| Weekly edition | Kernel | Security | Distributions | Search |
| Archives | Calendar | Subscribe | Write for LWN | LWN.net FAQ |
LWN.net Weekly Edition for January 3, 2008
The 2007 Linux and free software timeline
Welcome to the tenth annual LWN Linux and free software timeline. In what has become a longstanding tradition, LWN finishes each year with a collection of the most important events from the last twelve months.This is version 0.9 of the 2007 timeline. There are certainly errors and omissions; if you find any, please send them to timeline@lwn.net rather than posting them as comments.
The development of the LWN.net Linux Timeline was supported by LWN subscribers; if you like what you see, please consider subscribing to LWN.
- January: Nouveau driver pledge, GPL Second Life, LCA, ...
- February: Bitfrost, 2.6.20, RTLinux, Robbins, Raymond, ...
- March: RSDL, RHEL5, Murdock, Beryl/Compiz, ...
- April: OpenBSD, Debian 4.0, CFS, 2.6.21, ...
- May: Python 3000, 235 violated patents, Indiana, Fedora 7, ...
- June: Emacs, Microsoft deals, Btrfs, GPLv3, ...
- July: Slackware 12, 2.6.22, CUPS, CPAL, ...
- August: SCO loses, ClamAV, OpenBSD, ...
- September: NetAPP/Sun, Kernel summit, ATI opens up, SCO bankruptcy, ...
- October: 2.6.23, openSUSE 10.3, Gutsy, GNOME/OOXML, ...
- November: Fedora 8, KDE 4.0-rc, lawsuits, ...
- December: RHE-MRG, qmail, HTML5 without Theora, ...
Thanks to the following people for suggestions which have improved this year's timeline:
- Xavier Bestel
- Chromatic
- Norman Gaywood
- Jim Gettys
For the historically minded, the timelines for the previous nine years remain available:
1998 1999 2000 2001 2002 2003 2004 2005 2006
Wild predictions for 2008
It's that time of year again: the beginning of the new year - along with the lack of much else going on - inspires editors to make predictions about what they think may happen in the coming months. Your editor is not immune to these forces, and he has long since ceased to fear the possibility of looking like a fool in front of thousands of people. He's used to looking like a fool in front of thousands of people. So, without further ado, here's a set of wild guesses about what may await us in 2008.
Development
Support for Flash media will reach a usable state in 2008 - at least, on the playback side. The ability to waste time on video sites using only free software will doubtless prove appealing for many Linux users, while the ability to display Flash-based advertising may prove less so. But Flash is an important medium for video content and various types of interaction; good, free support for this medium is an important prerequisite for true World Domination. Arguably even more important is the ability to create Flash media on Linux, but that will take a little longer to come around.
KDE 4.0 will be released early in the year. This is a huge, milestone release for the KDE development community, but the developers who have worked so hard toward this goal may find the user community's response a little disappointing. For all of the great work which has gone into 4.0, it remains a dot-zero release, and a big one at that. The remaining bugs and missing features are certain to put off some early adopters. One need only think back to the early GNOME 2.x releases, though, to realize that this is a normal part of the development process and that things will get much better quickly.
The focus on power consumption will intensify this year, continuing a trend from 2007. Linux should, by all rights, consume less power than competing systems on the same hardware - but it doesn't. We now have the tools to identify and track down the worst offenders in this area, and we have the low-level support needed to make low-power Linux possible. Mobile applications may continue to drive this push, but there may be even more low-hanging fruit on fixed systems. There is just no end of reasons to reduce power consumption on all systems running Linux, and we're now in a position to get that job done.
The merging of the realtime Linux tree will be substantially complete by the end of the year. Your editor is out on a limb here; the remaining realtime code includes some of the most intrusive changes. But distributors are shipping this code now, and it has been well tested in a number of environments. So it seems likely that, by the end of 2008, the mainline Linux kernel will be fully capable of running in a realtime mode.
Legal issues and related overhead
The OOXML standardization debate will continue, and Microsoft may well prevail in getting its document format recognized as a standard by the end of the year. The free software community will react as it always has - it's just another data format to support.
More projects will move to GPLv3 in 2008, creating occasional fallout at the distributor level when newly-created licensing conflicts are found. The most interesting potential change is the GNU C library, which remains at LGPL 2.1 as of this writing. A GPLv3-licensed glibc would have to be user-replaceable, which could be problematic on locked-down devices. So, if this change happens, expect a increased interest in alternative C libraries for embedded applications.
GPL enforcement activities will continue and may even increase. Patience with companies which use the code without complying with its license is at a low point, and that will not change. Chances are that, once again, almost every company which is confronted on GPL-violation issues will come into compliance without going to court.
There will be no more Microsoft patent deals, at least with companies of any significance. Those who are inclined to make such agreements have already done so; the holdouts are unlikely to change their minds at this point.
Commercial and related
The OLPC project will start to think seriously about the successor to the XO. There will be many opportunities to build a platform which can be even more empowering for small children; for example, the GNU Radio folks are already pondering ways to bring software-defined radio capabilities to this machine. Meanwhile, deployments of the XO will continue to happen and we'll see the first effects of putting truly free systems into the hands of children. Some of those effects will certainly surprise us.
The days of hardware support hassles will be over. By the end of 2008, we should have good support for ATI graphics adapters, Atheros wireless chipsets, and even, via the Nouveau project, NVidia adapters. There will always be exceptions, but the rule will be clear: we will be able to buy hardware secure in the knowledge that it will work with our Linux systems.
Competition between distributors will grow in intensity. We saw some hints of this in the sniping between Red Hat and Novell toward the end of 2007; there will be more as these businesses increase their focus on the bottom line. Ubuntu will also push harder, though, interestingly, it often seems like that distributor's biggest perceived competitor is Fedora. Your editor believes (and hopes) that cooperation at the development level will remain strong despite increasing drama at the public relations level.
