well be broken at different times."
Full Story (comments: none)
Ubuntu family
The first alpha release of Ubuntu's Hardy Heron is scheduled for a November
29, 2007 release.
Full Story (comments: none)
Other distributions
Dag Wieers would like
CentOS to be more laptop friendly. The new CentOS on Laptops wiki
page is the place to share your experiences with CentOS on the laptop.
" This page brings together all information regarding CentOS on
Laptops. If you own a laptop and you consider putting CentOS on it, please
write down your experience and add it to this list."
Comments (none posted)
sidux, a distribution dedicated to creating
a stable desktop from Debian sid (unstable), has announced it's first birthday.
" I remember well the time about 15 months ago. We were all working
with and for this other distribution and we were all frustrated. Some had
already left the project. No release in sight, nobody knew what was going
to happen, communication between team and project leader was more or less
non existant. We all saw a basically good project going down the drain,
for some of us after 3 years of work invested and we could not do much
about it."
Comments (none posted)
Distribution Newsletters
The Ubuntu Weekly Newsletter for November 24, 2007 covers: Macedonia
Students Use Ubuntu, New MOTU's, Azureaus Gets Fix, Launchpad News, Ubuntu
Forum News, and much more.
Full Story (comments: none)
The DistroWatch
Weekly for November 26, 2007 is out. " We don't often get a
chance to report about the BSD part of our open source world, but last week
brought an unusual number of interesting developments: a new beta release
of FreeBSD 7.0, new live DVDs from RoFreeSBIE and TrueBSD, and even a
promise of a real print BSD magazine! Is this increased activity among the
BSD developers a sign of greater acceptance of their preferred operating
system? In other news: openSUSE releases new bleeding-edge software
packages for beta testing, KDE 4.0 RC1 draws mixed reaction in the
developer community, sidux celebrates its first birthday, and Linux Mint
branches out to develop user-friendly solutions for Debian GNU/Linux and
Fedora. Finally, don't miss our lead story - a first look at the newly
released Linux Mint 4.0."
Comments (none posted)
Interviews
Jonathan Roberts interviews
Thomas Fitzsimmons, the lead developer of Fedora's IcedTea package.
" Java is a popular programming language used both on the desktop and
the net. Until recently users who wanted to use just free software have had
to struggle with partial support for Java, but now that Sun have begun
freeing their Java implementation the way has opened for free software
developers to create an entirely free implementation. This free Java,
IcedTea, was shipped by default with Fedora 8, and so we talked to
Thomas Fitzsimmons, the lead developer behind this feature."
Comments (none posted)
Mage Power talks
with Eric Sandall, Grimoire Lead at Source Mage GNU/Linux.
" Would you please explain what the Grimoire is? A grimoire
is a complete container of spells, their sections, and supporting scripts
(such as account management) necessary for the spells to function. We have
multiple official grimoires: z-rejected for binary-only and non-OSI
licenses, games for the majority of games, test is the up-to-date grimoire
where packages are first released for wide testing, stable-rc is where we
have a snapshot of test to prepare for a new stable release, and the stable
grimoire has some testing done to it to verify packages work and is the
most bug-free release. There is no one grimoire, but rather multiple
grimoires each providing a different selection. A few unofficial grimoires
are maintained by various developers with packages they are working on and
one hosted on the SMGL servers is xorg-modular, where we're working on
integrating the newest X.org release process into our main
grimoire."
Comments (1 posted)
Page editor: Rebecca Sobol
Development
By Forrest Cook
November 28, 2007
Backing up data stored on computers is one of the most important
jobs of a systems administrator. A regular backup routine can save
large amounts of heartache and frustration when a disk drive or
system fails. Disk failure should be treated as something that is
guaranteed to happen in the life (and death) of every disk drive.
And, disk failures always seem to happen at the worst possible
moment. Typical failures happen on Friday afternoon before a vacation
is about to start or when the boss comes into your office
demanding that critical report that lives on the machine with the
smoke curling out of the power supply.
