By Jonathan Corbet
December 19, 2007
Watching an extended flame war between Richard Stallman and Theo de Raadt
is an interesting experience. The realization that one can sit back and
watch without having to really care about the result brings a sense of
profound tranquility and relief. Along the way, one gets to learn things
like
how mean Theo can be, or that
Richard does not use a web browser. It all
seems like good fun. Even so, when the discussion reaches
levels like this:
Richard, your pants are full of hypocritical poo.
it becomes impossible not to wonder if one hasn't wandered into an
elementary school yard by mistake.
Most observers would probably conclude that Mr. Stallman has chosen to
express himself with less childish terms than Mr. de Raadt. Still, this
conversation came about as a result of a statement made by Mr. Stallman,
one which upset the OpenBSD community greatly. It is worthwhile to look at
where the disagreement was.
In particular, Richard Stallman started
the discussion by saying that he cannot "recommend" OpenBSD because the
"ports" system they use facilitates the installation of certain non-free
packages. His reasoning comes down to this:
Since I consider non-free software to be unethical and antisocial,
I think it would be wrong for me to recommend it to others.
Therefore, if a collection of software contains (or suggests
installation of) some non-free program, I do not recommend it. The
systems I recommend are therefore those that do not contain (or
suggest installation of) non-free software.
There are all kinds of things which can be said about the OpenBSD
community, but statements that they lack a proper appreciation for freedom
are not among them. This community's view of what makes a system truly free
differs from that of the Free Software Foundation, but what they produce is
undeniably free software. It is, arguably, one of the most free systems
available, with careful attention paid to the licensing of even things like
firmware blobs which are not part of the system itself. So folks in the
OpenBSD community resent this sort of claim, even if they profess to
care little about the opinions of the person making it.
Of course, it's not only OpenBSD which fails to pass Mr. Stallman's test.
The list
of recommended distributions from the GNU web site has grown recently;
it now contains gNewSense, Ututo, Dynebolic, Musix, BLAG, and GNUstep.
True statistics are hard to come by, of course, but your editor would be
most surprised if the combined installed base of these distributions added
up to a full 1% of the Linux systems in use. Most of us, in other words,
are using systems which Mr. Stallman is unable to recommend.
Many of us will be using distributions like Fedora or Debian which are
strongly committed to the creation of free systems. The developers behind
these distributions have gone to considerable trouble to be sure that
everything which is part of their system is truly free software, even when,
as has happened at times, the result has been trouble for users. These
distributors have clearly advanced the cause of free software greatly
through their efforts over many years. One might well wonder just why
Mr. Stallman cannot bring himself to recommend the result of this work.
The OpenBSD developers, though, have been asking a different question: why is the
GNU project happy to enable its software to be installed on non-free
systems? That is where the charges of hypocrisy come from. Mr. Stallman
answered both questions together. It seems
that, in his view, there is little risk of leading users astray by letting
them install programs like Emacs on proprietary systems:
People already know about non-free systems such as Windows, so it
is unlikely that the mention of them in a free package will tell
them about a system and they will then switch to it. Also,
switching operating systems is a big deal. People are unlikely to
switch to a non-free operating system merely because a free program
runs on it.
Thus, the risk of leading people to use a non-free system by making
a free program run on it is small.
It would appear, however, that proprietary applications carry a much higher
degree of risk:
By contrast, many non-free applications are not well known, and
installing one is much easier--it does not require changing
everything else you do. Thus, even telling people about a non-free
application could very well lead them to install it.
It is not all that hard to see, embodied within a statement like this, a
somewhat condescending view of computer users, who have to be "led" to
install the right software. It is a position which disallows the
recommendation of completely-free operating systems which most of us use.
It places a sort of ideological purity above the vast amounts of work which
have gone into the creation of a variety of free systems available for all
to run.
It is, in other words, an unreasonable position - as can be seen by the
fact that almost no free software users actually follow Mr. Stallman's
advice when they choose their systems. Before condemning this unreasonable
position, though, it's worth a quick review of the famous George Bernard
Shaw quote:
The reasonable man adapts himself to the world; the unreasonable
man persists in trying to adapt the world to himself. Therefore,
all progress depends on the unreasonable man.
There is no doubt that we have benefited from Mr. Stallman's lengthy,
sometimes unreasonable campaign. Certainly he
has no doubt on that score, saying "Free operating systems exist
today because of the campaign which I started in 1983." But it's
worthwhile to remember that free operating systems also exist because
thousands of others have put in hard work for many years. It seems
appropriate to wonder whether telling those people that their work
still is not free enough really helps the cause of free software.
On the other hand, one need not wonder about the value of responding to a
"refusal to recommend" with an extensive attack which ventures into pure
character assassination. Vitriolic flaming helps nobody's cause. One may
not agree with Mr. Stallman's position in this discussion, but one thing
should be said: he kept his cool, remained respectful and stayed on-topic
when others lost it completely. That is the way to promote free
software.
Comments (85 posted)
By Jake Edge
December 19, 2007
Rails (aka Ruby on Rails
or RoR) is a framework for building web applications. It has gotten
a lot of attention – some would say hype – over the past few years as easy to
use and learn, while allowing the creation of complex database-backed web
services. In the year since Rails 1.2, the team has not been idle, with
their work culminating in
the release of Rails 2.0 this month.
RoR is based around the idea of using the model-view-controller (MVC)
pattern to cleanly separate the user interface from the
application logic and data storage. All of the Ruby code written or
generated for a
Rails application is organized into a directory hierarchy based on what
part of the MVC they implement. All of the parts of the application know
how to find the others because of this convention, which is in keeping with the two principles
that guided the development of RoR.
Fundamentally, RoR is built around two principles. The first is "convention over
configuration", which is the idea that only things that deviate
from standard practices need to be specified via configuration. One can
get surprisingly far by sticking with these standard practices. The other
principle is "don't repeat yourself", which means that there is a
single place to go to specify something about the application; other places
that need it or things derived from it, retrieve it from the canonical
place. This is most evident in the specification of database
table and column names; they are described in the model and other parts of
the application retrieve them as required.
The principles are interrelated, of course, and are two of the innovations
that RoR has popularized for web application frameworks. Many previous
attempts required a huge amount of configuration information to be
specified, often nearly identically in multiple places. Simplifying this
configuration headache was explicitly a goal for Rails. It can take a bit
of time to come to grips with the conventions used, but once that is done
it is straightforward to use the framework.
Generating code to handle simple modifications to the database data, known
as scaffolding, is another technique popularized by RoR. From the
specification of the data model, Rails will generate an interface to
create, read, update, and delete data in that model. It can also generate
"migrations" which contain
the SQL necessary to create or modify the database tables to reflect
changes in the model. Migrations can be used in both a forward and
backward direction to keep the
database in sync with the state of the application as changes are made.
Rails itself is broken up into multiple components implementing each piece
of the MVC architecture: ActiveRecord for the model, ActionPack for the
view and controller, along with a number of lesser players. It provides
extensive test harness facilities that allow testing of the web application
without using a browser or network at all. RoR is a comprehensive
solution, with a large number of very vocal supporters.
The new release provides a number of new features, some performance
enhancements, as well as the requisite bug fixes. The bulk of the changes
in 2.0 are in the controllers. The first is better support for "representational
state transfer" (REST) style web application APIs, which were introduced in
Rails 1.2. Better support for multiple different views based on
application criteria were also added, allowing the interface to change
based on the device accessing it, for example.
Security enhancements were made as well, with code being added to help protect against
cross-site scripting and cross-site request forgery attacks. These two
web application flaws are becoming rather popular to exploit, so any
assistance a web framework can give is welcome. The default session
objects have changed to be cookie-based, rather than stored in a file or
the database. This allows snooping of the session data, but the data is
hashed to prevent forgery.
Performance and scalability have been the traditional knocks against Rails,
and though there were some enhancements, especially to ActiveRecord, that
should provide some boost, it is not clear how well Rails handles huge
sites. It is something the Rails team is aware of, so, over time,
those kinds of problems should be solved. RoR is a very capable framework
and the 2.0 release looks very good. The Rails community should find much
of use.
Comments (4 posted)
By Jonathan Corbet
December 19, 2007
Consistent with our usual practice, LWN will not be publishing a Weekly
Edition during the last full week of the year. This is thus the last such
for 2007; the next weekly will be published on January 3, 2008. Also
consistent with usual practice, you editor will look back on the year which
is about to end, with an emphasis on evaluating how
his predictions made at the beginning of
the year came out. There is amusement to be had in exposing the flaws in
one's crystal ball, but there is also value in seeing how one's view of the
world has changed over the course of the year.
Your editor bravely predicted that GPLv3 would be finalized and adopted by
the FSF; sure enough, that happened right on schedule. Your editor also
admitted to having "no clue" of how the FSF would respond to the criticism
of the anti-DRM provisions of GPLv3. Certainly it would have been hard to
predict the addition of the "user product" language and associated
exemptions. So far, the impact of GPLv3 has been relatively small, but use
of this license will surely grow over time.
Another prediction said that somebody would be sued for the distribution of
proprietary kernel modules. That did not happen - at least, not in
a way that the public (or your editor) heard about it. What your editor
did not foresee was the burst of energy coming from the Software Freedom
Law Center on behalf of the BusyBox developers. Thus far, GPL enforcement
activities continue to focus on the relatively clear-cut cases. They also
continue to have a very high success rate. Still, going after a company
like Verizon is an ambitious move; it will be interesting to see how that
one settles out.
The end of SCO was predicted. Your editor thought it might happen in
March, when new dispositive motions would once again be entertained by
Judge Kimball. Instead, the clear end of SCO happened in August when the
court ruled that Novell still owned the Unix source and that SCO owed
Novell a chunk of money. Like a fish thrown on the shore, SCO will
continue to flop around for a while, but there can be little doubt about
its ultimate fate.
The prediction that there would be serious talk of patent reform did not
really come through. There were a couple of U.S. court decisions in 2007
which, arguably, raised the bar slightly for patent trolls. In general,
though, the software patent situation remains unchanged - and as dangerous
as ever.
There were a couple of predictions about closed hardware, together saying,
essentially, that the situation would get better but that the problem would
not go away. Things clearly got better when AMD decided to open up
information about ATI's video hardware and assist with the creation of free
drivers for that hardware. The progress toward a viable Atheros wireless
chipset driver for Linux is also a happy development. The situation
has improved, and will continue to do so.
[PULL QUOTE:
Your editor predicted a serious war on bloat as people got tired of running
out of memory. Wishful thinking, it seems, is alive and well.
END QUOTE]
Your editor predicted a serious war on bloat as people got tired of running
out of memory. Wishful thinking, it seems, is alive and well. In
practice, people just bought more memory; even the OLPC project decided it
had to increase the amount of memory in its XO system. Your editor will
not be repeating this prediction for 2008.
"Fedora will come into its own as a free, community-oriented distribution"
has, beyond any doubt, come true. The Fedora 7 release brought
community developers in from the margins, and Fedora 8 solidified the
new process. The bulk of the packages in Fedora are now maintained by
community developers. Red Hat's controlling hand, while still clearly
present, is weaker than before. Fedora leader Max Spevack has presided
over a crucial transformation of this important project; he will be moving
on to other challenges early in 2008, but will be leaving behind a
distribution in far better shape than the one he inherited a few years ago.
Predicting Debian releases is a dangerous business, but, in this case,
Debian Etch was close enough to make it a relatively safe proposition.
Your editor had also suggested (facetiously) that the Debian developers
would subsequently go back to arguing about firmware in the kernel; that
quite clearly did not happen.
The prediction that free software would play a larger role in online gaming
was, for the most part, wishful thinking again. The release of the Second
Life client code was a step in the right direction, but not much happened
after that. Your editor still hopes that free software will be at the core
of the games of the future, or he may never see his children again.
The Microsoft/Novell deal, predicted your editor, would blow over with
relatively few consequences. In many ways that was true. One could argue
that the whole "235 patents" routine would have come out anyway - we heard
similar claims before Novell signed this deal. Your editor failed to guess
that a whole stream of companies (Samsung, Xandros, LG Electronics,
Linspire, Turbolinux) would follow Novell into similar agreements, though.
Your editor suggested that the "open source" term would suffer as a result
of companies trying to retain higher levels of control over "open source"
code. Certainly the OSI's approval of the CPAL "badgeware" license will
not have helped in this regard. On the other hand, SugarCRM decided to
just go with the GPLv3 in favor of its attribution-required license. As a
whole, "open source" means almost what it meant one year ago.
Contrary to prediction, there have not been OLPC systems distributed to
millions of children - though thousands should start getting them soon. We
are still waiting to see what impact the OLPC project will really have - on
free software, and on the world as a whole. Stay tuned.
Finally, the growth of desktop Linux was predicted, though your editor
refrained from saying that 2007 would be the year of the Linux desktop.
Clearly, progress has been made in that direction - we now have major
vendors like Dell selling desktop systems, Wal-Mart's desktop offering sold
out in days, and the number of pocket-sized "desktops" running Linux
continues to grow.
Perhaps the biggest thing which your editor missed entirely was the fight
over Microsoft's proposed OOXML standard. This issue came to light in
January of this year, though it had been simmering for a little while
before - the ECMA TC45 committee was already considering this proposal in
the middle of 2006. The fight over the fast-tracking of OOXML and the
ensuing questions on just how the community should work with the standards
practice will continue to echo into 2008.
Overall, your editor feels like the predictions went reasonably well. Too
well, perhaps; next year's predictions may need to be a little more
adventurous. Those predictions will be posted in the January 3
edition. In the mean time, your editor wishes for a great holiday season
and new year for everybody in the community; we have accomplished much over
the last year and have many things to celebrate.
Comments (9 posted)
Page editor: Jonathan Corbet
Security
By Jonathan Corbet
December 19, 2007
SquirrelMail advertises itself as
"webmail for nuts." It is a PHP-based package which is in wide use; most
distributions include a SquirrelMail package. Security problems in
SquirrelMail are certainly not unheard-of; even so, the
announcement that the source distribution for
version 1.4.12 had been compromised raised some eyebrows. Initially the
project downplayed the problem:
Further investigations show that the modifications to the code
should have little to no impact at this time. Modifications seemed
to be based around a PHP global variable which we cannot track
down. The changes made will most likely generate an error, rather
than a compromise of a system in the event the code does get
executed.
It only took one day, though, before Uwe Schindler pointed out that, in fact, the changes made to
the source opened a remote-execution back door into deployed SquirrelMail
systems. Somewhere along the way, the project discovered that the 1.4.11
release had also been tampered with. The SquirrelMail developers released
version 1.4.13 to close the
vulnerabilities.
There have not been any public reports of systems being compromised by way
of this vulnerability. Additionally, it would appear that all of the
distributors which shipped the affected versions got their version of the
code prior to the attack. So the episode would appear to have ended
reasonably well - as far as we know. There are some lessons that one can
take from this attack, though.
The downplaying of the problem initially was a potentially fatal mistake.
If somebody has been tampering with the sources, there is no excuse not to
go into red-alert mode immediately, even if the developers involved do not
understand the attack. When a project has been compromised at such a
fundamental level, one must assume the worst.
The compromise was discovered after a user noticed that the tarballs on the
download site did not match the posted MD5 checksums. Your editor suspects
that very few of us actually verify checksums in the packages they take
from the net. Doing so more often would be a good exercise in software
hygiene for all of us.
That said, the project got lucky this time around. A smarter attacker
would have replaced the checksums after adding the back door, making the
changes harder to detect. Longer-term, the increasing doubts
about the security of MD5 suggest that relying on it to detect changes
to tarballs might not be entirely safe. Far better to use public-key
signatures; they should have a longer shelf life, and, if the keys
are managed properly, they are impossible to replace. It seems that the
project has posted GPG signatures for 1.4.13, though the Wayback Machine suggests
that this is a recent practice. Your editor was unable to find the public
key needed to verify the signatures.
The modifications to the tarballs were done using a compromised developer's
account. The specific changes made were not put into the SquirrelMail
source repository. The project has said nothing, though, about what has
been done to ensure that no other changes were made there. Some sort of
statement from the project along these lines would be most reassuring to
SquirrelMail's users.
Perhaps the most encouraging conclusion, though, is this: there have been
several attempts to compromise source distributions over the years. Many
of them have succeeded in getting bad code into high-profile packages. But
none of these attacks - so far as we know - have escaped detection for any
significant period of time, and none of them have led to any sort of
wide-scale exploit. As a whole, we would appear to be reasonably resistant
to this kind of attack, even when the front-line defenses fail. With luck,
and continued vigilance, that trend will continue. Both will be required,
though: there is no doubt that the attackers will keep trying.
Comments (20 posted)
Brief items
Dark Reading
reports on a
new email alert service for cross-site scripting bugs. "
So
XSSed.com, a site dedicated to archiving publicly disclosed XSS bugs, is
now offering a free email alert service that notifies you as soon as an XSS
vulnerability affecting your Website gets indexed to its archive. XSSed
claims to have the industry's largest XSS archive, with over 17,000
disclosed vulnerabilities as of this posting."
Comments (2 posted)
New vulnerabilities
clamav: integer overflow and off-by-one
| Package(s): | clamav |
CVE #(s): | CVE-2007-6335
CVE-2007-6336
|
| Created: | December 19, 2007 |
Updated: | July 17, 2008 |
| Description: |
ClamAV contains integer overflow and off-by-one errors which could be exploited (via specially-crafted email) to execute arbitrary code. |
| Alerts: |
|
Comments (none posted)
cups: multiple vulnerabilities
Comments (none posted)
flash-plugin: lots of problems
Comments (3 posted)
IRC Services: denial of service
| Package(s): | ircservices |
CVE #(s): | CVE-2007-6122
|
| Created: | December 14, 2007 |
Updated: | December 19, 2007 |
| Description: |
loverboy reported that the "default_encrypt()" function in file
encrypt.c does not properly handle overly long passwords. A remote attacker could provide an overly long password to the vulnerable server, resulting in a denial of service. |
| Alerts: |
|
Comments (none posted)
kdebase: denial of service
| Package(s): | kdebase |
CVE #(s): | CVE-2007-5963
|
| Created: | December 18, 2007 |
Updated: | January 19, 2009 |
| Description: |
The kdebase package is vulnerable to a denial of service in which a local user can render KDM unusable for logins by any user or cause KDM to exceed system resource limits. |
| Alerts: |
|
Comments (none posted)
kernel: denial of service
| Package(s): | kernel |
CVE #(s): | CVE-2007-5966
|
| Created: | December 19, 2007 |
Updated: | February 3, 2010 |
| Description: |
A bug in high-resolution timers (prior to kernel 2.6.22.15) can cause very long sleeps when large timeout values are used. |
| Alerts: |
|
Comments (none posted)
libexif: integer overflow
| Package(s): | libexif |
CVE #(s): | CVE-2007-6352
|
| Created: | December 19, 2007 |
Updated: | October 15, 2008 |
| Description: |
From the Red Hat advisory: An integer overflow flaw was found in the way libexif parses Exif image
tags. If a victim opens a carefully crafted Exif image file, it could cause
the application linked against libexif to execute arbitrary code, or crash. |
| Alerts: |
|
Comments (none posted)
libexif: denial of service
| Package(s): | libexif |
CVE #(s): | CVE-2007-6351
|
| Created: | December 19, 2007 |
Updated: | October 15, 2008 |
| Description: |
From the Red Hat advisory: An infinite recursion flaw was found in the way libexif parses Exif image
tags. If a victim opens a carefully crafted Exif image file, it could cause
the application linked against libexif to crash. |
| Alerts: |
|
Comments (none posted)
libgd2: buffer overflow
| Package(s): | libgd2 |
CVE #(s): | CVE-2007-3996
|
| Created: | December 19, 2007 |
Updated: | October 13, 2009 |
| Description: |
The GD library does not perform proper bounds checking when creating images; as a result, an attacker could, via crafted input, potentially execute arbitrary code. |
| Alerts: |
|
Comments (none posted)
mysql: privilege escalation
| Package(s): | mysql |
CVE #(s): | CVE-2007-6303
|
| Created: | December 19, 2007 |
Updated: | April 7, 2008 |
| Description: |
From the CVE entry: MySQL 5.0.x before 5.0.52, 5.1.x before 5.1.23, and 6.0.x before 6.0.4 does not update the DEFINER value of a view when the view is altered, which allows remote authenticated users to gain privileges via a sequence of statements including a CREATE SQL SECURITY DEFINER VIEW statement and an ALTER VIEW statement. |
| Alerts: |
|
Comments (none posted)
portage: information disclosure
| Package(s): | portage |
CVE #(s): | CVE-2007-6249
|
| Created: | December 14, 2007 |
Updated: | December 19, 2007 |
| Description: |
Mike Frysinger reported that the "etc-update" utility uses temporary
files with the standard umask, which results in the files being
world-readable when merging configuration files in a default setup. A local attacker could access sensitive information when configuration
files are being merged. |
| Alerts: |
|
Comments (none posted)
squid: denial of service
| Package(s): | squid |
CVE #(s): | CVE-2007-6239
|
| Created: | December 18, 2007 |
Updated: | March 25, 2009 |
| Description: |
A flaw was found in the way squid stored HTTP headers for cached objects
in system memory. An attacker could cause squid to use additional memory,
and trigger high CPU usage when processing requests for certain cached
objects, possibly leading to a denial of service. |
| Alerts: |
|
Comments (none posted)
wpa_supplicant: stack-based buffer overflow
| Package(s): | wpa_supplicant |
CVE #(s): | CVE-2007-6025
|
| Created: | December 14, 2007 |
Updated: | December 19, 2007 |
| Description: |
A stack-based buffer overflow in driver_wext.c in wpa_supplicant 0.6.0 allows remote attackers to cause a denial of service (crash) via crafted TSF data.
|
| Alerts: |
|
Comments (1 posted)
Xfce: buffer overflows
| Package(s): | xfce4 |
CVE #(s): | |
| Created: | December 19, 2007 |
Updated: | December 19, 2007 |
| Description: |
The Xfce desktop contains a number of buffer overflow vulnerabilities; they have been fixed in the 4.4.2 release. |
| Alerts: |
|
Comments (none posted)
Updated vulnerabilities
acroread: multiple vulnerabilities
| Package(s): | acroread |
CVE #(s): | CVE-2006-5857
CVE-2007-0045
CVE-2007-0046
|
| Created: | January 11, 2007 |
Updated: | October 26, 2009 |
| Description: |
Adobes acrobat reader has the following vulnerabilities:
The Adobe Reader Plugin has a cross site scripting vulnerability that
can be triggered by processes malformed URLs. Arbitrary JavaScript can
be served by a malicious web server, leading to a cross-site scripting
attack.
Maliciously crafted PDF files can be used to trigger two vulnerabilities,
if an attacker can trick a user into viewing the files, arbitrary code
can be executed with the user's privileges. |
| Alerts: |
|
Comments (1 posted)
apache2: information disclosure
| Package(s): | apache |
CVE #(s): | CVE-2007-1862
|
| Created: | June 20, 2007 |
Updated: | February 18, 2008 |
| Description: |
From the Mandriva advisory: "The recall_headers function in mod_mem_cache in Apache 2.2.4 does not
properly copy all levels of header data, which can cause Apache to
return HTTP headers containing previously-used data, which could be
used to obtain potentially sensitive information by unauthorized users." |
| Alerts: |
|
Comments (2 posted)
apache: multiple vulnerabilities
| Package(s): | apache |
CVE #(s): | CVE-2007-3304
CVE-2006-5752
|
| Created: | June 27, 2007 |
Updated: | February 18, 2008 |
| Description: |
The Apache HTTP Server did not verify that a process was an Apache child
process before sending it signals. A local attacker who has the ability to
run scripts on the Apache HTTP Server could manipulate the scoreboard and
cause arbitrary processes to be terminated, which could lead to a denial of
service. (CVE-2007-3304)
A flaw was found in the Apache HTTP Server mod_status module. Sites with
the server-status page publicly accessible and ExtendedStatus enabled were
vulnerable to a cross-site scripting attack. On Red Hat Enterprise Linux
the server-status page is not enabled by default and it is best practice to
not make this publicly available. (CVE-2006-5752) |
| Alerts: |
|
Comments (1 posted)
apache: cross-site scripting
| Package(s): | apache |
CVE #(s): | CVE-2006-3918
|
| Created: | August 9, 2006 |
Updated: | April 4, 2008 |
| Description: |
From the Red Hat advisory: "A bug was found in Apache where an invalid Expect header sent to the server
was returned to the user in an unescaped error message. This could
allow an attacker to perform a cross-site scripting attack if a victim was
tricked into connecting to a site and sending a carefully crafted Expect
header." |
| Alerts: |
|
Comments (none posted)
apache2: denial of service
| Package(s): | apache2 |
CVE #(s): | CVE-2007-1863
|
| Created: | November 19, 2007 |
Updated: | February 18, 2008 |
| Description: |
From the CVE entry:
cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value. |
| Alerts: |
|
Comments (1 posted)
httpd: denial of service, cross-site scripting
| Package(s): | apache httpd |
CVE #(s): | CVE-2007-3847
CVE-2007-4465
|
| Created: | September 25, 2007 |
Updated: | February 15, 2008 |
| Description: |
A flaw was found in the mod_proxy module. On sites where a reverse proxy is
configured, a remote attacker could send a carefully crafted request that
would cause the Apache child process handling that request to crash. On
sites where a forward proxy is configured, an attacker could cause a
similar crash if a user could be persuaded to visit a malicious site using
the proxy. This could lead to a denial of service if using a threaded
Multi-Processing Module. (CVE-2007-3847)
A flaw was found in the mod_autoindex module. On sites where directory
listings are used, and the AddDefaultCharset directive has been removed
from the configuration, a cross-site-scripting attack may be possible
against browsers which do not correctly derive the response character set
following the rules in RFC 2616. (CVE-2007-4465) |
| Alerts: |
|
Comments (none posted)
asterisk: possible SQL injection
| Package(s): | asterisk |
CVE #(s): | CVE-2007-6170
|
| Created: | December 3, 2007 |
Updated: | April 15, 2008 |
| Description: |
Tilghman Lesher discovered that the logging engine of Asterisk, a free
software PBX and telephony toolkit, performs insufficient sanitizing of
call-related data, which may lead to SQL injection. |
| Alerts: |
|
Comments (none posted)
autofs: insecure default configuration
| Package(s): | autofs |
CVE #(s): | CVE-2007-5964
|
| Created: | December 12, 2007 |
Updated: | January 14, 2008 |
| Description: |
Versions of the autofs automounter daemon as shipped by Red Hat (and possibly other distributors) are installed with an insecure configuration; in particular, the "hosts" map lacks the "nosuid" option, allowing an attacker who has control over an NFS server to run setuid programs on vulnerable systems. |
| Alerts: |
|
Comments (none posted)
avahi: denial of service
| Package(s): | avahi |
CVE #(s): | CVE-2007-3372
|
| Created: | June 28, 2007 |
Updated: | December 23, 2008 |
| Description: |
Avahi is vulnerable to a local denial of service that can be caused by
making an erroneous call to the assert() function. |
| Alerts: |
|
Comments (none posted)
cacti: SQL injection vulnerability
| Package(s): | cacti |
CVE #(s): | CVE-2007-6035
|
| Created: | November 22, 2007 |
Updated: | February 18, 2008 |
| Description: |
Versions of Cacti prior to 0.8.7a have an SQL injection vulnerability.