Along these lines, expect intensified competition from Sun, which will continue to try to aggressively push Solaris into Linux shops while simultaneously presenting a friendly face to the community. We may also see more of the less-friendly side of the BSD community for similar reasons.
Community
There will be a major technical Linux event in the United States - the first in some years. The Linux Plumbers Conference, planned for mid-September, will be unique in its focus on the kernel and the software layers immediately surrounding it. Getting the "greater kernel ecosystem" together in one place is an overdue move which should help integration and development of the plumbing we all depend on.
Participation in the development community will grow. That, of course, has been true every year for at least two decades. In 2008, though, we can expect to see a stronger push to encourage developers from parts of the world which traditionally have not contributed so strongly to our community; Asia, in particular, should continue to increase its presence. We will also continue to see companies in the embedded systems area figure out that, if they do not participate in the development of the code they use, others will have a much stronger influence on how that development goes.
Tolerance for anti-social behavior on mailing lists, IRC channels, etc. will continue to drop as development communities try to attract and provide a welcoming environment for more participants. Many communities have formal codes of conduct now; others may well try to adopt them. But even less-formal groups will increasingly understand that a harsh and unfriendly environment hurts the project as a whole.
As usual, we'll come back to these predictions at the end of the year and mock them without mercy. Until then, best wishes for a great 2008 from the LWN editorial team!
The Grumpy Editor's video journey part 3: DVD authoring
As readers of the first part of this series will remember, your editor has set out on a project to digitize a set of old video tapes and turn them into properly-formatted DVD media suitable for handing out to the grandparents. Part 1 was about the task of capturing this data to disk; part 2 covers the video editors available for turning the captured data into something watchable, and part 3 covers the task of creating a DVD from the edited video.Attentive readers may have noticed that part 2 has not yet been written; there are more editors available than your editor had expected (currently under review are Cinelerra CV, Kino, PiTiVi, LiVES, and Avidemux), so that process is taking longer than expected. For the purposes of this article, let us assume that your editor has a disk full of video clips which have been edited and properly formatted into the MPEG2/AC3 video object files expected by DVD players. There will be a discussion of the best ways to get those files there in the near future, promise.
Many of us have burned CDs and found the process to be relatively straightforward - the biggest obstacle is often just getting past the grumpiness built into cdrecord and its latter-day derivatives. Creating data DVDs is not a whole lot harder. So one might be inclined to approach the task of creating a video DVD with a "this will be easy" attitude. It is, in fact, a task just about anybody can learn to do, but it is on a different order of complexity than creating a CD full of music. A video DVD is, in truth, a program complete with its own hierarchical structure, menus, and code written for the simple virtual machine lurking within every DVD player. Creating a playable DVD requires writing that program.
If DVDs are programs, then the one compiler available for Linux systems is the command-line dvdauthor tool. Regardless of how one builds a DVD, dvdauthor will be involved in the process at some point. This tool requires a collection of video objects representing the actual video titles and also implementing the menus, subtitles, and more. It's all tied together via a complex XML file (example) which is compiled by dvdauthor to create the final product.
It is possible to create all of these pieces by hand, and, doubtless, Real Linux Video Jocks would not do it any other way. One can use dvdauthor to help with the generation of parts of the XML file. There is documentation which seems fairly complete, if a bit terse. But the fact of the matter is that most people attempting to use this tool directly will give up in despair. There is no reason why DVD authors should have to work at this level; dvdauthor is essentially an assembler which, while being absolutely essential to do most of the heavy lifting, should be hidden from most polite company. DVD creation is a visual task; there should be visually-oriented tools for this job. The good news is that these tools do, indeed, exist.
DVDStyler
![[DVDStyler]](/images/ns/grumpy/dvdstyler2-sm.png)
The first of these tools is DVDStyler, a GTK-based application.
There are three basic tabs which are used to work through the tasks of
piecing together a DVD; they are labeled "Directories," "Backgrounds," and
"Buttons." The directories tab pulls up a simple internal directory
browser, useful for adding objects to the DVD. So, if the DVD author has a
collection of VOB files containing video data, they can be found by way of
this tab and added, one by one, to the DVD. Each object shows up in the
bottom pane of the window, generally with an unhelpful annotation like
"Title 2". There is no easy way to see what each of those titles is;
one must query their properties and look at the associated file name.
As a grumpy aside, your editor must note that the directory browser uselessly starts at $HOME. One need not work with much video data before realizing that special provisions must be made for its storage; video objects are unlikely to be kept in the home directory. Your editor has a hard time understanding why tools like this are unable to start file searches in the current working directory, which is a much more likely place to find things of interest. Switching to $HOME is not just a least-surprise violation; it actively makes things harder for the user.
The "Backgrounds" tab helpfully offers a dozen or so canned background images which can be used for the DVD menus. They are nice backgrounds, and they might just be useful for somebody struggling through the process of creating a DVD for the first time. Your editor, though, suspects that most users, by the time they create their second (working) DVD, might just want to supply their own background images. They will look for that option under the "Backgrounds" tab in vain, though. It is possible to supply a custom image: go to the large (video screen) pane, right-click, select "properties," and set an image there. It's easy, once you've figured it out. But one would think that, having gone to the trouble to provide an entire mode dedicated to background images, the developer would have thought to toss in a "none of the above" button.
The hardest part of creating a DVD (once one has suitable video in place, obviously) is getting the menus to work. DVDStyler starts with an empty main menu in place; it is up to the user to add entries which will do interesting things. That is done by way of the "Buttons" tab. There's a selection of arrows available, as well as the ability to add basic text buttons. The button of interest can be simply dragged to the right spot on the menu, sized appropriately, and configured to do the right thing. There are also "empty" buttons for more complicated situations where the real button text (or image) is found on the menu's background image.