Over the years, your author has lived through many backup technologies.
In the early days of home computing and CP/M systems,
floppy to floppy transfer was the only method to save data.
Floppies were unreliable and multiple copies were important.
When hard drives became normal hardware on DOS-based microprocessor
systems, backups were performed on piles of floppy disks or short-lived
tape technologies. It was a bad day when floppy disk 29 of a batch of 30
encountered a read error during the restoration of a disk.
Mainframe systems in the early 1980s required copying the contents
of washing machine sized disk drives to piles of 9 track open reel tapes.
As drives were added, the piles of tapes became larger. Large storage
areas were required for storing racks of tapes.
The 1990s brought larger disk drives and the capabilities of the
mainframes and PCs were converging. Single filesystems could be
copied to DC100 serpentine tape cartridges, if one had a lot patience.
Helical scan SCSI tape drives such as Exabyte 8mm and DDS 4mm were able to
store the contents of multiple filesystems on one tape.
For a brief while, tape capacity surpassed filesystem size.
Robotic tape library machines could be programmed to automate
the backup process and allow large numbers of filesystems to
be copied to stacks of tapes.
Disk capacities continued to expand rapidly. AIT tapes were
good for larger backups, but the media was pricey.
RAID arrays became a good way to increase storage
capacity and improve reliability, but downtime could be long in the event
of a controller failure.
RAID backups are still critically important.
Disk drive prices continued to fall.
At some point after the year 2000,
the price/performance of disks versus tapes made it more economical
to buy another disk drive to copy data to.
For the moment, it appears that the disk/tape competition
is over and disks won.
With a removable drive sled or a USB drive, a hard drive can now be
treated as a high speed random access data cartridge.
With multiple online machines, it is possible to
use one machine as a backup repository for another's data.
Today, it is possible to buy a 300GB disk drive for just over
$100. Larger drives can be had for a slightly higher cost per byte.
On a Linux platform, two of the oldest and most common backup
utilities are dump and tar. Both work with tape and disk-based
archives. Dump has the advantage of being able to dig through
the contents of an archive and pick individual files to restore
before reading the entire media. Unfortunately, the dump archive
format has gone through a lot of changes. This means, for example,
that a dump archive that was created on a Red Hat 7.3 system may be unreadable on a Ubuntu 7.04 system. Reading old tar files is more
likely to result in success across systems of different vintages.
Your author decided to standardize on tar-based backups.
Now for some current real-world examples for performing
disk-to-disk backups:
Here's how to use dump to copy the local / filesystem to a compressed
and datestamped file on the same machine's /backup filesystem:
cd /backup
/sbin/dump 0ufa - / | bzip2 > ./localslash`date +%Y%m%d`.bz2
Here's how to use tar to do the same type of local to local backup:
cd /backup
/bin/tar cf - / | bzip2' > ./localslash`date +%Y%m%d`.tar.bz2
Here's how dump is used to backup the / filesystem on a machine
called remote to the local machine's /backup partition:
cd /backup
ssh remote '/sbin/dump 0ufa - / | bzip2' > ./remoteslash`date +%Y%m%d`.bz2
Here's how to use tar to do the remote to local backup:
cd /backup
ssh remote '/bin/tar cf - / | bzip2' > ./remoteslash`date +%Y%m%d`.tar.bz2
The above commands should be run from the root account and
the remote backups can work without passwords if ssh is setup
correctly. Ssh and the ssh server should be installed and configured
on the machines. The dump and/or tar manual pages should be consulted
for more information on the various command options.
Restoration of the filesystems involves using
bunzip2 to uncompress the archive, then restore (for dump) or tar
(for tar) to split out the contents to a local disk.
Restoration across the network is possible with the use of ssh.
