Your editor has never been a big fan of video cameras. They have a very
strong observer effect - they distort the social dynamics of events where
they are present. It is also sad to see vacationers who, on the rare
occasions when they get out, capture their every step on video; even when
they leave the house, they watch their lives on television. So your editor
has a strong preference for old-style, organic video memory.
The fact of the matter, however, is that your editor does not always get
the final vote, especially in any area related to the raising of children.
So your editor's household contains two video cameras - one ancient, one
less so - and a set of tapes with no end of priceless memories. Alcohol
may have dimmed the experience of some of those early musical performances
and such, but video tapes are forever.
Except, of course, that they are not. In particular, the older camera,
being the only device in the house which can play those old 8mm analog
tapes, is starting to make some very strange noises. The kind of noises
which generally come just before an extended session dedicated to the
extrication of a terminally crinkled tape which has just been firmly
wrapped around and embedded within a surprising amount of severely-jammed
helical scan hardware. The spouse
and the grandparents have all let it be known that this is not an
acceptable course of events, so your editor has been tasked with saving
all of this legacy data.
One could, of course, go to a local merchant who, for an amount of money
obtainable via an hour or two of consulting work, would transfer this data
safely to some sort of optical digital media, where it would be guaranteed
to survive for at least a few months. Or one could spend an order of
magnitude more time figuring out how to do the work on a Linux system
without the intervention of said merchant. Needless to say, your editor
never thought twice - something which explains a number of difficult
situations in which he has found himself over the years.
This article is the first of (probably) three which describe your editor's
odyssey through the hazards of video processing on Linux. The topic this
time around is the capture of video data - how does one get imagery from a
video tape onto a disk drive? The second segment will look at video
editing, turning a disk full of home movies into something moderately more
professional in appearance. Then the final installment will go into DVD
authoring, otherwise known as the process of getting all that old footage
into the hands (and players) of the grandparents.
The older camera is an analog-only device, necessitating the use of some
sort of analog-to-digital conversion on the way into the computer. As it
happens, your editor is in possession of a Hauppauge WinTV PVR-250 card
which, one would think, is ideally suited to this task. Hauppauge is known
for working with the free software community, with the effect that its
hardware is well supported by the IVTV driver which, after a long
development process, was merged into the 2.6.22 kernel. So, one would
think, grabbing the data from this device should be easy. And it is,
though it took your editor some time to figure out how.
As it turns out, there are very few video capture applications for Linux.
And there is nothing which is really aimed at people trying to bring in
data from analog cameras. One could use a PVR system like MythTV or Freevo
for this purpose, but they are not really intended for this use case. Your
editor, who has been through the process of setting up MythTV in the past,
chose not to take this approach.
One possible candidate was dvgrab, a tool which is part of the Kino project. This tool, however, is
intended for use with FireWire-attached video cameras - we will see how
well it works in that mode shortly. There is also a -v4l2 option
which claims to capture via Video4Linux2, seemingly ideal for this
purpose. Alas, dvgrab is written to use the V4L2 streaming mode, and,
amazingly, the IVTV driver does not support that mode. So dvgrab refuses
to work with the Hauppauge devices. A look at the code suggests that
convincing it to use the V4L2 read/write mode should not be too hard, but
that was beyond the scope of your editor's ambitions at this time.
As an aside, this sort of glitch seems to be a common problem with the
Video4Linux2 API. V4L2 is well suited to letting applications drive video
hardware to the very fullest extent of its capabilities, but that
flexibility comes at the cost of forcing quite a bit of complexity onto the
application side. A truly flexible V4L2 application must be prepared to
cope with a wide variety of hardware and to operate in very different ways
depending on what it finds. Most application developers do not make that
effort, with the result that incompatibilities between applications and
specific video devices are distressingly common. The V4L2 API is, in some
ways, similar to the approach taken by X11, with some similar results:
there was a long period where many applications performed badly when the
display was not running in an 8-bit pseudocolor mode. X11 has worked out
in the end; hopefully the same will happen with V4L2.
Another possibility was mencoder, a tool which is packaged with mplayer. Your editor does not doubt
that mencoder is capable of acquiring a video stream from this device,
converting it into any format one could imagine, and, while it's at it,
changing the camera angle and improving the musical talents of the children
being filmed. But anybody who has read the
mplayer/mencoder man page knows that it is a masterpiece of its kind -
a work written to a length that less verbose authors (Neal Stephenson, say)
could only dream about - though Stephenson does do a better job of keeping
the plot moving.
The length of the manual reflects the complexity of the tool.
A typical mencoder command seems to run to about four
terminal lines - and that's for a relatively wide terminal. An example
from the
mencoder documentation reads like this:
The end result is that nobody who has not developed significant expertise
in video technology, codecs, formats, and more will be able to create one
of these commands. Mencoder is a highly capable tool, but approaching it
for a task like this is reminiscent of trying to get to the corner store
starting with a build-your-own-automobile kit. There are just too many
pieces (incomprehensible pieces at that) to put together.
Then, there is transcode. The man
page for this utility formats up to a good 50 pages, so it is not the
simplest tool either. This problem space, it would appear, forces the
creation of complex interfaces. Transcode has a V4L2 input module, which should do the
trick, but, like the dvgrab version, it requires streaming I/O capability.
So transcode, too, fails to work for this purpose; your editor is starting
to think that it might be time to hack a bit on the IVTV driver.
Another candidate was cinelerra - a
video editing tool which we will see again in future installments. Your
editor tried cinelerra on a few different platforms, using both binary
distributions and building from source. Suffice to say that building
cinelerra from source is not something to attempt when one is short on time
or short on temper. Cinelerra has a record mode, but it requires the V4L2
streaming capability. Of course, it does not bother to check whether that feature is
available or not, with the result that attempts to record video yield only silent blackness.
Cinelerra is a
vastly powerful editing tool, but it was not usable for this task.
So how did your editor finally succeed in getting the analog video data to
disk? The first step was to locate the highly-useful v4l2-ctl
application which, seemingly, is only available from the V4L-DVB code repository. This tool
provides command-line access to the extensive set of V4L2 ioctl()
calls, enabling detailed configuration of the device. In particular, your
editor made use of it to switch the device to its composite video input.
The second step, then, is decidedly low-tech:
cp /dev/video priceless-video-data.mpg
The end result is a file containing just the video and audio data desired,
in a form which, as it turns out, can be burned directly to DVD. There is
no preview of incoming data, no computer-based camera control, no little
flashing counters. But it works.
The current state of the art for video camcorders is to provide digital
data via an IEEE 1394 (FireWire) port. When one has this sort of device,
life is rather easier - though it seems that there really is only one game
in town. That game is kino - a video
editing tool - and its associated dvgrab tool. Either tool will work for
capture from a digital video device. They can control the camera, split
the incoming data into scenes, and generally make the process painless.
Technology does actually get better sometimes. Kino and dvgrab will only
store data in the DV format,
necessitating a transcoding operation before writing DVDs, but that is a
minor difficulty.
Your editor has learned a few things from this process. One is that the
IVTV driver needs some work. But the real lesson is that working with
video data under Linux involves dealing with a level of complexity that is
far beyond what most people have any desire to understand. And this
complexity hits hardest at the very front end: trying to get video data
onto the system and into a workable format. Your editor suspects that most
people who run into this wall quickly give up and buy a proprietary system
for this kind of work. In other words, there's a whole world full of
creative people doing interesting things with video, and Linux, despite
having many of the basic capabilities these people need, is not an option for
them.
Meanwhile, your editor has a disk full of video imagery - and a healthy
appreciation for just how nice the storage explosion of the last few years
has been. Now it's just a matter of bashing all of that data into a useful
form for grandparental distribution - a process which looks like it might
just take a bit of time. Stay tuned for your editor's video editing
experience, due to appear on these pages within the next few weeks.
Audio and video content are increasingly important components of the World
Wide Web, which some of us remember, initially, as a text-only experience.
Users of free software need not be told that the multimedia aspect of the
net can be hard to access without recourse to proprietary tools. So the
decisions which are made regarding multimedia support in the next version
of the HTML specification are of more than passing interest. A current
dispute over the recommended codecs for HTML5 shows just how hard
maintaining an interoperable web may be.
In particular, several big players have complained about the inclusion of
Ogg Vorbis and Theora into the standard, causing a predictable uproar in
the free software community. To many, it looks like a classic
free-versus-proprietary standards showdown. In truth, the issue is not
clear cut; there are nuances that are difficult to turn into a banner
headline. The heart of the problem is patents, but, unexpectedly, it is
the Ogg codecs that are claimed to be at risk.
Nokia fired a very public shot at the Ogg family with a position
paper [PDF], calling it "proprietary". It is unclear what Nokia hoped to
gain with this statement, other than inflaming the community, as Ogg Vorbis
and Theora are clearly open codecs, with free reference implementations
– just the opposite of proprietary. In addition, unlike most (or
all) other
codecs, a patent search was done to look for relevant patents for Vorbis
and Theora, with the Xiph.Org Foundation
claiming that none could be found. Some contend that an exhaustive patent
search is essentially impossible, but most
codecs (MP3, H.264, etc.) are known to be patent-encumbered, which
would seem to make them a poor choice for HTML5.
Ogg, Vorbis, and Theora
Ogg is a container format that can contain multiple chunks of data,
typically multimedia data. Ogg is designed so that it can be processed as
it is received, rather than having it all available at once, to facilitate streaming.
Vorbis is a codec (short for coder-decoder) that encodes audio data
at various bitrates. Vorbis is a lossy, compressed format that saves space
at the expense of perfect reproduction, much like MPEG-1 Audio Layer 3 aka
MP3. Theora is a codec for video data, also lossy, akin to MPEG-4. An Ogg file
could contain a mixture of Theora and Vorbis data to handle the video and
audio of a particular work, but it is not in any way tied to those
formats. An Ogg file could instead contain MP3 and MPEG-4 data or data from any
other codec.
The draft of an HTML5 specification under construction by the Web Hypertext Application Working Group
(WHATWG) contained, up until this week, a
recommendation for the Ogg codecs. Ogg was not required, only listed as
something that SHOULD (i.e. not MUST) be implemented by conforming
browsers. That recommendation was dropped from the draft this week, replaced with the
following:
It would be helpful for interoperability if all
browsers could support the same codecs. However, there are no known
codecs that satisfy all the current players: we need a codec that is
known to not require per-unit or per-distributor licensing, that is
compatible with the open source development model, that is of
sufficient quality as to be usable, and that is not an additional
submarine patent risk for large companies. This is an ongoing issue
and this section will be updated once more information is
available.
Some of the big browser makers, notably Microsoft and Apple, have said that
they will not support Ogg Theora – Vorbis is less of an issue –
out of a concern for patents, particularly submarine patents. Ian Hickson,
WHATWG spokesperson points
to the Eolas and MP3 patent attacks against Microsoft (with damages in
excess of a billion dollars) as examples of what the large, deep-pocketed
companies are concerned about. If there is a patent covering (or appearing
to cover) any of the techniques used in Theora, it is the large companies
that are going to be on the hook.
Vorbis
provides the perfect escape for proprietary audio prisons. Apple and Nokia
are having problems with consumers and authors actually waking up and using
free, non-patent-encumbered, widely available, unrestricted,
non-proprietary
technology. Since Vorbis directly threatens their ability to sell traps,
they are extorting your compliance with threats of not supporting the HTML5
spec.
There may be some truth to that, but there are some legitimate
problems with Theora as well. The technical complaints tend to compare it
to H.264 (the most popular MPEG-4 codec), but that is something of a red
herring. Neither the WHATWG, nor the World
Wide Web Consortium (W3C) are going to allow a technology known to be
licensed only on a royalty basis into HTML5. W3C, which will eventually make
the final decision on what goes into HTML5, has a policy of requiring
technology to be licensed in a royalty-free (RF) mode before it can be approved for
inclusion into a standard.
All members of a particular W3C working group are required to disclose
patents they believe to be relevant and to provide them to implementors on
an RF basis. There may be relevant patent holders who are not members of the
working group, thus not subject to that requirement, but if they have
enforced their patent on a particular technology, the W3C will try to find
an alternative. There may also be patent trolls waiting for someone with
deep pockets to implement something covered by a patent they hold –
this is the submarine patent threat.
Apple, Nokia, Microsoft and others have already implemented (and licensed)
MPEG-4, so there would be no additional risk to them if that were used as
the baseline video codec for the web. Using Theora as an alternative is seen
by the larger players as a huge increase in their risk, with no benefit to
their customers because there is, for all intents and purposes, no Theora
content out there. For free software and smaller
companies, the situation is clearly quite different.
The lack of Theora-encoded content is the crux of the matter. There might
be lots of whining, but big companies would be forced by their customers
to support Theora, patent suit risk or no, if there were interesting
content available in only that form. This has led to a call
for more Theora content:
Do compelling demos. Release video in Theora format. It may be easy to use
a service that provides video for you in exchange for giving them certain
rights but if you want your format to succeed, then increased usage is the way.
The WHATWG folks seem to have the needs of free software firmly in mind;
certainly the W3C RF policy makes it abundantly clear that a proprietary
solution will not be required, or even recommended, for HTML5. The
participants on the mailing list, and Hickson, in
particular, have been very patient with the onslaught of flamers
screaming about the change. The whole HTML5 effort is centered around
interoperability for the web, so any technology that will not be
implemented by Microsoft and Apple runs directly counter to that goal.
WHATWG seems to be between the proverbial rock and hard place.
Several potential solutions are being considered. Possibilities include
leaving a video codec recommendation out of HTML5 – not a
particularly interoperable solution – or finding a codec that is old
enough that any patents covering it must have expired. Another alternative
would be to get some other current codec (MPEG-4 for instance) licensed on
an RF basis. This issue will undoubtedly be discussed at the W3C Video on the Web
Workshop currently being held in San Jose and Brussels. Stay tuned.
In the last few years FOSS.in has
established itself as one of the largest open source conferences in
Asia. This year the organizers re-orientated the conference to address
what they see as the Indian open source community's biggest challenge. LWN
dropped by the conference to see the changes and get an impression of
the results.
FOSS.in was started in 2001 under the name "Linux Bangalore" in the centre
of India's software industry. At that time it was difficult to get
information about free software in India -- internet access was still not
widespread, the software industry was focused on proprietary tools and
the publishing industry had not picked up on FOSS yet. Linux Bangalore
addressed an untapped market for FOSS education and was an unqualified
success from the start.
LB, as it was known, was focused on encouraging the use of free software
in India. The content was a mix of tutorials, howtos and advocacy. The
conference retained a user orientation for many years -- the only
significant developer activity was from the Indian localization
community.
By 2005 FOSS had hit the mainstream. The Linux Bangalore organizers began
to feel that it needed a greater raison-d'etre than advocacy
and popularization. Despite changing its name to FOSS.in to reflect a
larger scope, the danger remained that the conference would soon be lost
among a host of other sources of open source information.
It was then that the FOSS.in team, led by Atul Chitnis, turned its
attention to another problem. The Indian free and open source community
had long worried that its level of participation in the open source
process was very low in relation to its size. There were very few
visible Indian hackers -- India was beginning to develop a reputation of
being a nation of FOSS consumers that did not contribute back.
This was especially alarming because many sections of the local
software industry had wholly moved to free software. The embedded
software industry, for example, had discarded proprietary alternatives
in favor of Linux. So there was a large base of qualified developers
who did not seem to be getting involved.
After a favorable response to the developer oriented tracks in
FOSS.in/2005 and 2006, the FOSS.in team decided to refocus the event on
encouraging FOSS contributions. The key, they decided, was exposure and
communication. They felt that if Indian developers had an opportunity to
meet and interact with active contributors they'd be inspired to do more
themselves.
To this end, they made a number of changes to the format. They added
'Project Days'
-- day long tracks on a specific FOSS project. They reduced the usually hectic
pace of the conference by reducing the number of talks. This gave the
audience more time to talk to speakers between talks. The more leisurely
pace encouraged lots of interesting conversations in the corridors.
Other facilities -- a "hack centre" containing machines, tents outside
the venue and a lounge area -- provided space for corridor conversations
and post-talk discussions to develop further.
The results were mixed. Attendance took a major hit. Previous editions
averaged about 3000 attendees, this year attendance dropped by over half
to about 1200. It was, however, a far more clued-in crowd which did not plague
speakers with off-topic questions. There were some complaints that
some talks were pitched at a far more basic level than were needed.