Remote attackers can execute arbitrary SQL commands via unspecified vectors. |
| Alerts: |
|
Comments (none posted)
cacti: denial of service
| Package(s): | cacti |
CVE #(s): | CVE-2007-3112
CVE-2007-3113
|
| Created: | September 18, 2007 |
Updated: | December 16, 2009 |
| Description: |
A vulnerability in Cacti 0.8.6i and earlier versions allows remote
authenticated users to cause a denial of service (CPU consumption) via
large values of the graph_start, graph_end, graph_height, or graph_width
parameters. |
| Alerts: |
|
Comments (none posted)
cairo: integer overflow
| Package(s): | Cairo |
CVE #(s): | CVE-2007-5503
|
| Created: | November 29, 2007 |
Updated: | April 10, 2008 |
| Description: |
Cairo has an integer overflow vulnerability in the PNG image processing
code. If a user processes a specially crafted PNG image with an
application that is linked against cairo, arbitrary code can be executed
with the user's privileges. |
| Alerts: |
|
Comments (none posted)
centericq: buffer overflows
| Package(s): | centericq |
CVE #(s): | CVE-2007-3713
|
| Created: | July 20, 2007 |
Updated: | December 17, 2007 |
| Description: |
Multiple buffer overflows in Konst CenterICQ 4.9.11 through 4.21 allow
remote attackers to execute arbitrary code via unspecified vectors. NOTE:
the provenance of this information is unknown; the details are obtained
solely from third party information. NOTE: this might overlap
CVE-2007-0160. |
| Alerts: |
|
Comments (none posted)
clamav: denial of service
| Package(s): | clamav |
CVE #(s): | CVE-2007-3725
|
| Created: | July 24, 2007 |
Updated: | February 27, 2008 |
| Description: |
A NULL pointer dereference has been discovered in the RAR VM of Clam
Antivirus (ClamAV) which allows user-assisted remote attackers to
cause a denial of service via a specially crafted RAR archives. |
| Alerts: |
|
Comments (none posted)
clamav: multiple vulnerabilities
| Package(s): | clamav |
CVE #(s): | CVE-2007-4510
CVE-2007-4560
|
| Created: | September 3, 2007 |
Updated: | February 13, 2008 |
| Description: |
Several remote vulnerabilities have been discovered in the Clam anti-virus
toolkit. The Common Vulnerabilities and Exposures project identifies the
following problems:
CVE-2007-4510:
It was discovered that the RTF and RFC2397 parsers can be tricked
into dereferencing a NULL pointer, resulting in denial of service.
CVE-2007-4560:
It was discovered clamav-milter performs insufficient input
sanitizing, resulting in the execution of arbitrary shell commands.
|
| Alerts: |
|
Comments (none posted)
cpio: arbitrary code execution
| Package(s): | cpio |
CVE #(s): | CVE-2005-4268
|
| Created: | January 2, 2006 |
Updated: | March 17, 2010 |
| Description: |
Richard Harms discovered that cpio did not sufficiently validate file
properties when creating archives. Files with e. g. a very large size
caused a buffer overflow. By tricking a user or an automatic backup
system into putting a specially crafted file into a cpio archive, a
local attacker could probably exploit this to execute arbitrary code
with the privileges of the target user (which is likely root in an
automatic backup system). |
| Alerts: |
|
Comments (none posted)
vixie-cron: privilege escalation
| Package(s): | cron |
CVE #(s): | CVE-2006-2607
|
| Created: | May 31, 2006 |
Updated: | June 1, 2009 |
| Description: |
The Vixie cron daemon does not check the return code from setuid(); if that call can be made to fail, a local attacker may be able to execute commands as root. |
| Alerts: |
|
Comments (1 posted)
cscope: buffer overflows
| Package(s): | cscope |
CVE #(s): | CVE-2006-4262
|
| Created: | October 2, 2006 |
Updated: | June 16, 2009 |
| Description: |
Will Drewry of the Google Security Team discovered several buffer overflows
in cscope, a source browsing tool, which might lead to the execution of
arbitrary code. |
| Alerts: |
|
Comments (none posted)
cscope: buffer overflows
| Package(s): | cscope |
CVE #(s): | CVE-2004-2541
|
| Created: | May 22, 2006 |
Updated: | June 19, 2009 |
| Description: |
A buffer overflow in Cscope 15.5, and possibly multiple overflows, allows
remote attackers to execute arbitrary code via a C file with a long
#include line that is later browsed by the target. |
| Alerts: |
|
Comments (1 posted)
cups: denial of service
| Package(s): | cups |
CVE #(s): | CVE-2007-0720
|
| Created: | March 26, 2007 |
Updated: | February 7, 2008 |
| Description: |
Previous versions of the cups package could be forced to hang via a client
"partially negotiating" an ssl connection. In this state, cups would not
allow other connections to be made, a denial of service. |
| Alerts: |
|
Comments (none posted)
debian-goodies: privilege escalation
| Package(s): | debian-goodies |
CVE #(s): | CVE-2007-3912
|
| Created: | October 5, 2007 |
Updated: | March 24, 2008 |
| Description: |
Thomas de Grenier de Latour discovered that the checkrestart program included
in debian-goodies did not correctly handle shell meta-characters. A local
attacker could exploit this to gain the privileges of the user running
checkrestart. |
| Alerts: |
|
Comments (none posted)
Django: denial of service
| Package(s): | Django |
CVE #(s): | CVE-2007-5712
|
| Created: | November 12, 2007 |
Updated: | September 22, 2008 |
| Description: |
From the CVE notice:
The internationalization (i18n) framework in Django 0.91, 0.95, 0.95.1, and 0.96, and as used in other products such as PyLucid, when the USE_I18N option and the i18n component are enabled, allows remote attackers to cause a denial of service (memory consumption) via many HTTP requests with large Accept-Language headers. |
| Alerts: |
|
Comments (none posted)
dovecot: privilege escalation
| Package(s): | dovecot |
CVE #(s): | CVE-2007-4211
|
| Created: | August 15, 2007 |
Updated: | May 21, 2008 |
| Description: |
From the rPath advisory: "Previous versions of the dovecot package are vulnerable to a
minor privilege escalation attack in which an authenticated
user may exploit an ACL plugin weakness to save message flags
without having proper permissions." |
| Alerts: |
|
Comments (none posted)
dovecot: directory traversal
| Package(s): | dovecot |
CVE #(s): | CVE-2007-2231
|
| Created: | May 8, 2007 |
Updated: | May 21, 2008 |
| Description: |
Directory traversal vulnerability in index/mbox/mbox-storage.c in Dovecot
before 1.0.rc29, when using the zlib plugin, allows remote attackers to
read arbitrary gzipped (.gz) mailboxes (mbox files) via a .. (dot dot)
sequence in the mailbox name. |
| Alerts: |
|
Comments (none posted)
e2fsprogs: integer overflows
| Package(s): | e2fsprogs |
CVE #(s): | CVE-2007-5497
|
| Created: | December 7, 2007 |
Updated: | February 12, 2008 |
| Description: |
Rafal Wojtczuk of McAfee AVERT Research discovered that e2fsprogs,
ext2 file system utilities and libraries, contained multiple
integer overflows in memory allocations, based on sizes taken directly
from filesystem information. These could result in heap-based
overflows potentially allowing the execution of arbitrary code. |
| Alerts: |
|
Comments (none posted)
eggdrop: stack-based buffer overflow
| Package(s): | eggdrop |
CVE #(s): | CVE-2007-2807
|
| Created: | September 7, 2007 |
Updated: | December 8, 2009 |
| Description: |
A stack-based buffer overflow in mod/server.mod/servrmsg.c in Eggdrop
1.6.18, and possibly earlier, allows user-assisted, malicious remote IRC
servers to execute arbitrary code via a long private message. |
| Alerts: |
|
Comments (none posted)
elinks: code execution
| Package(s): | elinks |
CVE #(s): | CVE-2007-2027
|
| Created: | May 7, 2007 |
Updated: | October 30, 2009 |
| Description: |
Arnaud Giersch discovered that elinks incorrectly attempted to load
gettext catalogs from a relative path. If a user were tricked into
running elinks from a specific directory, a local attacker could execute
code with user privileges. |
| Alerts: |
|
Comments (none posted)
elinks: arbitrary file access
| Package(s): | elinks |
CVE #(s): | CVE-2006-5925
|
| Created: | November 16, 2006 |
Updated: | October 22, 2009 |
| Description: |
The elinks text-mode browser has an arbitrary file access vulnerability
in the Elinks SMB protocol handler. If a user can be tricked into
visiting a specially crafted web page, arbitrary files may be read or
written with the user's permissions. |
| Alerts: |
|
Comments (none posted)
emacs: buffer overflow
| Package(s): | emacs |
CVE #(s): | CVE-2007-6109
|
| Created: | December 10, 2007 |
Updated: | May 6, 2008 |
| Description: |
From the National Vulnerability Database:
Buffer overflow in emacs allows attackers to have an unknown impact, as demonstrated via a vector involving the command line. |
| Alerts: |
|
Comments (none posted)
emacs: command execution via local variables
| Package(s): | emacs |
CVE #(s): | CVE-2007-5795
|
| Created: | November 14, 2007 |
Updated: | February 5, 2008 |
| Description: |
From the original Debian problem report: "In Debian's version of GNU Emacs 22.1+1-2, the `hack-local-variables'
function does not behave correctly when `enable-local-variables' is
set to :safe. The documentation of `enable-local-variables' states
that the value :safe means to set only safe variables, as determined
by `safe-local-variable-p' and `risky-local-variable-p' (and the data
driving them), but Emacs ignores this and instead sets all the local
variables." When this setting (which is not the default) is in effect, opening a hostile file could lead to the execution of arbitrary commands. |
| Alerts: |
|
Comments (1 posted)
emul-linux-x86-qtlibs: arbitrary code execution
| Package(s): | emul-linux-x86-qtlibs |
CVE #(s): | |
| Created: | December 10, 2007 |
Updated: | December 12, 2007 |
| Description: |
From the Gentoo advisory:
An attacker could trigger one of the vulnerabilities by causing a Qt
application to parse specially crafted text or Unicode strings, which
may lead to the execution of arbitrary code with the privileges of the
user running the application. |
| Alerts: |
|
Comments (none posted)
evolution: format string error
| Package(s): | evolution |
CVE #(s): | CVE-2007-1002
|
| Created: | March 27, 2007 |
Updated: | February 27, 2008 |
| Description: |
A format string error in the "write_html()" function in calendar/gui/
e-cal-component-memo-preview.c when displaying a memo's categories can
potentially be exploited to execute arbitrary code via a specially crafted
shared memo containing format specifiers. |
| Alerts: |
|
Comments (1 posted)
pop mail man-in-the-middle attacks
| Package(s): | evolution thunderbird mutt fetchmail |
CVE #(s): | CVE-2007-1558
|
| Created: | May 8, 2007 |
Updated: | July 3, 2009 |
| Description: |
The APOP protocol allows remote attackers to guess the first 3 characters
of a password via man-in-the-middle (MITM) attacks that use crafted message
IDs and MD5 collisions. NOTE: this design-level issue potentially affects
all products that use APOP, including (1) Thunderbird, (2) Evolution, (3)
mutt, and (4) fetchmail. |
| Alerts: |
|
Comments (none posted)
fetchmail: denial of service
| Package(s): | fetchmail |
CVE #(s): | CVE-2007-4565
|
| Created: | September 5, 2007 |
Updated: | October 30, 2009 |
| Description: |
fetchmail before 6.3.9 allows context-dependent attackers to cause a denial of service (NULL dereference and application crash) by refusing certain warning messages that are sent over SMTP. |
| Alerts: |
|
Comments (none posted)
firebird: arbitrary code execution
| Package(s): | firebird |
CVE #(s): | CVE-2007-4992
CVE-2007-5246
|
| Created: | December 10, 2007 |
Updated: | December 12, 2007 |
| Description: |
From the Gentoo advisory:
Adriano Lima and Ramon de Carvalho Valle reported that functions
isc_attach_database() and isc_create_database() do not perform proper
boundary checking when processing their input.
A remote attacker could send specially crafted requests to the Firebird
server on TCP port 3050, possibly resulting in the execution of
arbitrary code with the privileges of the user running Firebird
(usually firebird). |
| Alerts: |
|
Comments (none posted)
firebird: buffer overflow
| Package(s): | firebird |
CVE #(s): | CVE-2007-3181
|
| Created: | July 2, 2007 |
Updated: | March 27, 2008 |
| Description: |
The Firebird DBMS has a buffer overflow vulnerability involving
the processing of connect requests with an overly large p_cnct_count
value. Remote attackers can send a specially crafted
request to the server in order to potentially execute arbitrary code with
the permissions of the Firebird user. |
| Alerts: |
|
Comments (none posted)
firefox: multiple vulnerabilities
| Package(s): | firefox |
CVE #(s): | CVE-2007-3844
CVE-2007-3845
|
| Created: | August 1, 2007 |
Updated: | February 20, 2008 |
| Description: |
A flaw was discovered in handling of "about:blank" windows used by
addons. A malicious web site could exploit this to modify the contents,
or steal confidential data (such as passwords), of other web pages.
(CVE-2007-3844)
Jesper Johansson discovered that spaces and double-quotes were
not correctly handled when launching external programs. In rare
configurations, after tricking a user into opening a malicious web page,
an attacker could execute helpers with arbitrary arguments with the
user's privileges. (CVE-2007-3845) |
| Alerts: |
|
Comments (none posted)
firefox: multiple vulnerabilities
| Package(s): | firefox seamonkey |
CVE #(s): | CVE-2007-5947
CVE-2007-5959
CVE-2007-5960
|
| Created: | November 27, 2007 |
Updated: | March 3, 2008 |
| Description: |
A cross-site scripting flaw was found in the way Firefox handled the
jar: URI scheme. It was possible for a malicious website to leverage this
flaw and conduct a cross-site scripting attack against a user running
Firefox. (CVE-2007-5947)
Several flaws were found in the way Firefox processed certain malformed web
content. A webpage containing malicious content could cause Firefox to
crash, or potentially execute arbitrary code as the user running Firefox.
(CVE-2007-5959)
A race condition existed when Firefox set the "window.location" property
for a webpage. This flaw could allow a webpage to set an arbitrary Referer
header, which may lead to a Cross-site Request Forgery (CSRF) attack
against websites that rely only on the Referer header for protection.
(CVE-2007-5960)
|
| Alerts: |
|
Comments (1 posted)
firefox, thunderbird, seamonkey: multiple vulnerabilities
| Package(s): | firefox, thunderbird, seamonkey |
CVE #(s): | CVE-2007-3738
CVE-2007-3656
CVE-2007-3670
CVE-2007-3285
CVE-2007-3737
CVE-2007-3089
CVE-2007-3736
CVE-2007-3734
CVE-2007-3735
|
| Created: | July 18, 2007 |
Updated: | May 12, 2008 |
| Description: |
shutdown and moz_bug_r_a4 reported two separate ways to modify an
XPCNativeWrapper such that subsequent access by the browser would result in
executing user-supplied code. (CVE-2007-3738)
Michal Zalewski reported that it was possible to bypass the same-origin
checks and read from cached (wyciwyg) documents It is possible to access
wyciwyg:// documents without proper same domain policy checks through the
use of HTTP 302 redirects. This enables the attacker to steal sensitive
data displayed on dynamically generated pages; perform cache poisoning; and
execute own code or display own content with URL bar and SSL certificate
data of the attacked page (URL spoofing++). (CVE-2007-3656)
Internet Explorer calls registered URL protocols without escaping quotes
and may be used to pass unexpected and potentially dangerous data to the
application that registers that URL Protocol. (CVE-2007-3670)
Ronald van den Heetkamp reported that a filename URL containing %00
(encoded null) can cause Firefox to interpret the file extension
differently than the underlying Windows operating system potentially
leading to unsafe actions such as running a program. This is only
accessible locally. (CVE-2007-3285)
An attacker can use an element outside of a document to call an event
handler allowing content to run arbitrary code with chrome
privileges. (CVE-2007-3737)
Ronen Zilberman and Michal Zalewski both reported that it was possible to
exploit a timing issue to inject content into about:blank frames in a
page. When opening a window from a script, it is possible to spoof the
content of the newly opened window's frames within a short time frame,
while the window is loading. (CVE-2007-3089)
Mozilla contributor moz_bug_r_a4 demonstrated that the methods
addEventListener and setTimeout could be used to inject script into another
site in violation of the browser's same-origin policy. This could be used
to access or modify private or valuable information from that other
site. (CVE-2007-3736)
As part of the Firefox 2.0.0.5 update releases Mozilla developers fixed
many bugs to improve the stability of the product. Some of these crashes
that showed evidence of memory corruption under certain circumstances and
we presume that with enough effort at least some of these could be
exploited to run arbitrary code. Note: Thunderbird shares the browser
engine with Firefox and could be vulnerable if JavaScript were to be
enabled in mail. This is not the default setting and we strongly discourage
users from running JavaScript in mail. Without further investigation we
cannot rule out the possibility that for some of these an attacker might be
able to prepare memory for exploitation through some means other than
JavaScript, such as large images. (CVE-2007-3734, CVE-2007-3735) |
| Alerts: |
|
Comments (none posted)
flac: arbitrary code execution
| Package(s): | flac |
CVE #(s): | CVE-2007-4619
|
| Created: | October 22, 2007 |
Updated: | January 21, 2008 |
| Description: |
From the Red Hat advisory:
A security flaw was found in the way flac processed audio data. An
attacker could create a carefully crafted FLAC audio file in such a way that
it could cause an application linked with flac libraries to crash or execute
arbitrary code when it was opened. (CVE-2007-4619)
|
| Alerts: |
|
Comments (none posted)
freetype: arbitrary code execution
| Package(s): | freetype |
CVE #(s): | CVE-2007-2754
|
| Created: | May 24, 2007 |
Updated: | June 1, 2010 |
| Description: |
The Freetype font rendering library versions 2.3.4 and below
has an integer sign error. Remote attackers may be able to
create a specially crafted TrueType Font file with a negative
n_points value that will cause an integer overflow and heap-based
buffer overflow, allowing the execution of arbitrary code. |
| Alerts: |
|
Comments (none posted)
freetype: integer overflows
| Package(s): | freetype |
CVE #(s): | CVE-2006-0747
CVE-2006-1861
CVE-2006-2493
CVE-2006-2661
CVE-2006-3467
|
| Created: | June 8, 2006 |
Updated: | June 1, 2010 |
| Description: |
The FreeType library has several integer overflow vulnerabilities.
If a user can be tricked into installing a specially
crafted font file, arbitrary code can be executed with the privilege
of the user. |
| Alerts: |
|
Comments (none posted)
gcc: file overwrite vulnerability
| Package(s): | gcc |
CVE #(s): | CVE-2006-3619
|
| Created: | September 6, 2006 |
Updated: | March 14, 2008 |
| Description: |
The fastjar utility found in the GNU compiler collection does not perform adequate file path checking, allowing the creation or overwriting of files outside of the current directory tree. |
| Alerts: |
|
Comments (none posted)
gd: buffer overflow
| Package(s): | gd |
CVE #(s): | CVE-2007-0455
|
| Created: | February 7, 2007 |
Updated: | November 18, 2009 |
| Description: |
The gd graphics library contains a buffer overflow which could enable a remote attacker to execute arbitrary code. Note that various other packages include code from gd and could also be vulnerable. |
| Alerts: |
|
Comments (2 posted)
gd: multiple vulnerabilities
| Package(s): | gd |
CVE #(s): | CVE-2007-3472
CVE-2007-3473
CVE-2007-3474
CVE-2007-3475
CVE-2007-3476
CVE-2007-3477
CVE-2007-3478
|
| Created: | August 6, 2007 |
Updated: | November 6, 2009 |
| Description: |
Integer overflow in gdImageCreateTrueColor function in the GD Graphics
Library (libgd) before 2.0.35 allows user-assisted remote attackers
to have unspecified remote attack vectors and impact. (CVE-2007-3472)
The gdImageCreateXbm function in the GD Graphics Library (libgd)
before 2.0.35 allows user-assisted remote attackers to cause a denial
of service (crash) via unspecified vectors involving a gdImageCreate
failure. (CVE-2007-3473)
Multiple unspecified vulnerabilities in the GIF reader in the
GD Graphics Library (libgd) before 2.0.35 allow user-assisted
remote attackers to have unspecified attack vectors and
impact. (CVE-2007-3474)
The GD Graphics Library (libgd) before 2.0.35 allows user-assisted
remote attackers to cause a denial of service (crash) via a GIF image
that has no global color map. (CVE-2007-3475)
Array index error in gd_gif_in.c in the GD Graphics Library (libgd)
before 2.0.35 allows user-assisted remote attackers to cause
a denial of service (crash and heap corruption) via large color
index values in crafted image data, which results in a segmentation
fault. (CVE-2007-3476)
The (a) imagearc and (b) imagefilledarc functions in GD Graphics
Library (libgd) before 2.0.35 allows attackers to cause a denial
of service (CPU consumption) via a large (1) start or (2) end angle
degree value. (CVE-2007-3477)
Race condition in gdImageStringFTEx (gdft_draw_bitmap) in gdft.c in the
GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote
attackers to cause a denial of service (crash) via unspecified vectors,
possibly involving truetype font (TTF) support. (CVE-2007-3478) |
| Alerts: |
|
Comments (none posted)
gd: denial of service
| Package(s): | gd |
CVE #(s): | CVE-2007-2756
|
| Created: | June 14, 2007 |
Updated: | February 28, 2008 |
| Description: |
Libgd2 has a denial of service vulnerability involving the incorrect
validation of PNG callback results. If an application that is linked
against libgd2 is used to process a specially-crafted PNG file,
a denial of service involving CPU resource consumption can be
caused. |
| Alerts: |
|
Comments (none posted)
gedit: format string vulnerability
| Package(s): | gedit |
CVE #(s): | CAN-2005-1686
|
| Created: | June 9, 2005 |
Updated: | February 5, 2009 |
| Description: |
A format string vulnerability has been discovered in gedit. Calling
the program with specially crafted file names caused a buffer
overflow, which could be exploited to execute arbitrary code with the
privileges of the gedit user. |
| Alerts: |
|
Comments (1 posted)
gftp: buffer overflows
| Package(s): | gftp |
CVE #(s): | CVE-2007-3962
CVE-2007-3961
|
| Created: | November 2, 2007 |
Updated: | January 22, 2008 |
| Description: |
Kalle Olavi Niemitalo discovered two boundary errors in fsplib code
included in gFTP when processing overly long directory or file names. A
remote attacker could trigger these vulnerabilities by enticing a user to
download a file with a specially crafted directory or file name, possibly
resulting in the execution of arbitrary code (CVE-2007-3962) or a Denial of
Service (CVE-2007-3961). |
| Alerts: |
|
Comments (none posted)
gimp: multiple vulnerabilities
| Package(s): | gimp |
CVE #(s): | CVE-2007-2949
|
| Created: | June 28, 2007 |
Updated: | February 27, 2008 |
| Description: |
The gimp image editor has several vulnerabilities, including
a problem where it can open PSD files with excessive dimensions
and a possible stack overflow in the Sunras loader. |
| Alerts: |
|
Comments (none posted)
gnome-screensaver: keyboard lock bypass
| Package(s): | gnome-screensaver |
CVE #(s): | CVE-2007-3920
|
| Created: | October 24, 2007 |
Updated: | October 15, 2009 |
| Description: |
From the Ubuntu advisory:
Jens Askengren discovered that gnome-screensaver became confused when
running under Compiz, and could lose keyboard lock focus. A local
attacker could exploit this to bypass the user's locked screen saver. |
| Alerts: |
|
Comments (none posted)
openssh: inappropriate use of trusted cookies
| Package(s): | gnome-ssh-askpass openssh |
CVE #(s): | CVE-2007-4752
|
| Created: | September 11, 2007 |
Updated: | August 25, 2008 |
| Description: |
OpenSSH in versions prior
4.7 could use a trusted X11 cookie if the creation of an untrusted
cookie failed. |
| Alerts: |
|
Comments (none posted)
grip: buffer overflow
| Package(s): | grip |
CVE #(s): | CAN-2005-0706
|
| Created: | March 10, 2005 |
Updated: | November 19, 2008 |
| Description: |
Grip, a CD ripper, has a buffer overflow vulnerability that can
occur when the CDDB server returns more than 16 matches. |
| Alerts: |
|
Comments (none posted)
gzip: multiple vulnerabilities
| Package(s): | gzip |
CVE #(s): | CVE-2006-4334
CVE-2006-4335
CVE-2006-4336
CVE-2006-4337
CVE-2006-4338
|
| Created: | September 19, 2006 |
Updated: | January 20, 2010 |
| Description: |
Tavis Ormandy of the Google Security Team discovered two denial of service
flaws in the way gzip expanded archive files. If a victim expanded a
specially crafted archive, it could cause the gzip executable to hang or
crash.
Tavis Ormandy of the Google Security Team discovered several code execution
flaws in the way gzip expanded archive files. If a victim expanded a
specially crafted archive, it could cause the gzip executable to crash or
execute arbitrary code. |
| Alerts: |
|
Comments (1 posted)
heimdal: insufficient memory allocation
| Package(s): | heimdal |
CVE #(s): | CVE-2007-5939
|
| Created: | December 7, 2007 |
Updated: | December 12, 2007 |
| Description: |
The gss_userok function in appl/ftp/ftpd/gss_userok.c in Heimdal 0.7.2 does not allocate memory for the ticketfile pointer before calling free, which allows remote attackers to have an unknown impact via an invalid username. NOTE: the vulnerability was originally reported for ftpd.c, but this is incorrect. |
| Alerts: |
|
Comments (1 posted)
horde-kronolith: local file inclusion
| Package(s): | horde-kronolith |
CVE #(s): | CVE-2006-6175
|
| Created: | January 17, 2007 |
Updated: | March 7, 2008 |
| Description: |
Kronolith contains a mistake in lib/FBView.php where a raw, unfiltered
string is used instead of a sanitized string to view local files. An
authenticated attacker could craft an HTTP GET request that uses directory
traversal techniques to execute any file on the web server as PHP code,
which could allow information disclosure or arbitrary code execution with
the rights of the user running the PHP application (usually the webserver
user). |
| Alerts: |
|
Comments (none posted)
hplip: arbitrary command execution
| Package(s): | hplip |
CVE #(s): | CVE-2007-5208
|
| Created: | October 12, 2007 |
Updated: | January 14, 2008 |
| Description: |
Kees Cook discovered a flaw in the way the hplip hpssd daemon handled user
input. A local attacker could send a specially crafted request to the hpssd
daemon, possibly allowing them to run arbitrary commands as the root user. |
| Alerts: |
|
Comments (none posted)
htdig: cross-site scripting vulnerability
| Package(s): | htdig |
CVE #(s): | CVE-2007-6110
|
| Created: | November 29, 2007 |
Updated: | December 12, 2007 |
| Description: |
The htsearch component in htdig 3.2.0b6 is vulnerable to a cross-site scripting
attack.
Attackers can inject web scripts and HTML code using the sort parameter. |
| Alerts: |
|
Comments (none posted)
imagemagick: multiple vulnerabilities
| Package(s): | imagemagick |
CVE #(s): | CVE-2007-4985
CVE-2007-4986
CVE-2007-4987
CVE-2007-4988
|
| Created: | October 4, 2007 |
Updated: | August 11, 2009 |
| Description: |
The ImageMagick image decoders have multiple vulnerabilities.