A good backup scheme should be devised. Your author has a dedicated
machine with a large disk drive and an old DDS3 tape drive that is used
to backup all of the rest of his machines to. Variations on the
above examples are used in several machine-specific scripts to
backup one machine at a time. The backups are performed several times
a month.
Backups can be copied from the backup machine's disk to tape for
offsite storage. The entire backup set is occasionally copied
to another machine's large disk for redundancy.
Datasets can simply be copied with cp to removable media.
A 100GB+ audio archive is managed differently than standard filesystems,
the rsync command is used to clone the data from one machine to another.
In the early 1990s, your author couldn't imagine ever getting
close to filling up a 9GB disk drive. Then came audio archives,
digital cameras with movie modes and other large data sources.
Several hard drive failures and machine meltdowns have occurred,
but no data has been lost. With a little planning, your data can
be kept safe.
Comments (60 posted)
System Applications
Database Software
Version 8.3 Beta3 of the PostgreSQL DBMS has been announced.
" Thanks to all the testing, feedback and bug reports the community has
performed with the first and second betas, we now have our third beta
of 8.3.
We hope that this will be our last beta before release candidate
so please download and continue testing to ensure that any issues
you raised have have been resolved. As always, our community is
the first line of defense to help us find any "corner cases" of possible
issues."
Full Story (comments: none)
The November 25, 2007 edition of the Postgres Weekly News
is online with the latest PostgreSQL DBMS articles and resources.
Full Story (comments: none)
Embedded Systems
Stable versions 1.8.2 and 1.7.4 of BusyBox, a collection of command line
utilities for embedded systems, have been
announced.
" These are bugfix-only releases. 1.8.2 contains fixes for inetd, lash, tar, tr, and build system. 1.7.4 contains a fix for inetd."
Comments (none posted)
Interoperability
Version 3.0.27a of Samba has been announced.
" This is a bug fix release of the Samba 3.0.27 code base and
is the version that servers should be run for for all current
Samba 3.0 bug fixes."
Full Story (comments: none)
Package Management
The first version of GooPackage has been
announced.
" The open source package manager for Google applications, GooPackage, officially announces its initial release (0.1). GooPackage is a apt-like package manager that offers the ability to install Google web programs onto a desktop using Mozilla Prism."
Comments (none posted)
Security
Version 2.4 of OSsonar has been
announced.
" OSsonar monitors systems. It continually audits by managing a collection of auditors called sensors. If a sensor becomes concerned, it can launch countermeasure to handle the concern. Helpful with SOX compliance, remote monitoring - CYOA for Sys Admins.
OSsonar 2.4 has been released. New remote monitoring sensors added for Linux and Unix servers."
Comments (none posted)
Web Site Development
Version 2.0.0 of 2step plug-in for Eclipse 3.x has been announced.
" 2step is a development framework written in Java for developing complete web applications (including web services). As a servlet framework features access control, logging, I18N, database access, deploy, XML/XSL, etc, and uses Jetty, FOP and jCharts.
A new version of the 2step plug-in for Eclipse (v2.0.0) has been released. It has been testes with latest Eclipse release (Europa, v3.3), and also v3.2, but it might work with any 3.x Eclipse version.
The main new feature of the plug-in is a shiny new content assistant for the 2step language."
Comments (none posted)
Version 3.3.6 of mnoGoSearch, a web site search engine, has been
announced. See the
changelog file for more information.
Comments (none posted)
Version 2.5 of the Quixote web development platform is out with a bug
fix and support for Python 2.5.
Full Story (comments: none)
Desktop Applications
Data Visualization
Version 1.1.0 of Graphviewer, a data visualizer tool, has been
announced.
" Graphviewer is a generic data visualization tool written in FLTK 1.1 that reads input from a command line data source on the standard input and renders that into a scrolling graph, similarly to perfmeter-like applications." Graphviewer is based on FLTK.
Comments (none posted)
Desktop Environments
The following new GNOME software has been announced this week:
You can find more new GNOME software releases at
gnomefiles.org.