![[Button dialog]](/images/ns/grumpy/dvdstyler-button-sm.png)
Having added a button, the author must tell the system what happens in
response to events on that button. To that end, there is a separate
"properties" dialog. Usually one wants a button to cause a certain video
title to be played, and that is easily configured. If more than one menu
has been created, buttons can also be set to jump from one menu to the
next. There is a "custom" blank for the harder cases which require direct
entry of code to be executed by the DVD virtual machine. In DVDStyler, the
selection of relatively obscure options (subtitles, languages, camera
angles) can only be set up in this way.
Also required is a specification of what happens when one of the directional arrows is pressed. The default "auto" setting leaves that up to the player, which will probably do the right thing - the down arrow, for example, will move the focus to the next button below the current one. Anybody who is concerned about the user interface provided by the resulting DVD will probably want to set these actions explicitly, though - a somewhat tedious and time-consuming task.
Eventually, the time comes to actually create the DVD. Most first-time users will probably go to the DVD menu for this task, but the "burn" option is not there - it's under the "file" menu instead. The resulting dialog works nicely, giving the user the option to stop after generating the ISO image or to run a preview application (xine by default) before actually writing to the disk. Underneath this dialog is a whole set of helper commands which are run; those can be configured if need be, but most users will not tread there.
All told, your editor found DVDStyler to be the easier tool to use for quickly putting together a video disk. There is just one little problem: those disks never quite worked right on your editor's ancient DVD player. Somehow, a misunderstanding about how the menus should work crept in. Your editor suspects, perhaps, that overlapping buttons may have something to do with it; the other application reviewed by your editor (QDVDAuthor) detected and corrected that situation, but DVDStyler did not. In any case, newer players had no problem with the generated disks, so this may not be a problem that most people need to be concerned with.
'Q' DVD-Author
![[qdvdauthor]](/images/ns/grumpy/qdvdauthor-sm.png)
The other DVD authoring application considered here is 'Q' DVD-Author (or qdvdauthor
from here on out in an effort to save your editor's typing fingers). This
is a Qt-based application aimed at providing complete DVD authoring
capability. It is arguably more complete and mature than DVDStyler, but
more complex as well.
Qdvdauthor provides a three-paned window with areas for the current set of audio/video objects, the DVD hierarchy, and the menu designer. The audio/video pane, on the left end, is clearly a work in progress. There is a thumbnail area which shows the opening frame of the associated video - sometimes. Other times it stays green and qdvdauthor silently leaves an mplayer process desperately cranking away in the background. It was only when the load average on your editor's system got to around 20 that he figured that one out. There is a "play" button which pops up a cheery "not yet implemented" button. The run time of each video title is also displayed. All told, it is a more useful display than what DVDStyler offers, with the potential to be quite a bit better yet.
The middle pane shows the current hierarchy of objects making up the DVD. It is a helpful display, given that DVDs truly are hierarchical objects. It likes to reset itself to the top, though, making it necessary to scroll repeatedly toward the bottom when the DVD gets more complex. The right pane shows one of the DVD menus - or a couple of other things we'll see later on. One very nice feature is the little display at the bottom showing how much data has been committed to the DVD so far and how much room remains.
Video titles are easily added using the prominent "add movie" button. Once attention turns to the menu creation process, one notices that there is no separate "backgrounds" tab - but there is a button for adding a custom background image, which is what is really needed anyway. Your editor found that dragging a thumbnail from the video pane over to the menu area created a picture button which would play the associated title - a nice feature.
![[qdvdauthor text properties dialog]](/images/ns/grumpy/qdvdauthor-text-sm.png)
![[qdvdauthor button properties dialog]](/images/ns/grumpy/qdvdauthor-button-sm.png)
The creation of text buttons (or those from a separate image) is a bit more
labor-intensive, requiring the user to right-click on the background,
select "add text", draw a rectangle to define the text area, fill in
a rather gaudy text dialog (shown left) with the actual text (and tweak
fonts and
such), right-click on the newly-added text and select "define as
button", then fill in the button properties dialog (shown right). That
last step
involves setting the button name (necessary - it would be nice if it
defaulted to the button text) and picking the various associated actions.
It takes a while.
Eventually, the time comes to commit all of that work to an actual DVD. A click on the associated button gets that process going. If one has been sloppy in drawing out buttons, the first thing to come up will be a warning that some of the buttons overlap, accompanied by an offer to fix the problem automatically. One can also decline the offer (aborting the process) to fix the problem manually.
This is as good a point as any to note that moving and resizing buttons in qdvdauthor is a real exercise in pain. The button areas have the usual grab points for moving, dragging edges and corners, or rotating the button. But none of those are visible until the user has clicked the mouse and committed himself to doing something. The end result is that attempts to drag a button often do something else - like rotating them to some strange angle. The basic interaction modes for operating on graphical objects in a display have been well understood for years; one can only imagine that whoever designed this interface was engaging in some sort of sadistic exercise which was sponsored by purveyors of strong drink.
![[burn dialog]](/images/ns/grumpy/qdvdauthor-burn-sm.png)
Once the buttons have been sorted out, selecting the burn operation brings
up a rather intimidating dialog showing all of the commands which will be
executed to get the job done. It's at this point that one realizes just
how much behind-the-scenes magic is going on to make the DVD creation
process actually happen. There are options to disable specific parts of
the process (actually burning the disk, for example), and the adventurous
can edit the commands before they run. Most people, though, will probably
just hit the "OK" button at the bottom and watch the process unfold. Which
it does, just as one would expect.
There's a few other nice features hidden in this application. The menu pane can be made to show the XML file which will be generated for dvdauthor; it can also be put into a garish and complex dialog which facilitates the addition of subtitles. There is a template mechanism for menus, and a network-based repository from which qdvdauthor can download new templates. There is an operation which will convert the entire DVD between the NTSC and PAL formats - your editor has not yet exercised this option, but, given that some of the grandparents for whom this work is intended live in Europe, it will eventually come in handy. There is a little-used plugin mechanism and a theme feature as well; long-neglected Motif users will be glad to know there is a style for them. The addition of audio to menus and intro/outro sequences to titles is relatively straightforward. There is also an option to make DVD slideshows out of a series of still images.
