LWN.net Logo

LWN.net Weekly Edition for January 3, 2008

The 2007 Linux and free software timeline

Welcome to the tenth annual LWN Linux and free software timeline. In what has become a longstanding tradition, LWN finishes each year with a collection of the most important events from the last twelve months.

This is version 1.0 of the 2007 timeline. There are certainly errors and omissions; if you find any, please send them to timeline@lwn.net rather than posting them as comments.

The development of the LWN.net Linux Timeline was supported by LWN subscribers; if you like what you see, please consider subscribing to LWN.

  • January: Nouveau driver pledge, GPL Second Life, LCA, ...
  • February: Bitfrost, 2.6.20, RTLinux, Robbins, Raymond, ...
  • March: RSDL, RHEL5, Murdock, Beryl/Compiz, ...
  • April: OpenBSD, Debian 4.0, CFS, 2.6.21, ...
  • May: Python 3000, 235 violated patents, Indiana, Fedora 7, ...
  • June: Emacs, Microsoft deals, Btrfs, GPLv3, ...
  • July: Slackware 12, 2.6.22, CUPS, CPAL, ...
  • August: SCO loses, ClamAV, OpenBSD, ...
  • September: NetAPP/Sun, Kernel summit, ATI opens up, SCO bankruptcy, ...
  • October: 2.6.23, openSUSE 10.3, Gutsy, GNOME/OOXML, ...
  • November: Fedora 8, KDE 4.0-rc, lawsuits, ...
  • December: RHE-MRG, qmail, HTML5 without Theora, ...
This year, we are pleased to announce the return of the one big page version as well.

Thanks to the following people for suggestions which have improved this year's timeline:

  • Xavier Bestel
  • Chromatic
  • Norman Gaywood
  • Jim Gettys

For the historically minded, the timelines for the previous nine years remain available:

1998 1999 2000 2001 2002 2003 2004 2005 2006

Comments (4 posted)

Wild predictions for 2008

By Jonathan Corbet
December 31, 2007
It's that time of year again: the beginning of the new year - along with the lack of much else going on - inspires editors to make predictions about what they think may happen in the coming months. Your editor is not immune to these forces, and he has long since ceased to fear the possibility of looking like a fool in front of thousands of people. He's used to looking like a fool in front of thousands of people. So, without further ado, here's a set of wild guesses about what may await us in 2008.

Development

Support for Flash media will reach a usable state in 2008 - at least, on the playback side. The ability to waste time on video sites using only free software will doubtless prove appealing for many Linux users, while the ability to display Flash-based advertising may prove less so. But Flash is an important medium for video content and various types of interaction; good, free support for this medium is an important prerequisite for true World Domination. Arguably even more important is the ability to create Flash media on Linux, but that will take a little longer to come around.

KDE 4.0 will be released early in the year. This is a huge, milestone release for the KDE development community, but the developers who have worked so hard toward this goal may find the user community's response a little disappointing. For all of the great work which has gone into 4.0, it remains a dot-zero release, and a big one at that. The remaining bugs and missing features are certain to put off some early adopters. One need only think back to the early GNOME 2.x releases, though, to realize that this is a normal part of the development process and that things will get much better quickly.

The focus on power consumption will intensify this year, continuing a trend from 2007. Linux should, by all rights, consume less power than competing systems on the same hardware - but it doesn't. We now have the tools to identify and track down the worst offenders in this area, and we have the low-level support needed to make low-power Linux possible. Mobile applications may continue to drive this push, but there may be even more low-hanging fruit on fixed systems. There is just no end of reasons to reduce power consumption on all systems running Linux, and we're now in a position to get that job done.

The merging of the realtime Linux tree will be substantially complete by the end of the year. Your editor is out on a limb here; the remaining realtime code includes some of the most intrusive changes. But distributors are shipping this code now, and it has been well tested in a number of environments. So it seems likely that, by the end of 2008, the mainline Linux kernel will be fully capable of running in a realtime mode.

Legal issues and related overhead

The OOXML standardization debate will continue, and Microsoft may well prevail in getting its document format recognized as a standard by the end of the year. The free software community will react as it always has - it's just another data format to support.

More projects will move to GPLv3 in 2008, creating occasional fallout at the distributor level when newly-created licensing conflicts are found. The most interesting potential change is the GNU C library, which remains at LGPL 2.1 as of this writing. A GPLv3-licensed glibc would have to be user-replaceable, which could be problematic on locked-down devices. So, if this change happens, expect a increased interest in alternative C libraries for embedded applications.

GPL enforcement activities will continue and may even increase. Patience with companies which use the code without complying with its license is at a low point, and that will not change. Chances are that, once again, almost every company which is confronted on GPL-violation issues will come into compliance without going to court.

There will be no more Microsoft patent deals, at least with companies of any significance. Those who are inclined to make such agreements have already done so; the holdouts are unlikely to change their minds at this point.

Commercial and related

The OLPC project will start to think seriously about the successor to the XO. There will be many opportunities to build a platform which can be even more empowering for small children; for example, the GNU Radio folks are already pondering ways to bring software-defined radio capabilities to this machine. Meanwhile, deployments of the XO will continue to happen and we'll see the first effects of putting truly free systems into the hands of children. Some of those effects will certainly surprise us.

The days of hardware support hassles will be over. By the end of 2008, we should have good support for ATI graphics adapters, Atheros wireless chipsets, and even, via the Nouveau project, NVidia adapters. There will always be exceptions, but the rule will be clear: we will be able to buy hardware secure in the knowledge that it will work with our Linux systems.

Competition between distributors will grow in intensity. We saw some hints of this in the sniping between Red Hat and Novell toward the end of 2007; there will be more as these businesses increase their focus on the bottom line. Ubuntu will also push harder, though, interestingly, it often seems like that distributor's biggest perceived competitor is Fedora. Your editor believes (and hopes) that cooperation at the development level will remain strong despite increasing drama at the public relations level.

Along these lines, expect intensified competition from Sun, which will continue to try to aggressively push Solaris into Linux shops while simultaneously presenting a friendly face to the community. We may also see more of the less-friendly side of the BSD community for similar reasons.

Community

There will be a major technical Linux event in the United States - the first in some years. The Linux Plumbers Conference, planned for mid-September, will be unique in its focus on the kernel and the software layers immediately surrounding it. Getting the "greater kernel ecosystem" together in one place is an overdue move which should help integration and development of the plumbing we all depend on.

Participation in the development community will grow. That, of course, has been true every year for at least two decades. In 2008, though, we can expect to see a stronger push to encourage developers from parts of the world which traditionally have not contributed so strongly to our community; Asia, in particular, should continue to increase its presence. We will also continue to see companies in the embedded systems area figure out that, if they do not participate in the development of the code they use, others will have a much stronger influence on how that development goes.

Tolerance for anti-social behavior on mailing lists, IRC channels, etc. will continue to drop as development communities try to attract and provide a welcoming environment for more participants. Many communities have formal codes of conduct now; others may well try to adopt them. But even less-formal groups will increasingly understand that a harsh and unfriendly environment hurts the project as a whole.

As usual, we'll come back to these predictions at the end of the year and mock them without mercy. Until then, best wishes for a great 2008 from the LWN editorial team!

Comments (20 posted)

The Grumpy Editor's video journey part 3: DVD authoring

By Jonathan Corbet
January 2, 2008
Part of the LWN Grumpy Editor series
As readers of the first part of this series will remember, your editor has set out on a project to digitize a set of old video tapes and turn them into properly-formatted DVD media suitable for handing out to the grandparents. Part 1 was about the task of capturing this data to disk; part 2 covers the video editors available for turning the captured data into something watchable, and part 3 covers the task of creating a DVD from the edited video.

Attentive readers may have noticed that part 2 has not yet been written; there are more editors available than your editor had expected (currently under review are Cinelerra CV, Kino, PiTiVi, LiVES, and Avidemux), so that process is taking longer than expected. For the purposes of this article, let us assume that your editor has a disk full of video clips which have been edited and properly formatted into the MPEG2/AC3 video object files expected by DVD players. There will be a discussion of the best ways to get those files there in the near future, promise.

Many of us have burned CDs and found the process to be relatively straightforward - the biggest obstacle is often just getting past the grumpiness built into cdrecord and its latter-day derivatives. Creating data DVDs is not a whole lot harder. So one might be inclined to approach the task of creating a video DVD with a "this will be easy" attitude. It is, in fact, a task just about anybody can learn to do, but it is on a different order of complexity than creating a CD full of music. A video DVD is, in truth, a program complete with its own hierarchical structure, menus, and code written for the simple virtual machine lurking within every DVD player. Creating a playable DVD requires writing that program.

If DVDs are programs, then the one compiler available for Linux systems is the command-line dvdauthor tool. Regardless of how one builds a DVD, dvdauthor will be involved in the process at some point. This tool requires a collection of video objects representing the actual video titles and also implementing the menus, subtitles, and more. It's all tied together via a complex XML file (example) which is compiled by dvdauthor to create the final product.

It is possible to create all of these pieces by hand, and, doubtless, Real Linux Video Jocks would not do it any other way. One can use dvdauthor to help with the generation of parts of the XML file. There is documentation which seems fairly complete, if a bit terse. But the fact of the matter is that most people attempting to use this tool directly will give up in despair. There is no reason why DVD authors should have to work at this level; dvdauthor is essentially an assembler which, while being absolutely essential to do most of the heavy lifting, should be hidden from most polite company. DVD creation is a visual task; there should be visually-oriented tools for this job. The good news is that these tools do, indeed, exist.

DVDStyler

[DVDStyler] The first of these tools is DVDStyler, a GTK-based application. There are three basic tabs which are used to work through the tasks of piecing together a DVD; they are labeled "Directories," "Backgrounds," and "Buttons." The directories tab pulls up a simple internal directory browser, useful for adding objects to the DVD. So, if the DVD author has a collection of VOB files containing video data, they can be found by way of this tab and added, one by one, to the DVD. Each object shows up in the bottom pane of the window, generally with an unhelpful annotation like "Title 2". There is no easy way to see what each of those titles is; one must query their properties and look at the associated file name.

As a grumpy aside, your editor must note that the directory browser uselessly starts at $HOME. One need not work with much video data before realizing that special provisions must be made for its storage; video objects are unlikely to be kept in the home directory. Your editor has a hard time understanding why tools like this are unable to start file searches in the current working directory, which is a much more likely place to find things of interest. Switching to $HOME is not just a least-surprise violation; it actively makes things harder for the user.

The "Backgrounds" tab helpfully offers a dozen or so canned background images which can be used for the DVD menus. They are nice backgrounds, and they might just be useful for somebody struggling through the process of creating a DVD for the first time. Your editor, though, suspects that most users, by the time they create their second (working) DVD, might just want to supply their own background images. They will look for that option under the "Backgrounds" tab in vain, though. It is possible to supply a custom image: go to the large (video screen) pane, right-click, select "properties," and set an image there. It's easy, once you've figured it out. But one would think that, having gone to the trouble to provide an entire mode dedicated to background images, the developer would have thought to toss in a "none of the above" button.

The hardest part of creating a DVD (once one has suitable video in place, obviously) is getting the menus to work. DVDStyler starts with an empty main menu in place; it is up to the user to add entries which will do interesting things. That is done by way of the "Buttons" tab. There's a selection of arrows available, as well as the ability to add basic text buttons. The button of interest can be simply dragged to the right spot on the menu, sized appropriately, and configured to do the right thing. There are also "empty" buttons for more complicated situations where the real button text (or image) is found on the menu's background image.

[Button dialog] Having added a button, the author must tell the system what happens in response to events on that button. To that end, there is a separate "properties" dialog. Usually one wants a button to cause a certain video title to be played, and that is easily configured. If more than one menu has been created, buttons can also be set to jump from one menu to the next. There is a "custom" blank for the harder cases which require direct entry of code to be executed by the DVD virtual machine. In DVDStyler, the selection of relatively obscure options (subtitles, languages, camera angles) can only be set up in this way.

Also required is a specification of what happens when one of the directional arrows is pressed. The default "auto" setting leaves that up to the player, which will probably do the right thing - the down arrow, for example, will move the focus to the next button below the current one. Anybody who is concerned about the user interface provided by the resulting DVD will probably want to set these actions explicitly, though - a somewhat tedious and time-consuming task.

Eventually, the time comes to actually create the DVD. Most first-time users will probably go to the DVD menu for this task, but the "burn" option is not there - it's under the "file" menu instead. The resulting dialog works nicely, giving the user the option to stop after generating the ISO image or to run a preview application (xine by default) before actually writing to the disk. Underneath this dialog is a whole set of helper commands which are run; those can be configured if need be, but most users will not tread there.

All told, your editor found DVDStyler to be the easier tool to use for quickly putting together a video disk. There is just one little problem: those disks never quite worked right on your editor's ancient DVD player. Somehow, a misunderstanding about how the menus should work crept in. Your editor suspects, perhaps, that overlapping buttons may have something to do with it; the other application reviewed by your editor (QDVDAuthor) detected and corrected that situation, but DVDStyler did not. In any case, newer players had no problem with the generated disks, so this may not be a problem that most people need to be concerned with.

'Q' DVD-Author

[qdvdauthor] The other DVD authoring application considered here is 'Q' DVD-Author (or qdvdauthor from here on out in an effort to save your editor's typing fingers). This is a Qt-based application aimed at providing complete DVD authoring capability. It is arguably more complete and mature than DVDStyler, but more complex as well.

Qdvdauthor provides a three-paned window with areas for the current set of audio/video objects, the DVD hierarchy, and the menu designer. The audio/video pane, on the left end, is clearly a work in progress. There is a thumbnail area which shows the opening frame of the associated video - sometimes. Other times it stays green and qdvdauthor silently leaves an mplayer process desperately cranking away in the background. It was only when the load average on your editor's system got to around 20 that he figured that one out. There is a "play" button which pops up a cheery "not yet implemented" button. The run time of each video title is also displayed. All told, it is a more useful display than what DVDStyler offers, with the potential to be quite a bit better yet.

The middle pane shows the current hierarchy of objects making up the DVD. It is a helpful display, given that DVDs truly are hierarchical objects. It likes to reset itself to the top, though, making it necessary to scroll repeatedly toward the bottom when the DVD gets more complex. The right pane shows one of the DVD menus - or a couple of other things we'll see later on. One very nice feature is the little display at the bottom showing how much data has been committed to the DVD so far and how much room remains.

Video titles are easily added using the prominent "add movie" button. Once attention turns to the menu creation process, one notices that there is no separate "backgrounds" tab - but there is a button for adding a custom background image, which is what is really needed anyway. Your editor found that dragging a thumbnail from the video pane over to the menu area created a picture button which would play the associated title - a nice feature.

[qdvdauthor text properties dialog] [qdvdauthor button properties dialog] The creation of text buttons (or those from a separate image) is a bit more labor-intensive, requiring the user to right-click on the background, select "add text", draw a rectangle to define the text area, fill in a rather gaudy text dialog (shown left) with the actual text (and tweak fonts and such), right-click on the newly-added text and select "define as button", then fill in the button properties dialog (shown right). That last step involves setting the button name (necessary - it would be nice if it defaulted to the button text) and picking the various associated actions. It takes a while.

Eventually, the time comes to commit all of that work to an actual DVD. A click on the associated button gets that process going. If one has been sloppy in drawing out buttons, the first thing to come up will be a warning that some of the buttons overlap, accompanied by an offer to fix the problem automatically. One can also decline the offer (aborting the process) to fix the problem manually.

This is as good a point as any to note that moving and resizing buttons in qdvdauthor is a real exercise in pain. The button areas have the usual grab points for moving, dragging edges and corners, or rotating the button. But none of those are visible until the user has clicked the mouse and committed himself to doing something. The end result is that attempts to drag a button often do something else - like rotating them to some strange angle. The basic interaction modes for operating on graphical objects in a display have been well understood for years; one can only imagine that whoever designed this interface was engaging in some sort of sadistic exercise which was sponsored by purveyors of strong drink.

[burn dialog] Once the buttons have been sorted out, selecting the burn operation brings up a rather intimidating dialog showing all of the commands which will be executed to get the job done. It's at this point that one realizes just how much behind-the-scenes magic is going on to make the DVD creation process actually happen. There are options to disable specific parts of the process (actually burning the disk, for example), and the adventurous can edit the commands before they run. Most people, though, will probably just hit the "OK" button at the bottom and watch the process unfold. Which it does, just as one would expect.

There's a few other nice features hidden in this application. The menu pane can be made to show the XML file which will be generated for dvdauthor; it can also be put into a garish and complex dialog which facilitates the addition of subtitles. There is a template mechanism for menus, and a network-based repository from which qdvdauthor can download new templates. There is an operation which will convert the entire DVD between the NTSC and PAL formats - your editor has not yet exercised this option, but, given that some of the grandparents for whom this work is intended live in Europe, it will eventually come in handy. There is a little-used plugin mechanism and a theme feature as well; long-neglected Motif users will be glad to know there is a style for them. The addition of audio to menus and intro/outro sequences to titles is relatively straightforward. There is also an option to make DVD slideshows out of a series of still images.

Conclusion

Either one of these applications can get the job done. They both show the best of how an application on a Unix-like system can add power by using existing tools. Neither DVDStyler nor qdvdauthor actually does much of the work of creating menus or burning DVDs; they mostly just put together fiendishly-complex command lines and call out to the tools which have been designed to do that work well. Overall, the combination works reasonably well.

A feature which is lacking from both tools is a "hold my hand" mode for people who are not - and do not want to be - experts in DVD creation. A sequence of screens which would set up an initial menu, import titles, and create buttons for each would be most helpful in this regard. As it is, users must have their own internal checklist in mind when creating DVDs, and it is easy to miss things. Your editor, while certainly slower than most, is unlikely to be the only one to have created an impressive pile of coasters before finally producing a DVD which actually worked as intended.

While the tools edited here are, in your editor's opinion, the best available for Linux for this task, there are some others to be aware of:

  • Tovid is a set of command-line tools for the creation of DVD menus and putting the whole structure together. They hide much of the underlying complexity and may prove useful for users not wanting to work with a graphical interface.

  • VideoLink is an interesting tool which enables the creation of DVD menus in HTML. It then renders them with a web browser and prepares the result for burning to a DVD.

  • Kino (which will be covered in depth in part 2) can produce a simple dvdauthor script to make a no-menu DVD with a single title.

  • KDE DVD Authoring Wizard is a kdialog script which steps the user through the creation of a simple DVD. It provides the handholding mentioned above, but, arguably, simplifies out too much of the process.

Of all these tools, it must be said that qdvdauthor is, at this time, the most complete and capable. It provides access to almost any capability supported by current DVD players, is relatively easy to use, and works most of the time. With luck, the developers (who released the 1.0.0 version reviewed here in November, 2007) will devote themselves to smoothing out the remaining rough edges, leaving us with a tool which DVD authors at any level can use.

Comments (22 posted)

Page editor: Jonathan Corbet

Security

The future of unencrypted web traffic

By Jake Edge
January 2, 2008

Hypertext transfer protocol (http) is the heart of the web, providing the means to retrieve content from remote servers. It is an unencrypted, text-based protocol which allows malicious intermediaries to snoop on and potentially modify the traffic. Unfortunately, internet service providers (ISPs) are getting increasingly bold in manipulating the traffic that they carry. This has lead some to call for the elimination of http, in favor of encrypted http (aka secure http or https).

An ISP is perfectly situated to gather an enormous amount of information about its users, their website preferences and habits (often called clickstream data). Some have reportedly been selling some of that data in a thinly-anonymized form to advertisers and others. As AOL's well-intentioned, but poorly implemented, release of search queries showed, it is rather easy to analyze this kind of data and pierce the anonymity, deriving the specific user.

Another recent ISP trick is to modify a retrieved web page to display other information – under the control of the ISP – which looks like it comes from the website itself. Canadian ISP Rogers Internet has been testing a system to add content to the Google homepage for their customers who are near their monthly bandwidth limits. There are also plans afoot for ISPs to use clickstream data to target advertising – though just where those ads would show up is far from clear.

This kind of manipulation is unlikely to be what internet users expect – to the extent they think about it all. The model folks tend to use is that of a phone company; we do not expect them to sell our call records to the highest bidder, nor do we give them license to modify our calls. Various telecommunications privacy laws protect that data, but those laws have not (yet) been applied to internet traffic. In addition, ISPs tend to have a monopoly or near-monopoly, which restricts alternative, less-intrusive ISPs from competing.

Fortunately, there are technical solutions possible in the internet realm that would be difficult or impossible to implement network-wide in the phone system. Encrypting website traffic will go a long way towards eliminating this kind of ISP abuse, though it is no panacea. As more of these kinds of privacy invasions occur, we should see more routine use of https by websites.

Currently, https is almost exclusively used for e-commerce transactions; typing in credit card numbers and the like. Authentication via username and password is another area that sees widespread encrypted pages. Sites may start to use https for their entire site to combat clickstream and page rewriting abuse – though there will still be some information leakage as the ISPs can still see what sites are being visited.

In order to make an https connection, the server must have a certificate with its public key. Typically those are signed by an authority recognized by browsers which allows the browser to authenticate that the certificate belongs to the host visited. Getting signed certificates is a bit cumbersome, costs some money, and they need to be renewed periodically – all of which adds up to a headache for a site, especially a small, non-commercial site, that wants to switch to using https. Self-signed certificates are an alternative, but because they are susceptible to man-in-the-middle attacks, browsers warn their users when they receive one.

Another problem with this approach is the extra processing required on the server to support encrypting each and every request. There is a non-trivial amount of extra work that must be done per request and cannot be cached. Sites that wish to avoid the problems that some ISPs are introducing will just have to bear that cost.

Pushing bits is not very glamorous, but that is really what one hires an ISP to do. Since they seem to be finding new and exciting ways to interfere with those bits – Comcast messing with BitTorrent traffic for example – internet users will have to find ways to thwart their schemes and encryption will be a big part of that effort. Using https site-wide is only one step, other services will also need to be protected from ISP abuse. What if an ISP started manipulating the results returned from DNS queries, perhaps routing some to a server they control?

Comments (32 posted)

LWN adds a Security index

LWN has added a new index to complement the existing Kernel index. The Security index covers security articles we have published since the start of 2007. Hopefully this will be a useful resource for our readers and, as always, we value your comments. Please send them to lwn-AT-lwn.net.

Comments (none posted)

New vulnerabilities

autofs: privilege escalation

Package(s):autofs CVE #(s):CVE-2007-6285
Created:December 21, 2007 Updated:January 14, 2008
Description: The default configuration for autofs 5 (autofs5) on Red Hat Enterprise Linux (RHEL) 4 and 5 does not specify the nodev mount option for the -hosts map, which allows local users to access "important devices" by operating a remote NFS server and creating special device files on that server.
Alerts:
Mandriva MDVSA-2008:009-1 2007-01-12
Mandriva MDVSA-2008:009 2007-01-11
Fedora FEDORA-2007-4707 2007-12-21
Fedora FEDORA-2007-4709 2007-12-21
Red Hat RHSA-2007:1177-01 2007-12-20
Red Hat RHSA-2007:1176-01 2007-12-20

Comments (1 posted)

bind: insecure permissions

Package(s):bind CVE #(s):CVE-2007-6283
Created:December 21, 2007 Updated:July 10, 2008
Description: Red Hat Enterprise Linux 5 and Fedora install the Bind /etc/rndc.key file with world-readable permissions, which allows local users to perform unauthorized named commands, such as causing a denial of service by stopping named.
Alerts:
Fedora FEDORA-2008-6281 2008-07-09
Red Hat RHSA-2008:0300-02 2008-05-21
Fedora FEDORA-2008-0903 2008-01-22
Fedora FEDORA-2007-4655 2007-12-20
Fedora FEDORA-2007-4658 2007-12-20

Comments (1 posted)

clamav: mystery vulnerability

Package(s):clamav CVE #(s):CVE-2007-6337
Created:December 31, 2007 Updated:January 22, 2008
Description: Clamav contains "an unspecified vulnerability" associated with the bzip2 decompression code.
Alerts:
Fedora FEDORA-2008-0115 2008-01-22
Fedora FEDORA-2008-0170 2008-01-22
SuSE SUSE-SR:2008:001 2008-01-09
Mandriva MDVSA-2008:003 2007-01-08
Gentoo 200712-20 2007-12-29

Comments (1 posted)

exiftags: multiple vulnerabilities

Package(s):exiftags CVE #(s):CVE-2007-6354 CVE-2007-6355 CVE-2007-6356
Created:December 31, 2007 Updated:April 1, 2008
Description: From the Gentoo advisory: Meder Kydyraliev (Google Security) discovered that Exif metadata is not properly sanitized before being processed, resulting in illegal memory access in the postprop() and other functions (CVE-2007-6354). He also discovered integer overflow vulnerabilities in the parsetag() and other functions (CVE-2007-6355) and an infinite recursion in the readifds() function caused by recursive IFD references (CVE-2007-6356).
Alerts:
Debian DSA-1533-2 2008-04-01
Debian DSA-1533-1 2008-03-27
Gentoo 200712-17 2007-12-29

Comments (none posted)

exiv2: integer overflow

Package(s):exiv2 CVE #(s):CVE-2007-6353
Created:December 21, 2007 Updated:October 15, 2008
Description: Integer overflow in exif.cpp in exiv2 library allows context-dependent attackers to execute arbitrary code via a crafted EXIF file that triggers a heap-based buffer overflow.
Alerts:
Ubuntu USN-655-1 2008-10-15
Mandriva MDVSA-2008:119 2007-06-19
Debian DSA-1474-1 2008-01-23
Mandriva MDVSA-2008:006 2007-01-10
SuSE SUSE-SR:2008:001 2008-01-09
Gentoo 200712-16 2007-12-29
Fedora FEDORA-2007-4591 2007-12-20
Fedora FEDORA-2007-4551 2007-12-20

Comments (none posted)

gallery2: multiple vulnerabilities

Package(s):gallery2 CVE #(s):CVE-2007-6685 CVE-2007-6686 CVE-2007-6687 CVE-2007-6688 CVE-2007-6689 CVE-2007-6690 CVE-2007-6691 CVE-2007-6692 CVE-2007-6693
Created:December 27, 2007 Updated:February 12, 2008
Description: Versions of the Gallery photo management application before 2.2.4 have the following vulnerabilities: (1) an unauthorized album creation and file upload, (2) a local file inclusion vulnerability, (3) several cross site scripting vulnerabilities, (4) a web-accessibility protection problem, (5) problems with checks for disallowed file extensions with file uploads, (6) missing permissions checks on GR commands, (7) several information disclosures, (8) an arbitrary URL redirection problem and (9) a proxied request weakness.
Alerts:
Gentoo 200802-04 2008-02-11
Fedora FEDORA-2007-4778 2007-12-26
Fedora FEDORA-2007-4777 2007-12-26

Comments (none posted)

Ganglia: cross-site scripting

Package(s):ganglia CVE #(s):
Created:December 21, 2007 Updated:January 2, 2008
Description: Ganglia is a scalable, real-time monitoring and execution environment with all execution requests and statistics expressed in an open well-defined XML format. The Ganglia web frontend is vulnerable to cross-site scripting.
Alerts:
Fedora FEDORA-2007-4584 2007-12-20
Fedora FEDORA-2007-4562 2007-12-20

Comments (none posted)

imlib: denial of service

Package(s):imlib CVE #(s):CVE-2007-3568
Created:December 28, 2007 Updated:January 2, 2008
Description: The _LoadBMP function in imlib 1.9.15 and earlier allows context-dependent attackers to cause a denial of service (infinite loop) via a BMP image with a Bits Per Page (BPP) value of 0.
Alerts:
Fedora FEDORA-2007-4561 2007-12-28
Fedora FEDORA-2007-4594 2007-12-28

Comments (none posted)

kernel: information leak, denial of service

Package(s):linux-2.6 CVE #(s):CVE-2007-6206 CVE-2007-6417
Created:December 21, 2007 Updated:September 1, 2010
Description: Blake Frantz discovered that when a core file owned by a non-root user exists, and a root-owned process dumps core over it, the core file retains its original ownership. This could be used by a local user to gain access to sensitive information. (CVE-2007-6206)

Hugh Dickins discovered an issue in the tmpfs filesystem where, under a rare circumstance, a kernel page maybe improperly cleared, leaking sensitive kernel memory to userspace or resulting in a DoS (crash). (CVE-2007-6417)

Alerts:
SUSE SUSE-SA:2010:036 2010-09-01
Red Hat RHSA-2008:0787-01 2009-01-05
Red Hat RHSA-2009:0001-01 2009-01-08
CentOS CESA-2008:0885 2008-09-25
Red Hat RHSA-2008:0885-01 2008-09-24
SuSE SUSE-SA:2008:032 2008-07-07
SuSE SUSE-SA:2008:030 2008-06-20
Mandriva MDVSA-2008:112 2007-06-12
CentOS CESA-2008:0211 2008-05-07
Red Hat RHSA-2008:0211-01 2008-05-07
Mandriva MDVSA-2008:086 2008-04-15
Debian DSA-1503-2 2008-03-06
Debian DSA-1504 2008-02-22
Debian DSA-1503 2008-02-22
Ubuntu USN-578-1 2008-02-14
SuSE SUSE-SA:2008:007 2008-02-12
Mandriva MDVSA-2008:044 2008-02-12
rPath rPSA-2008-0048-1 2008-02-08
SuSE SUSE-SA:2008:006 2008-02-07
Ubuntu USN-574-1 2008-02-04
Red Hat RHSA-2008:0055-01 2008-01-31
Red Hat RHSA-2008:0089-01 2008-01-23
Debian DSA-1436-1 2007-12-20

Comments (none posted)

mt-daapd: multiple vulnerabilities

Package(s):mt-daapd CVE #(s):CVE-2007-5825 CVE-2007-5824
Created:December 31, 2007 Updated:September 1, 2008
Description: From the Gentoo advisory: nnp discovered multiple vulnerabilities in the XML-RPC handler in the file webserver.c. The ws_addarg() function contains a format string vulnerability, as it does not properly sanitize username and password data from the "Authorization: Basic" HTTP header line (CVE-2007-5825). The ws_decodepassword() and ws_getheaders() functions do not correctly handle empty Authorization header lines, or header lines without a ':' character, leading to NULL pointer dereferences (CVE-2007-5824).
Alerts:
Debian DSA-1597-2 2008-08-30
Debian DSA-1597-1 2008-06-12
Gentoo 200712-18 2007-12-29

Comments (none posted)

mysql: denial of service

Package(s):mysql-dfsg-5.0 CVE #(s):CVE-2007-6304
Created:December 21, 2007 Updated:April 7, 2008
Description: Philip Stoev discovered that the the federated engine of MySQL did not properly handle responses with a small number of columns. An authenticated user could use a crafted response to a SHOW TABLE STATUS query and cause a denial of service.
Alerts:
Gentoo 200804-04 2008-04-06
SuSE SUSE-SR:2008:003 2008-02-07
Mandriva MDVSA-2008:028 2007-01-29
Mandriva MDVSA-2008:017 2008-01-19
Debian DSA-1451-1 2008-01-06
Ubuntu USN-559-1 2007-12-21

Comments (none posted)

peercast: buffer overflow

Package(s):peercast CVE #(s):CVE-2007-6454
Created:December 28, 2007 Updated:May 21, 2008
Description: A heap-based buffer overflow in the handshakeHTTP function in servhs.cpp in PeerCast 0.1217 and earlier, and SVN 344 and earlier, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long SOURCE request.
Alerts:
Debian DSA-1583-1 2008-05-20
Gentoo 200801-22:02 2008-01-30
Debian DSA-1441-1 2007-12-28

Comments (none posted)

syslog-ng: denial of service

Package(s):syslog-ng CVE #(s):CVE-2007-6437
Created:December 31, 2007 Updated:January 21, 2008
Description: The syslog-ng daemon does not properly handle messages containing an unterminated time stamp, resulting in the dereferencing of a NULL pointer and subsequent crash.
Alerts:
Fedora FEDORA-2008-0523 2008-01-16
Fedora FEDORA-2008-0559 2008-01-16
Debian DSA-1464-1 2008-01-15
Gentoo 200712-19 2007-12-29

Comments (1 posted)

typo3-src: SQL injection

Package(s):typo3-src CVE #(s):CVE-2007-6381
Created:December 28, 2007 Updated:January 2, 2008
Description: SQL injection vulnerability in the indexed_search system extension in TYPO3 3.x, 4.0 through 4.0.7, and 4.1 through 4.1.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
Alerts:
Debian DSA-1439-1 2007-12-28

Comments (none posted)

wireshark: multiple vulnerabilities

Package(s):wireshark CVE #(s):CVE-2007-6111 CVE-2007-6112 CVE-2007-6113 CVE-2007-6115 CVE-2007-6116 CVE-2007-6119
Created:December 21, 2007 Updated:January 2, 2008
Description: Multiple unspecified vulnerabilities in Wireshark (formerly Ethereal) allow remote attackers to cause a denial of service (crash) via (1) a crafted MP3 file or (2) unspecified vectors to the NCP dissector. (CVE-2007-6111)

Buffer overflow in the PPP dissector Wireshark 0.99.6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors. (CVE-2007-6112)

Wireshark 0.10.12 to 0.99.6 allows remote attackers to cause a denial of service (long loop) via a malformed DNP packet. (CVE-2007-6113)

Buffer overflow in the ANSI MAP dissector for Wireshark 0.99.5 to 0.99.6, when running on unspecified platforms, allows remote attackers to cause a denial of service and possibly execute arbitrary code via unknown vectors. (CVE-2007-6115)

The Firebird/Interbase dissector in Wireshark 0.99.6 allows remote attackers to cause a denial of service (infinite loop or crash) via unknown vectors. (CVE-2007-6116)

The DCP ETSI dissector in Wireshark 0.99.6 allows remote attackers to cause a denial of service (long loop and resource consumption) via unknown vectors. (CVE-2007-6119)

Alerts:
Fedora FEDORA-2007-4690 2007-12-21
Fedora FEDORA-2007-4590 2007-12-20

Comments (none posted)

wireshark: lots of dissector vulnerabilities

Package(s):wireshark CVE #(s):CVE-2007-6111 CVE-2007-6112 CVE-2007-6113 CVE-2007-6114 CVE-2007-6115 CVE-2007-6116 CVE-2007-6117 CVE-2007-6118 CVE-2007-6119 CVE-2007-6120 CVE-2007-6121 CVE-2007-6438 CVE-2007-6439 CVE-2007-6441 CVE-2007-6450 CVE-2007-6451
Created:December 31, 2007 Updated:February 22, 2008
Description: Wireshark has disclosed another long list of dissector vulnerabilities; see this advisory for details.
Alerts:
SuSE SUSE-SR:2008:004 2008-02-22
Red Hat RHSA-2008:0058-01 2008-01-21
Red Hat RHSA-2008:0059-01 2008-01-21
Mandriva MDVSA-2008:001-1 2007-01-08
rPath rPSA-2008-0004-1 2008-01-03
Debian DSA-1446-1 2008-01-03
Mandriva MDVSA-2008:1 2007-01-02
Gentoo 200712-23 2007-12-30

Comments (1 posted)

Updated vulnerabilities

acroread: multiple vulnerabilities

Package(s):acroread CVE #(s):CVE-2006-5857 CVE-2007-0045 CVE-2007-0046
Created:January 11, 2007 Updated:October 26, 2009
Description: Adobes acrobat reader has the following vulnerabilities:

The Adobe Reader Plugin has a cross site scripting vulnerability that can be triggered by processes malformed URLs. Arbitrary JavaScript can be served by a malicious web server, leading to a cross-site scripting attack.

Maliciously crafted PDF files can be used to trigger two vulnerabilities, if an attacker can trick a user into viewing the files, arbitrary code can be executed with the user's privileges.

Alerts:
SuSE SUSE-SA:2009:049 2009-10-26
Gentoo 200910-03 2009-10-25
Red Hat RHSA-2007:0021-01 2007-01-22
Gentoo 200701-16 2007-01-22
SuSE SUSE-SA:2007:011 2007-01-22
Red Hat RHSA-2007:0017-01 2007-01-11

Comments (1 posted)

apache2: information disclosure

Package(s):apache CVE #(s):CVE-2007-1862
Created:June 20, 2007 Updated:February 18, 2008
Description: From the Mandriva advisory: "The recall_headers function in mod_mem_cache in Apache 2.2.4 does not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously-used data, which could be used to obtain potentially sensitive information by unauthorized users."
Alerts:
Fedora FEDORA-2008-1711 2008-02-15
Fedora FEDORA-2007-0704 2007-06-26
Mandriva MDKSA-2007:127 2007-06-19

Comments (2 posted)

apache: multiple vulnerabilities

Package(s):apache CVE #(s):CVE-2007-3304 CVE-2006-5752
Created:June 27, 2007 Updated:February 18, 2008
Description: The Apache HTTP Server did not verify that a process was an Apache child process before sending it signals. A local attacker who has the ability to run scripts on the Apache HTTP Server could manipulate the scoreboard and cause arbitrary processes to be terminated, which could lead to a denial of service. (CVE-2007-3304)

A flaw was found in the Apache HTTP Server mod_status module. Sites with the server-status page publicly accessible and ExtendedStatus enabled were vulnerable to a cross-site scripting attack. On Red Hat Enterprise Linux the server-status page is not enabled by default and it is best practice to not make this publicly available. (CVE-2006-5752)

Alerts:
Fedora FEDORA-2008-1711 2008-02-15
SuSE SUSE-SA:2007:061 2007-11-19
Fedora FEDORA-2007-2214 2007-09-18
rPath rPSA-2007-0182-1 2007-09-14
Ubuntu USN-499-1 2007-08-16
Red Hat RHSA-2007:0662-01 2007-07-13
Red Hat RHSA-2007:0557-01 2007-07-13
Fedora FEDORA-2007-615 2007-07-12
Mandriva MDKSA-2007:142 2007-07-04
Mandriva MDKSA-2007:141 2007-07-04
Mandriva MDKSA-2007:140 2007-07-04
Fedora FEDORA-2007-617 2007-07-02
rPath rPSA-2007-0136-1 2007-06-27
Red Hat RHSA-2007:0556-01 2007-06-26
Red Hat RHSA-2007:0534-01 2007-06-26
Red Hat RHSA-2007:0533-01 2007-06-27
Red Hat RHSA-2007:0532-01 2007-06-26

Comments (1 posted)

apache: cross-site scripting

Package(s):apache CVE #(s):CVE-2006-3918
Created:August 9, 2006 Updated:April 4, 2008
Description: From the Red Hat advisory: "A bug was found in Apache where an invalid Expect header sent to the server was returned to the user in an unescaped error message. This could allow an attacker to perform a cross-site scripting attack if a victim was tricked into connecting to a site and sending a carefully crafted Expect header."
Alerts:
SuSE SUSE-SA:2008:021 2008-04-04
Ubuntu USN-575-1 2008-02-04
SuSE SUSE-SA:2006:051 2006-09-08
Debian DSA-1167-1 2005-09-04
Red Hat RHSA-2006:0619-01 2006-08-10
Red Hat RHSA-2006:0618-01 2006-08-08

Comments (none posted)

apache2: denial of service

Package(s):apache2 CVE #(s):CVE-2007-1863
Created:November 19, 2007 Updated:February 18, 2008
Description:

From the CVE entry:

cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value.

