LWN.net Logo

LWN.net Weekly Edition for January 3, 2008

The 2007 Linux and free software timeline

Welcome to the tenth annual LWN Linux and free software timeline. In what has become a longstanding tradition, LWN finishes each year with a collection of the most important events from the last twelve months.

This is version 0.9 of the 2007 timeline. There are certainly errors and omissions; if you find any, please send them to timeline@lwn.net rather than posting them as comments.

The development of the LWN.net Linux Timeline was supported by LWN subscribers; if you like what you see, please consider subscribing to LWN.

  • January: Nouveau driver pledge, GPL Second Life, LCA, ...
  • February: Bitfrost, 2.6.20, RTLinux, Robbins, Raymond, ...
  • March: RSDL, RHEL5, Murdock, Beryl/Compiz, ...
  • April: OpenBSD, Debian 4.0, CFS, 2.6.21, ...
  • May: Python 3000, 235 violated patents, Indiana, Fedora 7, ...
  • June: Emacs, Microsoft deals, Btrfs, GPLv3, ...
  • July: Slackware 12, 2.6.22, CUPS, CPAL, ...
  • August: SCO loses, ClamAV, OpenBSD, ...
  • September: NetAPP/Sun, Kernel summit, ATI opens up, SCO bankruptcy, ...
  • October: 2.6.23, openSUSE 10.3, Gutsy, GNOME/OOXML, ...
  • November: Fedora 8, KDE 4.0-rc, lawsuits, ...
  • December: RHE-MRG, qmail, HTML5 without Theora, ...

Thanks to the following people for suggestions which have improved this year's timeline:

  • Xavier Bestel
  • Chromatic
  • Norman Gaywood
  • Jim Gettys

For the historically minded, the timelines for the previous nine years remain available:

1998 1999 2000 2001 2002 2003 2004 2005 2006

Comments (4 posted)

Wild predictions for 2008

By Jonathan Corbet
December 31, 2007
It's that time of year again: the beginning of the new year - along with the lack of much else going on - inspires editors to make predictions about what they think may happen in the coming months. Your editor is not immune to these forces, and he has long since ceased to fear the possibility of looking like a fool in front of thousands of people. He's used to looking like a fool in front of thousands of people. So, without further ado, here's a set of wild guesses about what may await us in 2008.

Development

Support for Flash media will reach a usable state in 2008 - at least, on the playback side. The ability to waste time on video sites using only free software will doubtless prove appealing for many Linux users, while the ability to display Flash-based advertising may prove less so. But Flash is an important medium for video content and various types of interaction; good, free support for this medium is an important prerequisite for true World Domination. Arguably even more important is the ability to create Flash media on Linux, but that will take a little longer to come around.

KDE 4.0 will be released early in the year. This is a huge, milestone release for the KDE development community, but the developers who have worked so hard toward this goal may find the user community's response a little disappointing. For all of the great work which has gone into 4.0, it remains a dot-zero release, and a big one at that. The remaining bugs and missing features are certain to put off some early adopters. One need only think back to the early GNOME 2.x releases, though, to realize that this is a normal part of the development process and that things will get much better quickly.

The focus on power consumption will intensify this year, continuing a trend from 2007. Linux should, by all rights, consume less power than competing systems on the same hardware - but it doesn't. We now have the tools to identify and track down the worst offenders in this area, and we have the low-level support needed to make low-power Linux possible. Mobile applications may continue to drive this push, but there may be even more low-hanging fruit on fixed systems. There is just no end of reasons to reduce power consumption on all systems running Linux, and we're now in a position to get that job done.

The merging of the realtime Linux tree will be substantially complete by the end of the year. Your editor is out on a limb here; the remaining realtime code includes some of the most intrusive changes. But distributors are shipping this code now, and it has been well tested in a number of environments. So it seems likely that, by the end of 2008, the mainline Linux kernel will be fully capable of running in a realtime mode.

Legal issues and related overhead

The OOXML standardization debate will continue, and Microsoft may well prevail in getting its document format recognized as a standard by the end of the year. The free software community will react as it always has - it's just another data format to support.

More projects will move to GPLv3 in 2008, creating occasional fallout at the distributor level when newly-created licensing conflicts are found. The most interesting potential change is the GNU C library, which remains at LGPL 2.1 as of this writing. A GPLv3-licensed glibc would have to be user-replaceable, which could be problematic on locked-down devices. So, if this change happens, expect a increased interest in alternative C libraries for embedded applications.

GPL enforcement activities will continue and may even increase. Patience with companies which use the code without complying with its license is at a low point, and that will not change. Chances are that, once again, almost every company which is confronted on GPL-violation issues will come into compliance without going to court.

There will be no more Microsoft patent deals, at least with companies of any significance. Those who are inclined to make such agreements have already done so; the holdouts are unlikely to change their minds at this point.

Commercial and related

The OLPC project will start to think seriously about the successor to the XO. There will be many opportunities to build a platform which can be even more empowering for small children; for example, the GNU Radio folks are already pondering ways to bring software-defined radio capabilities to this machine. Meanwhile, deployments of the XO will continue to happen and we'll see the first effects of putting truly free systems into the hands of children. Some of those effects will certainly surprise us.

The days of hardware support hassles will be over. By the end of 2008, we should have good support for ATI graphics adapters, Atheros wireless chipsets, and even, via the Nouveau project, NVidia adapters. There will always be exceptions, but the rule will be clear: we will be able to buy hardware secure in the knowledge that it will work with our Linux systems.

Competition between distributors will grow in intensity. We saw some hints of this in the sniping between Red Hat and Novell toward the end of 2007; there will be more as these businesses increase their focus on the bottom line. Ubuntu will also push harder, though, interestingly, it often seems like that distributor's biggest perceived competitor is Fedora. Your editor believes (and hopes) that cooperation at the development level will remain strong despite increasing drama at the public relations level.

Along these lines, expect intensified competition from Sun, which will continue to try to aggressively push Solaris into Linux shops while simultaneously presenting a friendly face to the community. We may also see more of the less-friendly side of the BSD community for similar reasons.

Community

There will be a major technical Linux event in the United States - the first in some years. The Linux Plumbers Conference, planned for mid-September, will be unique in its focus on the kernel and the software layers immediately surrounding it. Getting the "greater kernel ecosystem" together in one place is an overdue move which should help integration and development of the plumbing we all depend on.

Participation in the development community will grow. That, of course, has been true every year for at least two decades. In 2008, though, we can expect to see a stronger push to encourage developers from parts of the world which traditionally have not contributed so strongly to our community; Asia, in particular, should continue to increase its presence. We will also continue to see companies in the embedded systems area figure out that, if they do not participate in the development of the code they use, others will have a much stronger influence on how that development goes.

Tolerance for anti-social behavior on mailing lists, IRC channels, etc. will continue to drop as development communities try to attract and provide a welcoming environment for more participants. Many communities have formal codes of conduct now; others may well try to adopt them. But even less-formal groups will increasingly understand that a harsh and unfriendly environment hurts the project as a whole.