If a user can be tricked into processing a specially crafted
DCM, DIB, XBM, XCF, or XWD image, arbitrary code may be executed with
the user's privileges. |
| Alerts: |
|
Comments (none posted)
ImageMagick: integer overflows
| Package(s): | imagemagick |
CVE #(s): | CVE-2007-1797
|
| Created: | April 4, 2007 |
Updated: | August 11, 2009 |
| Description: |
Multiple integer overflows in ImageMagick before 6.3.3-5 allow remote
attackers to execute arbitrary code via (1) a crafted DCM image, which
results in a heap-based overflow in the ReadDCMImage function, or (2) the
(a) colors or (b) comments field in a crafted XWD image, which results in a
heap-based overflow in the ReadXWDImage function, different issues than
CVE-2007-1667. |
| Alerts: |
|
Comments (none posted)
inotify-tools: arbitrary code execution
| Package(s): | inotify-tools |
CVE #(s): | CVE-2007-5037
|
| Created: | November 12, 2007 |
Updated: | December 28, 2007 |
| Description: |
From the Fedora advisory:
A vulnerability has been reported in inotify-tools, which can potentially be
exploited by malicious users to compromise an application using the library.
Successful exploitation may allow the execution of arbitrary code with
privileges of the application using the affected library.
NOTE: The programs shipped with inotify-tools are reportedly not affected.
The vulnerability is reported in versions prior to 3.11. |
| Alerts: |
|
Comments (none posted)
jasper: denial of service
| Package(s): | jasper |
CVE #(s): | CVE-2007-2721
|
| Created: | June 1, 2007 |
Updated: | April 19, 2010 |
| Description: |
The jpc_qcx_getcompparms function in jpc/jpc_cs.c could allow remote
user-assisted attackers to cause a denial of service (crash) and possibly
corrupt the heap via malformed image files. |
| Alerts: |
|
Comments (none posted)
java: multiple vulnerabilities
| Package(s): | java |
CVE #(s): | CVE-2006-4339
CVE-2006-4790
CVE-2006-6731
CVE-2006-6736
CVE-2006-6737
CVE-2006-6745
|
| Created: | January 18, 2007 |
Updated: | June 4, 2010 |
| Description: |
java has multiple vulnerabilities, these include:
an RSA exponent padding attack vulnerability, two vulnerabilities
which allow untrusted applets to access data in other applets,
vulnerabilities that involve applets gaining privileges due to
serialization bugs in the JRE and buffer overflows in the java image
handling routines that can give attackers read/write/execute capabilities
for local files. |
| Alerts: |
|
Comments (1 posted)
java-1.5.0-sun: multiple vulnerabilities
| Package(s): | java-1.5.0-sun |
CVE #(s): | CVE-2007-3503
CVE-2007-3655
CVE-2007-3698
CVE-2007-3922
|
| Created: | August 6, 2007 |
Updated: | June 24, 2008 |
| Description: |
The Javadoc tool was able to generate HTML documentation pages that
contained cross-site scripting (XSS) vulnerabilities. A remote attacker
could use this to inject arbitrary web script or HTML. (CVE-2007-3503)
The Java Web Start URL parsing component contained a buffer overflow
vulnerability within the parsing code for JNLP files. A remote attacker
could create a malicious JNLP file that could trigger this flaw and execute
arbitrary code when opened. (CVE-2007-3655)
The JSSE component did not correctly process SSL/TLS handshake requests. A
remote attacker who is able to connect to a JSSE-based service could
trigger this flaw leading to a denial-of-service. (CVE-2007-3698)
A flaw was found in the applet class loader. An untrusted applet could use
this flaw to circumvent network access restrictions, possibly connecting to
services hosted on the machine that executed the applet. (CVE-2007-3922)
|
| Alerts: |
|
Comments (none posted)
java-1.5.0-sun: multiple vulnerabilities
| Package(s): | java-1.5.0-sun |
CVE #(s): | CVE-2007-5232
CVE-2007-5238
CVE-2007-5239
CVE-2007-5240
CVE-2007-5273
CVE-2007-5274
|
| Created: | October 12, 2007 |
Updated: | April 25, 2008 |
| Description: |
Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier,
JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier,
and SDK and JRE 1.3.1_20 and earlier, when applet caching is enabled,
allows remote attackers to violate the security model for an applet's
outbound connections via a DNS rebinding attack. (CVE-2007-5232)
Java Web Start in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0
Update 12 and earlier, and SDK and JRE 1.4.2_15 and earlier does not
properly enforce access restrictions for untrusted applications, which
allows user-assisted remote attackers to obtain sensitive information (the
Java Web Start cache location) via an untrusted application, aka "three
vulnerabilities." (CVE-2007-5238)
Java Web Start in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0
Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE
1.3.1_20 and earlier does not properly enforce access restrictions for
untrusted (1) applications and (2) applets, which allows user-assisted
remote attackers to copy or rename arbitrary files when local users perform
drag-and-drop operations from the untrusted application or applet window
onto certain types of desktop applications. (CVE-2007-5239)
Visual truncation vulnerability in the Java Runtime Environment in Sun JDK
and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK
and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier allows
remote attackers to circumvent display of the untrusted-code warning banner
by creating a window larger than the workstation screen. (CVE-2007-5240)
Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier,
JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier,
and SDK and JRE 1.3.1_20 and earlier, when an HTTP proxy server is used,
allows remote attackers to violate the security model for an applet's
outbound connections via a multi-pin DNS rebinding attack in which the
applet download relies on DNS resolution on the proxy server, but the
applet's socket operations rely on DNS resolution on the local machine, a
different issue than CVE-2007-5274. NOTE: this is similar to
CVE-2007-5232. (CVE-2007-5273)
Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier,
JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier,
and SDK and JRE 1.3.1_20 and earlier, when Firefox or Opera is used, allows
remote attackers to violate the security model for JavaScript outbound
connections via a multi-pin DNS rebinding attack dependent on the
LiveConnect API, in which JavaScript download relies on DNS resolution by
the browser, but JavaScript socket operations rely on separate DNS
resolution by a Java Virtual Machine (JVM), a different issue than
CVE-2007-5273. NOTE: this is similar to CVE-2007-5232. (CVE-2007-5274) |
| Alerts: |
|
Comments (1 posted)
JRockit: multiple vulnerabilities
Comments (none posted)
kdelibs: kate backup file permission leak
| Package(s): | kdelibs kate kwrite |
CVE #(s): | CAN-2005-1920
|
| Created: | July 19, 2005 |
Updated: | September 21, 2010 |
| Description: |
Kate / Kwrite, as shipped with KDE 3.2.x up to including 3.4.0, creates a file backup before saving a modified file. These backup files are created with default permissions, even if the original file had more strict permissions set. See this advisory for more information. |
| Alerts: |
|
Comments (1 posted)
kernel: out-of-bounds access
| Package(s): | kernel |
CVE #(s): | CVE-2007-4573
|
| Created: | September 25, 2007 |
Updated: | December 6, 2010 |
| Description: |
The IA32 system call emulation functionality in Linux kernel 2.4.x and
2.6.x before 2.6.22.7, when running on the x86_64 architecture, does not
zero extend the eax register after the 32bit entry path to ptrace is used,
which might allow local users to gain privileges by triggering an
out-of-bounds access to the system call table using the %RAX register. |
| Alerts: |
|
Comments (none posted)
kernel: ALSA returns incorrect write size
| Package(s): | kernel |
CVE #(s): | CVE-2007-4571
|
| Created: | September 28, 2007 |
Updated: | June 20, 2008 |
| Description: |
The snd_mem_proc_read function in sound/core/memalloc.c in the Advanced
Linux Sound Architecture (ALSA) in the Linux kernel before 2.6.22.8 does
not return the correct write size, which allows local users to obtain
sensitive information (kernel memory contents) via a small count argument,
as demonstrated by multiple reads of /proc/driver/snd-page-alloc. |
| Alerts: |
|
Comments (none posted)
kernel: denial of service
| Package(s): | kernel |
CVE #(s): | CVE-2006-4535
CVE-2006-4538
|
| Created: | September 18, 2006 |
Updated: | January 5, 2009 |
| Description: |
Sridhar Samudrala discovered a local denial of service vulnerability
in the handling of SCTP sockets. By opening such a socket with a
special SO_LINGER value, a local attacker could exploit this to crash
the kernel. (CVE-2006-4535)
Kirill Korotaev discovered that the ELF loader on the ia64 and sparc
platforms did not sufficiently verify the memory layout. By attempting
to execute a specially crafted executable, a local user could exploit
this to crash the kernel. (CVE-2006-4538) |
| Alerts: |
|
Comments (none posted)
kernel: denial of service
| Package(s): | kernel |
CVE #(s): | CVE-2007-1861
CVE-2007-2242
|
| Created: | May 1, 2007 |
Updated: | February 8, 2008 |
| Description: |
The netlink protocol has an infinite recursion bug that allows users to
cause a kernel crash. Also the IPv6 protocol allows remote attackers to
cause a denial of service via crafted IPv6 type 0 route headers
(IPV6_RTHDR_TYPE_0) that create network amplification between two routers. |
| Alerts: |
|
Comments (none posted)
kernel: remote denial of service
| Package(s): | kernel |
CVE #(s): | CVE-2006-6058
CVE-2007-4997
|
| Created: | November 9, 2007 |
Updated: | June 13, 2008 |
| Description: |
The Minix filesystem code in Linux kernel 2.6.x up to 2.6.18, and possibly
other versions, allows local users to cause a denial of service (hang) via
a malformed minix file stream that triggers an infinite loop in the
minix_bmap function. NOTE: this issue might be due to an integer overflow
or signedness error.
Integer underflow in the ieee80211_rx function in
net/ieee80211/ieee80211_rx.c in the Linux kernel 2.6.x before 2.6.23 allows
remote attackers to cause a denial of service (crash) via a crafted SKB
length value in a runt IEEE 802.11 frame when the IEEE80211_STYPE_QOS_DATA
flag is set, aka an "off-by-two error." |
| Alerts: |
|
Comments (1 posted)
kernel: several vulnerabilities
| Package(s): | kernel |
CVE #(s): | CVE-2007-1353
CVE-2007-2451
CVE-2007-2453
|
| Created: | June 11, 2007 |
Updated: | March 6, 2008 |
| Description: |
Ilja van Sprundel discovered that Bluetooth setsockopt calls could leak
kernel memory contents via an uninitialized stack buffer. A local attacker
could exploit this flaw to view sensitive kernel information.
(CVE-2007-1353)
The GEODE-AES driver did not correctly initialize its encryption key.
Any data encrypted using this type of device would be easily compromised.
(CVE-2007-2451)
The random number generator was hashing a subset of the available
entropy, leading to slightly less random numbers. Additionally, systems
without an entropy source would be seeded with the same inputs at boot
time, leading to a repeatable series of random numbers. (CVE-2007-2453) |
| Alerts: |
|
Comments (none posted)
kernel: signal handling flaw on PPC
| Package(s): | kernel |
CVE #(s): | CVE-2007-3107
|
| Created: | July 10, 2007 |
Updated: | February 4, 2008 |
| Description: |
A flaw in the signal handling on PowerPC-based systems that allowed a
local user to cause a denial of service (floating point corruption). |
| Alerts: |
|
Comments (none posted)
kernel: several vulnerabilities
| Package(s): | kernel |
CVE #(s): | CVE-2006-5823
CVE-2006-6054
CVE-2007-1592
|
| Created: | June 12, 2007 |
Updated: | March 21, 2011 |
| Description: |
A flaw in the cramfs file system allows invalid compressed data to cause
memory corruption (CVE-2006-5823)
A flaw in the ext2 file system allows an invalid inode size to cause a
denial of service (system hang) (CVE-2006-6054)
A flaw in IPV6 flow label handling allows a local user to cause a denial of
service (crash) (CVE-2007-1592) |
| Alerts: |
|
Comments (none posted)
kernel: denial of service
| Package(s): | kernel |
CVE #(s): | CVE-2007-5500
|
| Created: | November 28, 2007 |
Updated: | July 8, 2008 |
| Description: |
The wait_task_stopped function in the Linux kernel before 2.6.23.8 checks a TASK_TRACED bit instead of an exit_state value, which allows local users to cause a denial of service (machine crash) via unspecified vectors. |
| Alerts: |
|
Comments (none posted)
kernel: denial of service
| Package(s): | kernel |
CVE #(s): | CVE-2007-5501
|
| Created: | November 28, 2007 |
Updated: | March 7, 2008 |
| Description: |
The tcp_sacktag_write_queue function in net/ipv4/tcp_input.c in Linux kernel 2.6.21 through 2.6.23.7, and 2.6.24-rc through 2.6.24-rc2, allows remote attackers to cause a denial of service (crash) via crafted ACK responses that trigger a NULL pointer dereference. |
| Alerts: |
|
Comments (none posted)
kernel: denial of service
| Package(s): | kernel |
CVE #(s): | CVE-2006-2935
CVE-2006-4145
CVE-2006-3745
|
| Created: | September 1, 2006 |
Updated: | July 30, 2008 |
| Description: |
Previous versions of the kernel package are subject to several
vulnerabilities. Certain malformed UDF filesystems can cause the system to
crash (denial of service). Malformed CDROM firmware or USB storage devices
(such as USB keys) could cause system crash (denial of service), and if
they were intentionally malformed, can cause arbitrary code to run with
elevated privileges. In addition, the SCTP protocol is subject to a remote
system crash (denial of service) attack. |
| Alerts: |
|
Comments (none posted)
kernel: several vulnerabilities
| Package(s): | kernel |
CVE #(s): | CVE-2007-2172
CVE-2007-3739
CVE-2007-4308
|
| Created: | December 3, 2007 |
Updated: | January 8, 2009 |
| Description: |
A typo in Linux kernel 2.6 before 2.6.21-rc6 and 2.4 before 2.4.35 causes
RTA_MAX to be used as an array size instead of RTN_MAX, which leads to an
"out of bound access" by the (1) dn_fib_props (dn_fib.c, DECNet) and (2)
fib_props (fib_semantics.c, IPv4) functions. (CVE-2007-2172)
mm/mmap.c in the hugetlb kernel, when run on PowerPC systems, does not
prevent stack expansion from entering into reserved kernel page memory,
which allows local users to cause a denial of service (OOPS) via
unspecified vectors. (CVE-2007-3739)
The (1) aac_cfg_open and (2) aac_compat_ioctl functions in the SCSI layer
ioctl path in aacraid in the Linux kernel before 2.6.23-rc2 do not check
permissions for ioctls, which might allow local users to cause a denial of
service or gain privileges. (CVE-2007-4308) |
| Alerts: |
|
Comments (none posted)
kernel: buffer overflows
| Package(s): | kernel |
CVE #(s): | CVE-2007-5904
|
| Created: | December 3, 2007 |
Updated: | June 20, 2008 |
| Description: |
Multiple buffer overflows in CIFS VFS in Linux kernel 2.6.23 and earlier
allows remote attackers to cause a denial of service (crash) and possibly
execute arbitrary code via long SMB responses that trigger the overflows in
the SendReceive function. |
| Alerts: |
|
Comments (none posted)
kernel: multiple vulnerabilities
| Package(s): | kernel |
CVE #(s): | CVE-2006-5749
CVE-2006-4814
CVE-2006-6106
|
| Created: | January 5, 2007 |
Updated: | January 8, 2009 |
| Description: |
A security issue has been reported in Linux kernel due to an error in
drivers/isdn/i4l/isdn_ppp.c as the "isdn_ppp_ccp_reset_alloc_state()"
function never initializes an event timer before scheduling it with the
"add_timer()" function.
The mincore function in the kernel does not properly lock access to user
space, which has unspecified impact and attack vectors, possibly related to
a deadlock.
Another vulnerability has been reported in Linux kernel caused by a
boundary error within the handling of incoming CAPI messages in
net/bluetooth/cmtp/capi.c. This can be exploited to overwrite certain
Kernel data structures. |
| Alerts: |
|
Comments (none posted)
kernel: several vulnerabilities
| Package(s): | kernel |
CVE #(s): | CVE-2007-3851
CVE-2007-3848
CVE-2007-3105
|
| Created: | August 17, 2007 |
Updated: | January 8, 2009 |
| Description: |
The drm/i915 component in the Linux kernel before 2.6.22.2, when used with
i965G and later chipsets, allows local users with access to an X11 session
and Direct Rendering Manager (DRM) to write to arbitrary memory locations
and gain privileges via a crafted batchbuffer. (CVE-2007-3851)
Linux kernel 2.4.35 and other versions allows local users to send arbitrary
signals to a child process that is running at higher privileges by causing
a setuid-root parent process to die, which delivers an attacker-controlled
parent process death signal (PR_SET_PDEATHSIG). (CVE-2007-3848)
Stack-based buffer overflow in the random number generator (RNG)
implementation in the Linux kernel before 2.6.22 might allow local root
users to cause a denial of service or gain privileges by setting the
default wakeup threshold to a value greater than the output pool size,
which triggers writing random numbers to the stack by the pool transfer
function involving "bound check ordering". NOTE: this issue might only
cross privilege boundaries in environments that have granular assignment of
privileges for root. (CVE-2007-3105) |
| Alerts: |
|
Comments (1 posted)
kernel: multiple vulnerabilities
| Package(s): | kernel |
CVE #(s): | CVE-2007-3104
CVE-2007-3740
CVE-2007-3843
CVE-2007-6063
|
| Created: | December 4, 2007 |
Updated: | January 8, 2009 |
| Description: |
The sysfs_readdir function in the Linux kernel 2.6 allows local users to
cause a denial of service (kernel OOPS) by dereferencing a null pointer to
an inode in a dentry. (CVE-2007-3104)
The CIFS filesystem, when Unix extension support is enabled, did not honor
the umask of a process, which allowed local users to gain
privileges.(CVE-2007-3740)
The Linux kernel checked the wrong global variable for the CIFS sec mount
option, which might allow remote attackers to spoof CIFS network traffic
that the client configured for security signatures, as demonstrated by lack
of signing despite sec=ntlmv2i in a SetupAndX request. (CVE-2007-3843)
Buffer overflow in the isdn_net_setcfg function in isdn_net.c in the Linux
kernel allowed local users to have an unknown impact via a crafted argument
to the isdn_ioctl function. (CVE-2007-6063) |
| Alerts: |
|
Comments (none posted)
krb5: multiple vulnerabilities
| Package(s): | krb5 |
CVE #(s): | CVE-2007-2442
CVE-2007-2443
CVE-2007-2798
|
| Created: | June 27, 2007 |
Updated: | March 24, 2008 |
| Description: |
David Coffey discovered an uninitialized pointer free flaw in the
RPC library used by kadmind. A remote unauthenticated attacker who
could access kadmind could trigger the flaw causing kadmind to crash
or possibly execute arbitrary code (CVE-2007-2442).
David Coffey also discovered an overflow flaw in the same RPC library.
A remote unauthenticated attacker who could access kadmind could
trigger the flaw causing kadmind to crash or possibly execute arbitrary
code (CVE-2007-2443).
Finally, a stack buffer overflow vulnerability was found in kadmind
that allowed an unauthenticated user able to access kadmind the
ability to trigger the vulnerability and possibly execute arbitrary
code (CVE-2007-2798). |
| Alerts: |
|
Comments (none posted)
krb5: uninitialized pointers
| Package(s): | krb5 |
CVE #(s): | CVE-2006-6143
CVE-2006-3084
|
| Created: | January 10, 2007 |
Updated: | July 7, 2010 |
| Description: |
The kdamind daemon can, in some situations, perform operations on uninitialized pointers. This bug could conceivably open up the system to a code execution attack by an unauthenticated remote attacker, but it appears to be difficult to exploit. See this advisory for details. |
| Alerts: |
|
Comments (1 posted)
krb5: local privilege escalation
| Package(s): | krb5 |
CVE #(s): | CVE-2006-3083
|
| Created: | August 9, 2006 |
Updated: | July 7, 2010 |
| Description: |
Some kerberos applications fail to check the results of setuid() calls, with the result that, if that call fails, they could continue to execute as root after thinking they had switched to a nonprivileged user. A local attacker who can cause these calls to fail (through resource exhaustion, presumably) could exploit this bug to gain root privileges. |
| Alerts: |
|
Comments (none posted)
krb5: buffer overflow, uninitialized pointer
| Package(s): | krb5 |
CVE #(s): | CVE-2007-3999
CVE-2007-4000
|
| Created: | September 4, 2007 |
Updated: | March 24, 2008 |
| Description: |
Tenable Network Security discovered a stack buffer overflow flaw in the RPC
library used by kadmind. A remote unauthenticated attacker who can access
kadmind could trigger this flaw and cause kadmind to crash.
Garrett Wollman discovered an uninitialized pointer flaw in kadmind. A
remote unauthenticated attacker who can access kadmind could trigger this
flaw and cause kadmind to crash. |
| Alerts: |
|
Comments (none posted)
krb5: multiple vulnerabilities
| Package(s): | krb5 |
CVE #(s): | CVE-2007-0956
CVE-2007-0957
CVE-2007-1216
|
| Created: | April 3, 2007 |
Updated: | March 24, 2008 |
| Description: |
A flaw was found in the username handling of the MIT krb5 telnet daemon
(telnetd). A remote attacker who can access the telnet port of a target
machine could log in as root without requiring a password. MIT krb5 Security Advisory 2007-001
Buffer overflows were found which affect the Kerberos KDC and the kadmin
server daemon. A remote attacker who can access the KDC could exploit this
bug to run arbitrary code with the privileges of the KDC or kadmin server
processes. MIT krb5 Security Advisory
2007-002
A double-free flaw was found in the GSSAPI library used by the kadmin
server daemon. MIT krb5 Security Advisory
2007-003 |
| Alerts: |
|
Comments (none posted)
kvirc: remote arbitrary code execution
| Package(s): | kvirc |
CVE #(s): | CVE-2007-2951
|
| Created: | September 14, 2007 |
Updated: | February 27, 2008 |
| Description: |
Stefan Cornelius from Secunia Research discovered that the
"parseIrcUrl()" function in file src/kvirc/kernel/kvi_ircurl.cpp does
not properly sanitize parts of the URI when building the command for
KVIrc's internal script system. |
| Alerts: |
|
Comments (none posted)
lcms: stack-based buffer overflow
| Package(s): | lcms |
CVE #(s): | CVE-2007-2741
|
| Created: | November 23, 2007 |
Updated: | October 14, 2008 |
| Description: |
Stack-based buffer overflow in Little CMS (lmcs) before 1.15 allows remote
attackers to execute arbitrary code or cause a denial of service
(application crash) via a crafted ICC profile in a JPG file. |
| Alerts: |
|
Comments (none posted)
lftp: shell command execution
| Package(s): | lftp |
CVE #(s): | CVE-2007-2348
|
| Created: | May 4, 2007 |
Updated: | September 16, 2009 |
| Description: |
mirror --script in lftp before 3.5.9 does not properly quote shell
metacharacters, which might allow remote user-assisted attackers to execute
shell commands via a malicious script. NOTE: it is not clear whether this
issue crosses security boundaries, since the script already supports
commands such as "get" which could overwrite executable files. |
| Alerts: |
|
Comments (none posted)
libarchive: pax extension header vulnerabilities
| Package(s): | libarchive |
CVE #(s): | CVE-2007-3641
CVE-2007-3644
CVE-2007-3645
|
| Created: | August 9, 2007 |
Updated: | February 27, 2008 |
| Description: |
libarchive, a library for manipulating different streaming archive
formats, has a number of pax extension header vulnerabilities.
These may be used to cause a denial of service or for the execution
of arbitrary code. |
| Alerts: |
|
Comments (none posted)
libexif: integer overflow
| Package(s): | libexif |
CVE #(s): | CVE-2007-2645
|
| Created: | June 1, 2007 |
Updated: | February 11, 2008 |
| Description: |
Integer overflow in the exif_data_load_data_entry function in exif-data.c
in libexif before 0.6.14 allows user-assisted remote attackers to cause a
denial of service (crash) or possibly execute arbitrary code via crafted
EXIF data, involving the (1) doff or (2) s variable. |
| Alerts: |
|
Comments (none posted)
libmodplug: boundary errors
| Package(s): | libmodplug |
CVE #(s): | CVE-2006-4192
|
| Created: | December 11, 2006 |
Updated: | May 4, 2011 |
| Description: |
Luigi Auriemma has reported various boundary errors in load_it.cpp and
a boundary error in the "CSoundFile::ReadSample()" function in
sndfile.cpp. A remote attacker can entice a user to read crafted modules
or ITP files, which may trigger a buffer overflow resulting in the
execution of arbitrary code with the privileges of the user running the
application. |
| Alerts: |
|
Comments (none posted)
libnfsidmap: possible privilege escalation
| Package(s): | libnfsidmap |
CVE #(s): | CVE-2007-4135
|
| Created: | December 7, 2007 |
Updated: | December 12, 2007 |
| Description: |
The NFSv4 ID mapper (nfsidmap) before 0.17 does not properly handle return values from the getpwnam_r function when performing a username lookup, which can cause it to report a file as being owned by "root" instead of "nobody" if the file exists on the server but not on the client. |
| Alerts: |
|
Comments (none posted)
libphp-phpmailer: command execution
| Package(s): | libphp-phpmailer |
CVE #(s): | CVE-2007-3215
|
| Created: | June 20, 2007 |
Updated: | June 25, 2009 |
| Description: |
libphp-phpmailer does not do sufficient input validation, enabling shell command injection attacks. |
| Alerts: |
|
Comments (none posted)
libpng: several vulnerabilities
| Package(s): | libpng |
CVE #(s): | CVE-2007-5266
CVE-2007-5267
CVE-2007-5268
CVE-2007-5269
|
| Created: | October 19, 2007 |
Updated: | March 23, 2009 |
| Description: |
Certain chunk handlers in libpng before 1.0.29 and 1.2.x before 1.2.21
allow remote attackers to cause a denial of service (crash) via crafted (1)
pCAL (png_handle_pCAL), (2) sCAL (png_handle_sCAL), (3) tEXt
(png_push_read_tEXt), (4) iTXt (png_handle_iTXt), and (5) ztXT
(png_handle_ztXt) chunking in PNG images, which trigger out-of-bounds read
operations. (CVE-2007-5269)
pngrtran.c in libpng before 1.0.29 and 1.2.x before 1.2.21 use (1) logical
instead of bitwise operations and (2) incorrect comparisons, which might
allow remote attackers to cause a denial of service (crash) via a crafted
PNG image. (CVE-2007-5268)
Off-by-one error in ICC profile chunk handling in the png_set_iCCP function
in pngset.c in libpng before 1.2.22 beta1 allows remote attackers to cause
a denial of service (crash) via a crafted PNG image, due to an incorrect
fix for CVE-2007-5266. (CVE-2007-5267)
Off-by-one error in ICC profile chunk handling in the png_set_iCCP function
in pngset.c in libpng before 1.0.29 beta1 and 1.2.x before 1.2.21 beta1
allows remote attackers to cause a denial of service (crash) via a crafted
PNG image that prevents a name field from being NULL terminated.
(CVE-2007-5266) |
| Alerts: |
|
Comments (none posted)
libpng: denial of service
| Package(s): | libpng |
CVE #(s): | CVE-2007-2445
|
| Created: | May 17, 2007 |
Updated: | March 23, 2009 |
| Description: |
Libpng can be crashed when processing malformed PNG files.