Alerts:
Fedora FEDORA-2008-1711 2008-02-15
SuSE SUSE-SA:2007:061 2007-11-19

Comments (1 posted)

httpd: denial of service, cross-site scripting

Package(s):apache httpd CVE #(s):CVE-2007-3847 CVE-2007-4465
Created:September 25, 2007 Updated:February 15, 2008
Description: A flaw was found in the mod_proxy module. On sites where a reverse proxy is configured, a remote attacker could send a carefully crafted request that would cause the Apache child process handling that request to crash. On sites where a forward proxy is configured, an attacker could cause a similar crash if a user could be persuaded to visit a malicious site using the proxy. This could lead to a denial of service if using a threaded Multi-Processing Module. (CVE-2007-3847)

A flaw was found in the mod_autoindex module. On sites where directory listings are used, and the AddDefaultCharset directive has been removed from the configuration, a cross-site-scripting attack may be possible against browsers which do not correctly derive the response character set following the rules in RFC 2616. (CVE-2007-4465)

Alerts:
Slackware SSA:2008-045-02 2008-02-15
Ubuntu USN-575-1 2008-02-04
Red Hat RHSA-2008:0008-01 2008-01-15
Red Hat RHSA-2008:0006-01 2008-01-15
Red Hat RHSA-2008:0005-01 2008-01-15
Red Hat RHSA-2008:0004-01 2008-01-15
Mandriva MDKSA-2007:235 2007-12-03
SuSE SUSE-SA:2007:061 2007-11-19
Red Hat RHSA-2007:0747-02 2007-11-15
Gentoo 200711-06 2007-11-07
Red Hat RHSA-2007:0746-04 2007-11-07
Red Hat RHSA-2007:0911-01 2007-10-25
Fedora FEDORA-2007-707 2007-09-24

Comments (none posted)

asterisk: possible SQL injection

Package(s):asterisk CVE #(s):CVE-2007-6170
Created:December 3, 2007 Updated:April 15, 2008
Description: Tilghman Lesher discovered that the logging engine of Asterisk, a free software PBX and telephony toolkit, performs insufficient sanitizing of call-related data, which may lead to SQL injection.
Alerts:
Gentoo 200804-13 2008-04-14
SuSE SUSE-SR:2008:005 2008-03-06
Debian DSA-1417-1 2007-12-02

Comments (none posted)

autofs: insecure default configuration

Package(s):autofs CVE #(s):CVE-2007-5964
Created:December 12, 2007 Updated:January 14, 2008
Description: Versions of the autofs automounter daemon as shipped by Red Hat (and possibly other distributors) are installed with an insecure configuration; in particular, the "hosts" map lacks the "nosuid" option, allowing an attacker who has control over an NFS server to run setuid programs on vulnerable systems.
Alerts:
Mandriva MDVSA-2008:009-1 2007-01-12
Mandriva MDVSA-2008:009 2007-01-11
Fedora FEDORA-2007-4707 2007-12-21
Fedora FEDORA-2007-4469 2007-12-15
Fedora FEDORA-2007-4532 2007-12-15
Red Hat RHSA-2007:1129-01 2007-12-12
Fedora FEDORA-2007-4709 2007-12-21
Red Hat RHSA-2007:1128-01 2007-12-12

Comments (none posted)

avahi: denial of service

Package(s):avahi CVE #(s):CVE-2007-3372
Created:June 28, 2007 Updated:December 23, 2008
Description: Avahi is vulnerable to a local denial of service that can be caused by making an erroneous call to the assert() function.
Alerts:
Debian DSA-1690-1 2008-12-22
Ubuntu USN-696-1 2008-12-18
Mandriva MDKSA-2007:185 2007-09-17
Foresight FLEA-2007-0030-1 2007-06-28

Comments (none posted)

cacti: SQL injection vulnerability

Package(s):cacti CVE #(s):CVE-2007-6035
Created:November 22, 2007 Updated:February 18, 2008
Description: Versions of Cacti prior to 0.8.7a have an SQL injection vulnerability. Remote attackers can execute arbitrary SQL commands via unspecified vectors.
Alerts:
Fedora FEDORA-2008-1737 2008-02-15
Fedora FEDORA-2008-1699 2008-02-15
Debian DSA-1418-1 2007-12-02
Mandriva MDKSA-2007:231 2007-11-22
Fedora FEDORA-2007-3683 2007-11-22
Gentoo 200712-02:02 2007-12-05
SuSE SUSE-SR:2007:024 2007-11-22
Fedora FEDORA-2007-3667 2007-11-22

Comments (none posted)

cacti: denial of service

Package(s):cacti CVE #(s):CVE-2007-3112 CVE-2007-3113
Created:September 18, 2007 Updated:December 16, 2009
Description: A vulnerability in Cacti 0.8.6i and earlier versions allows remote authenticated users to cause a denial of service (CPU consumption) via large values of the graph_start, graph_end, graph_height, or graph_width parameters.
Alerts:
Debian DSA-1954-1 2009-12-16
Fedora FEDORA-2008-1737 2008-02-15
Fedora FEDORA-2007-3683 2007-11-22
Fedora FEDORA-2007-2199 2007-09-18
Mandriva MDKSA-2007:184 2007-09-17

Comments (none posted)

cairo: integer overflow

Package(s):Cairo CVE #(s):CVE-2007-5503
Created:November 29, 2007 Updated:April 10, 2008
Description: Cairo has an integer overflow vulnerability in the PNG image processing code. If a user processes a specially crafted PNG image with an application that is linked against cairo, arbitrary code can be executed with the user's privileges.
Alerts:
Debian DSA-1542-1 2008-04-09
SuSE SUSE-SR:2008:003 2008-02-07
Mandriva MDVSA-2008:019 2007-01-21
Fedora FEDORA-2007-3818 2008-01-16
rPath rPSA-2008-0015-1 2008-01-15
Ubuntu USN-550-3 2007-12-13
Ubuntu USN-550-2 2007-12-10
Gentoo 200712-04 2007-12-09
Ubuntu USN-550-1 2007-12-03
Slackware SSA:2007-337-01 2007-12-04
Red Hat RHSA-2007:1078-02 2007-11-29
Gentoo 201209-25 2012-09-29

Comments (none posted)

clamav: denial of service

Package(s):clamav CVE #(s):CVE-2007-3725
Created:July 24, 2007 Updated:February 27, 2008
Description: A NULL pointer dereference has been discovered in the RAR VM of Clam Antivirus (ClamAV) which allows user-assisted remote attackers to cause a denial of service via a specially crafted RAR archives.
Alerts:
SuSE SUSE-SR:2007:015 2007-08-03
Gentoo 200708-04 2007-08-09
Mandriva MDKSA-2007:150 2007-07-25
Debian DSA-1340-1 2007-07-24

Comments (none posted)

clamav: multiple vulnerabilities

Package(s):clamav CVE #(s):CVE-2007-4510 CVE-2007-4560
Created:September 3, 2007 Updated:February 13, 2008
Description: Several remote vulnerabilities have been discovered in the Clam anti-virus toolkit. The Common Vulnerabilities and Exposures project identifies the following problems:

CVE-2007-4510: It was discovered that the RTF and RFC2397 parsers can be tricked into dereferencing a NULL pointer, resulting in denial of service.

CVE-2007-4560: It was discovered clamav-milter performs insufficient input sanitizing, resulting in the execution of arbitrary shell commands.

Alerts:
Fedora FEDORA-2008-1608 2008-02-13
Fedora FEDORA-2008-0170 2008-01-22
Gentoo 200709-14 2007-09-20
Fedora FEDORA-2007-2050 2007-09-07
Mandriva MDKSA-2007:172 2007-08-31
Debian DSA-1366-1 2007-09-01

Comments (none posted)

clamav: integer overflow and off-by-one

Package(s):clamav CVE #(s):CVE-2007-6335 CVE-2007-6336
Created:December 19, 2007 Updated:July 17, 2008
Description: ClamAV contains integer overflow and off-by-one errors which could be exploited (via specially-crafted email) to execute arbitrary code.
Alerts:
Fedora FEDORA-2008-6422 2008-07-17
Fedora FEDORA-2008-1625 2008-02-13
Fedora FEDORA-2008-1608 2008-02-13
Fedora FEDORA-2008-0115 2008-01-22
Fedora FEDORA-2008-0170 2008-01-22
SuSE SUSE-SR:2008:001 2008-01-09
Mandriva MDVSA-2008:003 2007-01-08
Debian DSA-1435-1 2007-12-19
Gentoo 200712-20 2007-12-29

Comments (none posted)

cpio: arbitrary code execution

Package(s):cpio CVE #(s):CVE-2005-4268
Created:January 2, 2006 Updated:March 17, 2010
Description: Richard Harms discovered that cpio did not sufficiently validate file properties when creating archives. Files with e. g. a very large size caused a buffer overflow. By tricking a user or an automatic backup system into putting a specially crafted file into a cpio archive, a local attacker could probably exploit this to execute arbitrary code with the privileges of the target user (which is likely root in an automatic backup system).
Alerts:
CentOS CESA-2010:0145 2010-03-17
Red Hat RHSA-2010:0145-01 2010-03-15
rPath rPSA-2007-0094-1 2007-05-07
Red Hat RHSA-2007:0245-02 2007-05-01
Ubuntu USN-234-1 2006-01-02

Comments (none posted)

vixie-cron: privilege escalation

Package(s):cron CVE #(s):CVE-2006-2607
Created:May 31, 2006 Updated:June 1, 2009
Description: The Vixie cron daemon does not check the return code from setuid(); if that call can be made to fail, a local attacker may be able to execute commands as root.
Alerts:
Ubuntu USN-778-1 2009-06-01
Red Hat RHSA-2006:0539-01 2006-07-12
Gentoo 200606-07 2006-06-09
SuSE SUSE-SA:2006:027 2006-05-31
rPath rPSA-2006-0082-1 2006-05-25

Comments (1 posted)

cscope: buffer overflows

Package(s):cscope CVE #(s):CVE-2006-4262
Created:October 2, 2006 Updated:June 16, 2009
Description: Will Drewry of the Google Security Team discovered several buffer overflows in cscope, a source browsing tool, which might lead to the execution of arbitrary code.
Alerts:
CentOS CESA-2009:1101 2009-06-16
Red Hat RHSA-2009:1101-01 2009-06-15
Gentoo 200610-08 2006-10-20
Debian DSA-1186-1 2006-09-30

Comments (none posted)

cscope: buffer overflows

Package(s):cscope CVE #(s):CVE-2004-2541
Created:May 22, 2006 Updated:June 19, 2009
Description: A buffer overflow in Cscope 15.5, and possibly multiple overflows, allows remote attackers to execute arbitrary code via a C file with a long #include line that is later browsed by the target.
Alerts:
CentOS CESA-2009:1102 2009-06-19
CentOS CESA-2009:1101 2009-06-16
Red Hat RHSA-2009:1102-01 2009-06-15
Red Hat RHSA-2009:1101-01 2009-06-15
Gentoo 200606-10 2006-06-11
Debian DSA-1064-1 2006-05-19

Comments (1 posted)

cups: denial of service

Package(s):cups CVE #(s):CVE-2007-0720
Created:March 26, 2007 Updated:February 7, 2008
Description: Previous versions of the cups package could be forced to hang via a client "partially negotiating" an ssl connection. In this state, cups would not allow other connections to be made, a denial of service.
Alerts:
Mandriva MDVSA-2008:036 2007-02-06
Mandriva MDKSA-2007:086 2007-04-16
Red Hat RHSA-2007:0123-01 2007-04-16
Gentoo 200703-28 2007-03-31
Foresight FLEA-2007-0003-1 2007-03-25

Comments (none posted)

cups: multiple vulnerabilities

Package(s):cups CVE #(s):CVE-2007-5849 CVE-2007-6358 CVE-2007-4352 CVE-2007-5392 CVE-2007-5393
Created:December 19, 2007 Updated:October 16, 2008
Description: The cups 1.3.5 release fixes a number of vulnerabilities in the PDF filters. Additionally, there is a buffer overflow in the SNMP code and a temporary file vulnerability.
Alerts:
Fedora FEDORA-2008-8801 2008-10-16
Debian DSA-1537-1 2008-04-02
Mandriva MDVSA-2008:036 2007-02-06
Debian DSA-1480-1 2008-02-05
SuSE SUSE-SR:2008:002 2008-01-25
SuSE SUSE-SA:2008:002 2008-01-10
Ubuntu USN-563-1 2008-01-09
Debian DSA-1437-1 2007-12-26
Gentoo 200712-14 2007-12-18

Comments (none posted)

debian-goodies: privilege escalation

Package(s):debian-goodies CVE #(s):CVE-2007-3912
Created:October 5, 2007 Updated:March 24, 2008
Description: Thomas de Grenier de Latour discovered that the checkrestart program included in debian-goodies did not correctly handle shell meta-characters. A local attacker could exploit this to gain the privileges of the user running checkrestart.
Alerts:
Debian DSA-1527-1 2008-03-24
Ubuntu USN-526-1 2007-10-04

Comments (none posted)

Django: denial of service

Package(s):Django CVE #(s):CVE-2007-5712
Created:November 12, 2007 Updated:September 22, 2008
Description:

From the CVE notice:

The internationalization (i18n) framework in Django 0.91, 0.95, 0.95.1, and 0.96, and as used in other products such as PyLucid, when the USE_I18N option and the i18n component are enabled, allows remote attackers to cause a denial of service (memory consumption) via many HTTP requests with large Accept-Language headers.

Alerts:
Debian DSA-1640-1 2008-09-20
Fedora FEDORA-2007-2788 2007-11-09
Fedora FEDORA-2007-3157 2007-11-09

Comments (none posted)

dovecot: privilege escalation

Package(s):dovecot CVE #(s):CVE-2007-4211
Created:August 15, 2007 Updated:May 21, 2008
Description: From the rPath advisory: "Previous versions of the dovecot package are vulnerable to a minor privilege escalation attack in which an authenticated user may exploit an ACL plugin weakness to save message flags without having proper permissions."
Alerts:
Red Hat RHSA-2008:0297-02 2008-05-21
Fedora FEDORA-2007-664 2007-08-20
rPath rPSA-2007-0161-1 2007-08-14

Comments (none posted)

dovecot: directory traversal

Package(s):dovecot CVE #(s):CVE-2007-2231
Created:May 8, 2007 Updated:May 21, 2008
Description: Directory traversal vulnerability in index/mbox/mbox-storage.c in Dovecot before 1.0.rc29, when using the zlib plugin, allows remote attackers to read arbitrary gzipped (.gz) mailboxes (mbox files) via a .. (dot dot) sequence in the mailbox name.
Alerts:
Red Hat RHSA-2008:0297-02 2008-05-21
Debian DSA-1359-1 2007-08-28
Ubuntu USN-487-1 2007-07-17
Fedora FEDORA-2007-493 2007-05-07

Comments (none posted)

e2fsprogs: integer overflows

Package(s):e2fsprogs CVE #(s):CVE-2007-5497
Created:December 7, 2007 Updated:February 12, 2008
Description: Rafal Wojtczuk of McAfee AVERT Research discovered that e2fsprogs, ext2 file system utilities and libraries, contained multiple integer overflows in memory allocations, based on sizes taken directly from filesystem information. These could result in heap-based overflows potentially allowing the execution of arbitrary code.
Alerts:
Foresight FLEA-2008-0005-1 2008-02-11
Fedora FEDORA-2007-4447 2008-01-16
Fedora FEDORA-2007-4461 2008-01-16
Red Hat RHSA-2008:0003-01 2008-01-07
Gentoo 200712-13 2007-12-18
rPath rPSA-2007-0262-1 2007-12-11
Debian DSA-1422 2007-12-07
Mandriva MDKSA-2007:242 2007-12-10
Ubuntu USN-555-1 2007-12-08

Comments (none posted)

eggdrop: stack-based buffer overflow

Package(s):eggdrop CVE #(s):CVE-2007-2807
Created:September 7, 2007 Updated:December 8, 2009
Description: A stack-based buffer overflow in mod/server.mod/servrmsg.c in Eggdrop 1.6.18, and possibly earlier, allows user-assisted, malicious remote IRC servers to execute arbitrary code via a long private message.
Alerts:
Mandriva MDVSA-2009:126-1 2009-12-08
Debian DSA-1826-1 2009-07-04
Mandriva MDVSA-2009:126 2009-06-01
Fedora FEDORA-2009-5572 2009-05-28
Fedora FEDORA-2009-5568 2009-05-28
Debian DSA-1448-1 2008-01-05
Fedora FEDORA-2007-4325 2007-12-10
Fedora FEDORA-2007-4305 2007-12-10
Gentoo 200709-07 2007-09-15
Mandriva MDKSA-2007:175 2007-09-06

Comments (none posted)

elinks: code execution

Package(s):elinks CVE #(s):CVE-2007-2027
Created:May 7, 2007 Updated:October 30, 2009
Description: Arnaud Giersch discovered that elinks incorrectly attempted to load gettext catalogs from a relative path. If a user were tricked into running elinks from a specific directory, a local attacker could execute code with user privileges.
Alerts:
Red Hat RHSA-2009:1471-01 2009-10-01
CentOS CESA-2009:1471 2009-10-06
CentOS CESA-2009:1471 2009-10-30
Gentoo 200706-03 2007-06-06
Ubuntu USN-457-1 2007-05-07
Oracle ELSA-2013-0250 2013-02-11

Comments (none posted)

elinks: arbitrary file access

Package(s):elinks CVE #(s):CVE-2006-5925
Created:November 16, 2006 Updated:October 22, 2009
Description: The elinks text-mode browser has an arbitrary file access vulnerability in the Elinks SMB protocol handler. If a user can be tricked into visiting a specially crafted web page, arbitrary files may be read or written with the user's permissions.
Alerts:
Ubuntu USN-851-1 2009-10-21
Gentoo 200701-27 2007-01-30
OpenPKG OpenPKG-SA-2006.043 2006-12-26
Debian DSA-1240-1 2006-12-21
Gentoo 200612-16 2006-12-14
Debian DSA-1228-1 2006-12-05
Debian DSA-1226-1 2006-12-03
Fedora FEDORA-2006-1278 2006-11-21
Fedora FEDORA-2006-1277 2006-11-21
Mandriva MDKSA-2006:216 2006-11-20
Red Hat RHSA-2006:0742-01 2006-11-15

Comments (none posted)

emacs: buffer overflow

Package(s):emacs CVE #(s):CVE-2007-6109
Created:December 10, 2007 Updated:May 6, 2008
Description:

From the National Vulnerability Database:

Buffer overflow in emacs allows attackers to have an unknown impact, as demonstrated via a vector involving the command line.

Alerts:
Ubuntu USN-607-1 2008-05-06
SuSE SUSE-SR:2008:003 2008-02-07
Mandriva MDVSA-2008:034 2007-02-04
Gentoo 200712-03 2007-12-09

Comments (none posted)

emacs: command execution via local variables

Package(s):emacs CVE #(s):CVE-2007-5795
Created:November 14, 2007 Updated:February 5, 2008
Description: From the original Debian problem report: "In Debian's version of GNU Emacs 22.1+1-2, the `hack-local-variables' function does not behave correctly when `enable-local-variables' is set to :safe. The documentation of `enable-local-variables' states that the value :safe means to set only safe variables, as determined by `safe-local-variable-p' and `risky-local-variable-p' (and the data driving them), but Emacs ignores this and instead sets all the local variables." When this setting (which is not the default) is in effect, opening a hostile file could lead to the execution of arbitrary commands.
Alerts:
Mandriva MDVSA-2008:034 2007-02-04
Gentoo 200712-03 2007-12-09
Ubuntu USN-541-1 2007-11-13
Fedora FEDORA-2007-2946 2007-11-17
Fedora FEDORA-2007-3056 2007-11-17

Comments (1 posted)

evolution: format string error

Package(s):evolution CVE #(s):CVE-2007-1002
Created:March 27, 2007 Updated:February 27, 2008
Description: A format string error in the "write_html()" function in calendar/gui/ e-cal-component-memo-preview.c when displaying a memo's categories can potentially be exploited to execute arbitrary code via a specially crafted shared memo containing format specifiers.
Alerts:
SuSE SUSE-SR:2007:015 2007-08-03
Gentoo 200706-02 2007-06-06
Red Hat RHSA-2007:0158-01 2007-05-03
Foresight FLEA-2007-0010-1 2007-04-05
Fedora FEDORA-2007-404 2007-04-04
Fedora FEDORA-2007-393 2007-04-04
Mandriva MDKSA-2007:070 2007-03-27

Comments (1 posted)

pop mail man-in-the-middle attacks

Package(s):evolution thunderbird mutt fetchmail CVE #(s):CVE-2007-1558
Created:May 8, 2007 Updated:July 3, 2009
Description: The APOP protocol allows remote attackers to guess the first 3 characters of a password via man-in-the-middle (MITM) attacks that use crafted message IDs and MD5 collisions. NOTE: this design-level issue potentially affects all products that use APOP, including (1) Thunderbird, (2) Evolution, (3) mutt, and (4) fetchmail.
Alerts:
CentOS CESA-2009:1140 2009-07-02
Red Hat RHSA-2009:1140-02 2009-07-02
Fedora FEDORA-2007-1447 2007-08-06
rPath rPSA-2007-0127-1 2007-06-19
Foresight FLEA-2007-0026-1 2007-06-18
rPath rPSA-2007-0122-1 2007-06-14
Red Hat RHSA-2007:0385-01 2007-06-07
rPath rPSA-2007-0114-1 2007-06-04
Mandriva MDKSA-2007:113 2007-06-04
Red Hat RHSA-2007:0386-01 2007-06-04
Fedora FEDORA-2007-0001 2007-06-01
Fedora FEDORA-2007-552 2007-05-31
Fedora FEDORA-2007-552 2007-05-31
Fedora FEDORA-2007-552 2007-05-31
Fedora FEDORA-2007-552 2007-05-31
Fedora FEDORA-2007-550 2007-05-31
Fedora FEDORA-2007-551 2007-05-31
Red Hat RHSA-2007:0401-01 2007-05-30
Fedora FEDORA-2007-539 2007-05-30
Fedora FEDORA-2007-540 2007-05-30
Red Hat RHSA-2007:0344-01 2007-05-30
Mandriva MDKSA-2007:107 2007-05-19
Mandriva MDKSA-2007:105 2007-05-17
Red Hat RHSA-2007:0353-01 2007-05-17
Fedora FEDORA-2007-484 2007-05-07
Fedora FEDORA-2007-485 2007-05-07

Comments (none posted)

fetchmail: denial of service

Package(s):fetchmail CVE #(s):CVE-2007-4565
Created:September 5, 2007 Updated:October 30, 2009
Description: fetchmail before 6.3.9 allows context-dependent attackers to cause a denial of service (NULL dereference and application crash) by refusing certain warning messages that are sent over SMTP.
Alerts:
CentOS CESA-2009:1427 2009-09-08
Red Hat RHSA-2009:1427-01 2009-09-08
CentOS CESA-2009:1427 2009-10-30
Ubuntu USN-520-1 2007-09-26
Debian DSA-1377-2 2007-09-21
Debian DSA-1377 2007-09-21
Mandriva MDKSA-2007:179 2007-09-11
Foresight FLEA-2007-0053-1 2007-09-06
rPath rPSA-2007-0178-1 2007-09-05
Fedora FEDORA-2007-1983 2007-09-04
Fedora FEDORA-2007-689 2007-09-04

Comments (none posted)

firebird: buffer overflow

Package(s):firebird CVE #(s):CVE-2007-3181
Created:July 2, 2007 Updated:March 27, 2008
Description: The Firebird DBMS has a buffer overflow vulnerability involving the processing of connect requests with an overly large p_cnct_count value. Remote attackers can send a specially crafted request to the server in order to potentially execute arbitrary code with the permissions of the Firebird user.
Alerts:
Debian DSA-1529-1 2008-03-24
Gentoo 200707-01 2007-07-01

Comments (none posted)

firefox: multiple vulnerabilities

Package(s):firefox CVE #(s):CVE-2007-3844 CVE-2007-3845
Created:August 1, 2007 Updated:February 20, 2008
Description:

A flaw was discovered in handling of "about:blank" windows used by addons. A malicious web site could exploit this to modify the contents, or steal confidential data (such as passwords), of other web pages. (CVE-2007-3844)

Jesper Johansson discovered that spaces and double-quotes were not correctly handled when launching external programs. In rare configurations, after tricking a user into opening a malicious web page, an attacker could execute helpers with arbitrary arguments with the user's privileges. (CVE-2007-3845)

Alerts:
Mandriva MDVSA-2007:047 2007-02-19
Fedora FEDORA-2007-3414 2007-11-16
Fedora FEDORA-2007-3431 2007-11-16
Red Hat RHSA-2007:0981-01 2007-10-19
Red Hat RHSA-2007:0980-01 2007-10-19
Red Hat RHSA-2007:0979-01 2007-10-19
Debian DSA-1391-1 2007-10-19
Gentoo 200708-09 2007-08-14
rPath rPSA-2007-0157-1 2007-08-10
Slackware SSA:2007-215-01 2007-08-06
Debian DSA-1346-1 2007-08-04
Debian DSA-1345-1 2007-08-04
Debian DSA-1344-1 2007-08-03
Foresight FLEA-2007-0040-1 2007-08-03
Slackware SSA:2007-213-01 2007-08-02
Mandriva MDKSA-2007:152 2007-08-01
Foresight FLEA-2007-0039-1 2007-08-01
Ubuntu USN-493-1 2007-07-31

Comments (none posted)

firefox: multiple vulnerabilities

Package(s):firefox seamonkey CVE #(s):CVE-2007-5947 CVE-2007-5959 CVE-2007-5960
Created:November 27, 2007 Updated:March 3, 2008
Description: A cross-site scripting flaw was found in the way Firefox handled the jar: URI scheme. It was possible for a malicious website to leverage this flaw and conduct a cross-site scripting attack against a user running Firefox. (CVE-2007-5947)

Several flaws were found in the way Firefox processed certain malformed web content. A webpage containing malicious content could cause Firefox to crash, or potentially execute arbitrary code as the user running Firefox. (CVE-2007-5959)

A race condition existed when Firefox set the "window.location" property for a webpage. This flaw could allow a webpage to set an arbitrary Referer header, which may lead to a Cross-site Request Forgery (CSRF) attack against websites that rely only on the Referer header for protection. (CVE-2007-5960)

Alerts:
rPath rPSA-2008-0093-1 2008-02-29
Foresight FLEA-2008-0001-1 2008-02-11
Gentoo 200712-21 2007-12-29
Red Hat RHSA-2007:1083-01 2007-12-19
Mandriva MDKSA-2007:246 2007-12-13
Fedora FEDORA-2007-4098 2007-12-06
Debian DSA-1425-1 2007-12-08
Fedora FEDORA-2007-4106 2007-12-06
rPath rPSA-2007-0260-1 2007-12-06
Fedora FEDORA-2007-756 2007-12-03
Slackware SSA:2007-333-01 2007-11-30
Fedora FEDORA-2007-3962 2007-11-29
Fedora FEDORA-2007-3952 2007-11-29
Red Hat RHSA-2007:1082-01 2007-11-26
Debian DSA-1424-1 2007-12-08
Ubuntu USN-546-2 2007-12-04
SuSE SUSE-SA:2007:066 2007-12-05
Slackware SSA:2007-331-01 2007-11-28
Ubuntu USN-546-1 2007-11-26
Red Hat RHSA-2007:1084-01 2007-11-26

Comments (1 posted)

firefox, thunderbird, seamonkey: multiple vulnerabilities

Package(s):firefox, thunderbird, seamonkey CVE #(s):CVE-2007-3738 CVE-2007-3656 CVE-2007-3670 CVE-2007-3285 CVE-2007-3737 CVE-2007-3089 CVE-2007-3736 CVE-2007-3734 CVE-2007-3735
Created:July 18, 2007 Updated:May 12, 2008
Description: shutdown and moz_bug_r_a4 reported two separate ways to modify an XPCNativeWrapper such that subsequent access by the browser would result in executing user-supplied code. (CVE-2007-3738)

Michal Zalewski reported that it was possible to bypass the same-origin checks and read from cached (wyciwyg) documents It is possible to access wyciwyg:// documents without proper same domain policy checks through the use of HTTP 302 redirects. This enables the attacker to steal sensitive data displayed on dynamically generated pages; perform cache poisoning; and execute own code or display own content with URL bar and SSL certificate data of the attacked page (URL spoofing++). (CVE-2007-3656)

Internet Explorer calls registered URL protocols without escaping quotes and may be used to pass unexpected and potentially dangerous data to the application that registers that URL Protocol. (CVE-2007-3670)

Ronald van den Heetkamp reported that a filename URL containing %00 (encoded null) can cause Firefox to interpret the file extension differently than the underlying Windows operating system potentially leading to unsafe actions such as running a program. This is only accessible locally. (CVE-2007-3285)

An attacker can use an element outside of a document to call an event handler allowing content to run arbitrary code with chrome privileges. (CVE-2007-3737)

Ronen Zilberman and Michal Zalewski both reported that it was possible to exploit a timing issue to inject content into about:blank frames in a page. When opening a window from a script, it is possible to spoof the content of the newly opened window's frames within a short time frame, while the window is loading. (CVE-2007-3089)

Mozilla contributor moz_bug_r_a4 demonstrated that the methods addEventListener and setTimeout could be used to inject script into another site in violation of the browser's same-origin policy. This could be used to access or modify private or valuable information from that other site. (CVE-2007-3736)

As part of the Firefox 2.0.0.5 update releases Mozilla developers fixed many bugs to improve the stability of the product. Some of these crashes that showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Note: Thunderbird shares the browser engine with Firefox and could be vulnerable if JavaScript were to be enabled in mail. This is not the default setting and we strongly discourage users from running JavaScript in mail. Without further investigation we cannot rule out the possibility that for some of these an attacker might be able to prepare memory for exploitation through some means other than JavaScript, such as large images. (CVE-2007-3734, CVE-2007-3735)

Alerts:
Debian DSA-1574-1 2008-05-12
Debian DSA-1534-2 2008-04-24
Debian DSA-1535-1 2008-03-30
Debian DSA-1534-1 2008-03-28
Debian DSA-1532-1 2008-03-27
Mandriva MDVSA-2007:047 2007-02-19
Ubuntu USN-503-1 2007-08-24
Slackware SSA:2007-222-04 2007-08-13
SuSE SUSE-SA:2007:049 2007-08-02
Slackware SSA:2007-205-02 2007-07-25
Slackware SSA:2007-205-01 2007-07-25
Foresight FLEA-2007-0033-1 2007-07-24
Debian DSA-1339-1 2007-07-23
Debian DSA-1338-1 2007-07-23
Fedora FEDORA-2007-1181 2007-07-20
Fedora FEDORA-2007-1180 2007-07-20
Debian DSA-1337-1 2007-07-22
Fedora FEDORA-2007-642 2007-07-20
Fedora FEDORA-2007-641 2007-07-20
rPath rPSA-2007-0148-1 2007-07-20
Ubuntu USN-490-1 2007-07-19
Slackware SSA:2007-200-01 2007-07-20
Fedora FEDORA-2007-1159 2007-07-19
Fedora FEDORA-2007-1157 2007-07-19
Fedora FEDORA-2007-1155 2007-07-19
Red Hat RHSA-2007:0724-01 2007-07-18
Red Hat RHSA-2007:0723-01 2007-07-18
Red Hat RHSA-2007:0722-01 2007-07-18
Fedora FEDORA-2007-1143 2007-07-18
Fedora FEDORA-2007-1144 2007-07-18
Fedora FEDORA-2007-1142 2007-07-18
Fedora FEDORA-2007-1138 2007-07-18

Comments (none posted)

flac: arbitrary code execution

Package(s):flac CVE #(s):CVE-2007-4619
Created:October 22, 2007 Updated:January 21, 2008
Description: From the Red Hat advisory:

A security flaw was found in the way flac processed audio data. An attacker could create a carefully crafted FLAC audio file in such a way that it could cause an application linked with flac libraries to crash or execute arbitrary code when it was opened. (CVE-2007-4619)

Alerts:
Debian DSA-1469-1 2008-01-20
rPath rPSA-2007-0243-1 2007-11-21
Ubuntu USN-540-1 2007-11-13
Gentoo 200711-15 2007-11-12
Mandriva MDKSA-2007:214 2007-11-08
Fedora FEDORA-2007-730 2007-11-05
Fedora FEDORA-2007-2596 2007-11-01
Red Hat RHSA-2007:0975-02 2007-10-22

Comments (none posted)

flash-plugin: lots of problems

Package(s):flash-plugin CVE #(s):CVE-2007-5275 CVE-2007-4324 CVE-2007-4768 CVE-2007-6242 CVE-2007-6243 CVE-2007-6244 CVE-2007-6245 CVE-2007-6246
Created:December 19, 2007 Updated:November 14, 2008
Description: A vast number of vulnerabilities exists in the proprietary Flash plugin for Firefox.
Alerts:
SuSE SUSE-SR:2008:025 2008-11-14
Red Hat RHSA-2008:0980-02 2008-11-12
Red Hat RHSA-2008:0945-01 2008-10-28
Gentoo 200804-21 2008-04-18
SuSE SUSE-SA:2008:022 2008-04-11
Red Hat RHSA-2008:0221-01 2008-04-08
Gentoo 200801-07:02 2008-01-20
Red Hat RHSA-2007:1126-01 2007-12-18
SuSE SUSE-SA:2007:069 2007-12-21

Comments (3 posted)

freetype: arbitrary code execution

Package(s):freetype CVE #(s):CVE-2007-2754
Created:May 24, 2007 Updated:June 1, 2010
Description: The Freetype font rendering library versions 2.3.4 and below has an integer sign error. Remote attackers may be able to create a specially crafted TrueType Font file with a negative n_points value that will cause an integer overflow and heap-based buffer overflow, allowing the execution of arbitrary code.
Alerts:
Gentoo 201006-01 2010-06-01
Fedora FEDORA-2009-5644 2009-05-28
Fedora FEDORA-2009-5558 2009-05-28
CentOS CESA-2009:0329 2009-05-22
Red Hat RHSA-2009:1062-01 2009-05-22
Red Hat RHSA-2009:0329-02 2009-05-22
Debian DSA-1334 2007-07-18
SuSE SUSE-SA:2007:041 2007-07-04
Fedora FEDORA-2007-561 2007-06-18
Mandriva MDKSA-2007:121 2007-06-13
Foresight FLEA-2007-0025-1 2007-06-13
Red Hat RHSA-2007:0403-01 2007-06-11
Debian DSA-1302-1 2007-06-10
Fedora FEDORA-2007-0033 2007-06-01
Ubuntu USN-466-1 2007-05-30
Gentoo 200705-22 2007-05-30
Trustix TSLSA-2007-0019 2007-05-25
rPath rPSA-2007-0108-1 2007-05-23
Foresight FLEA-2007-0020-1 2007-05-21
OpenPKG OpenPKG-SA-2007.018 2007-05-24

Comments (none posted)

freetype: integer overflows

Package(s):freetype CVE #(s):CVE-2006-0747 CVE-2006-1861 CVE-2006-2493 CVE-2006-2661 CVE-2006-3467
Created:June 8, 2006 Updated:June 1, 2010
Description: The FreeType library has several integer overflow vulnerabilities. If a user can be tricked into installing a specially crafted font file, arbitrary code can be executed with the privilege of the user.
Alerts:
Gentoo 201006-01 2010-06-01
Fedora FEDORA-2009-5644 2009-05-28
Fedora FEDORA-2009-5558 2009-05-28
CentOS CESA-2009:0329 2009-05-22
Red Hat RHSA-2009:1062-01 2009-05-22
Red Hat RHSA-2009:0329-02 2009-05-22
Gentoo 200710-09 2007-10-09
Debian DSA-1178-1 2006-09-16
Ubuntu USN-341-1 2006-09-06
Gentoo 200609-04 2006-09-06
rPath rPSA-2006-0157-1 2006-08-25
Mandriva MDKSA-2006:148 2006-08-24
Red Hat RHSA-2006:0635-01 2006-08-21
Red Hat RHSA-2006:0634-01 2006-08-21
Fedora FEDORA-2006-912 2006-08-14
SuSE SUSE-SA:2006:045 2006-08-01
OpenPKG OpenPKG-SA-2006.017 2006-07-28
Ubuntu USN-324-1 2006-07-27
Slackware SSA:2006-207-02 2006-07-27
Mandriva MDKSA-2006:129 2006-07-20
Gentoo 200607-02 2006-07-09
SuSE SUSE-SA:2006:037 2006-06-27
Mandriva MDKSA-2006:099-1 2006-06-13
Mandriva MDKSA-2006:099 2006-06-12
rPath rPSA-2006-0100-1 2006-06-12
Debian DSA-1095-1 2006-06-10
Ubuntu USN-291-1 2006-06-08

Comments (none posted)

gcc: file overwrite vulnerability

Package(s):gcc CVE #(s):CVE-2006-3619
Created:September 6, 2006 Updated:March 14, 2008
Description: The fastjar utility found in the GNU compiler collection does not perform adequate file path checking, allowing the creation or overwriting of files outside of the current directory tree.
Alerts:
Mandriva MDVSA-2008:066 2007-03-13
Red Hat RHSA-2007:0473-01 2007-06-11
Red Hat RHSA-2007:0220-02 2007-05-01
Debian DSA-1170-1 2006-09-06

Comments (none posted)

gd: buffer overflow

Package(s):gd CVE #(s):CVE-2007-0455
Created:February 7, 2007 Updated:November 18, 2009
Description: The gd graphics library contains a buffer overflow which could enable a remote attacker to execute arbitrary code. Note that various other packages include code from gd and could also be vulnerable.
Alerts:
Debian DSA-1936-1 2009-11-17
Red Hat RHSA-2008:0146-01 2008-02-28
Ubuntu USN-473-1 2007-06-11
OpenPKG OpenPKG-SA-2007.016 2007-05-18
Trustix TSLSA-2007-0007 2007-02-13
Fedora FEDORA-2007-150 2007-02-12
Fedora FEDORA-2007-149 2007-02-12
rPath rPSA-2007-0028-1 2007-02-08
Mandriva MDKSA-2007:038 2006-02-06
Mandriva MDKSA-2007:036 2006-02-06
Mandriva MDKSA-2007:035 2006-02-06

Comments (2 posted)

gd: multiple vulnerabilities

Package(s):gd CVE #(s):CVE-2007-3472 CVE-2007-3473 CVE-2007-3474 CVE-2007-3475 CVE-2007-3476 CVE-2007-3477 CVE-2007-3478
Created:August 6, 2007 Updated:November 6, 2009
Description: Integer overflow in gdImageCreateTrueColor function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to have unspecified remote attack vectors and impact. (CVE-2007-3472)

The gdImageCreateXbm function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors involving a gdImageCreate failure. (CVE-2007-3473)

Multiple unspecified vulnerabilities in the GIF reader in the GD Graphics Library (libgd) before 2.0.35 allow user-assisted remote attackers to have unspecified attack vectors and impact. (CVE-2007-3474)

The GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via a GIF image that has no global color map. (CVE-2007-3475)

Array index error in gd_gif_in.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash and heap corruption) via large color index values in crafted image data, which results in a segmentation fault. (CVE-2007-3476)

The (a) imagearc and (b) imagefilledarc functions in GD Graphics Library (libgd) before 2.0.35 allows attackers to cause a denial of service (CPU consumption) via a large (1) start or (2) end angle degree value. (CVE-2007-3477)

Race condition in gdImageStringFTEx (gdft_draw_bitmap) in gdft.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors, possibly involving truetype font (TTF) support. (CVE-2007-3478)

Alerts:
Ubuntu USN-854-1 2009-11-05
Debian DSA-1613-1 2008-07-22
Red Hat RHSA-2008:0146-01 2008-02-28
SuSE SUSE-SR:2007:015 2007-08-03
Fedora FEDORA-2007-692 2007-09-18
Fedora FEDORA-2007-2055 2007-09-07
Foresight FLEA-2007-0052-1 2007-09-06
rPath rPSA-2007-0176-1 2007-09-05
Trustix TSLSA-2007-0024 2007-08-10
Gentoo 200708-05 2007-08-09
Mandriva MDKSA-2007:153 2007-08-03

Comments (none posted)

gd: denial of service

Package(s):gd CVE #(s):CVE-2007-2756
Created:June 14, 2007 Updated:February 28, 2008
Description: Libgd2 has a denial of service vulnerability involving the incorrect validation of PNG callback results. If an application that is linked against libgd2 is used to process a specially-crafted PNG file, a denial of service involving CPU resource consumption can be caused.
Alerts:
Red Hat RHSA-2008:0146-01 2008-02-28
Slackware SSA:2007-178-01 2007-06-27
SuSE SUSE-SR:2007:013 2007-06-22
Mandriva MDKSA-2007:124 2007-06-13
Mandriva MDKSA-2007:123 2007-06-13
Mandriva MDKSA-2007:122 2007-06-13

Comments (none posted)

gedit: format string vulnerability

Package(s):gedit CVE #(s):CAN-2005-1686
Created:June 9, 2005 Updated:February 5, 2009
Description: A format string vulnerability has been discovered in gedit. Calling the program with specially crafted file names caused a buffer overflow, which could be exploited to execute arbitrary code with the privileges of the gedit user.
Alerts:
Fedora FEDORA-2009-1189 2009-01-29
Fedora FEDORA-2009-1187 2009-01-29
Debian DSA-753-1 2005-07-12
Mandriva MDKSA-2005:102 2005-06-15
Red Hat RHSA-2005:499-01 2005-06-13
Gentoo 200506-09 2005-06-11
Ubuntu USN-138-1 2005-06-09

Comments (1 posted)

gftp: buffer overflows

Package(s):gftp CVE #(s):CVE-2007-3962 CVE-2007-3961
Created:November 2, 2007 Updated:January 22, 2008
Description: Kalle Olavi Niemitalo discovered two boundary errors in fsplib code included in gFTP when processing overly long directory or file names. A remote attacker could trigger these vulnerabilities by enticing a user to download a file with a specially crafted directory or file name, possibly resulting in the execution of arbitrary code (CVE-2007-3962) or a Denial of Service (CVE-2007-3961).
Alerts:
Mandriva MDVSA-2008:018 2007-01-21
Gentoo 200711-01 2007-11-01

Comments (none posted)

gimp: multiple vulnerabilities

Package(s):gimp CVE #(s):CVE-2007-2949
Created:June 28, 2007 Updated:February 27, 2008
Description: The gimp image editor has several vulnerabilities, including a problem where it can open PSD files with excessive dimensions and a possible stack overflow in the Sunras loader.
Alerts:
SuSE SUSE-SR:2007:015 2007-08-03
Red Hat RHSA-2007:0513-01 2007-09-26
Mandriva MDKSA-2007:170 2007-08-23
Slackware SSA:2007-222-01 2007-08-13
Foresight FLEA-2007-0038-1 2007-08-01
Gentoo 200707-09 2007-07-25
Fedora FEDORA-2007-627 2007-07-16
Debian DSA-1335-1 2007-07-18
Fedora FEDORA-2007-1099 2007-07-16
Fedora FEDORA-2007-1044 2007-07-12
rPath rPSA-2007-0138-1 2007-07-11
Ubuntu USN-480-1 2007-07-04
Fedora FEDORA-2007-618 2007-06-27
Fedora FEDORA-2007-619 2007-06-27
Fedora FEDORA-2007-0725 2007-06-27

Comments (none posted)

gnome-screensaver: keyboard lock bypass

Package(s):gnome-screensaver CVE #(s):CVE-2007-3920
Created:October 24, 2007 Updated:October 15, 2009
Description: From the Ubuntu advisory:

Jens Askengren discovered that gnome-screensaver became confused when running under Compiz, and could lose keyboard lock focus. A local attacker could exploit this to bypass the user's locked screen saver.