Comments (none posted)
KDE.News has a call for
testing on the daily
builds of KDE4. " We are now on the home stretch of the road to
KDE 4.0, but KDE still needs extensive user testing to make sure everything
arrives in the best possible shape for the release."
Comments (none posted)
The November 18, 2007 edition of the
KDE Commit-Digest has been
announced.
The content summary says:
" A Calculator and Show Desktop Plasmoid,
units conversion and contacts "runners", enhanced composite-based effects, a
"dashboard" view and applet hover handles in Plasma. Updated artwork for
"about" pages (like the one present in Konqueror upon application startup).
Support for quick user switching in Kickoff. Continued development progress
in KDevelop 4. Work begins on resurrecting KEduca for the KDE 4.1 timeframe..."
Comments (none posted)
The November 25, 2007 edition of the
KDE Commit-Digest has been
announced.
The content summary says:
" A Trash applet, various general improvements, and support for sharing configuration layouts in Plasma. "Undo close tab" feature in Konqueror. Development continues towards Amarok 2.0, with services becoming plugins and support for the Amapche music server. Continued progress in KDevelop and KEduca. More work on album display and improved thumbnails (with RAW format support) in Digikam. A BitTorrent plugin for KGet, based on the recently created libktorrent..."
Comments (none posted)
The following new KDE software has been announced this week:
You can find more new KDE software releases at
kde-apps.org.
Comments (none posted)
Electronics
Development snapshot 2007-11-21 of gnucap, a circuit analysis package,
has been
announced.
" This snapshot provides (over the old one) ...
1. Bug fix .. "build" exits properly now. This bug was
introduced in the 2007-11-02 snapshot as a result of fixing
another bug.
2. Plugins should work on MS-Windows, compiled with mingw."
Comments (none posted)
New documentation is available for the Gnuradio software controlled
radio development platform.
" Thanks to feedback, comparing with the old version, the new document
corrected tens (may be more!) mistakes, and a new documentation was added
for the blocks that were not documented in the first published documents.
The most important enhancement in the new version is the adding of an
alphabetical index to all gnuradio functions and blocks."
Full Story (comments: 1)
Version 0.8.6 of
Icarus Verilog, an electronic simulation language compiler,
has been announced.
According to the
changelog:
" This is a bug fix update of the 0.8 stable version of Icarus
Verilog. The v0.8 series tries to remain as stable as possible while
still fixing bugs that are safe to fix."
Comments (none posted)
Release 2007-11-19-RC of
Kicad,
a schematic capture and printed circuit CAD application, is out.
See the
release notes
for details.
Comments (none posted)
Games
Version 0.6.1 of Atlas-C++ has been
announced
by the WorldForge game project.
" Atlas-C++ is the standard implementation of the WorldForge Atlas protocol. This release is primarilly aimed at developers and users who want to build the WorldForge system for themselves.
Major changes in this version:
* The codec and negotiation parsers are now more efficient.
* A small addition has been made to the objects interface for testability."
Comments (none posted)
Music Applications
Version 1.0.8 of FluidSynth is out with numerous new features and bug fixes.
" I'm pleased to announce the release of FluidSynth 1.0.8.
Dubbed "Its about funky time!", since it was almost 2 years ago since
the last release."
Full Story (comments: none)
Office Applications
Versions 4.4.3 and 4.3.7 of HylaFAX,
a FAX modem interface application, has been
announced. " These releases are maintenance releases, and do
not contain any new features or functionality, but only contain
bugfixes".
Comments (none posted)
Office Suites
KDE.News covers
the latest alpha release of KOffice 2.
" Immediately after the release of KDE 4.0 RC1, the KDE office suite KOffice today announced the release of version 2.0 Alpha 5. As with the previous alpha versions of 2.0, this is a technology preview more than a version for users to test out. Nonetheless there are some exciting new features and developments here."