It may also be possible to exploit this vulnerability to execute arbitrary
code. |
| Alerts: |
|
Comments (none posted)
libpng: buffer overflow
| Package(s): | libpng |
CVE #(s): | CVE-2006-3334
|
| Created: | July 19, 2006 |
Updated: | December 15, 2008 |
| Description: |
In pngrutil.c, the function png_decompress_chunk() allocates
insufficient space for an error message, potentially overwriting stack
data, leading to a buffer overflow. |
| Alerts: |
|
Comments (none posted)
libpng: heap based buffer overflow
| Package(s): | libpng |
CVE #(s): | CVE-2006-0481
|
| Created: | February 13, 2006 |
Updated: | December 15, 2008 |
| Description: |
A heap based buffer overflow bug was found in the way libpng strips alpha
channels from a PNG image. An attacker could create a carefully crafted PNG
image file in such a way that it could cause an application linked with
libpng to crash or execute arbitrary code when the file is opened by a
victim. |
| Alerts: |
|
Comments (1 posted)
libsndfile: heap-based buffer overflow
| Package(s): | libsndfile |
CVE #(s): | CVE-2007-4974
|
| Created: | September 25, 2007 |
Updated: | January 9, 2008 |
| Description: |
Heap-based buffer overflow in libsndfile 1.0.17 and earlier might allow
remote attackers to execute arbitrary code via a FLAC file with crafted PCM
data containing a block with a size that exceeds the previous block size. |
| Alerts: |
|
Comments (none posted)
libtiff: buffer overflow
| Package(s): | libtiff |
CVE #(s): | CVE-2006-2193
|
| Created: | June 15, 2006 |
Updated: | September 1, 2008 |
| Description: |
The t2p_write_pdf_string function in libtiff 3.8.2 and earlier is vulnerable
to a buffer overflow. Attackers can use a TIFF file with UTF-8 characters
in the DocumentName tag to overflow a buffer, causing a denial of service,
and possibly the execution of arbitrary code. |
| Alerts: |
|
Comments (none posted)
libvorbis: multiple memory corruption flaws
| Package(s): | libvorbis |
CVE #(s): | CVE-2007-3106
CVE-2007-4029
|
| Created: | July 27, 2007 |
Updated: | January 22, 2008 |
| Description: |
This iSEC Partners security advisory has
details on multiple memory corruption flaws in libvorbis. |
| Alerts: |
|
Comments (none posted)
libvorbis: multiple vulnerabilities
| Package(s): | libvorbis |
CVE #(s): | CVE-2007-4065
CVE-2007-4066
|
| Created: | October 11, 2007 |
Updated: | January 22, 2008 |
| Description: |
libvorbis has a number of vulnerabilities that can be triggered by
opening a specially crafted Ogg file. Vulnerabilities include
crashing and the execution of arbitrary code. |
| Alerts: |
|
Comments (1 posted)
libxml2 - arbitrary code execution
| Package(s): | libxml2 |
CVE #(s): | CAN-2004-0110
|
| Created: | February 26, 2004 |
Updated: | August 19, 2009 |
| Description: |
Yuuichi Teranishi discovered a flaw in libxml2 versions prior to 2.6.6.
When fetching a remote resource via FTP or HTTP, libxml2 uses special
parsing routines. These routines can overflow a buffer if passed a very
long URL. If an attacker is able to find an application using libxml2 that
parses remote resources and allows them to influence the URL, then this
flaw could be used to execute arbitrary code. |
| Alerts: |
|
Comments (none posted)
libxml2: multiple buffer overflows
| Package(s): | libxml2 |
CVE #(s): | CAN-2004-0989
|
| Created: | October 28, 2004 |
Updated: | August 19, 2009 |
| Description: |
libxml2 prior to version 2.6.14 has multiple buffer overflow
vulnerabilities, if a local user passes a specially crafted
FTP URL, arbitrary code may be executed. |
| Alerts: |
|
Comments (none posted)
liferea: weak permissions
| Package(s): | liferea |
CVE #(s): | CVE-2007-5751
|
| Created: | November 2, 2007 |
Updated: | December 22, 2008 |
| Description: |
Liferea before 1.4.6 uses weak permissions (0644) for the feedlist.opml backup file, which allows local users to obtain credentials. |
| Alerts: |
|
Comments (1 posted)
lighttpd: denial of service
| Package(s): | lighttpd |
CVE #(s): | CVE-2007-3946
CVE-2007-3947
CVE-2007-3948
CVE-2007-3949
CVE-2007-3950
|
| Created: | July 19, 2007 |
Updated: | July 15, 2008 |
| Description: |
The lighttpd web server has multiple vulnerabilities involving
a remote access-control setting circumvention that is performed
by the sending of malformed requests. This can be used to crash
the server and cause a denial of service. |
| Alerts: |
|
Comments (none posted)
link-grammar: stack-based buffer overflow
| Package(s): | link-grammar |
CVE #(s): | CVE-2007-5395
|
| Created: | November 13, 2007 |
Updated: | December 17, 2007 |
| Description: |
Stack-based buffer overflow in the separate_word function in tokenize.c in
Link Grammar 4.1b and possibly other versions, as used in AbiWord Link
Grammar 4.2.4, allows remote attackers to execute arbitrary code via a long
word, as reachable through the separate_sentence function. |
| Alerts: |
|
Comments (none posted)
vmware-player-kernel: several vulnerabilities
| Package(s): | linux-restricted-modules-2.6.17/20, vmware-player-kernel-2.6.15 |
CVE #(s): | CVE-2007-0061
CVE-2007-0062
CVE-2007-0063
CVE-2007-4496
CVE-2007-4497
|
| Created: | November 16, 2007 |
Updated: | March 13, 2009 |
| Description: |
Neel Mehta and Ryan Smith discovered that the VMWare Player DHCP server
did not correctly handle certain packet structures. Remote attackers
could send specially crafted packets and gain root privileges.
(CVE-2007-0061, CVE-2007-0062, CVE-2007-0063)
Rafal Wojtczvk discovered multiple memory corruption issues in VMWare
Player. Attackers with administrative privileges in a guest operating
system could cause a denial of service or possibly execute arbitrary
code on the host operating system. (CVE-2007-4496, CVE-2007-4497)
|
| Alerts: |
|
Comments (none posted)
lynx: arbitrary command execution
| Package(s): | lynx |
CVE #(s): | CVE-2005-2929
|
| Created: | November 14, 2005 |
Updated: | September 14, 2009 |
| Description: |
An arbitrary command execute bug was found in the lynx "lynxcgi:" URI
handler. An attacker could create a web page redirecting to a malicious URL
which could execute arbitrary code as the user running lynx. |
| Alerts: |
|
Comments (none posted)
madwifi: denial of service
| Package(s): | madwifi |
CVE #(s): | CVE-2007-5448
|
| Created: | November 8, 2007 |
Updated: | January 11, 2008 |
| Description: |
The MadWifi driver for Atheros Wireless Lan cards
does not process beacon frames correctly. This can be
used by a remote attacker to cause a denial of service. |
| Alerts: |
|
Comments (none posted)
mapserver: multiple cross-site scripting vulnerabilities
| Package(s): | mapserver |
CVE #(s): | CVE-2007-4542
CVE-2007-4629
|
| Created: | September 5, 2007 |
Updated: | April 7, 2008 |
| Description: |
CVE-2007-4542: Multiple cross-site scripting (XSS) vulnerabilities in MapServer before 4.10.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving the (1) processLine function in maptemplate.c and the (2) writeError function in mapserv.c in the mapserv CGI program.
CVE-2007-4629: Buffer overflow in the processLine function in maptemplate.c in MapServer before 4.10.3 allows attackers to cause a denial of service and possibly execute arbitrary code via a mapfile with a long layer name, group name, or metadata entry name. |
| Alerts: |
|
Comments (none posted)
mod_jk: proxy bypass
| Package(s): | mod_jk |
CVE #(s): | CVE-2007-1860
|
| Created: | May 30, 2007 |
Updated: | March 7, 2008 |
| Description: |
From the Red Hat advisory: "Versions of mod_jk before 1.2.23 decoded request URLs by default inside
Apache httpd and forwarded the encoded URL to Tomcat, which itself did a
second decoding. If Tomcat was used behind mod_jk and configured to only
proxy some contexts, an attacker could construct a carefully crafted HTTP
request to work around the context restriction and potentially access
non-proxied content." |
| Alerts: |
|
Comments (none posted)
moin: arbitrary JavaScript execution
| Package(s): | moin |
CVE #(s): | CVE-2007-2423
|
| Created: | May 8, 2007 |
Updated: | March 10, 2008 |
| Description: |
A flaw was discovered in MoinMoin's error reporting when using the
AttachFile action. By tricking a user into viewing a crafted MoinMoin
URL, an attacker could execute arbitrary JavaScript as the current
MoinMoin user, possibly exposing the user's authentication information
for the domain where MoinMoin was hosted. |
| Alerts: |
|
Comments (none posted)
mono: arbitrary code execution via integer overflow
| Package(s): | mono |
CVE #(s): | CVE-2007-5197
|
| Created: | November 6, 2007 |
Updated: | December 7, 2009 |
| Description: |
From the Debian advisory: An integer overflow in the BigInteger data type implementation has been
discovered in the free .NET runtime Mono.
|
| Alerts: |
|
Comments (none posted)
moodle: cross-site scripting
| Package(s): | moodle |
CVE #(s): | CVE-2007-3555
|
| Created: | August 7, 2007 |
Updated: | December 22, 2008 |
| Description: |
A cross-site scripting (XSS) vulnerability in index.php in Moodle 1.7.1
allows remote attackers to inject arbitrary web script or HTML via a style
expression in the search parameter. |
| Alerts: |
|
Comments (none posted)
mplayer: buffer overflow
| Package(s): | mplayer |
CVE #(s): | CVE-2007-1246
|
| Created: | March 8, 2007 |
Updated: | April 1, 2008 |
| Description: |
MPlayer versions up to 1.0rc1 have a buffer overflow in the
loader/dmo/DMO_VideoDecoder.c DMO_VideoDecoder_Open function.
user-assisted remote attackers can use this to create a buffer overflow
and possibly execute arbitrary code. |
| Alerts: |
|
Comments (none posted)
mydns: buffer overflows
| Package(s): | mydns |
CVE #(s): | CVE-2007-2362
|
| Created: | May 23, 2007 |
Updated: | December 17, 2007 |
| Description: |
Multiple buffer overflows in MyDNS allow remote attackers to cause a denial of
service (daemon crash) and possibly execution of arbitrary code. |
| Alerts: |
|
Comments (none posted)
MySQL: denial of service
| Package(s): | mysql |
CVE #(s): | CVE-2007-5925
|
| Created: | November 19, 2007 |
Updated: | February 8, 2008 |
| Description: |
From the CVE entry:
The convert_search_mode_to_innobase function in ha_innodb.cc in the InnoDB engine in MySQL 5.1.23-BK and earlier allows remote authenticated users to cause a denial of service (database crash) via a certain CONTAINS operation on an indexed column, which triggers an assertion error. |
| Alerts: |
|
Comments (none posted)
mysql: denial of service
| Package(s): | mysql |
CVE #(s): | CVE-2007-1420
|
| Created: | March 22, 2007 |
Updated: | May 21, 2008 |
| Description: |
MySQL subselect queries using "ORDER BY" can be used by an attacker with
access to a MySQL instance in order to create an intermittent denial
of service. |
| Alerts: |
|
Comments (none posted)
mysql: format string bug
| Package(s): | mysql |
CVE #(s): | CVE-2006-3469
|
| Created: | July 21, 2006 |
Updated: | July 30, 2008 |
| Description: |
Jean-David Maillefer discovered a format string bug in the
date_format() function's error reporting. By calling the function with
invalid arguments, an authenticated user could exploit this to crash
the server. |
| Alerts: |
|
Comments (none posted)
MySQL: privilege violations
| Package(s): | mysql |
CVE #(s): | CVE-2006-4031
CVE-2006-4226
|
| Created: | August 25, 2006 |
Updated: | July 30, 2008 |
| Description: |
MySQL 4.1 before 4.1.21 and 5.0 before 5.0.24 allows a local user to access
a table through a previously created MERGE table, even after the user's
privileges are revoked for the original table, which might violate intended
security policy (CVE-2006-4031).
MySQL 4.1 before 4.1.21, 5.0 before 5.0.25, and 5.1 before 5.1.12, when run
on case-sensitive filesystems, allows remote authenticated users to create
or access a database when the database name differs only in case from a
database for which they have permissions (CVE-2006-4226). |
| Alerts: |
|
Comments (none posted)
MySQL: logging bypass
| Package(s): | mysql |
CVE #(s): | CVE-2006-0903
|
| Created: | April 4, 2006 |
Updated: | May 21, 2008 |
| Description: |
MySQL 5.0.18 and earlier allows local users to bypass logging mechanisms
via SQL queries that contain the NULL character, which are not properly
handled by the mysql_real_query function. NOTE: this issue was originally
reported for the mysql_query function, but the vendor states that since
mysql_query expects a null character, this is not an issue for mysql_query. |
| Alerts: |
|
Comments (2 posted)
MySQL: privilege escalation
| Package(s): | MySQL |
CVE #(s): | CVE-2007-3781
CVE-2007-5969
|
| Created: | December 11, 2007 |
Updated: | May 21, 2008 |
| Description: |
MySQL Community Server before 5.0.51, when a table relies on symlinks created through explicit DATA DIRECTORY and INDEX DIRECTORY options, allows remote authenticated users to overwrite system table information and gain privileges via a RENAME TABLE statement that changes the symlink to point to an existing file. (CVE-2007-5969)
MySQL Community Server before 5.0.45 does not require privileges such as SELECT for the source table in a CREATE TABLE LIKE statement, which allows remote authenticated users to obtain sensitive information such as the table structure. (CVE-2007-3781) |
| Alerts: |
|
Comments (none posted)
mysql-dfsg: multiple vulnerabilities
| Package(s): | mysql-dfsg |
CVE #(s): | CVE-2007-2583
CVE-2007-2691
CVE-2007-2692
CVE-2007-3782
|
| Created: | November 27, 2007 |
Updated: | July 30, 2008 |
| Description: |
The in_decimal::set function in item_cmpfunc.cc in MySQL before 5.0.40, and
5.1 before 5.1.18-beta, allows context-dependent attackers to cause a
denial of service (crash) via a crafted IF clause that results in a
divide-by-zero error and a NULL pointer dereference. (CVE-2007-2583)
MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 does not
require the DROP privilege for RENAME TABLE statements, which allows remote
authenticated users to rename arbitrary tables. (CVE-2007-2691)
The mysql_change_db function in MySQL 5.0.x before 5.0.40 and 5.1.x before
5.1.18 does not restore THD::db_access privileges when returning from SQL
SECURITY INVOKER stored routines, which allows remote authenticated users
to gain privileges. (CVE-2007-2692)
MySQL Community Server before 5.0.45 allows remote authenticated users to
gain update privileges for a table in another database via a view that
refers to this external table. (CVE-2007-3782) |
| Alerts: |
|
Comments (none posted)
nagios: cross-site scripting
| Package(s): | nagios |
CVE #(s): | CVE-2007-5624
|
| Created: | December 7, 2007 |
Updated: | September 14, 2009 |
| Description: |
Cross-site scripting (XSS) vulnerability in Nagios 2.x before 2.10 allows remote attackers to inject arbitrary web script or HTML via unknown vectors to unspecified CGI scripts. |
| Alerts: |
|
Comments (none posted)
nagios-plugins: buffer overflow
| Package(s): | nagios-plugins |
CVE #(s): | CVE-2007-5198
|
| Created: | October 23, 2007 |
Updated: | April 17, 2008 |
| Description: |
Buffer overflow in the redir function in check_http.c in Nagios Plugins
before 1.4.10 allows remote web servers to execute arbitrary code via long
Location header responses (redirects). |
| Alerts: |
|
Comments (none posted)
nagios-plugins: check_snmp buffer overflow
| Package(s): | nagios-plugins |
CVE #(s): | CVE-2007-5623
|
| Created: | November 2, 2007 |
Updated: | April 17, 2008 |
| Description: |
Buffer overflow in the check_snmp function in Nagios Plugins (nagios-plugins) 1.4.10 allows remote attackers to cause a denial of service (crash) via crafted snmpget replies. |
| Alerts: |
|
Comments (none posted)
nbd: arbitrary code execution
| Package(s): | nbd |
CVE #(s): | CVE-2005-3534
|
| Created: | January 6, 2006 |
Updated: | March 7, 2011 |
| Description: |
Kurt Fitzner discovered that the NBD (network block device) server did not
correctly verify the maximum size of request packets. By sending specially
crafted large request packets, a remote attacker who is allowed to access
the server could exploit this to execute arbitrary code with root
privileges. |
| Alerts: |
|
Comments (none posted)
net-snmp: denial of service
| Package(s): | net-snmp |
CVE #(s): | CVE-2007-5846
|
| Created: | November 16, 2007 |
Updated: | February 7, 2008 |
| Description: |
A flaw was discovered in the way net-snmp handled certain requests. A
remote attacker who can connect to the snmpd UDP port (161 by default)
could send a malicious packet causing snmpd to crash, resulting in a
denial of service. |
| Alerts: |
|
Comments (none posted)
nginx: cross site scripting
| Package(s): | nginx |
CVE #(s): | |
| Created: | July 20, 2007 |
Updated: | September 14, 2009 |
| Description: |
Nginx [engine x] is an HTTP(S) server, HTTP(S) reverse proxy and IMAP/POP3
proxy server written by Igor Sysoev. The "msie_refresh" directive could
allow cross site scripting. |
| Alerts: |
|
Comments (none posted)
nss_ldap: credential or other information disclosure
| Package(s): | nss_ldap |
CVE #(s): | CVE-2007-5794
|
| Created: | November 26, 2007 |
Updated: | July 30, 2008 |
| Description: |
From the Gentoo advisory:
Josh Burley reported that nss_ldap does not properly handle the LDAP
connections due to a race condition that can be triggered by
multi-threaded applications using nss_ldap, which might lead to
requested data being returned to a wrong process.
|
| Alerts: |
|
Comments (none posted)
opal: denial of service
| Package(s): | opal |
CVE #(s): | CVE-2007-4924
|
| Created: | October 8, 2007 |
Updated: | January 9, 2008 |
| Description: |
From the Red Hat advisory: A flaw was discovered in the way opal handled certain Session Initiation
Protocol (SIP) packets. An attacker could use this flaw to crash an
application, such as Ekiga, which is linked with opal. (CVE-2007-4924) |
| Alerts: |
|
Comments (none posted)
openldap: denial of service
| Package(s): | openldap |
CVE #(s): | CVE-2007-5707
|
| Created: | November 8, 2007 |
Updated: | April 9, 2008 |
| Description: |
The OpenLDAP Lightweight Directory Access Protocol suite has a problem
with handling of malformed objectClasses LDAP attributes by the slapd
daemon. Both local and remote attackers can use this to crash slapd,
causing a denial of service. |
| Alerts: |
|
Comments (none posted)
openldap: denial of service
| Package(s): | openldap |
CVE #(s): | CVE-2007-5708
|
| Created: | November 23, 2007 |
Updated: | April 9, 2008 |
| Description: |
slapo-pcache (overlays/pcache.c) in slapd in OpenLDAP before 2.3.39, when
running as a proxy-caching server, allocates memory using a malloc variant
instead of calloc, which prevents an array from being initialized properly
and might allow attackers to cause a denial of service (segmentation fault)
via unknown vectors that prevent the array from being null terminated. |
| Alerts: |
|
Comments (none posted)
OpenOffice.org: arbitrary code execution
| Package(s): | openoffice.org |
CVE #(s): | CVE-2007-0245
|
| Created: | June 13, 2007 |
Updated: | June 12, 2008 |
| Description: |
A specially crafted RTF file could cause the
filter to overwrite data on the heap, which may lead to the execution
of arbitrary code. |
| Alerts: |
|
Comments (none posted)
openoffice.org: arbitrary code execution via TIFF images
| Package(s): | openoffice.org |
CVE #(s): | CVE-2007-2834
|
| Created: | September 17, 2007 |
Updated: | June 12, 2008 |
| Description: |
A heap overflow vulnerability has been discovered in the TIFF parsing
code of the OpenOffice.org suite. The parser uses untrusted values
from the TIFF file to calculate the number of bytes of memory to
allocate. A specially crafted TIFF image could trigger an integer
overflow and subsequently a buffer overflow that could cause the
execution of arbitrary code. |
| Alerts: |
|
Comments (none posted)
openoffice.org: arbitrary code execution
| Package(s): | openoffice.org |
CVE #(s): | CVE-2007-4575
|
| Created: | December 5, 2007 |
Updated: | September 10, 2008 |
| Description: |
From the OpenOffice advisory:
A security vulnerability in HSQLDB, the default database engine shipped with OpenOffice.org 2 (all versions), may allow attackers to execute arbitrary static Java code, by manipulating database documents to be opened by a user. |
| Alerts: |
|
Comments (none posted)
openssh: remote denial of service
| Package(s): | openssh |
CVE #(s): | CVE-2006-4924
CVE-2006-5051
|
| Created: | September 27, 2006 |
Updated: | September 17, 2008 |
| Description: |
Openssh 4.4 fixes some
security issues, including a pre-authentication denial of service, an
unsafe signal hander and on portable OpenSSH a GSSAPI authentication abort
could be used to determine the validity of usernames on some platforms. |
| Alerts: |
|
Comments (none posted)
openssl: off-by-one error
| Package(s): | openssl |
CVE #(s): | CVE-2007-4995
|
| Created: | October 23, 2007 |
Updated: | May 13, 2008 |
| Description: |
Off-by-one error in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8f
and 0.9.7 allows remote attackers to execute arbitrary code via unspecified
vectors. |
| Alerts: |
|
Comments (none posted)
openssl: off-by-one error
| Package(s): | openssl |
CVE #(s): | CVE-2007-5135
|
| Created: | October 3, 2007 |
Updated: | July 31, 2008 |
| Description: |
From the Debian advisory: An off-by-one error has been identified in the SSL_get_shared_ciphers()
routine in the libssl library from OpenSSL, an implementation of Secure
Socket Layer cryptographic libraries and utilities. This error could
allow an attacker to crash an application making use of OpenSSL's libssl
library, or potentially execute arbitrary code in the security context
of the user running such an application. |
| Alerts: |
|
Comments (none posted)
openssl: private key attack
| Package(s): | openssl |
CVE #(s): | CVE-2007-3108
|
| Created: | August 7, 2007 |
Updated: | May 13, 2008 |
| Description: |
OpenSSL could allow a local user in certain circumstances to divulge
information about private keys being used. |
| Alerts: |
|
Comments (none posted)
opera: multiple vulnerabilities
| Package(s): | opera |
CVE #(s): | CVE-2007-4367
CVE-2007-3929
CVE-2007-3142
CVE-2007-3819
|
| Created: | August 23, 2007 |
Updated: | February 27, 2008 |
| Description: |
The Opera browser has multiple vulnerabilities.
The JavaScript engine is vulnerable to a virtual function call on an invalid pointer that can be triggered by specially crafted JavaScript.
A freed pointer in the BitTorrent support may be
accessed, this can be used for malicious code execution.
The browser is vulnerable to several memory read protection
errors. There are URI display errors that can be used to trick
users into visiting arbitrary web sites. |
| Alerts: |
|
Comments (none posted)
pcre: CVE consolidation
| Package(s): | pcre |
CVE #(s): | CVE-2005-4872
CVE-2006-7227
CVE-2006-7224
|
| Created: | November 15, 2007 |
Updated: | May 13, 2008 |
| Description: |
PCRE has flaws in the way it handles malformed regular
expressions.
If an application linked against PCRE, such as Konqueror,
encounters a maliciously created regular expression, it may be possible
to run arbitrary code. Vulnerabilities CVE-2005-4872 and CVE-2006-7227
have been combined into CVE-2006-7224. |
| Alerts: |
|
Comments (5 posted)
pcre: two arbitrary code execution vulnerabilities
| Package(s): | pcre |
CVE #(s): | CVE-2007-1659
CVE-2007-1660
|
| Created: | November 6, 2007 |
Updated: | July 16, 2008 |
| Description: |
Multiple flaws were found in the way pcre handles certain malformed regular
expressions. If an application linked against pcre, such as Konqueror,
parses a malicious regular expression, it may be possible to run arbitrary
code as the user running the application. (CVE-2007-1659, CVE-2007-1660) |
| Alerts: |
|
Comments (none posted)
pcre: buffer overflows in library
| Package(s): | pcre |
CVE #(s): | CVE-2006-7228
CVE-2006-7230
CVE-2007-1661
CVE-2007-4766
CVE-2007-4767
|
| Created: | November 23, 2007 |
Updated: | July 16, 2008 |
| Description: |
Specially crafted regular expressions could lead to buffer overflows in the pcre library. Applications using pcre to process regular expressions from untrusted sources could therefore potentially be exploited by attackers to execute arbitrary code as the user running the application. |
| Alerts: |
|
Comments (1 posted)
pcre: buffer overflows
| Package(s): | pcre3 |
CVE #(s): | CVE-2007-1662
CVE-2007-4768
|
| Created: | November 27, 2007 |
Updated: | May 7, 2008 |
| Description: |
Perl-Compatible Regular Expression (PCRE) library before 7.3 reads past the
end of the string when searching for unmatched brackets and parentheses,
which allows context-dependent attackers to cause a denial of service
(crash), possibly involving forward references. (CVE-2007-1662)
Heap-based buffer overflow in Perl-Compatible Regular Expression (PCRE)
library before 7.3 allows context-dependent attackers to execute arbitrary
code via a singleton Unicode sequence in a character class in a regex
pattern, which is incorrectly optimized. (CVE-2007-4768) |
| Alerts: |
|
Comments (none posted)
perl-Net-DNS: predictable id sequence
| Package(s): | perl-Net-DNS |
CVE #(s): | CVE-2007-3377
|
| Created: | June 26, 2007 |
Updated: | March 12, 2008 |
| Description: |
Net::DNS before 0.60 uses an id sequence that is predictable and the same
in all child processes. |
| Alerts: |
|
Comments (none posted)
php: several vulnerabilities
| Package(s): | php |
CVE #(s): | CVE-2006-4481
CVE-2006-4484
CVE-2006-4485
|
| Created: | September 8, 2006 |
Updated: | June 13, 2008 |
| Description: |
The file_exists and imap_reopen functions in PHP before 5.1.5 do not check
for the safe_mode and open_basedir settings, which allows local users to
bypass the settings (CVE-2006-4481).
A buffer overflow in the LWZReadByte function in ext/gd/libgd/gd_gif_in.c
in the GD extension in PHP before 5.1.5 allows remote attackers to have an
unknown impact via a GIF file with input_code_size greater than
MAX_LWZ_BITS, which triggers an overflow when initializing the table array
(CVE-2006-4484).