Alerts:
SuSE SUSE-SA:2008:027 2008-06-13
Red Hat RHSA-2008:0485-02 2008-05-21
Fedora FEDORA-2008-0956 2008-01-24
Fedora FEDORA-2008-0930 2008-01-24
Ubuntu USN-537-2 2007-11-02
Ubuntu USN-537-1 2007-10-23

Comments (none posted)

openssh: inappropriate use of trusted cookies

Package(s):gnome-ssh-askpass openssh CVE #(s):CVE-2007-4752
Created:September 11, 2007 Updated:August 25, 2008
Description: OpenSSH in versions prior 4.7 could use a trusted X11 cookie if the creation of an untrusted cookie failed.
Alerts:
CentOS CESA-2008:0855 2008-08-22
Red Hat RHSA-2008:0855-01 2008-08-22
Debian DSA-1576-1 2008-05-14
Ubuntu USN-566-1 2008-01-09
Mandriva MDKSA-2007:236 2007-12-04
Gentoo 200711-02 2007-11-01
Fedora FEDORA-2007-715 2007-10-15
Foresight FLEA-2007-0055-1 2007-09-17
Slackware SSA:2007-255-01 2007-09-13
rPath rPSA-2007-0181-1 2007-09-10

Comments (none posted)

grip: buffer overflow

Package(s):grip CVE #(s):CAN-2005-0706
Created:March 10, 2005 Updated:November 19, 2008
Description: Grip, a CD ripper, has a buffer overflow vulnerability that can occur when the CDDB server returns more than 16 matches.
Alerts:
Fedora FEDORA-2008-9604 2008-11-19
Fedora FEDORA-2008-9521 2008-11-19
Fedora-Legacy FLSA:152919 2005-09-15
Mandriva MDKSA-2005:074 2005-04-20
Mandriva MDKSA-2005:075 2005-04-20
Gentoo 200504-07 2005-04-08
Mandrake MDKSA-2005:066 2005-04-01
Red Hat RHSA-2005:304-01 2005-03-28
Gentoo 200503-21 2005-03-17
Fedora FEDORA-2005-203 2005-03-09
Fedora FEDORA-2005-202 2005-03-09

Comments (none posted)

gzip: multiple vulnerabilities

Package(s):gzip CVE #(s):CVE-2006-4334 CVE-2006-4335 CVE-2006-4336 CVE-2006-4337 CVE-2006-4338
Created:September 19, 2006 Updated:January 20, 2010
Description: Tavis Ormandy of the Google Security Team discovered two denial of service flaws in the way gzip expanded archive files. If a victim expanded a specially crafted archive, it could cause the gzip executable to hang or crash.

Tavis Ormandy of the Google Security Team discovered several code execution flaws in the way gzip expanded archive files. If a victim expanded a specially crafted archive, it could cause the gzip executable to crash or execute arbitrary code.

Alerts:
Debian DSA-1974-1 2010-01-20
Fedora FEDORA-2007-557 2007-05-31
Gentoo 200611-24 2006-11-28
Fedora-Legacy FLSA:211760 2006-11-13
Fedora FEDORA-2006-989 2006-10-10
SuSE SUSE-SA:2006:056 2006-09-26
Gentoo 200609-13 2006-09-23
Trustix TSLSA-2006-0052 2006-09-22
Mandriva MDKSA-2006:167 2006-09-20
Slackware SSA:2006-262-01 2006-09-20
OpenPKG OpenPKG-SA-2006.020 2006-09-20
Debian DSA-1181-1 2006-09-19
rPath rPSA-2006-0170-1 2006-09-19
Ubuntu USN-349-1 2006-09-19
Red Hat RHSA-2006:0667-01 2006-09-19

Comments (1 posted)

horde-kronolith: local file inclusion

Package(s):horde-kronolith CVE #(s):CVE-2006-6175
Created:January 17, 2007 Updated:March 7, 2008
Description: Kronolith contains a mistake in lib/FBView.php where a raw, unfiltered string is used instead of a sanitized string to view local files. An authenticated attacker could craft an HTTP GET request that uses directory traversal techniques to execute any file on the web server as PHP code, which could allow information disclosure or arbitrary code execution with the rights of the user running the PHP application (usually the webserver user).
Alerts:
Gentoo 200701-11 2007-01-16

Comments (none posted)

hplip: arbitrary command execution

Package(s):hplip CVE #(s):CVE-2007-5208
Created:October 12, 2007 Updated:January 14, 2008
Description: Kees Cook discovered a flaw in the way the hplip hpssd daemon handled user input. A local attacker could send a specially crafted request to the hpssd daemon, possibly allowing them to run arbitrary commands as the root user.
Alerts:
Debian DSA-1462-1 2008-01-13
Gentoo 200710-26 2007-10-24
Mandriva MDKSA-2007:201 2007-10-22
SuSE SUSE-SR:2007:021 2007-10-19
Fedora FEDORA-2007-724 2007-10-15
Fedora FEDORA-2007-2527 2007-10-12
Ubuntu USN-530-1 2007-10-12
Red Hat RHSA-2007:0960-01 2007-10-11

Comments (none posted)

imagemagick: multiple vulnerabilities

Package(s):imagemagick CVE #(s):CVE-2007-4985 CVE-2007-4986 CVE-2007-4987 CVE-2007-4988
Created:October 4, 2007 Updated:August 11, 2009
Description: The ImageMagick image decoders have multiple vulnerabilities. If a user can be tricked into processing a specially crafted DCM, DIB, XBM, XCF, or XWD image, arbitrary code may be executed with the user's privileges.
Alerts:
Debian DSA-1858-1 2009-08-10
Red Hat RHSA-2008:0145-01 2008-04-16
Red Hat RHSA-2008:0165-01 2008-04-16
Mandriva MDVSA-2008:035 2007-02-05
Foresight FLEA-2007-0066-1 2007-11-11
Gentoo 200710-27 2007-10-24
rPath rPSA-2007-0220-1 2007-10-18
Ubuntu USN-523-1 2007-10-03
Oracle ELSA-2012-0301 2012-03-07

Comments (none posted)

ImageMagick: integer overflows

Package(s):imagemagick CVE #(s):CVE-2007-1797
Created:April 4, 2007 Updated:August 11, 2009
Description: Multiple integer overflows in ImageMagick before 6.3.3-5 allow remote attackers to execute arbitrary code via (1) a crafted DCM image, which results in a heap-based overflow in the ReadDCMImage function, or (2) the (a) colors or (b) comments field in a crafted XWD image, which results in a heap-based overflow in the ReadXWDImage function, different issues than CVE-2007-1667.
Alerts:
Debian DSA-1858-1 2009-08-10
Red Hat RHSA-2008:0165-01 2008-04-16
Red Hat RHSA-2008:0145-01 2008-04-16
Fedora FEDORA-2007-1340 2007-07-30
Mandriva MDKSA-2007:147 2007-07-20
Ubuntu USN-481-1 2007-07-10
Gentoo 200705-13 2007-05-10
Fedora FEDORA-2007-414 2007-04-17
Fedora FEDORA-2007-413 2007-04-05
rPath rPSA-2007-0064-1 2007-04-04

Comments (none posted)

inotify-tools: arbitrary code execution

Package(s):inotify-tools CVE #(s):CVE-2007-5037
Created:November 12, 2007 Updated:December 28, 2007
Description:

From the Fedora advisory:

A vulnerability has been reported in inotify-tools, which can potentially be exploited by malicious users to compromise an application using the library.

Successful exploitation may allow the execution of arbitrary code with privileges of the application using the affected library.

NOTE: The programs shipped with inotify-tools are reportedly not affected.

The vulnerability is reported in versions prior to 3.11.

Alerts:
Debian DSA-1440-1 2007-12-28
Fedora FEDORA-2007-3074 2007-11-09

Comments (none posted)

jasper: denial of service

Package(s):jasper CVE #(s):CVE-2007-2721
Created:June 1, 2007 Updated:April 19, 2010
Description: The jpc_qcx_getcompparms function in jpc/jpc_cs.c could allow remote user-assisted attackers to cause a denial of service (crash) and possibly corrupt the heap via malformed image files.
Alerts:
Debian DSA-2036-1 2010-04-17
Mandriva MDVSA-2009:142-1 2009-12-03
Mandriva MDVSA-2009:164 2009-07-28
Mandriva MDVSA-2009:142 2009-06-26
CentOS CESA-2009:0012 2009-02-11
Red Hat RHSA-2009:0012-01 2009-02-11
Mandriva MDKSA-2007:209 2007-11-05
Mandriva MDKSA-2007:208 2007-11-05
Ubuntu USN-501-2 2007-10-22
Ubuntu USN-501-1 2007-08-20
Mandriva MDKSA-2007:129 2007-06-19
Fedora FEDORA-2007-0001 2007-06-01

Comments (none posted)

java: multiple vulnerabilities

Package(s):java CVE #(s):CVE-2006-4339 CVE-2006-4790 CVE-2006-6731 CVE-2006-6736 CVE-2006-6737 CVE-2006-6745
Created:January 18, 2007 Updated:June 4, 2010
Description: java has multiple vulnerabilities, these include: an RSA exponent padding attack vulnerability, two vulnerabilities which allow untrusted applets to access data in other applets, vulnerabilities that involve applets gaining privileges due to serialization bugs in the JRE and buffer overflows in the java image handling routines that can give attackers read/write/execute capabilities for local files.
Alerts:
Pardus 2010-67 2010-06-04
Gentoo 200705-20 2007-05-26
Red Hat RHSA-2007:0073-01 2007-02-09
Red Hat RHSA-2007:0072-01 2007-02-08
Red Hat RHSA-2007:0062-02 2007-02-07
Gentoo 200701-15 2007-01-22
SuSE SUSE-SA:2007:010 2007-01-18

Comments (1 posted)

java-1.5.0-sun: multiple vulnerabilities

Package(s):java-1.5.0-sun CVE #(s):CVE-2007-3503 CVE-2007-3655 CVE-2007-3698 CVE-2007-3922
Created:August 6, 2007 Updated:June 24, 2008
Description: The Javadoc tool was able to generate HTML documentation pages that contained cross-site scripting (XSS) vulnerabilities. A remote attacker could use this to inject arbitrary web script or HTML. (CVE-2007-3503)

The Java Web Start URL parsing component contained a buffer overflow vulnerability within the parsing code for JNLP files. A remote attacker could create a malicious JNLP file that could trigger this flaw and execute arbitrary code when opened. (CVE-2007-3655)

The JSSE component did not correctly process SSL/TLS handshake requests. A remote attacker who is able to connect to a JSSE-based service could trigger this flaw leading to a denial-of-service. (CVE-2007-3698)

A flaw was found in the applet class loader. An untrusted applet could use this flaw to circumvent network access restrictions, possibly connecting to services hosted on the machine that executed the applet. (CVE-2007-3922)

Alerts:
Red Hat RHSA-2008:0133-01 2008-06-24
SuSE SUSE-SA:2008:025 2008-04-25
Gentoo 200804-20 2008-04-17
Red Hat RHSA-2008:0132-01 2008-02-14
Red Hat RHSA-2007:1086-01 2007-12-12
SuSE SUSE-SA:2007:056 2007-10-18
Red Hat RHSA-2007:0956-01 2007-10-16
Slackware SSA:2007-243-01 2007-08-31
Red Hat RHSA-2007:0829-01 2007-08-07
Red Hat RHSA-2007:0818-01 2007-08-06

Comments (none posted)

java-1.5.0-sun: multiple vulnerabilities

Package(s):java-1.5.0-sun CVE #(s):CVE-2007-5232 CVE-2007-5238 CVE-2007-5239 CVE-2007-5240 CVE-2007-5273 CVE-2007-5274
Created:October 12, 2007 Updated:April 25, 2008
Description: Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when applet caching is enabled, allows remote attackers to violate the security model for an applet's outbound connections via a DNS rebinding attack. (CVE-2007-5232)

Java Web Start in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, and SDK and JRE 1.4.2_15 and earlier does not properly enforce access restrictions for untrusted applications, which allows user-assisted remote attackers to obtain sensitive information (the Java Web Start cache location) via an untrusted application, aka "three vulnerabilities." (CVE-2007-5238)

Java Web Start in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier does not properly enforce access restrictions for untrusted (1) applications and (2) applets, which allows user-assisted remote attackers to copy or rename arbitrary files when local users perform drag-and-drop operations from the untrusted application or applet window onto certain types of desktop applications. (CVE-2007-5239)

Visual truncation vulnerability in the Java Runtime Environment in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier allows remote attackers to circumvent display of the untrusted-code warning banner by creating a window larger than the workstation screen. (CVE-2007-5240)

Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when an HTTP proxy server is used, allows remote attackers to violate the security model for an applet's outbound connections via a multi-pin DNS rebinding attack in which the applet download relies on DNS resolution on the proxy server, but the applet's socket operations rely on DNS resolution on the local machine, a different issue than CVE-2007-5274. NOTE: this is similar to CVE-2007-5232. (CVE-2007-5273)

Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when Firefox or Opera is used, allows remote attackers to violate the security model for JavaScript outbound connections via a multi-pin DNS rebinding attack dependent on the LiveConnect API, in which JavaScript download relies on DNS resolution by the browser, but JavaScript socket operations rely on separate DNS resolution by a Java Virtual Machine (JVM), a different issue than CVE-2007-5273. NOTE: this is similar to CVE-2007-5232. (CVE-2007-5274)

Alerts:
SuSE SUSE-SA:2008:025 2008-04-25
Gentoo 200804-20 2008-04-17
Red Hat RHSA-2008:0100-01 2008-03-11
Red Hat RHSA-2008:0156-02 2008-03-05
Red Hat RHSA-2008:0132-01 2008-02-14
Red Hat RHSA-2007:1041-01 2007-11-26
Foresight FLEA-2007-0061-1 2007-10-26
SuSE SUSE-SA:2007:055 2007-10-17
Red Hat RHSA-2007:0963-01 2007-10-12

Comments (1 posted)

JRockit: multiple vulnerabilities

Package(s):jrockit-jdk-bin CVE #(s):CVE-2007-2788 CVE-2007-4381 CVE-2007-3716 CVE-2007-2789 CVE-2007-3004 CVE-2007-3005 CVE-2007-3503 CVE-2007-3698 CVE-2007-3922
Created:September 24, 2007 Updated:June 24, 2008
Description: An integer overflow vulnerability exists in the embedded ICC profile image parser (CVE-2007-2788), an unspecified vulnerability exists in the font parsing implementation (CVE-2007-4381), and an error exists when processing XSLT stylesheets contained in XSLT Transforms in XML signatures (CVE-2007-3716), among other vulnerabilities.
Alerts:
Red Hat RHSA-2008:0133-01 2008-06-24
SuSE SUSE-SA:2008:025 2008-04-25
Gentoo 200804-20 2008-04-17
Red Hat RHSA-2008:0100-01 2008-03-11
Red Hat RHSA-2008:0132-01 2008-02-14
Red Hat RHSA-2007:1086-01 2007-12-12
Gentoo 200709-15 2007-09-23

Comments (none posted)

kdebase: denial of service

Package(s):kdebase CVE #(s):CVE-2007-5963
Created:December 18, 2007 Updated:January 19, 2009
Description: The kdebase package is vulnerable to a denial of service in which a local user can render KDM unusable for logins by any user or cause KDM to exceed system resource limits.
Alerts:
Mandriva MDVSA-2009:017 2009-01-16
rPath rPSA-2007-0268-1 2007-12-17

Comments (none posted)

kdelibs: kate backup file permission leak

Package(s):kdelibs kate kwrite CVE #(s):CAN-2005-1920
Created:July 19, 2005 Updated:September 21, 2010
Description: Kate / Kwrite, as shipped with KDE 3.2.x up to including 3.4.0, creates a file backup before saving a modified file. These backup files are created with default permissions, even if the original file had more strict permissions set. See this advisory for more information.
Alerts:
Gentoo 200611-21 2006-11-27
Debian DSA-804-2 2005-11-10
Debian DSA-804-1 2005-09-08
Red Hat RHSA-2005:612-01 2005-07-27
Ubuntu USN-150-1 2005-07-21
Mandriva MDKSA-2005:122 2005-07-20
Fedora FEDORA-2005-594 2005-07-19

Comments (1 posted)

kernel: out-of-bounds access

Package(s):kernel CVE #(s):CVE-2007-4573
Created:September 25, 2007 Updated:December 6, 2010
Description: The IA32 system call emulation functionality in Linux kernel 2.4.x and 2.6.x before 2.6.22.7, when running on the x86_64 architecture, does not zero extend the eax register after the 32bit entry path to ptrace is used, which might allow local users to gain privileges by triggering an out-of-bounds access to the system call table using the %RAX register.
Alerts:
Mandriva MDVSA-2010:247 2010-12-03
Mandriva MDVSA-2010:188 2010-09-23
Mandriva MDVSA-2010:198 2010-10-07
Mandriva MDVSA-2008:105 2007-05-21
Debian DSA-1504 2008-02-22
Mandriva MDVSA-2008:008 2008-01-11
SuSE SUSE-SA:2007:064 2007-12-04
SuSE SUSE-SA:2007:053 2007-10-12
Mandriva MDKSA-2007:195 2007-10-15
Mandriva MDKSA-2007:196 2007-10-15
Debian DSA-1381-2 2007-10-12
Debian DSA-1381-1 2007-10-02
Debian DSA-1378-2 2007-09-28
Debian DSA-1378-1 2007-09-27
Red Hat RHSA-2007:0938-01 2007-09-27
Red Hat RHSA-2007:0937-01 2007-09-27
Red Hat RHSA-2007:0936-01 2007-09-27
Ubuntu USN-518-1 2007-09-25
rPath rPSA-2007-0198-1 2007-09-24
Fedora FEDORA-2007-712 2007-09-24
Fedora FEDORA-2007-2298 2007-09-25

Comments (none posted)

kernel: ALSA returns incorrect write size

Package(s):kernel CVE #(s):CVE-2007-4571
Created:September 28, 2007 Updated:June 20, 2008
Description: The snd_mem_proc_read function in sound/core/memalloc.c in the Advanced Linux Sound Architecture (ALSA) in the Linux kernel before 2.6.22.8 does not return the correct write size, which allows local users to obtain sensitive information (kernel memory contents) via a small count argument, as demonstrated by multiple reads of /proc/driver/snd-page-alloc.
Alerts:
Ubuntu USN-618-1 2008-06-19
Debian DSA-1505 2008-02-22
Debian DSA-1479 2008-01-29
Red Hat RHSA-2007:0993-01 2007-11-29
Red Hat RHSA-2007:0939-01 2007-11-01
SuSE SUSE-SA:2007:053 2007-10-12
Fedora FEDORA-2007-714 2007-10-08
Fedora FEDORA-2007-2349 2007-09-28
rPath rPSA-2007-0202-1 2007-09-27

Comments (none posted)

kernel: denial of service

Package(s):kernel CVE #(s):CVE-2006-4535 CVE-2006-4538
Created:September 18, 2006 Updated:January 5, 2009
Description: Sridhar Samudrala discovered a local denial of service vulnerability in the handling of SCTP sockets. By opening such a socket with a special SO_LINGER value, a local attacker could exploit this to crash the kernel. (CVE-2006-4535)

Kirill Korotaev discovered that the ELF loader on the ia64 and sparc platforms did not sufficiently verify the memory layout. By attempting to execute a specially crafted executable, a local user could exploit this to crash the kernel. (CVE-2006-4538)

Alerts:
Red Hat RHSA-2008:0787-01 2009-01-05
Red Hat RHSA-2007:1049-01 2007-12-03
Mandriva MDKSA-2006:182 2006-10-11
Red Hat RHSA-2006:0689-01 2006-10-05
Debian DSA-1184-2 2006-09-26
Debian DSA-1184-1 2006-09-25
Debian DSA-1183-1 2006-09-25
Ubuntu USN-347-1 2006-09-18

Comments (none posted)

kernel: denial of service

Package(s):kernel CVE #(s):CVE-2007-1861 CVE-2007-2242
Created:May 1, 2007 Updated:February 8, 2008
Description: The netlink protocol has an infinite recursion bug that allows users to cause a kernel crash. Also the IPv6 protocol allows remote attackers to cause a denial of service via crafted IPv6 type 0 route headers (IPV6_RTHDR_TYPE_0) that create network amplification between two routers.
Alerts:
SuSE SUSE-SA:2008:006 2008-02-07
Ubuntu USN-508-1 2007-08-31
Mandriva MDKSA-2007:171 2007-08-28
Ubuntu USN-489-1 2007-07-19
Ubuntu USN-486-1 2007-07-17
SuSE SUSE-SA:2007:051 2007-09-06
Mandriva MDKSA-2007:216 2007-11-13
Red Hat RHSA-2007:0347-01 2007-05-16
Debian DSA-1289-1 2007-05-13
Foresight FLEA-2007-0016-1 2007-05-08
rPath rPSA-2007-0084-1 2007-05-01
Fedora FEDORA-2007-483 2007-05-01
Fedora FEDORA-2007-482 2007-05-01

Comments (none posted)

kernel: remote denial of service

Package(s):kernel CVE #(s):CVE-2006-6058 CVE-2007-4997
Created:November 9, 2007 Updated:June 13, 2008
Description: The Minix filesystem code in Linux kernel 2.6.x up to 2.6.18, and possibly other versions, allows local users to cause a denial of service (hang) via a malformed minix file stream that triggers an infinite loop in the minix_bmap function. NOTE: this issue might be due to an integer overflow or signedness error.

Integer underflow in the ieee80211_rx function in net/ieee80211/ieee80211_rx.c in the Linux kernel 2.6.x before 2.6.23 allows remote attackers to cause a denial of service (crash) via a crafted SKB length value in a runt IEEE 802.11 frame when the IEEE80211_STYPE_QOS_DATA flag is set, aka an "off-by-two error."

Alerts:
Mandriva MDVSA-2008:112 2007-06-12
Mandriva MDVSA-2008:105 2007-05-21
Debian DSA-1504 2008-02-22
Ubuntu USN-578-1 2008-02-14
SuSE SUSE-SA:2008:006 2008-02-07
Ubuntu USN-574-1 2008-02-04
Mandriva MDVSA-2008:008 2008-01-11
Debian DSA-1436-1 2007-12-20
Debian DSA-1428-2 2007-12-11
SuSE SUSE-SA:2007:064 2007-12-04
Red Hat RHSA-2007:1104-01 2007-12-19
Ubuntu USN-558-1 2007-12-19
Debian DSA-1428-1 2007-12-10
Red Hat RHSA-2007:0993-01 2007-11-29
Mandriva MDKSA-2007:232 2007-11-28
rPath rPSA-2007-0245-2 2007-11-21
rPath rPSA-2007-0245-1 2007-11-21
Mandriva MDKSA-2007:226 2007-11-19
Red Hat RHSA-2007:0672-01 2007-08-08
SuSE SUSE-SA:2007:059 2007-11-09

Comments (1 posted)

kernel: several vulnerabilities

Package(s):kernel CVE #(s):CVE-2007-1353 CVE-2007-2451 CVE-2007-2453
Created:June 11, 2007 Updated:March 6, 2008
Description: Ilja van Sprundel discovered that Bluetooth setsockopt calls could leak kernel memory contents via an uninitialized stack buffer. A local attacker could exploit this flaw to view sensitive kernel information. (CVE-2007-1353)

The GEODE-AES driver did not correctly initialize its encryption key. Any data encrypted using this type of device would be easily compromised. (CVE-2007-2451)

The random number generator was hashing a subset of the available entropy, leading to slightly less random numbers. Additionally, systems without an entropy source would be seeded with the same inputs at boot time, leading to a repeatable series of random numbers. (CVE-2007-2453)

Alerts:
Debian DSA-1504 2008-02-22
Debian DSA-1503-2 2008-03-06
Debian DSA-1503 2008-02-22
Red Hat RHSA-2007:0488-01 2007-06-25
Debian DSA-1356-1 2007-08-15
SuSE SUSE-SA:2007:051 2007-09-06
Mandriva MDKSA-2007:216 2007-11-13
Mandriva MDKSA-2007:171 2007-08-28
Red Hat RHSA-2007:0671-01 2007-08-16
Red Hat RHSA-2007:0673-01 2007-08-08
Red Hat RHSA-2007:0672-01 2007-08-08
Ubuntu USN-489-1 2007-07-19
Ubuntu USN-486-1 2007-07-17
Fedora FEDORA-2007-600 2007-06-25
Fedora FEDORA-2007-599 2007-06-21
SuSE SUSE-SA:2007:035 2007-06-14
Red Hat RHSA-2007:0376-01 2007-06-14
Fedora FEDORA-2007-0409 2007-06-13
Ubuntu USN-470-1 2007-06-08

Comments (none posted)

kernel: signal handling flaw on PPC

Package(s):kernel CVE #(s):CVE-2007-3107
Created:July 10, 2007 Updated:February 4, 2008
Description: A flaw in the signal handling on PowerPC-based systems that allowed a local user to cause a denial of service (floating point corruption).
Alerts:
Ubuntu USN-574-1 2008-02-04
SuSE SUSE-SA:2007:053 2007-10-12
SuSE SUSE-SA:2007:051 2007-09-06
Red Hat RHSA-2007:0595-01 2007-07-10

Comments (none posted)

kernel: several vulnerabilities

Package(s):kernel CVE #(s):CVE-2006-5823 CVE-2006-6054 CVE-2007-1592
Created:June 12, 2007 Updated:March 21, 2011
Description: A flaw in the cramfs file system allows invalid compressed data to cause memory corruption (CVE-2006-5823)

A flaw in the ext2 file system allows an invalid inode size to cause a denial of service (system hang) (CVE-2006-6054)

A flaw in IPV6 flow label handling allows a local user to cause a denial of service (crash) (CVE-2007-1592)

Alerts:
Mandriva MDVSA-2011:051 2011-03-18
Debian DSA-1503-2 2008-03-06
Debian DSA-1504 2008-02-22
Debian DSA-1503 2008-02-22
Red Hat RHSA-2007:0673-01 2007-08-08
Red Hat RHSA-2007:0672-01 2007-08-08
SuSE SUSE-SA:2007:035 2007-06-14
Red Hat RHSA-2007:0347-01 2007-05-16
SuSE SUSE-SA:2007:043 2007-07-09
Debian DSA-1304-1 2007-06-16
rPath rPSA-2007-0124-1 2007-06-14
Red Hat RHSA-2007:0436-01 2007-06-11

Comments (none posted)

kernel: denial of service

Package(s):kernel CVE #(s):CVE-2007-5500
Created:November 28, 2007 Updated:July 8, 2008
Description: The wait_task_stopped function in the Linux kernel before 2.6.23.8 checks a TASK_TRACED bit instead of an exit_state value, which allows local users to cause a denial of service (machine crash) via unspecified vectors.
Alerts:
SuSE SUSE-SA:2008:032 2008-07-07
SuSE SUSE-SA:2008:030 2008-06-20
Mandriva MDVSA-2008:112 2007-06-12
SuSE SUSE-SA:2008:013 2008-03-06
Ubuntu USN-578-1 2008-02-14
Mandriva MDVSA-2008:044 2008-02-12
Ubuntu USN-574-1 2008-02-04
Red Hat RHSA-2008:0055-01 2008-01-31
Mandriva MDVSA-2008:008 2008-01-11
Ubuntu USN-558-1 2007-12-19
Debian DSA-1428-2 2007-12-11
Debian DSA-1428-1 2007-12-10
Fedora FEDORA-2007-759 2007-12-07
Fedora FEDORA-2007-3751 2007-12-06
Fedora FEDORA-2007-3837 2007-12-03
SuSE SUSE-SA:2007:063 2007-12-03
rPath rPSA-2007-0245-2 2007-11-21
rPath rPSA-2007-0245-1 2007-11-21

Comments (none posted)

kernel: denial of service

Package(s):kernel CVE #(s):CVE-2007-5501
Created:November 28, 2007 Updated:March 7, 2008
Description: The tcp_sacktag_write_queue function in net/ipv4/tcp_input.c in Linux kernel 2.6.21 through 2.6.23.7, and 2.6.24-rc through 2.6.24-rc2, allows remote attackers to cause a denial of service (crash) via crafted ACK responses that trigger a NULL pointer dereference.
Alerts:
SuSE SUSE-SA:2008:013 2008-03-06
Mandriva MDVSA-2008:044 2008-02-12
Ubuntu USN-574-1 2008-02-04
Ubuntu USN-558-1 2007-12-19
Fedora FEDORA-2007-759 2007-12-07
Fedora FEDORA-2007-3751 2007-12-06
Fedora FEDORA-2007-3837 2007-12-03
SuSE SUSE-SA:2007:063 2007-12-03
rPath rPSA-2007-0245-2 2007-11-21
rPath rPSA-2007-0245-1 2007-11-21

Comments (none posted)

kernel: denial of service

Package(s):kernel CVE #(s):CVE-2006-2935 CVE-2006-4145 CVE-2006-3745
Created:September 1, 2006 Updated:July 30, 2008
Description: Previous versions of the kernel package are subject to several vulnerabilities. Certain malformed UDF filesystems can cause the system to crash (denial of service). Malformed CDROM firmware or USB storage devices (such as USB keys) could cause system crash (denial of service), and if they were intentionally malformed, can cause arbitrary code to run with elevated privileges. In addition, the SCTP protocol is subject to a remote system crash (denial of service) attack.
Alerts:
Red Hat RHSA-2008:0665-01 2008-07-24
SuSE SUSE-SA:2007:053 2007-10-12
SuSE SUSE-SA:2006:064 2006-11-10
Red Hat RHSA-2006:0710-01 2006-10-19
SuSE SUSE-SA:2006:057 2006-09-28
Trustix TSLSA-2006-0051 2006-09-15
Ubuntu USN-346-2 2006-09-14
Ubuntu USN-346-1 2006-09-14
rPath rPSA-2006-0162-1 2006-08-31

Comments (none posted)

kernel: several vulnerabilities

Package(s):kernel CVE #(s):CVE-2007-2172 CVE-2007-3739 CVE-2007-4308
Created:December 3, 2007 Updated:January 8, 2009
Description: A typo in Linux kernel 2.6 before 2.6.21-rc6 and 2.4 before 2.4.35 causes RTA_MAX to be used as an array size instead of RTN_MAX, which leads to an "out of bound access" by the (1) dn_fib_props (dn_fib.c, DECNet) and (2) fib_props (fib_semantics.c, IPv4) functions. (CVE-2007-2172)

mm/mmap.c in the hugetlb kernel, when run on PowerPC systems, does not prevent stack expansion from entering into reserved kernel page memory, which allows local users to cause a denial of service (OOPS) via unspecified vectors. (CVE-2007-3739)

The (1) aac_cfg_open and (2) aac_compat_ioctl functions in the SCSI layer ioctl path in aacraid in the Linux kernel before 2.6.23-rc2 do not check permissions for ioctls, which might allow local users to cause a denial of service or gain privileges. (CVE-2007-4308)

Alerts:
Red Hat RHSA-2008:0787-01 2009-01-05
Red Hat RHSA-2009:0001-01 2009-01-08
SuSE SUSE-SA:2008:017 2008-03-28
Debian DSA-1504 2008-02-22
Debian DSA-1503 2008-02-22
Debian DSA-1503-2 2008-03-06
SuSE SUSE-SA:2008:006 2008-02-07
SuSE SUSE-SA:2007:064 2007-12-04
Red Hat RHSA-2007:1049-01 2007-12-03

Comments (none posted)

kernel: buffer overflows

Package(s):kernel CVE #(s):CVE-2007-5904
Created:December 3, 2007 Updated:June 20, 2008
Description: Multiple buffer overflows in CIFS VFS in Linux kernel 2.6.23 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long SMB responses that trigger the overflows in the SendReceive function.
Alerts:
SuSE SUSE-SA:2008:030 2008-06-20
Ubuntu USN-618-1 2008-06-19
SuSE SUSE-SA:2008:017 2008-03-28
Red Hat RHSA-2008:0167-01 2008-03-14
SuSE SUSE-SA:2008:013 2008-03-06
rPath rPSA-2008-0048-1 2008-02-08
Red Hat RHSA-2008:0089-01 2008-01-23
Debian DSA-1428-2 2007-12-11
SuSE SUSE-SA:2007:064 2007-12-04
SuSE SUSE-SA:2007:063 2007-12-03

Comments (none posted)

kernel: multiple vulnerabilities

Package(s):kernel CVE #(s):CVE-2006-5749 CVE-2006-4814 CVE-2006-6106
Created:January 5, 2007 Updated:January 8, 2009
Description: A security issue has been reported in Linux kernel due to an error in drivers/isdn/i4l/isdn_ppp.c as the "isdn_ppp_ccp_reset_alloc_state()" function never initializes an event timer before scheduling it with the "add_timer()" function.

The mincore function in the kernel does not properly lock access to user space, which has unspecified impact and attack vectors, possibly related to a deadlock.

Another vulnerability has been reported in Linux kernel caused by a boundary error within the handling of incoming CAPI messages in net/bluetooth/cmtp/capi.c. This can be exploited to overwrite certain Kernel data structures.