As usual, we'll come back to these predictions at the end of the year and mock them without mercy. Until then, best wishes for a great 2008 from the LWN editorial team!

Comments (20 posted)

The Grumpy Editor's video journey part 3: DVD authoring

By Jonathan Corbet
January 2, 2008
Part of the LWN Grumpy Editor series
As readers of the first part of this series will remember, your editor has set out on a project to digitize a set of old video tapes and turn them into properly-formatted DVD media suitable for handing out to the grandparents. Part 1 was about the task of capturing this data to disk; part 2 covers the video editors available for turning the captured data into something watchable, and part 3 covers the task of creating a DVD from the edited video.

Attentive readers may have noticed that part 2 has not yet been written; there are more editors available than your editor had expected (currently under review are Cinelerra CV, Kino, PiTiVi, LiVES, and Avidemux), so that process is taking longer than expected. For the purposes of this article, let us assume that your editor has a disk full of video clips which have been edited and properly formatted into the MPEG2/AC3 video object files expected by DVD players. There will be a discussion of the best ways to get those files there in the near future, promise.

Many of us have burned CDs and found the process to be relatively straightforward - the biggest obstacle is often just getting past the grumpiness built into cdrecord and its latter-day derivatives. Creating data DVDs is not a whole lot harder. So one might be inclined to approach the task of creating a video DVD with a "this will be easy" attitude. It is, in fact, a task just about anybody can learn to do, but it is on a different order of complexity than creating a CD full of music. A video DVD is, in truth, a program complete with its own hierarchical structure, menus, and code written for the simple virtual machine lurking within every DVD player. Creating a playable DVD requires writing that program.

If DVDs are programs, then the one compiler available for Linux systems is the command-line dvdauthor tool. Regardless of how one builds a DVD, dvdauthor will be involved in the process at some point. This tool requires a collection of video objects representing the actual video titles and also implementing the menus, subtitles, and more. It's all tied together via a complex XML file (example) which is compiled by dvdauthor to create the final product.

It is possible to create all of these pieces by hand, and, doubtless, Real Linux Video Jocks would not do it any other way. One can use dvdauthor to help with the generation of parts of the XML file. There is documentation which seems fairly complete, if a bit terse. But the fact of the matter is that most people attempting to use this tool directly will give up in despair. There is no reason why DVD authors should have to work at this level; dvdauthor is essentially an assembler which, while being absolutely essential to do most of the heavy lifting, should be hidden from most polite company. DVD creation is a visual task; there should be visually-oriented tools for this job. The good news is that these tools do, indeed, exist.

DVDStyler

[DVDStyler] The first of these tools is DVDStyler, a GTK-based application. There are three basic tabs which are used to work through the tasks of piecing together a DVD; they are labeled "Directories," "Backgrounds," and "Buttons." The directories tab pulls up a simple internal directory browser, useful for adding objects to the DVD. So, if the DVD author has a collection of VOB files containing video data, they can be found by way of this tab and added, one by one, to the DVD. Each object shows up in the bottom pane of the window, generally with an unhelpful annotation like "Title 2". There is no easy way to see what each of those titles is; one must query their properties and look at the associated file name.

As a grumpy aside, your editor must note that the directory browser uselessly starts at $HOME. One need not work with much video data before realizing that special provisions must be made for its storage; video objects are unlikely to be kept in the home directory. Your editor has a hard time understanding why tools like this are unable to start file searches in the current working directory, which is a much more likely place to find things of interest. Switching to $HOME is not just a least-surprise violation; it actively makes things harder for the user.

The "Backgrounds" tab helpfully offers a dozen or so canned background images which can be used for the DVD menus. They are nice backgrounds, and they might just be useful for somebody struggling through the process of creating a DVD for the first time. Your editor, though, suspects that most users, by the time they create their second (working) DVD, might just want to supply their own background images. They will look for that option under the "Backgrounds" tab in vain, though. It is possible to supply a custom image: go to the large (video screen) pane, right-click, select "properties," and set an image there. It's easy, once you've figured it out. But one would think that, having gone to the trouble to provide an entire mode dedicated to background images, the developer would have thought to toss in a "none of the above" button.

The hardest part of creating a DVD (once one has suitable video in place, obviously) is getting the menus to work. DVDStyler starts with an empty main menu in place; it is up to the user to add entries which will do interesting things. That is done by way of the "Buttons" tab. There's a selection of arrows available, as well as the ability to add basic text buttons. The button of interest can be simply dragged to the right spot on the menu, sized appropriately, and configured to do the right thing. There are also "empty" buttons for more complicated situations where the real button text (or image) is found on the menu's background image.

[Button dialog] Having added a button, the author must tell the system what happens in response to events on that button. To that end, there is a separate "properties" dialog. Usually one wants a button to cause a certain video title to be played, and that is easily configured. If more than one menu has been created, buttons can also be set to jump from one menu to the next. There is a "custom" blank for the harder cases which require direct entry of code to be executed by the DVD virtual machine. In DVDStyler, the selection of relatively obscure options (subtitles, languages, camera angles) can only be set up in this way.

Also required is a specification of what happens when one of the directional arrows is pressed. The default "auto" setting leaves that up to the player, which will probably do the right thing - the down arrow, for example, will move the focus to the next button below the current one. Anybody who is concerned about the user interface provided by the resulting DVD will probably want to set these actions explicitly, though - a somewhat tedious and time-consuming task.

Eventually, the time comes to actually create the DVD. Most first-time users will probably go to the DVD menu for this task, but the "burn" option is not there - it's under the "file" menu instead. The resulting dialog works nicely, giving the user the option to stop after generating the ISO image or to run a preview application (xine by default) before actually writing to the disk. Underneath this dialog is a whole set of helper commands which are run; those can be configured if need be, but most users will not tread there.

All told, your editor found DVDStyler to be the easier tool to use for quickly putting together a video disk. There is just one little problem: those disks never quite worked right on your editor's ancient DVD player. Somehow, a misunderstanding about how the menus should work crept in. Your editor suspects, perhaps, that overlapping buttons may have something to do with it; the other application reviewed by your editor (QDVDAuthor) detected and corrected that situation, but DVDStyler did not. In any case, newer players had no problem with the generated disks, so this may not be a problem that most people need to be concerned with.

'Q' DVD-Author

[qdvdauthor] The other DVD authoring application considered here is 'Q' DVD-Author (or qdvdauthor from here on out in an effort to save your editor's typing fingers). This is a Qt-based application aimed at providing complete DVD authoring capability. It is arguably more complete and mature than DVDStyler, but more complex as well.