The stripos function in PHP before 5.1.5 has unknown impact and attack
vectors related to an out-of-bounds read (CVE-2006-4485). |
| Alerts: |
|
Comments (1 posted)
php: multiple vulnerabilities
| Package(s): | php |
CVE #(s): | CVE-2007-2872
CVE-2007-2756
|
| Created: | June 1, 2007 |
Updated: | January 29, 2008 |
| Description: |
According to a vendor release announcement multiple
security enhancements and fixes were fixed in version 5.2.3 of the
programming language PHP. |
| Alerts: |
|
Comments (none posted)
php: multiple vulnerabilities
| Package(s): | php |
CVE #(s): | CVE-2007-3799
CVE-2007-3998
CVE-2007-4659
CVE-2007-4658
CVE-2007-4670
CVE-2007-4661
|
| Created: | October 23, 2007 |
Updated: | May 19, 2008 |
| Description: |
From the Red Hat advisory:
Various integer overflow flaws were found in the PHP gd extension. A
script that could be forced to resize images from an untrusted source could
possibly allow a remote attacker to execute arbitrary code as the apache
user. (CVE-2007-3996)
A previous security update introduced a bug into PHP session cookie
handling. This could allow an attacker to stop a victim from viewing a
vulnerable web site if the victim has first visited a malicious web page
under the control of the attacker, and that page can set a cookie for the
vulnerable web site. (CVE-2007-4670)
A flaw was found in the PHP money_format function. If a remote attacker
was able to pass arbitrary data to the money_format function this could
possibly result in an information leak or denial of service. Note that is
is unusual for a PHP script to pass user-supplied data to the money_format
function. (CVE-2007-4658)
A flaw was found in the PHP wordwrap function. If a remote attacker was
able to pass arbitrary data to the wordwrap function this could possibly
result in a denial of service. (CVE-2007-3998)
A bug was found in PHP session cookie handling. This could allow an
attacker to create a cross-site cookie insertion attack if a victim follows
an untrusted carefully-crafted URL. (CVE-2007-3799)
A flaw was found in handling of dynamic changes to global variables. A
script which used certain functions which change global variables could
be forced to enable the register_globals configuration option, possibly
resulting in global variable injection. (CVE-2007-4659)
An integer overflow flaw was found in the PHP chunk_split function. If a
remote attacker was able to pass arbitrary data to the third argument of
chunk_split they could possibly execute arbitrary code as the apache user.
Note that it is unusual for a PHP script to use the chunk_split function
with a user-supplied third argument. (CVE-2007-4661) |
| Alerts: |
|
Comments (none posted)
php: buffer overflows
| Package(s): | php |
CVE #(s): | CVE-2006-5465
|
| Created: | November 3, 2006 |
Updated: | January 18, 2010 |
| Description: |
The Hardened-PHP Project discovered buffer overflows in
htmlentities/htmlspecialchars internal routines to the PHP Project. Of
course the whole purpose of these functions is to be filled with user
input. (The overflow can only be when UTF-8 is used) |
| Alerts: |
|
Comments (none posted)
php5: multiple vulnerabilities
| Package(s): | php5 |
CVE #(s): | CVE-2007-4657
CVE-2007-4660
CVE-2007-4662
|
| Created: | November 30, 2007 |
Updated: | July 4, 2008 |
| Description: |
Multiple integer overflows in PHP 4 before 4.4.8, and PHP 5 before 5.2.4,
allow remote attackers to obtain sensitive information (memory contents) or
cause a denial of service (thread crash) via a large len value to the (1)
strspn or (2) strcspn function, which triggers an out-of-bounds read. NOTE:
this affects different product versions than CVE-2007-3996.
(CVE-2007-4657)
Unspecified vulnerability in the chunk_split function in PHP before 5.2.4
has unknown impact and attack vectors, related to an incorrect size
calculation. (CVE-2007-4660)
Buffer overflow in the php_openssl_make_REQ function in PHP before 5.2.4
has unknown impact and attack vectors. (CVE-2007-4662) |
| Alerts: |
|
Comments (none posted)
php5: multiple vulnerabilities
| Package(s): | php5 |
CVE #(s): | CVE-2007-4783
CVE-2007-4840
CVE-2007-5898
CVE-2007-5899
CVE-2007-5900
|
| Created: | November 20, 2007 |
Updated: | January 18, 2010 |
| Description: |
The php5 package contains multiple vulnerabilities, the most serious of which involve several Denial of Service attacks (application crashes and temporary application hangs). It is not currently known that these vulnerabilities can be exploited to execute malicious code. |
| Alerts: |
|
Comments (none posted)
phpbb2: missing input sanitizing
| Package(s): | phpbb2 |
CVE #(s): | CVE-2006-1896
|
| Created: | May 22, 2006 |
Updated: | February 11, 2008 |
| Description: |
It was discovered that phpbb2, a web based bulletin board, insufficiently
sanitizes values passed to the "Font Color 3" setting, which might lead to
the execution of injected code by admin users. |
| Alerts: |
|
Comments (none posted)
phpbb2: multiple vulnerabilities
| Package(s): | phpbb2 |
CVE #(s): | CVE-2005-3310
CVE-2005-3415
CVE-2005-3416
CVE-2005-3417
CVE-2005-3418
CVE-2005-3419
CVE-2005-3420
CVE-2005-3536
CVE-2005-3537
|
| Created: | December 22, 2005 |
Updated: | February 11, 2008 |
| Description: |
The phpbb2 web forum has a number of vulnerabilities including:
a web script injection problem, a protection mechanism bypass, a
security check bypass, a remote global variable bypass, cross site
scripting vulnerabilities, an SQL injection vulnerability,
a remote regular expression modification problem, missing input
sanitizing, and a missing request validation problem. |
| Alerts: |
|
Comments (none posted)
phpmyadmin: multiple vulnerabilities
| Package(s): | phpmyadmin |
CVE #(s): | CVE-2006-6942
CVE-2006-6944
CVE-2007-1325
CVE-2007-1395
CVE-2007-2245
|
| Created: | September 10, 2007 |
Updated: | March 19, 2009 |
| Description: |
Several remote vulnerabilities have been discovered in phpMyAdmin, a
program to administrate MySQL over the web. The Common Vulnerabilities
and Exposures project identifies the following problems:
CVE-2007-1325:
The PMA_ArrayWalkRecursive function in libraries/common.lib.php
does not limit recursion on arrays provided by users, which allows
context-dependent attackers to cause a denial of service (web
server crash) via an array with many dimensions.
CVE-2007-1395:
Incomplete blacklist vulnerability in index.php allows remote
attackers to conduct cross-site scripting (XSS) attacks by
injecting arbitrary JavaScript or HTML in a (1) db or (2) table
parameter value followed by an uppercase </SCRIPT> end tag,
which bypasses the protection against lowercase </script>.
CVE-2007-2245:
Multiple cross-site scripting (XSS) vulnerabilities allow remote
attackers to inject arbitrary web script or HTML via (1) the
fieldkey parameter to browse_foreigners.php or (2) certain input
to the PMA_sanitize function.
CVE-2006-6942:
Multiple cross-site scripting (XSS) vulnerabilities allow remote
attackers to inject arbitrary HTML or web script via (1) a comment
for a table name, as exploited through (a) db_operations.php,
(2) the db parameter to (b) db_create.php, (3) the newname parameter
to db_operations.php, the (4) query_history_latest,
(5) query_history_latest_db, and (6) querydisplay_tab parameters to
(c) querywindow.php, and (7) the pos parameter to (d) sql.php.
CVE-2006-6944:
phpMyAdmin allows remote attackers to bypass Allow/Deny access rules
that use IP addresses via false headers.
|
| Alerts: |
|
Comments (none posted)
phpMyAdmin: cross-site scripting vulnerabilities
| Package(s): | phpMyAdmin |
CVE #(s): | CVE-2007-5386
CVE-2007-5589
|
| Created: | November 2, 2007 |
Updated: | March 14, 2008 |
| Description: |
Cross-site scripting (XSS) vulnerability in scripts/setup.php in phpMyAdmin
2.11.1, when accessed by a browser that does not URL-encode requests,
allows remote attackers to inject arbitrary web script or HTML via the
query string.
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before
2.11.1.2 allow remote attackers to inject arbitrary web script or HTML via
certain input available in (1) PHP_SELF in (a) server_status.php, and (b)
grab_globals.lib.php, (c) display_change_password.lib.php, and (d)
common.lib.php in libraries/; and certain input available in PHP_SELF and
(2) PATH_INFO in libraries/common.inc.php. NOTE: there might also be other
vectors related to (3) REQUEST_URI. |
| Alerts: |
|
Comments (none posted)
phpMyAdmin: information disclosure
| Package(s): | phpMyAdmin |
CVE #(s): | CVE-2007-0095
|
| Created: | December 11, 2007 |
Updated: | September 25, 2008 |
| Description: |
phpMyAdmin 2.9.1.1 allows remote attackers to obtain sensitive information
via a direct request for themes/darkblue_orange/layout.inc.php, which
reveals the path in an error message. |
| Alerts: |
|
Comments (none posted)
phpMyAdmin: SQL injection
| Package(s): | phpMyAdmin |
CVE #(s): | CVE-2007-5976
CVE-2007-5977
|
| Created: | November 22, 2007 |
Updated: | March 19, 2009 |
| Description: |
phpMyAdmin prior to version 2.11.2.1 has an SQL injection vulnerability
in db_create.php. Remote authenticated users with CREATE DATABASE privileges can use this to execute arbitrary SQL commands via the db parameter.
db_create.php also has a related cross-site scripting vulnerability.
Remote authenticated users can inject arbitrary web scripts or HTML
using a hex-encoded IMG element in the db parameter in a POST request. |
| Alerts: |
|
Comments (none posted)
phpPgAdmin: cross-site scripting
| Package(s): | phppgadmin |
CVE #(s): | CVE-2007-2865
CVE-2007-5728
|
| Created: | June 18, 2007 |
Updated: | January 21, 2009 |
| Description: |
A cross-site scripting (XSS) vulnerability in sqledit.php in phpPgAdmin
4.1.1 allows remote attackers to inject arbitrary web script or HTML via
the server parameter. |
| Alerts: |
|
Comments (none posted)
poppler and xpdf: multiple vulnerabilities
| Package(s): | poppler xpdf |
CVE #(s): | CVE-2007-4352
CVE-2007-5392
CVE-2007-5393
|
| Created: | November 8, 2007 |
Updated: | February 26, 2008 |
| Description: |
The xpdf and poppler PDF libraries contain several vulnerabilities which can lead to arbitrary command execution via hostile PDF files. Numerous other applications which use these libraries (PDF viewers, CUPS, etc.) will be affected by the vulnerabilities as well. |
| Alerts: |
|
Comments (none posted)
postgresql: several vulnerabilities
| Package(s): | postgresql |
CVE #(s): | CVE-2007-3278
CVE-2007-3279
CVE-2007-3280
|
| Created: | September 25, 2007 |
Updated: | February 1, 2008 |
| Description: |
PostgreSQL 8.1 and probably later and earlier versions, when local trust
authentication is enabled and the Database Link library (dblink) is
installed, allows remote attackers to access arbitrary accounts and execute
arbitrary SQL queries via a dblink host parameter that proxies the
connection from 127.0.0.1. (CVE-2007-3278)
PostgreSQL 8.1 and probably later and earlier versions, when the PL/pgSQL
(plpgsql) language has been created, grants certain plpgsql privileges to
the PUBLIC domain, which allows remote attackers to create and execute
functions, as demonstrated by functions that perform local brute-force
password guessing attacks, which may evade intrusion
detection. (CVE-2007-3279)
The Database Link library (dblink) in PostgreSQL 8.1 implements functions
via CREATE statements that map to arbitrary libraries based on the C
programming language, which allows remote authenticated superusers to map
and execute a function from any library, as demonstrated by using the
system function in libc.so.6 to gain shell access. (CVE-2007-3280) |
| Alerts: |
|
Comments (1 posted)
pulseaudio: denial of service
| Package(s): | pulseaudio |
CVE #(s): | CVE-2007-1804
|
| Created: | May 30, 2007 |
Updated: | March 10, 2008 |
| Description: |
The pulseaudio network code suffers from a denial of service vulnerability exploitable by an unauthenticated attacker. |
| Alerts: |
|
Comments (none posted)
pwlib: denial of service
| Package(s): | pwlib |
CVE #(s): | CVE-2007-4897
|
| Created: | October 8, 2007 |
Updated: | January 9, 2008 |
| Description: |
From the Red Hat advisory: A memory management flaw was discovered in PWLib. An attacker could use this
flaw to crash an application, such as Ekiga, which is linked with pwlib
(CVE-2007-4897).
|
| Alerts: |
|
Comments (none posted)
python: information disclosure
| Package(s): | python |
CVE #(s): | CVE-2007-2052
|
| Created: | May 9, 2007 |
Updated: | July 30, 2009 |
| Description: |
Python 2.4 and 2.5 contain a bug in PyLocale_strxfrm() which could enable an attacker to read portions of unrelated memory. |
| Alerts: |
|
Comments (none posted)
python: integer overflows
| Package(s): | python |
CVE #(s): | CVE-2007-4965
|
| Created: | October 30, 2007 |
Updated: | July 30, 2009 |
| Description: |
Multiple integer overflows in the imageop module in Python 2.5.1 and
earlier allow context-dependent attackers to cause a denial of service
(application crash) and possibly obtain sensitive information (memory
contents) via crafted arguments to (1) the tovideo method, and unspecified
other vectors related to (2) imageop.c, (3) rbgimgmodule.c, and other
files, which trigger heap-based buffer overflows. |
| Alerts: |
|
Comments (none posted)
qemu: multiple vulnerabilities
Comments (none posted)
quagga: denial of service
| Package(s): | quagga |
CVE #(s): | CVE-2007-4826
|
| Created: | September 14, 2007 |
Updated: | October 25, 2010 |
| Description: |
The bgpd daemon in Quagga prior to 0.99.9 allowed remote BGP peers to cause
a denial of service crash via a malformed OPEN message or COMMUNITY
attribute. |
| Alerts: |
|
Comments (none posted)
quake: buffer overflow
| Package(s): | quake3-bin |
CVE #(s): | CVE-2006-2236
|
| Created: | May 10, 2006 |
Updated: | January 12, 2009 |
| Description: |
Games based on the Quake 3 engine are vulnerable to a buffer overflow exploitable by a hostile game server. |
| Alerts: |
|
Comments (none posted)
rails: multiple vulnerabilities
| Package(s): | rails |
CVE #(s): | CVE-2007-5380
CVE-2007-3227
CVE-2007-5379
|
| Created: | November 15, 2007 |
Updated: | December 21, 2009 |
| Description: |
Ruby on Rails has the following vulnerabilities:
ActiveResource does not properly sanitize filenames in the Hash.from_xml() function.
The session_id can be set from the URL from the session management.
The to_json() function does not properly sanitize input before it is
returned to the user. |
| Alerts: |
|
Comments (none posted)
rsync: restricted file access
| Package(s): | rsync |
CVE #(s): | CVE-2007-6199
CVE-2007-6200
|
| Created: | December 5, 2007 |
Updated: | September 23, 2011 |
| Description: |
From the CVE entry:
rsync before 3.0.0pre6, when running a writable rsync daemon that is not using chroot, allows remote attackers to access restricted files via unknown vectors that cause rsync to create a symlink that points outside of the module's hierarchy. |
| Alerts: |
|
Comments (none posted)
ruby: insufficient SSL certificate validation
| Package(s): | ruby |
CVE #(s): | CVE-2007-5162
CVE-2007-5770
|
| Created: | October 8, 2007 |
Updated: | October 10, 2008 |
| Description: |
The connect method in lib/net/http.rb in the (1) Net::HTTP and (2) Net::HTTPS libraries in Ruby 1.8.5 and 1.8.6 does not verify that the commonName (CN) field in a server certificate matches the domain name in an HTTPS request, which makes it easier for remote attackers to intercept SSL transmissions via a man-in-the-middle attack or spoofed web site. |
| Alerts: |
|
Comments (none posted)
ruby-gnome2: format string vulnerability
| Package(s): | ruby-gnome2 |
CVE #(s): | CVE-2007-6183
|
| Created: | December 7, 2007 |
Updated: | December 22, 2008 |
| Description: |
A format string vulnerability in the mdiag_initialize function in gtk/src/rbgtkmessagedialog.c in Ruby-GNOME 2 (aka Ruby/Gnome2) 0.16.0, and SVN versions before 20071127, allows context-dependent attackers to execute arbitrary code via format string specifiers in the message parameter. |
| Alerts: |
|
Comments (none posted)
samba: buffer overflow
| Package(s): | samba |
CVE #(s): | CVE-2007-4572
|
| Created: | November 15, 2007 |
Updated: | December 3, 2008 |
| Description: |
The Samba user authentication is vulnerable to a heap-based buffer overflow.
Remote unauthenticated users can use this to crash the Samba server
and cause a denial of service. |
| Alerts: |
|
Comments (none posted)
samba: stack-based buffer overflow
| Package(s): | samba |
CVE #(s): | CVE-2007-6015
|
| Created: | December 11, 2007 |
Updated: | December 3, 2008 |
| Description: |
A stack buffer overflow flaw was found in the way Samba authenticates
remote users. A remote unauthenticated user could trigger this flaw to
cause the Samba server to crash, or execute arbitrary code with the
permissions of the Samba server. |
| Alerts: |
|
Comments (none posted)
samba: buffer overflow
| Package(s): | samba |
CVE #(s): | CVE-2007-5398
|
| Created: | November 15, 2007 |
Updated: | December 3, 2008 |
| Description: |
Samba's mechanism for creating NetBIOS replies is vulnerable to a
buffer overflow. Samba servers that are configured to run as a
WINS server can be crashed by a remote unauthenticated user,
execution of arbitrary code may also be possible. |
| Alerts: |
|
Comments (none posted)
streamripper: buffer overflow
| Package(s): | streamripper |
CVE #(s): | CVE-2007-4337
|
| Created: | September 14, 2007 |
Updated: | December 9, 2008 |
| Description: |
Chris Rohlf discovered several boundary errors in the
httplib_parse_sc_header() function when processing HTTP headers. |
| Alerts: |
|
Comments (none posted)
subversion: possible information leak
| Package(s): | subversion |
CVE #(s): | CVE-2007-2448
|
| Created: | October 30, 2007 |
Updated: | February 1, 2011 |
| Description: |
Subversion 1.4.3 and earlier does not properly implement the "partial
access" privilege for users who have access to changed paths but not copied
paths, which allows remote authenticated users to obtain sensitive
information (revision properties) via svn (1) propget, (2) proplist, or (3)
propedit. |
| Alerts: |
|
Comments (none posted)
Sun JDK/JRE: multiple vulnerabilities
| Package(s): | Sun JDK/JRE |
CVE #(s): | CVE-2007-2435
CVE-2007-2788
CVE-2007-2789
|
| Created: | June 1, 2007 |
Updated: | April 18, 2008 |
| Description: |
An unspecified vulnerability involving an "incorrect use of system
classes" was reported by the Fujitsu security team. Additionally, Chris
Evans from the Google Security Team reported an integer overflow
resulting in a buffer overflow in the ICC parser used with JPG or BMP
files, and an incorrect open() call to /dev/tty when processing certain
BMP files. |
| Alerts: |
|
Comments (none posted)
sysstat: insecure temporary files
| Package(s): | sysstat |
CVE #(s): | CVE-2007-3852
|
| Created: | August 20, 2007 |
Updated: | September 23, 2011 |
| Description: |
The init script (sysstat.in) in sysstat 5.1.2 up to 7.1.6 creates
/tmp/sysstat.run insecurely, which allows local users to execute arbitrary
code. |
| Alerts: |
|
Comments (1 posted)
t1lib: buffer overflow
| Package(s): | t1lib |
CVE #(s): | CVE-2007-4033
|
| Created: | September 20, 2007 |
Updated: | February 12, 2008 |
| Description: |
T1lib, an enhanced rasterizer for X11 Type 1 fonts, does
not properly perform bounds checking. An attacker can send
specially crafted input to applications linked against the library in
order to create a buffer overflow, resulting in a denial of service
or the execution of arbitrary code. |
| Alerts: |
|
Comments (none posted)
tar: buffer overflow
| Package(s): | tar |
CVE #(s): | CVE-2007-4476
|
| Created: | October 16, 2007 |
Updated: | March 17, 2010 |
| Description: |
Buffer overflow in the safer_name_suffix function in GNU tar has unspecified attack vectors and impact, resulting in a "crashing stack." |
| Alerts: |
|
Comments (none posted)
tar: symlink path traversal vulnerability
| Package(s): | tar |
CVE #(s): | CVE-2007-4131
|
| Created: | August 23, 2007 |
Updated: | December 28, 2007 |
| Description: |
The tar utility has a symlink path traversal vulnerability involving
extracted archives. Maliciously created tar archives can be used to
write arbitrary data to files that the tar user has write access to. |
| Alerts: |
|
Comments (none posted)
terminal: arbitrary code execution
| Package(s): | terminal |
CVE #(s): | CVE-2007-3770
|
| Created: | August 13, 2007 |
Updated: | December 19, 2007 |
| Description: |
A vulnerability was found in the Xfce terminal program:
Lasse Karkkainen discovered that the function terminal_helper_execute()
in file terminal-helper.c does not properly escape the URIs before
processing.
|
| Alerts: |
|
Comments (none posted)
tetex: buffer overflow
| Package(s): | tetex |
CVE #(s): | CVE-2007-0650
|
| Created: | May 8, 2007 |
Updated: | May 13, 2008 |
| Description: |
A buffer overflow in the open_sty function in mkind.c for makeindex 2.14 in
teTeX might allow user-assisted remote attackers to overwrite files and
possibly execute arbitrary code via a long filename. NOTE: other overflows
exist but might not be exploitable, such as a heap-based overflow in the
check_idx function. |
| Alerts: |
|
Comments (1 posted)
teTeX: multiple vulnerabilities
| Package(s): | tetex |
CVE #(s): | CVE-2007-5937
CVE-2007-5936
CVE-2007-5935
|
| Created: | November 19, 2007 |
Updated: | May 10, 2010 |
| Description: |
From the Gentoo advisory:
Joachim Schrod discovered several buffer overflow vulnerabilities and
an insecure temporary file creation in the "dvilj" application that is
used by dvips to convert DVI files to printer formats (CVE-2007-5937,
CVE-2007-5936). Bastien Roucaries reported that the "dvips" application
is vulnerable to two stack-based buffer overflows when processing DVI
documents with long \href{} URIs (CVE-2007-5935). teTeX also includes
code from Xpdf that is vulnerable to a memory corruption and two
heap-based buffer overflows (GLSA 200711-22); and it contains code from
T1Lib that is vulnerable to a buffer overflow when processing an overly
long font filename (GLSA 200710-12). |
| Alerts: |
|
Comments (none posted)
Tk: buffer overflow
| Package(s): | tk8.3 |
CVE #(s): | CVE-2007-5378
|
| Created: | November 28, 2007 |
Updated: | March 17, 2009 |
| Description: |
The Tk toolkit's GIF-reading code contains a buffer overflow which could be exploited via a malicious image file. Fixes may be found in versions 8.4.12 and 8.3.5. |
| Alerts: |
|
Comments (none posted)
tk: denial of service
| Package(s): | tk8.3 tk8.4 |
CVE #(s): | CVE-2007-5137
|
| Created: | October 12, 2007 |
Updated: | March 17, 2009 |
| Description: |
It was discovered that Tk could be made to overrun a buffer when loading
certain images. If a user were tricked into opening a specially crafted GIF
image, remote attackers could cause a denial of service or execute
arbitrary code with user privileges. |
| Alerts: |
|
Comments (none posted)
tomboy: execution of arbitrary code
| Package(s): | tomboy |
CVE #(s): | CVE-2005-4790
|
| Created: | November 9, 2007 |
Updated: | February 22, 2011 |
| Description: |
Jan Oravec reported that the "/usr/bin/tomboy" script sets the
"LD_LIBRARY_PATH" environment variable incorrectly, which might result
in the current working directory (.) to be included when searching for
dynamically linked libraries of the Mono Runtime application.
Note that the tomboy vulnerability was added in 2007. |
| Alerts: |
|
Comments (none posted)
tomcat: directory traversal
| Package(s): | tomcat |
CVE #(s): | CVE-2007-0450
|
| Created: | May 2, 2007 |
Updated: | February 27, 2008 |
| Description: |
Versions of tomcat prior to 5.5.22 do not properly filter filename separator characters, enabling information disclosure attacks. |
| Alerts: |
|
Comments (none posted)
tomcat: cross-site scripting
| Package(s): | tomcat |
CVE #(s): | CVE-2007-2449
CVE-2007-2450
|
| Created: | July 17, 2007 |
Updated: | February 17, 2009 |
| Description: |
Some JSPs within the 'examples' web application did not escape user
provided data. If the JSP examples were accessible, this flaw could allow a
remote attacker to perform cross-site scripting attacks (CVE-2007-2449).
Note: it is recommended the 'examples' web application not be installed on
a production system.
The Manager and Host Manager web applications did not escape user provided
data. If a user is logged in to the Manager or Host Manager web
application, an attacker could perform a cross-site scripting attack
(CVE-2007-2450). |
| Alerts: |
|
Comments (1 posted)
tomcat: multiple vulnerabilities
| Package(s): | tomcat |
CVE #(s): | CVE-2007-3382
CVE-2007-3385
CVE-2007-3386
|
| Created: | September 26, 2007 |
Updated: | September 13, 2010 |
| Description: |
Tomcat was found treating single quote characters -- ' -- as delimiters in
cookies. This could allow remote attackers to obtain sensitive information,
such as session IDs, for session hijacking attacks (CVE-2007-3382).
It was reported Tomcat did not properly handle the following character
sequence in a cookie: \" (a backslash followed by a double-quote). It was
possible remote attackers could use this failure to obtain sensitive
information, such as session IDs, for session hijacking attacks
(CVE-2007-3385).
A cross-site scripting (XSS) vulnerability existed in the Host Manager
Servlet. This allowed remote attackers to inject arbitrary HTML and web
script via crafted requests (CVE-2007-3386). |
| Alerts: |
|
Comments (none posted)
tomcat: arbitrary file disclosure via path traversal
| Package(s): | tomcat5 |
CVE #(s): | CVE-2007-5461
|
| Created: | November 19, 2007 |
Updated: | February 17, 2009 |
| Description: |
From the CVE entry:
Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag. |
| Alerts: |
|
Comments (none posted)
util-linux: privilege escalation
| Package(s): | util-linux |
CVE #(s): | CVE-2007-5191
|
| Created: | October 9, 2007 |
Updated: | January 7, 2008 |
| Description: |
mount and umount in util-linux call the setuid and setgid functions in the
wrong order and do not check the return values, which might allow attackers
to gain privileges via helpers such as mount.nfs. |
| Alerts: |
|
Comments (none posted)
vim: arbitrary code execution
| Package(s): | vim |
CVE #(s): | CVE-2007-2953
|
| Created: | July 30, 2007 |
Updated: | November 27, 2008 |
| Description: |
vim is vulnerable to a user-assisted attack in which vim may execute arbitrary code when helptags is run on data that has been maliciously crafted. |
| Alerts: |
|
Comments (none posted)
vlc: several vulnerabilities
| Package(s): | vlc |
CVE #(s): | CVE-2007-3316
CVE-2007-3467
CVE-2007-3468
|
| Created: | July 10, 2007 |
Updated: | March 10, 2008 |
| Description: |
Several remote vulnerabilities have been discovered in the VideoLan
multimedia player and streamer, which may lead to the execution of
arbitrary code. |
| Alerts: |
|
Comments (none posted)
wireshark: multiple vulnerabilities
| Package(s): | wireshark |
CVE #(s): | CVE-2007-3390
CVE-2007-3392
CVE-2007-3393
|
| Created: | June 28, 2007 |
Updated: | February 27, 2008 |
| Description: |
The wireshark network traffic analyzer has three vulnerabilities
that can be used to create a denial of service. These include
off-by-one overflows in the iSeries dissector, vulnerabilities in
the MMS and SSL dissectors that can cause an infinite loop and
an off-by-one overflow in the DHCP/BOOTP dissector. |
| Alerts: |
|
Comments (none posted)
wireshark: multiple vulnerabilities
| Package(s): | wireshark |
CVE #(s): | CVE-2007-6114
CVE-2007-6117
CVE-2007-6118
CVE-2007-6120
CVE-2007-6121
|
| Created: | November 27, 2007 |
Updated: | December 24, 2007 |
| Description: |
Several remote vulnerabilities have been discovered in the Wireshark
network traffic analyzer, which may lead to denial of service or the
execution of arbitrary code. |
| Alerts: |
|
Comments (none posted)
x11: xfs font server overflows
| Package(s): | x11 |
CVE #(s): | CVE-2007-4568
CVE-2007-4989
CVE-2007-4990
|
| Created: | October 4, 2007 |
Updated: | January 18, 2008 |
| Description: |
xorg-x11 has a number of integer and heap overflow vulnerabilities in
the xfs font server. A local attacker may be able to use these for
the execution of arbitrary code with elevated privileges. |
| Alerts: |
|
Comments (none posted)
xen-utils: insecure temp files
| Package(s): | xen-utils |
CVE #(s): | CVE-2007-3919
|
| Created: | October 25, 2007 |
Updated: | May 16, 2008 |
| Description: |
The xen-utils collection of XEN administrative tools uses temporary files
insecurely. Local users can use this to truncate arbitrary files. |
| Alerts: |
|
Comments (none posted)
XFree86 X.org: integer overflows
| Package(s): | xfree86 x.org |
CVE #(s): | CVE-2007-1003
CVE-2007-1667
CVE-2007-1351
CVE-2007-1352
|
| Created: | April 3, 2007 |
Updated: | August 11, 2009 |
| Description: |
iDefense reported an integer overflow flaw in the XFree86 XC-MISC
extension. A malicious authorized client could exploit this issue to cause
a denial of service (crash) or potentially execute arbitrary code with root
privileges on the XFree86 server. (CVE-2007-1003)
iDefense reported two integer overflows in the way X.org handled various
font files. A malicious local user could exploit these issues to
potentially execute arbitrary code with the privileges of the X.org server.