Alerts:
Red Hat RHSA-2008:0787-01 2009-01-05
Red Hat RHSA-2009:0001-01 2009-01-08
CentOS CESA-2008:0211 2008-05-07
Red Hat RHSA-2008:0211-01 2008-05-07
Debian DSA-1503 2008-02-22
Debian DSA-1503-2 2008-03-06
SuSE SUSE-SA:2007:035 2007-06-14
SuSE SUSE-SA:2007:053 2007-10-12
Ubuntu USN-416-2 2007-03-01
Ubuntu USN-416-1 2007-02-01
rPath rPSA-2007-0031-1 2007-02-09
Mandriva MDKSA-2007:040 2007-02-07
Red Hat RHSA-2007:0014-01 2007-01-30
Mandriva MDKSA-2007:025 2007-01-23
Fedora FEDORA-2007-058 2007-01-18
Mandriva MDKSA-2007:012 2006-01-12
Trustix TSLSA-2007-0002 2007-01-05

Comments (none posted)

kernel: several vulnerabilities

Package(s):kernel CVE #(s):CVE-2007-3851 CVE-2007-3848 CVE-2007-3105
Created:August 17, 2007 Updated:January 8, 2009
Description: The drm/i915 component in the Linux kernel before 2.6.22.2, when used with i965G and later chipsets, allows local users with access to an X11 session and Direct Rendering Manager (DRM) to write to arbitrary memory locations and gain privileges via a crafted batchbuffer. (CVE-2007-3851)

Linux kernel 2.4.35 and other versions allows local users to send arbitrary signals to a child process that is running at higher privileges by causing a setuid-root parent process to die, which delivers an attacker-controlled parent process death signal (PR_SET_PDEATHSIG). (CVE-2007-3848)

Stack-based buffer overflow in the random number generator (RNG) implementation in the Linux kernel before 2.6.22 might allow local root users to cause a denial of service or gain privileges by setting the default wakeup threshold to a value greater than the output pool size, which triggers writing random numbers to the stack by the pool transfer function involving "bound check ordering". NOTE: this issue might only cross privilege boundaries in environments that have granular assignment of privileges for root. (CVE-2007-3105)

Alerts:
Red Hat RHSA-2008:0787-01 2009-01-05
Red Hat RHSA-2009:0001-01 2009-01-08
Mandriva MDVSA-2008:105 2007-05-21
SuSE SUSE-SA:2008:017 2008-03-28
Debian DSA-1504 2008-02-22
Debian DSA-1503-2 2008-03-06
Debian DSA-1503 2008-02-22
SuSE SUSE-SA:2008:006 2008-02-07
Red Hat RHSA-2007:1049-01 2007-12-03
SuSE SUSE-SA:2007:053 2007-10-12
Debian DSA-1356-1 2007-08-15
Mandriva MDKSA-2007:216 2007-11-13
Red Hat RHSA-2007:0939-01 2007-11-01
Red Hat RHSA-2007:0940-01 2007-10-22
Red Hat RHSA-2007:0705-01 2007-09-13
SuSE SUSE-SA:2007:051 2007-09-06
Fedora FEDORA-2007-679 2007-09-04
Ubuntu USN-510-1 2007-08-31
Debian DSA-1363-1 2007-08-31
Ubuntu USN-508-1 2007-08-31
Ubuntu USN-509-1 2007-08-31
Fedora FEDORA-2007-1785 2007-08-23
rPath rPSA-2007-0164-1 2007-08-16

Comments (1 posted)

kernel: multiple vulnerabilities

Package(s):kernel CVE #(s):CVE-2007-3104 CVE-2007-3740 CVE-2007-3843 CVE-2007-6063
Created:December 4, 2007 Updated:January 8, 2009
Description: The sysfs_readdir function in the Linux kernel 2.6 allows local users to cause a denial of service (kernel OOPS) by dereferencing a null pointer to an inode in a dentry. (CVE-2007-3104)

The CIFS filesystem, when Unix extension support is enabled, did not honor the umask of a process, which allowed local users to gain privileges.(CVE-2007-3740)

The Linux kernel checked the wrong global variable for the CIFS sec mount option, which might allow remote attackers to spoof CIFS network traffic that the client configured for security signatures, as demonstrated by lack of signing despite sec=ntlmv2i in a SetupAndX request. (CVE-2007-3843)

Buffer overflow in the isdn_net_setcfg function in isdn_net.c in the Linux kernel allowed local users to have an unknown impact via a crafted argument to the isdn_ioctl function. (CVE-2007-6063)

Alerts:
Red Hat RHSA-2008:0787-01 2009-01-05
CentOS CESA-2008:0973 2008-12-17
Red Hat RHSA-2008:0973-03 2008-12-16
Red Hat RHSA-2009:0001-01 2009-01-08
Mandriva MDVSA-2008:112 2007-06-12
Mandriva MDVSA-2008:105 2007-05-21
Debian DSA-1504 2008-02-22
Red Hat RHSA-2008:0154-01 2008-03-05
Debian DSA-1503-2 2008-03-06
Debian DSA-1503 2008-02-22
Ubuntu USN-578-1 2008-02-14
SuSE SUSE-SA:2008:006 2008-02-07
Ubuntu USN-574-1 2008-02-04
Red Hat RHSA-2008:0055-01 2008-01-31
Red Hat RHSA-2008:0089-01 2008-01-23
Mandriva MDVSA-2008:008 2008-01-11
Debian DSA-1436-1 2007-12-20
Debian DSA-1428-2 2007-12-11
Debian DSA-1428-1 2007-12-10
SuSE SUSE-SA:2007:064 2007-12-04

Comments (none posted)

kernel: denial of service

Package(s):kernel CVE #(s):CVE-2007-5966
Created:December 19, 2007 Updated:February 3, 2010
Description: A bug in high-resolution timers (prior to kernel 2.6.22.15) can cause very long sleeps when large timeout values are used.
Alerts:
Red Hat RHSA-2010:0079-01 2010-02-02
CentOS CESA-2009:1193 2009-08-05
Red Hat RHSA-2009:1193-01 2009-08-04
Red Hat RHSA-2008:0585-01 2008-08-26
Mandriva MDVSA-2008:112 2007-06-12
SuSE SUSE-SA:2008:006 2008-02-07
Ubuntu USN-574-1 2008-02-04
Debian DSA-1436-1 2007-12-20
rPath rPSA-2007-0269-1 2007-12-18

Comments (none posted)

krb5: multiple vulnerabilities

Package(s):krb5 CVE #(s):CVE-2007-2442 CVE-2007-2443 CVE-2007-2798
Created:June 27, 2007 Updated:March 24, 2008
Description: David Coffey discovered an uninitialized pointer free flaw in the RPC library used by kadmind. A remote unauthenticated attacker who could access kadmind could trigger the flaw causing kadmind to crash or possibly execute arbitrary code (CVE-2007-2442).

David Coffey also discovered an overflow flaw in the same RPC library. A remote unauthenticated attacker who could access kadmind could trigger the flaw causing kadmind to crash or possibly execute arbitrary code (CVE-2007-2443).

Finally, a stack buffer overflow vulnerability was found in kadmind that allowed an unauthenticated user able to access kadmind the ability to trigger the vulnerability and possibly execute arbitrary code (CVE-2007-2798).

Alerts:
Gentoo 200707-11 2007-07-25
SuSE SUSE-SA:2007:038 2007-07-03
Trustix TSLSA-2007-0021 2007-06-29
Fedora FEDORA-2007-0740 2007-06-27
Debian DSA-1323-1 2007-06-28
rPath rPSA-2007-0135-1 2007-06-27
Foresight FLEA-2007-0029-1 2007-06-27
Fedora FEDORA-2007-621 2007-06-28
Fedora FEDORA-2007-620 2007-06-28
Ubuntu USN-477-1 2007-06-26
Red Hat RHSA-2007:0562-01 2007-06-26
Red Hat RHSA-2007:0384-01 2007-06-26
Mandriva MDKSA-2007:137 2007-06-26

Comments (none posted)

krb5: uninitialized pointers

Package(s):krb5 CVE #(s):CVE-2006-6143 CVE-2006-3084
Created:January 10, 2007 Updated:July 7, 2010
Description: The kdamind daemon can, in some situations, perform operations on uninitialized pointers. This bug could conceivably open up the system to a code execution attack by an unauthenticated remote attacker, but it appears to be difficult to exploit. See this advisory for details.
Alerts:
Mandriva MDVSA-2010:129 2010-07-07
Gentoo 200701-21 2007-01-24
Ubuntu USN-408-1 2007-01-15
rPath rPSA-2007-0006-1 2007-01-11
Mandriva MDKSA-2007:008 2006-01-10
SuSE SUSE-SA:2007:004 2007-01-10
OpenPKG OpenPKG-SA-2007.006 2007-01-10
Fedora FEDORA-2007-033 2007-01-09
Fedora FEDORA-2007-034 2007-01-09

Comments (1 posted)

krb5: local privilege escalation

Package(s):krb5 CVE #(s):CVE-2006-3083
Created:August 9, 2006 Updated:July 7, 2010
Description: Some kerberos applications fail to check the results of setuid() calls, with the result that, if that call fails, they could continue to execute as root after thinking they had switched to a nonprivileged user. A local attacker who can cause these calls to fail (through resource exhaustion, presumably) could exploit this bug to gain root privileges.
Alerts:
Mandriva MDVSA-2010:129 2010-07-07
SuSE SUSE-SR:2006:022 2006-09-08
Gentoo 200608-21 2006-08-23
Ubuntu USN-334-1 2006-08-16
Fedora FEDORA-2006-905 2006-08-09
Mandriva MDKSA-2006:139 2006-09-09
Gentoo 200608-15 2006-08-10
rPath rPSA-2006-0150-1 2006-08-09
Red Hat RHSA-2006:0612-01 2006-08-08
Debian DSA-1146-1 2006-08-09

Comments (none posted)

krb5: buffer overflow, uninitialized pointer

Package(s):krb5 CVE #(s):CVE-2007-3999 CVE-2007-4000
Created:September 4, 2007 Updated:March 24, 2008
Description: Tenable Network Security discovered a stack buffer overflow flaw in the RPC library used by kadmind. A remote unauthenticated attacker who can access kadmind could trigger this flaw and cause kadmind to crash.

Garrett Wollman discovered an uninitialized pointer flaw in kadmind. A remote unauthenticated attacker who can access kadmind could trigger this flaw and cause kadmind to crash.

Alerts:
Fedora FEDORA-2008-1017 2008-03-06
SuSE SUSE-SR:2007:024 2007-11-22
Debian DSA-1387 2007-10-15
Gentoo 200710-01 2007-10-04
Red Hat RHSA-2007:0951-01 2007-10-02
Red Hat RHSA-2007:0913-01 2007-09-19
Trustix TSLSA-2007-0026 2007-09-17
Mandriva MDKSA-2007:181 2007-09-12
Gentoo 200709-01 2007-09-11
Ubuntu USN-511-2 2007-09-07
Mandriva MDKSA-2007:174-1 2007-09-07
Fedora FEDORA-2007-694 2007-09-07
Fedora FEDORA-2007-2066 2007-09-07
Debian DSA-1367-2 2007-09-06
Foresight FLEA-2007-0050-1 2007-09-06
Mandriva MDKSA-2007:174 2007-09-06
Red Hat RHSA-2007:0892-01 2007-09-07
rPath rPSA-2007-0179-1 2007-09-06
Ubuntu USN-511-1 2007-09-04
Fedora FEDORA-2007-2017 2007-09-04
Fedora FEDORA-2007-690 2007-09-04
Debian DSA-1368-1 2007-09-04
Debian DSA-1367-1 2007-09-04
Red Hat RHSA-2007:0858-01 2007-09-04

Comments (none posted)

krb5: multiple vulnerabilities

Package(s):krb5 CVE #(s):CVE-2007-0956 CVE-2007-0957 CVE-2007-1216
Created:April 3, 2007 Updated:March 24, 2008
Description: A flaw was found in the username handling of the MIT krb5 telnet daemon (telnetd). A remote attacker who can access the telnet port of a target machine could log in as root without requiring a password. MIT krb5 Security Advisory 2007-001

Buffer overflows were found which affect the Kerberos KDC and the kadmin server daemon. A remote attacker who can access the KDC could exploit this bug to run arbitrary code with the privileges of the KDC or kadmin server processes. MIT krb5 Security Advisory 2007-002

A double-free flaw was found in the GSSAPI library used by the kadmin server daemon. MIT krb5 Security Advisory 2007-003

Alerts:
Mandriva MDKSA-2007:077-1 2007-04-10
Foresight FLEA-2007-0008-1 2007-04-05
SuSE SUSE-SA:2007:025 2007-04-05
Mandriva MDKSA-2007:077 2006-04-04
rPath rPSA-2007-0063-1 2007-04-04
Ubuntu USN-449-1 2007-04-04
Gentoo 200704-02 2007-04-03
Fedora FEDORA-2007-409 2007-04-03
Fedora FEDORA-2007-408 2007-04-03
Debian DSA-1276-1 2007-04-03
Red Hat RHSA-2007:0095-01 2007-04-03

Comments (none posted)

kvirc: remote arbitrary code execution

Package(s):kvirc CVE #(s):CVE-2007-2951
Created:September 14, 2007 Updated:February 27, 2008
Description: Stefan Cornelius from Secunia Research discovered that the "parseIrcUrl()" function in file src/kvirc/kernel/kvi_ircurl.cpp does not properly sanitize parts of the URI when building the command for KVIrc's internal script system.
Alerts:
SuSE SUSE-SR:2007:015 2007-08-03
Gentoo 200709-02 2007-09-13

Comments (none posted)

lcms: stack-based buffer overflow

Package(s):lcms CVE #(s):CVE-2007-2741
Created:November 23, 2007 Updated:October 14, 2008
Description: Stack-based buffer overflow in Little CMS (lmcs) before 1.15 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ICC profile in a JPG file.
Alerts:
Ubuntu USN-652-1 2008-10-14
Mandriva MDKSA-2007:238 2007-12-06
SuSE SUSE-SR:2007:024 2007-11-22

Comments (none posted)

lftp: shell command execution

Package(s):lftp CVE #(s):CVE-2007-2348
Created:May 4, 2007 Updated:September 16, 2009
Description: mirror --script in lftp before 3.5.9 does not properly quote shell metacharacters, which might allow remote user-assisted attackers to execute shell commands via a malicious script. NOTE: it is not clear whether this issue crosses security boundaries, since the script already supports commands such as "get" which could overwrite executable files.
Alerts:
CentOS CESA-2009:1278 2009-09-15
Red Hat RHSA-2009:1278-02 2009-09-02
rPath rPSA-2007-0085-1 2007-05-03

Comments (none posted)

libarchive: pax extension header vulnerabilities

Package(s):libarchive CVE #(s):CVE-2007-3641 CVE-2007-3644 CVE-2007-3645
Created:August 9, 2007 Updated:February 27, 2008
Description: libarchive, a library for manipulating different streaming archive formats, has a number of pax extension header vulnerabilities. These may be used to cause a denial of service or for the execution of arbitrary code.
Alerts:
SuSE SUSE-SR:2007:015 2007-08-03
Debian DSA-1455-1 2008-01-08
Gentoo 200708-03 2007-08-08

Comments (none posted)

libexif: integer overflow

Package(s):libexif CVE #(s):CVE-2007-2645
Created:June 1, 2007 Updated:February 11, 2008
Description: Integer overflow in the exif_data_load_data_entry function in exif-data.c in libexif before 0.6.14 allows user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted EXIF data, involving the (1) doff or (2) s variable.
Alerts:
Debian DSA-1487-1 2008-02-08
Slackware SSA:2007-164-01 2007-06-14
Fedora FEDORA-2007-0414 2007-06-13
Fedora FEDORA-2007-548 2007-06-11
Ubuntu USN-471-1 2007-06-11
Mandriva MDKSA-2007:118 2007-06-08
Gentoo 200706-01 2007-06-05
rPath rPSA-2007-0115-1 2007-06-04
Foresight FLEA-2007-0024-1 2007-06-04
Fedora FEDORA-2007-0001 2007-06-01

Comments (none posted)

libexif: integer overflow

Package(s):libexif CVE #(s):CVE-2007-6352
Created:December 19, 2007 Updated:October 15, 2008
Description: From the Red Hat advisory: An integer overflow flaw was found in the way libexif parses Exif image tags. If a victim opens a carefully crafted Exif image file, it could cause the application linked against libexif to execute arbitrary code, or crash.
Alerts:
Ubuntu USN-654-1 2008-10-14
Debian DSA-1487-1 2008-02-08
SuSE SUSE-SR:2008:002 2008-01-25
Mandriva MDVSA-2008:005 2007-01-09
rPath rPSA-2008-0006-1 2008-01-04
Fedora FEDORA-2007-4667 2007-12-20
Gentoo 200712-15 2007-12-29
Fedora FEDORA-2007-4608 2007-12-20
Red Hat RHSA-2007:1165-01 2007-12-19
Red Hat RHSA-2007:1166-01 2007-12-19

Comments (none posted)

libexif: denial of service

Package(s):libexif CVE #(s):CVE-2007-6351
Created:December 19, 2007 Updated:October 15, 2008
Description: From the Red Hat advisory: An infinite recursion flaw was found in the way libexif parses Exif image tags. If a victim opens a carefully crafted Exif image file, it could cause the application linked against libexif to crash.
Alerts:
Ubuntu USN-654-1 2008-10-14
Debian DSA-1487-1 2008-02-08
SuSE SUSE-SR:2008:002 2008-01-25
Mandriva MDVSA-2008:005 2007-01-09
rPath rPSA-2008-0006-1 2008-01-04
Gentoo 200712-15 2007-12-29
Fedora FEDORA-2007-4667 2007-12-20
Red Hat RHSA-2007:1165-01 2007-12-19
Fedora FEDORA-2007-4608 2007-12-20

Comments (none posted)

libgd2: buffer overflow

Package(s):libgd2 CVE #(s):CVE-2007-3996
Created:December 19, 2007 Updated:October 13, 2009
Description: The GD library does not perform proper bounds checking when creating images; as a result, an attacker could, via crafted input, potentially execute arbitrary code.
Alerts:
Mandriva MDVSA-2009:264 2009-10-09
Ubuntu USN-720-1 2009-02-12
Debian DSA-1613-1 2008-07-22
SuSE SUSE-SA:2008:004 2008-01-29
Red Hat RHSA-2007:0891-01 2007-10-25
Red Hat RHSA-2007:0917-01 2007-10-23
Ubuntu USN-557-1 2007-12-18

Comments (none posted)

libmodplug: boundary errors

Package(s):libmodplug CVE #(s):CVE-2006-4192
Created:December 11, 2006 Updated:May 4, 2011
Description: Luigi Auriemma has reported various boundary errors in load_it.cpp and a boundary error in the "CSoundFile::ReadSample()" function in sndfile.cpp. A remote attacker can entice a user to read crafted modules or ITP files, which may trigger a buffer overflow resulting in the execution of arbitrary code with the privileges of the user running the application.
Alerts:
CentOS CESA-2011:0477 2011-05-04
Red Hat RHSA-2011:0477-01 2011-05-02
Ubuntu USN-521-1 2007-09-27
Mandriva MDKSA-2007:001 2007-01-02
Gentoo 200612-04 2006-12-10

Comments (none posted)

libphp-phpmailer: command execution

Package(s):libphp-phpmailer CVE #(s):CVE-2007-3215
Created:June 20, 2007 Updated:June 25, 2009
Description: libphp-phpmailer does not do sufficient input validation, enabling shell command injection attacks.
Alerts:
Ubuntu USN-791-1 2009-06-24
Debian DSA-1315-1 2007-06-19

Comments (none posted)

libpng: several vulnerabilities

Package(s):libpng CVE #(s):CVE-2007-5266 CVE-2007-5267 CVE-2007-5268 CVE-2007-5269
Created:October 19, 2007 Updated:March 23, 2009
Description: Certain chunk handlers in libpng before 1.0.29 and 1.2.x before 1.2.21 allow remote attackers to cause a denial of service (crash) via crafted (1) pCAL (png_handle_pCAL), (2) sCAL (png_handle_sCAL), (3) tEXt (png_push_read_tEXt), (4) iTXt (png_handle_iTXt), and (5) ztXT (png_handle_ztXt) chunking in PNG images, which trigger out-of-bounds read operations. (CVE-2007-5269)

pngrtran.c in libpng before 1.0.29 and 1.2.x before 1.2.21 use (1) logical instead of bitwise operations and (2) incorrect comparisons, which might allow remote attackers to cause a denial of service (crash) via a crafted PNG image. (CVE-2007-5268)

Off-by-one error in ICC profile chunk handling in the png_set_iCCP function in pngset.c in libpng before 1.2.22 beta1 allows remote attackers to cause a denial of service (crash) via a crafted PNG image, due to an incorrect fix for CVE-2007-5266. (CVE-2007-5267)

Off-by-one error in ICC profile chunk handling in the png_set_iCCP function in pngset.c in libpng before 1.0.29 beta1 and 1.2.x before 1.2.21 beta1 allows remote attackers to cause a denial of service (crash) via a crafted PNG image that prevents a name field from being NULL terminated. (CVE-2007-5266)

Alerts:
Debian DSA-1750-1 2009-03-22
Ubuntu USN-730-1 2009-03-06
Fedora FEDORA-2008-3979 2008-05-28
SuSE SUSE-SR:2007:025 2007-12-05
Slackware SSA:2007-325-01 2007-11-21
Slackware SSA:2007-325-01a 2007-11-22
Mandriva MDKSA-2007:217 2007-11-13
Foresight FLEA-2007-0065-1 2007-11-11
Gentoo 200711-08 2007-11-07
Fedora FEDORA-2007-734 2007-11-05
Ubuntu USN-538-1 2007-10-25
Red Hat RHSA-2007:0992-01 2007-10-23
Fedora FEDORA-2007-2521 2007-10-24
Fedora FEDORA-2007-2666 2007-10-24
rPath rPSA-2007-0219-1 2007-10-18
Oracle ELSA-2012-0317 2012-02-21
Gentoo 201209-25 2012-09-29

Comments (none posted)

libpng: denial of service

Package(s):libpng CVE #(s):CVE-2007-2445
Created:May 17, 2007 Updated:March 23, 2009
Description: Libpng can be crashed when processing malformed PNG files. It may also be possible to exploit this vulnerability to execute arbitrary code.
Alerts:
Debian DSA-1750-1 2009-03-22
Debian DSA-1613-1 2008-07-22
Fedora FEDORA-2008-3979 2008-05-28
Ubuntu USN-472-1 2007-06-11
Mandriva MDKSA-2007:116 2007-06-05
Gentoo 200705-24 2007-05-31
Fedora FEDORA-2007-0001 2007-06-01
Fedora FEDORA-2007-529 2007-05-24
Fedora FEDORA-2007-528 2007-05-24
Red Hat RHSA-2007:0356-01 2007-05-17
OpenPKG OpenPKG-SA-2007.013 2007-05-18
Foresight FLEA-2007-0018-1 2007-05-17
Slackware SSA:2007-136-01 2007-05-17
rPath rPSA-2007-0102-1 2007-05-16
Oracle ELSA-2012-0317 2012-02-21

Comments (none posted)

libpng: buffer overflow

Package(s):libpng CVE #(s):CVE-2006-3334
Created:July 19, 2006 Updated:December 15, 2008
Description: In pngrutil.c, the function png_decompress_chunk() allocates insufficient space for an error message, potentially overwriting stack data, leading to a buffer overflow.
Alerts:
Gentoo 200812-15 2008-12-14
Mandriva MDKSA-2006:213 2006-11-16
rPath rPSA-2006-0133-1 2006-07-19
Gentoo 200607-06 2006-07-19

Comments (none posted)

libpng: heap based buffer overflow

Package(s):libpng CVE #(s):CVE-2006-0481
Created:February 13, 2006 Updated:December 15, 2008
Description: A heap based buffer overflow bug was found in the way libpng strips alpha channels from a PNG image. An attacker could create a carefully crafted PNG image file in such a way that it could cause an application linked with libpng to crash or execute arbitrary code when the file is opened by a victim.
Alerts:
Gentoo 200812-15 2008-12-14
Red Hat RHSA-2006:0205-01 2006-02-13

Comments (1 posted)

libsndfile: heap-based buffer overflow

Package(s):libsndfile CVE #(s):CVE-2007-4974
Created:September 25, 2007 Updated:January 9, 2008
Description: Heap-based buffer overflow in libsndfile 1.0.17 and earlier might allow remote attackers to execute arbitrary code via a FLAC file with crafted PCM data containing a block with a size that exceeds the previous block size.
Alerts:
SuSE SUSE-SR:2008:001 2008-01-09
Debian DSA-1442-1 2007-12-29
Gentoo 200710-04 2007-10-07
Ubuntu USN-525-1 2007-10-04
Mandriva MDKSA-2007:191 2007-10-01
Fedora FEDORA-2007-2236 2007-09-24

Comments (none posted)

libtiff: buffer overflow

Package(s):libtiff CVE #(s):CVE-2006-2193
Created:June 15, 2006 Updated:September 1, 2008
Description: The t2p_write_pdf_string function in libtiff 3.8.2 and earlier is vulnerable to a buffer overflow. Attackers can use a TIFF file with UTF-8 characters in the DocumentName tag to overflow a buffer, causing a denial of service, and possibly the execution of arbitrary code.
Alerts:
CentOS CESA-2008:0848 2008-08-30
Red Hat RHSA-2008:0848-01 2008-08-28
Fedora FEDORA-2006-952 2006-09-05
SuSE SUSE-SA:2006:044 2006-08-01
Gentoo 200607-03 2006-07-09
SuSE SUSE-SR:2006:014 2006-06-20
Trustix TSLSA-2006-0036 2006-06-16
Mandriva MDKSA-2006:102 2006-06-14

Comments (none posted)

libvorbis: multiple memory corruption flaws

Package(s):libvorbis CVE #(s):CVE-2007-3106 CVE-2007-4029
Created:July 27, 2007 Updated:January 22, 2008
Description: This iSEC Partners security advisory has details on multiple memory corruption flaws in libvorbis.
Alerts:
Debian DSA-1471-1 2008-01-21
Gentoo 200710-03 2007-10-07
Red Hat RHSA-2007:0845-02 2007-09-19
Fedora FEDORA-2007-677 2007-08-30
Fedora FEDORA-2007-1765 2007-08-23
Mandriva MDKSA-2007:167-1 2007-08-20
Mandriva MDKSA-2007:167 2007-08-18
Ubuntu USN-498-1 2007-08-16
Foresight FLEA-2007-0035-1 2007-07-27
rPath rPSA-2007-0150-1 2007-07-27

Comments (none posted)

libvorbis: multiple vulnerabilities

Package(s):libvorbis CVE #(s):CVE-2007-4065 CVE-2007-4066
Created:October 11, 2007 Updated:January 22, 2008
Description: libvorbis has a number of vulnerabilities that can be triggered by opening a specially crafted Ogg file. Vulnerabilities include crashing and the execution of arbitrary code.
Alerts:
Debian DSA-1471-1 2008-01-21
SuSE SUSE-SR:2007:023 2007-10-31
Red Hat RHSA-2007:0912-01 2007-10-11
Mandriva MDKSA-2007:194 2007-10-10

Comments (1 posted)

libxml2 - arbitrary code execution

Package(s):libxml2 CVE #(s):CAN-2004-0110
Created:February 26, 2004 Updated:August 19, 2009
Description: Yuuichi Teranishi discovered a flaw in libxml2 versions prior to 2.6.6. When fetching a remote resource via FTP or HTTP, libxml2 uses special parsing routines. These routines can overflow a buffer if passed a very long URL. If an attacker is able to find an application using libxml2 that parses remote resources and allows them to influence the URL, then this flaw could be used to execute arbitrary code.
Alerts:
Fedora FEDORA-2009-8594 2009-08-15
Fedora FEDORA-2009-8582 2009-08-15
Fedora-Legacy FLSA:1324 2004-07-19
Conectiva CLA-2004:836 2004-03-31
Gentoo 200403-01 2004-03-06
Trustix TSLSA-2004-0010 2004-03-05
OpenPKG OpenPKG-SA-2004.003 2004-03-05
Netwosix NW-2004-0004 2004-03-04
Debian DSA-455-1 2004-03-03
Mandrake MDKSA-2004:018 2004-03-03
Red Hat RHSA-2004:091-02 2004-03-03
Whitebox WBSA-2004:090-01 2004-03-01
Red Hat RHSA-2004:090-01 2004-02-26
Fedora FEDORA-2004-087 2004-02-25
Red Hat RHSA-2004:091-01 2004-02-26

Comments (none posted)

libxml2: multiple buffer overflows

Package(s):libxml2 CVE #(s):CAN-2004-0989
Created:October 28, 2004 Updated:August 19, 2009
Description: libxml2 prior to version 2.6.14 has multiple buffer overflow vulnerabilities, if a local user passes a specially crafted FTP URL, arbitrary code may be executed.
Alerts:
Fedora FEDORA-2009-8594 2009-08-15
Fedora FEDORA-2009-8582 2009-08-15
Ubuntu USN-89-1 2005-02-28
Red Hat RHSA-2004:650-01 2004-12-16
Conectiva CLA-2004:890 2004-11-18
Red Hat RHSA-2004:615-01 2004-11-12
Mandrake MDKSA-2004:127 2004-11-04
Debian DSA-582-1 2004-11-02
Gentoo 200411-05 2004-11-02
Trustix TSLSA-2004-0055 2004-10-29
OpenPKG OpenPKG-SA-2004.050 2004-10-31
Ubuntu USN-10-1 2004-10-28
Fedora FEDORA-2004-353 2004-10-28

Comments (none posted)

liferea: weak permissions

Package(s):liferea CVE #(s):CVE-2007-5751
Created:November 2, 2007 Updated:December 22, 2008
Description: Liferea before 1.4.6 uses weak permissions (0644) for the feedlist.opml backup file, which allows local users to obtain credentials.
Alerts:
Fedora FEDORA-2008-11551 2008-12-21
Fedora FEDORA-2008-3249 2008-04-22
Fedora FEDORA-2008-3283 2008-04-22
Fedora FEDORA-2008-2682 2008-03-26
Fedora FEDORA-2008-2662 2008-03-26
Fedora FEDORA-2008-1535 2008-02-13
Fedora FEDORA-2008-1435 2008-02-13
Fedora FEDORA-2007-3701 2007-11-29
Fedora FEDORA-2007-3733 2007-11-29
Fedora FEDORA-2007-2853 2007-11-06
Fedora FEDORA-2007-2725 2007-11-01

Comments (1 posted)

lighttpd: denial of service

Package(s):lighttpd CVE #(s):CVE-2007-3946 CVE-2007-3947 CVE-2007-3948 CVE-2007-3949 CVE-2007-3950
Created:July 19, 2007 Updated:July 15, 2008
Description: The lighttpd web server has multiple vulnerabilities involving a remote access-control setting circumvention that is performed by the sending of malformed requests. This can be used to crash the server and cause a denial of service.
Alerts:
Debian DSA-1609-1 2008-07-15
SuSE SUSE-SR:2007:015 2007-08-03
Debian DSA-1362 2007-08-29
Gentoo 200708-11 2007-08-16
Fedora FEDORA-2007-1299 2007-07-26
Foresight FLEA-2007-0034-1 2007-07-26
rPath rPSA-2007-0145-1 2007-07-19

Comments (none posted)

vmware-player-kernel: several vulnerabilities

Package(s):linux-restricted-modules-2.6.17/20, vmware-player-kernel-2.6.15 CVE #(s):CVE-2007-0061 CVE-2007-0062 CVE-2007-0063 CVE-2007-4496 CVE-2007-4497
Created:November 16, 2007 Updated:March 13, 2009
Description: Neel Mehta and Ryan Smith discovered that the VMWare Player DHCP server did not correctly handle certain packet structures. Remote attackers could send specially crafted packets and gain root privileges. (CVE-2007-0061, CVE-2007-0062, CVE-2007-0063)

Rafal Wojtczvk discovered multiple memory corruption issues in VMWare Player. Attackers with administrative privileges in a guest operating system could cause a denial of service or possibly execute arbitrary code on the host operating system. (CVE-2007-4496, CVE-2007-4497)

Alerts:
rPath rPSA-2009-0041-1 2009-03-12
SuSE SUSE-SR:2009:005 2009-03-02
Gentoo 200808-05 2008-08-06
Gentoo 200711-23 2007-11-18
Ubuntu USN-543-1 2007-11-15

Comments (none posted)

lynx: arbitrary command execution

Package(s):lynx CVE #(s):CVE-2005-2929
Created:November 14, 2005 Updated:September 14, 2009
Description: An arbitrary command execute bug was found in the lynx "lynxcgi:" URI handler. An attacker could create a web page redirecting to a malicious URL which could execute arbitrary code as the user running lynx.
Alerts:
Gentoo 200909-15 2009-09-12
Fedora-Legacy FLSA:152832 2005-12-17
OpenPKG OpenPKG-SA-2005.026 2005-12-03
Fedora FEDORA-2005-1079 2005-11-14
Fedora FEDORA-2005-1078 2005-11-14
Gentoo 200511-09 2005-11-13
Mandriva MDKSA-2005:211 2005-11-12
Red Hat RHSA-2005:839-01 2005-11-11

Comments (none posted)

madwifi: denial of service

Package(s):madwifi CVE #(s):CVE-2007-5448
Created:November 8, 2007 Updated:January 11, 2008
Description: The MadWifi driver for Atheros Wireless Lan cards does not process beacon frames correctly. This can be used by a remote attacker to cause a denial of service.
Alerts:
Mandriva MDVSA-2008:007 2007-01-10
Gentoo 200711-09 2007-11-07

Comments (none posted)

mapserver: multiple cross-site scripting vulnerabilities

Package(s):mapserver CVE #(s):CVE-2007-4542 CVE-2007-4629
Created:September 5, 2007 Updated:April 7, 2008
Description:

CVE-2007-4542: Multiple cross-site scripting (XSS) vulnerabilities in MapServer before 4.10.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving the (1) processLine function in maptemplate.c and the (2) writeError function in mapserv.c in the mapserv CGI program.

CVE-2007-4629: Buffer overflow in the processLine function in maptemplate.c in MapServer before 4.10.3 allows attackers to cause a denial of service and possibly execute arbitrary code via a mapfile with a long layer name, group name, or metadata entry name.

Alerts:
Debian DSA-1539-1 2008-04-04
Fedora FEDORA-2007-2018 2007-09-04

Comments (none posted)

mod_jk: proxy bypass

Package(s):mod_jk CVE #(s):CVE-2007-1860
Created:May 30, 2007 Updated:March 7, 2008
Description: From the Red Hat advisory: "Versions of mod_jk before 1.2.23 decoded request URLs by default inside Apache httpd and forwarded the encoded URL to Tomcat, which itself did a second decoding. If Tomcat was used behind mod_jk and configured to only proxy some contexts, an attacker could construct a carefully crafted HTTP request to work around the context restriction and potentially access non-proxied content."
Alerts:
SuSE SUSE-SR:2008:005 2008-03-06
Gentoo 200708-15 2007-08-19
Debian DSA-1312-1 2007-06-18
Red Hat RHSA-2007:0380-01 2007-05-30
Red Hat RHSA-2007:0379-01 2007-05-30

Comments (none posted)

moin: arbitrary JavaScript execution

Package(s):moin CVE #(s):CVE-2007-2423
Created:May 8, 2007 Updated:March 10, 2008
Description: A flaw was discovered in MoinMoin's error reporting when using the AttachFile action. By tricking a user into viewing a crafted MoinMoin URL, an attacker could execute arbitrary JavaScript as the current MoinMoin user, possibly exposing the user's authentication information for the domain where MoinMoin was hosted.
Alerts:
Debian DSA-1514-1 2008-03-09
Ubuntu USN-458-1 2007-05-07

Comments (none posted)

mono: arbitrary code execution via integer overflow

Package(s):mono CVE #(s):CVE-2007-5197
Created:November 6, 2007 Updated:December 7, 2009
Description:

From the Debian advisory: An integer overflow in the BigInteger data type implementation has been discovered in the free .NET runtime Mono.

Alerts:
Mandriva MDVSA-2009:322 2009-12-07
Fedora FEDORA-2007-745 2007-11-15
Ubuntu USN-553-1 2007-12-04
Mandriva MDKSA-2007:218 2007-11-14
Fedora FEDORA-2007-3130 2007-11-09
Gentoo 200711-10 2007-11-07
Fedora FEDORA-2007-2969 2007-11-08
Debian DSA-1397-1 2007-11-03

Comments (none posted)

moodle: cross-site scripting

Package(s):moodle CVE #(s):CVE-2007-3555
Created:August 7, 2007 Updated:December 22, 2008
Description: A cross-site scripting (XSS) vulnerability in index.php in Moodle 1.7.1 allows remote attackers to inject arbitrary web script or HTML via a style expression in the search parameter.
Alerts:
Debian DSA-1691-1 2008-12-22
Fedora FEDORA-2008-0610 2008-01-15
Fedora FEDORA-2007-1445 2007-08-06

Comments (none posted)

mplayer: buffer overflow

Package(s):mplayer CVE #(s):CVE-2007-1246
Created:March 8, 2007 Updated:April 1, 2008
Description: MPlayer versions up to 1.0rc1 have a buffer overflow in the loader/dmo/DMO_VideoDecoder.c DMO_VideoDecoder_Open function. user-assisted remote attackers can use this to create a buffer overflow and possibly execute arbitrary code.
Alerts:
Debian DSA-1536-1 2008-03-31
Gentoo 200705-21 2007-05-30
Foresight FLEA-2007-0013-1 2007-04-23
Slackware SSA:2007-109-02 2007-04-20
Gentoo 200704-09 2007-04-14
Ubuntu USN-433-1 2007-03-09
Mandriva MDKSA-2007:057 2007-03-08
Mandriva MDKSA-2007:055 2007-03-08

Comments (none posted)

MySQL: denial of service

Package(s):mysql CVE #(s):CVE-2007-5925
Created:November 19, 2007 Updated:February 8, 2008
Description:

From the CVE entry:

The convert_search_mode_to_innobase function in ha_innodb.cc in the InnoDB engine in MySQL 5.1.23-BK and earlier allows remote authenticated users to cause a denial of service (database crash) via a certain CONTAINS operation on an indexed column, which triggers an assertion error.

Alerts:
SuSE SUSE-SR:2008:003 2008-02-07
Ubuntu USN-559-1 2007-12-21
Red Hat RHSA-2007:1157-01 2007-12-19
Fedora FEDORA-2007-4471 2007-12-15
Mandriva MDKSA-2007:243 2007-12-10
Fedora FEDORA-2007-4465 2007-12-15
Red Hat RHSA-2007:1155-01 2007-12-18
Gentoo 200711-25 2007-11-18
Debian DSA-1413-1 2007-11-26
Ubuntu USN-1397-1 2012-03-12

Comments (none posted)

mysql: denial of service

Package(s):mysql CVE #(s):CVE-2007-1420
Created:March 22, 2007 Updated:May 21, 2008
Description: MySQL subselect queries using "ORDER BY" can be used by an attacker with access to a MySQL instance in order to create an intermittent denial of service.
Alerts:
Red Hat RHSA-2008:0364-01 2008-05-21
Mandriva MDKSA-2007:139 2007-07-04
rPath rPSA-2007-0107-1 2007-05-23
Gentoo 200705-11 2007-05-08
Ubuntu USN-440-1 2007-03-21

Comments (none posted)

mysql: format string bug

Package(s):mysql CVE #(s):CVE-2006-3469
Created:July 21, 2006 Updated:July 30, 2008
Description: Jean-David Maillefer discovered a format string bug in the date_format() function's error reporting. By calling the function with invalid arguments, an authenticated user could exploit this to crash the server.
Alerts:
Red Hat RHSA-2008:0768-01 2008-07-24
Slackware SSA:2006-211-01 2006-07-31
Ubuntu USN-321-1 2006-07-21

Comments (none posted)

MySQL: privilege violations

Package(s):mysql CVE #(s):CVE-2006-4031 CVE-2006-4226
Created:August 25, 2006 Updated:July 30, 2008
Description: MySQL 4.1 before 4.1.21 and 5.0 before 5.0.24 allows a local user to access a table through a previously created MERGE table, even after the user's privileges are revoked for the original table, which might violate intended security policy (CVE-2006-4031).