The Project Days seemed to have more participation
than was originally expected. There were tracks on Debian,
Mozilla, Gnome, OpenSolaris, Fedora, KDE, OpenOffice and the IndLinux project. In contrast, energy
levels at the main conference seemed muted. This was partly due to the
smaller crowds.
However, in the opinion of this correspondent, this was partly due
to scheduling and content. The tone of a conference is set early
on. The conference would have been better served by an initial
keynote that was flamboyant and inspiring rather the low-key
technical talk by the decidedly non-flamboyant Naba Kumar (the Anjuta lead).
The insistence on purely technical talks provided context and guidance
to potential contributors but may have failed communicate the
motivation: fun and high ideals. I think it's fair to say that the most
effective recruitment tool was when the always entertaining Rusty
Russell made a hapless member of the audience create a kernel patch
onstage and mail it to LKML.
The success of FOSS.in/2007 may not be measurable. It may be years
before the Indian FOSS community is proportional in size to the Indian software
industry. There are probably many other factors that will affect this
outcome. But the transition of FOSS.in to a true hacker conference can only
help this to happen.
Linux random number generation (RNG) is often a source
of confusion to developers, but it is also a very integral part of the
security of the system. It provides random data to generate cryptographic
keys, TCP sequence numbers, and the like, so unpredictability as well as
very strong random numbers are required. When someone notices a flaw, or
a possible flaw in the RNG, kernel hackers take notice.
Recurring universally unique identifiers (UUIDs), as reported by the smolt hardware
profiler client program, had some worried about problems in the
kernel RNG. As it turns out, the problem exists in
the interaction between Fedora 8 LiveCD installations and smolt –
essentially the UUID came from the CD – but it sparked a discussion
leading to some possible improvements. Along the way, some common
misconceptions about kernel RNG were cleared up.
The kernel gathers information from external sources to provide input to
its entropy pool. This pool contains bits that have extremely strong
random properties, so long as unpredictable events (inter-keypress timings,
mouse movements, disk interrupts, etc.) are sampled. It provides direct
access to this pool via the /dev/random device. Reading from that
device will provide the strongest random numbers that Linux can offer
– depleting the entropy pool. When the entropy pool runs low,
reads to /dev/random block until there is sufficient entropy.
The alternative interface, the one that nearly all programs should
use, is /dev/urandom. Reading from that device will not block.
If sufficient entropy is available, it will provide random numbers just as
strong as /dev/random, if not, it uses the SHA cryptographic hash
algorithm to generate very strong random numbers.
Developers often overestimate how strong their random numbers need to be;
they also overestimate how easy "breaking" /dev/urandom would be,
which leads to programs that, unnecessarily, read /dev/random. Ted
Ts'o, who wrote the kernel RNG, puts it this way:
Past a certain point /dev/urandom will start returning results which
are cryptographically random. At that point, you are depending on the
strength of the SHA hash algorithm, and actually being able to not
just to find hash collisions, but being able to trivially find all or
most possible pre-images for a particular SHA hash algorithm. If that
were to happen, it's highly likely that all digital signatures and
openssh would be totally broken.
There is still a bit of hole in all of this: how does a freshly installed
system, with little or no user interaction, at least yet, get its initial
entropy? When Alan Cox and Mike McGrath started describing the smolt
problem, the immediate reaction was to look closely at how the entropy pool
was being initialized. While that turned out not to be the problem, it did
lead Matt Mackall, maintainer of the kernel RNG, to start thinking about better pool
initialization. Various ideas about mixing in data specific to the
host, like MAC address and PCI device characteristics were discussed.
As Ts'o points out, that will
help prevent things like UUID collisions, but it doesn't solve the problem
of predictability of the random numbers that will be generated by these
systems.
In order to do that we really do need to improve
the amount of hardware entropy we can mix into the system. This is a
hard problem, but as more people are relying on these facilities, it's
something we need to think about quite a bit more!
Linux provides random numbers suitable for nearly any purpose via
/dev/urandom. For the truly paranoid, there is also
/dev/random, but developers would do well to forget that device
exists for everything but the most critical needs. If one is generating a
large key pair, to use for the next century, using some data from
/dev/random is probably right. Anything with lower requirements
should seriously consider /dev/urandom.
Versions of the autofs automounter daemon as shipped by Red Hat (and possibly other distributors) are installed with an insecure configuration; in particular, the "hosts" map lacks the "nosuid" option, allowing an attacker who has control over an NFS server to run setuid programs on vulnerable systems.
Rafal Wojtczuk of McAfee AVERT Research discovered that e2fsprogs,
ext2 file system utilities and libraries, contained multiple
integer overflows in memory allocations, based on sizes taken directly
from filesystem information. These could result in heap-based
overflows potentially allowing the execution of arbitrary code.
An attacker could trigger one of the vulnerabilities by causing a Qt
application to parse specially crafted text or Unicode strings, which
may lead to the execution of arbitrary code with the privileges of the
user running the application.
Adriano Lima and Ramon de Carvalho Valle reported that functions
isc_attach_database() and isc_create_database() do not perform proper
boundary checking when processing their input.
A remote attacker could send specially crafted requests to the Firebird
server on TCP port 3050, possibly resulting in the execution of
arbitrary code with the privileges of the user running Firebird
(usually firebird).
The gss_userok function in appl/ftp/ftpd/gss_userok.c in Heimdal 0.7.2 does not allocate memory for the ticketfile pointer before calling free, which allows remote attackers to have an unknown impact via an invalid username. NOTE: the vulnerability was originally reported for ftpd.c, but this is incorrect.
The NFSv4 ID mapper (nfsidmap) before 0.17 does not properly handle return values from the getpwnam_r function when performing a username lookup, which can cause it to report a file as being owned by "root" instead of "nobody" if the file exists on the server but not on the client.
MySQL Community Server before 5.0.51, when a table relies on symlinks created through explicit DATA DIRECTORY and INDEX DIRECTORY options, allows remote authenticated users to overwrite system table information and gain privileges via a RENAME TABLE statement that changes the symlink to point to an existing file. (CVE-2007-5969)
MySQL Community Server before 5.0.45 does not require privileges such as SELECT for the source table in a CREATE TABLE LIKE statement, which allows remote authenticated users to obtain sensitive information such as the table structure. (CVE-2007-3781)
Cross-site scripting (XSS) vulnerability in Nagios 2.x before 2.10 allows remote attackers to inject arbitrary web script or HTML via unknown vectors to unspecified CGI scripts.
phpMyAdmin 2.9.1.1 allows remote attackers to obtain sensitive information
via a direct request for themes/darkblue_orange/layout.inc.php, which
reveals the path in an error message.
A format string vulnerability in the mdiag_initialize function in gtk/src/rbgtkmessagedialog.c in Ruby-GNOME 2 (aka Ruby/Gnome2) 0.16.0, and SVN versions before 20071127, allows context-dependent attackers to execute arbitrary code via format string specifiers in the message parameter.
A stack buffer overflow flaw was found in the way Samba authenticates
remote users. A remote unauthenticated user could trigger this flaw to
cause the Samba server to crash, or execute arbitrary code with the
permissions of the Samba server.
Several vulnerabilities have been identified in xfs, the X font
server. The QueryXBitmaps and QueryXExtents protocol requests suffer
from lack of validation of their 'length' parameters. Maliciously
crafted requests can either cause two different problems with both
requests:
* An integer overflow in the computation of the size of a dynamic
buffer can lead to a heap overflow in the build_range() function.
* An arbitrary number of bytes on the heap can be swapped by the
swap_char2b() function.
Bas van Schaik has found a privilege escalation in the agentd process
of the Zabbix network monitor application. Agentd can be used to run
user commands under the root account, leading to an escalation of
privilege.
Adobes acrobat reader has the following vulnerabilities:
The Adobe Reader Plugin has a cross site scripting vulnerability that
can be triggered by processes malformed URLs. Arbitrary JavaScript can
be served by a malicious web server, leading to a cross-site scripting
attack.
Maliciously crafted PDF files can be used to trigger two vulnerabilities,
if an attacker can trick a user into viewing the files, arbitrary code
can be executed with the user's privileges.
From the Mandriva advisory: "The recall_headers function in mod_mem_cache in Apache 2.2.4 does not
properly copy all levels of header data, which can cause Apache to
return HTTP headers containing previously-used data, which could be
used to obtain potentially sensitive information by unauthorized users."
The Apache HTTP Server did not verify that a process was an Apache child
process before sending it signals. A local attacker who has the ability to
run scripts on the Apache HTTP Server could manipulate the scoreboard and
cause arbitrary processes to be terminated, which could lead to a denial of
service. (CVE-2007-3304)
A flaw was found in the Apache HTTP Server mod_status module. Sites with
the server-status page publicly accessible and ExtendedStatus enabled were
vulnerable to a cross-site scripting attack. On Red Hat Enterprise Linux
the server-status page is not enabled by default and it is best practice to
not make this publicly available. (CVE-2006-5752)
From the Red Hat advisory: "A bug was found in Apache where an invalid Expect header sent to the server
was returned to the user in an unescaped error message. This could
allow an attacker to perform a cross-site scripting attack if a victim was
tricked into connecting to a site and sending a carefully crafted Expect
header."
cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value.
A flaw was found in the mod_proxy module. On sites where a reverse proxy is
configured, a remote attacker could send a carefully crafted request that
would cause the Apache child process handling that request to crash. On
sites where a forward proxy is configured, an attacker could cause a
similar crash if a user could be persuaded to visit a malicious site using
the proxy. This could lead to a denial of service if using a threaded
Multi-Processing Module. (CVE-2007-3847)
A flaw was found in the mod_autoindex module. On sites where directory
listings are used, and the AddDefaultCharset directive has been removed
from the configuration, a cross-site-scripting attack may be possible
against browsers which do not correctly derive the response character set
following the rules in RFC 2616. (CVE-2007-4465)
Tilghman Lesher discovered that the logging engine of Asterisk, a free
software PBX and telephony toolkit, performs insufficient sanitizing of
call-related data, which may lead to SQL injection.
A vulnerability in Cacti 0.8.6i and earlier versions allows remote
authenticated users to cause a denial of service (CPU consumption) via
large values of the graph_start, graph_end, graph_height, or graph_width
parameters.
Cairo has an integer overflow vulnerability in the PNG image processing
code. If a user processes a specially crafted PNG image with an
application that is linked against cairo, arbitrary code can be executed
with the user's privileges.
Multiple buffer overflows in Konst CenterICQ 4.9.11 through 4.21 allow
remote attackers to execute arbitrary code via unspecified vectors. NOTE:
the provenance of this information is unknown; the details are obtained
solely from third party information. NOTE: this might overlap
CVE-2007-0160.
A NULL pointer dereference has been discovered in the RAR VM of Clam
Antivirus (ClamAV) which allows user-assisted remote attackers to
cause a denial of service via a specially crafted RAR archives.
Several remote vulnerabilities have been discovered in the Clam anti-virus
toolkit. The Common Vulnerabilities and Exposures project identifies the
following problems:
CVE-2007-4510:
It was discovered that the RTF and RFC2397 parsers can be tricked
into dereferencing a NULL pointer, resulting in denial of service.
CVE-2007-4560:
It was discovered clamav-milter performs insufficient input
sanitizing, resulting in the execution of arbitrary shell commands.
Richard Harms discovered that cpio did not sufficiently validate file
properties when creating archives. Files with e. g. a very large size
caused a buffer overflow. By tricking a user or an automatic backup
system into putting a specially crafted file into a cpio archive, a
local attacker could probably exploit this to execute arbitrary code
with the privileges of the target user (which is likely root in an
automatic backup system).
The Vixie cron daemon does not check the return code from setuid(); if that call can be made to fail, a local attacker may be able to execute commands as root.
Will Drewry of the Google Security Team discovered several buffer overflows
in cscope, a source browsing tool, which might lead to the execution of
arbitrary code.
A buffer overflow in Cscope 15.5, and possibly multiple overflows, allows
remote attackers to execute arbitrary code via a C file with a long
#include line that is later browsed by the target.
Previous versions of the cups package could be forced to hang via a client
"partially negotiating" an ssl connection. In this state, cups would not
allow other connections to be made, a denial of service.
Thomas de Grenier de Latour discovered that the checkrestart program included
in debian-goodies did not correctly handle shell meta-characters. A local
attacker could exploit this to gain the privileges of the user running
checkrestart.
The internationalization (i18n) framework in Django 0.91, 0.95, 0.95.1, and 0.96, and as used in other products such as PyLucid, when the USE_I18N option and the i18n component are enabled, allows remote attackers to cause a denial of service (memory consumption) via many HTTP requests with large Accept-Language headers.
From the rPath advisory: "Previous versions of the dovecot package are vulnerable to a
minor privilege escalation attack in which an authenticated
user may exploit an ACL plugin weakness to save message flags
without having proper permissions."
Directory traversal vulnerability in index/mbox/mbox-storage.c in Dovecot
before 1.0.rc29, when using the zlib plugin, allows remote attackers to
read arbitrary gzipped (.gz) mailboxes (mbox files) via a .. (dot dot)
sequence in the mailbox name.
A stack-based buffer overflow in mod/server.mod/servrmsg.c in Eggdrop
1.6.18, and possibly earlier, allows user-assisted, malicious remote IRC
servers to execute arbitrary code via a long private message.
Arnaud Giersch discovered that elinks incorrectly attempted to load
gettext catalogs from a relative path. If a user were tricked into
running elinks from a specific directory, a local attacker could execute
code with user privileges.
The elinks text-mode browser has an arbitrary file access vulnerability
in the Elinks SMB protocol handler. If a user can be tricked into
visiting a specially crafted web page, arbitrary files may be read or
written with the user's permissions.
From the original Debian problem report: "In Debian's version of GNU Emacs 22.1+1-2, the `hack-local-variables'
function does not behave correctly when `enable-local-variables' is
set to :safe. The documentation of `enable-local-variables' states
that the value :safe means to set only safe variables, as determined
by `safe-local-variable-p' and `risky-local-variable-p' (and the data
driving them), but Emacs ignores this and instead sets all the local
variables." When this setting (which is not the default) is in effect, opening a hostile file could lead to the execution of arbitrary commands.
A format string error in the "write_html()" function in calendar/gui/
e-cal-component-memo-preview.c when displaying a memo's categories can
potentially be exploited to execute arbitrary code via a specially crafted
shared memo containing format specifiers.
The APOP protocol allows remote attackers to guess the first 3 characters
of a password via man-in-the-middle (MITM) attacks that use crafted message
IDs and MD5 collisions. NOTE: this design-level issue potentially affects
all products that use APOP, including (1) Thunderbird, (2) Evolution, (3)
mutt, and (4) fetchmail.
fetchmail before 6.3.9 allows context-dependent attackers to cause a denial of service (NULL dereference and application crash) by refusing certain warning messages that are sent over SMTP.
The Firebird DBMS has a buffer overflow vulnerability involving
the processing of connect requests with an overly large p_cnct_count
value. Remote attackers can send a specially crafted
request to the server in order to potentially execute arbitrary code with
the permissions of the Firebird user.
A flaw was discovered in handling of "about:blank" windows used by
addons. A malicious web site could exploit this to modify the contents,
or steal confidential data (such as passwords), of other web pages.
(CVE-2007-3844)
Jesper Johansson discovered that spaces and double-quotes were
not correctly handled when launching external programs. In rare
configurations, after tricking a user into opening a malicious web page,
an attacker could execute helpers with arbitrary arguments with the
user's privileges. (CVE-2007-3845)
A cross-site scripting flaw was found in the way Firefox handled the
jar: URI scheme. It was possible for a malicious website to leverage this
flaw and conduct a cross-site scripting attack against a user running
Firefox. (CVE-2007-5947)
Several flaws were found in the way Firefox processed certain malformed web
content. A webpage containing malicious content could cause Firefox to
crash, or potentially execute arbitrary code as the user running Firefox.
(CVE-2007-5959)
A race condition existed when Firefox set the "window.location" property
for a webpage. This flaw could allow a webpage to set an arbitrary Referer
header, which may lead to a Cross-site Request Forgery (CSRF) attack
against websites that rely only on the Referer header for protection.