Qdvdauthor provides a three-paned window with areas for the current set of audio/video objects, the DVD hierarchy, and the menu designer. The audio/video pane, on the left end, is clearly a work in progress. There is a thumbnail area which shows the opening frame of the associated video - sometimes. Other times it stays green and qdvdauthor silently leaves an mplayer process desperately cranking away in the background. It was only when the load average on your editor's system got to around 20 that he figured that one out. There is a "play" button which pops up a cheery "not yet implemented" button. The run time of each video title is also displayed. All told, it is a more useful display than what DVDStyler offers, with the potential to be quite a bit better yet.

The middle pane shows the current hierarchy of objects making up the DVD. It is a helpful display, given that DVDs truly are hierarchical objects. It likes to reset itself to the top, though, making it necessary to scroll repeatedly toward the bottom when the DVD gets more complex. The right pane shows one of the DVD menus - or a couple of other things we'll see later on. One very nice feature is the little display at the bottom showing how much data has been committed to the DVD so far and how much room remains.

Video titles are easily added using the prominent "add movie" button. Once attention turns to the menu creation process, one notices that there is no separate "backgrounds" tab - but there is a button for adding a custom background image, which is what is really needed anyway. Your editor found that dragging a thumbnail from the video pane over to the menu area created a picture button which would play the associated title - a nice feature.

[qdvdauthor text properties dialog] [qdvdauthor button properties dialog] The creation of text buttons (or those from a separate image) is a bit more labor-intensive, requiring the user to right-click on the background, select "add text", draw a rectangle to define the text area, fill in a rather gaudy text dialog (shown left) with the actual text (and tweak fonts and such), right-click on the newly-added text and select "define as button", then fill in the button properties dialog (shown right). That last step involves setting the button name (necessary - it would be nice if it defaulted to the button text) and picking the various associated actions. It takes a while.

Eventually, the time comes to commit all of that work to an actual DVD. A click on the associated button gets that process going. If one has been sloppy in drawing out buttons, the first thing to come up will be a warning that some of the buttons overlap, accompanied by an offer to fix the problem automatically. One can also decline the offer (aborting the process) to fix the problem manually.

This is as good a point as any to note that moving and resizing buttons in qdvdauthor is a real exercise in pain. The button areas have the usual grab points for moving, dragging edges and corners, or rotating the button. But none of those are visible until the user has clicked the mouse and committed himself to doing something. The end result is that attempts to drag a button often do something else - like rotating them to some strange angle. The basic interaction modes for operating on graphical objects in a display have been well understood for years; one can only imagine that whoever designed this interface was engaging in some sort of sadistic exercise which was sponsored by purveyors of strong drink.

[burn dialog] Once the buttons have been sorted out, selecting the burn operation brings up a rather intimidating dialog showing all of the commands which will be executed to get the job done. It's at this point that one realizes just how much behind-the-scenes magic is going on to make the DVD creation process actually happen. There are options to disable specific parts of the process (actually burning the disk, for example), and the adventurous can edit the commands before they run. Most people, though, will probably just hit the "OK" button at the bottom and watch the process unfold. Which it does, just as one would expect.

There's a few other nice features hidden in this application. The menu pane can be made to show the XML file which will be generated for dvdauthor; it can also be put into a garish and complex dialog which facilitates the addition of subtitles. There is a template mechanism for menus, and a network-based repository from which qdvdauthor can download new templates. There is an operation which will convert the entire DVD between the NTSC and PAL formats - your editor has not yet exercised this option, but, given that some of the grandparents for whom this work is intended live in Europe, it will eventually come in handy. There is a little-used plugin mechanism and a theme feature as well; long-neglected Motif users will be glad to know there is a style for them. The addition of audio to menus and intro/outro sequences to titles is relatively straightforward. There is also an option to make DVD slideshows out of a series of still images.

Conclusion

Either one of these applications can get the job done. They both show the best of how an application on a Unix-like system can add power by using existing tools. Neither DVDStyler nor qdvdauthor actually does much of the work of creating menus or burning DVDs; they mostly just put together fiendishly-complex command lines and call out to the tools which have been designed to do that work well. Overall, the combination works reasonably well.

A feature which is lacking from both tools is a "hold my hand" mode for people who are not - and do not want to be - experts in DVD creation. A sequence of screens which would set up an initial menu, import titles, and create buttons for each would be most helpful in this regard. As it is, users must have their own internal checklist in mind when creating DVDs, and it is easy to miss things. Your editor, while certainly slower than most, is unlikely to be the only one to have created an impressive pile of coasters before finally producing a DVD which actually worked as intended.

While the tools edited here are, in your editor's opinion, the best available for Linux for this task, there are some others to be aware of:

  • Tovid is a set of command-line tools for the creation of DVD menus and putting the whole structure together. They hide much of the underlying complexity and may prove useful for users not wanting to work with a graphical interface.

  • VideoLink is an interesting tool which enables the creation of DVD menus in HTML. It then renders them with a web browser and prepares the result for burning to a DVD.

  • Kino (which will be covered in depth in part 2) can produce a simple dvdauthor script to make a no-menu DVD with a single title.

  • KDE DVD Authoring Wizard is a kdialog script which steps the user through the creation of a simple DVD. It provides the handholding mentioned above, but, arguably, simplifies out too much of the process.

Of all these tools, it must be said that qdvdauthor is, at this time, the most complete and capable. It provides access to almost any capability supported by current DVD players, is relatively easy to use, and works most of the time. With luck, the developers (who released the 1.0.0 version reviewed here in November, 2007) will devote themselves to smoothing out the remaining rough edges, leaving us with a tool which DVD authors at any level can use.

Comments (22 posted)

Page editor: Jonathan Corbet

Security

The future of unencrypted web traffic

By Jake Edge
January 2, 2008

Hypertext transfer protocol (http) is the heart of the web, providing the means to retrieve content from remote servers. It is an unencrypted, text-based protocol which allows malicious intermediaries to snoop on and potentially modify the traffic. Unfortunately, internet service providers (ISPs) are getting increasingly bold in manipulating the traffic that they carry. This has lead some to call for the elimination of http, in favor of encrypted http (aka secure http or https).

An ISP is perfectly situated to gather an enormous amount of information about its users, their website preferences and habits (often called clickstream data). Some have reportedly been selling some of that data in a thinly-anonymized form to advertisers and others. As AOL's well-intentioned, but poorly implemented, release of search queries showed, it is rather easy to analyze this kind of data and pierce the anonymity, deriving the specific user.

Another recent ISP trick is to modify a retrieved web page to display other information – under the control of the ISP – which looks like it comes from the website itself. Canadian ISP Rogers Internet has been testing a system to add content to the Google homepage for their customers who are near their monthly bandwidth limits. There are also plans afoot for ISPs to use clickstream data to target advertising – though just where those ads would show up is far from clear.

This kind of manipulation is unlikely to be what internet users expect – to the extent they think about it all. The model folks tend to use is that of a phone company; we do not expect them to sell our call records to the highest bidder, nor do we give them license to modify our calls. Various telecommunications privacy laws protect that data, but those laws have not (yet) been applied to internet traffic. In addition, ISPs tend to have a monopoly or near-monopoly, which restricts alternative, less-intrusive ISPs from competing.