MySQL 4.1 before 4.1.21, 5.0 before 5.0.25, and 5.1 before 5.1.12, when run on case-sensitive filesystems, allows remote authenticated users to create or access a database when the database name differs only in case from a database for which they have permissions (CVE-2006-4226).

Alerts:
Red Hat RHSA-2008:0768-01 2008-07-24
Red Hat RHSA-2008:0364-01 2008-05-21
Red Hat RHSA-2007:0152-01 2007-04-03
Red Hat RHSA-2007:0083-01 2007-02-19
Fedora FEDORA-2006-1298 2006-11-27
Fedora FEDORA-2006-1297 2006-11-27
Ubuntu USN-338-1 2006-09-05
Mandriva MDKSA-2006:149 2006-08-24

Comments (none posted)

mysql: privilege escalation

Package(s):mysql CVE #(s):CVE-2007-6303
Created:December 19, 2007 Updated:April 7, 2008
Description: From the CVE entry: MySQL 5.0.x before 5.0.52, 5.1.x before 5.1.23, and 6.0.x before 6.0.4 does not update the DEFINER value of a view when the view is altered, which allows remote authenticated users to gain privileges via a sequence of statements including a CREATE SQL SECURITY DEFINER VIEW statement and an ALTER VIEW statement.
Alerts:
Gentoo 200804-04 2008-04-06
Ubuntu USN-588-2 2008-04-02
Ubuntu USN-588-1 2008-03-19
SuSE SUSE-SR:2008:003 2008-02-07
Mandriva MDVSA-2008:017 2008-01-19
Red Hat RHSA-2007:1157-01 2007-12-19
Fedora FEDORA-2007-4465 2007-12-15
Fedora FEDORA-2007-4471 2007-12-15

Comments (none posted)

MySQL: logging bypass

Package(s):mysql CVE #(s):CVE-2006-0903
Created:April 4, 2006 Updated:May 21, 2008
Description: MySQL 5.0.18 and earlier allows local users to bypass logging mechanisms via SQL queries that contain the NULL character, which are not properly handled by the mysql_real_query function. NOTE: this issue was originally reported for the mysql_query function, but the vendor states that since mysql_query expects a null character, this is not an issue for mysql_query.
Alerts:
Red Hat RHSA-2008:0364-01 2008-05-21
Ubuntu USN-274-2 2006-05-15
Ubuntu USN-274-1 2006-04-27
Mandriva MDKSA-2006:064 2006-04-03

Comments (2 posted)

MySQL: privilege escalation

Package(s):MySQL CVE #(s):CVE-2007-3781 CVE-2007-5969
Created:December 11, 2007 Updated:May 21, 2008
Description: MySQL Community Server before 5.0.51, when a table relies on symlinks created through explicit DATA DIRECTORY and INDEX DIRECTORY options, allows remote authenticated users to overwrite system table information and gain privileges via a RENAME TABLE statement that changes the symlink to point to an existing file. (CVE-2007-5969)

MySQL Community Server before 5.0.45 does not require privileges such as SELECT for the source table in a CREATE TABLE LIKE statement, which allows remote authenticated users to obtain sensitive information such as the table structure. (CVE-2007-3781)

Alerts:
Red Hat RHSA-2008:0364-01 2008-05-21
Gentoo 200804-04 2008-04-06
SuSE SUSE-SR:2008:003 2008-02-07
rPath rPSA-2008-0018-1 2008-01-17
Debian DSA-1451-1 2008-01-06
Ubuntu USN-559-1 2007-12-21
Red Hat RHSA-2007:1157-01 2007-12-19
Fedora FEDORA-2007-4471 2007-12-15
Fedora FEDORA-2007-4465 2007-12-15
Red Hat RHSA-2007:1155-01 2007-12-18
Mandriva MDKSA-2007:243 2007-12-10

Comments (none posted)

mysql-dfsg: multiple vulnerabilities

Package(s):mysql-dfsg CVE #(s):CVE-2007-2583 CVE-2007-2691 CVE-2007-2692 CVE-2007-3782
Created:November 27, 2007 Updated:July 30, 2008
Description: The in_decimal::set function in item_cmpfunc.cc in MySQL before 5.0.40, and 5.1 before 5.1.18-beta, allows context-dependent attackers to cause a denial of service (crash) via a crafted IF clause that results in a divide-by-zero error and a NULL pointer dereference. (CVE-2007-2583)

MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements, which allows remote authenticated users to rename arbitrary tables. (CVE-2007-2691)

The mysql_change_db function in MySQL 5.0.x before 5.0.40 and 5.1.x before 5.1.18 does not restore THD::db_access privileges when returning from SQL SECURITY INVOKER stored routines, which allows remote authenticated users to gain privileges. (CVE-2007-2692)

MySQL Community Server before 5.0.45 allows remote authenticated users to gain update privileges for a table in another database via a view that refers to this external table. (CVE-2007-3782)

Alerts:
Red Hat RHSA-2008:0768-01 2008-07-24
Red Hat RHSA-2008:0364-01 2008-05-21
Ubuntu USN-588-2 2008-04-02
Ubuntu USN-588-1 2008-03-19
SuSE SUSE-SR:2008:003 2008-02-07
Mandriva MDVSA-2008:028 2007-01-29
Debian DSA-1413-1 2007-11-26

Comments (none posted)

nagios: cross-site scripting

Package(s):nagios CVE #(s):CVE-2007-5624
Created:December 7, 2007 Updated:September 14, 2009
Description: Cross-site scripting (XSS) vulnerability in Nagios 2.x before 2.10 allows remote attackers to inject arbitrary web script or HTML via unknown vectors to unspecified CGI scripts.
Alerts:
Debian DSA-1883-2 2009-09-14
Debian DSA-1883-1 2009-09-10
SuSE SUSE-SR:2008:011 2008-05-09
Mandriva MDVSA-2008:067 2008-03-18
Fedora FEDORA-2007-4145 2007-12-06
Fedora FEDORA-2007-4123 2007-12-06

Comments (none posted)

nagios-plugins: buffer overflow

Package(s):nagios-plugins CVE #(s):CVE-2007-5198
Created:October 23, 2007 Updated:April 17, 2008
Description: Buffer overflow in the redir function in check_http.c in Nagios Plugins before 1.4.10 allows remote web servers to execute arbitrary code via long Location header responses (redirects).
Alerts:
Fedora FEDORA-2008-3061 2008-04-17
Fedora FEDORA-2008-3098 2008-04-17
Fedora FEDORA-2008-3146 2008-04-17
Mandriva MDVSA-2008:067 2008-03-18
Debian DSA-1495-2 2008-02-17
Debian DSA-1495-1 2008-02-12
SuSE SUSE-SR:2007:025 2007-12-05
Ubuntu USN-532-1 2007-10-22

Comments (none posted)

nagios-plugins: check_snmp buffer overflow

Package(s):nagios-plugins CVE #(s):CVE-2007-5623
Created:November 2, 2007 Updated:April 17, 2008
Description: Buffer overflow in the check_snmp function in Nagios Plugins (nagios-plugins) 1.4.10 allows remote attackers to cause a denial of service (crash) via crafted snmpget replies.
Alerts:
Fedora FEDORA-2008-3061 2008-04-17
Fedora FEDORA-2008-3146 2008-04-17
Mandriva MDVSA-2008:067 2008-03-18
Debian DSA-1495-2 2008-02-17
Debian DSA-1495-1 2008-02-12
SuSE SUSE-SR:2007:025 2007-12-05
Gentoo 200711-11 2007-11-08
Fedora FEDORA-2007-2876 2007-11-06
Fedora FEDORA-2007-2713 2007-11-01

Comments (none posted)

nbd: arbitrary code execution

Package(s):nbd CVE #(s):CVE-2005-3534
Created:January 6, 2006 Updated:March 7, 2011
Description: Kurt Fitzner discovered that the NBD (network block device) server did not correctly verify the maximum size of request packets. By sending specially crafted large request packets, a remote attacker who is allowed to access the server could exploit this to execute arbitrary code with root privileges.
Alerts:
SuSE SUSE-SR:2006:001 2006-01-13
Ubuntu USN-237-1 2006-01-06

Comments (none posted)

ncompress: buffer underflow

Package(s):ncompress CVE #(s):CVE-2006-1168
Created:August 10, 2006 Updated:February 21, 2012
Description: The ncompress compression utility has a missing boundary check. A local user can use a maliciously created file to cause a a .bss buffer underflow.
Alerts:
Gentoo 200610-03 2006-10-06
Red Hat RHSA-2006:0663-01 2006-09-12
Mandriva MDKSA-2006:140 2006-08-09
Debian DSA-1149-1 2006-08-10
Red Hat RHSA-2012:0308-03 2012-02-21
Scientific Linux SL-busy-20120321 2012-03-21
Red Hat RHSA-2012:0810-04 2012-06-20
Scientific Linux SL-busy-20120709 2012-07-09
Mageia MGASA-2012-0171 2012-07-19
Mandriva MDVSA-2012:129 2012-08-10
Mandriva MDVSA-2012:129-1 2012-08-10

Comments (none posted)

net-snmp: denial of service

Package(s):net-snmp CVE #(s):CVE-2007-5846
Created:November 16, 2007 Updated:February 7, 2008
Description: A flaw was discovered in the way net-snmp handled certain requests. A remote attacker who can connect to the snmpd UDP port (161 by default) could send a malicious packet causing snmpd to crash, resulting in a denial of service.
Alerts:
Debian DSA-1483-1 2008-02-06
Ubuntu USN-564-1 2008-01-09
SuSE SUSE-SR:2007:025 2007-12-05
Gentoo 200711-31 2007-11-20
Mandriva MDKSA-2007:225 2007-11-19
Red Hat RHSA-2007:1045-01 2007-11-15
Fedora FEDORA-2007-3019 2007-11-20

Comments (none posted)

nginx: cross site scripting

Package(s):nginx CVE #(s):
Created:July 20, 2007 Updated:September 14, 2009
Description: Nginx [engine x] is an HTTP(S) server, HTTP(S) reverse proxy and IMAP/POP3 proxy server written by Igor Sysoev. The "msie_refresh" directive could allow cross site scripting.
Alerts:
Fedora FEDORA-2007-1158 2007-07-19

Comments (none posted)

nss_ldap: credential or other information disclosure

Package(s):nss_ldap CVE #(s):CVE-2007-5794
Created:November 26, 2007 Updated:July 30, 2008
Description:

From the Gentoo advisory:

Josh Burley reported that nss_ldap does not properly handle the LDAP connections due to a race condition that can be triggered by multi-threaded applications using nss_ldap, which might lead to requested data being returned to a wrong process.

Alerts:
Red Hat RHSA-2008:0715-01 2008-07-24
Red Hat RHSA-2008:0389-02 2008-05-21
Mandriva MDVSA-2008:049 2007-02-25
Foresight FLEA-2008-0003-1 2008-02-11
SuSE SUSE-SR:2008:003 2008-02-07
Debian DSA-1430-1 2007-12-11
rPath rPSA-2007-0255-1 2007-11-30
Gentoo 200711-33 2007-11-25

Comments (none posted)

opal: denial of service

Package(s):opal CVE #(s):CVE-2007-4924
Created:October 8, 2007 Updated:January 9, 2008
Description: From the Red Hat advisory: A flaw was discovered in the way opal handled certain Session Initiation Protocol (SIP) packets. An attacker could use this flaw to crash an application, such as Ekiga, which is linked with opal. (CVE-2007-4924)
Alerts:
Ubuntu USN-562-1 2008-01-08
Mandriva MDKSA-2007:205 2007-11-02
Red Hat RHSA-2007:0957-01 2007-10-08

Comments (none posted)

openldap: denial of service

Package(s):openldap CVE #(s):CVE-2007-5707
Created:November 8, 2007 Updated:April 9, 2008
Description: The OpenLDAP Lightweight Directory Access Protocol suite has a problem with handling of malformed objectClasses LDAP attributes by the slapd daemon. Both local and remote attackers can use this to crash slapd, causing a denial of service.
Alerts:
Debian DSA-1541-1 2008-04-08
Gentoo 200803-28 2008-03-19
Ubuntu USN-551-1 2007-12-04
Fedora FEDORA-2007-3124 2007-11-20
SuSE SUSE-SR:2007:024 2007-11-22
Red Hat RHSA-2007:1038-01 2007-11-15
Fedora FEDORA-2007-741 2007-11-15
Fedora FEDORA-2007-2796 2007-11-09
Mandriva MDKSA-2007:215 2007-11-08
Red Hat RHSA-2007:1037-01 2007-11-08

Comments (none posted)

openldap: denial of service

Package(s):openldap CVE #(s):CVE-2007-5708
Created:November 23, 2007 Updated:April 9, 2008
Description: slapo-pcache (overlays/pcache.c) in slapd in OpenLDAP before 2.3.39, when running as a proxy-caching server, allocates memory using a malloc variant instead of calloc, which prevents an array from being initialized properly and might allow attackers to cause a denial of service (segmentation fault) via unknown vectors that prevent the array from being null terminated.
Alerts:
Debian DSA-1541-1 2008-04-08
Gentoo 200803-28 2008-03-19
Mandriva MDVSA-2008:058 2007-03-05
Ubuntu USN-551-1 2007-12-04
Fedora FEDORA-2007-3124 2007-11-20
SuSE SUSE-SR:2007:024 2007-11-22

Comments (none posted)

OpenOffice.org: arbitrary code execution

Package(s):openoffice.org CVE #(s):CVE-2007-0245
Created:June 13, 2007 Updated:June 12, 2008
Description: A specially crafted RTF file could cause the filter to overwrite data on the heap, which may lead to the execution of arbitrary code.
Alerts:
Fedora FEDORA-2008-5239 2008-06-11
Fedora FEDORA-2008-4104 2008-05-17
rPath rPSA-2007-0160-1 2007-08-14
Ubuntu USN-482-1 2007-07-10
Mandriva MDKSA-2007:144 2007-07-10
Gentoo 200707-02 2007-07-02
SuSE SUSE-SA:2007:037 2007-06-28
Fedora FEDORA-2007-606 2007-06-25
Fedora FEDORA-2007-0410 2007-06-13
Fedora FEDORA-2007-572 2007-06-12
Red Hat RHSA-2007:0406-01 2007-06-13
Debian DSA-1307-1 2007-06-12

Comments (none posted)

openoffice.org: arbitrary code execution via TIFF images

Package(s):openoffice.org CVE #(s):CVE-2007-2834
Created:September 17, 2007 Updated:June 12, 2008
Description: A heap overflow vulnerability has been discovered in the TIFF parsing code of the OpenOffice.org suite. The parser uses untrusted values from the TIFF file to calculate the number of bytes of memory to allocate. A specially crafted TIFF image could trigger an integer overflow and subsequently a buffer overflow that could cause the execution of arbitrary code.
Alerts:
Fedora FEDORA-2008-5239 2008-06-11
Fedora FEDORA-2008-4104 2008-05-17
Gentoo 200710-24 2007-10-23
Ubuntu USN-524-1 2007-10-04
Fedora FEDORA-2007-2372 2007-10-03
SuSE SUSE-SA:2007:052 2007-09-21
Mandriva MDKSA-2007:186 2007-09-17
rPath rPSA-2007-0189-1 2007-09-18
Foresight FLEA-2007-0056-1 2007-09-18
Fedora FEDORA-2007-700 2007-09-18
Red Hat RHSA-2007:0848-01 2007-09-18
Debian DSA-1375-1 2007-09-17

Comments (none posted)

openoffice.org: arbitrary code execution

Package(s):openoffice.org CVE #(s):CVE-2007-4575
Created:December 5, 2007 Updated:September 10, 2008
Description:

From the OpenOffice advisory:

A security vulnerability in HSQLDB, the default database engine shipped with OpenOffice.org 2 (all versions), may allow attackers to execute arbitrary static Java code, by manipulating database documents to be opened by a user.

Alerts:
Fedora FEDORA-2008-7531 2008-09-05
Fedora FEDORA-2008-5247 2008-06-11
Fedora FEDORA-2008-5239 2008-06-11
Fedora FEDORA-2008-4104 2008-05-17
Ubuntu USN-609-1 2008-05-06
Mandriva MDVSA-2008:095 2008-05-02
Fedora FEDORA-2008-3251 2008-04-22
Red Hat RHSA-2008:0158-01 2008-03-24
Gentoo 200712-25 2007-12-30
SuSE SUSE-SA:2007:067 2007-12-11
Fedora FEDORA-2007-4172 2007-12-06
Red Hat RHSA-2007:1090-01 2007-12-05
Fedora FEDORA-2007-762 2007-12-07
Fedora FEDORA-2007-4120 2007-12-06
Red Hat RHSA-2007:1048-01 2007-12-05
Debian DSA-1419-1 2007-12-05

Comments (none posted)

openssh: remote denial of service

Package(s):openssh CVE #(s):CVE-2006-4924 CVE-2006-5051
Created:September 27, 2006 Updated:September 17, 2008
Description: Openssh 4.4 fixes some security issues, including a pre-authentication denial of service, an unsafe signal hander and on portable OpenSSH a GSSAPI authentication abort could be used to determine the validity of usernames on some platforms.
Alerts:
Debian DSA-1638-1 2008-09-16
Debian DSA-1212-1 2006-11-15
Fedora FEDORA-2006-1011 2006-10-03
Debian DSA-1189-1 2006-10-04
Mandriva MDKSA-2006:179 2006-10-03
Ubuntu USN-355-1 2006-10-02
OpenPKG OpenPKG-SA-2006.022 2006-10-01
Slackware SSA:2006-272-02 2006-09-29
Red Hat RHSA-2006:0698-01 2006-09-28
Red Hat RHSA-2006:0697-01 2006-09-28
Gentoo 200609-17:02 2006-09-27
rPath rPSA-2006-0174-1 2006-09-27
Gentoo 200609-17 2006-09-27

Comments (none posted)

openssl: off-by-one error

Package(s):openssl CVE #(s):CVE-2007-4995
Created:October 23, 2007 Updated:May 13, 2008
Description: Off-by-one error in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8f and 0.9.7 allows remote attackers to execute arbitrary code via unspecified vectors.
Alerts:
Debian DSA-1571-1 2008-05-13
Mandriva MDKSA-2007:237 2007-12-04
Gentoo 200710-30:02 2007-10-27
Ubuntu USN-534-1 2007-10-22

Comments (none posted)

openssl: off-by-one error

Package(s):openssl CVE #(s):CVE-2007-5135
Created:October 3, 2007 Updated:July 31, 2008
Description: From the Debian advisory: An off-by-one error has been identified in the SSL_get_shared_ciphers() routine in the libssl library from OpenSSL, an implementation of Secure Socket Layer cryptographic libraries and utilities. This error could allow an attacker to crash an application making use of OpenSSL's libssl library, or potentially execute arbitrary code in the security context of the user running such an application.
Alerts:
rPath rPSA-2008-0241-1 2008-07-30
SuSE SUSE-SR:2008:005 2008-03-06
Red Hat RHSA-2007:1003-02 2007-11-15
Red Hat RHSA-2007:0813-01 2007-10-22
Fedora FEDORA-2007-2530 2007-10-18
Fedora FEDORA-2007-725 2007-10-15
SuSE SUSE-SR:2007:020 2007-10-12
Red Hat RHSA-2007:0964-01 2007-10-12
Debian DSA-1379-2 2007-10-10
Gentoo 200710-06 2007-10-07
Mandriva MDKSA-2007:193 2007-10-04
rPath rPSA-2007-0206-1 2007-10-03
Foresight FLEA-2007-0058-1 2007-10-03
Debian DSA-1379 2007-10-02

Comments (none posted)

openssl: private key attack

Package(s):openssl CVE #(s):CVE-2007-3108
Created:August 7, 2007 Updated:May 13, 2008
Description: OpenSSL could allow a local user in certain circumstances to divulge information about private keys being used.
Alerts:
Debian DSA-1571-1 2008-05-13
Red Hat RHSA-2007:1003-02 2007-11-15
Ubuntu USN-522-1 2007-09-29
rPath rPSA-2007-0199-1 2007-09-25
Fedora FEDORA-2007-661 2007-08-13
Foresight FLEA-2007-0043-1 2007-08-13
rPath rPSA-2007-0155-1 2007-08-10
Fedora FEDORA-2007-1444 2007-08-06

Comments (none posted)

opera: multiple vulnerabilities

Package(s):opera CVE #(s):CVE-2007-4367 CVE-2007-3929 CVE-2007-3142 CVE-2007-3819
Created:August 23, 2007 Updated:February 27, 2008
Description: The Opera browser has multiple vulnerabilities. The JavaScript engine is vulnerable to a virtual function call on an invalid pointer that can be triggered by specially crafted JavaScript. A freed pointer in the BitTorrent support may be accessed, this can be used for malicious code execution. The browser is vulnerable to several memory read protection errors. There are URI display errors that can be used to trick users into visiting arbitrary web sites.
Alerts:
SuSE SUSE-SR:2007:015 2007-08-03
SuSE SUSE-SA:2007:050 2007-08-30
Gentoo 200708-17 2007-08-22

Comments (none posted)

pcre: CVE consolidation

Package(s):pcre CVE #(s):CVE-2005-4872 CVE-2006-7227 CVE-2006-7224
Created:November 15, 2007 Updated:May 13, 2008
Description: PCRE has flaws in the way it handles malformed regular expressions. If an application linked against PCRE, such as Konqueror, encounters a maliciously created regular expression, it may be possible to run arbitrary code. Vulnerabilities CVE-2005-4872 and CVE-2006-7227 have been combined into CVE-2006-7224.
Alerts:
Gentoo 200805-11 2008-05-12
Debian DSA-1570-1 2008-05-06
Mandriva MDVSA-2008:030 2008-01-31
SuSE SUSE-SA:2008:004 2008-01-29
Gentoo 200711-30 2007-11-20
SuSE SUSE-SA:2007:062 2007-11-23
Red Hat RHSA-2007:1052-02 2007-11-15

Comments (5 posted)

pcre: two arbitrary code execution vulnerabilities

Package(s):pcre CVE #(s):CVE-2007-1659 CVE-2007-1660
Created:November 6, 2007 Updated:July 16, 2008
Description: Multiple flaws were found in the way pcre handles certain malformed regular expressions. If an application linked against pcre, such as Konqueror, parses a malicious regular expression, it may be possible to run arbitrary code as the user running the application. (CVE-2007-1659, CVE-2007-1660)
Alerts:
Red Hat RHSA-2008:0546-01 2008-07-16
Debian DSA-1570-1 2008-05-06
Fedora FEDORA-2008-1842 2008-03-06
Mandriva MDVSA-2008:030 2008-01-31
SuSE SUSE-SA:2008:004 2008-01-29
SuSE SUSE-SR:2007:025 2007-12-05
Red Hat RHSA-2007:1065-01 2007-11-29
Red Hat RHSA-2007:1068-01 2007-11-29
Red Hat RHSA-2007:1063-01 2007-11-29
Gentoo 200711-30 2007-11-20
Ubuntu USN-547-1 2007-11-27
SuSE SUSE-SA:2007:062 2007-11-23
Foresight FLEA-2007-0064-1 2007-11-11
Mandriva MDKSA-2007:213 2007-11-08
Mandriva MDKSA-2007:212 2007-11-08
Mandriva MDKSA-2007:211 2007-11-08
rPath rPSA-2007-0231-1 2007-11-06
Debian DSA-1399-1 2007-11-05
Red Hat RHSA-2007:0968-01 2007-11-05
Red Hat RHSA-2007:0967-01 2007-11-05

Comments (none posted)

pcre: buffer overflows in library

Package(s):pcre CVE #(s):CVE-2006-7228 CVE-2006-7230 CVE-2007-1661 CVE-2007-4766 CVE-2007-4767
Created:November 23, 2007 Updated:July 16, 2008
Description: Specially crafted regular expressions could lead to buffer overflows in the pcre library. Applications using pcre to process regular expressions from untrusted sources could therefore potentially be exploited by attackers to execute arbitrary code as the user running the application.
Alerts:
Red Hat RHSA-2008:0546-01 2008-07-16
Debian DSA-1570-1 2008-05-06
Fedora FEDORA-2008-1842 2008-03-06
Gentoo 200802-10 2008-02-23
Mandriva MDVSA-2008:030 2008-01-31
SuSE SUSE-SA:2008:004 2008-01-29
Mandriva MDVSA-2008:012 2008-01-14
Red Hat RHSA-2007:1077-01 2007-12-10
Debian DSA-1399-1 2007-11-05
Red Hat RHSA-2007:1076-02 2007-12-10
Red Hat RHSA-2007:1065-01 2007-11-29
Red Hat RHSA-2007:1068-01 2007-11-29
Red Hat RHSA-2007:1063-01 2007-11-29
Red Hat RHSA-2007:1059-01 2007-11-29
Ubuntu USN-547-1 2007-11-27
SuSE SUSE-SA:2007:062 2007-11-23
Gentoo 200711-30 2007-11-20

Comments (1 posted)

pcre: buffer overflows

Package(s):pcre3 CVE #(s):CVE-2007-1662 CVE-2007-4768
Created:November 27, 2007 Updated:May 7, 2008
Description: Perl-Compatible Regular Expression (PCRE) library before 7.3 reads past the end of the string when searching for unmatched brackets and parentheses, which allows context-dependent attackers to cause a denial of service (crash), possibly involving forward references. (CVE-2007-1662)

Heap-based buffer overflow in Perl-Compatible Regular Expression (PCRE) library before 7.3 allows context-dependent attackers to execute arbitrary code via a singleton Unicode sequence in a character class in a regex pattern, which is incorrectly optimized. (CVE-2007-4768)

Alerts:
Debian DSA-1570-1 2008-05-06
Fedora FEDORA-2008-1842 2008-03-06
Debian DSA-1399-1 2007-11-05
Gentoo 200711-30 2007-11-20
Ubuntu USN-547-1 2007-11-27

Comments (none posted)

perl-Net-DNS: predictable id sequence

Package(s):perl-Net-DNS CVE #(s):CVE-2007-3377
Created:June 26, 2007 Updated:March 12, 2008
Description: Net::DNS before 0.60 uses an id sequence that is predictable and the same in all child processes.
Alerts:
Debian DSA-1515-1 2008-03-11
SuSE SUSE-SR:2007:017 2007-08-17
Gentoo 200708-06 2007-08-11
rPath rPSA-2007-0142-1 2007-07-17
Ubuntu USN-483-1 2007-07-11
Mandriva MDKSA-2007:146 2007-07-12
Red Hat RHSA-2007:0675-01 2007-07-12
Red Hat RHSA-2007:0674-01 2007-07-12
Fedora FEDORA-2007-609 2007-07-02
Fedora FEDORA-2007-612 2007-07-02
Fedora FEDORA-2007-0668 2007-06-25

Comments (none posted)

php: several vulnerabilities

Package(s):php CVE #(s):CVE-2006-4481 CVE-2006-4484 CVE-2006-4485
Created:September 8, 2006 Updated:June 13, 2008
Description: The file_exists and imap_reopen functions in PHP before 5.1.5 do not check for the safe_mode and open_basedir settings, which allows local users to bypass the settings (CVE-2006-4481).

A buffer overflow in the LWZReadByte function in ext/gd/libgd/gd_gif_in.c in the GD extension in PHP before 5.1.5 allows remote attackers to have an unknown impact via a GIF file with input_code_size greater than MAX_LWZ_BITS, which triggers an overflow when initializing the table array (CVE-2006-4484).

The stripos function in PHP before 5.1.5 has unknown impact and attack vectors related to an out-of-bounds read (CVE-2006-4485).

Alerts:
SuSE SUSE-SR:2008:013 2008-06-13
Mandriva MDVSA-2008:077 2007-03-26
SuSE SUSE-SR:2008:005 2008-03-06
Red Hat RHSA-2008:0146-01 2008-02-28
Fedora FEDORA-2008-1643 2008-02-13
Foresight FLEA-2008-0007-1 2008-02-11
Fedora FEDORA-2008-1122 2008-02-05
Fedora FEDORA-2008-1131 2008-02-05
SuSE SUSE-SR:2008:003 2008-02-07
Mandriva MDVSA-2008:038 2007-02-07
rPath rPSA-2008-0046-1 2008-02-06
Gentoo 200802-01 2008-02-06
rPath rPSA-2006-0182-1 2006-10-05
SuSE SUSE-SA:2006:052 2006-09-21
Red Hat RHSA-2006:0669-01 2006-09-21
Mandriva MDKSA-2006:162 2006-09-07

Comments (1 posted)

php: multiple vulnerabilities

Package(s):php CVE #(s):CVE-2007-2872 CVE-2007-2756
Created:June 1, 2007 Updated:January 29, 2008
Description: According to a vendor release announcement multiple security enhancements and fixes were fixed in version 5.2.3 of the programming language PHP.
Alerts:
SuSE SUSE-SA:2008:004 2008-01-29
Ubuntu USN-549-2 2007-12-03
Red Hat RHSA-2007:0891-01 2007-10-25
Ubuntu USN-549-1 2007-11-29
Red Hat RHSA-2007:0888-01 2007-10-23
Gentoo 200710-02 2007-10-07
Red Hat RHSA-2007:0889-01 2007-09-26
Fedora FEDORA-2007-709 2007-09-24
Mandriva MDKSA-2007:187 2007-09-21
Red Hat RHSA-2007:0890-02 2007-09-20
Fedora FEDORA-2007-2215 2007-09-18
rPath rPSA-2007-0188-1 2007-09-17
Slackware SSA:2007-255-03 2007-09-13
rPath rPSA-2007-0117-1 2007-06-07
Slackware SSA:2007-152-01 2007-06-04
OpenPKG OpenPKG-SA-2007.020 2007-06-01

Comments (none posted)

php: multiple vulnerabilities

Package(s):php CVE #(s):CVE-2007-3799 CVE-2007-3998 CVE-2007-4659 CVE-2007-4658 CVE-2007-4670 CVE-2007-4661
Created:October 23, 2007 Updated:May 19, 2008
Description: From the Red Hat advisory:

Various integer overflow flaws were found in the PHP gd extension. A script that could be forced to resize images from an untrusted source could possibly allow a remote attacker to execute arbitrary code as the apache user. (CVE-2007-3996)

A previous security update introduced a bug into PHP session cookie handling. This could allow an attacker to stop a victim from viewing a vulnerable web site if the victim has first visited a malicious web page under the control of the attacker, and that page can set a cookie for the vulnerable web site. (CVE-2007-4670)

A flaw was found in the PHP money_format function. If a remote attacker was able to pass arbitrary data to the money_format function this could possibly result in an information leak or denial of service. Note that is is unusual for a PHP script to pass user-supplied data to the money_format function. (CVE-2007-4658)

A flaw was found in the PHP wordwrap function. If a remote attacker was able to pass arbitrary data to the wordwrap function this could possibly result in a denial of service. (CVE-2007-3998)

A bug was found in PHP session cookie handling. This could allow an attacker to create a cross-site cookie insertion attack if a victim follows an untrusted carefully-crafted URL. (CVE-2007-3799)

A flaw was found in handling of dynamic changes to global variables. A script which used certain functions which change global variables could be forced to enable the register_globals configuration option, possibly resulting in global variable injection. (CVE-2007-4659)

An integer overflow flaw was found in the PHP chunk_split function. If a remote attacker was able to pass arbitrary data to the third argument of chunk_split they could possibly execute arbitrary code as the apache user. Note that it is unusual for a PHP script to use the chunk_split function with a user-supplied third argument. (CVE-2007-4661)

Alerts:
Debian DSA-1578-1 2008-05-17
SuSE SUSE-SR:2007:015 2007-08-03
SuSE SUSE-SA:2008:004 2008-01-29
Debian DSA-1444-2 2008-01-23
Debian DSA-1444-1 2008-01-03
Ubuntu USN-549-2 2007-12-03
Ubuntu USN-549-1 2007-11-29
Red Hat RHSA-2007:0891-01 2007-10-25
rPath rPSA-2007-0221-1 2007-10-24
Red Hat RHSA-2007:0917-01 2007-10-23

Comments (none posted)

php: buffer overflows

Package(s):php CVE #(s):CVE-2006-5465
Created:November 3, 2006 Updated:January 18, 2010
Description: The Hardened-PHP Project discovered buffer overflows in htmlentities/htmlspecialchars internal routines to the PHP Project. Of course the whole purpose of these functions is to be filled with user input. (The overflow can only be when UTF-8 is used)
Alerts:
Mandriva MDVSA-2010:007 2010-01-15
SuSE SUSE-SA:2006:067 2006-11-15
rPath rPSA-2006-0205-1 2006-11-09
Red Hat RHSA-2006:0731-01 2006-11-10
Red Hat RHSA-2006:0730-01 2006-11-06
Debian DSA-1206-1 2006-11-06
Fedora FEDORA-2006-1169 2006-11-06
Fedora FEDORA-2006-1168 2006-11-06
Slackware SSA:2006-307-01 2006-11-06
OpenPKG OpenPKG-SA-2006.028 2006-11-06
Ubuntu USN-375-1 2006-11-02
Mandriva MDKSA-2006:196 2006-11-02

Comments (none posted)

php5: multiple vulnerabilities

Package(s):php5 CVE #(s):CVE-2007-4657 CVE-2007-4660 CVE-2007-4662
Created:November 30, 2007 Updated:July 4, 2008
Description: Multiple integer overflows in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, allow remote attackers to obtain sensitive information (memory contents) or cause a denial of service (thread crash) via a large len value to the (1) strspn or (2) strcspn function, which triggers an out-of-bounds read. NOTE: this affects different product versions than CVE-2007-3996. (CVE-2007-4657)

Unspecified vulnerability in the chunk_split function in PHP before 5.2.4 has unknown impact and attack vectors, related to an incorrect size calculation. (CVE-2007-4660)

Buffer overflow in the php_openssl_make_REQ function in PHP before 5.2.4 has unknown impact and attack vectors. (CVE-2007-4662)

Alerts:
Mandriva MDVSA-2008:125 2008-07-03
Mandriva MDVSA-2008:126 2007-07-03
Debian DSA-1578-1 2008-05-17
Debian DSA-1444-2 2008-01-23
Debian DSA-1444-1 2008-01-03
Ubuntu USN-549-2 2007-12-03
Ubuntu USN-549-1 2007-11-29

Comments (none posted)

php5: multiple vulnerabilities

Package(s):php5 CVE #(s):CVE-2007-4783 CVE-2007-4840 CVE-2007-5898 CVE-2007-5899 CVE-2007-5900
Created:November 20, 2007 Updated:January 18, 2010
Description: The php5 package contains multiple vulnerabilities, the most serious of which involve several Denial of Service attacks (application crashes and temporary application hangs). It is not currently known that these vulnerabilities can be exploited to execute malicious code.
Alerts:
Mandriva MDVSA-2010:007 2010-01-15
Ubuntu USN-720-1 2009-02-12
Ubuntu USN-628-1 2008-07-23
CentOS CESA-2008:0545 2008-07-16
CentOS CESA-2008:0544 2008-07-16
Red Hat RHSA-2008:0545-01 2008-07-16
Red Hat RHSA-2008:0546-01 2008-07-16
Red Hat RHSA-2008:0544-01 2008-07-16
Red Hat RHSA-2008:0582-01 2008-07-22
Mandriva MDVSA-2008:127 2008-07-03
Mandriva MDVSA-2008:125 2008-07-03
Mandriva MDVSA-2008:126 2007-07-03
Red Hat RHSA-2008:0505-01 2008-07-02
Fedora FEDORA-2008-3606 2008-06-20
Fedora FEDORA-2008-3864 2008-06-20
SuSE SUSE-SA:2008:004 2008-01-29
Debian DSA-1444-2 2008-01-23
Debian DSA-1444-1 2008-01-03
Ubuntu USN-549-2 2007-12-03
rPath rPSA-2007-0242-1 2007-11-19
Ubuntu USN-549-1 2007-11-29

Comments (none posted)

phpbb2: missing input sanitizing

Package(s):phpbb2 CVE #(s):CVE-2006-1896
Created:May 22, 2006 Updated:February 11, 2008
Description: It was discovered that phpbb2, a web based bulletin board, insufficiently sanitizes values passed to the "Font Color 3" setting, which might lead to the execution of injected code by admin users.
Alerts:
Debian DSA-1066-1 2006-05-20

Comments (none posted)

phpbb2: multiple vulnerabilities

Package(s):phpbb2 CVE #(s):CVE-2005-3310 CVE-2005-3415 CVE-2005-3416 CVE-2005-3417 CVE-2005-3418 CVE-2005-3419 CVE-2005-3420 CVE-2005-3536 CVE-2005-3537
Created:December 22, 2005 Updated:February 11, 2008
Description: The phpbb2 web forum has a number of vulnerabilities including: a web script injection problem, a protection mechanism bypass, a security check bypass, a remote global variable bypass, cross site scripting vulnerabilities, an SQL injection vulnerability, a remote regular expression modification problem, missing input sanitizing, and a missing request validation problem.
Alerts:
Debian DSA-925-1 2005-12-22

Comments (none posted)

phpmyadmin: multiple vulnerabilities

Package(s):phpmyadmin CVE #(s):CVE-2006-6942 CVE-2006-6944 CVE-2007-1325 CVE-2007-1395 CVE-2007-2245
Created:September 10, 2007 Updated:March 19, 2009
Description: Several remote vulnerabilities have been discovered in phpMyAdmin, a program to administrate MySQL over the web. The Common Vulnerabilities and Exposures project identifies the following problems:

CVE-2007-1325: The PMA_ArrayWalkRecursive function in libraries/common.lib.php does not limit recursion on arrays provided by users, which allows context-dependent attackers to cause a denial of service (web server crash) via an array with many dimensions.

CVE-2007-1395: Incomplete blacklist vulnerability in index.php allows remote attackers to conduct cross-site scripting (XSS) attacks by injecting arbitrary JavaScript or HTML in a (1) db or (2) table parameter value followed by an uppercase </SCRIPT> end tag, which bypasses the protection against lowercase </script>.

CVE-2007-2245: Multiple cross-site scripting (XSS) vulnerabilities allow remote attackers to inject arbitrary web script or HTML via (1) the fieldkey parameter to browse_foreigners.php or (2) certain input to the PMA_sanitize function.

CVE-2006-6942: Multiple cross-site scripting (XSS) vulnerabilities allow remote attackers to inject arbitrary HTML or web script via (1) a comment for a table name, as exploited through (a) db_operations.php, (2) the db parameter to (b) db_create.php, (3) the newname parameter to db_operations.php, the (4) query_history_latest, (5) query_history_latest_db, and (6) querydisplay_tab parameters to (c) querywindow.php, and (7) the pos parameter to (d) sql.php.

CVE-2006-6944: phpMyAdmin allows remote attackers to bypass Allow/Deny access rules that use IP addresses via false headers.