(CVE-2007-5960)
shutdown and moz_bug_r_a4 reported two separate ways to modify an
XPCNativeWrapper such that subsequent access by the browser would result in
executing user-supplied code. (CVE-2007-3738)
Michal Zalewski reported that it was possible to bypass the same-origin
checks and read from cached (wyciwyg) documents It is possible to access
wyciwyg:// documents without proper same domain policy checks through the
use of HTTP 302 redirects. This enables the attacker to steal sensitive
data displayed on dynamically generated pages; perform cache poisoning; and
execute own code or display own content with URL bar and SSL certificate
data of the attacked page (URL spoofing++). (CVE-2007-3656)
Internet Explorer calls registered URL protocols without escaping quotes
and may be used to pass unexpected and potentially dangerous data to the
application that registers that URL Protocol. (CVE-2007-3670)
Ronald van den Heetkamp reported that a filename URL containing %00
(encoded null) can cause Firefox to interpret the file extension
differently than the underlying Windows operating system potentially
leading to unsafe actions such as running a program. This is only
accessible locally. (CVE-2007-3285)
An attacker can use an element outside of a document to call an event
handler allowing content to run arbitrary code with chrome
privileges. (CVE-2007-3737)
Ronen Zilberman and Michal Zalewski both reported that it was possible to
exploit a timing issue to inject content into about:blank frames in a
page. When opening a window from a script, it is possible to spoof the
content of the newly opened window's frames within a short time frame,
while the window is loading. (CVE-2007-3089)
Mozilla contributor moz_bug_r_a4 demonstrated that the methods
addEventListener and setTimeout could be used to inject script into another
site in violation of the browser's same-origin policy. This could be used
to access or modify private or valuable information from that other
site. (CVE-2007-3736)
As part of the Firefox 2.0.0.5 update releases Mozilla developers fixed
many bugs to improve the stability of the product. Some of these crashes
that showed evidence of memory corruption under certain circumstances and
we presume that with enough effort at least some of these could be
exploited to run arbitrary code. Note: Thunderbird shares the browser
engine with Firefox and could be vulnerable if JavaScript were to be
enabled in mail. This is not the default setting and we strongly discourage
users from running JavaScript in mail. Without further investigation we
cannot rule out the possibility that for some of these an attacker might be
able to prepare memory for exploitation through some means other than
JavaScript, such as large images. (CVE-2007-3734, CVE-2007-3735)
A security flaw was found in the way flac processed audio data. An
attacker could create a carefully crafted FLAC audio file in such a way that
it could cause an application linked with flac libraries to crash or execute
arbitrary code when it was opened. (CVE-2007-4619)
The Freetype font rendering library versions 2.3.4 and below
has an integer sign error. Remote attackers may be able to
create a specially crafted TrueType Font file with a negative
n_points value that will cause an integer overflow and heap-based
buffer overflow, allowing the execution of arbitrary code.
The FreeType library has several integer overflow vulnerabilities.
If a user can be tricked into installing a specially
crafted font file, arbitrary code can be executed with the privilege
of the user.
The fastjar utility found in the GNU compiler collection does not perform adequate file path checking, allowing the creation or overwriting of files outside of the current directory tree.
The gd graphics library contains a buffer overflow which could enable a remote attacker to execute arbitrary code. Note that various other packages include code from gd and could also be vulnerable.
Integer overflow in gdImageCreateTrueColor function in the GD Graphics
Library (libgd) before 2.0.35 allows user-assisted remote attackers
to have unspecified remote attack vectors and impact. (CVE-2007-3472)
The gdImageCreateXbm function in the GD Graphics Library (libgd)
before 2.0.35 allows user-assisted remote attackers to cause a denial
of service (crash) via unspecified vectors involving a gdImageCreate
failure. (CVE-2007-3473)
Multiple unspecified vulnerabilities in the GIF reader in the
GD Graphics Library (libgd) before 2.0.35 allow user-assisted
remote attackers to have unspecified attack vectors and
impact. (CVE-2007-3474)
The GD Graphics Library (libgd) before 2.0.35 allows user-assisted
remote attackers to cause a denial of service (crash) via a GIF image
that has no global color map. (CVE-2007-3475)
Array index error in gd_gif_in.c in the GD Graphics Library (libgd)
before 2.0.35 allows user-assisted remote attackers to cause
a denial of service (crash and heap corruption) via large color
index values in crafted image data, which results in a segmentation
fault. (CVE-2007-3476)
The (a) imagearc and (b) imagefilledarc functions in GD Graphics
Library (libgd) before 2.0.35 allows attackers to cause a denial
of service (CPU consumption) via a large (1) start or (2) end angle
degree value. (CVE-2007-3477)
Race condition in gdImageStringFTEx (gdft_draw_bitmap) in gdft.c in the
GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote
attackers to cause a denial of service (crash) via unspecified vectors,
possibly involving truetype font (TTF) support. (CVE-2007-3478)
Libgd2 has a denial of service vulnerability involving the incorrect
validation of PNG callback results. If an application that is linked
against libgd2 is used to process a specially-crafted PNG file,
a denial of service involving CPU resource consumption can be
caused.
A format string vulnerability has been discovered in gedit. Calling
the program with specially crafted file names caused a buffer
overflow, which could be exploited to execute arbitrary code with the
privileges of the gedit user.
Kalle Olavi Niemitalo discovered two boundary errors in fsplib code
included in gFTP when processing overly long directory or file names. A
remote attacker could trigger these vulnerabilities by enticing a user to
download a file with a specially crafted directory or file name, possibly
resulting in the execution of arbitrary code (CVE-2007-3962) or a Denial of
Service (CVE-2007-3961).
The gimp image editor has several vulnerabilities, including
a problem where it can open PSD files with excessive dimensions
and a possible stack overflow in the Sunras loader.
Jens Askengren discovered that gnome-screensaver became confused when
running under Compiz, and could lose keyboard lock focus. A local
attacker could exploit this to bypass the user's locked screen saver.
Tavis Ormandy of the Google Security Team discovered two denial of service
flaws in the way gzip expanded archive files. If a victim expanded a
specially crafted archive, it could cause the gzip executable to hang or
crash.
Tavis Ormandy of the Google Security Team discovered several code execution
flaws in the way gzip expanded archive files. If a victim expanded a
specially crafted archive, it could cause the gzip executable to crash or
execute arbitrary code.
Kronolith contains a mistake in lib/FBView.php where a raw, unfiltered
string is used instead of a sanitized string to view local files. An
authenticated attacker could craft an HTTP GET request that uses directory
traversal techniques to execute any file on the web server as PHP code,
which could allow information disclosure or arbitrary code execution with
the rights of the user running the PHP application (usually the webserver
user).
Kees Cook discovered a flaw in the way the hplip hpssd daemon handled user
input. A local attacker could send a specially crafted request to the hpssd
daemon, possibly allowing them to run arbitrary commands as the root user.
The htsearch component in htdig 3.2.0b6 is vulnerable to a cross-site scripting
attack.
Attackers can inject web scripts and HTML code using the sort parameter.
The ImageMagick image decoders have multiple vulnerabilities.
If a user can be tricked into processing a specially crafted
DCM, DIB, XBM, XCF, or XWD image, arbitrary code may be executed with
the user's privileges.
Multiple integer overflows in ImageMagick before 6.3.3-5 allow remote
attackers to execute arbitrary code via (1) a crafted DCM image, which
results in a heap-based overflow in the ReadDCMImage function, or (2) the
(a) colors or (b) comments field in a crafted XWD image, which results in a
heap-based overflow in the ReadXWDImage function, different issues than
CVE-2007-1667.
A vulnerability has been reported in inotify-tools, which can potentially be
exploited by malicious users to compromise an application using the library.
Successful exploitation may allow the execution of arbitrary code with
privileges of the application using the affected library.
NOTE: The programs shipped with inotify-tools are reportedly not affected.
The vulnerability is reported in versions prior to 3.11.
The jpc_qcx_getcompparms function in jpc/jpc_cs.c could allow remote
user-assisted attackers to cause a denial of service (crash) and possibly
corrupt the heap via malformed image files.
java has multiple vulnerabilities, these include:
an RSA exponent padding attack vulnerability, two vulnerabilities
which allow untrusted applets to access data in other applets,
vulnerabilities that involve applets gaining privileges due to
serialization bugs in the JRE and buffer overflows in the java image
handling routines that can give attackers read/write/execute capabilities
for local files.
The Javadoc tool was able to generate HTML documentation pages that
contained cross-site scripting (XSS) vulnerabilities. A remote attacker
could use this to inject arbitrary web script or HTML. (CVE-2007-3503)
The Java Web Start URL parsing component contained a buffer overflow
vulnerability within the parsing code for JNLP files. A remote attacker
could create a malicious JNLP file that could trigger this flaw and execute
arbitrary code when opened. (CVE-2007-3655)
The JSSE component did not correctly process SSL/TLS handshake requests. A
remote attacker who is able to connect to a JSSE-based service could
trigger this flaw leading to a denial-of-service. (CVE-2007-3698)
A flaw was found in the applet class loader. An untrusted applet could use
this flaw to circumvent network access restrictions, possibly connecting to
services hosted on the machine that executed the applet. (CVE-2007-3922)
Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier,
JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier,
and SDK and JRE 1.3.1_20 and earlier, when applet caching is enabled,
allows remote attackers to violate the security model for an applet's
outbound connections via a DNS rebinding attack. (CVE-2007-5232)
Java Web Start in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0
Update 12 and earlier, and SDK and JRE 1.4.2_15 and earlier does not
properly enforce access restrictions for untrusted applications, which
allows user-assisted remote attackers to obtain sensitive information (the
Java Web Start cache location) via an untrusted application, aka "three
vulnerabilities." (CVE-2007-5238)
Java Web Start in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0
Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE
1.3.1_20 and earlier does not properly enforce access restrictions for
untrusted (1) applications and (2) applets, which allows user-assisted
remote attackers to copy or rename arbitrary files when local users perform
drag-and-drop operations from the untrusted application or applet window
onto certain types of desktop applications. (CVE-2007-5239)
Visual truncation vulnerability in the Java Runtime Environment in Sun JDK
and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK
and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier allows
remote attackers to circumvent display of the untrusted-code warning banner
by creating a window larger than the workstation screen. (CVE-2007-5240)
Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier,
JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier,
and SDK and JRE 1.3.1_20 and earlier, when an HTTP proxy server is used,
allows remote attackers to violate the security model for an applet's
outbound connections via a multi-pin DNS rebinding attack in which the
applet download relies on DNS resolution on the proxy server, but the
applet's socket operations rely on DNS resolution on the local machine, a
different issue than CVE-2007-5274. NOTE: this is similar to
CVE-2007-5232. (CVE-2007-5273)
Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier,
JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier,
and SDK and JRE 1.3.1_20 and earlier, when Firefox or Opera is used, allows
remote attackers to violate the security model for JavaScript outbound
connections via a multi-pin DNS rebinding attack dependent on the
LiveConnect API, in which JavaScript download relies on DNS resolution by
the browser, but JavaScript socket operations rely on separate DNS
resolution by a Java Virtual Machine (JVM), a different issue than
CVE-2007-5273. NOTE: this is similar to CVE-2007-5232. (CVE-2007-5274)
An integer overflow vulnerability exists in the embedded ICC profile
image parser (CVE-2007-2788), an unspecified vulnerability exists in
the font parsing implementation (CVE-2007-4381), and an error exists
when processing XSLT stylesheets contained in XSLT Transforms in XML
signatures (CVE-2007-3716), among other vulnerabilities.
Kate / Kwrite, as shipped with KDE 3.2.x up to including 3.4.0, creates a file backup before saving a modified file. These backup files are created with default permissions, even if the original file had more strict permissions set. See this advisory for more information.
The IA32 system call emulation functionality in Linux kernel 2.4.x and
2.6.x before 2.6.22.7, when running on the x86_64 architecture, does not
zero extend the eax register after the 32bit entry path to ptrace is used,
which might allow local users to gain privileges by triggering an
out-of-bounds access to the system call table using the %RAX register.
The snd_mem_proc_read function in sound/core/memalloc.c in the Advanced
Linux Sound Architecture (ALSA) in the Linux kernel before 2.6.22.8 does
not return the correct write size, which allows local users to obtain
sensitive information (kernel memory contents) via a small count argument,
as demonstrated by multiple reads of /proc/driver/snd-page-alloc.
Sridhar Samudrala discovered a local denial of service vulnerability
in the handling of SCTP sockets. By opening such a socket with a
special SO_LINGER value, a local attacker could exploit this to crash
the kernel. (CVE-2006-4535)
Kirill Korotaev discovered that the ELF loader on the ia64 and sparc
platforms did not sufficiently verify the memory layout. By attempting
to execute a specially crafted executable, a local user could exploit
this to crash the kernel. (CVE-2006-4538)
The netlink protocol has an infinite recursion bug that allows users to
cause a kernel crash. Also the IPv6 protocol allows remote attackers to
cause a denial of service via crafted IPv6 type 0 route headers
(IPV6_RTHDR_TYPE_0) that create network amplification between two routers.
The Minix filesystem code in Linux kernel 2.6.x up to 2.6.18, and possibly
other versions, allows local users to cause a denial of service (hang) via
a malformed minix file stream that triggers an infinite loop in the
minix_bmap function. NOTE: this issue might be due to an integer overflow
or signedness error.
Integer underflow in the ieee80211_rx function in
net/ieee80211/ieee80211_rx.c in the Linux kernel 2.6.x before 2.6.23 allows
remote attackers to cause a denial of service (crash) via a crafted SKB
length value in a runt IEEE 802.11 frame when the IEEE80211_STYPE_QOS_DATA
flag is set, aka an "off-by-two error."
Ilja van Sprundel discovered that Bluetooth setsockopt calls could leak
kernel memory contents via an uninitialized stack buffer. A local attacker
could exploit this flaw to view sensitive kernel information.
(CVE-2007-1353)
The GEODE-AES driver did not correctly initialize its encryption key.
Any data encrypted using this type of device would be easily compromised.
(CVE-2007-2451)
The random number generator was hashing a subset of the available
entropy, leading to slightly less random numbers. Additionally, systems
without an entropy source would be seeded with the same inputs at boot
time, leading to a repeatable series of random numbers. (CVE-2007-2453)
The wait_task_stopped function in the Linux kernel before 2.6.23.8 checks a TASK_TRACED bit instead of an exit_state value, which allows local users to cause a denial of service (machine crash) via unspecified vectors.
The tcp_sacktag_write_queue function in net/ipv4/tcp_input.c in Linux kernel 2.6.21 through 2.6.23.7, and 2.6.24-rc through 2.6.24-rc2, allows remote attackers to cause a denial of service (crash) via crafted ACK responses that trigger a NULL pointer dereference.
Previous versions of the kernel package are subject to several
vulnerabilities. Certain malformed UDF filesystems can cause the system to
crash (denial of service). Malformed CDROM firmware or USB storage devices
(such as USB keys) could cause system crash (denial of service), and if
they were intentionally malformed, can cause arbitrary code to run with
elevated privileges. In addition, the SCTP protocol is subject to a remote
system crash (denial of service) attack.
A typo in Linux kernel 2.6 before 2.6.21-rc6 and 2.4 before 2.4.35 causes
RTA_MAX to be used as an array size instead of RTN_MAX, which leads to an
"out of bound access" by the (1) dn_fib_props (dn_fib.c, DECNet) and (2)
fib_props (fib_semantics.c, IPv4) functions. (CVE-2007-2172)
mm/mmap.c in the hugetlb kernel, when run on PowerPC systems, does not
prevent stack expansion from entering into reserved kernel page memory,
which allows local users to cause a denial of service (OOPS) via
unspecified vectors. (CVE-2007-3739)
The (1) aac_cfg_open and (2) aac_compat_ioctl functions in the SCSI layer
ioctl path in aacraid in the Linux kernel before 2.6.23-rc2 do not check
permissions for ioctls, which might allow local users to cause a denial of
service or gain privileges. (CVE-2007-4308)
Multiple buffer overflows in CIFS VFS in Linux kernel 2.6.23 and earlier
allows remote attackers to cause a denial of service (crash) and possibly
execute arbitrary code via long SMB responses that trigger the overflows in
the SendReceive function.
A security issue has been reported in Linux kernel due to an error in
drivers/isdn/i4l/isdn_ppp.c as the "isdn_ppp_ccp_reset_alloc_state()"
function never initializes an event timer before scheduling it with the
"add_timer()" function.
The mincore function in the kernel does not properly lock access to user
space, which has unspecified impact and attack vectors, possibly related to
a deadlock.
Another vulnerability has been reported in Linux kernel caused by a
boundary error within the handling of incoming CAPI messages in
net/bluetooth/cmtp/capi.c. This can be exploited to overwrite certain
Kernel data structures.