Fortunately, there are technical solutions possible in the internet realm that would be difficult or impossible to implement network-wide in the phone system. Encrypting website traffic will go a long way towards eliminating this kind of ISP abuse, though it is no panacea. As more of these kinds of privacy invasions occur, we should see more routine use of https by websites.

Currently, https is almost exclusively used for e-commerce transactions; typing in credit card numbers and the like. Authentication via username and password is another area that sees widespread encrypted pages. Sites may start to use https for their entire site to combat clickstream and page rewriting abuse – though there will still be some information leakage as the ISPs can still see what sites are being visited.

In order to make an https connection, the server must have a certificate with its public key. Typically those are signed by an authority recognized by browsers which allows the browser to authenticate that the certificate belongs to the host visited. Getting signed certificates is a bit cumbersome, costs some money, and they need to be renewed periodically – all of which adds up to a headache for a site, especially a small, non-commercial site, that wants to switch to using https. Self-signed certificates are an alternative, but because they are susceptible to man-in-the-middle attacks, browsers warn their users when they receive one.

Another problem with this approach is the extra processing required on the server to support encrypting each and every request. There is a non-trivial amount of extra work that must be done per request and cannot be cached. Sites that wish to avoid the problems that some ISPs are introducing will just have to bear that cost.

Pushing bits is not very glamorous, but that is really what one hires an ISP to do. Since they seem to be finding new and exciting ways to interfere with those bits – Comcast messing with BitTorrent traffic for example – internet users will have to find ways to thwart their schemes and encryption will be a big part of that effort. Using https site-wide is only one step, other services will also need to be protected from ISP abuse. What if an ISP started manipulating the results returned from DNS queries, perhaps routing some to a server they control?

Comments (32 posted)

LWN adds a Security index

LWN has added a new index to complement the existing Kernel index. The Security index covers security articles we have published since the start of 2007. Hopefully this will be a useful resource for our readers and, as always, we value your comments. Please send them to lwn-AT-lwn.net.

Comments (none posted)

New vulnerabilities

autofs: privilege escalation

Package(s):autofs CVE #(s):CVE-2007-6285
Created:December 21, 2007 Updated:January 14, 2008
Description: The default configuration for autofs 5 (autofs5) on Red Hat Enterprise Linux (RHEL) 4 and 5 does not specify the nodev mount option for the -hosts map, which allows local users to access "important devices" by operating a remote NFS server and creating special device files on that server.
Alerts:
Red Hat RHSA-2007:1176-01 2007-12-20
Red Hat RHSA-2007:1177-01 2007-12-20
Fedora FEDORA-2007-4709 2007-12-21
Fedora FEDORA-2007-4707 2007-12-21
Mandriva MDVSA-2008:009 2007-01-11
Mandriva MDVSA-2008:009-1 2007-01-12

Comments (1 posted)

bind: insecure permissions

Package(s):bind CVE #(s):CVE-2007-6283
Created:December 21, 2007 Updated:May 21, 2008
Description: Red Hat Enterprise Linux 5 and Fedora install the Bind /etc/rndc.key file with world-readable permissions, which allows local users to perform unauthorized named commands, such as causing a denial of service by stopping named.
Alerts:
Fedora FEDORA-2007-4655 2007-12-20
Fedora FEDORA-2007-4658 2007-12-20
Fedora FEDORA-2008-0903 2008-01-22
Red Hat RHSA-2008:0300-02 2008-05-21

Comments (1 posted)

clamav: mystery vulnerability

Package(s):clamav CVE #(s):CVE-2007-6337
Created:December 31, 2007 Updated:January 22, 2008
Description: Clamav contains "an unspecified vulnerability" associated with the bzip2 decompression code.
Alerts:
Gentoo 200712-20 2007-12-29
Mandriva MDVSA-2008:003 2007-01-08
SuSE SUSE-SR:2008:001 2008-01-09
Fedora FEDORA-2008-0170 2008-01-22
Fedora FEDORA-2008-0115 2008-01-22

Comments (1 posted)

exiftags: multiple vulnerabilities

Package(s):exiftags CVE #(s):CVE-2007-6354 CVE-2007-6355 CVE-2007-6356
Created:December 31, 2007 Updated:April 1, 2008
Description: From the Gentoo advisory: Meder Kydyraliev (Google Security) discovered that Exif metadata is not properly sanitized before being processed, resulting in illegal memory access in the postprop() and other functions (CVE-2007-6354). He also discovered integer overflow vulnerabilities in the parsetag() and other functions (CVE-2007-6355) and an infinite recursion in the readifds() function caused by recursive IFD references (CVE-2007-6356).
Alerts:
Gentoo 200712-17 2007-12-29
Debian DSA-1533-1 2008-03-27
Debian DSA-1533-2 2008-04-01

Comments (none posted)

exiv2: integer overflow

Package(s):exiv2 CVE #(s):CVE-2007-6353
Created:December 21, 2007 Updated:January 24, 2008
Description: Integer overflow in exif.cpp in exiv2 library allows context-dependent attackers to execute arbitrary code via a crafted EXIF file that triggers a heap-based buffer overflow.
Alerts:
Fedora FEDORA-2007-4551 2007-12-20
Fedora FEDORA-2007-4591 2007-12-20
Gentoo 200712-16 2007-12-29
SuSE SUSE-SR:2008:001 2008-01-09
Mandriva MDVSA-2008:006 2007-01-10
Debian DSA-1474-1 2008-01-23

Comments (none posted)

gallery2: multiple vulnerabilities

Package(s):gallery2 CVE #(s):CVE-2007-6685 CVE-2007-6686 CVE-2007-6687 CVE-2007-6688 CVE-2007-6689 CVE-2007-6690 CVE-2007-6691 CVE-2007-6692 CVE-2007-6693
Created:December 27, 2007 Updated:February 12, 2008
Description: Versions of the Gallery photo management application before 2.2.4 have the following vulnerabilities: (1) an unauthorized album creation and file upload, (2) a local file inclusion vulnerability, (3) several cross site scripting vulnerabilities, (4) a web-accessibility protection problem, (5) problems with checks for disallowed file extensions with file uploads, (6) missing permissions checks on GR commands, (7) several information disclosures, (8) an arbitrary URL redirection problem and (9) a proxied request weakness.
Alerts:
Fedora FEDORA-2007-4777 2007-12-26
Fedora FEDORA-2007-4778 2007-12-26
Gentoo 200802-04 2008-02-11

Comments (none posted)

Ganglia: cross-site scripting

Package(s):ganglia CVE #(s):
Created:December 21, 2007 Updated:January 2, 2008
Description: Ganglia is a scalable, real-time monitoring and execution environment with all execution requests and statistics expressed in an open well-defined XML format. The Ganglia web frontend is vulnerable to cross-site scripting.
Alerts:
Fedora FEDORA-2007-4562 2007-12-20
Fedora FEDORA-2007-4584 2007-12-20