Alerts:
Gentoo 200903-32 2009-03-18
Mandriva MDKSA-2007:199 2007-10-17
Debian DSA-1370-2 2007-09-10
Debian DSA-1370-1 2007-09-09

Comments (none posted)

phpMyAdmin: cross-site scripting vulnerabilities

Package(s):phpMyAdmin CVE #(s):CVE-2007-5386 CVE-2007-5589
Created:November 2, 2007 Updated:March 14, 2008
Description: Cross-site scripting (XSS) vulnerability in scripts/setup.php in phpMyAdmin 2.11.1, when accessed by a browser that does not URL-encode requests, allows remote attackers to inject arbitrary web script or HTML via the query string.

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.11.1.2 allow remote attackers to inject arbitrary web script or HTML via certain input available in (1) PHP_SELF in (a) server_status.php, and (b) grab_globals.lib.php, (c) display_change_password.lib.php, and (d) common.lib.php in libraries/; and certain input available in PHP_SELF and (2) PATH_INFO in libraries/common.inc.php. NOTE: there might also be other vectors related to (3) REQUEST_URI.

Alerts:
SuSE SUSE-SR:2008:006 2008-03-14
Fedora FEDORA-2007-3639 2007-11-22
Fedora FEDORA-2007-3666 2007-11-22
Debian DSA-1403-1 2007-11-08
Fedora FEDORA-2007-2738 2007-11-01

Comments (none posted)

phpMyAdmin: information disclosure

Package(s):phpMyAdmin CVE #(s):CVE-2007-0095
Created:December 11, 2007 Updated:September 25, 2008
Description: phpMyAdmin 2.9.1.1 allows remote attackers to obtain sensitive information via a direct request for themes/darkblue_orange/layout.inc.php, which reveals the path in an error message.
Alerts:
Fedora FEDORA-2008-8286 2008-09-24
Fedora FEDORA-2008-8269 2008-09-24
Fedora FEDORA-2008-6502 2008-07-17
Fedora FEDORA-2008-6450 2008-07-17
Fedora FEDORA-2008-2229 2008-03-03
Fedora FEDORA-2008-2189 2008-03-03
Fedora FEDORA-2007-4298 2007-12-10
Fedora FEDORA-2007-4334 2007-12-10

Comments (none posted)

phpMyAdmin: SQL injection

Package(s):phpMyAdmin CVE #(s):CVE-2007-5976 CVE-2007-5977
Created:November 22, 2007 Updated:March 19, 2009
Description: phpMyAdmin prior to version 2.11.2.1 has an SQL injection vulnerability in db_create.php. Remote authenticated users with CREATE DATABASE privileges can use this to execute arbitrary SQL commands via the db parameter.

db_create.php also has a related cross-site scripting vulnerability. Remote authenticated users can inject arbitrary web scripts or HTML using a hex-encoded IMG element in the db parameter in a POST request.

Alerts:
Gentoo 200903-32 2009-03-18
Mandriva MDKSA-2007:229 2007-11-20
Fedora FEDORA-2007-3639 2007-11-22
Fedora FEDORA-2007-3636 2007-11-22
Fedora FEDORA-2007-3666 2007-11-22
Fedora FEDORA-2007-3627 2007-11-22

Comments (none posted)

phpPgAdmin: cross-site scripting

Package(s):phppgadmin CVE #(s):CVE-2007-2865 CVE-2007-5728
Created:June 18, 2007 Updated:January 21, 2009
Description: A cross-site scripting (XSS) vulnerability in sqledit.php in phpPgAdmin 4.1.1 allows remote attackers to inject arbitrary web script or HTML via the server parameter.
Alerts:
Debian DSA-1693-1 2008-12-27
Debian DSA-1693-2 2009-01-21
SuSE SUSE-SR:2007:024 2007-11-22
Fedora FEDORA-2007-1013 2007-07-11
Fedora FEDORA-2007-0469 2007-06-16

Comments (none posted)

poppler and xpdf: multiple vulnerabilities

Package(s):poppler xpdf CVE #(s):CVE-2007-4352 CVE-2007-5392 CVE-2007-5393
Created:November 8, 2007 Updated:February 26, 2008
Description: The xpdf and poppler PDF libraries contain several vulnerabilities which can lead to arbitrary command execution via hostile PDF files. Numerous other applications which use these libraries (PDF viewers, CUPS, etc.) will be affected by the vulnerabilities as well.
Alerts:
Debian DSA-1509-1 2008-02-25
Debian DSA-1480-1 2008-02-05
Fedora FEDORA-2007-4031 2007-12-10
Mandriva MDKSA-2007:230 2007-11-20
Fedora FEDORA-2007-3308 2007-11-20
Mandriva MDKSA-2007:228 2007-11-19
Mandriva MDKSA-2007:227 2007-11-19
Gentoo 200711-22 2007-11-18
Mandriva MDKSA-2007:221 2007-11-15
Mandriva MDKSA-2007:220 2007-11-15
SuSE SUSE-SA:2007:060 2007-11-14
Ubuntu USN-542-1 2007-11-14
rPath rPSA-2007-0252-1 2007-11-28
Fedora FEDORA-2007-3390 2007-11-20
Fedora FEDORA-2007-750 2007-11-21
Debian DSA-1408-1 2007-11-21
Mandriva MDKSA-2007:223 2007-11-17
Mandriva MDKSA-2007:222 2007-11-17
Mandriva MDKSA-2007:219 2007-11-15
Ubuntu USN-542-2 2007-11-15
Fedora FEDORA-2007-2985 2007-11-13
Fedora FEDORA-2007-2985 2007-11-13
Fedora FEDORA-2007-2985 2007-11-13
Fedora FEDORA-2007-2985 2007-11-13
Fedora FEDORA-2007-2985 2007-11-13
Fedora FEDORA-2007-2985 2007-11-13
Fedora FEDORA-2007-2985 2007-11-13
Fedora FEDORA-2007-2985 2007-11-13
Fedora FEDORA-2007-2985 2007-11-13
Fedora FEDORA-2007-2985 2007-11-13
Fedora FEDORA-2007-2985 2007-11-13
Fedora FEDORA-2007-2985 2007-11-13
Fedora FEDORA-2007-2985 2007-11-13
Fedora FEDORA-2007-2985 2007-11-13
Fedora FEDORA-2007-2985 2007-11-13
Fedora FEDORA-2007-2985 2007-11-13
Fedora FEDORA-2007-2985 2007-11-13
Fedora FEDORA-2007-2985 2007-11-13
Fedora FEDORA-2007-2985 2007-11-13
Fedora FEDORA-2007-2985 2007-11-13
Slackware SSA:2007-316-01 2007-11-12
Red Hat RHSA-2007:1051-01 2007-11-12
Red Hat RHSA-2007:1024-01 2007-11-12
Fedora FEDORA-2007-3093 2007-11-09
Fedora FEDORA-2007-3014 2007-11-09
Fedora FEDORA-2007-3001 2007-11-09
Fedora FEDORA-2007-3100 2007-11-09
Fedora FEDORA-2007-3059 2007-11-09
Fedora FEDORA-2007-3031 2007-11-09
Red Hat RHSA-2007:1031-01 2007-11-07
Red Hat RHSA-2007:1030-01 2007-11-07
Red Hat RHSA-2007:1029-01 2007-11-07
Red Hat RHSA-2007:1028-01 2007-11-07
Red Hat RHSA-2007:1026-01 2007-11-07
Red Hat RHSA-2007:1025-01 2007-11-07
Red Hat RHSA-2007:1023-01 2007-11-07
Red Hat RHSA-2007:1022-01 2007-11-07
Red Hat RHSA-2007:1021-01 2007-11-07
Fedora FEDORA-2007-746 2007-11-15

Comments (none posted)

postgresql: several vulnerabilities

Package(s):postgresql CVE #(s):CVE-2007-3278 CVE-2007-3279 CVE-2007-3280
Created:September 25, 2007 Updated:February 1, 2008
Description: PostgreSQL 8.1 and probably later and earlier versions, when local trust authentication is enabled and the Database Link library (dblink) is installed, allows remote attackers to access arbitrary accounts and execute arbitrary SQL queries via a dblink host parameter that proxies the connection from 127.0.0.1. (CVE-2007-3278)

PostgreSQL 8.1 and probably later and earlier versions, when the PL/pgSQL (plpgsql) language has been created, grants certain plpgsql privileges to the PUBLIC domain, which allows remote attackers to create and execute functions, as demonstrated by functions that perform local brute-force password guessing attacks, which may evade intrusion detection. (CVE-2007-3279)

The Database Link library (dblink) in PostgreSQL 8.1 implements functions via CREATE statements that map to arbitrary libraries based on the C programming language, which allows remote authenticated superusers to map and execute a function from any library, as demonstrated by using the system function in libc.so.6 to gain shell access. (CVE-2007-3280)

Alerts:
Red Hat RHSA-2008:0040-01 2008-02-01
Gentoo 200801-15 2008-01-29
Ubuntu USN-568-1 2008-01-14
Debian DSA-1463-1 2008-01-14
Debian DSA-1460-1 2008-01-13
Red Hat RHSA-2008:0039-01 2008-01-11
Red Hat RHSA-2008:0038-01 2008-01-11
Mandriva MDKSA-2007:188 2007-09-25

Comments (1 posted)

pulseaudio: denial of service

Package(s):pulseaudio CVE #(s):CVE-2007-1804
Created:May 30, 2007 Updated:March 10, 2008
Description: The pulseaudio network code suffers from a denial of service vulnerability exploitable by an unauthenticated attacker.
Alerts:
Mandriva MDVSA-2008:065 2007-03-09
Ubuntu USN-465-1 2007-05-25

Comments (none posted)

pwlib: denial of service

Package(s):pwlib CVE #(s):CVE-2007-4897
Created:October 8, 2007 Updated:January 9, 2008
Description: From the Red Hat advisory: A memory management flaw was discovered in PWLib. An attacker could use this flaw to crash an application, such as Ekiga, which is linked with pwlib (CVE-2007-4897).
Alerts:
Ubuntu USN-561-1 2008-01-08
Mandriva MDKSA-2007:206 2007-11-02
Red Hat RHSA-2007:0932-01 2007-10-08

Comments (none posted)

python: information disclosure

Package(s):python CVE #(s):CVE-2007-2052
Created:May 9, 2007 Updated:July 30, 2009
Description: Python 2.4 and 2.5 contain a bug in PyLocale_strxfrm() which could enable an attacker to read portions of unrelated memory.
Alerts:
CentOS CESA-2009:1176 2009-07-29
Red Hat RHSA-2009:1176-01 2009-07-27
Debian DSA-1620-1 2008-07-27
Debian DSA-1551-1 2008-04-19
Ubuntu USN-585-1 2008-03-11
Red Hat RHSA-2007:1076-02 2007-12-10
Red Hat RHSA-2007:1077-01 2007-12-10
Foresight FLEA-2007-0019-1 2007-05-21
rPath rPSA-2007-0104-1 2007-05-17
Mandriva MDKSA-2007:099 2007-05-08

Comments (none posted)

python: integer overflows

Package(s):python CVE #(s):CVE-2007-4965
Created:October 30, 2007 Updated:July 30, 2009
Description: Multiple integer overflows in the imageop module in Python 2.5.1 and earlier allow context-dependent attackers to cause a denial of service (application crash) and possibly obtain sensitive information (memory contents) via crafted arguments to (1) the tovideo method, and unspecified other vectors related to (2) imageop.c, (3) rbgimgmodule.c, and other files, which trigger heap-based buffer overflows.
Alerts:
CentOS CESA-2009:1176 2009-07-29
Red Hat RHSA-2009:1176-01 2009-07-27
Mandriva MDVSA-2009:036 2009-02-12
Mandriva MDVSA-2008:164 2008-08-07
Mandriva MDVSA-2008:163 2007-08-07
Debian DSA-1620-1 2008-07-27
Gentoo 200807-01 2008-07-01
Debian DSA-1551-1 2008-04-19
Ubuntu USN-585-1 2008-03-11
Foresight FLEA-2008-0002-1 2008-02-11
SuSE SUSE-SR:2008:003 2008-02-07
Mandriva MDVSA-2008:013 2007-01-14
Mandriva MDVSA-2008:012 2008-01-14
Red Hat RHSA-2007:1076-02 2007-12-10
rPath rPSA-2007-0254-1 2007-11-30
Gentoo 200711-07 2007-11-07
Fedora FEDORA-2007-2663 2007-10-29

Comments (none posted)

qemu: multiple vulnerabilities

Package(s):qemu CVE #(s):CVE-2007-1320 CVE-2007-1321 CVE-2007-1322 CVE-2007-1323 CVE-2007-1366
Created:May 1, 2007 Updated:January 19, 2009
Description: Several vulnerabilities have been discovered in the QEMU processor emulator, which may lead to the execution of arbitrary code or denial of service.
Alerts:
Fedora FEDORA-2008-11705 2008-12-24
Fedora FEDORA-2008-10000 2008-11-22
Fedora FEDORA-2008-9556 2008-11-12
SuSE SUSE-SR:2009:002 2009-01-19
Mandriva MDVSA-2008:162 2008-08-07
Fedora FEDORA-2008-4386 2008-05-28
Fedora FEDORA-2008-4604 2008-05-28
Fedora FEDORA-2007-713 2007-10-08
Debian DSA-1384-1 2007-10-05
Fedora FEDORA-2007-2270 2007-10-03
Red Hat RHSA-2007:0323-01 2007-10-02
Debian-Testing DTSA-38-1 2007-05-26
Debian DSA-1284-1 2007-05-01

Comments (none posted)

quagga: denial of service

Package(s):quagga CVE #(s):CVE-2007-4826
Created:September 14, 2007 Updated:October 25, 2010
Description: The bgpd daemon in Quagga prior to 0.99.9 allowed remote BGP peers to cause a denial of service crash via a malformed OPEN message or COMMUNITY attribute.
Alerts:
CentOS CESA-2010:0785 2010-10-25
CentOS CESA-2010:0785 2010-10-20
Red Hat RHSA-2010:0785-01 2010-10-20
Debian DSA-1379-1 2007-10-01
Trustix TSLSA-2007-0028 2007-09-21
Fedora FEDORA-2007-2196 2007-09-18
Ubuntu USN-512-1 2007-09-15
Mandriva MDKSA-2007:182 2007-09-13
Oracle ELSA-2012-1258 2012-09-13

Comments (none posted)

quake: buffer overflow

Package(s):quake3-bin CVE #(s):CVE-2006-2236
Created:May 10, 2006 Updated:January 12, 2009
Description: Games based on the Quake 3 engine are vulnerable to a buffer overflow exploitable by a hostile game server.
Alerts:
Gentoo 200901-06 2009-01-11
Gentoo 200605-12 2006-05-10

Comments (none posted)

rails: multiple vulnerabilities

Package(s):rails CVE #(s):CVE-2007-5380 CVE-2007-3227 CVE-2007-5379
Created:November 15, 2007 Updated:December 21, 2009
Description: Ruby on Rails has the following vulnerabilities: ActiveResource does not properly sanitize filenames in the Hash.from_xml() function.

The session_id can be set from the URL from the session management.

The to_json() function does not properly sanitize input before it is returned to the user.

Alerts:
Gentoo 200912-02 2009-12-20
SuSE SUSE-SR:2007:025 2007-12-05
SuSE SUSE-SR:2007:024 2007-11-22
Gentoo 200711-17 2007-11-14

Comments (none posted)

rsync: restricted file access

Package(s):rsync CVE #(s):CVE-2007-6199 CVE-2007-6200
Created:December 5, 2007 Updated:September 23, 2011
Description:

From the CVE entry:

rsync before 3.0.0pre6, when running a writable rsync daemon that is not using chroot, allows remote attackers to access restricted files via unknown vectors that cause rsync to create a symlink that points outside of the module's hierarchy.

Alerts:
CentOS CESA-2011:0999 2011-09-22
Red Hat RHSA-2011:0999-01 2011-07-21
Foresight FLEA-2008-0004-1 2008-02-11
Mandriva MDVSA-2008:011 2007-01-11
SuSE SUSE-SR:2008:001 2008-01-09
rPath rPSA-2007-0257-1 2007-12-04

Comments (none posted)

ruby: insufficient SSL certificate validation

Package(s):ruby CVE #(s):CVE-2007-5162 CVE-2007-5770
Created:October 8, 2007 Updated:October 10, 2008
Description: The connect method in lib/net/http.rb in the (1) Net::HTTP and (2) Net::HTTPS libraries in Ruby 1.8.5 and 1.8.6 does not verify that the commonName (CN) field in a server certificate matches the domain name in an HTTPS request, which makes it easier for remote attackers to intercept SSL transmissions via a man-in-the-middle attack or spoofed web site.
Alerts:
Fedora FEDORA-2008-6094 2008-07-04
Fedora FEDORA-2008-6033 2008-07-03
Ubuntu USN-596-1 2008-03-26
Fedora FEDORA-2008-2443 2008-03-13
Fedora FEDORA-2008-2458 2008-03-13
Mandriva MDVSA-2008:029 2007-01-31
Debian DSA-1411-1 2007-11-24
SuSE SUSE-SR:2007:024 2007-11-22
Debian DSA-1412-1 2007-11-24
Debian DSA-1410-1 2007-11-24
Red Hat RHSA-2007:0961-01 2007-11-13
Red Hat RHSA-2007:0965-01 2007-11-13
Foresight FLEA-2007-0068-1 2007-11-11
Fedora FEDORA-2007-2812 2007-11-06
Fedora FEDORA-2007-738 2007-11-05
Fedora FEDORA-2007-2685 2007-10-29
Fedora FEDORA-2007-2406 2007-10-08
Fedora FEDORA-2007-718 2007-10-08

Comments (none posted)

ruby-gnome2: format string vulnerability

Package(s):ruby-gnome2 CVE #(s):CVE-2007-6183
Created:December 7, 2007 Updated:December 22, 2008
Description: A format string vulnerability in the mdiag_initialize function in gtk/src/rbgtkmessagedialog.c in Ruby-GNOME 2 (aka Ruby/Gnome2) 0.16.0, and SVN versions before 20071127, allows context-dependent attackers to execute arbitrary code via format string specifiers in the message parameter.
Alerts:
Fedora FEDORA-2008-11551 2008-12-21
Fedora FEDORA-2008-3249 2008-04-22
Fedora FEDORA-2008-3283 2008-04-22
Fedora FEDORA-2008-2682 2008-03-26
Fedora FEDORA-2008-2662 2008-03-26
Fedora FEDORA-2008-1535 2008-02-13
Mandriva MDVSA-2008:033 2007-02-01
Debian DSA-1431-1 2007-12-11
Gentoo 200712-09 2007-12-09
Fedora FEDORA-2007-4216 2007-12-06
Fedora FEDORA-2007-4229 2007-12-06

Comments (none posted)

samba: buffer overflow

Package(s):samba CVE #(s):CVE-2007-4572
Created:November 15, 2007 Updated:December 3, 2008
Description: The Samba user authentication is vulnerable to a heap-based buffer overflow. Remote unauthenticated users can use this to crash the Samba server and cause a denial of service.
Alerts:
Fedora FEDORA-2008-10638 2008-12-02
Ubuntu USN-617-2 2008-06-30
Ubuntu USN-617-1 2008-06-17
Red Hat RHSA-2007:1114-01 2007-12-10
Fedora FEDORA-2007-760 2007-12-03
Debian DSA-1409-3 2007-11-29
Gentoo 200711-29 2007-11-20
Mandriva MDKSA-2007:224-2 2007-11-23
Debian DSA-1409-1 2007-11-22
Mandriva MDKSA-2007:224-1 2007-11-21
Ubuntu USN-544-2 2007-11-16
Fedora FEDORA-2007-3403 2007-11-16
Fedora FEDORA-2007-3402 2007-11-16
SuSE SUSE-SA:2007:065 2007-12-05
Mandriva MDKSA-2007:224-3 2007-11-29
Debian DSA-1409-2 2007-11-26
Fedora FEDORA-2007-751 2007-11-21
Slackware SSA:2007-320-01 2007-11-19
rPath rPSA-2007-0241-1 2007-11-16
Mandriva MDKSA-2007:224 2007-11-17
Ubuntu USN-544-1 2007-11-16
Red Hat RHSA-2007:1017-01 2007-11-15
Red Hat RHSA-2007:1016-01 2007-11-15
Red Hat RHSA-2007:1013-01 2007-11-15

Comments (none posted)

samba: stack-based buffer overflow

Package(s):samba CVE #(s):CVE-2007-6015
Created:December 11, 2007 Updated:December 3, 2008
Description: A stack buffer overflow flaw was found in the way Samba authenticates remote users. A remote unauthenticated user could trigger this flaw to cause the Samba server to crash, or execute arbitrary code with the permissions of the Samba server.
Alerts:
Fedora FEDORA-2008-10638 2008-12-02
Ubuntu USN-556-1 2007-12-18
SuSE SUSE-SA:2007:068 2007-12-12
Mandriva MDKSA-2007:244 2007-12-11
Red Hat RHSA-2007:1117-01 2007-12-10
Red Hat RHSA-2007:1114-01 2007-12-10
Slackware SSA:2007-344-01 2007-12-11
Fedora FEDORA-2007-4275 2007-12-10
Fedora FEDORA-2007-4269 2007-12-10
Gentoo 200712-10 2007-12-10
rPath rPSA-2007-0261-1 2007-12-10
Debian DSA-1427-1 2007-12-10

Comments (none posted)

samba: buffer overflow

Package(s):samba CVE #(s):CVE-2007-5398
Created:November 15, 2007 Updated:December 3, 2008
Description: Samba's mechanism for creating NetBIOS replies is vulnerable to a buffer overflow. Samba servers that are configured to run as a WINS server can be crashed by a remote unauthenticated user, execution of arbitrary code may also be possible.
Alerts:
Fedora FEDORA-2008-10638 2008-12-02
Gentoo 200711-29 2007-11-20
Mandriva MDKSA-2007:224-2 2007-11-23
Debian DSA-1409-2 2007-11-26
Debian DSA-1409-1 2007-11-22
Fedora FEDORA-2007-751 2007-11-21
Ubuntu USN-544-2 2007-11-16
Mandriva MDKSA-2007:224 2007-11-17
Fedora FEDORA-2007-3403 2007-11-16
Fedora FEDORA-2007-3402 2007-11-16
Red Hat RHSA-2007:1013-01 2007-11-15
Gentoo GLSA 200711-29:02 2007-11-20
SuSE SUSE-SA:2007:065 2007-12-05
Mandriva MDKSA-2007:224-3 2007-11-29
Debian DSA-1409-3 2007-11-29
Mandriva MDKSA-2007:224-1 2007-11-21
Slackware SSA:2007-320-01 2007-11-19
rPath rPSA-2007-0241-1 2007-11-16
Ubuntu USN-544-1 2007-11-16
Red Hat RHSA-2007:1017-01 2007-11-15
Red Hat RHSA-2007:1016-01 2007-11-15

Comments (none posted)

slocate: information disclosure

Package(s):slocate CVE #(s):CVE-2007-0227
Created:February 22, 2007 Updated:September 4, 2012
Description: The slocate permission checking code has a local information disclosure vulnerability. During the reporting of matching files, slocate does not respect the parent directory's read permissions, resulting in hidden filenames being viewable by other local users.
Alerts:
Foresight FLEA-2007-0005-1 2007-03-29
Ubuntu USN-425-1 2007-02-22
Slackware SSA:2012-244-05 2012-08-31

Comments (none posted)

squid: denial of service

Package(s):squid CVE #(s):CVE-2007-6239
Created:December 18, 2007 Updated:March 25, 2009
Description: A flaw was found in the way squid stored HTTP headers for cached objects in system memory. An attacker could cause squid to use additional memory, and trigger high CPU usage when processing requests for certain cached objects, possibly leading to a denial of service.
Alerts:
Gentoo 200903-38 2009-03-24
Debian DSA-1646-2 2008-10-11
Debian DSA-1646-1 2008-10-07
Mandriva MDVSA-2008:134 2007-07-04
Ubuntu USN-601-1 2008-04-14
Red Hat RHSA-2008:0214-01 2008-04-08
Debian DSA-1482-1 2008-02-05
Ubuntu USN-565-1 2008-01-09
Gentoo 200801-05 2008-01-09
SuSE SUSE-SR:2008:001 2008-01-09
Mandriva MDVSA-2008:002 2007-01-04
Fedora FEDORA-2007-4170 2007-12-15
Fedora FEDORA-2007-4161 2007-12-15
Red Hat RHSA-2007:1130-01 2007-12-18

Comments (none posted)

streamripper: buffer overflow

Package(s):streamripper CVE #(s):CVE-2007-4337
Created:September 14, 2007 Updated:December 9, 2008
Description: Chris Rohlf discovered several boundary errors in the httplib_parse_sc_header() function when processing HTTP headers.
Alerts:
Debian DSA-1683-1 2008-12-08
Gentoo 200709-03 2007-09-13

Comments (none posted)

subversion: possible information leak

Package(s):subversion CVE #(s):CVE-2007-2448
Created:October 30, 2007 Updated:February 1, 2011
Description: Subversion 1.4.3 and earlier does not properly implement the "partial access" privilege for users who have access to changed paths but not copied paths, which allows remote authenticated users to obtain sensitive information (revision properties) via svn (1) propget, (2) proplist, or (3) propedit.
Alerts:
Ubuntu USN-1053-1 2011-02-01
rPath rPSA-2007-0264-1 2007-12-12
Fedora FEDORA-2007-2635 2007-10-29

Comments (none posted)

Sun JDK/JRE: multiple vulnerabilities

Package(s):Sun JDK/JRE CVE #(s):CVE-2007-2435 CVE-2007-2788 CVE-2007-2789
Created:June 1, 2007 Updated:April 18, 2008
Description: An unspecified vulnerability involving an "incorrect use of system classes" was reported by the Fujitsu security team. Additionally, Chris Evans from the Google Security Team reported an integer overflow resulting in a buffer overflow in the ICC parser used with JPG or BMP files, and an incorrect open() call to /dev/tty when processing certain BMP files.
Alerts:
Gentoo 200804-20 2008-04-17
Red Hat RHSA-2007:1086-01 2007-12-12
Red Hat RHSA-2007:0817-01 2007-08-06
SuSE SUSE-SA:2007:045 2007-07-18
Gentoo 200706-08 2007-06-26
Gentoo 200705-23 2007-05-31

Comments (none posted)

sysstat: insecure temporary files

Package(s):sysstat CVE #(s):CVE-2007-3852
Created:August 20, 2007 Updated:September 23, 2011
Description: The init script (sysstat.in) in sysstat 5.1.2 up to 7.1.6 creates /tmp/sysstat.run insecurely, which allows local users to execute arbitrary code.
Alerts:
CentOS CESA-2011:1005 2011-09-22
Scientific Linux SL-syss-20110721 2011-07-21
Red Hat RHSA-2011:1005-01 2011-07-21
Fedora FEDORA-2007-675 2007-08-27
Fedora FEDORA-2007-1697 2007-08-20

Comments (1 posted)

t1lib: buffer overflow

Package(s):t1lib CVE #(s):CVE-2007-4033
Created:September 20, 2007 Updated:February 12, 2008
Description: T1lib, an enhanced rasterizer for X11 Type 1 fonts, does not properly perform bounds checking. An attacker can send specially crafted input to applications linked against the library in order to create a buffer overflow, resulting in a denial of service or the execution of arbitrary code.
Alerts:
Foresight FLEA-2008-0006-1 2008-02-11
rPath rPSA-2008-0007-1 2008-01-04
Mandriva MDKSA-2007:230 2007-11-20
Fedora FEDORA-2007-3308 2007-11-20
Fedora FEDORA-2007-750 2007-11-21
Fedora FEDORA-2007-3390 2007-11-20
Red Hat RHSA-2007:1027-02 2007-11-08
Debian DSA-1390-1 2007-10-18
Gentoo 200710-12 2007-10-12
Fedora FEDORA-2007-2343 2007-09-28
Mandriva MDKSA-2007:189 2007-09-27
Ubuntu USN-515-1 2007-09-19

Comments (none posted)

tar: buffer overflow

Package(s):tar CVE #(s):CVE-2007-4476
Created:October 16, 2007 Updated:March 17, 2010
Description: Buffer overflow in the safer_name_suffix function in GNU tar has unspecified attack vectors and impact, resulting in a "crashing stack."
Alerts:
CentOS CESA-2010:0141 2010-03-16
CentOS CESA-2010:0144 2010-03-16
Red Hat RHSA-2010:0144-01 2010-03-15
Red Hat RHSA-2010:0141-01 2010-03-15
Ubuntu USN-650-1 2008-10-02
Ubuntu USN-709-1 2009-01-15
Debian DSA-1566-1 2008-05-02
Debian DSA-1438-1 2007-12-28
Mandriva MDKSA-2007:233 2007-11-28
Gentoo 200711-18 2007-11-14
Fedora FEDORA-2007-2827 2007-11-06
Fedora FEDORA-2007-2800 2007-11-06
Fedora FEDORA-2007-2744 2007-11-05
Fedora FEDORA-2007-742 2007-11-05
Fedora FEDORA-2007-735 2007-11-05
Fedora FEDORA-2007-2673 2007-10-29
rPath rPSA-2007-0222-1 2007-10-23
Mandriva MDKSA-2007:197 2007-10-15

Comments (none posted)

tar: symlink path traversal vulnerability

Package(s):tar CVE #(s):CVE-2007-4131
Created:August 23, 2007 Updated:December 28, 2007
Description: The tar utility has a symlink path traversal vulnerability involving extracted archives. Maliciously created tar archives can be used to write arbitrary data to files that the tar user has write access to.
Alerts:
Debian DSA-1438-1 2007-12-28
Gentoo 200709-09 2007-09-15
Mandriva MDKSA-2007:173 2007-09-04
Fedora FEDORA-2007-683 2007-08-30
SuSE SUSE-SR:2007:018 2007-08-31
Fedora FEDORA-2007-1890 2007-08-29
Ubuntu USN-506-1 2007-08-28
rPath rPSA-2007-0172-1 2007-08-25
Foresight FLEA-2007-0049-1 2007-08-27
Red Hat RHSA-2007:0860-01 2007-08-23

Comments (none posted)

tetex: buffer overflow

Package(s):tetex CVE #(s):CVE-2007-0650
Created:May 8, 2007 Updated:May 13, 2008
Description: A buffer overflow in the open_sty function in mkind.c for makeindex 2.14 in teTeX might allow user-assisted remote attackers to overwrite files and possibly execute arbitrary code via a long filename. NOTE: other overflows exist but might not be exploitable, such as a heap-based overflow in the check_idx function.
Alerts:
Gentoo 200805-13 2008-05-12
Gentoo 200709-17 2007-09-27
Mandriva MDKSA-2007:109 2007-05-23
rPath rPSA-2007-0092-1 2007-05-07

Comments (1 posted)

teTeX: multiple vulnerabilities

Package(s):tetex CVE #(s):CVE-2007-5937 CVE-2007-5936 CVE-2007-5935
Created:November 19, 2007 Updated:May 10, 2010
Description:

From the Gentoo advisory:

Joachim Schrod discovered several buffer overflow vulnerabilities and an insecure temporary file creation in the "dvilj" application that is used by dvips to convert DVI files to printer formats (CVE-2007-5937, CVE-2007-5936). Bastien Roucaries reported that the "dvips" application is vulnerable to two stack-based buffer overflows when processing DVI documents with long \href{} URIs (CVE-2007-5935). teTeX also includes code from Xpdf that is vulnerable to a memory corruption and two heap-based buffer overflows (GLSA 200711-22); and it contains code from T1Lib that is vulnerable to a buffer overflow when processing an overly long font filename (GLSA 200710-12).

Alerts:
CentOS CESA-2010:0399 2010-05-08
CentOS CESA-2010:0401 2010-05-08
Red Hat RHSA-2010:0401-01 2010-05-06
Red Hat RHSA-2010:0399-01 2010-05-06
SuSE SUSE-SR:2008:011 2008-05-09
Foresight FLEA-2008-0006-1 2008-02-11
SuSE SUSE-SR:2008:001 2008-01-09
rPath rPSA-2007-0266-1 2007-12-17
Ubuntu USN-554-1 2007-12-06
Fedora FEDORA-2007-3308 2007-11-20
Fedora FEDORA-2007-3390 2007-11-20
Mandriva MDKSA-2007:230 2007-11-20
Gentoo 200711-26 2007-11-18

Comments (none posted)

Tk: buffer overflow

Package(s):tk8.3 CVE #(s):CVE-2007-5378
Created:November 28, 2007 Updated:March 17, 2009
Description: The Tk toolkit's GIF-reading code contains a buffer overflow which could be exploited via a malicious image file. Fixes may be found in versions 8.4.12 and 8.3.5.
Alerts:
Debian DSA-1743-1 2009-03-17
Red Hat RHSA-2008:0134-01 2008-02-21
Red Hat RHSA-2008:0135-02 2008-02-22
Red Hat RHSA-2008:0135-01 2008-02-21
Debian DSA-1415-1 2007-11-27
Debian DSA-1416-1 2007-11-27

Comments (none posted)

tk: denial of service

Package(s):tk8.3 tk8.4 CVE #(s):CVE-2007-5137
Created:October 12, 2007 Updated:March 17, 2009
Description: It was discovered that Tk could be made to overrun a buffer when loading certain images. If a user were tricked into opening a specially crafted GIF image, remote attackers could cause a denial of service or execute arbitrary code with user privileges.
Alerts:
Debian DSA-1743-1 2009-03-17
Red Hat RHSA-2008:0136-01 2008-02-21
Fedora FEDORA-2008-1131 2008-02-05
Fedora FEDORA-2007-728 2007-10-17
Mandriva MDKSA-2007:200 2007-10-18
Fedora FEDORA-2007-2564 2007-10-18
Ubuntu USN-529-1 2007-10-11

Comments (none posted)

tomboy: execution of arbitrary code

Package(s):tomboy CVE #(s):CVE-2005-4790
Created:November 9, 2007 Updated:February 22, 2011
Description: Jan Oravec reported that the "/usr/bin/tomboy" script sets the "LD_LIBRARY_PATH" environment variable incorrectly, which might result in the current working directory (.) to be included when searching for dynamically linked libraries of the Mono Runtime application.

Note that the tomboy vulnerability was added in 2007.

Alerts:
Fedora FEDORA-2008-11551 2008-12-21
Fedora FEDORA-2008-2682 2008-03-26
Mandriva MDVSA-2008:064 2007-03-07
Fedora FEDORA-2008-1535 2008-02-13
Gentoo 200801-14 2008-01-27
Ubuntu USN-560-1 2008-01-07
Fedora FEDORA-2007-3792 2007-11-26
Fedora FEDORA-2007-3798 2007-11-26
Fedora FEDORA-2007-3253 2007-11-13
Fedora FEDORA-2007-3011 2007-11-09
Gentoo 200711-12 2007-11-08

Comments (none posted)

tomcat: directory traversal

Package(s):tomcat CVE #(s):CVE-2007-0450
Created:May 2, 2007 Updated:February 27, 2008
Description: Versions of tomcat prior to 5.5.22 do not properly filter filename separator characters, enabling information disclosure attacks.
Alerts:
SuSE SUSE-SR:2007:015 2007-08-03
Mandriva MDKSA-2007:241 2007-12-10
Red Hat RHSA-2007:0360-01 2007-05-24
Red Hat RHSA-2007:0328-01 2007-05-24
Fedora FEDORA-2007-514 2007-05-21
Red Hat RHSA-2007:0326-01 2007-05-21
Red Hat RHSA-2007:0327-01 2007-05-14
Gentoo 200705-03 2007-05-01

Comments (none posted)

tomcat: cross-site scripting

Package(s):tomcat CVE #(s):CVE-2007-2449 CVE-2007-2450
Created:July 17, 2007 Updated:February 17, 2009
Description: Some JSPs within the 'examples' web application did not escape user provided data. If the JSP examples were accessible, this flaw could allow a remote attacker to perform cross-site scripting attacks (CVE-2007-2449).

Note: it is recommended the 'examples' web application not be installed on a production system.

The Manager and Host Manager web applications did not escape user provided data. If a user is logged in to the Manager or Host Manager web application, an attacker could perform a cross-site scripting attack (CVE-2007-2450).

Alerts:
SuSE SUSE-SR:2009:004 2009-02-17
Fedora FEDORA-2008-8130 2008-09-16
SuSE SUSE-SR:2008:007 2008-03-28
Fedora FEDORA-2008-1603 2008-02-13
Fedora FEDORA-2008-1467 2008-02-13
Debian DSA-1468-1 2008-01-20
Mandriva MDKSA-2007:241 2007-12-10
Fedora FEDORA-2007-3474 2007-11-17
Fedora FEDORA-2007-3456 2007-11-17
Red Hat RHSA-2007:0569-01 2007-07-17

Comments (1 posted)

tomcat: multiple vulnerabilities

Package(s):tomcat CVE #(s):CVE-2007-3382 CVE-2007-3385 CVE-2007-3386
Created:September 26, 2007 Updated:September 13, 2010
Description: Tomcat was found treating single quote characters -- ' -- as delimiters in cookies. This could allow remote attackers to obtain sensitive information, such as session IDs, for session hijacking attacks (CVE-2007-3382).

It was reported Tomcat did not properly handle the following character sequence in a cookie: \" (a backslash followed by a double-quote). It was possible remote attackers could use this failure to obtain sensitive information, such as session IDs, for session hijacking attacks (CVE-2007-3385).

A cross-site scripting (XSS) vulnerability existed in the Host Manager Servlet. This allowed remote attackers to inject arbitrary HTML and web script via crafted requests (CVE-2007-3386).

Alerts:
Mandriva MDVSA-2010:176 2010-09-12
SuSE SUSE-SR:2009:004 2009-02-17
Fedora FEDORA-2008-8130 2008-09-16
Red Hat RHSA-2008:0195-01 2008-04-28
SuSE SUSE-SR:2008:005 2008-03-06
Fedora FEDORA-2008-1603 2008-02-13
Fedora FEDORA-2008-1467 2008-02-13
Debian DSA-1447-1 2008-01-03
Mandriva MDKSA-2007:241 2007-12-10
Fedora FEDORA-2007-3456 2007-11-17
Fedora FEDORA-2007-3474 2007-11-17
Red Hat RHSA-2007:0950-01 2007-11-05
Red Hat RHSA-2007:0876-01 2007-10-11
Red Hat RHSA-2007:0871-01 2007-09-26

Comments (none posted)

tomcat: arbitrary file disclosure via path traversal

Package(s):tomcat5 CVE #(s):CVE-2007-5461
Created:November 19, 2007 Updated:February 17, 2009
Description:

From the CVE entry:

Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.