Comments (none posted)
Web Browsers
MozillaZine takes a
look at the latest security holes to be patched with the release of Firefox
2.0.0.10. LWN is tracking vendor updates here.
Comments (1 posted)
Languages and Tools
C
The November 27, 2007 edition of the GCC 4.3.0 Status Report
has been published.
" We are in Stage 3. When we reach 100 open regressions, we will go to
regression-only mode. When we approach the 4.3.0 release, we will
create a branch, and open Stage 1 for 4.4.0."
Full Story (comments: none)
Caml
The November 27, 2007 edition of the Caml Weekly News
is out with new articles about the Caml language.
Full Story (comments: none)
JSP
Version 1.0 alpha 6 of Myna has been
announced, it features an API change among other things.
" Myna is a Java web development platform based on Mozilla's Rhino JavaScript engine. It allows developers to access the full power of Java with the development speed of JavaScript."
Comments (none posted)
Perl
brian_d_foy has
announced a new
Perl 6 on Parrot Roadmap.
" On Friday I wrote up a brief ROADMAP for Perl 6 on Parrot development, and rather than repeat it all as a journal post I'll just link to it. It really does describe where we've been, and where we're going in the next couple of months as far as Perl 6 development."
Comments (1 posted)
Python
The November 28, 2007 edition of the Python-URL! is online with
a new collection of Python article links.
Full Story (comments: none)
Tcl/Tk
The November 23, 2007 edition of the Tcl-URL! is online with new
Tcl/Tk articles and resources.
Full Story (comments: none)
Bug Trackers
Version 2.6.3 of zenTrack has been
announced. The software is a:
" Highly configurable bug tracking, project management, and help desk solution. Project focus is on configurability, usability, and clean code.
We're putting the finishing touches on the 2.6.3 release and we'll be rolling it into production some time tonight."
Comments (none posted)
Miscellaneous
Version 2.1.0 of xMarkup, a Text Transformation Utility, has been
announced.
" xMarkup is a text transformation utility for processing of a set of ASCII files. All Win-32 and POSIX/UNIX platforms.
The transformations performed by utility can be extremely complicated comparing to ordinal search & replace procedures.
Actually the utility uses a procedural language, with help of which any algorithms of text transformations can be implemented."
Comments (none posted)
Page editor: Forrest Cook
Linux in the news
Recommended Reading
DesktopLinux
reports
on the Linux Foundation's third annual
desktop Linux survey, which runs until the end of November.
" For starters, almost 20,000 self-selected users filled out this year's survey compared to fewer than 10,000 in 2006's survey. The survey, which drew primarily from European users (51.5 percent) followed by North Americans (35.8 percent), found that the vast majority of Linux desktops (68.4 percent) are deployed in SOHOs (small office / home office) and small business settings having one to a hundred PCs running Linux. Medium-sized businesses with user bases of 101 to 500 (9.7 percent) and 1,001 to 5,000 (6.2 percent) Linux desktops came next."
Comments (1 posted)
Matt Asay takes a look at yet another Microsoft security article that compares the security of Windows to that of Linux and other free software. " Boiled down, Microsoft is effectively saying, 'Trust us to help you be secure' and open source responds, 'Trust us, but also trust yourself.' Open source doesn't force its adopters to give up security to the hands of a vendor, though there are certainly open-source vendors who are happy to enhance security and stand behind it for a fee."
Comments (4 posted)
Trade Shows and Conferences
KDE.News covers Akademy-es 2007.
" This past weekend, November 16th through the 18th, Zaragoza Spain was the home of Akademy-es 2007. The conference began early Saturday morning and finished Monday with a Hackathon. Akademy-es 2007, hosted by Hispalinux, Wireless Zaragoza, and the Zaragoza council, was a conference specifically for KDE developers and users from around Spain."