Comments (none posted)

imlib: denial of service

Package(s):imlib CVE #(s):CVE-2007-3568
Created:December 28, 2007 Updated:January 2, 2008
Description: The _LoadBMP function in imlib 1.9.15 and earlier allows context-dependent attackers to cause a denial of service (infinite loop) via a BMP image with a Bits Per Page (BPP) value of 0.
Alerts:
Fedora FEDORA-2007-4594 2007-12-28
Fedora FEDORA-2007-4561 2007-12-28

Comments (none posted)

kernel: information leak, denial of service

Package(s):linux-2.6 CVE #(s):CVE-2007-6206 CVE-2007-6417
Created:December 21, 2007 Updated:May 7, 2008
Description: Blake Frantz discovered that when a core file owned by a non-root user exists, and a root-owned process dumps core over it, the core file retains its original ownership. This could be used by a local user to gain access to sensitive information. (CVE-2007-6206)

Hugh Dickins discovered an issue in the tmpfs filesystem where, under a rare circumstance, a kernel page maybe improperly cleared, leaking sensitive kernel memory to userspace or resulting in a DoS (crash). (CVE-2007-6417)

Alerts:
Debian DSA-1436-1 2007-12-20
Red Hat RHSA-2008:0089-01 2008-01-23
Red Hat RHSA-2008:0055-01 2008-01-31
Ubuntu USN-574-1 2008-02-04
SuSE SUSE-SA:2008:006 2008-02-07
rPath rPSA-2008-0048-1 2008-02-08
Mandriva MDVSA-2008:044 2008-02-12
SuSE SUSE-SA:2008:007 2008-02-12
Ubuntu USN-578-1 2008-02-14
Debian DSA-1503 2008-02-22
Debian DSA-1504 2008-02-22
Debian DSA-1503-2 2008-03-06
Mandriva MDVSA-2008:086 2008-04-15
Red Hat RHSA-2008:0211-01 2008-05-07
CentOS CESA-2008:0211 2008-05-07

Comments (none posted)

mt-daapd: multiple vulnerabilities

Package(s):mt-daapd CVE #(s):CVE-2007-5825 CVE-2007-5824
Created:December 31, 2007 Updated:June 13, 2008
Description: From the Gentoo advisory: nnp discovered multiple vulnerabilities in the XML-RPC handler in the file webserver.c. The ws_addarg() function contains a format string vulnerability, as it does not properly sanitize username and password data from the "Authorization: Basic" HTTP header line (CVE-2007-5825). The ws_decodepassword() and ws_getheaders() functions do not correctly handle empty Authorization header lines, or header lines without a ':' character, leading to NULL pointer dereferences (CVE-2007-5824).
Alerts:
Gentoo 200712-18 2007-12-29
Debian DSA-1597-1 2008-06-12

Comments (none posted)

mysql: denial of service

Package(s):mysql-dfsg-5.0 CVE #(s):CVE-2007-6304
Created:December 21, 2007 Updated:April 7, 2008
Description: Philip Stoev discovered that the the federated engine of MySQL did not properly handle responses with a small number of columns. An authenticated user could use a crafted response to a SHOW TABLE STATUS query and cause a denial of service.
Alerts:
Ubuntu USN-559-1 2007-12-21
Debian DSA-1451-1 2008-01-06
Mandriva MDVSA-2008:017 2008-01-19
Mandriva MDVSA-2008:028 2007-01-29
SuSE SUSE-SR:2008:003 2008-02-07
Gentoo 200804-04 2008-04-06

Comments (none posted)

peercast: buffer overflow

Package(s):peercast CVE #(s):CVE-2007-6454
Created:December 28, 2007 Updated:May 21, 2008
Description: A heap-based buffer overflow in the handshakeHTTP function in servhs.cpp in PeerCast 0.1217 and earlier, and SVN 344 and earlier, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long SOURCE request.
Alerts:
Debian DSA-1441-1 2007-12-28
Gentoo 200801-22:02 2008-01-30
Debian DSA-1583-1 2008-05-20

Comments (none posted)

syslog-ng: denial of service

Package(s):syslog-ng CVE #(s):CVE-2007-6437
Created:December 31, 2007 Updated:January 21, 2008
Description: The syslog-ng daemon does not properly handle messages containing an unterminated time stamp, resulting in the dereferencing of a NULL pointer and subsequent crash.
Alerts:
Gentoo 200712-19 2007-12-29
Debian DSA-1464-1 2008-01-15
Fedora FEDORA-2008-0559 2008-01-16
Fedora FEDORA-2008-0523 2008-01-16

Comments (1 posted)

typo3-src: SQL injection

Package(s):typo3-src CVE #(s):CVE-2007-6381
Created:December 28, 2007 Updated:January 2, 2008
Description: SQL injection vulnerability in the indexed_search system extension in TYPO3 3.x, 4.0 through 4.0.7, and 4.1 through 4.1.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
Alerts:
Debian DSA-1439-1 2007-12-28

Comments (none posted)

wireshark: multiple vulnerabilities

Package(s):wireshark CVE #(s):CVE-2007-6111 CVE-2007-6112 CVE-2007-6113 CVE-2007-6115 CVE-2007-6116 CVE-2007-6119
Created:December 21, 2007 Updated:January 2, 2008
Description: Multiple unspecified vulnerabilities in Wireshark (formerly Ethereal) allow remote attackers to cause a denial of service (crash) via (1) a crafted MP3 file or (2) unspecified vectors to the NCP dissector. (CVE-2007-6111)

Buffer overflow in the PPP dissector Wireshark 0.99.6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors. (CVE-2007-6112)

Wireshark 0.10.12 to 0.99.6 allows remote attackers to cause a denial of service (long loop) via a malformed DNP packet. (CVE-2007-6113)

Buffer overflow in the ANSI MAP dissector for Wireshark 0.99.5 to 0.99.6, when running on unspecified platforms, allows remote attackers to cause a denial of service and possibly execute arbitrary code via unknown vectors. (CVE-2007-6115)

The Firebird/Interbase dissector in Wireshark 0.99.6 allows remote attackers to cause a denial of service (infinite loop or crash) via unknown vectors. (CVE-2007-6116)

The DCP ETSI dissector in Wireshark 0.99.6 allows remote attackers to cause a denial of service (long loop and resource consumption) via unknown vectors. (CVE-2007-6119)