The drm/i915 component in the Linux kernel before 2.6.22.2, when used with
i965G and later chipsets, allows local users with access to an X11 session
and Direct Rendering Manager (DRM) to write to arbitrary memory locations
and gain privileges via a crafted batchbuffer. (CVE-2007-3851)
Linux kernel 2.4.35 and other versions allows local users to send arbitrary
signals to a child process that is running at higher privileges by causing
a setuid-root parent process to die, which delivers an attacker-controlled
parent process death signal (PR_SET_PDEATHSIG). (CVE-2007-3848)
Stack-based buffer overflow in the random number generator (RNG)
implementation in the Linux kernel before 2.6.22 might allow local root
users to cause a denial of service or gain privileges by setting the
default wakeup threshold to a value greater than the output pool size,
which triggers writing random numbers to the stack by the pool transfer
function involving "bound check ordering". NOTE: this issue might only
cross privilege boundaries in environments that have granular assignment of
privileges for root. (CVE-2007-3105)
The sysfs_readdir function in the Linux kernel 2.6 allows local users to
cause a denial of service (kernel OOPS) by dereferencing a null pointer to
an inode in a dentry. (CVE-2007-3104)
The CIFS filesystem, when Unix extension support is enabled, did not honor
the umask of a process, which allowed local users to gain
privileges.(CVE-2007-3740)
The Linux kernel checked the wrong global variable for the CIFS sec mount
option, which might allow remote attackers to spoof CIFS network traffic
that the client configured for security signatures, as demonstrated by lack
of signing despite sec=ntlmv2i in a SetupAndX request. (CVE-2007-3843)
Buffer overflow in the isdn_net_setcfg function in isdn_net.c in the Linux
kernel allowed local users to have an unknown impact via a crafted argument
to the isdn_ioctl function. (CVE-2007-6063)
David Coffey discovered an uninitialized pointer free flaw in the
RPC library used by kadmind. A remote unauthenticated attacker who
could access kadmind could trigger the flaw causing kadmind to crash
or possibly execute arbitrary code (CVE-2007-2442).
David Coffey also discovered an overflow flaw in the same RPC library.
A remote unauthenticated attacker who could access kadmind could
trigger the flaw causing kadmind to crash or possibly execute arbitrary
code (CVE-2007-2443).
Finally, a stack buffer overflow vulnerability was found in kadmind
that allowed an unauthenticated user able to access kadmind the
ability to trigger the vulnerability and possibly execute arbitrary
code (CVE-2007-2798).
The kdamind daemon can, in some situations, perform operations on uninitialized pointers. This bug could conceivably open up the system to a code execution attack by an unauthenticated remote attacker, but it appears to be difficult to exploit. See this advisory for details.
Some kerberos applications fail to check the results of setuid() calls, with the result that, if that call fails, they could continue to execute as root after thinking they had switched to a nonprivileged user. A local attacker who can cause these calls to fail (through resource exhaustion, presumably) could exploit this bug to gain root privileges.
Tenable Network Security discovered a stack buffer overflow flaw in the RPC
library used by kadmind. A remote unauthenticated attacker who can access
kadmind could trigger this flaw and cause kadmind to crash.
Garrett Wollman discovered an uninitialized pointer flaw in kadmind. A
remote unauthenticated attacker who can access kadmind could trigger this
flaw and cause kadmind to crash.
A flaw was found in the username handling of the MIT krb5 telnet daemon
(telnetd). A remote attacker who can access the telnet port of a target
machine could log in as root without requiring a password. MIT krb5 Security Advisory 2007-001
Buffer overflows were found which affect the Kerberos KDC and the kadmin
server daemon. A remote attacker who can access the KDC could exploit this
bug to run arbitrary code with the privileges of the KDC or kadmin server
processes. MIT krb5 Security Advisory
2007-002
Stefan Cornelius from Secunia Research discovered that the
"parseIrcUrl()" function in file src/kvirc/kernel/kvi_ircurl.cpp does
not properly sanitize parts of the URI when building the command for
KVIrc's internal script system.
Stack-based buffer overflow in Little CMS (lmcs) before 1.15 allows remote
attackers to execute arbitrary code or cause a denial of service
(application crash) via a crafted ICC profile in a JPG file.
mirror --script in lftp before 3.5.9 does not properly quote shell
metacharacters, which might allow remote user-assisted attackers to execute
shell commands via a malicious script. NOTE: it is not clear whether this
issue crosses security boundaries, since the script already supports
commands such as "get" which could overwrite executable files.
libarchive, a library for manipulating different streaming archive
formats, has a number of pax extension header vulnerabilities.
These may be used to cause a denial of service or for the execution
of arbitrary code.
Integer overflow in the exif_data_load_data_entry function in exif-data.c
in libexif before 0.6.14 allows user-assisted remote attackers to cause a
denial of service (crash) or possibly execute arbitrary code via crafted
EXIF data, involving the (1) doff or (2) s variable.
Luigi Auriemma has reported various boundary errors in load_it.cpp and
a boundary error in the "CSoundFile::ReadSample()" function in
sndfile.cpp. A remote attacker can entice a user to read crafted modules
or ITP files, which may trigger a buffer overflow resulting in the
execution of arbitrary code with the privileges of the user running the
application.
Certain chunk handlers in libpng before 1.0.29 and 1.2.x before 1.2.21
allow remote attackers to cause a denial of service (crash) via crafted (1)
pCAL (png_handle_pCAL), (2) sCAL (png_handle_sCAL), (3) tEXt
(png_push_read_tEXt), (4) iTXt (png_handle_iTXt), and (5) ztXT
(png_handle_ztXt) chunking in PNG images, which trigger out-of-bounds read
operations. (CVE-2007-5269)
pngrtran.c in libpng before 1.0.29 and 1.2.x before 1.2.21 use (1) logical
instead of bitwise operations and (2) incorrect comparisons, which might
allow remote attackers to cause a denial of service (crash) via a crafted
PNG image. (CVE-2007-5268)
Off-by-one error in ICC profile chunk handling in the png_set_iCCP function
in pngset.c in libpng before 1.2.22 beta1 allows remote attackers to cause
a denial of service (crash) via a crafted PNG image, due to an incorrect
fix for CVE-2007-5266. (CVE-2007-5267)
Off-by-one error in ICC profile chunk handling in the png_set_iCCP function
in pngset.c in libpng before 1.0.29 beta1 and 1.2.x before 1.2.21 beta1
allows remote attackers to cause a denial of service (crash) via a crafted
PNG image that prevents a name field from being NULL terminated.
(CVE-2007-5266)
In pngrutil.c, the function png_decompress_chunk() allocates
insufficient space for an error message, potentially overwriting stack
data, leading to a buffer overflow.
A heap based buffer overflow bug was found in the way libpng strips alpha
channels from a PNG image. An attacker could create a carefully crafted PNG
image file in such a way that it could cause an application linked with
libpng to crash or execute arbitrary code when the file is opened by a
victim.
Heap-based buffer overflow in libsndfile 1.0.17 and earlier might allow
remote attackers to execute arbitrary code via a FLAC file with crafted PCM
data containing a block with a size that exceeds the previous block size.
The t2p_write_pdf_string function in libtiff 3.8.2 and earlier is vulnerable
to a buffer overflow. Attackers can use a TIFF file with UTF-8 characters
in the DocumentName tag to overflow a buffer, causing a denial of service,
and possibly the execution of arbitrary code.
libvorbis has a number of vulnerabilities that can be triggered by
opening a specially crafted Ogg file. Vulnerabilities include
crashing and the execution of arbitrary code.
Yuuichi Teranishi discovered a flaw in libxml2 versions prior to 2.6.6.
When fetching a remote resource via FTP or HTTP, libxml2 uses special
parsing routines. These routines can overflow a buffer if passed a very
long URL. If an attacker is able to find an application using libxml2 that
parses remote resources and allows them to influence the URL, then this
flaw could be used to execute arbitrary code.
libxml2 prior to version 2.6.14 has multiple buffer overflow
vulnerabilities, if a local user passes a specially crafted
FTP URL, arbitrary code may be executed.
The lighttpd web server has multiple vulnerabilities involving
a remote access-control setting circumvention that is performed
by the sending of malformed requests. This can be used to crash
the server and cause a denial of service.
Stack-based buffer overflow in the separate_word function in tokenize.c in
Link Grammar 4.1b and possibly other versions, as used in AbiWord Link
Grammar 4.2.4, allows remote attackers to execute arbitrary code via a long
word, as reachable through the separate_sentence function.
Neel Mehta and Ryan Smith discovered that the VMWare Player DHCP server
did not correctly handle certain packet structures. Remote attackers
could send specially crafted packets and gain root privileges.
(CVE-2007-0061, CVE-2007-0062, CVE-2007-0063)
Rafal Wojtczvk discovered multiple memory corruption issues in VMWare
Player. Attackers with administrative privileges in a guest operating
system could cause a denial of service or possibly execute arbitrary
code on the host operating system. (CVE-2007-4496, CVE-2007-4497)
Tatsuya Kinoshita discovered that Lookup, a search interface to electronic
dictionaries on emacsen, creates a temporary file in an insecure fashion
when the ndeb-binary feature is used, which allows a local attacker to
craft a symlink attack to overwrite arbitrary files.
An arbitrary command execute bug was found in the lynx "lynxcgi:" URI
handler. An attacker could create a web page redirecting to a malicious URL
which could execute arbitrary code as the user running lynx.
The MadWifi driver for Atheros Wireless Lan cards
does not process beacon frames correctly. This can be
used by a remote attacker to cause a denial of service.
CVE-2007-4542: Multiple cross-site scripting (XSS) vulnerabilities in MapServer before 4.10.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving the (1) processLine function in maptemplate.c and the (2) writeError function in mapserv.c in the mapserv CGI program.
CVE-2007-4629: Buffer overflow in the processLine function in maptemplate.c in MapServer before 4.10.3 allows attackers to cause a denial of service and possibly execute arbitrary code via a mapfile with a long layer name, group name, or metadata entry name.
From the Red Hat advisory: "Versions of mod_jk before 1.2.23 decoded request URLs by default inside
Apache httpd and forwarded the encoded URL to Tomcat, which itself did a
second decoding. If Tomcat was used behind mod_jk and configured to only
proxy some contexts, an attacker could construct a carefully crafted HTTP
request to work around the context restriction and potentially access
non-proxied content."
A flaw was discovered in MoinMoin's error reporting when using the
AttachFile action. By tricking a user into viewing a crafted MoinMoin
URL, an attacker could execute arbitrary JavaScript as the current
MoinMoin user, possibly exposing the user's authentication information
for the domain where MoinMoin was hosted.
A cross-site scripting (XSS) vulnerability in index.php in Moodle 1.7.1
allows remote attackers to inject arbitrary web script or HTML via a style
expression in the search parameter.
MPlayer versions up to 1.0rc1 have a buffer overflow in the
loader/dmo/DMO_VideoDecoder.c DMO_VideoDecoder_Open function.
user-assisted remote attackers can use this to create a buffer overflow
and possibly execute arbitrary code.
The convert_search_mode_to_innobase function in ha_innodb.cc in the InnoDB engine in MySQL 5.1.23-BK and earlier allows remote authenticated users to cause a denial of service (database crash) via a certain CONTAINS operation on an indexed column, which triggers an assertion error.
MySQL subselect queries using "ORDER BY" can be used by an attacker with
access to a MySQL instance in order to create an intermittent denial
of service.
Jean-David Maillefer discovered a format string bug in the
date_format() function's error reporting. By calling the function with
invalid arguments, an authenticated user could exploit this to crash
the server.
MySQL 4.1 before 4.1.21 and 5.0 before 5.0.24 allows a local user to access
a table through a previously created MERGE table, even after the user's
privileges are revoked for the original table, which might violate intended
security policy (CVE-2006-4031).
MySQL 4.1 before 4.1.21, 5.0 before 5.0.25, and 5.1 before 5.1.12, when run
on case-sensitive filesystems, allows remote authenticated users to create
or access a database when the database name differs only in case from a
database for which they have permissions (CVE-2006-4226).
MySQL 5.0.18 and earlier allows local users to bypass logging mechanisms
via SQL queries that contain the NULL character, which are not properly
handled by the mysql_real_query function. NOTE: this issue was originally
reported for the mysql_query function, but the vendor states that since
mysql_query expects a null character, this is not an issue for mysql_query.
The in_decimal::set function in item_cmpfunc.cc in MySQL before 5.0.40, and
5.1 before 5.1.18-beta, allows context-dependent attackers to cause a
denial of service (crash) via a crafted IF clause that results in a
divide-by-zero error and a NULL pointer dereference. (CVE-2007-2583)
MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 does not
require the DROP privilege for RENAME TABLE statements, which allows remote
authenticated users to rename arbitrary tables. (CVE-2007-2691)
The mysql_change_db function in MySQL 5.0.x before 5.0.40 and 5.1.x before
5.1.18 does not restore THD::db_access privileges when returning from SQL
SECURITY INVOKER stored routines, which allows remote authenticated users
to gain privileges. (CVE-2007-2692)
MySQL Community Server before 5.0.45 allows remote authenticated users to
gain update privileges for a table in another database via a view that
refers to this external table. (CVE-2007-3782)
Buffer overflow in the redir function in check_http.c in Nagios Plugins
before 1.4.10 allows remote web servers to execute arbitrary code via long
Location header responses (redirects).
Buffer overflow in the check_snmp function in Nagios Plugins (nagios-plugins) 1.4.10 allows remote attackers to cause a denial of service (crash) via crafted snmpget replies.
Kurt Fitzner discovered that the NBD (network block device) server did not
correctly verify the maximum size of request packets. By sending specially
crafted large request packets, a remote attacker who is allowed to access
the server could exploit this to execute arbitrary code with root
privileges.
A flaw was discovered in the way net-snmp handled certain requests. A
remote attacker who can connect to the snmpd UDP port (161 by default)
could send a malicious packet causing snmpd to crash, resulting in a
denial of service.
Nginx [engine x] is an HTTP(S) server, HTTP(S) reverse proxy and IMAP/POP3
proxy server written by Igor Sysoev. The "msie_refresh" directive could
allow cross site scripting.
Josh Burley reported that nss_ldap does not properly handle the LDAP
connections due to a race condition that can be triggered by
multi-threaded applications using nss_ldap, which might lead to
requested data being returned to a wrong process.
From the Red Hat advisory: A flaw was discovered in the way opal handled certain Session Initiation
Protocol (SIP) packets. An attacker could use this flaw to crash an
application, such as Ekiga, which is linked with opal. (CVE-2007-4924)
The OpenLDAP Lightweight Directory Access Protocol suite has a problem
with handling of malformed objectClasses LDAP attributes by the slapd
daemon. Both local and remote attackers can use this to crash slapd,
causing a denial of service.
slapo-pcache (overlays/pcache.c) in slapd in OpenLDAP before 2.3.39, when
running as a proxy-caching server, allocates memory using a malloc variant
instead of calloc, which prevents an array from being initialized properly
and might allow attackers to cause a denial of service (segmentation fault)
via unknown vectors that prevent the array from being null terminated.
A heap overflow vulnerability has been discovered in the TIFF parsing
code of the OpenOffice.org suite. The parser uses untrusted values
from the TIFF file to calculate the number of bytes of memory to
allocate. A specially crafted TIFF image could trigger an integer
overflow and subsequently a buffer overflow that could cause the
execution of arbitrary code.
A security vulnerability in HSQLDB, the default database engine shipped with OpenOffice.org 2 (all versions), may allow attackers to execute arbitrary static Java code, by manipulating database documents to be opened by a user.
Unknown vulnerability in the HSQLDB component in JBoss 3.2.1 and 3.0.8 on Java 1.4.x platforms, when running in the default configuration, allows remote attackers to conduct unauthorized activities and possibly execute arbitrary code via certain SQL statements to (1) TCP port 1701 in JBoss 3.2.1, and (2) port 1476 in JBoss 3.0.8.
Openssh 4.4 fixes some
security issues, including a pre-authentication denial of service, an
unsafe signal hander and on portable OpenSSH a GSSAPI authentication abort
could be used to determine the validity of usernames on some platforms.
Off-by-one error in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8f
and 0.9.7 allows remote attackers to execute arbitrary code via unspecified
vectors.