Conclusion
Either one of these applications can get the job done. They both show the best of how an application on a Unix-like system can add power by using existing tools. Neither DVDStyler nor qdvdauthor actually does much of the work of creating menus or burning DVDs; they mostly just put together fiendishly-complex command lines and call out to the tools which have been designed to do that work well. Overall, the combination works reasonably well.
A feature which is lacking from both tools is a "hold my hand" mode for people who are not - and do not want to be - experts in DVD creation. A sequence of screens which would set up an initial menu, import titles, and create buttons for each would be most helpful in this regard. As it is, users must have their own internal checklist in mind when creating DVDs, and it is easy to miss things. Your editor, while certainly slower than most, is unlikely to be the only one to have created an impressive pile of coasters before finally producing a DVD which actually worked as intended.
While the tools edited here are, in your editor's opinion, the best available for Linux for this task, there are some others to be aware of:
- Tovid
is a set of command-line tools for the creation of DVD menus and
putting the whole structure together. They hide much of the
underlying complexity and may prove useful for users not wanting to
work with a graphical interface.
- VideoLink
is an interesting tool which enables the creation of DVD menus in
HTML. It then renders them with a web browser and prepares the result
for burning to a DVD.
- Kino (which will be covered in
depth in part 2) can produce a simple dvdauthor script to make a
no-menu DVD with a single title.
- KDE DVD Authoring Wizard is a kdialog script which steps the user through the creation of a simple DVD. It provides the handholding mentioned above, but, arguably, simplifies out too much of the process.
Of all these tools, it must be said that qdvdauthor is, at this time, the most complete and capable. It provides access to almost any capability supported by current DVD players, is relatively easy to use, and works most of the time. With luck, the developers (who released the 1.0.0 version reviewed here in November, 2007) will devote themselves to smoothing out the remaining rough edges, leaving us with a tool which DVD authors at any level can use.
Page editor: Jonathan Corbet
Security
The future of unencrypted web traffic
Hypertext transfer protocol (http) is the heart of the web, providing the means to retrieve content from remote servers. It is an unencrypted, text-based protocol which allows malicious intermediaries to snoop on and potentially modify the traffic. Unfortunately, internet service providers (ISPs) are getting increasingly bold in manipulating the traffic that they carry. This has lead some to call for the elimination of http, in favor of encrypted http (aka secure http or https).
An ISP is perfectly situated to gather an enormous amount of information about its users, their website preferences and habits (often called clickstream data). Some have reportedly been selling some of that data in a thinly-anonymized form to advertisers and others. As AOL's well-intentioned, but poorly implemented, release of search queries showed, it is rather easy to analyze this kind of data and pierce the anonymity, deriving the specific user.
Another recent ISP trick is to modify a retrieved web page to display other information – under the control of the ISP – which looks like it comes from the website itself. Canadian ISP Rogers Internet has been testing a system to add content to the Google homepage for their customers who are near their monthly bandwidth limits. There are also plans afoot for ISPs to use clickstream data to target advertising – though just where those ads would show up is far from clear.
This kind of manipulation is unlikely to be what internet users expect – to the extent they think about it all. The model folks tend to use is that of a phone company; we do not expect them to sell our call records to the highest bidder, nor do we give them license to modify our calls. Various telecommunications privacy laws protect that data, but those laws have not (yet) been applied to internet traffic. In addition, ISPs tend to have a monopoly or near-monopoly, which restricts alternative, less-intrusive ISPs from competing.
Fortunately, there are technical solutions possible in the internet realm that would be difficult or impossible to implement network-wide in the phone system. Encrypting website traffic will go a long way towards eliminating this kind of ISP abuse, though it is no panacea. As more of these kinds of privacy invasions occur, we should see more routine use of https by websites.
Currently, https is almost exclusively used for e-commerce transactions; typing in credit card numbers and the like. Authentication via username and password is another area that sees widespread encrypted pages. Sites may start to use https for their entire site to combat clickstream and page rewriting abuse – though there will still be some information leakage as the ISPs can still see what sites are being visited.
In order to make an https connection, the server must have a certificate with its public key. Typically those are signed by an authority recognized by browsers which allows the browser to authenticate that the certificate belongs to the host visited. Getting signed certificates is a bit cumbersome, costs some money, and they need to be renewed periodically – all of which adds up to a headache for a site, especially a small, non-commercial site, that wants to switch to using https. Self-signed certificates are an alternative, but because they are susceptible to man-in-the-middle attacks, browsers warn their users when they receive one.
Another problem with this approach is the extra processing required on the server to support encrypting each and every request. There is a non-trivial amount of extra work that must be done per request and cannot be cached. Sites that wish to avoid the problems that some ISPs are introducing will just have to bear that cost.
Pushing bits is not very glamorous, but that is really what one hires an ISP to do. Since they seem to be finding new and exciting ways to interfere with those bits – Comcast messing with BitTorrent traffic for example – internet users will have to find ways to thwart their schemes and encryption will be a big part of that effort. Using https site-wide is only one step, other services will also need to be protected from ISP abuse. What if an ISP started manipulating the results returned from DNS queries, perhaps routing some to a server they control?
LWN adds a Security index
LWN has added a new index to complement the existing Kernel index. The Security index covers security articles we have published since the start of 2007. Hopefully this will be a useful resource for our readers and, as always, we value your comments. Please send them to lwn-AT-lwn.net.