Alerts:
Fedora FEDORA-2007-4590 2007-12-20
Fedora FEDORA-2007-4690 2007-12-21

Comments (none posted)

wireshark: lots of dissector vulnerabilities

Package(s):wireshark CVE #(s):CVE-2007-6111 CVE-2007-6112 CVE-2007-6113 CVE-2007-6114 CVE-2007-6115 CVE-2007-6116 CVE-2007-6117 CVE-2007-6118 CVE-2007-6119 CVE-2007-6120 CVE-2007-6121 CVE-2007-6438 CVE-2007-6439 CVE-2007-6441 CVE-2007-6450 CVE-2007-6451
Created:December 31, 2007 Updated:February 22, 2008
Description: Wireshark has disclosed another long list of dissector vulnerabilities; see this advisory for details.
Alerts:
Gentoo 200712-23 2007-12-30
Mandriva MDVSA-2008:1 2007-01-02
Debian DSA-1446-1 2008-01-03
rPath rPSA-2008-0004-1 2008-01-03
Mandriva MDVSA-2008:001-1 2007-01-08
Red Hat RHSA-2008:0059-01 2008-01-21
Red Hat RHSA-2008:0058-01 2008-01-21
SuSE SUSE-SR:2008:004 2008-02-22

Comments (1 posted)

Updated vulnerabilities

cairo: integer overflow

Package(s):Cairo CVE #(s):CVE-2007-5503
Created:November 29, 2007 Updated:April 10, 2008
Description: Cairo has an integer overflow vulnerability in the PNG image processing code. If a user processes a specially crafted PNG image with an application that is linked against cairo, arbitrary code can be executed with the user's privileges.
Alerts:
Red Hat RHSA-2007:1078-02 2007-11-29
Slackware SSA:2007-337-01 2007-12-04
Ubuntu USN-550-1 2007-12-03
Gentoo 200712-04 2007-12-09
Ubuntu USN-550-2 2007-12-10
Ubuntu USN-550-3 2007-12-13
rPath rPSA-2008-0015-1 2008-01-15
Fedora FEDORA-2007-3818 2008-01-16
Mandriva MDVSA-2008:019 2007-01-21
SuSE SUSE-SR:2008:003 2008-02-07
Debian DSA-1542-1 2008-04-09

Comments (none posted)

Django: denial of service

Package(s):Django CVE #(s):CVE-2007-5712
Created:November 12, 2007 Updated:May 21, 2008
Description:

From the CVE notice:

The internationalization (i18n) framework in Django 0.91, 0.95, 0.95.1, and 0.96, and as used in other products such as PyLucid, when the USE_I18N option and the i18n component are enabled, allows remote attackers to cause a denial of service (memory consumption) via many HTTP requests with large Accept-Language headers.

Alerts:
Fedora FEDORA-2007-3157 2007-11-09
Fedora FEDORA-2007-2788 2007-11-09

Comments (none posted)

MySQL: privilege escalation

Package(s):MySQL CVE #(s):CVE-2007-3781 CVE-2007-5969
Created:December 11, 2007 Updated:May 21, 2008
Description: MySQL Community Server before 5.0.51, when a table relies on symlinks created through explicit DATA DIRECTORY and INDEX DIRECTORY options, allows remote authenticated users to overwrite system table information and gain privileges via a RENAME TABLE statement that changes the symlink to point to an existing file. (CVE-2007-5969)

MySQL Community Server before 5.0.45 does not require privileges such as SELECT for the source table in a CREATE TABLE LIKE statement, which allows remote authenticated users to obtain sensitive information such as the table structure. (CVE-2007-3781)

Alerts:
Mandriva MDKSA-2007:243 2007-12-10
Red Hat RHSA-2007:1155-01 2007-12-18
Fedora FEDORA-2007-4471 2007-12-15
Fedora FEDORA-2007-4465 2007-12-15
Red Hat RHSA-2007:1157-01 2007-12-19
Ubuntu USN-559-1 2007-12-21
Debian DSA-1451-1 2008-01-06
rPath rPSA-2008-0018-1 2008-01-17
SuSE SUSE-SR:2008:003 2008-02-07
Gentoo 200804-04 2008-04-06
Red Hat RHSA-2008:0364-01 2008-05-21

Comments (none posted)

Sun JDK/JRE: multiple vulnerabilities

Package(s):Sun JDK/JRE CVE #(s):CVE-2007-2435 CVE-2007-2788 CVE-2007-2789
Created:June 1, 2007 Updated:April 18, 2008
Description: An unspecified vulnerability involving an "incorrect use of system classes" was reported by the Fujitsu security team. Additionally, Chris Evans from the Google Security Team reported an integer overflow resulting in a buffer overflow in the ICC parser used with JPG or BMP files, and an incorrect open() call to /dev/tty when processing certain BMP files.
Alerts:
Gentoo 200705-23 2007-05-31
Gentoo 200706-08 2007-06-26
SuSE SUSE-SA:2007:045 2007-07-18
Red Hat RHSA-2007:0817-01 2007-08-06
Red Hat RHSA-2007:1086-01 2007-12-12
Gentoo 200804-20 2008-04-17

Comments (none posted)

apache2: information disclosure

Package(s):apache CVE #(s):CVE-2007-1862
Created:June 20, 2007 Updated:February 18, 2008
Description: From the Mandriva advisory: "The recall_headers function in mod_mem_cache in Apache 2.2.4 does not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously-used data, which could be used to obtain potentially sensitive information by unauthorized users."
Alerts:
Mandriva MDKSA-2007:127 2007-06-19
Fedora FEDORA-2007-0704 2007-06-26
Fedora FEDORA-2008-1711 2008-02-15

Comments (2 posted)

apache: multiple vulnerabilities

Package(s):apache CVE #(s):CVE-2007-3304 CVE-2006-5752
Created:June 27, 2007 Updated:February 18, 2008
Description: The Apache HTTP Server did not verify that a process was an Apache child process before sending it signals. A local attacker who has the ability to run scripts on the Apache HTTP Server could manipulate the scoreboard and cause arbitrary processes to be terminated, which could lead to a denial of service. (CVE-2007-3304)

A flaw was found in the Apache HTTP Server mod_status module. Sites with the server-status page publicly accessible and ExtendedStatus enabled were vulnerable to a cross-site scripting attack. On Red Hat Enterprise Linux the server-status page is not enabled by default and it is best practice to not make this publicly available. (CVE-2006-5752)

Alerts:
Red Hat RHSA-2007:0532-01 2007-06-26
Red Hat RHSA-2007:0533-01 2007-06-27
Red Hat RHSA-2007:0534-01 2007-06-26
Red Hat RHSA-2007:0556-01 2007-06-26
rPath rPSA-2007-0136-1 2007-06-27
Fedora FEDORA-2007-617 2007-07-02
Mandriva MDKSA-2007:140 2007-07-04
Mandriva MDKSA-2007:141 2007-07-04
Mandriva MDKSA-2007:142 2007-07-04
Fedora FEDORA-2007-615 2007-07-12
Red Hat RHSA-2007:0557-01 2007-07-13
Red Hat RHSA-2007:0662-01 2007-07-13
Ubuntu USN-499-1 2007-08-16
rPath rPSA-2007-0182-1 2007-09-14
Fedora FEDORA-2007-2214 2007-09-18
SuSE SUSE-SA:2007:061 2007-11-19
Fedora FEDORA-2008-1711 2008-02-15