Comments (none posted)
LinuxDevices.com has a report from the Realtime Linux Workshop recently held in Linz, Austria. There's pictures and most of the accepted papers.
Comments (11 posted)
The SCO Problem
Groklaw reports that SCO's bankruptcy court has given the green light for the Novell case to go forward, contrary to SCO's wishes. " As Novell has pointed out in its papers, the Debtors simply cannot file a confirmable plan of reorganization until they know what liability they have to Novell. The resolution of the issues remaining in the District Court litigation will assist the Debtors, not burden them." The bankruptcy court reserves the right to decide whether Novell will be able to get any damages from SCO put into a trust, though.
Comments (none posted)
Linux Adoption
iTWire's David M. Williams tries to answer a common question about using Linux to run a business. Using information from companies who have switched from Windows to Linux, his answer is mostly affirmative. " He reported they had solved authentication issues using LDAP with replication to all servers and using Samba 3.0.24. This, he said, had slick integration with XP clients and Windows 2003 servers in both directions. Additionally, his company enhanced their mail platform by using 'Postfix for the MTA with amavis and spamassassin.' This, he advised, took a little tuning to stop spamassassin giving false positives but was do-able."
Comments (5 posted)
Interviews
ZDNet
interviews Andy Rubin from Google's Android mobile phone
software platform.
" Q: Why don't you join an existing Linux phone effort, such as the LiMo Foundation, or the Lips (Linux Phone Standards) Forum?
A: One of the key differences in the Open Handset Alliance with some of the existing consortiums is that we're actually building a product. Every member of the alliance has contributed something to the effort, and it's very product-focused."
Comments (none posted)
InformationWeek has an interview with Linus Torvalds covering a variety of topics: Linux development vs. proprietary software, what he foresees being added in 2008, and a brief response about patent threats. " This is actually the biggest strength of Linux. When you buy an OS from Microsoft, not only you can't fix it, but it has had years of being skewed by one single entity's sense of the market. It doesn't matter how competent Microsoft -- or any individual company -- is, it's going to reflect that fact."
Comments (none posted)
Reviews
Wired reviews
the Firefox 3 beta. " In fact the Location bar isn't just a
window to display the URL anymore -- it's also a full-text-search bar for
finding bookmarks or pages stored in your browsing history. Rather than
just searching for page titles and URLs, the way Firefox 2 does, the new
version looks for keywords within the page text itself. That makes it much
easier to find what you're looking for, even when you don't know where you
saw it."
Comments (18 posted)
O'ReillyNet takes
a look at some audio editors. " If you're not familiar with the
area of Linux audio editors, you might be totally amazed at just how many
there are. Clearly, writing these has scratched more than a few itches and
more than one has earned grades as a class project. It's not too hard to
figure out why the area has been popular. For one thing, mangling sounds is
fun, and for another, there is endless scope for playing with DSP
algorithms. You can do that these days without writing a whole editor, but
we'll get to that in a moment."
Comments (none posted)
Page editor: Forrest Cook
Announcements
Non-Commercial announcements
The Electronic Frontier Foundation has sent out a press release regarding
telecom lobbying records.
" San Francisco - On Friday, November 30, at 9am, the
Electronic Frontier Foundation (EFF) will urge a federal
judge to speed the release of lobbying records that could
shed light on the congressional debate over granting
amnesty for telecommunications companies taking part in
illegal electronic surveillance."
Full Story (comments: none)
GnomeDesktop.org has
announced
the 2007 GNOME Foundation Elections.
" The
candidates were announced.
This year, to make life easier for the candidates, the Membership Committee formulated the questions which will be answered on the GNOME Foundation mail list."
Comments (none posted)
Rather belatedly, the GNOME Foundation has sent out a
statement regarding its participation in the OOXML standardization
process. " We are deeply concerned that abuse of the standards
process is eroding public trust in the value and independence of
international standards. Both ODF and OOXML are very heavily influenced by
their implementation heritage, neither are likely to deliver the 'one true
office format', and both communities have - in their own way - played a
role in this erosion of trust."