(CVE-2007-1351, CVE-2007-1352)
An integer overflow flaw was found in the XFree86 XGetPixel() function.
Improper use of this function could cause an application calling it to
function improperly, possibly leading to a crash or arbitrary code
execution. (CVE-2007-1667) |
| Alerts: |
|
Comments (none posted)
xine-lib: arbitrary code execution
| Package(s): | xine-lib |
CVE #(s): | CVE-2007-1387
|
| Created: | March 13, 2007 |
Updated: | April 1, 2008 |
| Description: |
Moritz Jodeit discovered that the DirectShow loader of Xine did not
correctly validate the size of an allocated buffer. By tricking a user
into opening a specially crafted media file, an attacker could execute
arbitrary code with the user's privileges. |
| Alerts: |
|
Comments (none posted)
xine-lib: buffer overflow
| Package(s): | xine-lib |
CVE #(s): | CVE-2006-1664
|
| Created: | April 27, 2006 |
Updated: | February 27, 2008 |
| Description: |
xine-lib does an improper input data boundary check on
MPEG streams. A specially crafted MPEG file can be
created that can cause arbitrary code execution when the
file is accessed. |
| Alerts: |
|
Comments (none posted)
xmms: BMP handling vulnerability
| Package(s): | xmms |
CVE #(s): | CVE-2007-0653
CVE-2007-0654
|
| Created: | March 28, 2007 |
Updated: | July 26, 2011 |
| Description: |
xmms suffers from vulnerabilities in its handling of BMP images. Should a hostile image be included in an xmms skin, it could lead to code execution on the user's system. |
| Alerts: |
|
Comments (none posted)
X.org: temp file vulnerability
| Package(s): | X.org |
CVE #(s): | CVE-2007-3103
|
| Created: | July 12, 2007 |
Updated: | July 2, 2009 |
| Description: |
The X.Org X11 xfs font server has a temp file vulnerability in the
startup script. A local user can modify the permissions of the script
in order to elevate their local privileges. |
| Alerts: |
|
Comments (none posted)
xorg-server: local privilege escalation
| Package(s): | xorg-server |
CVE #(s): | CVE-2007-4730
|
| Created: | September 10, 2007 |
Updated: | January 24, 2008 |
| Description: |
Aaron Plattner discovered a buffer overflow in the Composite extension
of the X.org X server, which can lead to local privilege escalation. |
| Alerts: |
|
Comments (none posted)
xorg-x11-xfs: arbitrary code execution
| Package(s): | xorg-x11-xfs |
CVE #(s): | |
| Created: | December 10, 2007 |
Updated: | December 12, 2007 |
| Description: |
From the xorg advisory:
Several vulnerabilities have been identified in xfs, the X font
server. The QueryXBitmaps and QueryXExtents protocol requests suffer
from lack of validation of their 'length' parameters. Maliciously
crafted requests can either cause two different problems with both
requests:
* An integer overflow in the computation of the size of a dynamic
buffer can lead to a heap overflow in the build_range() function.
* An arbitrary number of bytes on the heap can be swapped by the
swap_char2b() function.
|
| Alerts: |
|
Comments (none posted)
xulrunner, firefox, thunderbird: multiple vulnerabilities
| Package(s): | xulrunner, firefox, thunderbird |
CVE #(s): | CVE-2007-1095
CVE-2007-2292
CVE-2007-3511
CVE-2007-5334
CVE-2007-5337
CVE-2007-5338
CVE-2007-5339
CVE-2007-5340
CVE-2006-2894
|
| Created: | October 22, 2007 |
Updated: | May 12, 2008 |
| Description: |
From the Debian advisory:
CVE-2007-1095:
Michal Zalewski discovered that the unload event handler had access to
the address of the next page to be loaded, which could allow information
disclosure or spoofing.
CVE-2007-2292:
Stefano Di Paola discovered that insufficient validation of user names
used in Digest authentication on a web site allows HTTP response splitting
attacks.
CVE-2007-3511:
It was discovered that insecure focus handling of the file upload
control can lead to information disclosure. This is a variant of
CVE-2006-2894.
CVE-2007-5334:
Eli Friedman discovered that web pages written in Xul markup can hide the
titlebar of windows, which can lead to spoofing attacks.
CVE-2007-5337:
Georgi Guninski discovered the insecure handling of smb:// and sftp:// URI
schemes may lead to information disclosure. This vulnerability is only
exploitable if Gnome-VFS support is present on the system.
CVE-2007-5338:
"moz_bug_r_a4" discovered that the protection scheme offered by XPCNativeWrappers
could be bypassed, which might allow privilege escalation.
CVE-2007-5339:
L. David Baron, Boris Zbarsky, Georgi Guninski, Paul Nickerson, Olli Pettay,
Jesse Ruderman, Vladimir Sukhoy, Daniel Veditz, and Martijn Wargers discovered
crashes in the layout engine, which might allow the execution of arbitrary code.
CVE-2007-5340:
Igor Bukanov, Eli Friedman, and Jesse Ruderman discovered crashes in the
Javascript engine, which might allow the execution of arbitrary code.
|
| Alerts: |
|
Comments (1 posted)
zabbix: privilege escalation
| Package(s): | zabbix |
CVE #(s): | CVE-2007-6210
|
| Created: | December 6, 2007 |
Updated: | December 12, 2007 |
| Description: |
Bas van Schaik has found a privilege escalation in the agentd process
of the Zabbix network monitor application. Agentd can be used to run
user commands under the root account, leading to an escalation of
privilege. |
| Alerts: |
|
Comments (none posted)
zope-cmfplone: arbitrary code execution
| Package(s): | zope-cmfplone |
CVE #(s): | CVE-2007-5741
|
| Created: | November 12, 2007 |
Updated: | December 28, 2007 |
| Description: |
From the Debian advisory:
It was discovered that Plone, a web content management system, allows
remote attackers to execute arbitrary code via specially crafted web
browser cookies.
|
| Alerts: |
|
Comments (none posted)
Page editor: Jake Edge
Kernel development
Brief items
The current 2.6 patch remains 2.6.24-rc5; no new -rc releases have
been made over the last week. Fixes do continue to find their way into the
mainline git repository, though.
The current -mm tree is 2.6.24-rc5-mm1. Recent changes
to -mm include some significant device model changes; a number of subsystem
trees have been dropped from this release due to patch conflicts.
The current stable 2.6 kernel is
2.6.23.10 2.6.23.11 2.6.23.12. The big patch is 2.6.23.10, released on
December 14, with several dozen fixes. The 2.6.23.11 (December 14) and
2.6.23.12 (December 18)
releases contain small fixes for problems caused by 2.6.23.10.
For older kernels: 2.6.22.15 was released on
December 14 with quite a few fixes.
2.4.36-rc1 was released on
December 17 with a number of security-related fixes. The 2.4.35.5 release also contains
those fixes.
Comments (3 posted)
Kernel development news
Just for some context, I have...
- 1,400-odd open bugzilla reports
- 719 emails saved away in my emailed-bug-reports folder, all of which
need to be gone through, asking originators to retest and
re-report-if-unfixed.
- A big ugly email titled "2.6.24-rc5-git1: Reported regressions from
2.6.23" in my inbox.
All of which makes it a bit inappropriate to be thinking about
intrusive-looking new features.
Ho hum. Just send me the whole lot against rc5-mm1 and I'll stick it in
there and we'll see what breaks.
--
Andrew Morton
ok, and given the time-shift and apparent season-shift i'll sit in the
evening, watch the snowfall and think happy thoughts of kittens fetching
nuclear-tipped uzis and hunting ueber-elite wireless developers to beat
some humanity and compassion into them, ok?
--
Ingo Molnar
Comments (1 posted)
By Jonathan Corbet
December 18, 2007
Kerneloops. Triage is an important part of a kernel developer's
job. A project as large and as widely-used as the kernel will always
generate more bug reports than can be realistically addressed in the amount
of time which is available. So developers must figure out which reports
are most deserving of their attention. Sometimes the existence of an
irate, paying customer makes this decision easy. Other times, though, it
is a matter of making a guess at which bugs are affecting the largest
numbers of users. And that often comes down to how many different reports
have come in for a given problem.
Of course, counting reports is not the easiest thing to do, especially if
they are not all sent to the same place. In an attempt to make this
process easier, Arjan van de Ven has announced a new site at kerneloops.org. Arjan has put together
some software which scans certain sites and mailing lists for posted kernel
oops output; whenever a crash is found, it is stuffed into a database.
Then an attempt is made to associate reports with each other based on
kernel version and the call trace; from that, a list of the most popular
ways to crash can be created. As of this writing, the current fashion for
kernel oopses would appear to be in ieee80211_tx() in current
development kernels.
Some other information is stored with the trace; in particular, it is
possible to see what the oldest kernel version associated with the problem
is.
This is clearly a useful resource, but there are a couple of problems which
make it harder to do the job properly. One is that there is no distinctive
marker which indicates the end of an oops listing, so the scripts have a
hard time knowing where to stop grabbing information. The other is that
multiple reports of the same oops can artificially raise the count for a
particular crash. The solution to both problems is to place a marker at
the end of the oops output which includes a random UUID generated at system
boot time. Patches to this effect are circulating, though getting the
random number into the output turns out to be a little harder than one
might have expected. So, for 2.6.24, the "random" number may be all
zeroes, with the real problem to be solved in 2.6.25.
Read-mostly. Anybody who digs through kernel source for any period
of time will notice a number of variables declared in a form like this:
static int __read_mostly ignore_loglevel;
The __read_mostly attribute says that accesses to this variable
are usually (but not always) read operations. There were some questions
recently about why this annotation is done; the answer is that it's an
important optimization, though it may not always be having the effect that
developers are hoping for.
As is well described in What
every programmer should know about memory, proper use of processor
memory caches is crucial for optimal performance. The idea behind
__read_mostly is to group together variables which are rarely
changed so they can all share cache lines which need not be bounced between
processors on multiprocessor systems. As long as nobody changes a
__read_mostly variable, it can reside in a shared cache line with
other such variables and be present in cache (if needed) on all processors
in the system.
The read-mostly attribute generally works well and yields a measurable
performance improvement. There are concerns, though, that this feature
could be over-used. Andrew Morton expressed
it this way:
So... once we've moved all read-mostly variables into
__read_mostly, what is left behind in bss? All the write-often
variables. All optimally packed together to nicely maximise
cacheline sharing.
Combining frequently-written variables into shared cache lines is a good
way to maximize the bouncing of those cache lines between processors -
which would be bad for performance. So over-aggressive segregation of
read-mostly variables to minimize cache line bouncing could have the
opposite of the desired effect: it could make the kernel's cache behavior worse.
The better way, says Andrew, would have been to create a "read often"
attribute for variables which are frequently used in a read-only
mode. That would leave behind the numerous read-rarely variables to serve
as padding keeping the write-often variables nicely separated from each
other. Thus far, patches to make this change have not been forthcoming.
I/O port delays. The functions provided by the kernel for access to
I/O ports have long included versions which insert delays. A driver would
normally read a byte from a port with inb(), but inb_p()
could be used if an (unspecified) short delay was needed after the
operation. A look through the driver tree shows that quite a few drivers
use the delayed versions of the I/O port accessors, even though, in many
cases, there is no real need for that delay.
This delay is implemented (on x86 architectures) with a write to I/O
port 80. There is generally no hardware listening for an I/O
operation on that port, so this write has the sole effect of delaying the
processor while the bus goes through an abortive attempt to execute the
operation. It is an operation with reasonably well-defined semantics, and it
has worked for Linux for many years.
Except that now, it seems, this technique
no longer works on a small subset of x86_64 systems. Instead, the write to
port 80 will, on occasion, freeze the system hard; this, in turn,
generates a rather longer delay than was intended. One could imagine the
creation of an elaborate mechanism for restarting I/O operations after the
user resets the system, but the kernel developers, instead, chose to look
for alternative ways of implementing I/O delays.
In almost every case, the alternative form of the delay is a call to
udelay(). The biggest problem here is that udelay()
works by sitting in a tight loop; it cannot know how many times to go
through the loop until the speed of the processor has been calibrated.
That calibration happens reasonably early in the boot process, but there
are still tasks to be performed - including I/O port operations - first.
This problem is being worked around by removing some delayed operations
from the early setup code, but some developers worry that it will never be possible to get
them all. It has been suggested that the kernel could just assume it's
running on the fastest-available processor until the calibration happens,
but, beyond being somewhat inelegant, that could significantly slow the
bootstrap process on slower machines - all of which work just fine with the
current code.
The real solution is to simply get rid of almost all of the delayed I/O
port operations. Very few of them are likely to be needed with any
hardware which still works. In some cases, what may really be going on is
that the delays are being used to paper over driver bugs - such as failing
to force a needed PCI write out by doing a read operation. Just removing
the delays outright would probably cause instability in unpredictable
places - not a result most developers are striving for. So the task of
cleaning up those calls will have to be done carefully over time.
Meanwhile, the use of port 80 will probably remain unchanged for
2.6.24.
Comments (6 posted)
By Jonathan Corbet
December 18, 2007
LWN last looked at Pekka Enberg's
revoke() patch
in July, 2006. The purpose of
this proposed system call is to completely disconnect all processes from a
specific file, thus allowing a new process to have exclusive access to that
file. There are a number of applications for this functionality, such as
ensuring that a newly logged-in user is the only one able to access
resources associated with the console - the sound device, for example.
There are kernel developers who occasionally mutter ominously about
unfixable security problems resulting from the lack of the ability to
revoke open file descriptors - though they tend, for some reason, to not
want to publish the details of those vulnerabilities. Any sort of real
malware scanning application
will also need to be able to revoke access to files determined to contain
Bad Stuff.
Pekka has recently posted a new
version of the patch, so a new look seems warranted. The first thing
one notes is that the revoke() system call is gone; instead, the
new form of the system call is:
int revokeat(int dir_fd, const char *filename);
This call thus follows the form of a number of other, relatively new
*at() system calls. Here, filename is the name of the
file for which access is to be revoked; if it is an absolute pathname then
dir_fd is ignored. Otherwise, dir_fd is an open file
descriptor for the directory to be used as the starting point in the lookup
of filename. The special
value AT_FDCWD
indicates the current working directory for the calling process. If the
revokeat() call completes successfully, only file descriptors for
filename which are created after the call will be valid.
There is a new file_operations member created by this patch set:
int (*revoke)(struct file *filp);
This function's job is to ensure that any outstanding I/O operations on the
given file have completed, with a failure status if needed. So far, the
only implementation is a generic
version for filesystems; it is, in its entirety:
int generic_file_revoke(struct file *file)
{
return do_fsync(file, 1);
}
In the long term, revokeat() will need support from at least a
subset of device drivers to be truly useful.
Disconnecting access to regular file descriptors is relatively
straightforward; the system call simply iterates through the list of open
files on the relevant device and replaces the file_operations
structure with a new set which returns EBADF for every attempted
operation. (OK, for almost every attempted operation - reads from sockets
and device files return zero instead). The only tricky part is that it
must iterate through the file list multiple times until no open files are
found; otherwise there could be race conditions with other system calls
creating new file descriptors at the same time that the old ones are being
revoked.
The trickier part is dealing with memory mappings. In most cases, it is a
matter of finding all virtual memory areas (VMAs) associated with the file,
setting the new VM_REVOKED flag, and calling
zap_page_range() to clear out the associated page table entries.
The VM_REVOKED flag ensures that any attempt to fault pages back
in will result in a SIGBUS signal - likely to be an unpleasant
surprise for any process attempting to access that area.
Even trickier is the case of private, copy-on-write (COW) mappings, which
can be created when a process forks. Simply clearing those mappings might
be effective, but it could result in the death of processes which do not
actually need to be killed. But it is important that the COW mapping not
be a way to leak data written to the file after the revokeat()
call. So the COW mappings are separated from each other by a simple (but
expensive) call to get_user_pages(), which will create private
copies of all of the relevant pages.
There has been relatively little discussion of this patch so far - perhaps
the relevant developers have begun their holiday breaks and revoked their
access to linux-kernel. This is an important patch with a lot of
difficult, low-level operations, though; that is part of why it has been so
long in the making. So it will need some comprehensive review before it
can be considered ready for the mainline. Given the nature of the problem,
it would not be surprising if another iteration or two were needed still.
Comments (1 posted)
December 17, 2007
This article was contributed by Paul McKenney
[
Editor's note: this is the first in a three-part series on how the
read-copy-update mechanism works. Many thanks to Paul McKenney and
Jonathan Walpole for allowing us to publish these articles. The remaining
two sections will appear in future weeks.]
Part 1 of 3 of What is RCU, Really?
Paul E. McKenney, IBM Linux Technology Center
Jonathan Walpole, Portland State University Department of Computer
Science
Introduction
Read-copy update (RCU) is a synchronization mechanism that was added to
the Linux kernel in October of 2002.
RCU achieves scalability
improvements by allowing reads to occur concurrently with updates.
In contrast with conventional locking primitives that ensure mutual exclusion
among concurrent threads regardless of whether they be readers or
updaters, or with reader-writer locks that allow concurrent reads but not in
the presence of updates, RCU supports concurrency between a single
updater and multiple readers.
RCU ensures that reads are coherent by
maintaining multiple versions of objects and ensuring that they are not
freed up until all pre-existing read-side critical sections complete.
RCU defines and uses efficient and scalable mechanisms for publishing
and reading new versions of an object, and also for deferring the collection
of old versions.
These mechanisms distribute the work among read and
update paths in such a way as to make read paths extremely fast. In some
cases (non-preemptable kernels), RCU's read-side primitives have zero
overhead.
Quick Quiz 1:
But doesn't seqlock also permit readers and updaters to get work done
concurrently?
This leads to the question "what exactly is RCU?", and perhaps also
to the question "how can RCU possibly work?" (or, not
infrequently, the assertion that RCU cannot possibly work).
This document addresses these questions from a fundamental viewpoint;
later installments look at them from usage and from API viewpoints.
This last installment also includes a list of references.
RCU is made up of three fundamental mechanisms, the first being
used for insertion, the second being used for deletion, and the third
being used to allow readers to tolerate concurrent insertions and deletions.
These mechanisms are described in the following sections, which focus
on applying RCU to linked lists:
-
Publish-Subscribe Mechanism (for insertion)
-
Wait For Pre-Existing RCU Readers to Complete (for deletion)
-
Maintain Multiple Versions of Recently Updated Objects
(for readers)
These sections are followed by
concluding remarks and the
answers to the Quick Quizzes.
One key attribute of RCU is the ability to safely scan data, even
though that data is being modified concurrently.
To provide this ability for concurrent insertion,
RCU uses what can be thought of as a publish-subscribe mechanism.
For example, consider an initially NULL global pointer
gp that is to be modified to point to a newly allocated
and initialized data structure.
The following code fragment (with the addition of appropriate locking)
might be used for this purpose:
1 struct foo {
2 int a;
3 int b;
4 int c;
5 };
6 struct foo *gp = NULL;
7
8 /* . . . */
9
10 p = kmalloc(sizeof(*p), GFP_KERNEL);
11 p->a = 1;
12 p->b = 2;
13 p->c = 3;
14 gp = p;
Unfortunately, there is nothing forcing the compiler and CPU to execute
the last four assignment statements in order.
If the assignment to gp happens before the initialization
of p's fields, then concurrent readers could see the
uninitialized values.
Memory barriers are required to keep things ordered, but memory barriers
are notoriously difficult to use.
We therefore encapsulate them into a primitive
rcu_assign_pointer() that has publication semantics.
The last four lines would then be as follows:
1 p->a = 1;
2 p->b = 2;
3 p->c = 3;
4 rcu_assign_pointer(gp, p);
The rcu_assign_pointer()
would publish the new structure, forcing both the compiler
and the CPU to execute the assignment to gp after
the assignments to the fields referenced by p.
However, it is not sufficient to only enforce ordering at the
updater, as the reader must enforce proper ordering as well.
Consider for example the following code fragment:
1 p = gp;
2 if (p != NULL) {
3 do_something_with(p->a, p->b, p->c);
4 }
Although this code fragment might well seem immune to misordering,
unfortunately, the
DEC
Alpha CPU [PDF]
and value-speculation compiler optimizations can, believe it or not,
cause the values of p->a, p->b, and
p->c to be fetched before the value of p!
This is perhaps easiest to see in the case of value-speculation
compiler optimizations, where the compiler guesses the value
of p, fetches p->a, p->b, and
p->c, then fetches the actual value of p
in order to check whether its guess was correct.
This sort of optimization is quite aggressive, perhaps insanely so,
but does actually occur in the context of profile-driven optimization.
Clearly, we need to prevent this sort of skullduggery on the
part of both the compiler and the CPU.
The rcu_dereference() primitive uses
whatever memory-barrier instructions and compiler
directives are required for this purpose:
1 rcu_read_lock();
2 p = rcu_dereference(gp);
3 if (p != NULL) {
4 do_something_with(p->a, p->b, p->c);
5 }
6 rcu_read_unlock();
The rcu_dereference() primitive can thus be thought of
as subscribing to a given value of the specified pointer,
guaranteeing that subsequent dereference operations will see any
initialization that occurred before the corresponding publish
(rcu_assign_pointer()) operation.
The rcu_read_lock() and rcu_read_unlock()
calls are absolutely required: they define the extent of the
RCU read-side critical section.
Their purpose is explained in the
next section,
however, they never spin or block, nor do they prevent the
list_add_rcu() from executing concurrently.
In fact, in non-CONFIG_PREEMPT kernels, they generate
absolutely no code.
Although rcu_assign_pointer() and
rcu_dereference() can in theory be used to construct any
conceivable RCU-protected data structure, in practice it is often better
to use higher-level constructs.
Therefore, the rcu_assign_pointer() and
rcu_dereference()
primitives have been embedded in special RCU variants of Linux's
list-manipulation API.
Linux has two variants of doubly linked list, the circular
struct list_head and the linear
struct hlist_head/struct hlist_node pair.
The former is laid out as follows, where the green boxes represent
the list header and the blue boxes represent the elements in the
list.
Adapting the pointer-publish example for the linked list gives
the following:
1 struct foo {
2 struct list_head list;
3 int a;
4 int b;
5 int c;
6 };
7 LIST_HEAD(head);
8
9 /* . . . */
10
11 p = kmalloc(sizeof(*p), GFP_KERNEL);
12 p->a = 1;
13 p->b = 2;
14 p->c = 3;
15 list_add_rcu(&p->list, &head);
Line 15 must be protected by some synchronization mechanism (most
commonly some sort of lock) to prevent multiple list_add()
instances from executing concurrently.
However, such synchronization does not prevent this list_add()
from executing concurrently with RCU readers.
Subscribing to an RCU-protected list is straightforward:
1 rcu_read_lock();
2 list_for_each_entry_rcu(p, head, list) {
3 do_something_with(p->a, p->b, p->c);
4 }
5 rcu_read_unlock();
The list_add_rcu() primitive publishes
an entry into the specified list, guaranteeing that the corresponding
list_for_each_entry_rcu() invocation will properly
subscribe to this same entry.
Quick Quiz 2:
What prevents the list_for_each_entry_rcu() from
getting a segfault if it happens to execute at exactly the same
time as the list_add_rcu()?
Linux's other doubly linked list, the hlist,
is a linear list, which means that
it needs only one pointer for the header rather than the two
required for the circular list.
Thus, use of hlist can halve the memory consumption for the hash-bucket
arrays of large hash tables.
Publishing a new element to an RCU-protected hlist is quite similar
to doing so for the circular list:
1 struct foo {
2 struct hlist_node *list;
3 int a;
4 int b;
5 int c;
6 };
7 HLIST_HEAD(head);
8
9 /* . . . */
10
11 p = kmalloc(sizeof(*p), GFP_KERNEL);
12 p->a = 1;
13 p->b = 2;
14 p->c = 3;
15 hlist_add_head_rcu(&p->list, &head);
As before, line 15 must be protected by some sort of synchronization
mechanism, for example, a lock.
Subscribing to an RCU-protected hlist is also similar to the
circular list:
1 rcu_read_lock();
2 hlist_for_each_entry_rcu(p, q, head, list) {
3 do_something_with(p->a, p->b, p->c);
4 }
5 rcu_read_unlock();
Quick Quiz 3:
Why do we need to pass two pointers into
hlist_for_each_entry_rcu()
when only one is needed for list_for_each_entry_rcu()?
The set of RCU publish and subscribe primitives are shown
in the following table, along with additional primitives to
"unpublish", or retract:
| Category |
Publish |
Retract |
Subscribe |
|---|
| Pointers |
rcu_assign_pointer() |
rcu_assign_pointer(..., NULL) |
rcu_dereference() |
|---|
| Lists |
list_add_rcu()
list_add_tail_rcu()
list_replace_rcu() |
list_del_rcu() |
list_for_each_entry_rcu() |
|---|
| Hlists |
hlist_add_after_rcu()
hlist_add_before_rcu()
hlist_add_head_rcu()
hlist_replace_rcu() |
hlist_del_rcu() |
hlist_for_each_entry_rcu() |
|---|
Note that the list_replace_rcu(), list_del_rcu(),
hlist_replace_rcu(), and hlist_del_rcu()
APIs add a complication.
When is it safe to free up the data element that was replaced or
removed?
In particular, how can we possibly know when all the readers
have released their references to that data element?
These questions are addressed in the following section.
In its most basic form, RCU is a way of waiting for things to finish.