Comments (1 posted)

apache: cross-site scripting

Package(s):apache CVE #(s):CVE-2006-3918
Created:August 9, 2006 Updated:April 4, 2008
Description: From the Red Hat advisory: "A bug was found in Apache where an invalid Expect header sent to the server was returned to the user in an unescaped error message. This could allow an attacker to perform a cross-site scripting attack if a victim was tricked into connecting to a site and sending a carefully crafted Expect header."
Alerts:
Red Hat RHSA-2006:0618-01 2006-08-08
Red Hat RHSA-2006:0619-01 2006-08-10
Debian DSA-1167-1 2005-09-04
SuSE SUSE-SA:2006:051 2006-09-08
Ubuntu USN-575-1 2008-02-04
SuSE SUSE-SA:2008:021 2008-04-04

Comments (none posted)

httpd: denial of service, cross-site scripting

Package(s):apache httpd CVE #(s):CVE-2007-3847 CVE-2007-4465
Created:September 25, 2007 Updated:February 15, 2008
Description: A flaw was found in the mod_proxy module. On sites where a reverse proxy is configured, a remote attacker could send a carefully crafted request that would cause the Apache child process handling that request to crash. On sites where a forward proxy is configured, an attacker could cause a similar crash if a user could be persuaded to visit a malicious site using the proxy. This could lead to a denial of service if using a threaded Multi-Processing Module. (CVE-2007-3847)

A flaw was found in the mod_autoindex module. On sites where directory listings are used, and the AddDefaultCharset directive has been removed from the configuration, a cross-site-scripting attack may be possible against browsers which do not correctly derive the response character set following the rules in RFC 2616. (CVE-2007-4465)

Alerts:
Fedora FEDORA-2007-707 2007-09-24
Red Hat RHSA-2007:0911-01 2007-10-25
Red Hat RHSA-2007:0746-04 2007-11-07
Gentoo 200711-06 2007-11-07
Red Hat RHSA-2007:0747-02 2007-11-15
SuSE SUSE-SA:2007:061 2007-11-19
Mandriva MDKSA-2007:235 2007-12-03
Red Hat RHSA-2008:0004-01 2008-01-15
Red Hat RHSA-2008:0005-01 2008-01-15
Red Hat RHSA-2008:0006-01 2008-01-15
Red Hat RHSA-2008:0008-01 2008-01-15
Ubuntu USN-575-1 2008-02-04
Slackware SSA:2008-045-02 2008-02-15

Comments (none posted)

apache2: denial of service

Package(s):apache2 CVE #(s):CVE-2007-1863
Created:November 19, 2007 Updated:February 18, 2008
Description:

From the CVE entry:

cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value.

Alerts:
SuSE SUSE-SA:2007:061 2007-11-19
Fedora FEDORA-2008-1711 2008-02-15

Comments (1 posted)

asterisk: possible SQL injection

Package(s):asterisk CVE #(s):CVE-2007-6170
Created:December 3, 2007 Updated:April 15, 2008
Description: Tilghman Lesher discovered that the logging engine of Asterisk, a free software PBX and telephony toolkit, performs insufficient sanitizing of call-related data, which may lead to SQL injection.
Alerts:
Debian DSA-1417-1 2007-12-02
SuSE SUSE-SR:2008:005 2008-03-06
Gentoo 200804-13 2008-04-14

Comments (none posted)

autofs: insecure default configuration

Package(s):autofs CVE #(s):CVE-2007-5964
Created:December 12, 2007 Updated:January 14, 2008
Description: Versions of the autofs automounter daemon as shipped by Red Hat (and possibly other distributors) are installed with an insecure configuration; in particular, the "hosts" map lacks the "nosuid" option, allowing an attacker who has control over an NFS server to run setuid programs on vulnerable systems.
Alerts:
Red Hat RHSA-2007:1128-01 2007-12-12
Red Hat RHSA-2007:1129-01 2007-12-12
Fedora FEDORA-2007-4532 2007-12-15
Fedora FEDORA-2007-4469 2007-12-15
Fedora FEDORA-2007-4709 2007-12-21
Fedora FEDORA-2007-4707 2007-12-21
Mandriva MDVSA-2008:009 2007-01-11
Mandriva MDVSA-2008:009-1 2007-01-12

Comments (none posted)

cacti: SQL injection vulnerability

Package(s):cacti CVE #(s):CVE-2007-6035
Created:November 22, 2007 Updated:February 18, 2008
Description: Versions of Cacti prior to 0.8.7a have an SQL injection vulnerability. Remote attackers can execute arbitrary SQL commands via unspecified vectors.
Alerts:
Fedora FEDORA-2007-3667 2007-11-22
Fedora FEDORA-2007-3683 2007-11-22
SuSE SUSE-SR:2007:024 2007-11-22
Mandriva MDKSA-2007:231 2007-11-22
Debian DSA-1418-1 2007-12-02
Gentoo 200712-02:02 2007-12-05
Fedora FEDORA-2008-1737 2008-02-15
Fedora FEDORA-2008-1699 2008-02-15

Comments (none posted)

cacti: denial of service

Package(s):cacti CVE #(s):CVE-2007-3112 CVE-2007-3113
Created:September 18, 2007 Updated:February 18, 2008
Description: A vulnerability in Cacti 0.8.6i and earlier versions allows remote authenticated users to cause a denial of service (CPU consumption) via large values of the graph_start, graph_end, graph_height, or graph_width parameters.
Alerts:
Mandriva MDKSA-2007:184 2007-09-17
Fedora FEDORA-2007-2199 2007-09-18
Fedora FEDORA-2007-3683 2007-11-22
Fedora FEDORA-2008-1737 2008-02-15

Comments (none posted)

clamav: denial of service

Package(s):clamav CVE #(s):CVE-2007-3725
Created:July 24, 2007 Updated:February 27, 2008
Description: A NULL pointer dereference has been discovered in the RAR VM of Clam Antivirus (ClamAV) which allows user-assisted remote attackers to cause a denial of service via a specially crafted RAR archives.
Alerts:
Debian DSA-1340-1 2007-07-24
Mandriva MDKSA-2007:150 2007-07-25
Gentoo 200708-04 2007-08-09
SuSE SUSE-SR:2007:015 2007-08-03

Comments (none posted)

clamav: multiple vulnerabilities

Package(s):clamav CVE #(s):CVE-2007-4510 CVE-2007-4560
Created:September 3, 2007 Updated:February 13, 2008
Description: Several remote vulnerabilities have been discovered in the Clam anti-virus toolkit. The Common Vulnerabilities and Exposures project identifies the following problems:

CVE-2007-4510: It was discovered that the RTF and RFC2397 parsers can be tricked into dereferencing a NULL pointer, resulting in denial of service.