New vulnerabilities
autofs: privilege escalation
| Package(s): | autofs | CVE #(s): | CVE-2007-6285 | ||||||||||||||||||
| Created: | December 21, 2007 | Updated: | January 14, 2008 | ||||||||||||||||||
| Description: | The default configuration for autofs 5 (autofs5) on Red Hat Enterprise Linux (RHEL) 4 and 5 does not specify the nodev mount option for the -hosts map, which allows local users to access "important devices" by operating a remote NFS server and creating special device files on that server. | ||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||
bind: insecure permissions
| Package(s): | bind | CVE #(s): | CVE-2007-6283 | ||||||||||||
| Created: | December 21, 2007 | Updated: | May 21, 2008 | ||||||||||||
| Description: | Red Hat Enterprise Linux 5 and Fedora install the Bind /etc/rndc.key file with world-readable permissions, which allows local users to perform unauthorized named commands, such as causing a denial of service by stopping named. | ||||||||||||||
| Alerts: |
| ||||||||||||||
clamav: mystery vulnerability
| Package(s): | clamav | CVE #(s): | CVE-2007-6337 | |||||||||||||||
| Created: | December 31, 2007 | Updated: | January 22, 2008 | |||||||||||||||
| Description: | Clamav contains "an unspecified vulnerability" associated with the bzip2 decompression code. | |||||||||||||||||
| Alerts: |
| |||||||||||||||||
exiftags: multiple vulnerabilities
| Package(s): | exiftags | CVE #(s): | CVE-2007-6354 CVE-2007-6355 CVE-2007-6356 | |||||||||
| Created: | December 31, 2007 | Updated: | April 1, 2008 | |||||||||
| Description: | From the Gentoo advisory: Meder Kydyraliev (Google Security) discovered that Exif metadata is not properly sanitized before being processed, resulting in illegal memory access in the postprop() and other functions (CVE-2007-6354). He also discovered integer overflow vulnerabilities in the parsetag() and other functions (CVE-2007-6355) and an infinite recursion in the readifds() function caused by recursive IFD references (CVE-2007-6356). | |||||||||||
| Alerts: |
| |||||||||||
exiv2: integer overflow
| Package(s): | exiv2 | CVE #(s): | CVE-2007-6353 | ||||||||||||||||||
| Created: | December 21, 2007 | Updated: | January 24, 2008 | ||||||||||||||||||
| Description: | Integer overflow in exif.cpp in exiv2 library allows context-dependent attackers to execute arbitrary code via a crafted EXIF file that triggers a heap-based buffer overflow. | ||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||
gallery2: multiple vulnerabilities
| Package(s): | gallery2 | CVE #(s): | CVE-2007-6685 CVE-2007-6686 CVE-2007-6687 CVE-2007-6688 CVE-2007-6689 CVE-2007-6690 CVE-2007-6691 CVE-2007-6692 CVE-2007-6693 | |||||||||
| Created: | December 27, 2007 | Updated: | February 12, 2008 | |||||||||
| Description: | Versions of the Gallery photo management application before 2.2.4 have the following vulnerabilities: (1) an unauthorized album creation and file upload, (2) a local file inclusion vulnerability, (3) several cross site scripting vulnerabilities, (4) a web-accessibility protection problem, (5) problems with checks for disallowed file extensions with file uploads, (6) missing permissions checks on GR commands, (7) several information disclosures, (8) an arbitrary URL redirection problem and (9) a proxied request weakness. | |||||||||||
| Alerts: |
| |||||||||||
Ganglia: cross-site scripting
| Package(s): | ganglia | CVE #(s): | |||||||
| Created: | December 21, 2007 | Updated: | January 2, 2008 | ||||||
| Description: | Ganglia is a scalable, real-time monitoring and execution environment with all execution requests and statistics expressed in an open well-defined XML format. The Ganglia web frontend is vulnerable to cross-site scripting. | ||||||||
| Alerts: |
| ||||||||
imlib: denial of service
| Package(s): | imlib | CVE #(s): | CVE-2007-3568 | ||||||
| Created: | December 28, 2007 | Updated: | January 2, 2008 | ||||||
| Description: | The _LoadBMP function in imlib 1.9.15 and earlier allows context-dependent attackers to cause a denial of service (infinite loop) via a BMP image with a Bits Per Page (BPP) value of 0. | ||||||||
| Alerts: |
| ||||||||
kernel: information leak, denial of service
| Package(s): | linux-2.6 | CVE #(s): | CVE-2007-6206 CVE-2007-6417 | |||||||||||||||||||||||||||||||||||||||||||||
| Created: | December 21, 2007 | Updated: | May 7, 2008 | |||||||||||||||||||||||||||||||||||||||||||||
| Description: | Blake Frantz discovered that when a core file owned by a non-root user exists, and a root-owned process dumps core over it, the core file retains its original ownership. This could be used by a local user to gain access to sensitive information. (CVE-2007-6206)
Hugh Dickins discovered an issue in the tmpfs filesystem where, under a rare circumstance, a kernel page maybe improperly cleared, leaking sensitive kernel memory to userspace or resulting in a DoS (crash). (CVE-2007-6417) | |||||||||||||||||||||||||||||||||||||||||||||||
| Alerts: |
| |||||||||||||||||||||||||||||||||||||||||||||||
mt-daapd: multiple vulnerabilities
| Package(s): | mt-daapd | CVE #(s): | CVE-2007-5825 CVE-2007-5824 | ||||||
| Created: | December 31, 2007 | Updated: | June 13, 2008 | ||||||
| Description: | From the Gentoo advisory: nnp discovered multiple vulnerabilities in the XML-RPC handler in the file webserver.c. The ws_addarg() function contains a format string vulnerability, as it does not properly sanitize username and password data from the "Authorization: Basic" HTTP header line (CVE-2007-5825). The ws_decodepassword() and ws_getheaders() functions do not correctly handle empty Authorization header lines, or header lines without a ':' character, leading to NULL pointer dereferences (CVE-2007-5824). | ||||||||
| Alerts: |
| ||||||||