From the Debian advisory: An off-by-one error has been identified in the SSL_get_shared_ciphers()
routine in the libssl library from OpenSSL, an implementation of Secure
Socket Layer cryptographic libraries and utilities. This error could
allow an attacker to crash an application making use of OpenSSL's libssl
library, or potentially execute arbitrary code in the security context
of the user running such an application.
The Opera browser has multiple vulnerabilities.
The JavaScript engine is vulnerable to a virtual function call on an invalid pointer that can be triggered by specially crafted JavaScript.
A freed pointer in the BitTorrent support may be
accessed, this can be used for malicious code execution.
The browser is vulnerable to several memory read protection
errors. There are URI display errors that can be used to trick
users into visiting arbitrary web sites.
PCRE has flaws in the way it handles malformed regular
expressions.
If an application linked against PCRE, such as Konqueror,
encounters a maliciously created regular expression, it may be possible
to run arbitrary code. Vulnerabilities CVE-2005-4872 and CVE-2006-7227
have been combined into CVE-2006-7224.
Multiple flaws were found in the way pcre handles certain malformed regular
expressions. If an application linked against pcre, such as Konqueror,
parses a malicious regular expression, it may be possible to run arbitrary
code as the user running the application. (CVE-2007-1659, CVE-2007-1660)
Specially crafted regular expressions could lead to buffer overflows in the pcre library. Applications using pcre to process regular expressions from untrusted sources could therefore potentially be exploited by attackers to execute arbitrary code as the user running the application.
Perl-Compatible Regular Expression (PCRE) library before 7.3 reads past the
end of the string when searching for unmatched brackets and parentheses,
which allows context-dependent attackers to cause a denial of service
(crash), possibly involving forward references. (CVE-2007-1662)
Heap-based buffer overflow in Perl-Compatible Regular Expression (PCRE)
library before 7.3 allows context-dependent attackers to execute arbitrary
code via a singleton Unicode sequence in a character class in a regex
pattern, which is incorrectly optimized. (CVE-2007-4768)
A flaw was found in Perl's regular expression engine. Specially crafted
input to a regular expression can cause Perl to improperly allocate memory,
possibly resulting in arbitrary code running with the permissions of the
user running Perl. (CVE-2007-5116)
The file_exists and imap_reopen functions in PHP before 5.1.5 do not check
for the safe_mode and open_basedir settings, which allows local users to
bypass the settings (CVE-2006-4481).
A buffer overflow in the LWZReadByte function in ext/gd/libgd/gd_gif_in.c
in the GD extension in PHP before 5.1.5 allows remote attackers to have an
unknown impact via a GIF file with input_code_size greater than
MAX_LWZ_BITS, which triggers an overflow when initializing the table array
(CVE-2006-4484).
The stripos function in PHP before 5.1.5 has unknown impact and attack
vectors related to an out-of-bounds read (CVE-2006-4485).
Various integer overflow flaws were found in the PHP gd extension. A
script that could be forced to resize images from an untrusted source could
possibly allow a remote attacker to execute arbitrary code as the apache
user. (CVE-2007-3996)
A previous security update introduced a bug into PHP session cookie
handling. This could allow an attacker to stop a victim from viewing a
vulnerable web site if the victim has first visited a malicious web page
under the control of the attacker, and that page can set a cookie for the
vulnerable web site. (CVE-2007-4670)
A flaw was found in the PHP money_format function. If a remote attacker
was able to pass arbitrary data to the money_format function this could
possibly result in an information leak or denial of service. Note that is
is unusual for a PHP script to pass user-supplied data to the money_format
function. (CVE-2007-4658)
A flaw was found in the PHP wordwrap function. If a remote attacker was
able to pass arbitrary data to the wordwrap function this could possibly
result in a denial of service. (CVE-2007-3998)
A bug was found in PHP session cookie handling. This could allow an
attacker to create a cross-site cookie insertion attack if a victim follows
an untrusted carefully-crafted URL. (CVE-2007-3799)
A flaw was found in handling of dynamic changes to global variables. A
script which used certain functions which change global variables could
be forced to enable the register_globals configuration option, possibly
resulting in global variable injection. (CVE-2007-4659)
An integer overflow flaw was found in the PHP chunk_split function. If a
remote attacker was able to pass arbitrary data to the third argument of
chunk_split they could possibly execute arbitrary code as the apache user.
Note that it is unusual for a PHP script to use the chunk_split function
with a user-supplied third argument. (CVE-2007-4661)
The Hardened-PHP Project discovered buffer overflows in
htmlentities/htmlspecialchars internal routines to the PHP Project. Of
course the whole purpose of these functions is to be filled with user
input. (The overflow can only be when UTF-8 is used)
Multiple integer overflows in PHP 4 before 4.4.8, and PHP 5 before 5.2.4,
allow remote attackers to obtain sensitive information (memory contents) or
cause a denial of service (thread crash) via a large len value to the (1)
strspn or (2) strcspn function, which triggers an out-of-bounds read. NOTE:
this affects different product versions than CVE-2007-3996.
(CVE-2007-4657)
Unspecified vulnerability in the chunk_split function in PHP before 5.2.4
has unknown impact and attack vectors, related to an incorrect size
calculation. (CVE-2007-4660)
Buffer overflow in the php_openssl_make_REQ function in PHP before 5.2.4
has unknown impact and attack vectors. (CVE-2007-4662)
The php5 package contains multiple vulnerabilities, the most serious of which involve several Denial of Service attacks (application crashes and temporary application hangs). It is not currently known that these vulnerabilities can be exploited to execute malicious code.
It was discovered that phpbb2, a web based bulletin board, insufficiently
sanitizes values passed to the "Font Color 3" setting, which might lead to
the execution of injected code by admin users.
The phpbb2 web forum has a number of vulnerabilities including:
a web script injection problem, a protection mechanism bypass, a
security check bypass, a remote global variable bypass, cross site
scripting vulnerabilities, an SQL injection vulnerability,
a remote regular expression modification problem, missing input
sanitizing, and a missing request validation problem.
Several remote vulnerabilities have been discovered in phpMyAdmin, a
program to administrate MySQL over the web. The Common Vulnerabilities
and Exposures project identifies the following problems:
CVE-2007-1325:
The PMA_ArrayWalkRecursive function in libraries/common.lib.php
does not limit recursion on arrays provided by users, which allows
context-dependent attackers to cause a denial of service (web
server crash) via an array with many dimensions.
CVE-2007-1395:
Incomplete blacklist vulnerability in index.php allows remote
attackers to conduct cross-site scripting (XSS) attacks by
injecting arbitrary JavaScript or HTML in a (1) db or (2) table
parameter value followed by an uppercase </SCRIPT> end tag,
which bypasses the protection against lowercase </script>.
CVE-2007-2245:
Multiple cross-site scripting (XSS) vulnerabilities allow remote
attackers to inject arbitrary web script or HTML via (1) the
fieldkey parameter to browse_foreigners.php or (2) certain input
to the PMA_sanitize function.
CVE-2006-6942:
Multiple cross-site scripting (XSS) vulnerabilities allow remote
attackers to inject arbitrary HTML or web script via (1) a comment
for a table name, as exploited through (a) db_operations.php,
(2) the db parameter to (b) db_create.php, (3) the newname parameter
to db_operations.php, the (4) query_history_latest,
(5) query_history_latest_db, and (6) querydisplay_tab parameters to
(c) querywindow.php, and (7) the pos parameter to (d) sql.php.
CVE-2006-6944:
phpMyAdmin allows remote attackers to bypass Allow/Deny access rules
that use IP addresses via false headers.
Cross-site scripting (XSS) vulnerability in scripts/setup.php in phpMyAdmin
2.11.1, when accessed by a browser that does not URL-encode requests,
allows remote attackers to inject arbitrary web script or HTML via the
query string.
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before
2.11.1.2 allow remote attackers to inject arbitrary web script or HTML via
certain input available in (1) PHP_SELF in (a) server_status.php, and (b)
grab_globals.lib.php, (c) display_change_password.lib.php, and (d)
common.lib.php in libraries/; and certain input available in PHP_SELF and
(2) PATH_INFO in libraries/common.inc.php. NOTE: there might also be other
vectors related to (3) REQUEST_URI.
phpMyAdmin prior to version 2.11.2.1 has an SQL injection vulnerability
in db_create.php. Remote authenticated users with CREATE DATABASE privileges can use this to execute arbitrary SQL commands via the db parameter.
db_create.php also has a related cross-site scripting vulnerability.
Remote authenticated users can inject arbitrary web scripts or HTML
using a hex-encoded IMG element in the db parameter in a POST request.
The PEAR MDB2 in versions prior to 2.5.0a1 can interpret a request to
store a URL string as a request to retrieve and store the contents of the URL. This can allow remote attackers to obtain information by inserting
a URL in a form field in an MDB2 application.
A cross-site scripting (XSS) vulnerability in sqledit.php in phpPgAdmin
4.1.1 allows remote attackers to inject arbitrary web script or HTML via
the server parameter.
Unspecified vulnerability in pioneers (formerly gnocatan) 0.11.3 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors that trigger an assert error. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2007-5933.
The xpdf and poppler PDF libraries contain several vulnerabilities which can lead to arbitrary command execution via hostile PDF files. Numerous other applications which use these libraries (PDF viewers, CUPS, etc.) will be affected by the vulnerabilities as well.
PostgreSQL 8.1 and probably later and earlier versions, when local trust
authentication is enabled and the Database Link library (dblink) is
installed, allows remote attackers to access arbitrary accounts and execute
arbitrary SQL queries via a dblink host parameter that proxies the
connection from 127.0.0.1. (CVE-2007-3278)
PostgreSQL 8.1 and probably later and earlier versions, when the PL/pgSQL
(plpgsql) language has been created, grants certain plpgsql privileges to
the PUBLIC domain, which allows remote attackers to create and execute
functions, as demonstrated by functions that perform local brute-force
password guessing attacks, which may evade intrusion
detection. (CVE-2007-3279)
The Database Link library (dblink) in PostgreSQL 8.1 implements functions
via CREATE statements that map to arbitrary libraries based on the C
programming language, which allows remote authenticated superusers to map
and execute a function from any library, as demonstrated by using the
system function in libc.so.6 to gain shell access. (CVE-2007-3280)
From the Red Hat advisory: A memory management flaw was discovered in PWLib. An attacker could use this
flaw to crash an application, such as Ekiga, which is linked with pwlib
(CVE-2007-4897).
Multiple integer overflows in the imageop module in Python 2.5.1 and
earlier allow context-dependent attackers to cause a denial of service
(application crash) and possibly obtain sensitive information (memory
contents) via crafted arguments to (1) the tovideo method, and unspecified
other vectors related to (2) imageop.c, (3) rbgimgmodule.c, and other
files, which trigger heap-based buffer overflows.
Format string bugs were found in several Qt warning messages.
Applications using Qt for processing certain data types could
trigger them if the data caused Qt to print warnings. The bugs
potentially allow to execute arbitrary code via specially crafted
files (CVE-2007-3388).
A buffer overflow was found in how Qt expanded malformed Unicode strings.
If an application linked against Qt parsed a malicious Unicode string, it
could lead to a denial of service or potentially allow for the execution of
arbitrary code.
The bgpd daemon in Quagga prior to 0.99.9 allowed remote BGP peers to cause
a denial of service crash via a malformed OPEN message or COMMUNITY
attribute.
rsync before 3.0.0pre6, when running a writable rsync daemon that is not using chroot, allows remote attackers to access restricted files via unknown vectors that cause rsync to create a symlink that points outside of the module's hierarchy.
The connect method in lib/net/http.rb in the (1) Net::HTTP and (2) Net::HTTPS libraries in Ruby 1.8.5 and 1.8.6 does not verify that the commonName (CN) field in a server certificate matches the domain name in an HTTPS request, which makes it easier for remote attackers to intercept SSL transmissions via a man-in-the-middle attack or spoofed web site.
The Samba user authentication is vulnerable to a heap-based buffer overflow.
Remote unauthenticated users can use this to crash the Samba server
and cause a denial of service.
Samba's mechanism for creating NetBIOS replies is vulnerable to a
buffer overflow. Samba servers that are configured to run as a
WINS server can be crashed by a remote unauthenticated user,
execution of arbitrary code may also be possible.
Tim Brown discovered these multiple issues: the translation module does
not properly sanitize the value to the "dir" parameter (CVE-2007-5491,
CVE-2007-5694); the translation module also does not sanitize the
values of the "edit" and "value" parameters which it passes to eval()
and include() (CVE-2007-5492, CVE-2007-5693); the log-in command does
not validate the URL to redirect users to after logging in
(CVE-2007-5695); SiteBar also contains several cross-site scripting
vulnerabilities (CVE-2007-5692).
Subversion 1.4.3 and earlier does not properly implement the "partial
access" privilege for users who have access to changed paths but not copied
paths, which allows remote authenticated users to obtain sensitive
information (revision properties) via svn (1) propget, (2) proplist, or (3)
propedit.
An unspecified vulnerability involving an "incorrect use of system
classes" was reported by the Fujitsu security team. Additionally, Chris
Evans from the Google Security Team reported an integer overflow
resulting in a buffer overflow in the ICC parser used with JPG or BMP
files, and an incorrect open() call to /dev/tty when processing certain
BMP files.
T1lib, an enhanced rasterizer for X11 Type 1 fonts, does
not properly perform bounds checking. An attacker can send
specially crafted input to applications linked against the library in
order to create a buffer overflow, resulting in a denial of service
or the execution of arbitrary code.
The tar utility has a symlink path traversal vulnerability involving
extracted archives. Maliciously created tar archives can be used to
write arbitrary data to files that the tar user has write access to.
A buffer overflow in the open_sty function in mkind.c for makeindex 2.14 in
teTeX might allow user-assisted remote attackers to overwrite files and
possibly execute arbitrary code via a long filename. NOTE: other overflows
exist but might not be exploitable, such as a heap-based overflow in the
check_idx function.
Joachim Schrod discovered several buffer overflow vulnerabilities and
an insecure temporary file creation in the "dvilj" application that is
used by dvips to convert DVI files to printer formats (CVE-2007-5937,
CVE-2007-5936). Bastien Roucaries reported that the "dvips" application
is vulnerable to two stack-based buffer overflows when processing DVI
documents with long \href{} URIs (CVE-2007-5935). teTeX also includes
code from Xpdf that is vulnerable to a memory corruption and two
heap-based buffer overflows (GLSA 200711-22); and it contains code from
T1Lib that is vulnerable to a buffer overflow when processing an overly
long font filename (GLSA 200710-12).
The Tk toolkit's GIF-reading code contains a buffer overflow which could be exploited via a malicious image file. Fixes may be found in versions 8.4.12 and 8.3.5.
It was discovered that Tk could be made to overrun a buffer when loading
certain images. If a user were tricked into opening a specially crafted GIF
image, remote attackers could cause a denial of service or execute
arbitrary code with user privileges.
Jan Oravec reported that the "/usr/bin/tomboy" script sets the
"LD_LIBRARY_PATH" environment variable incorrectly, which might result
in the current working directory (.) to be included when searching for
dynamically linked libraries of the Mono Runtime application.
Note that the tomboy vulnerability was added in 2007.
Some JSPs within the 'examples' web application did not escape user
provided data. If the JSP examples were accessible, this flaw could allow a
remote attacker to perform cross-site scripting attacks (CVE-2007-2449).
Note: it is recommended the 'examples' web application not be installed on
a production system.
The Manager and Host Manager web applications did not escape user provided
data. If a user is logged in to the Manager or Host Manager web
application, an attacker could perform a cross-site scripting attack
(CVE-2007-2450).
Tomcat was found treating single quote characters -- ' -- as delimiters in
cookies. This could allow remote attackers to obtain sensitive information,
such as session IDs, for session hijacking attacks (CVE-2007-3382).
It was reported Tomcat did not properly handle the following character
sequence in a cookie: \" (a backslash followed by a double-quote). It was
possible remote attackers could use this failure to obtain sensitive
information, such as session IDs, for session hijacking attacks
(CVE-2007-3385).
A cross-site scripting (XSS) vulnerability existed in the Host Manager
Servlet. This allowed remote attackers to inject arbitrary HTML and web
script via crafted requests (CVE-2007-3386).
Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.
mount and umount in util-linux call the setuid and setgid functions in the
wrong order and do not check the return values, which might allow attackers
to gain privileges via helpers such as mount.nfs.
Directory traversal vulnerability in the WML engine preprocessor for
Wesnoth before 1.2.8 allows remote attackers to read arbitrary files via
".." sequences in unknown vectors.