Comments (40 posted)
A company called Lagos Analysis Corporation has sent out a press
release announcing a patent infringement lawsuit against the One Laptop
Per Child project. " The patent infringement lawsuit was filed on
November 22nd, 2007 as a result of OLPC's willful infringement of LANCOR's
Nigeria Registered Design Patent #RD8489 and illegal reverse engineering
of its keyboard driver source codes for use in the XO Laptops."
The patent text is hard to find, but it seems to relate to the design of
keyboards which facilitate the typing of text in multiple languages.
Comments (16 posted)
Commercial announcements
BitNami has announced the launch of
BitNami.org.
" The BitNami team has just announced
the launch of www.bitnami.org, built to help spread the adoption of freely
available, high quality open source web applications. BitNami Stacks are
downloadable, ready-to-run packages that make it easy to get started with
open source applications by automating the installation and configuration
process. This allows even non-technical users to be up and running with the
software in under five minutes. BitNami currently hosts Stacks for
blogging, bug-tracking, ECM, forums, portals, wikis and more."
Full Story (comments: none)
NComputing has announced the availability of its products on
the Ubuntu distribution of Linux.
" Joining its Windows-based
offerings, the NComputing open-source solution allows schools and businesses
worldwide to deploy full virtual PC stations, complete with hardware,
software, the Ubuntu operating system and the OpenOffice.org productivity
suite, at unprecedented low costs by leveraging the excess power of their
PCs and open-source license-free software."
Full Story (comments: none)
New Books
O'Reilly has published the book Linux Networking Cookbook
by Carla Schroder.
Full Story (comments: none)
Wiley has published
the book Mobile Python: Rapid Prototyping of Applications on the Mobile Platform by Jürgen Scheible and Ville Tuulos.
Comments (none posted)
O'Reilly has published the book Using Moodle, 2nd Edition
by Jason Cole and Helen Foster.
Full Story (comments: none)
Resources
Ulrich Drepper has posted the full text of "What every programmer should
know about memory" (recently serialized here on LWN) in PDF format. It's
a 114 page, 900KB download full of good information.
Comments (6 posted)
Contests and Awards
Google has launched a new project - the "Google Highly Open Participation
Contest" - aimed at getting pre-university students into free software
development. " Google will work with ten open source organizations -- Apache Software
Foundation, Drupal, GNOME, Joomla!, MoinMoin, Mono, Moodle, Plone, Python
Software Foundation, and SilverStripe CMS -- for this pilot effort, each of
which will provide a list of tasks to be completed by the student
participants." See the GHOP page for
more information.
Full Story (comments: 7)
Calls for Presentations
A
call for contributions
has gone out for the December, 2007 edition of the
Haskell Communities and Activities Report.
" Dear Haskellers,
so much has happened in the Haskell world in the past months.
Therefore, although later than usual, I would very much like
to collect contributions for the 13th edition of the
Haskell Communities & Activities Report".
Submissions are due by December 7.
Comments (none posted)
The Linux Clusters Institute Conference has
announced
(PDF) the call for papers for
the 9th LCI International Conference on High-performance Clustered
Computing. This year's gathering will focus on the technical
challenges facing the clustered computing community as we move into the
petascale era. We will examine the promise of new technologies such as
multi-core processors, acceleration coprocessors, advanced interconnects
and high-performance I/O solutions. We will also explore the potential
scaling and performance modifications necessary for systems, data and
applications to achieve petascale class performance." The deadline
for submissions is December 13, 2007. The conference runs April 28 - May
1, 2008, in Urbana Illinois, USA.
Comments (none posted)
A call for papers has gone out for the
National Computer and Information Security Conferences ACIS 2008.
The event takes place in Bogotá, D.C, Columbia on June 18-20, 2008.
Submissions are due by March 28.