Of course, there are a great many other ways of waiting for things to
finish, including reference counts, reader-writer locks, events, and so on.
The great advantage of RCU is that it can wait for each of
(say) 20,000 different things without having to explicitly
track each and every one of them, and without having to worry about
the performance degradation, scalability limitations, complex deadlock
scenarios, and memory-leak hazards that are inherent in schemes
using explicit tracking.
In RCU's case, the things waited on are called
"RCU read-side critical sections".
An RCU read-side critical section starts with an
rcu_read_lock() primitive, and ends with a corresponding
rcu_read_unlock() primitive.
RCU read-side critical sections can be nested, and may contain pretty
much any code, as long as that code does not explicitly block or sleep
(although a special form of RCU called
"SRCU"
does permit general sleeping in SRCU read-side critical sections).
If you abide by these conventions, you can use RCU to wait for any
desired piece of code to complete.
RCU accomplishes this feat by indirectly determining when these
other things have finished, as has been described elsewhere for
RCU Classic and
realtime RCU.
In particular, as shown in the following figure, RCU is a way of
waiting for pre-existing RCU read-side critical sections to completely
finish, including memory operations executed by those critical sections.
However, note that RCU read-side critical sections
that begin after the beginning
of a given grace period can and will extend beyond the end of that grace
period.
The following pseudocode shows the basic form of algorithms that use
RCU to wait for readers:
- Make a change, for example, replace an element in a linked list.
- Wait for all pre-existing RCU read-side critical sections to
completely finish (for example, by using the
synchronize_rcu() primitive).
The key observation here is that subsequent RCU read-side critical
sections have no way to gain a reference to the newly removed
element.
- Clean up, for example, free the element that was replaced above.
The following code fragment, adapted from those in the
previous section,
demonstrates this process, with field a being the search key:
1 struct foo {
2 struct list_head list;
3 int a;
4 int b;
5 int c;
6 };
7 LIST_HEAD(head);
8
9 /* . . . */
10
11 p = search(head, key);
12 if (p == NULL) {
13 /* Take appropriate action, unlock, and return. */
14 }
15 q = kmalloc(sizeof(*p), GFP_KERNEL);
16 *q = *p;
17 q->b = 2;
18 q->c = 3;
19 list_replace_rcu(&p->list, &q->list);
20 synchronize_rcu();
21 kfree(p);
Lines 19, 20, and 21 implement the three steps called out above.
Lines 16-19 gives RCU ("read-copy update") its name: while permitting
concurrent reads, line 16 copies and lines 17-19
do an update.
The synchronize_rcu() primitive might seem a bit
mysterious at first.
After all, it must wait for all RCU read-side critical sections to
complete, and, as we saw earlier, the
rcu_read_lock() and rcu_read_unlock() primitives
that delimit RCU read-side critical sections don't even generate any
code in non-CONFIG_PREEMPT kernels!
There is a trick, and the trick is that RCU Classic read-side critical
sections delimited by rcu_read_lock() and
rcu_read_unlock() are not permitted to block or sleep.
Therefore, when a given CPU executes a context switch, we are guaranteed
that any prior RCU read-side critical sections will have completed.
This means that as soon as each
CPU has executed at least one context switch, all
prior RCU read-side critical sections are guaranteed to have completed,
meaning that synchronize_rcu() can safely return.
Thus, RCU Classic's synchronize_rcu()
can conceptually be as simple as the following:
1 for_each_online_cpu(cpu)
2 run_on(cpu);
Here, run_on() switches the current thread to the
specified CPU, which forces a context switch on that CPU.
The for_each_online_cpu() loop therefore forces a
context switch on each CPU, thereby guaranteeing that all prior
RCU read-side critical sections have completed, as required.
Although this simple approach works for kernels in which preemption
is disabled across RCU read-side critical sections, in other
words, for non-CONFIG_PREEMPT and CONFIG_PREEMPT
kernels, it does not work for CONFIG_PREEMPT_RT
realtime (-rt) kernels.
Therefore, realtime RCU uses
a different approach based loosely on reference counters.
Of course, the actual implementation in the Linux kernel
is much more complex, as it is required
to handle interrupts, NMIs, CPU hotplug, and other hazards of
production-capable kernels, but while also maintaining good performance and
scalability.
Realtime implementations of RCU must additionally help provide good
realtime response, which rules out implementations (like the simple
two-liner above) that rely on disabling preemption.
Although it is good to know that there is a simple conceptual
implementation of synchronize_rcu(), other questions remain.
For example, what exactly do RCU
readers see when traversing a concurrently updated list?
This question is addressed in the following section.
This section demonstrates how RCU maintains multiple versions of
lists to accommodate synchronization-free readers.
Two examples are presented showing how a an element
that might be referenced by a given reader must remain intact
while that reader remains in its RCU read-side critical section.
The first example demonstrates deletion of a list element,
and the second example demonstrates replacement of an element.
To start the "deletion" example,
we will modify lines 11-21 in the
example in the previous section
as follows:
1 p = search(head, key);
2 if (p != NULL) {
3 list_del_rcu(&p->list);
4 synchronize_rcu();
5 kfree(p);
6 }
The initial state of the list, including the pointer p,
is as follows.
The triples in each element represent the values of fields a,
b, and c, respectively.
The red borders on
each element indicate that readers might be holding references to them,
and because readers do not synchronize directly with updaters,
readers might run concurrently with this entire replacement process.
Please note that
we have omitted the backwards pointers and the link from the tail
of the list to the head for clarity.
After the list_del_rcu() on
line 3 has completed, the 5,6,7 element
has been removed from the list, as shown below.
Since readers do not synchronize directly with updaters,
readers might be concurrently scanning this list.
These concurrent readers might or might not see the newly removed element,
depending on timing.
However, readers that were delayed (e.g., due to interrupts, ECC memory
errors, or, in CONFIG_PREEMPT_RT kernels, preemption)
just after fetching a pointer to the newly removed element might
see the old version of the list for quite some time after the
removal.
Therefore, we now have two versions of the list, one with element
5,6,7 and one without.
The border of the 5,6,7 element is
still red, indicating
that readers might be referencing it.
Please note that readers are not permitted to maintain references to
element 5,6,7 after exiting from their RCU read-side
critical sections.
Therefore,
once the synchronize_rcu() on
line 4 completes, so that all pre-existing readers are
guaranteed to have completed,
there can be no more readers referencing this
element, as indicated by its black border below.
We are thus back to a single version of the list.
At this point, the 5,6,7 element may safely be
freed, as shown below:
At this point, we have completed the deletion of
element 5,6,7.
The following section covers replacement.
Example 2: Maintaining Multiple Versions During Replacement
To start the replacement example,
here are the last few lines of the
example in the previous section:
1 q = kmalloc(sizeof(*p), GFP_KERNEL);
2 *q = *p;
3 q->b = 2;
4 q->c = 3;
5 list_replace_rcu(&p->list, &q->list);
6 synchronize_rcu();
7 kfree(p);
The initial state of the list, including the pointer p,
is the same as for the deletion example:
As before,
the triples in each element represent the values of fields a,
b, and c, respectively.
The red borders on
each element indicate that readers might be holding references to them,
and because readers do not synchronize directly with updaters,
readers might run concurrently with this entire replacement process.
Please note that
we again omit the backwards pointers and the link from the tail
of the list to the head for clarity.
Line 1 kmalloc()s a replacement element, as follows:
Line 2 copies the old element to the new one:
Line 3 updates q->b to the value "2":
Line 4 updates q->c to the value "3":
Now, line 5 does the replacement, so that the new element is
finally visible to readers.
At this point, as shown below, we have two versions of the list.
Pre-existing readers might see the 5,6,7 element, but
new readers will instead see the 5,2,3 element.
But any given reader is guaranteed to see some well-defined list.
After the synchronize_rcu() on line 6 returns,
a grace period will have elapsed, and so all reads that started before the
list_replace_rcu() will have completed.
In particular, any readers that might have been holding references
to the 5,6,7 element are guaranteed to have exited
their RCU read-side critical sections, and are thus prohibited from
continuing to hold a reference.
Therefore, there can no longer be any readers holding references
to the old element, as indicated by the thin black border around
the 5,6,7 element below.
As far as the readers are concerned, we are back to having a single version
of the list, but with the new element in place of the old.
After the kfree() on line 7 completes, the list will
appear as follows:
Despite the fact that RCU was named after the replacement case,
the vast majority of RCU usage within the Linux kernel relies on
the simple deletion case shown in the
previous section.
Discussion
These examples assumed that a mutex was held across the entire
update operation, which would mean that there could be at most two
versions of the list active at a given time.
Quick Quiz 4:
How would you modify the deletion example to permit more than two
versions of the list to be active?
Quick Quiz 5:
How many RCU versions of a given list can be active at any given time?
This sequence of events shows how RCU updates use multiple versions
to safely carry out changes in presence of concurrent readers.
Of course, some algorithms cannot gracefully handle multiple versions.
There are
techniques
[PDF]
for adapting such algorithms to RCU,
but these are beyond the scope of this article.
This article has described the three fundamental components of RCU-based
algorithms:
- a publish-subscribe mechanism for adding new data,
- a way of waiting for pre-existing RCU readers to finish, and
- a discipline of maintaining multiple versions to permit
change without harming or unduly delaying concurrent RCU readers.
Quick Quiz 6:
How can RCU updaters possibly delay RCU readers, given that the
rcu_read_lock() and rcu_read_unlock()
primitives neither spin nor block?
These three RCU components
allow data to be updated in face of concurrent readers, and
can be combined in different ways to
implement a surprising variety of different types of RCU-based algorithms,
some of which will
be the topic of the next installment in this "What is RCU, Really?"
series.
Acknowledgements
We are all indebted to Andy Whitcroft, Gautham Shenoy, and Mike Fulton,
whose review of an early draft of this document greatly improved it.
We owe thanks to the members of the Relativistic Programming project
and to members of PNW TEC for many valuable discussions.
We are grateful to Dan Frye for his support of this effort.
Finally, this material is based upon work supported by the National Science
Foundation under Grant No. CNS-0719851.
This work represents the view of the authors and does not necessarily
represent the view of IBM or of Portland State University.
Linux is a registered trademark of Linus Torvalds.
Other company, product, and service names may be trademarks or
service marks of others.
Quick Quiz 1:
But doesn't seqlock also permit readers and updaters to get work done
concurrently?
Answer:
Yes and no.
Although seqlock readers can run concurrently with
seqlock writers, whenever this happens, the read_seqretry()
primitive will force the reader to retry.
This means that any work done by a seqlock reader running concurrently
with a seqlock updater will be discarded and redone.
So seqlock readers can run concurrently with updaters,
but they cannot actually get any work done in this case.
In contrast, RCU readers can perform useful work even in presence
of concurrent RCU updaters.
Quick Quiz 2:
What prevents the list_for_each_entry_rcu() from
getting a segfault if it happens to execute at exactly the same
time as the list_add_rcu()?
Answer: On all systems running Linux, loads from and stores
to pointers are atomic, that is, if a store to a pointer occurs at
the same time as a load from that same pointer, the load will return
either the initial value or the value stored, never some bitwise mashup
of the two.
In addition, the list_for_each_entry_rcu() always proceeds
forward through the list, never looking back.
Therefore, the list_for_each_entry_rcu() will either see
the element being added by list_add_rcu(), or it will not,
but either way, it will see a valid well-formed list.
Back to Quick Quiz 2.
Quick Quiz 3:
Why do we need to pass two pointers into
hlist_for_each_entry_rcu()
when only one is needed for list_for_each_entry_rcu()?
Answer: Because in an hlist it is necessary to check for
NULL rather than for encountering the head.
(Try coding up a single-pointer hlist_for_each_entry_rcu().
If you come up with a nice solution, it would be a very good thing!)
Back to Quick Quiz 3.
Quick Quiz 4:
How would you modify the deletion example to permit more than two
versions of the list to be active?
Answer:
One way of accomplishing this is as follows:
spin_lock(&mylock);
p = search(head, key);
if (p == NULL)
spin_unlock(&mylock);
else {
list_del_rcu(&p->list);
spin_unlock(&mylock);
synchronize_rcu();
kfree(p);
}
Note that this means that multiple concurrent deletions might be
waiting in synchronize_rcu().
Back to Quick Quiz 4.
Quick Quiz 5:
How many RCU versions of a given list can be active at any given time?
Answer:
That depends on the synchronization design.
If a semaphore protecting the update is held across the grace period,
then there can be at most two versions, the old and the new.
However, if only the search, the update, and the
list_replace_rcu() were protected by a lock, then
there could be an arbitrary number of versions active, limited only
by memory and by how many updates could be completed within a
grace period.
But please note that data structures that are updated so frequently
probably are not good candidates for RCU.
That said, RCU can handle high update rates when necessary.
Back to Quick Quiz 5.
Quick Quiz 6:
How can RCU updaters possibly delay RCU readers, given that the
rcu_read_lock() and rcu_read_unlock()
primitives neither spin nor block?
Answer:
The modifications undertaken by a given RCU updater will cause the
corresponding CPU to invalidate cache lines containing the data,
forcing the CPUs running concurrent RCU readers to incur expensive
cache misses.
(Can you design an algorithm that changes a data structure without
inflicting expensive cache misses on concurrent readers?
On subsequent readers?)
Back to Quick Quiz 6.
Comments (28 posted)
Patches and updates
Kernel trees
Core kernel code
Device drivers
Documentation
Filesystems and block I/O
Memory management
Networking
Architecture-specific
Security-related
Virtualization and containers
Miscellaneous
Page editor: Jonathan Corbet
Distributions
News and Editorials
By Rebecca Sobol
December 19, 2007
This is the last LWN weekly for 2007, so it must be time to reflect on
what's happened during the past year. Also this is a slow time of year, so
there hasn't been much new news.
Debian GNU/Linux: Debian Etch
(4.0) was released in April, as was the sixth revision of Sarge (3.1r6).
The first Etch revision (4.0r1) was released in August. Debian development
is focused on Lenny, now in the testing branch. Overall a good year, but
it's unfortunate that the Dunc-Tank
experiment of late 2006 - early 2007 seems to have caused the demise of
the Debian Weekly News.
Fedora: Fedora made great
strides in becoming true community distribution with the merger of Core and
Extras. 2007 saw the release of both Fedora 7 and Fedora 8, both excellent
desktops/workstations. Max Spevack led the project through the merger and
announced his resignation at the end of the
year. This week's DistroWatch had the comment
that "despite all these positives, the distribution still fails to
attract first-time Linux users who sometimes complain about the lack of a
central configuration utility or the overly technical nature of the
operating system." This led to a discussion
on the Fedora Marketing list. There seems to be some agreement that Fedora
does expect its users to be somewhat clueful, and that's the way we like
it.
Gentoo Linux made one release
this year. The year is not over so it's still possible for 2007.1 to make
it in 2007. Gentoo saw quite a bit of developer churn this year, which may
have led to a delayed release. Then again, releases aren't always that
important. Gentoo works great for
developers.
Mandriva Linux
released in the spring and in the fall, or if you are down under it's the
fall and the spring. The company is in recovery following the financial
problems and lay-offs of previous years. Mandriva is friendly to new
users, with a helpful community on mailing lists and forums to help you
through any rough spots.
openSUSE released 10.3 this
year. There's also an early alpha for 11.0 available. Like Fedora,
openSUSE is a community project with an Enterprise sponsor. This has been
a good year for the project. There has been quite a bit of new
infrastructure like the Build Service, new mailing lists, style guidelines, and a new manager.
Slackware Linux: Slackware
12.0 was released in July. The Slackware
current changelog remains active. There's not much else to say,
Slackware continues. Slackware may not the most newbie friendly, but its
very good at what it does. It's hard to imagine the Linux landscape without
Slackware.
Ubuntu remains strong. Deals
with Dell haven't hurt. Ubuntu, and its derivatives Edubuntu, Kubuntu and
Xubuntu continue to gain users. Releases for this year include Feisty Fawn
(7.04) and Gutsy Gibbon (7.10), as well as the first alpha for the Hardy
Heron (8.04). To see Ubuntu's popularity, just look at all the other
distributions that are using it for a base. (MEPIS, Geubuntu, gOS, Linux
Mint, Symphony OS, Fluxbuntu, gNewSense, Arabian Linux, Kiwi, Impi,
Guadalinex, MoLinux, nUbuntu, ProTech, Linux for Clinics, Mythbuntu,
Pyramid, UbuntuCE, UbuntuME, Ubuntu Studio, ubuntutrinux, BeaFanatIX, PUD,
and andLinux). These can be found by searching for Ubuntu in the Distribution List.
Comments (6 posted)
New Releases
NetBSD 4.0 is out. "
Major achievements in NetBSD 4.0 include support
for version 3 of the Xen virtual machine monitor, Bluetooth, many new
device drivers and embedded platforms based on ARM, PowerPC and MIPS
CPUs. New network services include iSCSI target (server) code and an
implementation of the Common Address Redundancy Protocol. Also, system
security was further enhanced with restrictions of mprotect(2) to enforce
W^X policies, the Kernel Authorization framework, and improvements of the
Veriexec file integrity subsystem, which can be used to harden the system
against trojan horses and virus attacks."
Full Story (comments: none)
Mandriva has
released an alpha
version of Mandriva Linux 2008 Spring (2008.1). Some of the major new
features in this pre-release include PulseAudio, X.org 7.3, KDE 4.0 RC2,
kernel 2.6.24 rc5, and UUID-based drive mounting. "
You are
encouraged to test and comment on this pre-release. Feedback should be
posted in the form of bug reports to Bugzilla, or if it is not a type of
feedback that can be expressed as a bug report, to the Cooker mailing list
or to the Mandriva Forums."
Comments (none posted)
Debian-Edu/Skolelinux has released the first test release based on Debian
lenny. Click below to see some of the known problems with this release.
For those interested in the package installation failure because usplash
needs debian-edu-artwork-usplash issue, there is a
possible workaround.
Full Story (comments: none)
Distribution News
Fedora
Max Spevack, who has led the Fedora project through a period of great
change and improvement, has announced that the time has come to move on to
other (Fedora-related) challenges. So the project is looking for a new
leader. "
The Fedora Project Leader is a full-time Red
Hat position, and so we need to go through a full interview process,
etc.
None of this is being done ad-hoc or randomly. The Fedora Board is part
of the process, as is Red Hat's CTO and other managers within the
engineering organization and human resources."
Full Story (comments: none)
Matt Domsch has been elected to the Fedora board. "
On the "appointed"
side, we are pleased to announce that Bill Nottigham has renewed his seat
for another term, and that Bob McWhirter, the JBoss community manager, has
accepted a seat on the Fedora Board that previously belonged to Chris
Blizzard."
Full Story (comments: none)
Click below for a report from Fedora's KDE Special Interest Group (SIG).
Items on the agenda for week 48 include Trolltech's Phonon GStreamer
backend, kdemultimedia3 compat package?, API documentation, Live images for
KDE4, and development progress: the road to kde4.
Full Story (comments: none)
Gentoo Linux
A summary of the December 13th Gentoo council meeting has been released.
Some of the topics discussed at the meeting include new USE documentation,
Code of Conduct enforcement.
Full Story (comments: none)
Daniel Robbins, founder of Gentoo, has
announced
the availability of fresh stages for AMD64, i686 and x86 for Gentoo users.
"
Barring any build issues from upstream, I plan to offer fresh Gentoo
stages that are no more than a week old at http://www.funtoo.org/linux/, so
the next time you need a fresh stage tarball, please give one of mine a
try. It will save you quite a bit of "emerge -u world" time. And thanks
:)"
Comments (none posted)
Ubuntu family
Ubuntu's Hardy Heron Alpha 2 is expected to be released on Thursday,
December 20, 2007. "
With the DebianImportFreeze now in effect,
it's time to nudge another baby heron out of the nest and hope it flies
better than this broken metaphor: it's time for Hardy Alpha 2."
Full Story (comments: none)
Distribution Newsletters
The Fedora Weekly News for December 10, 2007 is out. "
In
Announcement, we have "Samba Security Updates For FC6" In Planet Fedora,
we have "Talks with Mark: RHM Video", "F8 on the PS3", "Back from India:
FOSS.in", "A good flip-flop: FUDCon Raleigh 2008", "Re-spinning Fedora" and
"Succession Planning"" Plus several other topics.
Full Story (comments: none)
The Ubuntu Weekly Newsletter for December 15, 2007 covers the countdown to
Hardy Alpha 2, new MOTU & community members, Ubuntu Forums interview,
Bazaar 1.0 release, and much more.
Full Story (comments: none)
The
DistroWatch
Weekly for December 17, 2007 is out. "
Yes, it's that time of the
year when DistroWatch takes a brief look at the events that shaped the
distribution world during the past 12 months. Who were the winners and
losers in 2007? Which distributions impressed most? Were there any major
surprises? Read more in our feature story. In the news section, Mandriva
enters a new development process with Cooker Alpha 1, Max Spevack resigns
as Fedora Project Leader, MEPIS updates its artwork for the upcoming
release of SimplyMEPIS, Daniel Robbins announces updated "stage" tarballs,
and Ulteo delivers the first of its online services. Finally, many thanks
to all our loyal readers and best wishes for the festive season! See you
all in 2008!"
Comments (none posted)
Distribution meetings
FUDCon Raleigh 2008 will be held as a Bar Camp, an un-conference. Everyone
with an interest in Fedora is invited to join. This is a three day event,
January 11-13, 2008 held in Raleigh, North Carolina at the NC State
University Campus and Red Hat Headquarters.
Full Story (comments: none)
The second call for talks for the Debian DevRoom at FOSDEM 2008 is out.
"
FOSDEM is the Free and Open Source Developers' European Meeting,
which traditionally takes place at the Campus Solbosch of the
Université Libre de Bruxelles (ULB) in Brussels, Belgium, during
the last weekend of February."
Full Story (comments: none)
The call for proposals for the second Ubuntu Live conference is out. The
conference is co-presented by Canonical, Ltd and O'Reilly Media is slated
to take place July 21-22, 2008 at the Oregon Convention Center in Portland,
Oregon. The
call
for participation will be open until February 4, 2008.
Full Story (comments: none)
Interviews
George Makrydakis
talks
with Ciaran McCreesh about Paludis. "
As a project, paludis
combines a lot of what you will see in F/LOSS, in both social structure and
relations to the "fathering" project. Instead of presenting Paludis myself
and why it is preferable to use it in a Gentoo system instead of portage, I
took the liberty of asking Mr. Ciaran McCreesh, Chief developer among the
Paludis team about a relatively gentle introduction to the Paludis world,
why it became a necessity, its design and goals. Also the relation with
Gentoo is examined, but also a glimpse at how F/LOSS can be a socially
complicated issue emerges from this text. This was an email Q & A with
Mr. McCreesh and the replies laid here are uncensored."
Comments (none posted)
Distribution reviews
CMP Channel compares Linux desktop distributions.
Part 1 looks at the Debian
based distributions Ubuntu, Freespire and Xandros.
Part 2 looks at RPM based
distributions SLED 10, Fedora 7 and PCLinuxOS.
Part 3 pits the winners of
part 1 and part 2 (Ubuntu and Fedora) against each other. "
A close
call, but Ubuntu wins the game and the title of Best Desktop Linux."
Comments (none posted)
vnunet has
a
short review of openSUSE 10.3. "
You will need to decide on what
desktop to use. KDE is the default desktop and a preview of the upcoming
KDE 4 implementation is included, as well as the current 3.5.7 version. The
classic all-green Suse colour scheme is employed, with the enterprise
version of Kontact now also included."
Comments (none posted)
Page editor: Rebecca Sobol
Development
Several weeks ago, your author took a look at the
SquidBee
project, which involves making a wireless remote sensor network
from building blocks made of open-hardware components.
At the heart of each of the SquidBee nodes is an
Atmel AVR
8 bit RISC microprocessor, which sits on an Arduino Diecimila
circuit board.
This week, we'll take a look at the
Arduino project:
Arduino is an open-source electronics prototyping platform based on flexible, easy-to-use hardware and software. It's intended for artists, designers, hobbyists, and anyone interested in creating interactive objects or environments.
Arduino can sense the environment by receiving input from a variety of sensors and can affect its surroundings by controlling lights, motors, and other actuators. The microcontroller on the board is programmed using the Arduino programming language (based on Wiring) and the Arduino development environment (based on Processing). Arduino projects can be stand-alone or they can communicate with software on running on a computer (e.g. Flash, Processing, MaxMSP).
![[Arduino Diecimila]](/images/ns/ArduinoDiecimila.jpg)
AVR chips programmed with the Arduino on-board library
software
are available in a number of different
hardware configurations.
The
Arduino Diecimila board is the one of the more popular
variations, it features a USB host connection which provides power and
allows for software downloads.
The Diecimila name comes from the fact that 10,000 Arduino boards
have been sold, making is a fairly popular development platform.
Arduino Diecimila boards are
available
from a number of vendors for around $35. The board was purchased online
and arrived in the mail several days later.
In addition to the basic processor board, there are numerous open-design
shield boards
available. Shield board functions that are currently available include:
motor control, biosensor interface, prototyping, XBee interface,
Phidget sensor interface, and
potentiometer interface.
Upcoming shield boards include: sensor amplifier, external memory,
external display controller, Bluetooth interface and multi-sensor
interface.
To work with the Arduino board, it is necessary to
install some software on a host machine. Your author used his
main Athlon 64 which runs Ubuntu 7.04. There is a special
Ubuntu installation document that walks the user through the
package installation (and removal) steps, and explains the
software setup procedure.
Running the Arduino IDE was a simple matter of typing ./arduino
on the command line, which caused the IDE window to pop up.
The IDE defaulted to the Diecimila board type, it was necessary to define
the USB connection in the Tools/Serial Port pulldown.
The first attempt at running an
LED blinker
test program resulted in a
bit of operator confusion. The board is apparently shipped with this
particular software example installed, so installing the same test
software does not change the appearance of the already blinking LED.
The Blinker software was pulled into the IDE with the File->Sketchbook->Examples->Digital->Blink menu sequence.
The software was built with no trouble using the Verify button
and copied to the board using the Upload button.
The LED started blinking again.
Tweaking the delay times in the example code, then building and
uploading the changed code verified that indeed, changes were being
sent to the board.
There is another slightly confusing interface aspect to the IDE,
there are tape recorder style run/stop buttons at the top of the
screen, but the run button is really the Verify (compile) function
and the Stop button didn't seem to stop the running code.
The software that the Arduino board runs is written in the
Arduino programming language,
which looks a lot like C/C++ and is based on the
wiring language.
Making a few changes to the blinking LED example was so intuitive
that it was not even necessary to consult the documentation.
The Button
example was also tried, digital input to the board worked as
advertized.
Further testing of the I/O functions of the Arduino Diecimila board
will require some hardware construction, which is beyond the scope
of this (first) article. Your author has been building
simple and
complicated microcontroller projects for a number of decades;
his initial impression of Arduino is that it has a very quick
learning curve and provides a lot of powerful features.
The Atmel AVR microcontroller provides a lot of useful I/O
functionality and enough memory to build many interesting devices.
If you are looking for a convenient way to design a microcontroller
based hardware project, extend the I/O capabilities of your desktop
system, or just play with some cool hardware, Arduino is a quick and
easy way to get started.
Comments (12 posted)
System Applications
Database Software
Version 1.5.5 of the Firebird DBMS has been
announced.
"
This bug-fix release adds no new features but addresses a few bugs and security issues that have turned up in the 11 months since v.1.5.4."