The wireshark network traffic analyzer has three vulnerabilities
that can be used to create a denial of service. These include
off-by-one overflows in the iSeries dissector, vulnerabilities in
the MMS and SSL dissectors that can cause an infinite loop and
an off-by-one overflow in the DHCP/BOOTP dissector.
Several remote vulnerabilities have been discovered in the Wireshark
network traffic analyzer, which may lead to denial of service or the
execution of arbitrary code.
xorg-x11 has a number of integer and heap overflow vulnerabilities in
the xfs font server. A local attacker may be able to use these for
the execution of arbitrary code with elevated privileges.
iDefense reported an integer overflow flaw in the XFree86 XC-MISC
extension. A malicious authorized client could exploit this issue to cause
a denial of service (crash) or potentially execute arbitrary code with root
privileges on the XFree86 server. (CVE-2007-1003)
iDefense reported two integer overflows in the way X.org handled various
font files. A malicious local user could exploit these issues to
potentially execute arbitrary code with the privileges of the X.org server.
(CVE-2007-1351, CVE-2007-1352)
An integer overflow flaw was found in the XFree86 XGetPixel() function.
Improper use of this function could cause an application calling it to
function improperly, possibly leading to a crash or arbitrary code
execution. (CVE-2007-1667)
Moritz Jodeit discovered that the DirectShow loader of Xine did not
correctly validate the size of an allocated buffer. By tricking a user
into opening a specially crafted media file, an attacker could execute
arbitrary code with the user's privileges.
xine-lib does an improper input data boundary check on
MPEG streams. A specially crafted MPEG file can be
created that can cause arbitrary code execution when the
file is accessed.
xmms suffers from vulnerabilities in its handling of BMP images. Should a hostile image be included in an xmms skin, it could lead to code execution on the user's system.
The X.Org X11 xfs font server has a temp file vulnerability in the
startup script. A local user can modify the permissions of the script
in order to elevate their local privileges.
CVE-2007-1095:
Michal Zalewski discovered that the unload event handler had access to
the address of the next page to be loaded, which could allow information
disclosure or spoofing.
CVE-2007-2292:
Stefano Di Paola discovered that insufficient validation of user names
used in Digest authentication on a web site allows HTTP response splitting
attacks.
CVE-2007-3511:
It was discovered that insecure focus handling of the file upload
control can lead to information disclosure. This is a variant of
CVE-2006-2894.
CVE-2007-5334:
Eli Friedman discovered that web pages written in Xul markup can hide the
titlebar of windows, which can lead to spoofing attacks.
CVE-2007-5337:
Georgi Guninski discovered the insecure handling of smb:// and sftp:// URI
schemes may lead to information disclosure. This vulnerability is only
exploitable if Gnome-VFS support is present on the system.
CVE-2007-5338:
"moz_bug_r_a4" discovered that the protection scheme offered by XPCNativeWrappers
could be bypassed, which might allow privilege escalation.
CVE-2007-5339:
L. David Baron, Boris Zbarsky, Georgi Guninski, Paul Nickerson, Olli Pettay,
Jesse Ruderman, Vladimir Sukhoy, Daniel Veditz, and Martijn Wargers discovered
crashes in the layout engine, which might allow the execution of arbitrary code.
CVE-2007-5340:
Igor Bukanov, Eli Friedman, and Jesse Ruderman discovered crashes in the
Javascript engine, which might allow the execution of arbitrary code.
It was discovered that Plone, a web content management system, allows
remote attackers to execute arbitrary code via specially crafted web
browser cookies.
The current 2.6 prepatch is 2.6.24-rc5, released by Linus on
December 10. He says:
Things _have_ slowed down, although
I'd obviously be lying if I said we've got all the regressions handled and
under control. They are being worked on, and the list is shrinking, but at
a guess, we're definitely not going to have a final 2.6.24 out before xmas
unless santa puts some more elves to work on those regressions.
The list of fixes is still fairly long; there is also a significant
FireWire stack update. The short-form changelog is included in Linus's
announcement; see the
long-format changelog for all the details.
A handful of patches have found their way into the mainline git repository
since the -rc5 release.
while i dont want to jump to conclusions without looking at some
profiles, i think the SLUB performance regression is indicative of the
following fallacy: "SLAB can be done significantly simpler while keeping
the same performance".
I couldnt point to any particular aspect of SLAB that i could
characterise as "needless bloat".
I suppose if the NSA had 20,000 2Ghz processors in the basement
cranking for 10 years, then 50% of the time *after* they did a black
bag job to crack the random pool state, they could get the last 80
bits generated from /dev/random, but it just seems that if you are
assuming the power to grab the pool plus add_ptr, there would be much
more useful things you could --- like for example having the black bag
job trojaning the software to grab the private key directly.
Syslets are a proposed mechanism which would allow any system call to be
invoked in an asynchronous manner; this technique promises a more
comprehensive and simpler asynchronous I/O mechanism and much more - once
all of the pesky little details can be worked out. A while back, Zach
Brown let it be known that he had taken over the ongoing development of the
syslets patch set; things have been relatively quiet since then. But Zach
has just returned with a new
syslets patch which shows where this idea is going.
This version of the patch removes much of the functionality seen in
previous postings. The ability to load simple programs into the kernel
for asynchronous execution is now gone, as is the "threadlet" mechanism for
asynchronous execution of user-space functions. Instead, syslets have gone
back to their roots: a mechanism for running a single system call without
blocking.
As had been foreshadowed in other discussions, syslets now use the indirect() system call
mechanism. An application wanting to perform an asynchronous system call
fills in a syslet_args structure describing how the asynchronous
execution is to be handled; the application then calls indirect() to make it
happen. If the system call can run without blocking, indirect()
simply returns with the final status. If blocking is required, the kernel
will (as with previous versions of this patch) return to user space in a
separate process while the original process waits for things to complete.
Upon completion, the final status is stored in user-space memory and the
application is notified in an interesting way.
Here, kernel_head is the index of the next completion ring entry
to be filled in by the kernel, and user_tail is the next entry to
be consumed by the application. If the two are equal, the ring is empty.
The elements field says how many entries can be stored in the
ring; it must be a power of two. The kernel uses wait_group as a
way of locating a wait queue internally when the application waits on
syslet completion; your editor suspects that this part of the API may not
survive into the final version.
Finally, the completion status values themselves live in the array of
syslet_completion structures, which look like this:
When a syslet completes, the final return code is stored in
status, while the caller_data field is set with the value
provided in the field by the same name in the syslet_args
structure when the syslet was first started.
There is one field of syslet_args which has not been discussed
yet: frame. The definition of this structure is
architecture-dependent; for the x86 architecture it is:
struct syslet_frame {
u64 ip;
u64 sp;
};
These values are used when the syslet completes. After the kernel stores
the completion status in the ring buffer, it will call the function whose
address is stored in ip, using the stack pointer found in
sp. This call serves as a sort of instant, asynchronous
notification to the application that the syslet is done. It's worth noting
that this call is performed in the original process - the one in which the
syslet was executed - rather than in the new process used to return to user
space when the syslet blocked. This function also has nothing to return
to, so, after doing its job, it should simply exit.
So, to review, here is how a user-space application will use syslets to
call a system call asynchronously:
The completion ring is established and initialized in user space.
A stack is allocated for the notification function, and the
syslet_args structure is filled in with the relevant
information.
A call is made to indirect() to get the syslet going.
If the system call of interest is able to complete without blocking,
the return value is passed directly back to user space from
indirect() and the call is complete.
Otherwise, once the system call blocks, execution switches to a new
process which returns to user space. An ESYSLETPENDING
error is returned in this case.
Once the system call completes, the kernel stores the return value in
the completion ring and calls the notification function in the
original process.
Should the application wish to stop and wait for any outstanding syslets to
complete, it can make use of a new system call:
int syslet_ring_wait(struct syslet_ring *ring, unsigned long user_idx);
Here, ring is the pointer to the completion ring, and
user_idx is the value of the user_tail index as seen by
the process. Providing the tail as an argument to
syslet_ring_wait() prevents problems with race conditions which
might come about if a
syslet completes after the application has decided to wait. This call will
return once there is at least one completion in the ring.
The real purpose of this set of patches is to try to nail down the
user-space API for syslets; it is clear that there is still some work to be
done. For
example, there is no way, currently, for an application to use
indirect() to simultaneously launch a syslet and (as was the
original purpose for indirect()) provide additional arguments to
the target system call. In fact, the means for determining which of the
two is being done looks dangerously brittle. As Zach has already noted,
the calling convention needs
to be changed to make the syslet functionality and the addition of
arguments orthogonal.
There are a number of other questions which need to be answered - Zach has
supplied a few of them with the patch. Interaction with ptrace()
is unclear, resource management issues abound, and so on. Zach is clearly
looking for feedback on these issues:
I'm particularly interested in hearing from people who are trying
to use syslets in their applications. This will involve awkward
wrappers instead of glibc calls for now, and your machine may
explode, but hopefully the chance to influence the design of
syslets would make it worth the effort.
So, the message is clear: anybody who is interested in how this interface
will look would be well advised to pay attention to it now.
The avoidance of writeout deadlocks is a topic which occasionally pops up
on the mailing lists. Most Linux systems are able to handle the writeout
of dirty pages to disk without a great deal of trouble. Every now and
then, however, the system can get itself into a state where it is is out of
memory and it must write some pages to disk before any more memory can be
allocated. If the act of writing those pages, itself, requires memory
allocations, the system can deadlock. Systems with complicated block I/O
setups - those using the device mapper, network-based storage, user-space
filesystems, etc. - are
the most susceptible to this problem.
There has been a steady stream of patches aimed at solving this problem;
the write throttling patch
discussed here last August is one of them. The problem is inherently hard
to solve, though; it looks like it may be with us for a long time. Or
maybe not, if Daniel Phillips's new and rather aggressively promoted writeout throttling patch lives
up to its hype.
Daniel's patch is quite simple at its core. His approach for eliminating
writeout-related deadlocks comes down to this:
Establish a memory reserve from which (only) code performing writeout
can allocate pages. In fact, this reserve already exists, in that
some memory is reserved for the use of processes marked with the
PF_MEMALLOC flag.
Place an upper limit on the amount of memory which can be used for writeout
to each device at any given time.
The patch does not try to directly track the amount of memory which will be
used by each writeout request; instead, it tasks block-level drivers with
accounting for the number of "units" which will be used. To that end, it
adds an atomic_t variable (called available) and a
function pointer (metric()) to each
request queue. When an outgoing request finds its way to
__generic_make_request(), it is passed to metric() to get
an estimate of the amount of resource which will be required to handle that
request. If the estimated resource requirement exceeds the value of
available, the process will simply block until a request completes
and available is incremented to a sufficiently high level.
The metric() function is to be supplied by the highest-level block
driver responsible for the request queue. If that block driver is, itself,
responsible for getting the data to the physical media, estimating the
resource requirements will be relatively easy. The deadlock problems,
however, tend to come up when I/O requests have to go through multiple
layers of drivers; imagine a RAID array built on top of network-based
storage devices, for example. In that case the top level will have to get
resource requirement estimates from the lower levels, a problem which has
not been addressed in this patch set.
Andrew Morton suggested an alternative
approach wherein the actual memory use by each block device would be
tracked. A few hooks into the page allocation code would give a reasonable
estimate of how much memory is dedicated to outstanding I/O requests at any
given time; these
hooks could also be used to make a guess at how much memory each new
request can be expected to need. Then, the block layer could use that
guess and the current usage to ensure that the device does not exceed its
maximum allowable memory usage. Daniel eventually rejected this approach, saying that looking at
current memory use is risky. It may well be that a given device is
committed to serving I/O requests which will, before they are done, require
quite a bit more memory than has been allocated so far. In that case,
memory usage could eventually exceed the cap in a big way. It's better,
says Daniel, to do a conservative accounting at the beginning.
The patch does not address the memory reserve issue at all; instead, it
relies on the current PF_MEMALLOC mechanism. It was necessary,
says Daniel, to give the PF_MEMALLOC "privilege" to some system
processes which assist in the writeout process, but nothing more than that
was needed. He also claims that, for best results, much of the current
code aimed at preventing writeout deadlocks needs to be removed from the
kernel. He concludes:
Let me close with perhaps the most relevant remarks: the attached
code has been in heavy testing and in production for months now.
Thus there is nothing theoretical when I say it works, and the
patch speaks for itself in terms of obvious correctness. What I
hope to add to this in the not too distant future is the news that
we have removed hundreds of lines of existing kernel code,
maintaining stability and improving performance.
Since then, a couple of reviewers have pointed out problems in the code,
dimming its aura of obvious correctness slightly. But nobody has found
serious fault with the core idea. Determining its true effectiveness and
making it work for a larger selection of storage configurations will take
some time and effort. But, if the idea pans out, it could herald the end
of a perennial and unpleasant problem for the Linux kernel.
As the 2.6.24 release slowly gets closer, the desire to shrink the list of
known regressions grows. As can be seen from the current list (as of just before
2.6.24-rc5), there is still some work yet to be done. That list is long
enough that, as Linus pointed out in the -rc5 announcement, the traditional
holiday release may not happen this year.
One of those regressions is a failure of a certain model of DVD drive to
work with the 2.6.24-rc kernels; this drive works fine with 2.6.23. A look
at the
corresponding bugzilla entry shows that quite a bit of effort has been
expended (by both developers and testers) toward tracking this one down,
but, as of this writing, its exact cause remains unknown.
So there is not (again, as of this writing) a well-defined fix for the problem.
What is known is which patch broke the device. Tejun Heo describes it this way: "It's introduced
by setting ATAPI transfer chunk size to actual transfer size which is the
right thing to do generally." The current development code
(destined for 2.6.25) works just fine with this device, but that would be
far too big a patch to put into the 2.6.24 kernel at this stage in the
cycle. So Tejun (along with others) continues to look for a simpler fix.
He also has a backup plan:
If we fail to find out the solution in time, we always have the
alternative of backing out the ATAPI transfer chunk size update.
This will break some other cases which were fixed by the change but
those won't be regressions at least and we can add transfer chunk
size update with other changes to 2.6.25.
This plan drew an immediate complaint from
Alan Cox, who notes that backing out this fix will break quite a few
devices which had finally been made to work while fixing only one which is
known to have problems with the new
code. This change, he says, "...is nonsensical and not in the
general good". Alan would rather take the hit of breaking one
device for the benefit of making a larger number of others work properly
for the first time. If need be, the failing drive could be handled via a
special blacklist in 2.6.24.
"The one off regression" is likely the tip of an iceberg. If
something regresses for one person, for that one person who tested
and noticed and made a bug-report, there's probably a thousand
people who haven't even tested the development kernel, or who had
problems and just went back to the previous version.
In contrast, reverting something will be guaranteed to not have
those kinds of issues, since the only people who could notice are
people for who it never worked in the first place. There's no
"silent mass of people" that can be affected.
In recent years, as the complexity of the kernel (and concerns about its
quality) have grown, the development community has taken an increasingly
hard line against regressions. As Linus points out above, regressions cause
visible problems for people whose systems were once working; that is a
clear way to lose testers and (eventually) users. On the other hand,
something which has never worked, and which still does not work,
does not make life worse for Linux users. For this reason, the avoidance
of regressions has become one of the highest development priorities.
There is another, related reason: the aforementioned kernel quality
concerns. One can easily ask whether the quality of the kernel is
improving or not, but truly answering that question is not an easy thing to
do. A better kernel may, by attracting additional users, actually result
in more bug reports; similarly, a buggier kernel may drive testers away,
with the result that the number of reported bugs goes down. One cannot
simply look at the lists of known problems and come to a reasonably
defensible conclusion as to whether a given kernel is better than another
or not.
What one can do, however, is ensure that everything which works now
continues to work in future versions. If working things do not break,
then, on the assumption that other problems are occasionally being fixed,
it is reasonable to conclude that the kernel is getting better. If
regressions are allowed, instead, then one never really knows. Regressions
thus are the closest thing we have to an objective measurement of the
quality of a given kernel release, and fixing regressions is an unambiguous
way of improving that quality. So it's no wonder that the higher priority
placed on improving kernel quality has led to a stronger focus on
regressions.
Anybody who has watched Alan Cox's work knows that he cares deeply about
the quality of the kernel. But he thinks that the anti-regression policy
is being taken a little too far this time
around:
To blindly argue regressions are critical is sometimes (as in this
case) to argue that "this freeway is no longer compatible with a
horse and cart" means the freeway should be turned back into a dirt
road.