Full Story (comments: none)
A call for papers
has gone out for the NLUUG spring conference.
" NLUUG (formerly the Unix User Group, the Netherlands) will organize a
conference about security on May 15 in Ede, the Netherlands. The program
committee is looking for speakers with an interesting story to tell."
Full Story (comments: none)
The Southern California Linux Expo (SCALE) call for papers closes on
Friday, November 30.
" If you're contemplating submitting a paper for any of these session,
don't delay - there are only a few speaker slots left."
Full Story (comments: none)
Upcoming Events
The schedule for talks at FOSS.IN is out. The conference starts on 4 December in Bangalore, India and features many technical talks from some of the most well-known free software community members.
Full Story (comments: none)
The next Linux Foundation Collaboration Summit will be held in
Austin, Texas on April 8-10, 2008.
" The Summit will be April 8 - 10, 2008. The format will be similar to
last year: April 8th will be a general day with panels and general
discussion and the inclusion of press and analysts. (And a social
event!) Days two and three will hold workgroup meetings (such as DAM,
LSB, CGL, etc) and collaboration sessions."
Full Story (comments: none)
Events: December 6, 2007 to February 4, 2008
The following event listing is taken from the
LWN.net Calendar.
| Date(s) | Event | Location |
|---|
December 4
December 8 |
FOSS.IN 2007 |
Bangalore, India |
December 7
December 8 |
Free Software Conference Scandinavia |
Gotherburg, Sweden |
December 7
December 8 |
PGCon Brazil |
Sao Paulo, Brazil |
| December 10 |
Paris on Rails (2nd Edition) |
Paris, France |
December 11
December 12 |
3rd DoD Open Conference: Deployment of Open Technologies and Architectures within Military Systems |
Vienna, VA, USA |
December 15
December 22 |
Unix Meeting 2007 |
IRC, Worldwide |
December 27
December 30 |
24th Chaos Communication Congress |
Berlin, Germany |
| December 31 |
Israeli Perl Workshop |
Ramat Efal, Israel |
January 11
January 13 |
FUDCon Raleigh 2008 |
Raleigh, NC, USA |
January 16
January 17 |
QualiPSo Conference 2008 |
Rome, Italy |
January 17
January 19 |
KDE 4 release event |
Mountain View, CA, USA |
| January 24 |
Federal DBA Day |
Washington DC, USA |
January 28
February 2 |
Linux.conf.au 2008 |
Melbourne, Australia |
January 28
February 1 |
Ruby on Rails Bootcamp with Charles B. Quinn |
Atlanta, Georgia, USA |
January 29
January 31 |
Solution Linux 2008 |
Paris, France |
| February 1 |
Open Island |
Belfast, United Kingdom |
If your event does not appear here, please
tell us about it.
Web sites
The
OpenOffice.org Community Forum has been launched.
" This new Forum goes
beyond being simply a knowledge base of questions and answers and is
rather a place for OpenOffice.org users to interact freely with each
other.
The Forum has been established by a team of enthusiasts who bring a wealth
of expertise gained in providing OpenOffice.org forum-based support.
Initially launched in English, the new platform has the
capability to support multiple languages in future."
Full Story (comments: none)
Audio and Video programs
LugRadio fans can now download LugRadio Season 5
Episode 5 - "A Quality Production" " Jono Bacon, Stuart Langridge,
Chris Proctor and Adam Sweet talk about Linux, open source, and all manner
of associated things." This show includes an interview with Havoc
Pennington and Colin Walters from Red Hat about the Gnome Online Desktop
project, a discussion on the need for rockstar programmers, and much more.
Comments (none posted)
A series of audio podcasts from the 2007 PyCon conference
are being made available.
" After many delays, we've begun posting recordings of talks from PyCon
2007 as a podcast, roughly one talk per week."
Full Story (comments: none)
Page editor: Forrest Cook
|
|
|