mysql: denial of service
| Package(s): | mysql-dfsg-5.0 | CVE #(s): | CVE-2007-6304 | ||||||||||||||||||
| Created: | December 21, 2007 | Updated: | April 7, 2008 | ||||||||||||||||||
| Description: | Philip Stoev discovered that the the federated engine of MySQL did not properly handle responses with a small number of columns. An authenticated user could use a crafted response to a SHOW TABLE STATUS query and cause a denial of service. | ||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||
peercast: buffer overflow
| Package(s): | peercast | CVE #(s): | CVE-2007-6454 | |||||||||
| Created: | December 28, 2007 | Updated: | May 21, 2008 | |||||||||
| Description: | A heap-based buffer overflow in the handshakeHTTP function in servhs.cpp in PeerCast 0.1217 and earlier, and SVN 344 and earlier, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long SOURCE request. | |||||||||||
| Alerts: |
| |||||||||||
syslog-ng: denial of service
| Package(s): | syslog-ng | CVE #(s): | CVE-2007-6437 | ||||||||||||
| Created: | December 31, 2007 | Updated: | January 21, 2008 | ||||||||||||
| Description: | The syslog-ng daemon does not properly handle messages containing an unterminated time stamp, resulting in the dereferencing of a NULL pointer and subsequent crash. | ||||||||||||||
| Alerts: |
| ||||||||||||||
typo3-src: SQL injection
| Package(s): | typo3-src | CVE #(s): | CVE-2007-6381 | |||
| Created: | December 28, 2007 | Updated: | January 2, 2008 | |||
| Description: | SQL injection vulnerability in the indexed_search system extension in TYPO3 3.x, 4.0 through 4.0.7, and 4.1 through 4.1.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
| Alerts: |
| |||||
wireshark: multiple vulnerabilities
| Package(s): | wireshark | CVE #(s): | CVE-2007-6111 CVE-2007-6112 CVE-2007-6113 CVE-2007-6115 CVE-2007-6116 CVE-2007-6119 | ||||||
| Created: | December 21, 2007 | Updated: | January 2, 2008 | ||||||
| Description: | Multiple unspecified vulnerabilities in Wireshark (formerly Ethereal) allow
remote attackers to cause a denial of service (crash) via (1) a crafted MP3
file or (2) unspecified vectors to the NCP dissector. (CVE-2007-6111)
Buffer overflow in the PPP dissector Wireshark 0.99.6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors. (CVE-2007-6112) Wireshark 0.10.12 to 0.99.6 allows remote attackers to cause a denial of service (long loop) via a malformed DNP packet. (CVE-2007-6113) Buffer overflow in the ANSI MAP dissector for Wireshark 0.99.5 to 0.99.6, when running on unspecified platforms, allows remote attackers to cause a denial of service and possibly execute arbitrary code via unknown vectors. (CVE-2007-6115) The Firebird/Interbase dissector in Wireshark 0.99.6 allows remote attackers to cause a denial of service (infinite loop or crash) via unknown vectors. (CVE-2007-6116) The DCP ETSI dissector in Wireshark 0.99.6 allows remote attackers to cause a denial of service (long loop and resource consumption) via unknown vectors. (CVE-2007-6119) | ||||||||
| Alerts: |
| ||||||||
wireshark: lots of dissector vulnerabilities
| Package(s): | wireshark | CVE #(s): | CVE-2007-6111 CVE-2007-6112 CVE-2007-6113 CVE-2007-6114 CVE-2007-6115 CVE-2007-6116 CVE-2007-6117 CVE-2007-6118 CVE-2007-6119 CVE-2007-6120 CVE-2007-6121 CVE-2007-6438 CVE-2007-6439 CVE-2007-6441 CVE-2007-6450 CVE-2007-6451 | ||||||||||||||||||||||||
| Created: | December 31, 2007 | Updated: | February 22, 2008 | ||||||||||||||||||||||||
| Description: | Wireshark has disclosed another long list of dissector vulnerabilities; see this advisory for details. | ||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||
Updated vulnerabilities
cairo: integer overflow
| Package(s): | Cairo | CVE #(s): | CVE-2007-5503 | |||||||||||||||||||||||||||||||||
| Created: | November 29, 2007 | Updated: | April 10, 2008 | |||||||||||||||||||||||||||||||||
| Description: | Cairo has an integer overflow vulnerability in the PNG image processing code. If a user processes a specially crafted PNG image with an application that is linked against cairo, arbitrary code can be executed with the user's privileges. | |||||||||||||||||||||||||||||||||||
| Alerts: |
| |||||||||||||||||||||||||||||||||||
Django: denial of service
| Package(s): | Django | CVE #(s): | CVE-2007-5712 | ||||||
| Created: | November 12, 2007 | Updated: | May 21, 2008 | ||||||
| Description: | From the CVE notice: The internationalization (i18n) framework in Django 0.91, 0.95, 0.95.1, and 0.96, and as used in other products such as PyLucid, when the USE_I18N option and the i18n component are enabled, allows remote attackers to cause a denial of service (memory consumption) via many HTTP requests with large Accept-Language headers. | ||||||||
| Alerts: |
| ||||||||
MySQL: privilege escalation
| Package(s): | MySQL | CVE #(s): | CVE-2007-3781 CVE-2007-5969 | |||||||||||||||||||||||||||||||||
| Created: | December 11, 2007 | Updated: | May 21, 2008 | |||||||||||||||||||||||||||||||||
| Description: | MySQL Community Server before 5.0.51, when a table relies on symlinks created through explicit DATA DIRECTORY and INDEX DIRECTORY options, allows remote authenticated users to overwrite system table information and gain privileges via a RENAME TABLE statement that changes the symlink to point to an existing file. (CVE-2007-5969)
MySQL Community Server before 5.0.45 does not require privileges such as SELECT for the source table in a CREATE TABLE LIKE statement, which allows remote authenticated users to obtain sensitive information such as the table structure. (CVE-2007-3781) | |||||||||||||||||||||||||||||||||||
| Alerts: |
| |||||||||||||||||||||||||||||||||||
Sun JDK/JRE: multiple vulnerabilities
| Package(s): | Sun JDK/JRE | CVE #(s): | CVE-2007-2435 CVE-2007-2788 CVE-2007-2789 | ||||||||||||||||||