It may yet be that a proper fix for this problem will be found for 2.6.24,
at which point the larger change can go through. Failing that, though, it
appears that the horses and carts will win the day for now. Those needing
the full freeway will have to wait until the horse-compatible version
becomes available in 2.6.25.
(Update: it appears that
the problem has now been fixed.)
MIA means "Missing in Action". When a project is built by volunteers, as
is the case with most Linux distributions, sometimes packages with bugs
linger and are not fixed for long periods of time. The developer is MIA.
There are many reasons that a developer might have for not taking care of
their packages as promised. There will be times with the demands of work,
school, family, or whatever will take precedence over volunteer work. In
an ideal case the person will tell someone that they won't be around for a
while. They might even find someone else to take over for them while they
are gone. All too often though they don't do anything at all and thereby
become MIA.
Both Debian and Fedora have made proposals for dealing with MIA developers
this week so we wanted to take a closer look at how these projects are
dealing with this problem. Keep in mind that Fedora and Debian are
different projects, with different goals. Fedora is fast paced, with a
release every six months. They can't allow buggy packages to linger for
long. Debian's release cycle is long, but they have large number of
packages to maintain and a large number of developers to keep track of.
Debian's Bits from the MIA team goes beyond
a proposal and outlines what is now the current policy for dealing with MIA
maintainers. The MIA team met recently in Spain to flesh out the details.
The MIA team is a small group of people who are tasked with identifying and
attempting to contact maintainers who no longer seem to be active.
Team members have access to several MIA scripts which can be used to
identify unresponsive maintainers. "The most important tool is
"mia-query" where you can see the history from the person, which packages
he/she maintains and the last-activity." The process is lengthy,
allowing 15 days after each attempted contact before proceeding to the next
stage. After sixty days the maintainer's packages will be orphaned so that
some other maintainer might adopt them. Only after ninety days will the
person be subject to removal from the keyring, if they are Debian
Developers (DD) or Debian Maintainers (DM). For packages that are team
maintained the missing person will be removed from the
Uploaders/Maintainers-field after sixty days.
Fedora's proposal
is still the initial stages. The idea is to automate the process as much
as possible. "This proposal aims to create a framework for
automating the detection and processing of MIA maintainers. The framework
will touch upon bugzilla, pkgdb, koji, and various automated QA efforts. It
will tie into the (new) policy of automatically cleaning up orphans created
during a release at the start of the next development cycle."
A scheduled process will query bugzilla, looking for a certain class of
bugs. If the maintainer reaction time meets a certain criteria, the
maintainer will be marked as MIA.
How these bugs are identified in Bugzilla remains to be solved. Several
automated QA tasks identified so far include: broken dependencies tests,
rebuild tests, package/file conflict tests, and upgrade path violation
tests. "Most of these tasks will need to grow the ability to file
bugs for the issues discovered, with the logic to prevent multiple filings
for the same issue. As stated above, a keyword or a flag or something will
be added to the bug so that it can be easily identified at a later
time."
Many details remain in this proposal, such as the particular allotment of
times for responses, the method that will be used in bugzilla to mark a bug
for MIA detection, who will make use of that method, who will work on the
detection/processing tool, who will be notified of a maintainer going MIA,
whether all packages owned by the MIA maintainer get orphaned, and so on.
A truly automated system for identifying MIA maintainers will likely be of
interest to other projects, especially if it can be adapted to other
infrastructures.
Mandriva Directory Server 2.2.0 is available for download. New features and improvements
include DNS/DHCP management improvements, XML-RPC server session
management, and Brazilian Portuguese translation.
The first alpha release of openSUSE 11.0 is available for testing.
"The change between 10.3 and Alpha0 is pretty big, but it still works
pretty nicely. So please join the openSUSE 11.0 development in downloading,
testing and using Alpha0 or daily updated Factory distribution."
RastaSoft has released the dyne:II based dynebolic 2.5.2 DHORUBA.
"The system is stabilized for the final release of the dyne:II
series. This is a major bugfix for usb detection, encrypted
nesting, international keyboard input, firewire video capture and
playback. New software includes darkice/snow, oggfwd and dvgrab for
minimalistic commandline streaming receipts. Updated software include
Blender, Cinelerra and FreeJ. The image.dyne module is included by
default. The User's Manual has been completed with more
informations."
A report from the 7th Debian Developers' Conference, held last June in
Edinburgh, Scotland, has been posted as a 30-page PDF
file. "Over 400 people took part in this year's conference:
listening to the talks; discussing development issues; working closely with
their fellow developers. And, of course, enjoying themselves. This report
hopes to provide some insight into DebConf for those who were unable to
attend. It will cover the major parts of DebConf and provide a look at the
work of the organising team. It will also include the personal impressions
of some of the attendees." It's clear that quite a bit of time went
into the creation of this document.
Fifteen Debian developers gathered in Mérida (Spain) for a Quality
Assurance meeting, part of the series of meetings sponsored by the Junta de
Extremadura. Click below for a look at the meeting minutes.
Fedora Core 6 reached its end of life on Friday, December 7. Even so, new
samba packages that fix the recent samba vulnerability (CVE-2007-6015) have
been made available.
Adam Williamson presents
a tentative timeline for Mandriva 2008 Spring (2008.1). The current schedule
shows the first alpha release on December 13. The final release is
scheduled for April 2008.
Free Software Foundation Europe has announced that the Norwegian project
Skolelinux is the winner of the first Free Software Scandinavian Award
handed out at during the Free Software Conference Scandinavia 2007 in
Göteborg. "Skolelinux captures a big part of the free software
spirit; sharing and reusing. By focusing on schools, Skolelinux makes sure
students, tomorrow's computer users, and decision makers, can grow up in a
spirit of sharing, reusing and learning from family, friends and
neighbours."
The GNU-Darwin project has issued its 7th annual report, with a look at the
stories that have gone out this year. "We have had a surge in
pkg_add access to our package repository since that time, indicating that
GNU-Darwin is far from dead as of yet ;-}. The iPhone bricking story was
of particular moment."
Geubuntu is an Ubuntu-based
desktop distribution that uses parts of the GNOME desktop with the
eye-catching Enlightenment DR17 window manager. Geubuntu 7.10 Luna Nuova
was released December 6, 2007. From the project's home page: "That's
where Geubuntu comes in. Geubuntu completes the missing parts of the E17
Desktop Shell and WM with a certain number of tools and applications from
the Gnome Desktop. This is only natural, after all: it would be crazy to
believe that E17 should provide a full set of applications based on ETK
instead of GTK!"
The Fedora Weekly News for December 3, 2007 looks at FUDCon Raleigh 2008,
plus Planet Fedora articles "CentOS really does fill a gap", "Fedora 8
Re-Spin in the making", "FDSCo nominations underway", "Fedora update
metrics", "FAmSCo nominations/elections", and several other topics.
The openSUSE Weekly News is with a look at openSUSE 11.0 Alpha 0, updated
10.3+ Live CD available for Final Testing, KDE Four Live 0.8, KDE 4.0 RC2
Packages, and Koffice Alpha6 Packages, and more. Read it in English or German.
The Ubuntu Weekly Newsletter for December 8, 2007 covers Packaging Jams,
MPAA being forced to remove the University Toolkit, Kubuntu Tutorials Day,
an Ubuntu Forums interview, and much more.
The DistroWatch
Weekly for December 10, 2007 is out. "One of the indications of
Ubuntu's popularity is the number of derivatives based on Canonical's
operating system, available for every taste and purpose. Last week, two
such distributions were added to the DistroWatch database - Mythbuntu, a
project delivering MythTV in an easy-to-setup package, and Geubuntu, an
eye-catching distro featuring the latest Enlightenment window manager. Read
our exclusive review of the latter. Also in this edition: openSUSE
kickstarts the development of version 11.0 with the first alpha release, a
link to article discussing the importance of "libre" distributions,
information about a free online RHCE study guide, and some observations
about the new ASUS Eee PC."
This is a call for participation in the seventh annual Debian Miniconf
which will be part of the linux.conf.au (LCA) 2008 conference run by Linux
Australia in Melbourne, Australia in January.
Packt Publishing takes
a look at Fedora 8. "What I haven't mentioned till now is that
Fedora 8 itself is a fantastic release. Desktop users will enjoy its
desktop wallpaper that changes color depending on the time of the day, the
easy to use Firewall configuration tool and enhanced printer and network
management in addition to the Compiz 3D desktop. I love the improved
package management which makes adding software from the DVD and other
online repositories, not only possible but a walk in the park. Fedora 8
also finds a solution for its inability to support patented media formats
in the form of CodecBuddy."
GNU PDF is a recent, but
high priority project of the
Free Software Foundation.
The project aims to build libraries for dealing with the Adobe
Portable Document Format (PDF):
"The goal of the GNU PDF project is to develop and provide a free, high-quality, complete and portable set of libraries and programs to manage the PDF file format, and associated technologies."
GNU PDF is being released under version 3 of the GNU General Public
License.
Linux.com recently
talked to
GNU PDF project founder José Marchesi about his reasons for starting the
project:
"On the technical level, once Marchesi started investigating, he discovered a great deal of PDF functionality that is either missing or incomplete: "interactive features (forms, annotations), the management of embedded contents (sounds and movies), execution of JavaScript to perform forms validation, 3-D artwork, accessibility, Web capturing, [and] management of document collections."
Many users are unaware of these lacks, either because they never use such features or because, Marchesi says, "The PDF standard is quite careful when providing backward compatibility: When a PDF consumer application (such as a viewer) finds an unknown construct (such as 3-D artwork), it can (and should) ignore it. But in fact you may be missing information.""
GNU PDF appears to be a highly structured development effort.
The
Architecture
document explains the organization of the libgnupdf library.
The library is divided into four overlapping layers: the
base layer, the object layer, the document layer and the page layer.
The
Tasks Management
document explains the plan for carrying out the necessary work.
The project roadmap
gives an excellent graphical representation of the goals that are
planned for and those that have already been achieved.
Progress is happening along a diagonal front, some of the base tasks
are complete, while the higher layer tasks are still in early stages of
development.
The GNU PDF
Torture Chamber
document describes the testing methodology.
Finally, the
Sources
document explains the layout of the source code.
Other open-source projects could be well served by adopting this amount
of organization.
With such a well structured design process, the GNU PDF project
should have a good chance at achieving its goals in a timely fashion.
Those interested in working on the code should start with the
developer information
document, private and corporate
sponsors
are also needed for the project.
Version 5.0.51 of the MySQL DBMS has been announced.
"This is a bugfix release for the current production release
family. It replaces MySQL 5.0.45." A security fix is also included.
Version 0.35 update 01 of Ext2Fsd has been
announced.
"Ext2Fsd is an open source linux ext2/ext3 file system driver for Windows systems (NT/2K/XP/VISTA, X86/AMD64).
Modifications: remove the execute bits ('x' attribute in inode mode) for all newly created files".
Version 1.06 of netqmail has been announced.
"We have continued the philosophy of making minimal changes to qmail.
This release is to celebrate the release of qmail to the public
domain, and to give package distributors a base to start from.
We considered making this a qmail-1.04 release, but decided to leave
the qmail name under Dan Bernstein's control. We encourage other
people to do so as well. If you want to make a modified version of
qmail, please do so under a different name, as we have."
Version 5.0b4 of Mpd, a netgraph based PPP implementation,
has been
announced.
"Mpd supports thousands of Sync, Async, PPTP, L2TP, PPPoE, TCP and UDP links in client, server and access concentrator (LAC/PAC/TSA) modes. It is very fast and functional.
Next beta version released. It includes some new features, performance optimizations, tunings and fixes."
Version 4.0 of Ria has been
announced.
"Ria is the installer for a collection of available rpms to enable different restricted media formats in Fedora. It will make installing them easier while fixing the dependency problems by itself. Currently it supports XMMS, Mplayer, Xine, iPython."
Version 0.5 of Blogmaker has been
announced.
"Blogmaker is a full-featured, production-quality blogging application for Django. It supports trackbacks, ping and comments with moderation and honeypot spam prevention.
Blogmaker is released under a BSD license. You may "copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software" (to borrow a phrase from the more-or-less equivalent "MIT License").
Caveat: the current release (including these docs) is for people who are already familiar with Django or willing to poke around a bit."
Version 1.8.5 of the Midgard web content management system has been
announced.
"Midgard 1.8.5 "Refix" release includes minor bugfixes and enchancements."
Version 3.0.4 of the Plone web development platform has been released.
"I'm happy to announce a very early Christmas present: Plone 3.0.4. This
is the fourth maintenance release for Plone 3.0 and fixes several stability
problems."
Version 2.0 of the Ruby on Rails web platform has been
announced.
"Rails 2.0 is finally finished after about a year in the making. This is a fantastic release thats absolutely stuffed with great new features, loads of fixes, and an incredible amount of polish. Weve even taken a fair bit of cruft out to make the whole package more coherent and lean."
Version 0.3.0 of HOgg has been announced.
"The HOgg package provides a commandline tool for manipulating Ogg files,
and a corresponding Haskell library. HOgg is in hackage, or on the web at:
http://www.kfish.org/~conrad/software/hogg/
This is the second public release. The focus is on correctness of Ogg
parsing, production and editing. The capabilities of the hogg commandline
tool are roughly on par with those of the oggz* [0] tools."
Version 1.2beta3 of Speex, a speech CODEC, has been
announced.
"The most obvious change in this release is that all the non-codec components (preprocessor, echo cancellation, jitter buffer) have been moved to a new libspeexdsp library. Other changes include a new jitter buffer algorithm and resampler improvements/fixes. This is also the first release where libspeex can be built without any floating point support. To do this, the float compatibility API must be disabled (--disable-float-api or DISABLE_FLOAT_API) and the VBR feature must be disabled (--disable-vbr or DISABLE_VBR)."
Version 0.91.1 of
Matplotlib, a Python-based
2D plotting package, is out. New capabilities include:
enhanced mathtext, better configuration, writing to file-like objects,
record array support, a new pyplot module, maskedarray support
and a new plotfile command.
See the
What's New
document for more information.
Version 2.21.3 of the GNOME desktop environment has been announced.
"This is the third release of the GNOME 2.21.x series, heading towards
the stable GNOME 2.22.x release."
Version 2.21.3 of GARNOME, the bleeding edge GNOME distribution, has been
announced.
"This release includes all of GNOME 2.21.3 plus a
whole bunch of updates and fixes that were released after the GNOME
freeze date.
This is the third development release on our road towards GNOME 2.22.0,
which will be released in March 2008."
KDE 4.0-rc2 has been released; see the
announcement for details and screen shots. "With this second
release candidate, the KDE developers hope to collect comments and bug
reports from the wider KDE community. With their help, we hope to solve the
most pressing problems with the current KDE 4 codebase to ensure the final
4.0 release is stable, usable and fun to work with."
Version 20071204 of
LayoutEditor,
a program to design and edit layouts for MEMS/IC fabrication, has been
announced.
"A new release has been published. Beside some smaller bugfixes it comes with a new introducing tutorial."
Version 1.2.10 of LedgerSMB, a fork of the SQL-Ledger general ledger
software, has been released. This version includes a long list of bug
fixes and some new capabilities.
Version 0.7 of Bridge Calculator has been
announced.
"Bridge Calculator is freeware program written by Piotr Beling which solves problems in the Bridge card game."
Version 0.5.15 of Cyphesis a server for WorldForge games, has been
announced.
"Major changes in this version:
Players can now create their own roads.
The script API has been made much simpler.
It is now trivial to run multiple servers on one machine.
Memory usage has been reduced.
A huge number of bugs have been fixed."
Version 0.1 Alpha of Free Dimensions has been
announced. The software is:
"A Scriptable 3D Graphics modeler and renderer. By defining points and shapes in a 3-dimensional coordinate system, one can create a scene very quickly and easily a simple scripting language. The scene can then be animated and be added special effects."
Version 1.6.0 of Rosegarden has been announced.
"The Rosegarden team are giddy with probably short-lived delight
at the release of version 1.6.0 of Rosegarden, an audio and MIDI
sequencer and musical notation editor for Linux."
A number of new features have been added to this release.
A set of free (Creative Commons Attribution Sharealike license) training
materials for the Maemo platform (which runs on Nokia tablets) has been
released. They start with a "getting started" course, then get into some
fairly serious development-oriented topics including GTK+, application
packaging, DBus, and more. It looks like useful reading for anybody
wanting to develop for this platform.