Alerts:
SuSE SUSE-SR:2009:004 2009-02-17
Red Hat RHSA-2008:0862-02 2008-10-02
Fedora FEDORA-2008-8130 2008-09-16
Red Hat RHSA-2008:0195-01 2008-04-28
Gentoo 200804-10 2008-04-10
Red Hat RHSA-2008:0042-01 2008-03-11
SuSE SUSE-SR:2008:005 2008-03-06
Fedora FEDORA-2008-1603 2008-02-13
Fedora FEDORA-2008-1467 2008-02-13
Debian DSA-1447-1 2008-01-03
Mandriva MDKSA-2007:241 2007-12-10
Fedora FEDORA-2007-3456 2007-11-17
Fedora FEDORA-2007-3474 2007-11-17

Comments (none posted)

util-linux: privilege escalation

Package(s):util-linux CVE #(s):CVE-2007-5191
Created:October 9, 2007 Updated:January 7, 2008
Description: mount and umount in util-linux call the setuid and setgid functions in the wrong order and do not check the return values, which might allow attackers to gain privileges via helpers such as mount.nfs.
Alerts:
Debian DSA-1450-1 2008-01-05
Debian DSA-1449-1 2008-01-05
Red Hat RHSA-2007:0969-01 2007-11-15
SuSE SUSE-SR:2007:022 2007-10-26
Ubuntu USN-533-1 2007-10-22
Gentoo 200710-18 2007-10-18
Mandriva MDKSA-2007:198 2007-10-15
Fedora FEDORA-2007-722 2007-10-15
Fedora FEDORA-2007-2462 2007-10-10
rPath rPSA-2007-0212-1 2007-10-08

Comments (none posted)

vim: arbitrary code execution

Package(s):vim CVE #(s):CVE-2007-2953
Created:July 30, 2007 Updated:November 27, 2008
Description: vim is vulnerable to a user-assisted attack in which vim may execute arbitrary code when helptags is run on data that has been maliciously crafted.
Alerts:
CentOS CESA-2008:0580 2008-11-26
CentOS CESA-2008:0617 2008-11-25
Red Hat RHSA-2008:0617-01 2008-11-25
Red Hat RHSA-2008:0580-01 2008-11-25
Debian DSA-1364-2 2007-09-19
Debian DSA-1364-1 2007-09-01
Ubuntu USN-505-1 2007-08-28
Mandriva MDKSA-2007:168 2007-08-21
rPath rPSA-2007-0151-1 2007-07-31
Foresight FLEA-2007-0036-1 2007-07-30

Comments (none posted)

vlc: several vulnerabilities

Package(s):vlc CVE #(s):CVE-2007-3316 CVE-2007-3467 CVE-2007-3468
Created:July 10, 2007 Updated:March 10, 2008
Description: Several remote vulnerabilities have been discovered in the VideoLan multimedia player and streamer, which may lead to the execution of arbitrary code.
Alerts:
Gentoo 200803-13 2008-03-07
Gentoo 200707-12 2007-07-28
Debian DSA-1332-1 2007-07-09

Comments (none posted)

wireshark: multiple vulnerabilities

Package(s):wireshark CVE #(s):CVE-2007-3390 CVE-2007-3392 CVE-2007-3393
Created:June 28, 2007 Updated:February 27, 2008
Description: The wireshark network traffic analyzer has three vulnerabilities that can be used to create a denial of service. These include off-by-one overflows in the iSeries dissector, vulnerabilities in the MMS and SSL dissectors that can cause an infinite loop and an off-by-one overflow in the DHCP/BOOTP dissector.
Alerts:
SuSE SUSE-SR:2007:015 2007-08-03
Red Hat RHSA-2008:0059-01 2008-01-21
Red Hat RHSA-2007:0709-02 2007-11-15
Red Hat RHSA-2007:0710-04 2007-11-07
Gentoo 200708-12 2007-08-16
Fedora FEDORA-2007-628 2007-07-09
rPath rPSA-2007-0137-1 2007-07-11
Mandriva MDKSA-2007:145 2007-07-10
Fedora FEDORA-2007-0982 2007-07-09
Debian DSA-1322-1 2007-06-27

Comments (none posted)

x11: xfs font server overflows

Package(s):x11 CVE #(s):CVE-2007-4568 CVE-2007-4989 CVE-2007-4990
Created:October 4, 2007 Updated:January 18, 2008
Description: xorg-x11 has a number of integer and heap overflow vulnerabilities in the xfs font server. A local attacker may be able to use these for the execution of arbitrary code with elevated privileges.
Alerts:
Red Hat RHSA-2008:0029-01 2008-01-18
Red Hat RHSA-2008:0030-01 2008-01-17
Fedora FEDORA-2007-4263 2007-12-10
Mandriva MDKSA-2007:210 2007-11-06
Gentoo 200710-11 2007-10-12
SuSE SUSE-SA:2007:054 2007-10-12
Debian DSA-1385-1 2007-10-09
rPath rPSA-2007-0205-1 2007-10-03

Comments (none posted)

xen-utils: insecure temp files

Package(s):xen-utils CVE #(s):CVE-2007-3919
Created:October 25, 2007 Updated:May 16, 2008
Description: The xen-utils collection of XEN administrative tools uses temporary files insecurely. Local users can use this to truncate arbitrary files.
Alerts:
CentOS CESA-2008:0194 2008-05-16
Red Hat RHSA-2008:0194-01 2008-05-13
Fedora FEDORA-2007-737 2007-11-05
Debian DSA-1395-1 2007-10-25

Comments (none posted)

XFree86 X.org: integer overflows

Package(s):xfree86 x.org CVE #(s):CVE-2007-1003 CVE-2007-1667 CVE-2007-1351 CVE-2007-1352
Created:April 3, 2007 Updated:August 11, 2009
Description: iDefense reported an integer overflow flaw in the XFree86 XC-MISC extension. A malicious authorized client could exploit this issue to cause a denial of service (crash) or potentially execute arbitrary code with root privileges on the XFree86 server. (CVE-2007-1003)

iDefense reported two integer overflows in the way X.org handled various font files. A malicious local user could exploit these issues to potentially execute arbitrary code with the privileges of the X.org server. (CVE-2007-1351, CVE-2007-1352)

An integer overflow flaw was found in the XFree86 XGetPixel() function. Improper use of this function could cause an application calling it to function improperly, possibly leading to a crash or arbitrary code execution. (CVE-2007-1667)

Alerts:
Debian DSA-1858-1 2009-08-10
SuSE SUSE-SR:2008:008 2008-04-04
Debian DSA-1454-1 2008-01-07
Debian DSA-1294-1 2007-05-17
Gentoo 200705-10 2007-05-08
Gentoo 200705-06 2007-05-05
Gentoo 200705-02 2007-05-01
Ubuntu USN-453-2 2007-04-26
SuSE SUSE-SA:2007:027 2007-04-20
Slackware SSA:2007-109-01 2007-04-20
Ubuntu USN-453-1 2007-04-18
Red Hat RHSA-2007:0157-01 2007-04-16
Red Hat RHSA-2007:0150-01 2007-04-16
Mandriva MDKSA-2007:079-1 2007-04-11
Mandriva MDKSA-2007:080-1 2007-04-10
Mandriva MDKSA-2007:081-1 2007-04-10
Fedora FEDORA-2007-427 2007-04-10
Fedora FEDORA-2007-426 2007-04-10
Fedora FEDORA-2007-425 2007-04-10
Fedora FEDORA-2007-424 2007-04-10
Fedora FEDORA-2007-423 2007-04-09
Fedora FEDORA-2007-422 2007-04-09
Foresight FLEA-2007-0009-1 2007-04-05
Mandriva MDKSA-2007:080 2007-04-04
Mandriva MDKSA-2007:081 2007-04-04
Mandriva MDKSA-2007:079 2007-04-04
rPath rPSA-2007-0065-1 2007-04-04
Ubuntu USN-448-1 2007-04-03
Red Hat RHSA-2007:0132-01 2007-04-03
Red Hat RHSA-2007:0127-01 2007-04-03
Red Hat RHSA-2007:0126-01 2007-04-03
Red Hat RHSA-2007:0125-01 2007-04-03

Comments (none posted)

xine-lib: arbitrary code execution

Package(s):xine-lib CVE #(s):CVE-2007-1387
Created:March 13, 2007 Updated:April 1, 2008
Description: Moritz Jodeit discovered that the DirectShow loader of Xine did not correctly validate the size of an allocated buffer. By tricking a user into opening a specially crafted media file, an attacker could execute arbitrary code with the user's privileges.
Alerts:
Debian DSA-1536-1 2008-03-31
Mandriva MDKSA-2007:062 2007-03-13
Mandriva MDKSA-2007:061 2007-03-13
Ubuntu USN-435-1 2007-03-12

Comments (none posted)

xine-lib: buffer overflow

Package(s):xine-lib CVE #(s):CVE-2006-1664
Created:April 27, 2006 Updated:February 27, 2008
Description: xine-lib does an improper input data boundary check on MPEG streams. A specially crafted MPEG file can be created that can cause arbitrary code execution when the file is accessed.
Alerts:
Gentoo 200802-12 2008-02-26
Gentoo 200604-16 2006-04-26

Comments (none posted)

xmms: BMP handling vulnerability

Package(s):xmms CVE #(s):CVE-2007-0653 CVE-2007-0654
Created:March 28, 2007 Updated:July 26, 2011
Description: xmms suffers from vulnerabilities in its handling of BMP images. Should a hostile image be included in an xmms skin, it could lead to code execution on the user's system.
Alerts:
Fedora FEDORA-2011-9421 2011-07-16
Fedora FEDORA-2011-9413 2011-07-16
Debian DSA-1277-1 2007-04-04
Mandriva MDKSA-2007:071 2007-03-29
Ubuntu USN-445-1 2007-03-27

Comments (none posted)

X.org: temp file vulnerability

Package(s):X.org CVE #(s):CVE-2007-3103
Created:July 12, 2007 Updated:July 2, 2009
Description: The X.Org X11 xfs font server has a temp file vulnerability in the startup script. A local user can modify the permissions of the script in order to elevate their local privileges.
Alerts:
Fedora FEDORA-2009-3651 2009-04-14
Fedora FEDORA-2009-3666 2009-04-14
Debian DSA-1342-1 2007-07-30
rPath rPSA-2007-0141-1 2007-07-17
Foresight FLEA-2007-0031-1 2007-07-12
Red Hat RHSA-2007:0520-01 2007-07-12
Red Hat RHSA-2007:0519-01 2007-07-12

Comments (none posted)

xorg-server: local privilege escalation

Package(s):xorg-server CVE #(s):CVE-2007-4730
Created:September 10, 2007 Updated:January 24, 2008
Description: Aaron Plattner discovered a buffer overflow in the Composite extension of the X.org X server, which can lead to local privilege escalation.
Alerts:
Mandriva MDVSA-2008:022 2008-01-23
Gentoo 200710-16 2007-10-14
Ubuntu USN-514-1 2007-09-18
Red Hat RHSA-2007:0898-01 2007-09-19
rPath rPSA-2007-0187-1 2007-09-14
Mandriva MDKSA-2007:178 2007-09-11
Debian DSA-1372-1 2007-09-09

Comments (none posted)

xulrunner, firefox, thunderbird: multiple vulnerabilities

Package(s):xulrunner, firefox, thunderbird CVE #(s):CVE-2007-1095 CVE-2007-2292 CVE-2007-3511 CVE-2007-5334 CVE-2007-5337 CVE-2007-5338 CVE-2007-5339 CVE-2007-5340 CVE-2006-2894
Created:October 22, 2007 Updated:May 12, 2008
Description: From the Debian advisory:

CVE-2007-1095: Michal Zalewski discovered that the unload event handler had access to the address of the next page to be loaded, which could allow information disclosure or spoofing.

CVE-2007-2292: Stefano Di Paola discovered that insufficient validation of user names used in Digest authentication on a web site allows HTTP response splitting attacks.

CVE-2007-3511: It was discovered that insecure focus handling of the file upload control can lead to information disclosure. This is a variant of CVE-2006-2894.

CVE-2007-5334: Eli Friedman discovered that web pages written in Xul markup can hide the titlebar of windows, which can lead to spoofing attacks.

CVE-2007-5337: Georgi Guninski discovered the insecure handling of smb:// and sftp:// URI schemes may lead to information disclosure. This vulnerability is only exploitable if Gnome-VFS support is present on the system.

CVE-2007-5338: "moz_bug_r_a4" discovered that the protection scheme offered by XPCNativeWrappers could be bypassed, which might allow privilege escalation.

CVE-2007-5339: L. David Baron, Boris Zbarsky, Georgi Guninski, Paul Nickerson, Olli Pettay, Jesse Ruderman, Vladimir Sukhoy, Daniel Veditz, and Martijn Wargers discovered crashes in the layout engine, which might allow the execution of arbitrary code.

CVE-2007-5340: Igor Bukanov, Eli Friedman, and Jesse Ruderman discovered crashes in the Javascript engine, which might allow the execution of arbitrary code.

Alerts:
Debian DSA-1574-1 2008-05-12
Debian DSA-1534-2 2008-04-24
Debian DSA-1535-1 2008-03-30
Debian DSA-1534-1 2008-03-28
Debian DSA-1532-1 2008-03-27
Mandriva MDVSA-2007:047 2007-02-19
SuSE SUSE-SR:2008:002 2008-01-25
Slackware SSA:2007-324-01 2007-11-21
Fedora FEDORA-2007-3414 2007-11-16
Fedora FEDORA-2007-3431 2007-11-16
Gentoo 200711-24 2007-11-18
Fedora FEDORA-2007-3256 2007-11-13
Fedora FEDORA-2007-3184 2007-11-12
Gentoo 200711-14 2007-11-12
Fedora FEDORA-2007-2795 2007-11-06
Debian DSA-1401-1 2007-11-05
rPath rPSA-2007-0225-2 2007-10-26
Fedora FEDORA-2007-2679 2007-10-29
Fedora FEDORA-2007-2697 2007-10-29
Fedora FEDORA-2007-2697 2007-10-29
Fedora FEDORA-2007-2686 2007-10-29
rPath rPSA-2007-0225-1 2007-10-26
Foresight FLEA-2007-0062-1 2007-10-28
Debian DSA-1396-1 2007-10-27
Slackware SSA:2007-297-01 2007-10-26
SuSE SUSE-SA:2007:057 2007-10-25
Ubuntu USN-536-1 2007-10-23
Mandriva MDKSA-2007:202 2007-10-23
Fedora FEDORA-2007-2664 2007-10-24
Fedora FEDORA-2007-2601 2007-10-24
Ubuntu USN-535-1 2007-10-23
Debian DSA-1392-1 2007-10-20

Comments (1 posted)

zope-cmfplone: arbitrary code execution

Package(s):zope-cmfplone CVE #(s):CVE-2007-5741
Created:November 12, 2007 Updated:December 28, 2007
Description:

From the Debian advisory:

It was discovered that Plone, a web content management system, allows remote attackers to execute arbitrary code via specially crafted web browser cookies.

Alerts:
Debian DSA-1405-3 2007-12-01
Debian DSA-1405-2 2007-11-11
Debian DSA-1405-1 2007-11-09

Comments (none posted)

Page editor: Jake Edge

Kernel development

Brief items

Kernel release status

The current 2.6 prepatch is 2.6.24-rc6, released by Linus on December 20. "The regression list keeps shrinking, so we're still on track for a full 2.6.24 release in early January. Assuming we don't all overeat during the holidays and nobody gets any work done. But we all know that the holidays are really the time when we get away from the boring 'real work', and can spend 24/7 on kernel hacking instead, right?" The long-form changelog has the details.

The current -mm tree is 2.6.24-rc6-mm1. Recent changes to -mm (beyond failing to work on i386 systems) include a bunch of low-level driver model changes, some tmpfs reworking, some ext4 updates, and the beginning of the removal of the fastcall function attribute.

For older kernels: 2.4.36 was released on January 1 with a number of fixes.

For crazy people: 0.01 was released by Abdel Benamrouche on January 1.

Comments (1 posted)

Kernel development news

Quote of the week

I have to say that Christmas holidays are the best time to hack on things. Most of the yahoos are away on vacation and therefore the constant stream of distractions and really dumb emails in your inbox just aren't there. In short you can work on the things you always want to work on but never can because of time constraints.
-- David Miller

Comments (4 posted)

Some snags for SLUB

By Jonathan Corbet
December 28, 2007
The SLUB allocator is a new implementation of the kernel's low-level page allocator; it is a replacement for the long-lived slab allocator. SLUB was merged for 2.6.22 and made the default allocator for 2.6.23. The long-term plan has always been for SLUB to eventually displace the older slab allocator entirely. That may yet happen, but SLUB has run into a couple of difficulties on its way toward being the one true kernel memory allocator.

The first problem had to do with performance regressions in a few specific situations. It turns out that the hackbench benchmark, which measures scheduler performance, runs slower when the SLUB allocator is being used. In fact, SLUB can cut performance for that benchmark in half, which is enough to raise plenty of eyebrows. This result was widely reproduced; there were also reports of regressions with the proprietary TPC-C benchmark which were not easily reproduced. In both cases, SLUB developer Christoph Lameter was seen as being overly slow in getting a fix out; after all, it is normal to get immediate turnaround on benchmark regressions over the end-of-year holiday period.

When Christoph got back to this problem, he posted a lengthy analysis which asserted that the real scope of the problem was quite small. He concluded: "given all the boundaries for the contention I would think that it is not worth addressing." This was not the answer Linus was looking for:

It really is that simple. Either you say "Hell yes, I'll fix it", or SLUB goes away. There simply is no other choice. When you say "not worth addressing", that to me is a clear an unambiguous "let's remove SLUB".

About this time, the solution to this problem came along in response to a note from Pekka Enberg pointing out that, according to the profiles, an internal SLUB function called add_partial() was accounting for much of the time used. The SLUB allocator works by dividing pages into objects of the same size, with no metadata of its own within those pages. When all objects from a page have been allocated, SLUB forgets about the page altogether. But when one of those objects is freed, SLUB must note the page as a "partial" page and add it to its queue of available memory. This addition of partial pages, it seems, was happening far more often than it should.

The hackbench tool works by passing data quickly between CPUs and measuring how the scheduler responds. In the process, it forces a lot of quick allocation and free operations and that, in turn, was causing the creation of a lot of partial pages. The specific problem was that, when a partial page was created, it was added to the head of the list, meaning that the next allocation operation would allocate the single object available on that page and cause the partial page to become full again. So SLUB would forget about it. When the next free happened, the cycle would happen all over again.

Once Christoph figured this out, the fix was a simple one-liner: partial pages should be added to the tail of the list instead of the head. Once Christoph figured this out, the fix was a simple one-liner: partial pages should be added to the tail of the list instead of the head. That would give the page time to accumulate more free objects before it was once again the source for allocations and minimize the number of additions and removals of partial pages. The results came back quickly: the hackbench regression was fixed. There have been no TPC-C results posted (the license for this benchmark suite is not friendly toward the posting of results), but it is expected that the TPC-C regression should be fixed as well.

Meanwhile, another, somewhat belated complaint about SLUB made the rounds: there is no equivalent to /proc/slabinfo for the SLUB allocator. The slabinfo file can be a highly effective tool for figuring out where kernel-allocated memory is going; it is a quick and effective view of current allocation patterns. The associated slabtop tool makes the information even more accessible. The failure of slabtop to work when SLUB is used has been an irritant for some developers for a while; it seems likely that more people will complain when SLUB finds its way into the stock distributor kernels. Linux users are generally asking for more information about how the kernel is working; removing a useful source of that information is unlikely to make them happy.

Some developers went as far as to say that the slabinfo file is part of the user-space ABI and, thus, must be preserved indefinitely. It is hard to say how such an interface could truly be cast in stone, though; it is a fairly direct view into kernel internals which will change quickly over time. So the ABI argument probably will not get too far, but the need for the ability to query kernel memory allocation patterns remains.

There are two solutions to this problem in the works. The first is Pekka Enberg's slabinfo replacement patch for SLUB, which provides enough information to make slabtop work. But the real source for this information in the future will be the rather impressive set of files found in /sys/slab. Digging through that directory by hand is not really recommended, especially given that there's a better way: the slabinfo.c file found in the kernel source (under Documentation/vm) can be compiled into a tool which provides concise and useful information about current slab usage. Eventually distributors will start shipping this tool (it should probably find a home in the util-linux collection); for now, building it from the kernel source is the way to go.

The final remaining problem here has taken a familiar form: the dreaded message from Al Viro on how the lifecycle rules for the files in /sys/slab are all wrong. It turns out that even a developer like Christoph, who can hack core memory management code and make 4096-processor systems hum, has a hard time with sysfs. As does just about everybody else who works with that code. There are patches around to rationalize sysfs; maybe they will help to avoid problems in the future. SLUB will need a quicker fix, but, if that's the final remaining problem for this code, it would seem that One True Allocator status is almost within reach.

Comments (2 posted)

Rationalizing scatter/gather chains

By Jonathan Corbet
December 28, 2007
The chained scatterlist API was arguably the most disruptive addition to 2.6.24, despite being a relatively small amount of code. This API allows kernel code to chain together scatter/gather lists for DMA I/O operations, resulting in a much larger maximum size for those operations. That, in turn, leads to better performance, especially in the block I/O subsystem. The idea of scatterlist chaining is generally popular, but there have been some complaints about the current implementation. As things stand, any code wanting to work with chained scatterlists must construct the chains itself - an error-prone operation. So there is interest in making things better.

One approach to improving the situation is the sg_ring API, proposed by Rusty Russell. This patch does away with the current chaining approach; there are no more scatterlist entries which are actually chain pointers in disguise. Instead, Rusty introduces struct sg_ring:

    struct sg_ring
    {
	struct list_head list;
	unsigned int num, max;
	struct scatterlist sg[0];
    };

The obvious change here is that the chaining has been moved out of the scatterlist itself and made into an explicit linked list. There are also variables tracking the current and maximum sizes of the list, which help reduce explicit housekeeping elsewhere. Some versions of the patch also add an integer dma_num field to hold the number of mapped scatter/gather entries, which can differ from the number initially set up by the driver.

An sg_ring with a given number of scatterlist entries can be declared with this macro:

    DECLARE_SG_RING(name, max);

A ring should then be initialized with one of:

    void sg_ring_init(struct sg_ring *ring, unsigned int max);
    void sg_ring_single(struct sg_ring *ring, const void *buf,
                        unsigned int buflen);

The latter form is a shortcut for cases where a single-entry ring needs to be set up with a given buffer.

Constructing a multi-entry ring is a matter of allocating as many separate sg_ring entries as needed and explicitly chaining them together using the list field. There is a helper macro for stepping through all of the entries in a ring while hiding the boundaries between the individual scatterlists:

    struct sg_ring *sg;
    int i;

    sg_ring_for_each(ring, sg, i) {
	/* *sg is the scatterlist entry to operate on */
    }

Rusty has posted patches converting parts of the SCSI subsystem over to this API. As he points out, the conversion removes a fair amount of logic associated with the construction and destruction of large scatterlists.

Jens Axboe, the creator of the chained scatterlist code, has responded that the current API was aimed at minimizing the effect on drivers for 2.6.24. It is not, he says, a finished product, and things are getting better. A look at his git repository shows some API additions with a very similar goal to Rusty's work.

Jens's work retains the current chaining mechanism, but wraps a structure and some helpers around it to make it easier to work with. So, in this view of the world, drivers will work with struct sg_table:

    struct sg_table {
	struct scatterlist *sgl;        /* the list */
       	unsigned int nents;             /* number of mapped entries */
       	unsigned int orig_nents;        /* original size of list */
    };

An sg_table will be set up with:

    int sg_alloc_table(struct sg_table *table, unsigned int nents,
                       gfp_t gfp_flags);

This function does not allocate the sg_table structure, which must be passed in as a parameter. It does, however, allocate the memory to use for the actual scatterlist arrays and deal with the process of chaining them all together. So a driver needing to construct a large scatter/gather operation can now just do a single sg_alloc_table() call, then iterate through the list of scatterlist entries in the usual way. When the operation is complete, a call to

    void sg_free_table(struct sg_table *table);

will free the allocated memory.

Sometime around the opening of the 2.6.25, a decision will have to be made on the direction of the chained scatterlist API. It may not be one of the most closely-watched kernel development events ever, but this decision will affect how high-performance I/O code is written in the future. As the author of the current chaining code, Jens probably starts with an advantage when it comes to getting his code merged. The nature of kernel development is such that nobody can ever be entirely sure, though; if a consensus builds that Rusty's approach is better, that is the way things will probably go. Stay tuned through the next merge window for the thrilling conclusion to this ongoing story.

Comments (none posted)

What is RCU? Part 2: Usage

December 24, 2007

This article was contributed by Paul McKenney

Introduction

Read-copy update (RCU) is a synchronization mechanism that was added to the Linux kernel in October of 2002. RCU is most frequently described as a replacement for reader-writer locking, but it has also been used in a number of other ways. RCU is notable in that RCU readers do not directly synchronize with RCU updaters, which makes RCU read paths extremely fast, and also permits RCU readers to accomplish useful work even when running concurrently with RCU updaters.

This leads to the question "what exactly is RCU?", a question that this document addresses from the viewpoint of someone using it. Because RCU is most frequently used to replace some existing mechanism, we look at it primarily in terms of its relationship to such mechanisms, as follows:

  1. RCU is a Reader-Writer Lock Replacement
  2. RCU is a Restricted Reference-Counting Mechanism
  3. RCU is a Bulk Reference-Counting Mechanism
  4. RCU is a Poor Man's Garbage Collector
  5. RCU is a Way of Providing Existence Guarantees
  6. RCU is a Way of Waiting for Things to Finish

These sections are followed by conclusions and answers to the Quick Quizzes.

RCU is a Reader-Writer Lock Replacement

Perhaps the most common use of RCU within the Linux kernel is as a replacement for reader-writer locking in read-intensive situations. Nevertheless, this use of RCU was not immediately apparent to me at the outset, in fact, I chose to implement something similar to brlock before implementing a general-purpose RCU implementation back in the early 1990s. Each and every one of the uses I envisioned for the proto-brlock primitive was instead implemented using RCU. In fact, it was more than three years before the proto-brlock primitive saw its first use. Boy, did I feel foolish!

The key similarity between RCU and reader-writer locking is that both have read-side critical sections that can execute in parallel. In fact, in some cases, it is possible to mechanically substitute RCU API members for the corresponding reader-writer lock API members. But first, why bother?

Advantages of RCU include performance, deadlock immunity, and realtime latency. There are, of course, limitations to RCU, including the fact that readers and updaters run concurrently, that low-priority RCU readers can block high-priority threads waiting for a grace period to elapse, and that grace-period latencies can extend for many milliseconds. These advantages and limitations are discussed in the following sections.

Performance

The read-side performance advantages of RCU over reader-writer lock are shown on the following graph for a 16-CPU 3GHz Intel x86 system.

Graph showing RCU read-side primitives running multiple orders of magnitude faster than those of rwlock.

Quick Quiz 1: WTF??? How the heck do you expect me to believe that RCU has a 100-femtosecond overhead when the clock period at 3GHz is more than 300 picoseconds?
Note that reader-writer locking is orders of magnitude slower than RCU on a single CPU, and is almost two additional orders of magnitude slower on 16 CPUs. In contrast, RCU scales quite well. In both cases, the error bars span a single standard deviation in either direction.

A more moderate view may be obtained from a CONFIG_PREEMPT kernel, though RCU still beats reader-writer locking by between one and three orders of magnitude. Note the high variability of reader-writer locking at larger numbers of CPUs. The error bars span a single standard deviation in either direction.

Graph showing RCU read-side primitives running multiple orders of magnitude faster than those of rwlock.

Of course, the low performance of reader-writer locking will become less significant as the overhead of the critical section increases, as shown in the following graph for a 16-CPU system.

Graph comparing RCU read-side primitives to those of rwlock for varying critical-section weight.

Quick Quiz 2: Why does both the variability and overhead of rwlock decrease as the critical-section overhead increases?
However, this observation must be tempered by the fact that a number of system calls (and thus any RCU read-side critical sections that they contain) can complete within a few microseconds. In addition, as is discussed in the next section, RCU read-side primitives are almost entirely deadlock-immune.

Deadlock Immunity

Although RCU offers significant performance advantages for read-mostly workloads, one of the primary reasons for creating RCU in the first place was in fact its immunity to read-side deadlocks. This immunity stems from the fact that RCU read-side primitives do not block, spin, or even do backwards branches, so that their execution time is deterministic. It is therefore impossible for them to participate in a deadlock cycle.

Quick Quiz 3: Is there an exception to this deadlock immunity, and if so, what sequence of events could lead to deadlock?

An interesting consequence of RCU's read-side deadlock immunity is that it is possible to unconditionally upgrade an RCU reader to an RCU updater. Attempting to do such an upgrade with reader-writer locking results in deadlock. A sample code fragment that does an RCU read-to-update upgrade follows:

  1 rcu_read_lock();
  2 list_for_each_entry_rcu(p, head, list_field) {
  3   do_something_with(p);
  4   if (need_update(p)) {
  5     spin_lock(&my_lock);
  6     do_update(p);
  7     spin_unlock(&my_lock);
  8   }
  9 }
 10 rcu_read_unlock();

Note that do_update() is executed under the protection of the lock and under RCU read-side protection.

Another interesting consequence of RCU's deadlock immunity is its immunity to a large class of priority inversion problems. For example, low-priority RCU readers cannot prevent a high-priority RCU updater from acquiring the update-side lock. Similarly, a low-priority RCU updater cannot prevent high-priority RCU readers from entering an RCU read-side critical section.

Realtime Latency

Because RCU read-side primitives neither spin nor block, they offer excellent realtime latencies. In addition, as noted earlier, this means that they are immune to priority inversion involving the RCU read-side primitives and locks.

However, RCU is susceptible to more subtle priority-inversion scenarios, for example, a high-priority process blocked waiting for an RCU grace period to elapse can be blocked by low-priority RCU readers in -rt kernels. This can be solved by using RCU priority boosting.

RCU Readers and Updaters Run Concurrently

Because RCU readers never spin nor block, and because updaters are not subject to any sort of rollback or abort semantics, RCU readers and updaters must necessarily run concurrently. This means that RCU readers might access stale data, and might even see inconsistencies, either of which can render conversion from reader-writer locking to RCU non-trivial.

However, in a surprisingly large number of situations, inconsistencies and stale data are not problems. The classic example is the networking routing table. Because routing updates can take considerable time to reach a given system (seconds or even minutes), the system will have been sending packets the wrong way for quite some time when the update arrives. It is usually not a problem to continue sending updates the wrong way for a few additional milliseconds. Furthermore, because RCU updaters can make changes without waiting for RCU readers to finish, the RCU readers might well see the change more quickly than would batch-fair reader-writer-locking readers, as shown in the following figure.

Comparison of RCU and rwlock update latency.

Once the update is received, the rwlock writer cannot proceed until the last reader completes, and subsequent readers cannot proceed until the writer completes. However, these subsequent readers are guaranteed to see the new value, as indicated by the green background. In contrast, RCU readers and updaters do not block each other, which permits the RCU readers to see the updated values sooner. Of course, because their execution overlaps that of the RCU updater, all of the RCU readers might well see updated values, including the three readers that started before the update. Nevertheless only the RCU readers with green backgrounds are guaranteed to see the updated values, again, as indicated by the green background.

Reader-writer locking and RCU simply provide different guarantees. With reader-writer locking, any reader that begins after the writer starts executing is guaranteed to see new values, and readers that attempt to start while the writer is spinning might or might not see new values, depending on the reader/writer preference of the rwlock implementation in question. In contrast, with RCU, any reader that begins after the updater completes is guaranteed to see new values, and readers that end after the updater begins might or might not see new values, depending on timing.

The key point here is that, although reader-writer locking does indeed guarantee consistency within the confines of the computer system, there are situations where this consistency comes at the price of increased inconsistency with the outside world. In other words, reader-writer locking obtains internal consistency at the price of silently stale data with respect to the outside world.

Nevertheless, there are situations where inconsistency and stale data within the confines of the system cannot be tolerated. Fortunately, there are a number of approaches that avoid inconsistency and stale data, as discussed in the FREENIX paper on applying RCU to System V IPC [PDF] and in my dissertation [PDF]. However, an in-depth discussion of these approaches is beyond the scope of this article.

Low-Priority RCU Readers Can Block High-Priority Reclaimers

In Realtime RCU, SRCU, or QRCU, each of which is described in the final installment of this series, a preempted reader will prevent a grace period from completing, even if a high-priority task is blocked waiting for that grace period to complete. Realtime RCU can avoid this problem by substituting call_rcu() for synchronize_rcu() or by using RCU priority boosting, which is still in experimental status as of late 2007. It might become necessary to augment SRCU and QRCU with priority boosting, but not before a clear real-world need is demonstrated.

RCU Grace Periods Extend for Many Milliseconds

With the exception of QRCU, RCU grace periods extend for multiple milliseconds. Although there are a number of techniques to render such long delays harmless, including use of the asynchronous interfaces where available (call_rcu() and call_rcu_bh()), this situation is a major reason for the rule of thumb that RCU be used in read-mostly situations.

Comparison of Reader-Writer Locking and RCU Code

In the best case, the conversion from reader-writer locking to RCU is quite simple, as shown in the following example taken from Wikipedia.

 1 struct el {                          1 struct el {
 2   struct list_head list;             2   struct list_head list;
 3   long key;                          3   long key;
 4   spinlock_t mutex;                  4   spinlock_t mutex;
 5   int data;                          5   int data;
 6   /* Other data fields */            6   /* Other data fields */
 7 };                                   7 };
 8 rwlock_t listmutex;                  8 spinlock_t listmutex;
 9 struct el head;                      9 struct el head;
 1 int search(long key, int *result)    1 int search(long key, int *result)
 2 {                                    2 {
 3   struct list_head *lp;              3   struct list_head *lp;
 4   struct el *p;                      4   struct el *p;
 5                                      5
 6   read_lock(&listmutex);             6   rcu_read_lock();
 7   list_for_each_entry(p, head, lp) { 7   list_for_each_entry_rcu(p, head, lp) {
 8     if (p->key == key) {             8     if (p->key == key) {
 9       *result = p->data;             9       *result = p->data;
10       read_unlock(&listmutex);      10       rcu_read_unlock();
11       return 1;                     11       return 1;
12     }                               12     }
13   }                                 13   }
14   read_unlock(&listmutex);          14   rcu_read_unlock();
15   return 0;                         15   return 0;
16 }                                   16 }
 1 int delete(long key)                 1 int delete(long key)
 2 {                                    2 {
 3   struct el *p;                      3   struct el *p;
 4                                      4
 5   write_lock(&listmutex);            5   spin_lock(&listmutex);
 6   list_for_each_entry(p, head, lp) { 6   list_for_each_entry(p, head, lp) {
 7     if (p->key == key) {             7     if (p->key == key) {
 8       list_del(&p->list);            8       list_del_rcu(&p->list);
 9       write_unlock(&listmutex);      9       spin_unlock(&listmutex);
                                       10       synchronize_rcu();
10       kfree(p);                     11       kfree(p);
11       return 1;                     12       return 1;
12     }                               13     }
13   }                                 14   }
14   write_unlock(&listmutex);         15   spin_unlock(&listmutex);
15   return 0;                         16   return 0;
16 }                                   17 }

More-elaborate cases of replacing reader-writer locking with RCU are beyond the scope of this document.

RCU is a Restricted Reference-Counting Mechanism

Because grace periods are not allowed to complete while there is an RCU read-side critical section in progress, the RCU read-side primitives may be used as a restricted reference-counting mechanism. For example, consider the following code fragment:

  1 rcu_read_lock();  /* acquire reference. */
  2 p = rcu_dereference(head);
  3 /* do something with p. */
  4 rcu_read_unlock();  /* release reference. */

The rcu_read_lock() primitive can be thought of as acquiring a reference to p, because a grace period starting after the rcu_dereference() assigns to p cannot possibly end until after we reach the matching rcu_read_unlock(). This reference-counting scheme is restricted in that we are not allowed to block in RCU read-side critical sections, nor are we permitted to hand off an RCU read-side critical section from one task to another.

Regardless of these restrictions, the following code can safely delete p:

  1 spin_lock(&mylock);
  2 p = head;
  3 head = NULL;
  4 spin_unlock(&mylock);
  5 synchronize_rcu();  /* Wait for all references to be released. */
  6 kfree(p);

The assignment to head prevents any future references to p from being acquired, and the synchronize_rcu() waits for any references that had previously been acquired to be released.

Quick Quiz 4: But wait! This is exactly the same code that might be used when thinking of RCU as a replacement for reader-writer locking! What gives?

Of course, RCU can also be combined with traditional reference counting, as has been discussed on LKML and as summarized in an Overview of Linux-Kernel Reference Counting [PDF].

But why bother? Again, part of the answer is performance, as shown in the following graph, again showing data taken on a 16-CPU 3GHz Intel x86 system.

RCU vs. reference-counting performance.

Quick Quiz 5: Why the dip in refcnt overhead near 6 CPUs?
And, as with reader-writer locking, the performance advantages of RCU are most pronounced for short-duration critical sections, as shown in the following graph for a 16-CPU system. In addition, as with reader-writer locking, many system calls (and thus any RCU read-side critical sections that they contain) complete in a few microseconds.

RCU vs. reference-counting performance.

However, the restrictions that go with RCU can be quite onerous. For example, in many cases, the prohibition against sleeping while in an RCU read-side critical section would defeat the entire purpose. The next section looks at ways of addressing this problem, while also reducing the complexity of traditional reference counting, in some cases.

RCU is a Bulk Reference-Counting Mechanism

As noted in the preceding section, traditional reference counters are usually associated with a specific data structure, or perhaps a specific group of data structures. However, maintaining a single global reference counter for a large variety of data structures typically results in bouncing the cache line containing the reference count. Such cache-line bouncing can severely degrade performance.

In contrast, RCU's light-weight read-side primitives permit extremely frequent read-side usage with negligible performance degradation, permitting RCU to be used as a "bulk reference-counting" mechanism with little or no performance penalty. Situations where a reference must be held by a single task across a section of code that blocks may be accommodated with Sleepable RCU (SRCU). This fails to cover the not-uncommon situation where a reference is "passed" from one task to another, for example, when a reference is acquired when starting an I/O and released in the corresponding completion interrupt handler. (In principle, this could be handled by the SRCU implementation, but in practice, it is not yet clear whether this is a good tradeoff.)

Of course, SRCU brings a restriction of its own, namely that the return value from srcu_read_lock() be passed into the corresponding srcu_read_unlock(). The jury is still out as to how much of a problem is presented by this restriction, and as to how it can best be handled.

RCU is a Poor Man's Garbage Collector

A not-uncommon exclamation made by people first learning about RCU is "RCU is sort of like a garbage collector!". This exclamation has a large grain of truth, but it can also be misleading.

Perhaps the best way to think of the relationship between RCU and automatic garbage collectors (GCs) is that RCU resembles a GC in that the timing of collection is automatically determined, but that RCU differs from a GC in that: (1) the programmer must manually indicate when a given data structure is eligible to be collected, and (2) the programmer must manually mark the RCU read-side critical sections where references might legitimately be held.

Despite these differences, the resemblance does go quite deep, and has appeared in at least one theoretical analysis of RCU. Furthermore, the first RCU-like mechanism I am aware of used a garbage collector to handle the grace periods. Nevertheless, a better way of thinking of RCU is described in the following section.

RCU is a Way of Providing Existence Guarantees

Gamsa et al. [PDF] discuss existence guarantees and describe how a mechanism resembling RCU can be used to provide these existence guarantees (see section 5 on page 7). The effect is that if any RCU-protected data element is accessed within an RCU read-side critical section, that data element is guaranteed to remain in existence for the duration of that RCU read-side critical section.