| Created: | June 1, 2007 | Updated: | April 18, 2008 | ||||||||||||||||||
| Description: | An unspecified vulnerability involving an "incorrect use of system classes" was reported by the Fujitsu security team. Additionally, Chris Evans from the Google Security Team reported an integer overflow resulting in a buffer overflow in the ICC parser used with JPG or BMP files, and an incorrect open() call to /dev/tty when processing certain BMP files. | ||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||
apache2: information disclosure
| Package(s): | apache | CVE #(s): | CVE-2007-1862 | |||||||||
| Created: | June 20, 2007 | Updated: | February 18, 2008 | |||||||||
| Description: | From the Mandriva advisory: "The recall_headers function in mod_mem_cache in Apache 2.2.4 does not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously-used data, which could be used to obtain potentially sensitive information by unauthorized users." | |||||||||||
| Alerts: |
| |||||||||||
apache: multiple vulnerabilities
| Package(s): | apache | CVE #(s): | CVE-2007-3304 CVE-2006-5752 | |||||||||||||||||||||||||||||||||||||||||||||||||||
| Created: | June 27, 2007 | Updated: | February 18, 2008 | |||||||||||||||||||||||||||||||||||||||||||||||||||
| Description: | The Apache HTTP Server did not verify that a process was an Apache child
process before sending it signals. A local attacker who has the ability to
run scripts on the Apache HTTP Server could manipulate the scoreboard and
cause arbitrary processes to be terminated, which could lead to a denial of
service. (CVE-2007-3304)
A flaw was found in the Apache HTTP Server mod_status module. Sites with the server-status page publicly accessible and ExtendedStatus enabled were vulnerable to a cross-site scripting attack. On Red Hat Enterprise Linux the server-status page is not enabled by default and it is best practice to not make this publicly available. (CVE-2006-5752) | |||||||||||||||||||||||||||||||||||||||||||||||||||||
| Alerts: |
| |||||||||||||||||||||||||||||||||||||||||||||||||||||
apache: cross-site scripting
| Package(s): | apache | CVE #(s): | CVE-2006-3918 | ||||||||||||||||||
| Created: | August 9, 2006 | Updated: | April 4, 2008 | ||||||||||||||||||
| Description: | From the Red Hat advisory: "A bug was found in Apache where an invalid Expect header sent to the server was returned to the user in an unescaped error message. This could allow an attacker to perform a cross-site scripting attack if a victim was tricked into connecting to a site and sending a carefully crafted Expect header." | ||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||
httpd: denial of service, cross-site scripting
| Package(s): | apache httpd | CVE #(s): | CVE-2007-3847 CVE-2007-4465 | |||||||||||||||||||||||||||||||||||||||
| Created: | September 25, 2007 | Updated: | February 15, 2008 | |||||||||||||||||||||||||||||||||||||||
| Description: | A flaw was found in the mod_proxy module. On sites where a reverse proxy is
configured, a remote attacker could send a carefully crafted request that
would cause the Apache child process handling that request to crash. On
sites where a forward proxy is configured, an attacker could cause a
similar crash if a user could be persuaded to visit a malicious site using
the proxy. This could lead to a denial of service if using a threaded
Multi-Processing Module. (CVE-2007-3847)
A flaw was found in the mod_autoindex module. On sites where directory listings are used, and the AddDefaultCharset directive has been removed from the configuration, a cross-site-scripting attack may be possible against browsers which do not correctly derive the response character set following the rules in RFC 2616. (CVE-2007-4465) | |||||||||||||||||||||||||||||||||||||||||
| Alerts: |
| |||||||||||||||||||||||||||||||||||||||||
apache2: denial of service
| Package(s): | apache2 | CVE #(s): | CVE-2007-1863 | ||||||
| Created: | November 19, 2007 | Updated: | February 18, 2008 | ||||||
| Description: | From the CVE entry: cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value. | ||||||||
| Alerts: |
| ||||||||
asterisk: possible SQL injection
| Package(s): | asterisk | CVE #(s): | CVE-2007-6170 | |||||||||
| Created: | December 3, 2007 | Updated: | April 15, 2008 | |||||||||
| Description: | Tilghman Lesher discovered that the logging engine of Asterisk, a free software PBX and telephony toolkit, performs insufficient sanitizing of call-related data, which may lead to SQL injection. | |||||||||||
| Alerts: |
| |||||||||||
autofs: insecure default configuration
| Package(s): | autofs | CVE #(s): | CVE-2007-5964 | ||||||||||||||||||||||||
| Created: | December 12, 2007 | Updated: | January 14, 2008 | ||||||||||||||||||||||||
| Description: | Versions of the autofs automounter daemon as shipped by Red Hat (and possibly other distributors) are installed with an insecure configuration; in particular, the "hosts" map lacks the "nosuid" option, allowing an attacker who has control over an NFS server to run setuid programs on vulnerable systems. | ||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||
cacti: SQL injection vulnerability
| Package(s): | cacti | CVE #(s): | CVE-2007-6035 | ||||||||||||||||||||||||
| Created: | November 22, 2007 | Updated: | February 18, 2008 | ||||||||||||||||||||||||
| Description: | Versions of Cacti prior to 0.8.7a have an SQL injection vulnerability. Remote attackers can execute arbitrary SQL commands via unspecified vectors. | ||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||
cacti: denial of service
| Package(s): | cacti | CVE #(s): | CVE-2007-3112 CVE-2007-3113 | ||||||||||||
| Created: | September 18, 2007 | Updated: | February 18, 2008 | ||||||||||||