A beta version of the Modest e-mail client is available for
handheld devices running the OS2008 platform.
"Some highlights:
- the basics: POP/IMAP/SMTP (normal/secure);
- IMAP folders support, and IMAP-IDLE ("push-email")
- easy setup of new accounts
- send and receive of rich text-emails
- managing mail with your fingers
- 100% open-source with a BSD-like license".
The December 6, 2007 edition of the Mozilla Links Newsletter
is online, take a look for the latest news about the Mozilla browser
and related projects.
Version 0.6 of HTMLi has been
announced.
"HTMLi (HTML improved) is the AJAX framework that focuses in: * Transparent use for HTML designers * Multi-platform: 100% XSL (runs with Java, ASP, PHP, etc) * CSS Themes * Multi-Language * XML Handling - AJAX forms Live demo at http://www.htmli.com.
new version includes "auto" behaviour in new elements, like datepicker, richtext, source."
Matthieu Riou
introduces Raven in an O'Reilly ONJava.com article.
"Build processes in Java haven't evolved much since the introduction of Ant or Maven. With the ability to use scripting languages like Groovy and JRuby on the JVM, the power of a full language can be brought to bear on the build process. This article discusses Raven, a build system for Java that uses JRuby."
A Perl
Parrot Progress Report for November, 2007 has been published.
"The last report was published in November as a "road map" for continued development of the Perl 6 on Parrot compiler (perl6). Since then we've basically been following the steps outlined on the road map and we are seeing significant progress on the compiler."
Version 3.0a2 of Python 3000 has been
announced.
"Python 3000 (a.k.a. "Py3k", and released as Python 3.0) is a new version of the language that is incompatible with the 2.x line of releases. The language is mostly the same, but many details, especially how built-in objects like dictionaries and strings work, have changed considerably, and a lot of deprecated features have finally been removed.
This is an ongoing project; the cleanup isn't expected to be complete until 2008. In particular there are plans to reorganize the standard library namespace."
Version 3.3.0 of Valgrind has been announced.
"Valgrind is an open-source suite of simulation based debugging and
profiling tools. With the tools that come with Valgrind, you can
automatically detect many memory management and threading bugs, which
avoids hours of frustrating bug-hunting, and makes your code more
stable. You can also perform detailed time and space profiling to
help speed up and slim down your programs.
3.3.0 primarily contains tool enhancements: a restored and improved
version of Helgrind, majorly revamped version of Massif, branch-mispredict
profiling for Cachegrind, and new experimental tools (Omega and DRD).
Also included is support for recent Linux distros, scalability improvements
for gigabyte-sized applications, and modestly improved documentation."
Version 0.14 of Stacked GIT has been announced, it adds new functionality
and some bug fixes.
"StGIT is a Python application providing similar functionality to Quilt
(i.e. pushing/popping patches to/from a stack) on top of GIT. These
operations are performed using GIT commands and the patches are stored
as GIT commit objects, allowing easy merging of the StGIT patches into
other repositories using standard GIT functionality."
Perl creator Larry Wall
discusses
the history of a number of programming languages on O'Reilly's Perl.com.
"I think, to most people, scripting is a lot like obscenity. I can't define it, but I'll know it when I see it. Here are some common memes floating around:
Simple language
"Everything is a string"
Rapid prototyping
Glue language
Process control
Compact/concise
Worse-is-better
Domain specific
"Batteries included"
...I don't see any real center here, at least in terms of technology. If I had to pick one metaphor, it'd be easy onramps. And a slow lane. Maybe even with some optional fast lanes."
There appears to be a lot happening in the area of tiny systems running
Linux. One of them is the Linutop, examined
by Digital Reviews: "Running a customised version of xubuntu
Linux, this little box could replace your desktop for most common tasks,
including what you're doing right now. And if this wasn't impressive
enough in a box slightly larger than a Nintendo DS, the Linutop does it all
drawing a maximum of 5 watts - That's less than an energy saver light
bulb!
Then, Tectonic has a
brief look at a different system: "Living in Africa we have
abundant sun, a power source we rarely consider when we buy yet another
gadget. Along comes the Aleutia E1, an ultra low power computer setup that
can be run from a roll up solar panel or car battery and runs Puppy
Linux."
eWeek
reports on the release of Likewise Open.
"Like it or lump it, Microsoft's Active Directory is a very popular network directory, and thus, management system. It's been possible to use AD for Linux, but it was never easy.
Now, Likewise Software, formerly Centeris, a leader in mixing and matching Windows and Linux network solutions, has announced the first open-source version of release of version 4.0 of its cross-platform authentication software: Likewise Open."
KDE.News covers
the first KDE Education Meeting.
"Last weekend the members of the KDE-Edu team met in Paris for a meeting about the Education project. The meeting took place at the Mandriva office, where the members got to know each other and started vivid discussions about their applications, life in general, as well as the future and vision of the Edu module."
Linux-Watch
covers the launch of
SourceForge.net Marketplace.
"SourceForge.net, with millions of monthly visitors, is already one of the world's largest Web sites for open-source development and distribution. What it didn't have, though, was any way for its uses to cash in on their open-source projects. On Dec. 6, that changed forever. Today, SourceForge launched an online marketplace for technology professionals to buy and sell service and support for open-source software."
eWeek reports that
Sun is releasing the specifications of the new UltraSPARC T2 processor.
"When Sun announced the release of the eight-core UltraSPARC T2 chip
in August 2007, company executives said it would move to bring the
specification to the open-source community through Sun's OpenSPARC
initiative. The goal of releasing Niagara 2 into the open-source community
through the General Public License is to create a larger community around
the chip and increase the number of operating systems and applications that
can use the processor, said Shrenik Mehta, senior director for Fronted
Technologies and the OpenSPARC Program at Sun."
LinuxWorld talks with
Don Hopkins, the developer who ported Micropolis (GPL-licensed SimCity)
to the OLPC XO system. "It's brilliant code to read and learn from,
which is why I'm so happy to get it released as GPL Open Source
code. People don't usually write programs as simple and efficient as
SimCity any more, but it's still important to write code for the OLPC as
small and fast as possible because of its limited memory and CPU power. The
OLPC is an amazingly powerful machine, compared to home computers at the
time SimCity was originally released."
LinuxDevices covers the completion
of the 1.0 Linux Phone Standards (LiPS) specification. LiPS is a forum
created in 2005 to create standard APIs for Linux-based cell phones. "In theory, standard APIs for Linux-based mobile phones, if
widely adopted, could enable operators to roll out services faster, while
enabling handset manufacturers to produce compatible new phones
faster. Other beneficiaries could be ISVs (independent software vendors),
mobile phone software stack providers, and of course, phone consumers, who
after buying a new phone could re-install purchased applications and
continue with existing services."
ars technica has a tutorial
on using a Bluetooth phone with Linux. "Once the pairing is
complete, it becomes possible to access files on the phone directly through
Nautilus, the GNOME file manager. You can open any Nautilus window and type
obex:// into the path bar to get a list of paired phones. Double-click the
phone you want to access, and you should see a regular directory
listing. You can now transfer files between your computer and your phone
simply by dragging and dropping files. With this method, I was able to
access the sounds, pictures, and videos stored on my phone."
O'Reilly's OnJava.com looks
at Raven, a build system for Java. "Raven is based on the Ruby
dynamic language and its most prominent build tool, Rake. Don't worry, you
don't have to know either to read this article or start using Raven, you
can learn little by little, starting simple. Rake itself is a little bit
like Ant, it lets you define tasks and the dependencies between them. Only
its syntax is much sweeter."
wxBlog
covers the porting of the wxWidgets GUI toolkit to the Asus Eee PC.
"There has been a lot of fuss about the Asus Eee PC in the last few months and Asus have clearly pressed the right consumer buttons with their cheap Linux subnotebook. No doubt there will be many more machines in this format in the future, representing a market of many millions, so its an attractive target for developers. Fortunately for wxWidgets programmers, its pretty straightforward to adapt wxGTK applications to the requirements of the Eee PC. This consists mainly of two tasks: fitting windows and dialogs onto the 800x480 screen, and distributing the application in a Xandros-friendly package (a .deb)."
LinuxDevices takes a look
at some developer board kits for PPC chips. "AMCC today announced a
pair of evaluation kits targeting prospective customers of its new Power
405EX and 405EXr processors. The Kilauea and Haleakala kits include boards,
software tools, sample apps, benchmarks, and a Denx Linux BSP, with
MontaVista Linux BSPs and tools optionally available separately from
MontaVista."
Dave Phillips is at it again, this time reviewing the state of
commercial audio software for Linux. In part one of his Linux Journal
article, he reviews a sequencer program, a program to create rhythm
patterns and loops, as well as a transcription tool. "Before we begin
this whirlwind tour I must declare that I am not at all opposed to the
notion and practice of commercial Linux software of any kind. The user is
still free to decide that he or she can live without a commercial product,
nor do I believe that commercialism will somehow inevitably corrupt the
world of FOSS Linux audio software. Personally I welcome more such
software, especially if it addresses some glaring lack in the current free
software armory. I prefer free solutions, but if a commercial tool exists
that does the needed job, then I'm all for using that tool until a free
alternative exists."
LinuxDevices
notes
a change of direction in an EMF report on embedded operating systems.
"Embedded Market Forecasters has issued a report claiming that embedded Linux is just as dependable as other real-time operating systems (RTOSes). The independently funded report appears to recant EMF's controversial Microsoft-funded report in 2003 that claimed that embedded Windows OSes were far faster and cheaper than embedded Linux.
The updated report now claims that projects using embedded Linux have achieved design parity with commercial RTOSes for most projects, offering the same level of design outcomes."
The Software Freedom Law Center has announced another GPL-infringement
lawsuit filed on behalf of the BusyBox developers. The defendant this time
is Verizon Communications, which is accused of distributing Actiontec
routers (containing BusyBox) without the accompanying source.
The preliminary results from the GNOME Foundation board election have been
posted; if these results hold the incoming board members will be (ordered
by votes received): Luis Villa, Vincent Untz, Lucas Rocha, Behdad Esfahbod,
John (J5) Palmieri, Brian Cameron, and Jeff Waugh.
The SQLite Consortium has been launched.
"The SQLite
Consortium, a new membership association dedicated to maintaining
SQLite as a fully open and independent product, was formally
announced today. Mozilla and Symbian Ltd. have joined the SQLite
Consortium as charter members.
SQLite is a compact, high efficiency, high reliability, embeddable
SQL database engine."
ACCESS CO., LTD.Link has
announced a new mobile phone initiative.
"ACCESS CO., LTD., a global provider of
advanced software technologies to the mobile and beyond-PC markets, today
announced the signing of a memorandum of understanding with NTT DoCoMo,
Inc., NEC Corp., Panasonic Mobile Communications Co., Ltd., and ESTEEMO
Co., Ltd. under which the companies will study the use of ACCESS Linux
Platform(TM) as the basis for developing a shared Linux(R) platform for
mobile phones and an operator pack for NTT DoCoMo."
Novell, Inc. has
announced the selection of SUSE Linux Enterprise Server by
Office Depot for use in its global servers.
"With customers in 43 countries, Office Depot has grown its global
business both organically and through acquisitions. As a result, the
company runs applications on a variety of platforms including Solaris*,
Windows*, Linux*, z/OS and i5/OS*. To reduce complexity and control costs,
the company selected SUSE Linux Enterprise Server to standardize its IT
environment as much as possible."
OpenLogic has announced a scheme for performing a global census of open source software use. "Using the new OSS Discovery tool, enterprises will be able
to scan any of their computers and contribute the scan results back into
The Open Source Census database -- anonymously and free of charge. Once
they have contributed scans, enterprises will have access to reports that
summarize their own open source usage and provide comparisons to other
similar companies." The tool, itself, is open source; an early version is available at CollabNet. How the anonymity and the reporting features go together is not entirely clear.
The latest version of OpenOffice.org is available using a browser, with no
download or installation. The Ulteo Online Desktop gives users access to
OpenOffice.org 2.3 online. The service is still in beta testing.
SourceForge has launched SourceForge.net Marketplace.
"SourceForge.net® (part of SourceForge, Inc., NASDAQ: LNUX),
the world's largest web site for open source development and distribution, today launched an online
marketplace for technology professionals to buy and sell service and support for open source
software.
SourceForge.net Marketplace launches with more than 600 service listings. Some major projects
offering service and support include: OpenBravo, JasperSoft, Zenoss, Compiere, Firebird, Nagios and
Spring Framework."
TuxMobil has announced the availability of over 7,000 help documents
related to Linux laptops.
"The TuxMobil project covers all aspects concerning Linux on laptops
and notebooks. The number of free guides and how-to's has more than
doubled in less than three years, and more than 7,000 links to Linux
laptop and notebook installation and configuration guides are now
listed at TuxMobil."
Breach Security, Inc. has
announced the winning of a top application
security-specific tool award at AppSec 2007 for its ModSecurity
web application firewall.
"Additionally, ModSecurity was selected as the number two open source
security tool from the results of an AppSec 2007 conference attendee
survey. ModSecurity is the most widely deployed web application firewall in
the world with over 10,000 deployments."
The Andrew W. Mellon Foundation has
announced the collection of nominations for of its 2008 Mellon Awards
for Technology Collaboration.
"The Mellon Awards honor not-for-profit organizations
for leadership in the collaborative development of open source
software
tools with particular application to higher education and not-for-profit
activities.
The 2008 MATC awards are now accepting nominations at
http://matc.mellon.org.
Nominations will close at 5:00pm Eastern time on Monday, 14 April 2008."
A
call for participation has gone out for the 2008
AFS & Kerberos Best Practices Workshop.
The event takes place on May 19-23, 2008 in Newark, New Jersey,
submissions are due by March 3.
A Call for Papers has gone out for a number of Black Hat Briefings
events.
"Black Hat is always looking for new and unique research, demonstrations and
tools. If you have something you or your team would like to present please
keep the following dates in mind.
D.C. 2008 Briefings CfP closes January 4
Europe 2008 Briefings CfP closes February 1
USA 2008 Briefings CfP will open February 1
Japan 2008 Briefings CfP will open May 1".
The linux.conf.au Debian Miniconf has been announced.
"linux.conf.au 2008 will run from January 28th to February 2nd 2008 and
the first two days are dedicated to Miniconfs, which are
community-organised streams for specific areas of interest. The Debian
Miniconf is the oldest and has been one of the biggest Miniconfs at LCA
and has always attracted great speakers and an enthusiastic crowd of
Debianistas."
The O'Reilly ETech Conference program has been announced.
"The final touches are being added to the
O'Reilly Emerging Technology Conference, taking place March 3-6 in San
Diego, California. Now in its seventh year, ETech hones in on the ideas,
projects, and technologies that the alpha geeks are thinking about,
hacking on, and inventing right now, creating a space for all participants
to connect and be inspired. ETech is expected to draw more than 1,200
technologists, CxOs, IT managers, hackers, product developers,
researchers, academics, thought leaders, business managers, strategists,
artists, fringe technologists, entrepreneurs, business developers, and
venture capitalists."
FUDCon Raleigh 2008 has been announced.
"The next FUDCon (Fedora User and Developer Conference) will be in
Raleigh, NC from January 11-13, 2008. The event is 100% free to attend."
A Call for Location has gone out for the OpenOffice.org
Annual Conference 2008.
"The OpenOffice.org Community eagerly awaits its next annual international
conference, OOoCon. We are looking for engaged and interested groups to
host next year's conference and welcome your proposals.
Since the first conference in 2003, OOoCon has been held in Germany,
Slovenia, France, and Spain - could your local OpenOffice.org community
rise to the challenge in 2008?"
Videos
from the Hack In The Box Security Conference are available online.
"The files were created in Quicktime, however if
you're having trouble playing them on your platform, please ensure you
have the latest 3IVX codec installed."
brian d foy has
announced
the availability of some Perl conference videos.
"Over the last year I've managed to video a notable amount of talks from conferences, workshops and technical meetings. After getting permission from the presenters I'm pleased to be able to finally launch most of them."
Linux Magazine has released an audio
interview with Ted Ts'o.
"In this podcast, Ted Ts'o, the Linux Foundation's newly appointed Chief Platform Strategist, takes a few minutes to talk to Linux Magazine about his new role with the Linux Foundation, the status of Ext4, the Linux Standard Base, and more."