Comments (none posted)
The December 16, 2007 edition of the Postgres Weekly News
is online with the latest PostgreSQL DBMS articles and resources.
Full Story (comments: none)
Version 3.5.4 of SQLite, a light weight DBMS, has been
announced.
Changes include critical bug fixes, standardization of ORDER BY,
improvements to VACUUM, IN operator expression improvements and more.
Comments (none posted)
Networking Tools
Version 1.2 final of NagVis has been
announced.
"
NagVis is a visualization addon for the well known network managment system Nagios. NagVis can be used to visualize Nagios Data, e.g. to display IT processes like a mail system or a network infrastructure.
I'm proud to present you NagVis 1.2 in the final version. It's nearly 3 month since the final release of NagVis 1.1, there have been some interesting changes."
Comments (none posted)
The initial beta release of NWrapper has been
announced.
"
NWrapper was built to be a quick wrapper for storing and executing multiple NMap commands (using SQLite), but it can do a lot more. Also, it was a way for me to start learning C (hence the lack of data structures or anything fancy)."
Comments (none posted)
Printing
Version 1.3.5 of CUPS has been
announced.
"
CUPS 1.3.5 is now available from the CUPS web site and fixes some SNMP and PDF filter security issues, some USB printing issues, and several scheduler issues."
Comments (none posted)
Web Site Development
A new maintenance build of Face Cart has been
announced.
"
face cart is AJAX powered shopping cart presenting unique user experience.e-commerce system designed in the patterns of oscommerce,face cart is Java 5EE e-commerce solution. The shopping cart provides unmatchable speed.Supports all database servers.
It is recommended to download the new Build of faceCart. It fixes several problems related to the deploy process."
Comments (none posted)
The initial release of Intranet for alumni communities has been
announced. The software is a:
"
Web "Portal" with secured services as : directory, job offers, etc ... especially for the use by Alumni associations".
Comments (none posted)
Version 3.0.1 of ZK has been
announced.
"
ZK is Ajax framework enriching Web apps with little programming. With event-driven and markup languages, development is as simple as programming desktops and authoring HTML/XUL pages. ZK supports scripting lang including Java, JavaScript, Ruby, Groovy...
Over 38 new features and 58 bugs fixed, ZK 3.0.1 focuses mainly on fixing bugs and improving performance. New feature include GenericComposer, GenericEventListener, data-binding supports Map, integration with EJB, and etc."
Comments (none posted)
Desktop Applications
Business Applications
Version 2.0.3 of JasperReports has been
announced, it adds some new capabilities and includes some bug fixes.
"
JasperReports, the market leading open source business intelligence and reporting engine. This project is being moved to http://www.jasperforge.org/. This project is the home for all things Jasper, Reports, Analysis, Server, and Intelligence."
Comments (none posted)
Calendar Software
Version 4.11.0 of
pcal,
a program which generates PostScript or HTML calendars, has been released.
"
Changes include fixes for all known bugs, support for new languages (Hawaiian
and Slovak), support for moon icons and Julian dates on yearly-format
calendars, support for a new preposition ('on') for certain calendar events,
additional sample calendar event files, support for the Amiga platform, and
other minor improvements."
Full Story (comments: none)
Desktop Environments
GNOME Software Announcements
The following new GNOME software has been announced this week:
- Deskbar-Applet 2.21.4 (new feature, bug fixes and translation work)
- Empathy 0.21.4 (new features, bug fixes and translation work)
- Epiphany 2.21.4 (new features, bug fixes and translation work)
- Eye of GNOME 2.21.3 (bug fixes and translation work)
- gcalctool 5.21.4 (bug fixes, documentation and translation work)
- Glade 3.4.1 (bug fixes and translation work)
- Gnome Games 2.21.4 (code cleanup, bug fixes and translation work)
- gnome-keyring 2.21.4 (new features, bug fixes and translation work)
- GNOME Power Manager 2.20.2 (bug fixes, documentation and translation work)
- GNOME Power Manager 2.21.1
(bug fixes and translation work)
- GnomePythonDesktop 2.21.1 (new features and bug fixes)
- gnome-speech 0.4.17 (bug fix)
- Gnome Subtitles 0.7.1 (bug fixes and translation work)
- GnuCash 2.2.2 (new features, bug fixes and translation work)
- Gtk2-Perl 2.21.4 (new features, bug and build fixes)
- gtk-engines 2.13.2 (bug fixes and translation work)
- libepc 0.3.1 (new feature and bug fixes)
- libgnomekbd 2.21.4.1 (bug fixes and translation work)
- libspectre 0.1.0 (first public release)
- MonoDevelop 1.0 beta 3 (new features)
- Orca 2.21.4 (new features, bug fixes and translation work)
- pypoppler 0.6.1 (new feature and code cleanup)
- seahorse 2.21.4 (new features, bug fixes and translation work)
- Swfdec 0.5.5 (new features and bug fixes)
- Tomboy 0.9.2 (new features and bug fixes)
You can find more new GNOME software releases at
gnomefiles.org.
Comments (none posted)
The December 9, 2007 edition of the
KDE Commit-Digest has been
announced.
The content summary says:
"
The "simple menu" (similar to the menu found in the KDE 3 series) becomes usable. The clock receives a popup-based calendar widget, with KRunner becoming multi-threaded in Plasma. Work continues the long-awaited update of KBugBuster, with important development milestones reached. Version Control and other general work in KDevelop. Start of a DirectShow (for Windows) backend for Phonon, and the integration of this backend in Amarok 2.0..."
Comments (none posted)
The following new KDE software has been announced this week:
You can find more new KDE software releases at
kde-apps.org.
Comments (none posted)
The following new Xorg software has been announced this week:
Comments (none posted)
Desktop Publishing
Version 1.5.3 of LyX, a GUI front-end to the TeX typesetting system, is out.
"
This is a maintenance
release that further improves the stability and the performance. Besides
numerous crashes, the display problems that slipped into 1.5.2 with
the performance fixes (on the Mac and on Windows) as well as problems
entailed to the reworked document classes were fixed. Furthermore, LyX 1.5.3
comes with speed improvements that should pay off especially on the Mac and
other UNIXes. Finally, this version also provides some new features."
Full Story (comments: none)
Electronics
Version 8.06 of the
Electric
VLSI Design System has been
announced.
"
This release includes many improvements and bug fixes. Two notable features are the new Thin Film technology (tft) and an improved technology editing facility."
Comments (none posted)
Financial Applications
Version 2.8.10 of SQL-Ledger, a web-based accounting system, has been
announced. The changes include:
"
added audit trail for statements,
fixed lineitem reordering for previously saved orders and quotations,
# fixed missing function call for payments batch,
added mid-commit to voucher posting routine to override PostgreSQL's 8+ constraint bug,
added reference to yearend procedure if none is supplied and
added missing function call to destroy statement handle".
Comments (none posted)
Fonts and Images
Back in 2004, LWN
covered the fuss surrounding a license change for Movable Type which had the effect of requiring payments from many site operators. Our point at the time was that this software had never been made available as free software, so that kind of change was always a possibility. No longer:
Movable Type is now available under GPLv2. "
Like many of us on the team, some of you have been waiting for this moment for years. For a business, an open source license affects boring things like how a product is created, updated, and distributed. But the open source movement has always been about something more important: Freedom."
Comments (10 posted)
Games
Version 1.5.1 of Robocode has been
announced.
"
Robocode is a Java programming game, where the goal is to develop a robot battle tank to battle against other tanks. The robot battles are running in real-time and on-screen. The motto of Robocode is: Build the best, destroy the rest!"
Comments (none posted)
Interoperability
Version 4.0.0alpha2 of Samba has been released.
"
Samba 4 is the ambitious next version of the Samba suite that is being
developed in parallel to the stable 3.0 series. The main emphasis in
this branch is support for the Active Directory logon protocols used
by Windows 2000 and above.
Samba 4 is currently not yet in a state where it is usable in
production environments. Note the WARNINGS below, and the STATUS file,
which aims to document what should and should not work."
Full Story (comments: none)
Version 0.9.51 of Wine has been
announced.
Changes include:
"
A bunch of WinHelp improvements,
Better Japanese font support,A ton of rpcrt4 fixes,Several Alsa capture fixes,Improved support for screen resolution changes and
Lots of bug fixes."
Comments (none posted)
Mail Clients
Version 3.2.0 of Claws Mail has been
announced.
This release adds many new features and bug fixes.
Comments (none posted)
Medical Applications
LinuxMedNews has
announced
version 1.00 of Freemed-YiRC.
"
Freemed-YiRC is an open source software project intended for use as a complete
information system by child caring agencies. Freemed-YiRC originally started
out as an intention to add child care functions into FreeMED, however it was
quickly realized that the needs of child caring agencies were different and
the project was forked. Hence, the Freemed-YiRC software project was born.
YiRC = Youth in Residential Care."
Comments (none posted)
Version 0.26 of PatientOS, a healthcare information system, has been
announced.
"
This version marks the start of upgrade support for installation by providing a clean database and adding code to upgrade the database schema, data contents, server and client. Issues are now being logged in Jira. Scheduling setup and configuration tools have been added to build Resources and Appointment Types. A new registration form was added configured to streamline data entry."
Comments (none posted)
LinuxMedNews
notes
plans to release the Proteus intelligent clinical guidelines tools
as open-source software.
"
Lighting up the AMIA os-wg and OpenHealth e-mail discussion lists comes news that the Proteus 'intelligent clinical guidelines' tools are going to be open sourced with an as yet to be announced Free/Open Source license".
Comments (none posted)
Music Applications
Version 0.5 of dssi-vst, a DSSI plugin wrapper for Win32 VST effects and instruments, is out.
"
The 0.5 release now comes with Javier Serrano Polo's VST-compatibility
header, as previously distributed in LMMS. (Actually, this header was
already compatible with dssi-vst -- no modifications to dssi-vst were
necessary -- it's just that the header is now included in the package.)
This permits it to be compiled without the official VST SDK and
distributed under pure GPL."
Full Story (comments: none)
Version 1.0.1 of Rubber Band, an audio time-stretching and
pitch-shifting library and utility, is out.
"
This small update (v1.0.1) fixes an option parsing bug and a dodgy
bit of #ifdef nesting. The core code is the same as in 1.0."
Full Story (comments: none)
Web Browsers
The December 13, 2007 edition of the Mozilla Links Newsletter
is online, take a look for the latest news about the Mozilla browser
and related projects.
Full Story (comments: none)
Word Processors
Version 2.3.1 of OxygenOffice Professional has been
released, it features bug fixes.
"
OxygenOffice Professional (was: OpenOffice.org Premium) is an enhanced version of OpenOffice.org what is a multi-platform office productivity suite. OxygenOffice Professional contains more extras like templates, cliparts, samples, fonts and VBA support."
Comments (none posted)
Languages and Tools
Caml
The December 18, 2007 edition of the Caml Weekly News
is out with new articles about the Caml language.
Full Story (comments: none)
Java
A new version of Explore from here has been
announced.
"
this NetBeans module add a custom action to filesystem nodes to launch an OS explorer pointing the directory referenced by the node. It can be customized specifying an implementation of net.sf.efhnbm.Launcher or a command."
Comments (none posted)
Perl
Version 0.5.1 of Parrot has been
announced.
"
On behalf of the Parrot team, I'm proud to announce Parrot 0.5.1 "Hatachi." Parrot is a virtual machine aimed at running all dynamic languages."
Comments (none posted)
Version 5.10.0 of Perl has been
announced.
"
Perl 5.10.0 is now out, the first in the 5.10.x major version series,
after a five year long development process. It's currently being
mirrored on CPAN."
Comments (1 posted)
Python
The December 18, 2007 edition of the Python-URL! is online with
a new collection of Python article links.
Full Story (comments: none)
Version Control
Version 0.38 of monotone has been announced.
"
A new release! 0.38 has few but important changes and bug fixes."
Full Story (comments: none)
Page editor: Forrest Cook
Linux in the news
Recommended Reading
![[Alan Cox]](/images/ns/AlanCoxVideo.png)
Red Hat Magazine has posted
a short (Theora) video of Alan Cox talking about threats to free software; it is the first of a three-part series.
Comments (5 posted)
Companies
ZDNet UK
looks
at the BBC's move to make its iPlayer online on-demand TV service
available for streaming on Linux systems. "
Following a meeting with
the OSC [Open Source Consortium], the BBC's independent governing body, the
BBC Trust, restated its commitment to make the download version of iPlayer
"platform agnostic"."
Comments (7 posted)
Linux-Watch
covers the
release of Bazaar 1.0, a distributed version control system in
Launchpad. "
In a Linux-Watch
interview, Shuttleworth explained that by making it easier to work in
independent branches, which can then be easily adopted into the main code
tree, Bazaar encourages developers to explore new ideas within a project
rather than forking their new idea into another, related open-source
project. This, in turn, "lets new developers start contributing immediately
and working on new ideas even when they can't get buy-in with old guard."
Thus, "this discourages forks and helps with the social conflicts between
new and older project developers. It makes it easier for people to learn,
work and have fun together on a project.""
Comments (32 posted)
Computerworld
reports on McKesson's move to from mainframes to Linux.
"
Today, San Francisco-based McKesson offers about 50 of its 70 most popular health care applications -- dealing with everything from billing to pharmacy records, staffing, admissions, physician order entry systems and surgery scheduling -- on Linux, reducing costs for hospitals and medical offices. The move was solidified in February, when McKesson partnered with Linux vendor Red Hat Inc. to unveil the Red Hat Enterprise Healthcare Platform, which was customized to meet the needs of the health care industry."
(
Found on LinuxMedNews).
Comments (2 posted)
Here's
a
brief Reuters article on the latest delay in Red Hat's desktop
product. "
Late on Monday, spokeswoman Leigh Day said the company planned to release the software in January, five months after the original target date of August that it had promised customers.
She said Red Hat was postponing the product's release again because it has yet to resolve problems getting the right to distribute software for playing music and viewing videos with the Linux software."
Comments (none posted)
KDE.News
covers
the release of the Phonon backends by Trolltech.
"
Trolltech announced today that the Phonon backends, which they have been developing for inclusion in Qt, are being transferred into the KDE source code repository. Phonon is the KDE 4 API for multimedia and is also set to be part of Qt 4.4, scheduled for the end of Q1 2008. You heard it right folks, a part of Qt will be officially hosted and developed inside KDE's very own Subversion repository, from whose loins Phonon first sprung, and be freely available to all under the LGPL."
Comments (2 posted)
Linux at Work
Over at CNET, Matt Asay
discusses the recent news about the New York Stock Exchange rolling out more Linux and less proprietary UNIX. "
For those who believe they need to earn their living and make the difficult decisions that turn IT into a functional part of one's business, however, there are better options. Open source is one of them, of course, but it need not be the exclusive option. Sometimes a proprietary system will better fit a CIO's requirements. That's fine. But the point is that it should be the CIO who makes that decision, not the vendor."
Comments (4 posted)
Legal
Groklaw
reports
that Opera has filed an antitrust complaint against Microsoft.
"
If you use any browser but Microsoft's you already know all about
the problems you encounter. Nor is this an Opera theoretical. Remember
this story from 2001, where Opera was allegedly directly targetted by
Microsoft, locked out of Microsoft's MSN portal? Then again in 2003? After
you read all that, next read these boldly inaccurate excuses Microsoft
first tried to peddle about HTML standards and why Opera didn't work. Well,
now the chickens have come home to roost."
Comments (none posted)
Resources
Howtoforge
works with SWAT on Fedora 8.
"
This document describes how to set up and configure a Samba Domaincontroller for small workgroups (up to 250 users) on Fedora 8 with the Samba Web Administration Tool. The resulting system provides an easy to manage domaincontroller for your Windows network."
Comments (none posted)
Reviews
Wired
reviews the second Firefox3 beta. "
Linux users will be happy to note that beta 2 brings in the native GTK theme for Firefoxs default icons, buttons, and menu styles. Firefox finally looks like every other Gnome application and if the Linux platform is any indication, the final release of Firefox 3 will look perfectly native regardless of what OS you're using."
Comments (21 posted)
ars technica
reviews the second KDE 4.0 release candidate. "
The second KDE 4 release candidate illuminates the extent to which KDE 4 has matured since the earlier betas, but a massive infusion of debugging and polish is needed before the release next month. Heavy development on KDE 4 will obviously continue after the KDE 4.0 release, so whatever pieces are still missing are sure to be filled in eventually. Some critics point to the deficiencies of KDE 4 and argue that drastic reinvention of basic desktop components might not have been a good idea. After experiencing KDE 4 myself, I have to disagree."
Comments (10 posted)
Linux-Watch
reviews the
Linux Networking Cookbook. "
In her book, [Carla] Schroder delivers
exactly what she promises: recipes for creating tasty and useful Linux and
TCP/IP networking setups. Want to know how to build a VOIP (voice over IP)
server with Asterisk? How to create a single sign-on for hybrid
Linux/Windows LANs? Or, how to create a real VPN with OpenVPN a Linux-based
PPTP (Point-to-Point Tunneling Protocol) server? It's in there."
Comments (5 posted)
Page editor: Forrest Cook
Announcements
Non-Commercial announcements
The Software Freedom Law Center has sent out
a press release announcing the settlement of the GPL-infringement suit filed on behalf of the BusyBox developers against Xterasys. "
Once SFLC verifies that the
complete source code is available, Xterasys' full rights to distribute
BusyBox under the GPL will be reinstated.
Additionally, Xterasys has agreed to appoint an internal Open Source
Compliance Officer to monitor and ensure GPL compliance, and to notify
previous recipients of BusyBox from Xterasys of their rights to the
software under the GPL. Xterasys will also pay an undisclosed amount of
financial consideration to the plaintiffs."
Comments (3 posted)
The
FLAC audio compression
project notes the adoption of the FLAC format by the
European Broadcast Union. The EBU's
FAQ
explains:
"
The EBU Musipop is an audio file transfer system. All concerts on the Euroradio satellite channels, Ravel & Verdi, are recorded by the EBU Geneva Musipop PC as WAV files. They are subsequently converted into FLAC files and sent via satellite over a dedicated 4.8Mbit/s xtranet channel to member stations. Concerts are stored on your local Musipop PC for up to 2 months (memory with standing) from where they are transferred to your local hard drive playout systems."
Comments (none posted)
Commercial announcements
Novell, Inc. has
announced its fourth quarter 2007 financial results.
"
For the quarter, Novell reported net
revenue of $245 million, which excludes $6 million of revenue from its
Swiss-based business consulting unit, which Novell agreed to sell during
the quarter. This compares to net revenue of $234 million for the fourth
fiscal quarter 2006. The loss from operations for the fourth fiscal quarter
2007 was $13 million, compared to income from operations of $4 million for
the fourth fiscal quarter 2006."
Comments (4 posted)
xTuple has announced XTN, the xTuple Network service.
"
xTuple, the leader in open source enterprise resource planning software, is pleased
to announce the general availability of XTN, the xTuple Network service, for users of the xTuple
Applications, PostBooks and OpenMFG.
The xTuple Applications are advanced ERP software solutions built with open source components, such
as the PostgreSQL database, the Qt toolkit for C++, and the OpenRPT report writer. The fully
integrated packages include Inventory Management, Product Definition and Costing, Work Order
Management, Manufacturing, Purchasing, Sales, Shipping and Receiving, Project Management, Sales
Analysis, Accounts Payable, Accounts Receivable, a full General Ledger, and Customer Relationship
Management. Both packages are fully multi-currency, multi-lingual, and support a range of
multi-layered taxation structures."
Full Story (comments: none)
New Books
Rocky Nook has published the book
Digital Astrophotography
by Stefan Seip.
Full Story (comments: none)
The Django Book has been
announced.
"
The Django Book started shipping last week, and we've put the full text online for free.
We put a draft of the book up about a year ago for comments, and were amazed by the quality (and quantity!) of responses. We read each of the comments (around 2500) as we revised the book towards a final print release. That print release has been available in stores for about a week, and we've put the text up for you to read for free."
Comments (none posted)
O'Reilly has published the book
Learning ActionScript 3.0
by Rich Shupe and Zevan Rosser.
Full Story (comments: none)
O'Reilly has published the book
X Power Tools by Chris Tyler.
Full Story (comments: none)
Resources
The December 17, 2007 edition of the FSFE Newsletter is online
with the latest Free Software Foundation Europe news.
Topics include: United Nations Internet Governance Forum (IGF),
STACS meeting in London,
Trophees du Libre 2007 in Soissons,
Training Courses in Stockholm and Nijmegen,
FTF events in Linz, Lausanne, Nijmegen and Dusseldorf,
Foundation activities in Sweden,
Berlin Fellowship discusses Free Software mobile phones,
FSFE revisiting software patent information,
SELF public beta and bug fixing and
Interview with Werner Koch.
Full Story (comments: none)
The Winter, 2007 edition of the
The Perl Review
has been
announced.
"
The Winter 2007 issue of The Perl Review is here, and it has a wonderful cover picture that Eric Maki made with a combination of the B modules and GraphViz. Wonder what Perl's really doing with your program? Map it and find out! That's just the cover, and there is a lot more Perl on the inside."
Comments (none posted)
Deirdre K. Mulligan and Aaron K. Perzanowski have posted
a 76-page paper [PDF] on the causes of the SonyBMG rootkit fiasco. "
This Article aims to identify the market, technological, and legal factors that appear to have led a presumably rational actor toward a strategy
that in retrospect appears obviously and fundamentally misguided."
There's also a couple of detailed suggestions on (U.S.) legal changes which could help make such episodes less likely in the future.
Comments (11 posted)
Calls for Presentations
The CE Linux Forum has put out a Call for Presentations for the 2008 Embedded Linux conference to be held in Mountain View, CA April 15-17. The conference will be held at the Computer History Museum and presentations are being sought for many different topics of interest to embedded Linux developers. Click below for more information.
Full Story (comments: none)
A Call for Abstracts has been
posted
for the SOA in Health Care Conference. The submission deadline is
December 31.
"
The HSSP effort is pulling together an industry conference entitled "SOA for Health Care". Note that the event is focused on case-studies around SOA in health care, and is not about the standards themselves."
Comments (none posted)
Two SyScan'08 events have been announced, along with calls for papers.
"
The Symposium on Security for Asia Network aims to be a very different
security conference from the rest of the security conferences that the
information security community in Asia has come to be so familiar and
frustrated with.
SyScan is a non-product, non-vendor biased security conference. It is
the aspiration of SyScan to congregate in Asia the best security experts
in their various fields, to share their research, discovery and
experience with all security enthusiasts in Asia."
SyScan'08 Hong Kong will take place on May 29-30, 2008,
SyScan'08 Singapore will take place on July 3-4, 2008.
Full Story (comments: none)
Upcoming Events
The Linux Foundation has
announced that
it will be co-hosting (with the Chinese OSS Promotion Union) a Linux
developer symposium in Beijing, China. Speakers will include Dave Neary, Andrew
Morton, Matt Mackall, and a certain LWN editor. "
Similar to the
Linux Foundation's Japanese Symposia, this event is intended to educate and
promote cross-collaboration among Linux kernel developers and local
developers in the region, resulting in increased kernel involvement and
patch submissions."
Comments (none posted)
The program
for the 2008 MySQL Conference & Expo has been announced.
"
Registration is now open for the sixth annual MySQL Conference & Expo. Co-presented by MySQL AB and O'Reilly Media, the conference will take place April 14-17, 2008, in Santa Clara, California. The event is expected to bring together over 1,600 open source and database users from some of the most exciting and fastest-growing companies in the world, as well as from the large and active MySQL Community. The program for 2008 will include keynote presentations by Jacek Becla of Stanford Linear Accelerator and MySQL CEO Marten Mickos."
Comments (none posted)
The PostgreSQL Conference East 2008 has been
announced.
The event will take place in College Park, Maryland on March 29-30, 2008.
"
The conference series is designed to be a geographically strategic series of conferences that allow contributors, current users and future users/developers to learn and network.
Each conference is held in an Academic facility, students and educators are free. Our goal is to establish a series of forums for local developers, administrators and users to mingle with leading PostgreSQL contributors. Initially these forums and conferences will be held in the U.S."
Comments (none posted)
The YAPC::NA 2008 Perl conference has been
announced.
"
The Chicago Perl Mongers are excited to officially announce the location, dates, and website for YAPC::NA 2008. The conference will be held June 16th-18th 2008 at the Illinois Institute of Technology in Chicago, IL."
Comments (none posted)
Events: December 27, 2007 to February 25, 2008
The following event listing is taken from the
LWN.net Calendar.
| Date(s) | Event | Location |
|---|
December 27
December 30 |
24th Chaos Communication Congress |
Berlin, Germany |
| December 31 |
Israeli Perl Workshop |
Ramat Efal, Israel |
January 11
January 13 |
FUDCon Raleigh 2008 |
Raleigh, NC, USA |
January 16
January 17 |
QualiPSo Conference 2008 |
Rome, Italy |
January 17
January 19 |
KDE 4 release event |
Mountain View, CA, USA |
| January 24 |
Federal DBA Day |
Washington DC, USA |
January 28
February 2 |
Linux.conf.au 2008 |
Melbourne, Australia |
January 28
February 1 |
Ruby on Rails Bootcamp with Charles B. Quinn |
Atlanta, Georgia, USA |
January 29
January 31 |
Solution Linux 2008 |
Paris, France |
| February 1 |
Open Island |
Belfast, United Kingdom |
February 6
February 10 |
O'Reilly Money:Tech Conference |
New York, NY, USA |
| February 7 |
Frozen Perl 2009 |
Minneapolis, United States |
February 8
February 10 |
Southern California Linux Expo |
Los Angeles, USA |
February 10
February 13 |
NDSS Symposium 2008 |
San Diego, CA, USA |
| February 11 |
Florida Linux Show 2008 |
Jacksonville, Florida, USA |
| February 11 |
Open Source Software (OSS) and the U.S. Department of Defense (DoD) |
Alexandria, VA, USA |
February 13
February 15 |
German Perl-Workshop |
Regionales Rechenzentrum Erlangen, Germany |
| February 16 |
Frozen Perl 2008 Workshop |
Minneapolis, USA |
February 19
February 20 |
Linux Developer Symposium |
Beijing, China |
February 19
February 20 |
Files and Backup |
London, UK |
February 22
February 24 |
freed.in/2008 |
Delhi, India |
February 23
February 24 |
Free/Open Source Developers' European Meeting 2008 |
Brussels, Belgium |
February 23
February 26 |
Linux World Mexico |
Mexico City, Mexico |
If your event does not appear here, please
tell us about it.
Web sites
Pawel Wolniewicz, a Polish user of open source multimedia applications, has
announced his new
blog,
Free Your Media. Articles
so far include Traverso 0.42.0 released, Podcasting with Linux Command Line
Tools and Audacity, 7 Alternatives to Flickr, and much more.
Comments (2 posted)
Miscellaneous
mozillaZine
covers the Mozilla Foundation's directed giving program where donors choose one of four specific projects to direct their donation to. "
While the Mozilla Foundation has accepted donations since shortly after its establishment in 2003, it has not previously been possible for supporters to specify how they want their money to be spent. With the launch of the directed giving program, Mozilla donors can now allocate their funds to be spent on Bugzilla (the open-source bug tracking software used by many software development projects), Camino (the Mozilla-powered native Mac OS X browser), SeaMonkey (the community-driven continuation of the Mozilla Application Suite) or the Mozilla Accessibility Community (which aims to make Mozilla software easier to use for users with disabilities)."
Comments (3 posted)
Page editor: Forrest Cook