| Description: | A vulnerability in Cacti 0.8.6i and earlier versions allows remote authenticated users to cause a denial of service (CPU consumption) via large values of the graph_start, graph_end, graph_height, or graph_width parameters. | ||||||||||||||
| Alerts: |
| ||||||||||||||
clamav: denial of service
| Package(s): | clamav | CVE #(s): | CVE-2007-3725 | ||||||||||||
| Created: | July 24, 2007 | Updated: | February 27, 2008 | ||||||||||||
| Description: | A NULL pointer dereference has been discovered in the RAR VM of Clam Antivirus (ClamAV) which allows user-assisted remote attackers to cause a denial of service via a specially crafted RAR archives. | ||||||||||||||
| Alerts: |
| ||||||||||||||
clamav: multiple vulnerabilities
| Package(s): | clamav | CVE #(s): | CVE-2007-4510 CVE-2007-4560 | ||||||||||||||||||
| Created: | September 3, 2007 | Updated: | February 13, 2008 | ||||||||||||||||||
| Description: | Several remote vulnerabilities have been discovered in the Clam anti-virus
toolkit. The Common Vulnerabilities and Exposures project identifies the
following problems:
CVE-2007-4510: It was discovered that the RTF and RFC2397 parsers can be tricked into dereferencing a NULL pointer, resulting in denial of service. CVE-2007-4560: It was discovered clamav-milter performs insufficient input sanitizing, resulting in the execution of arbitrary shell commands. | ||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||
clamav: integer overflow and off-by-one
| Package(s): | clamav | CVE #(s): | CVE-2007-6335 CVE-2007-6336 | ||||||||||||||||||||||||
| Created: | December 19, 2007 | Updated: | February 13, 2008 | ||||||||||||||||||||||||
| Description: | ClamAV contains integer overflow and off-by-one errors which could be exploited (via specially-crafted email) to execute arbitrary code. | ||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||
cups: denial of service
| Package(s): | cups | CVE #(s): | CVE-2007-0720 | |||||||||||||||
| Created: | March 26, 2007 | Updated: | February 7, 2008 | |||||||||||||||
| Description: | Previous versions of the cups package could be forced to hang via a client "partially negotiating" an ssl connection. In this state, cups would not allow other connections to be made, a denial of service. | |||||||||||||||||
| Alerts: |
| |||||||||||||||||
cups: multiple vulnerabilities
| Package(s): | cups | CVE #(s): | CVE-2007-5849 CVE-2007-6358 CVE-2007-4352 CVE-2007-5392 CVE-2007-5393 | ||||||||||||||||||||||||
| Created: | December 19, 2007 | Updated: | April 3, 2008 | ||||||||||||||||||||||||
| Description: | The cups 1.3.5 release fixes a number of vulnerabilities in the PDF filters. Additionally, there is a buffer overflow in the SNMP code and a temporary file vulnerability. | ||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||
debian-goodies: privilege escalation
| Package(s): | debian-goodies | CVE #(s): | CVE-2007-3912 | ||||||
| Created: | October 5, 2007 | Updated: | March 24, 2008 | ||||||
| Description: | Thomas de Grenier de Latour discovered that the checkrestart program included in debian-goodies did not correctly handle shell meta-characters. A local attacker could exploit this to gain the privileges of the user running checkrestart. | ||||||||
| Alerts: |
| ||||||||
dovecot: privilege escalation
| Package(s): | dovecot | CVE #(s): | CVE-2007-4211 | |||||||||
| Created: | August 15, 2007 | Updated: | May 21, 2008 | |||||||||
| Description: | From the rPath advisory: "Previous versions of the dovecot package are vulnerable to a minor privilege escalation attack in which an authenticated user may exploit an ACL plugin weakness to save message flags without having proper permissions." | |||||||||||
| Alerts: |
| |||||||||||
dovecot: directory traversal
| Package(s): | dovecot | CVE #(s): | CVE-2007-2231 | ||||||||||||
| Created: | May 8, 2007 | Updated: | May 21, 2008 | ||||||||||||
| Description: | Directory traversal vulnerability in index/mbox/mbox-storage.c in Dovecot before 1.0.rc29, when using the zlib plugin, allows remote attackers to read arbitrary gzipped (.gz) mailboxes (mbox files) via a .. (dot dot) sequence in the mailbox name. | ||||||||||||||
| Alerts: |
| ||||||||||||||
e2fsprogs: integer overflows
| Package(s): | e2fsprogs | CVE #(s): | CVE-2007-5497 | |||||||||||||||||||||||||||
| Created: | December 7, 2007 | Updated: | February 12, 2008 | |||||||||||||||||||||||||||
| Description: | Rafal Wojtczuk of McAfee AVERT Research discovered that e2fsprogs, ext2 file system utilities and libraries, contained multiple integer overflows in memory allocations, based on sizes taken directly from filesystem information. These could result in heap-based overflows potentially allowing the execution of arbitrary code. | |||||||||||||||||||||||||||||
| Alerts: |
| |||||||||||||||||||||||||||||
eggdrop: stack-based buffer overflow
| Package(s): | eggdrop | CVE #(s): | CVE-2007-2807 | |||||||||||||||
| Created: | September 7, 2007 | Updated: | January 7, 2008 | |||||||||||||||
| Description: | A stack-based buffer overflow in mod/server.mod/servrmsg.c in Eggdrop 1.6.18, and possibly earlier, allows user-assisted, malicious remote IRC servers to execute arbitrary code via a long private message. | |||||||||||||||||
| Alerts: |
| |||||||||||||||||
emacs: buffer overflow
| Package(s): | emacs | CVE #(s): | CVE-2007-6109 | ||||||||||||
| Created: | December 10, 2007 | Updated: | May 6, 2008 | ||||||||||||
| Description: | From the National Vulnerability Database: Buffer overflow in emacs allows attackers to have an unknown impact, as demonstrated via a vector involving the command line. | ||||||||||||||
| Alerts: |
| ||||||||||||||
emacs: command execution via local variables
| Package(s): | emacs | CVE #(s): | CVE-2007-5795 |
| Created: | November 14, 2 |