CVE-2007-4560: It was discovered clamav-milter performs insufficient input sanitizing, resulting in the execution of arbitrary shell commands.

Alerts:
Debian DSA-1366-1 2007-09-01
Mandriva MDKSA-2007:172 2007-08-31
Fedora FEDORA-2007-2050 2007-09-07
Gentoo 200709-14 2007-09-20
Fedora FEDORA-2008-0170 2008-01-22
Fedora FEDORA-2008-1608 2008-02-13

Comments (none posted)

clamav: integer overflow and off-by-one

Package(s):clamav CVE #(s):CVE-2007-6335 CVE-2007-6336
Created:December 19, 2007 Updated:February 13, 2008
Description: ClamAV contains integer overflow and off-by-one errors which could be exploited (via specially-crafted email) to execute arbitrary code.
Alerts:
Debian DSA-1435-1 2007-12-19
Gentoo 200712-20 2007-12-29
Mandriva MDVSA-2008:003 2007-01-08
SuSE SUSE-SR:2008:001 2008-01-09
Fedora FEDORA-2008-0170 2008-01-22
Fedora FEDORA-2008-0115 2008-01-22
Fedora FEDORA-2008-1608 2008-02-13
Fedora FEDORA-2008-1625 2008-02-13

Comments (none posted)

cups: denial of service

Package(s):cups CVE #(s):CVE-2007-0720
Created:March 26, 2007 Updated:February 7, 2008
Description: Previous versions of the cups package could be forced to hang via a client "partially negotiating" an ssl connection. In this state, cups would not allow other connections to be made, a denial of service.
Alerts:
Foresight FLEA-2007-0003-1 2007-03-25
Gentoo 200703-28 2007-03-31
Red Hat RHSA-2007:0123-01 2007-04-16
Mandriva MDKSA-2007:086 2007-04-16
Mandriva MDVSA-2008:036 2007-02-06

Comments (none posted)

cups: multiple vulnerabilities

Package(s):cups CVE #(s):CVE-2007-5849 CVE-2007-6358 CVE-2007-4352 CVE-2007-5392 CVE-2007-5393
Created:December 19, 2007 Updated:April 3, 2008
Description: The cups 1.3.5 release fixes a number of vulnerabilities in the PDF filters. Additionally, there is a buffer overflow in the SNMP code and a temporary file vulnerability.
Alerts:
Gentoo 200712-14 2007-12-18
Debian DSA-1437-1 2007-12-26
Ubuntu USN-563-1 2008-01-09
SuSE SUSE-SA:2008:002 2008-01-10
SuSE SUSE-SR:2008:002 2008-01-25
Debian DSA-1480-1 2008-02-05
Mandriva MDVSA-2008:036 2007-02-06
Debian DSA-1537-1 2008-04-02

Comments (none posted)

debian-goodies: privilege escalation

Package(s):debian-goodies CVE #(s):CVE-2007-3912
Created:October 5, 2007 Updated:March 24, 2008
Description: Thomas de Grenier de Latour discovered that the checkrestart program included in debian-goodies did not correctly handle shell meta-characters. A local attacker could exploit this to gain the privileges of the user running checkrestart.
Alerts:
Ubuntu USN-526-1 2007-10-04
Debian DSA-1527-1 2008-03-24

Comments (none posted)

dovecot: privilege escalation

Package(s):dovecot CVE #(s):CVE-2007-4211
Created:August 15, 2007 Updated:May 21, 2008
Description: From the rPath advisory: "Previous versions of the dovecot package are vulnerable to a minor privilege escalation attack in which an authenticated user may exploit an ACL plugin weakness to save message flags without having proper permissions."
Alerts:
rPath rPSA-2007-0161-1 2007-08-14
Fedora FEDORA-2007-664 2007-08-20
Red Hat RHSA-2008:0297-02 2008-05-21

Comments (none posted)

dovecot: directory traversal

Package(s):dovecot CVE #(s):CVE-2007-2231
Created:May 8, 2007 Updated:May 21, 2008
Description: Directory traversal vulnerability in index/mbox/mbox-storage.c in Dovecot before 1.0.rc29, when using the zlib plugin, allows remote attackers to read arbitrary gzipped (.gz) mailboxes (mbox files) via a .. (dot dot) sequence in the mailbox name.
Alerts:
Fedora FEDORA-2007-493 2007-05-07
Ubuntu USN-487-1 2007-07-17
Debian DSA-1359-1 2007-08-28
Red Hat RHSA-2008:0297-02 2008-05-21

Comments (none posted)

e2fsprogs: integer overflows

Package(s):e2fsprogs CVE #(s):CVE-2007-5497
Created:December 7, 2007 Updated:February 12, 2008
Description: Rafal Wojtczuk of McAfee AVERT Research discovered that e2fsprogs, ext2 file system utilities and libraries, contained multiple integer overflows in memory allocations, based on sizes taken directly from filesystem information. These could result in heap-based overflows potentially allowing the execution of arbitrary code.
Alerts:
Debian DSA-1422 2007-12-07
Ubuntu USN-555-1 2007-12-08
Mandriva MDKSA-2007:242 2007-12-10
rPath rPSA-2007-0262-1 2007-12-11
Gentoo 200712-13 2007-12-18
Red Hat RHSA-2008:0003-01 2008-01-07
Fedora FEDORA-2007-4461 2008-01-16
Fedora FEDORA-2007-4447 2008-01-16
Foresight FLEA-2008-0005-1 2008-02-11

Comments (none posted)

eggdrop: stack-based buffer overflow

Package(s):eggdrop CVE #(s):CVE-2007-2807
Created:September 7, 2007 Updated:January 7, 2008
Description: A stack-based buffer overflow in mod/server.mod/servrmsg.c in Eggdrop 1.6.18, and possibly earlier, allows user-assisted, malicious remote IRC servers to execute arbitrary code via a long private message.
Alerts:
Mandriva MDKSA-2007:175 2007-09-06
Gentoo 200709-07 2007-09-15
Fedora FEDORA-2007-4305 2007-12-10
Fedora FEDORA-2007-4325 2007-12-10
Debian DSA-1448-1 2008-01-05

Comments (none posted)

emacs: buffer overflow

Package(s):emacs CVE #(s):CVE-2007-6109
Created:December 10, 2007 Updated:May 6, 2008
Description:

From the National Vulnerability Database:

Buffer overflow in emacs allows attackers to have an unknown impact, as demonstrated via a vector involving the command line.

Alerts:
Gentoo 200712-03 2007-12-09
Mandriva MDVSA-2008:034 2007-02-04
SuSE SUSE-SR:2008:003 2008-02-07
Ubuntu USN-607-1 2008-05-06

Comments (none posted)

emacs: command execution via local variables

Package(s):emacs CVE #(s):CVE-2007-5795
Created:November 14, 2