Alert readers will recognize this as only a slight variation on the original "RCU is a way of waiting for things to finish" theme, which is addressed in the following section.

RCU is a Way of Waiting for Things to Finish

As noted in the first article in this series, an important component of RCU is a way of waiting for RCU readers to finish. One of RCU's great strengths is that it allows you to wait for each of thousands of different things to finish without having to explicitly track each and every one of them, and without having to worry about the performance degradation, scalability limitations, complex deadlock scenarios, and memory-leak hazards that are inherent in schemes that use explicit tracking.

In this section, we will show how synchronize_sched()'s read-side counterparts (which include anything that disables preemption, along with hardware operations and primitives that disable irq) permit you to implement interactions with non-maskable interrupt (NMI) handlers that would be quite difficult if using locking. I called this approach "Pure RCU" in my dissertation [PDF], and it is used in a number of places in the Linux kernel.

The basic form of such "Pure RCU" designs is as follows:

  1. Make a change, for example, to the way that the OS reacts to an NMI.

  2. Wait for all pre-existing read-side critical sections to completely finish (for example, by using the synchronize_sched() primitive). The key observation here is that subsequent RCU read-side critical sections are guaranteed to see whatever change was made.

  3. Clean up, for example, return status indicating that the change was successfully made.

The remainder of this section presents example code adapted from the Linux kernel. In this example, the timer_stop function uses synchronize_sched() to ensure that all in-flight NMI notifications have completed before freeing the associated resources. A simplified version of this code follows:

  1 struct profile_buffer {
  2   long size;
  3   atomic_t entry[0];
  4 };
  5 static struct profile_buffer *buf = NULL;
  6 
  7 void nmi_profile(unsigned long pcvalue)
  8 {
  9   atomic_t *p = rcu_dereference(buf);
 10 
 11   if (p == NULL)
 12     return;
 13   if (pcvalue >= p->size)
 14     return;
 15   atomic_inc(&p->entry[pcvalue]);
 16 }
 17 
 18 void nmi_stop(void)
 19 {
 20   atomic_t *p = buf;
 21 
 22   if (p == NULL)
 23     return;
 24   rcu_assign_pointer(buf, NULL);
 25   synchronize_sched();
 26   kfree(p);
 27 }

Lines 1-4 define a profile_buffer structure, containing a size and an indefinite array of entries. Line 5 defines a pointer to a profile buffer, which is presumably initialized elsewhere to point to a dynamically allocated region of memory.

Lines 7-16 define the nmi_profile() function, which is called from within an NMI handler. As such, it cannot be preempted, nor can it be interrupted by a normal irq handler, however, it is still subject to delays due to cache misses, ECC errors, and cycle stealing by other hardware threads within the same core. Line 9 gets a local pointer to the profile buffer using the rcu_dereference() primitive to ensure memory ordering on DEC Alpha, and lines 11 and 12 exit from this function if there is no profile buffer currently allocated, while lines 13 and 14 exit from this function if the pcvalue argument is out of range. Otherwise, line 15 increments the profile-buffer entry indexed by the pcvalue argument. Note that storing the size with the buffer guarantees that the range check matches the buffer, even if a large buffer is suddenly replaced by a smaller one.

Lines 18-27 define the nmi_stop() function, where the caller is responsible for mutual exclusion (for example, holding the correct lock). Line 20 fetches a pointer to the profile buffer, and lines 22 and 23 exit the function if there is no buffer. Otherwise, line 24 NULLs out the profile-buffer pointer (using the rcu_assign_pointer() primitive to maintain memory ordering on weakly ordered machines), and line 25 waits for an RCU Sched grace period to elapse, in particular, waiting for all non-preemptible regions of code, including NMI handlers, to complete. Once execution continues at line 26, we are guaranteed that any instance of nmi_profile() that obtained a pointer to the old buffer has returned. It is therefore safe to free the buffer, in this case using the kfree() primitive.

Quick Quiz 6: Suppose that the nmi_profile() function was preemptible. What would need to change to make this example work correctly?

In short, RCU makes it easy to dynamically switch among profile buffers (you just try doing this efficiently with atomic operations, or at all with locking!). However, RCU is normally used at a higher level of abstraction, as was shown in the previous sections.

Conclusions

At its core, RCU is nothing more nor less than an API that provides:

  1. a publish-subscribe mechanism for adding new data,

  2. a way of waiting for pre-existing RCU readers to finish, and

  3. a discipline of maintaining multiple versions to permit change without harming or unduly delaying concurrent RCU readers.

That said, it is possible to build higher-level constructs on top of RCU, including the reader-writer-locking, reference-counting, and existence-guarantee constructs listed in the earlier sections. Furthermore, I have no doubt that the Linux community will continue to find interesting new uses for RCU, as well as for any of a number of other synchronization primitives.

Acknowledgements

We are all indebted to Andy Whitcroft, Jon Walpole, and Gautham Shenoy, whose review of an early draft of this document greatly improved it. I owe thanks to the members of the Relativistic Programming project and to members of PNW TEC for many valuable discussions. I am grateful to Dan Frye for his support of this effort.

This work represents the view of the author and does not necessarily represent the view of IBM.

Linux is a registered trademark of Linus Torvalds.

Other company, product, and service names may be trademarks or service marks of others.

Answers to Quick Quizzes

Quick Quiz 1: WTF??? How the heck do you expect me to believe that RCU has a 100-femtosecond overhead when the clock period at 3GHz is more than 300 picoseconds?

Answer: First, consider that the inner loop used to take this measurement is as follows:

  1 for (i = 0; i < CSCOUNT_SCALE; i++) {
  2   rcu_read_lock();
  3   rcu_read_unlock();
  4 }

Next, consider the effective definitions of rcu_read_lock() and rcu_read_unlock():

  1 #define rcu_read_lock()   do { } while (0)
  2 #define rcu_read_unlock() do { } while (0)

Consider also that the compiler does simple optimizations, allowing it to replace the loop with:

i = CSCOUNT_SCALE;

So the "measurement" of 100 femtoseconds is simply the fixed overhead of the timing measurements divided by the number of passes through the inner loop containing the calls to rcu_read_lock() and rcu_read_unlock(). And therefore, this measurement really is in error, in fact, in error by an arbitrary number of orders of magnitude. As you can see by the definition of rcu_read_lock() and rcu_read_unlock() above, the actual overhead is precisely zero.

It certainly is not every day that a timing measurement of 100 femtoseconds turns out to be an overestimate!

Back to Quick Quiz 1.

Quick Quiz 2: Why does both the variability and overhead of rwlock decrease as the critical-section overhead increases?

Answer: Because the contention on the underlying rwlock_t decreases as the critical-section overhead increases. However, the rwlock overhead will not quite drop to that on a single CPU because of cache-thrashing overhead.

Back to Quick Quiz 2.

Quick Quiz 3: Is there an exception to this deadlock immunity, and if so, what sequence of events could lead to deadlock?

Answer: One way to cause a deadlock cycle involving RCU read-side primitives is via the following (illegal) sequence of statements:

idx = srcu_read_lock(&srcucb);
synchronize_srcu(&srcucb);
srcu_read_unlock(&srcucb, idx);

The synchronize_rcu() cannot return until all pre-existing SRCU read-side critical sections complete, but is enclosed in an SRCU read-side critical section that cannot complete until the synchronize_srcu() returns. The result is a classic self-deadlock--you get the same effect when attempting to write-acquire a reader-writer lock while read-holding it.

Note that this self-deadlock scenario does not apply to RCU Classic, because the context switch performed by the synchronize_rcu() would act as a quiescent state for this CPU, allowing a grace period to complete. However, this is if anything even worse, because data used by the RCU read-side critical section might be freed as a result of the grace period completing.

In short, do not invoke synchronous RCU update-side primitives from within an RCU read-side critical section.

Back to Quick Quiz 3.

Quick Quiz 4: But wait! This is exactly the same code that might be used when thinking of RCU as a replacement for reader-writer locking! What gives?

Answer: This is an effect of the Law of Toy Examples: beyond a certain point, the code fragments look the same. The only difference is in how we think about the code. However, this difference can be extremely important. For but one example of the importance, consider that if we think of RCU as a restricted reference counting scheme, we would never be fooled into thinking that the updates would exclude the RCU read-side critical sections.

It nevertheless is often useful to think of RCU as a replacement for reader-writer locking, for example, when you are replacing reader-writer locking with RCU.

Back to Quick Quiz 4.

Quick Quiz 5: Why the dip in refcnt overhead near 6 CPUs?

Answer: Most likely NUMA effects. However, there is substantial variance in the values measured for the refcnt line, as can be seen by the error bars. In fact, standard deviations range in excess of 10% of measured values in some cases. The dip in overhead therefore might well be a statistical aberration.

Back to Quick Quiz 5.

Quick Quiz 6: Suppose that the nmi_profile() function was preemptible. What would need to change to make this example work correctly?

Answer: One approach would be to use rcu_read_lock() and rcu_read_unlock() in nmi_profile(), and to replace the synchronize_sched() with synchronize_rcu(), perhaps as follows:

  1 struct profile_buffer {
  2   long size;
  3   atomic_t entry[0];
  4 };
  5 static struct profile_buffer *buf = NULL;
  6 
  7 void nmi_profile(unsigned long pcvalue)
  8 {
  9   atomic_t *p;
 10 
 11   rcu_read_lock();
 12   p = rcu_dereference(buf);
 13   if (p == NULL) {
 14     rcu_read_unlock();
 15     return;
 16   }
 17   if (pcvalue >= p->size) {
 18     rcu_read_unlock();
 19     return;
 20   }
 21   atomic_inc(&p->entry[pcvalue]);
 22   rcu_read_unlock();
 23 }
 24 
 25 void nmi_stop(void)
 26 {
 27   atomic_t *p = buf;
 28 
 29   if (p == NULL)
 30     return;
 31   rcu_assign_pointer(buf, NULL);
 32   synchronize_rcu();
 33   kfree(p);
 34 }

Back to Quick Quiz 6.

Comments (14 posted)

Patches and updates

Kernel trees

Build system

Core kernel code

Development tools

Device drivers

Documentation

Filesystems and block I/O

Memory management

Networking

Architecture-specific

Security-related

Virtualization and containers

Miscellaneous

Page editor: Jonathan Corbet

Distributions

News and Editorials

Kubuntu LTS and KDE4

By Rebecca Sobol
December 28, 2007
Ubuntu and its siblings are preparing for the next Long Term Support (LTS) release, v8.04 (April 2008) - the Hardy Heron. Ubuntu's first release was announced in September 2004, with a (then) brand new GNOME 2.8 desktop. Since then Ubuntu releases have been tied pretty closely to GNOME releases.

Now, of course, we have Kubuntu for KDE fans, and Xubuntu for Xfce fans. That's great, but Ubuntu releases aren't timed for new versions of those desktops. And that's why it seems that Kubuntu 8.04 will not be a LTS release after all.

The final release of KDE 4.0 will be out in January and a Kubuntu 7.10 live CD with KDE 4 RC2 is getting plenty of downloads. Interest in KDE 4.0 is high. Jonathan Riddell, Kubuntu project lead, writes: "Since KDE 4 is a major change to the platform, it is not currently at one of these natural rest points so would not be suitable for long term support. Instead, due to the very high interest, development efforts will be directed towards KDE 4 and releasing Kubuntu 8.04 with the option of using either KDE 3.5 or KDE 4."

Basically, it seems that Canonical, Kubuntu's parent company, thinks that KDE 3.5 is stable enough for a LTS release, but upstream support will be dropping off before the full three-year period promised for a LTS release. KDE 4.0 is currently popular, and will be supported upstream, but its not quite stable enough for a LTS release.

Richard A. Johnson presents his viewpoint. "Kubuntu 8.04 will not be LTS, unless after all of this hoopla something changes. Honestly, I do not see why the KDE 3.5 release can't be LTS, but as Jonathan said, that is Canonical's calling." He continues, "If we were to continue to redirect 100% of our efforts to KDE 3.5, come this time next year, we will be so far behind the rest of the distributions pushing KDE 4. We, Kubuntu Development Team, do not have the resources to do both a KDE 3.5 LTS release as well as a KDE 4 release at the same time. We cannot afford to neglect KDE 4 as a distribution. If we were to neglect it now, we could never catch up to distributions such as Fedora, openSUSE, and others who are just swarming with developers."

Kubuntu is sometimes seen a "second class citizen" compared to Ubuntu and if Kubuntu does not release a LTS version that perception will only be strengthened. But the developer pool is small and Canonical must decide what they can realistically support for a 3 year time period, as opposed to the usual 18 month period for most releases.

In another post, Richard A. Johnson writes: "Don't get me wrong, I am torn between LTS and non-LTS for a multitude of reasons. I know people want LTS and just as many, if not more, want KDE 4. I am afraid that if we do the LTS way, we will miss out on KDE 4 and the hype behind it. At the same time I worry about those who were looking forward to an LTS release. At the same time, I also realize we do 6 month releases, and majority of our users follow our releases and typically upgrade on release day, the amount of noise created in the past about dist-upgrade breakage supports this."

Krzysztof Lichota comments:

I think KDE 3.5 is not high-maintainance thing as it has been in Kubuntu for many years and there are no changes after 3.5.8. It is just keeping the state as it is...

I think putting much effort on KDE 4 i shooting yourself in the foot. It is very new code (it isn't released even yet!) and it will contain lots of bugs and cause a lot of problems. It also misses some features from KDE 3. IMO 8.04 should be LTS release with mainly 3.5 support and with option to try out KDE 4.

Others agree that focusing on KDE 3.5 for a LTS release is the way to go. Unsupported live CDs with KDE 4 could be made available. And six months after the Hardy release comes Kubuntu 8.10, which will certainly feature KDE 4.

Scott James Remnant notes: "The community's input was actually sought on several points, and many members of the Kubuntu community provided answers and insight that contributed to the decision. It is difficult for this decision to be made by the community because the community's stake in Kubuntu is one of personal achievement and pride, whereas Canonical's is financial and of commercial commitments. Had Canonical simply asked the community "should Kubuntu 8.04 be an LTS?", the answer would not be based on the same terms: instead more direct questions were asked such as "how long will upstream work on KDE 3.5?""

Version 8.04 is only the second LTS release (the first being 6.06, aka Dapper Drake), so this situation really hasn't come up before. It is bound to come up again though. There may be other times in the future when not all the Ubuntu siblings will have the same support cycle. It doesn't necessarily make them second class, it just makes them more supportable.

Comments (30 posted)

New Releases

Debian GNU/Linux 4.0 updated

The Debian project has announced the second update of its stable distribution Debian GNU/Linux 4.0 (codename etch). This update mainly adds corrections for security problems to the stable release, along with a few adjustments to serious problems.

Full Story (comments: none)

Debian GNU/Linux 3.1 updated

The Debian project has announced the seventh update of its old stable distribution Debian GNU/Linux 3.1 (codename `sarge'). This is the first sarge update since etch was released. This update mainly adds corrections for security problems to the old stable release, along with a few adjustments to serious problems.

Full Story (comments: none)

Unofficial Debian+XFCE build

An unofficial build of Debian "etch" with Xfce4 is available for the OLPC XO system. "It includes Firefox, Thunderbird, a suite of development tools (python, git, gcc, gdb, flex, bison, automake, autoconf, libtool), a music player (XMMS), IRC client (irssi) and a graphical wireless AP selector. The entire build takes up 250MB of flash. I optimized the Firefox window layout to give you maximum screen estate, and configured a number of keyboard shortcuts. Feedback welcome. Standard disclaimer applies."

Full Story (comments: none)

Fedora Unity announces Fedora 8 Re-Spin

The Fedora Unity Project has announced the release of new ISO Re-Spins (DVD and CD Sets) of Fedora 8. These Re-Spin ISOs are based on the officially released Fedora 8 installation media and include all updates released as of December 18th, 2007. The ISO images are available for i386 and x86_64 architectures via jigdo.

Full Story (comments: none)

Stable LFS LiveCD 6.3-r2160 released

Linux From Scratch has released an updated live CD with version 6.3 of the LFS book. Click below to see the changes since the initial 6.3 release.

Full Story (comments: none)

Announcing NetBSD 4.0

The NetBSD Project has announced the release of v4.0 of the NetBSD operating system. "Major achievements in NetBSD 4.0 include support for version 3 of the Xen virtual machine monitor, Bluetooth, many new device drivers and embedded platforms based on ARM, PowerPC and MIPS CPUs. New network services include iSCSI target (server) code and an implementation of the Common Address Redundancy Protocol. Also, system security was further enhanced with restrictions of mprotect(2) to enforce W^X policies, the Kernel Authorization framework, and improvements of the Veriexec file integrity subsystem, which can be used to harden the system against trojan horses and virus attacks."

Comments (none posted)

openSUSE Build Service Version 0.5 Release

The openSUSE project has released version 0.5 of the openSUSE Build Service. This code provides the functionality as provided on https://build.opensuse.org/ for the first time as an official tar ball release. Pointsettia provides the complete infrastructure to build single hardware architecture distributions. System images can be created via KIWI.

Full Story (comments: 1)

SimplyMEPIS 7.0 released

MEPIS has announced the release of SimplyMEPIS 7.0. "Some of the important packages included with the 7.0 release are: an updated and security patched 2.6.22.14 kernel, Xorg 7.1.0, KDE 3.5.8, OpenOffice 2.3.0, Firefox 2.0.0.11, Thunderbird 2.0.0.6, Digikam 0.9.2, Sun Java 6.00, Amarok 1.4.7, mplayer 1.0.rc1, fuse driver 2.7.0, ntfs-3g 1.710, madwifi-ng Atheros driver 0.9.3.2, wpa-supplicant 0.6.0, ALSA sound drivers 1.0.15, libglib2.0 2.14.0, libgtk2.0 2.10.13, and QT 4.3.1-1."

Comments (none posted)

Hardy Alpha 2 released

The second alpha of Ubuntu's Hardy Heron, v8.04, is available for testing. "This is quite an early set of images, so you should expect some bugs. For a list of known bugs (that you don't need to report if you encounter), please see: http://www.ubuntu.com/testing/hardy/alpha2"

Full Story (comments: 2)

VectorLinux v5.9 GOLD

VectorLinux has announced the release of VectorLinux v5.9 standard GOLD. "This release follows our legendary tradition of stability (inherited from SlackWare-12), blazing speed on even modest hardware and simplicity of design and function. The release features fully working browser plugins including Flash, java, mp3, real media, Windows media, pdf and Quick time. Additional features include: X.org 7.3, Linux kernel 2.6.22.14, fully customized Xfce 4.4.2, Fluxbox, Jwm, SeaMonkey Internet Suite 1.1.7, Firefox 2.0.0.11 and Opera 9.5.0 beta1 (so you'll be sure to have your favorite browser!). Abiword and Gnumeric for your office tasks."

Comments (none posted)

Distribution News

Debian GNU/Linux

Status of GCC 4.3 on Alpha (Debian)

Martin Michlmayr has been compiling the Debian archive on Alpha with GCC 4.3. There are a few issues still, but overall the status is good.

Full Story (comments: none)

Debian 2007 timeline

Romain Francoise has started a Debian 2007 timeline to track the significant events of the year in the Debian Project.

Full Story (comments: none)

Slackware Linux

Happy new year from Slackware

Slackware starts the new year off right, with some new timezone data.

Full Story (comments: none)

SUSE Linux and openSUSE

SUSE Linux Desktop 1.0 has reached End of Life

The last maintenance update for SUSE Linux Desktop 1.0 has been released. "SUSE Linux Desktop 1.0 is now at its End Of Life, support is discontinued, and no more updates will be published."

Full Story (comments: none)

Other distributions

Welcome New OpenPKG Year 2008!

OpenPKG wants to wish everyone a happy new year and let you know about some adjustments. "Following our good tradition, the turn of the year is the prominent point in time where we adjust the official OpenPKG world order to the current organizational and technological circumstances." Click below to find out more about the current adjustments.

Full Story (comments: none)

Source Mage 2008 Project Lead Nominations

Nominations are open for the position of Source Mage project leader. See the Voting Policy for more information. Nominations are open until January 9, 2008.

Full Story (comments: none)

Distribution Newsletters

Foresight Newsletter Issue 9

The December 2007 edition of the Foresight Newsletter is out. "This month we take a look at the initial launch of the GNOME Developer Kit based on Foresight Linux, a look back at the year in review in the world of Foresight, an update on the next alpha version of the 2.0 release, updates to developer documentation, and news from Foresight's marketing and infrastructure teams."

Comments (none posted)

Ubuntu Weekly Newsletter #71

The Ubuntu Weekly Newsletter for December 29, 2007 is out. "In this issue: Dell adds DVD playback, Ubuntu Live Conference proposals, Hardy Alpha 2, Ubuntu Desktop training course, a community approach to commercial training, Kubuntu 8.04 LTS status, Full Circle Magazine Issue #8, new Kubuntu members, IRSeek, a new Official Ubuntu Book, and much, much more!!"

Full Story (comments: none)

Page editor: Rebecca Sobol

Development

The Linux Libertine Open Fonts Project

By Forrest Cook
January 2, 2008

The Libertine Open Fonts Project, which first showed up on LWN in May, 2006, is an open source font project. The project's leader is Philipp H. Poll. The Libertine project description states:

Letters and fonts have two charakteristics: On the one hand they are basic elements of communication and fundament of our culture, on the other hand they are cultural goods and artcraft. You are able to see just the first aspect, but when it comes to software you’ll see copyrights and patents even on the most elementary fonts. Therefore we want to give you a free alternative: This is why we founded the Libertine Open Fonts Project.

[Libertine Logo]

The Libertine license information states:

Our fonts are free in the sense of the GPL and OFL. In a nutshell: Changing the font is allowed as long as the derivative work is published under the same license again. Pedantics keep claiming that the embedded use of GPL-fonts in i.e. PDFs requires the free publication of the PDF as well. This, of course, is absolute nonsense, because - to our opinion - the font is not significantly changed by the embedding. To abolish the conflict some members of the FSF have written an addition to the license: the so called “Font Exception”. Our fonts’ GPL contains this font exception (since version 2.7). Since version 2.1.9 LinuxLibertine is also licensed under the OFL, which will clarify usability-conflicts.

The Libertine font files are available as both TTF (TrueType) and OTF (OpenType) fonts. The Linux-compatible LaTeX typesetting system supports the Libertine fonts. See the Libertine LaTeX document [PDF] for usage and installation instructions. [Libertine LaTeX Tux] Libertine includes a wide variety of Font Styles. Numerous languages are supported, and many special characters are available. For a look at some of the LaTeX accessible font characters, see the glyph list document [PDF].

Version 2.7.9 of the Libertine font project was recently announced. This release adds hinting, which allows the fonts to be used with Microsoft Word. Other changes include improved kern pairs for better typography, some minor tweaks and some bug fixes.

The libertine fonts are available for download here. The fonts come in a standard .tgz file which includes all of the font collections as both .ttf and .otf files. The Fontforge source files are also available. Fontforge is an open-source outline font editor.

Comments (9 posted)

System Applications

Backup Software

Areca Backup: 5.5.4 released (SourceForge)

Version 5.5.4 of Areca Backup has been announced, it includes a fix for a recovery bug. "Areca Backup is a file backup tool written in java. It supports data compression & encryption, incremental backup, file history explorer and many other features."

Comments (none posted)

Clusters and Grids

release 2.1.3 of Linux-HA is now available

Stable release 2.1.3 of the Linux-HA cluster management software has been announced. "It includes some new manageability features, and a few new and improved resource agents and STONITH plugins, and nearly 400 bug fixes and lesser enhancements."

Full Story (comments: none)

Database Software

Postgres Weekly News

The December 23, 2007 edition of the Postgres Weekly News is online with the latest PostgreSQL DBMS articles and resources.

Full Story (comments: none)

Postgres Weekly News

The December 30, 2007 edition of the Postgres Weekly News is online with the latest PostgreSQL DBMS articles and resources.

Full Story (comments: none)

Security

Release of iptables 1.4.0 final

Version 1.4.0 final of iptables has been announced. "This is the first final release of the new iptables branch 1.4. This release contains lots of bugfixes and improvements for the previous release candidate which strongly improves IPv6 support. Please, upgrade!"

Full Story (comments: none)

Web Site Development

Zenoss Core 2.1.2 Available (SourceForge)

Version 2.1.2 of Zenoss Core has been announced, it includes numerous bug fixes. "Zenoss Core is an enterprise network and systems management application written in Python/Zope. Zenoss provides an integrated product for monitoring availability, performance, events and configuration across layers and across platforms."

Comments (none posted)

Desktop Applications

Audio Applications

Aqualung 0.9beta9 released

Version 0.9beta9 of the Aqualung music player has been announced. "This is a major release bringing significant new functionality and many important fixes. All users are encouraged to upgrade."

Full Story (comments: none)

QjackCtl 0.3.2 released

Version 0.3.2 of QjackCtl, a GUI control panel for the JACK Audio Connection Kit, is out with a long list of new capabilities.

Full Story (comments: none)

Traverso 0.42.0 announced

Version 0.42.0 of Traverso is out with new features and bug fixes. "Traverso is a GPL licensed, cross platform program for recording and mixing music, speech, and sounds on the computer".

Full Story (comments: none)

Business Applications

OpenXava: 2.2.4 released (SourceForge)

Version 2.2.4 of OpenXava has been announced, it includes new features and bug fixes. "OpenXava is a framework to develop Java Enterprise/J2EE applications rapidly and easily. It's based in business component concept. Feature rich and flexible since it's used for years to create business applications with Java."

Comments (none posted)

Desktop Environments

GNOME 2.21.4 released

Version 2.21.4 of the GNOME desktop has been announced. "This is the third release of the GNOME 2.21.x series, heading towards the stable GNOME 2.22.x release."

Full Story (comments: none)

GARNOME 2.21.4 announced

Version 2.21.4 of GARNOME, the bleeding edge GNOME distribution, is out. "This release includes all of GNOME 2.21.4 plus a whole bunch of updates and fixes that were released after the GNOME freeze date."

Full Story (comments: none)

GNOME Software Announcements

The following new GNOME software has been announced this week: You can find more new GNOME software releases at gnomefiles.org.

Comments (none posted)

KDE Commit-Digest (KDE.News)

The December 16, 2007 edition of the KDE Commit-Digest has been announced. The content summary says: "A Sonnet-based spellcheck runner, and icons on the desktop in Plasma. Continued work revamping KBugBuster, more work towards KDevelop 4. GetHotNewStuff support for downloading maps in Marble. Image and audio dockers in Parley. The start of Glimpse, a new scanning application based on libksane. The beginnings of a generic resource display framework for NEPOMUK..."

Comments (none posted)

KDE Commit-Digest (KDE.News)

The December 23, 2007 edition of the KDE Commit-Digest has been announced. The content summary says: "Trolltech-sponsored development continues on Phonon backends. Support for saving to remote URL's in Gwenview. A "Now Playing" data engine and applet, and the train clock returns in Plasma. "Switch Tabs on Hover" can now be disabled, and other refinements in Kickoff for KDE 4.0. Work on a debugger (with a SpeedCrunch-inspired interface) for KHTML. Work to support the most recent release of the Flash (version 9) multimedia plugin in Konqueror. SOCKS support in KTorrent. Device handling fixes in KPilot..."

Comments (none posted)

KDE Software Announcements

The following new KDE software has been announced this week: You can find more new KDE software releases at kde-apps.org.

Comments (none posted)

Xorg Software Announcements

The following new Xorg software has been announced this week: More information can be found on the X.Org Foundation wiki.

Comments (none posted)

Encryption Software

GnuPG 1.4.8 released

Stable version 1.4.8 of GNU Privacy Guard (GnuPG) has been announced. "Note that this version is from the GnuPG-1 series and thus smaller than those from the GnuPG-2 series, easier to build and also better portable. In contrast to GnuPG-2 (e.g version 2.0.8) it comes with no support for S/MIME or other tools useful for desktop environments. Fortunately you may install both versions alongside on the same system without any conflict."

Full Story (comments: none)

GnuPG 2.0.8 released

Version 2.0.8 of GNU Privacy Guard (GnuPG) has been announced, it includes new features and bug fixes.

Full Story (comments: none)

Graphics

Uniconvertor 1.1.0 released

Version 1.1.0 of UniConvertor, a multi-platform vector graphics translator, has been released. This version improves memory usage.

Full Story (comments: none)

Medical Applications

GNUmed 0.2.8.0 released (LinuxMedNews)

Version 0.2.8.0 of the GNUmed medical record system has been announced. Changes include: "A report generator to visualize query results with gnuplot has been added. Exception handling has been improved. The Snellen Chart has been reactivated. KVK handling has officially been included. More hooks and an improved example hook script were added. Demographics handling has been extended to now really support multiple names, addresses, comm channels, and external IDs..."

Comments (none posted)

OpenClinica 2.2 Provides Enhanced Features for Popular Open Source Electronic Data Capture Software (LinuxMedNews)

LinuxMedNews notes the release of OpenClinica 2.2. "Akaza Research announces a new production release of the OpenClinica clinical research software designed for electronic data capture and clinical data management. This new release provides a long list of enhancements across numerous areas of the software."

Comments (none posted)

Music Applications

AZR3-JACK released

The initial release of AZR3-JACK has been announced. "This JACK program is a port of the free VST plugin AZR-3. It is a tonewheel organ with drawbars, distortion and rotating speakers. The original was written by Rumpelrausch Täips."

Full Story (comments: none)

Qsynth 0.3.2 (unstable-qt4) is out

Version 0.3.2 of Qsynth has been announced, it adds new capabilities and bug fixes. "Yes, it's about time. Much as the long due FluidSynth 1.0.8 release, really "Its about funky time!". Time also for season greetings and some gift exchange."

Full Story (comments: none)

Rosegarden 1.6.1 released

Version 1.6.1 of Rosegarden, an audio and MIDI sequencer and musical notation editor, has been announced. "This is a bug fix release, fixing a couple of significant bugs in the recent 1.6.0 feature release. Users are advised to upgrade forthwith."

Full Story (comments: none)

Office Suites

OpenOffice.org Newsletter

The December, 2007 edition of the OpenOffice.org Newsletter is out with the latest OO.o office suite articles and events.

Full Story (comments: none)

PDA Software

SynCE: vdccm 0.10.1 released (SourceForge)

Version 0.10.1 of vdccm, part of SynCE, has been announced. "The purpose of the SynCE project is to provide a means of communication with a Windows CE or Pocket PC device from a computer running Linux, *BSD or other unices. vdccm 0.10.1 has been released. This is a point release mainly to fix a security vulnerability that was presented to us by Core Security Technologies."

Comments (none posted)

Science

Q3C: 1.4.1 was released (SourceForge)

Version 1.4.1 of Q3C has been announced. "Q3C means QuadTree Cube. This is the plugin for PostgreSQL to work with large astronomical catalogues (or just the catalogues of objects on the sphere). It allows you to do easily the cone searches, polygonal searches on the sphere and fast cross-matches."

Comments (none posted)

Web Browsers

Mozilla Firefox 3 Beta 2 Released (MozillaZine)

MozillaZine has further coverage of the recently released Mozilla Firefox 3 Beta 2 web browser. "The second beta of the next major Firefox version offers around 900 bug fixes over Beta 1, including several feature enhancements and fixes to improve speed, stability, security and memory usage. Perhaps the most striking change is the redesigned Location Bar autocomplete menu, which now highlights which parts of the page title and/or URL match the entered text. The Downloads window has also been improved".

Comments (none posted)

Mozilla Links Newsletter

The December 20, 2007 edition of the Mozilla Links Newsletter is online, take a look for the latest news about the Mozilla browser and related projects.

Full Story (comments: none)

Mozilla Links Newsletter

The December 27, 2007 edition of the Mozilla Links Newsletter is online, take a look for the latest news about the Mozilla browser and related projects.

Full Story (comments: none)

Miscellaneous

OpenKM announces version 1.2

Version 1.2 of OpenKM has been announced. "Openkm is a open source document management system licenced on GNU GPL V2 based on java technologies ( Jboss, Jackrabbit, Lucene, GWT- Google Web Toolkit ) useful for any enterprises intented to organize and share documents."

Full Story (comments: none)

A New Year, a New Zimbra (MontanaLinux.org)

Scott Dowdle's blog looks at the recently released Zimbra 5.0 messaging and collaboration suite. "Zimbra Collaboration Suite 5.0 GA came out today or was it yesterday / last year? After reading the release notes(PDF) and doing a complete backup, I upgraded both my work and personal Zimbra servers. I have been using Zimbra for as my work and personal email server for... oh... something close to two years now. Over that time there have been a number of upgrades and they have always gone smoothly." The new version has not yet been announced on the official Zimbra site.

Comments (none posted)

Languages and Tools

Caml

Caml Weekly News

The January 1, 2008 edition of the Caml Weekly News is out with new articles about the Caml language.

Full Story (comments: none)

Perl

A Perl 6 status update

Remember Perl 6? Here is a status update by Patrick Michaud on the development of this new language. "Even though the new implementation is only a couple of weeks old, we already see huge gains in the quality and extensibility of the compiler, and in the ability for others to participate in its development. Because the current implementation is so new, I'm reluctant to hazard a guess as to an anticipated pace of development going forward, other than to say it should be much faster than what has been. I do tend to think that we'll be reaching the 'workable implementation' stage in a matter of weeks instead of months or years."

Comments (57 posted)

Python

Python-URL! - weekly Python news and links

The December 28, 2007 edition of the Python-URL! is online with a new collection of Python article links.

Full Story (comments: none)

Python-URL! - weekly Python news and links

The December 31, 2007 edition of the Python-URL! is online with a new collection of Python article links.

Full Story (comments: none)

Tcl/Tk

Tcl/Tk 8.5 released

Version 8.5 of Tcl/Tk has been announced. "This is the first stable release of Tcl/Tk 8.5."

Full Story (comments: none)

Tcl-URL! - weekly Tcl news and links

The December 31, 2007 edition of the Tcl-URL! is online with new Tcl/Tk articles and resources.

Full Story (comments: none)

Version Control

qgit-2.1 and qgit-1.5.8 announced

Two new versions of qgit have been announced. "Stable qgit-1.5.8 has only maintenance fixes, not a lot indeed, it happens to be already very stable. New stuff is in qgit-2.1".

Full Story (comments: none)

ugit: the pythonic git gui

A new release of ugit is out with lots of new features. "ugit, the pyqt-based git gui, has been taking shape as of late. First off, I'd like to thank everyone that replied with suggestions and criticism. This list is extremely helpful with regards to providing honest software critiques."

Full Story (comments: none)

Page editor: Forrest Cook

Linux in the news

Recommended Reading

2007 Top Ten Free and Open Source Legal Issues (Law & Life)

Law & Life: Silicon Valley has a column on the top-ten 2007 legal issues relevant to free software. "In August, the district court in San Francisco surprised many lawyers by ruling that the remedies for breach of the Artistic License were in contract, not copyright. Most lawyers believe that the failure to comply with the major terms of an open source license means that the licensee is a copyright infringer and, thus, can obtain “injunctive relief" (which means that the court orders a party to cease their violation). On the other hand, if the remedy is limited to contract remedies, then the standard remedy would be limited to monetary damages. Such damages are of limited value to open source licensors."

Comments (none posted)

Samba Team receives Microsoft protocol documentation (Groklaw)

Groklaw reports on the release of Microsoft protocol information. "The Protocol Freedom Information Foundation has just signed an agreement with Microsoft to receive the protocol documentation needed to fully interoperate with the Microsoft Windows workgroup server products and to make them available to Samba and other Free Software projects. No. This isn't a bit like the Novell-Microsoft agreements. This is for access to Microsoft's protocols, as ordered by the EU Commission and agreed to by Microsoft. It's a good thing, in my opinion, and the Samba guys worked really hard to make this as good as it gets."

Comments (10 posted)

Samba's Big Step (ComputerWorld UK)

Over at ComputerWorld UK, Glyn Moody analyzes the recent news from the Samba world, finding it mostly positive. "First, it confirms that there are groups within Microsoft who are willing to work in good faith with the free software world – whatever their chair-hurling boss may say. Judging by Tridge's comments – and contrary to my own impressions – it also demonstrates that there are people within the European Commission who really get this open source stuff, and want to nurture it. That's something that goes well beyond this agreement, since it is likely to impact future decisions too."

Comments (13 posted)

The SCO Problem

SCO Delisted as of Today (Groklaw)

Groklaw reports that SCO has been delisted from the NASDAQ. "All those Mesirow and legal hours working on the SEC delisting did not pay off. SCO announces today that Nasdaq has sent them a letter. SCO will be delisted as of December 27. They found out on the 21st, it seems, but they tell us today. Here's the press release, where they once again describe themselves as "a leading provider of UNIX software technology and mobile services"."

Comments (5 posted)

Companies

Open-Sourcing Fibre Channel over Ethernet (eWeek)

eWeek covers Intel's release of GPLv2-licensed Fibre Channel over Ethernet (FCoE) code for Linux. "FCoE's purpose is to enable data centers to consolidate LAN and SAN (storage area network) traffic over 10GB Ethernet. FC, which comes in speeds from 2 to the just arriving 8G bps, is commonly used in data center SANs. In recent years it's been challenged by iSCSI. Fibre, which, despite the name can run both on copper and fiber-optic cables, is seen as faster and more reliable, while iSCSI is commonly thought of as less expensive. Intel, along with FCoE's founder Cisco Systems, is hoping to combine the virtues of both Fibre and iSCSI with this new high-speed, dual-purpose network fabric." Further: "Unlike iSCSI, FCoE does not run on the TCP/IP stack. This is Fibre Channel on Ethernet without the overhead or the management and analysis tools of TCP/IP."

Comments (10 posted)

Red Hat has a great quarter; CEO leaves (Linux-Watch)

Linux-Watch looks at Red Hat's financial results for its third fiscal quarter. "For Red Hat's share owners, the net income for the quarter came out to a healthy $20.3 million. That works out to a dime per diluted share. Last quarter saw 9 cents per diluted share and 7 cents per diluted share in the equivalent 2006 quarter. At the same time that Red Hat was making money, the company has also been saving money. Its total cash and equivalents at quarter's end was $1.3 billion."

Comments (2 posted)

Linux Adoption

Signposts of GNU/Linux Growth in 2007, Part 1 (Datamation)

Datamation takes a look at areas where Linux has gained ground in 2007. "As time goes by, appliances might inherit the important role of traditional desktops. Mobile and ultra-mobile devices could gradually replace laptops and servers to become more predominant owing to Web-based software, which also moves storage toward the back end. Let's explore how GNU/Linux fits this broader vision and discover just how ubiquitous it is, with growth consistently on the upside."

Comments (3 posted)

Technology in 2008 (Economist)

The Economist makes some predictions for 2008 which reveal an interesting view of causality in the Linux world. "The [SCO/Novell] verdict removed, once and for all, the burden that had been inhibiting Linux's broader acceptance. Linux is now accepted as being Unix-like, but not a Unix-derivative. Bulletproof distributions of Linux from Red Hat and Novell have long been used on back-office servers. Since the verdict against SCO, Linux has swiftly become popular in small businesses and the home."

Comments (26 posted)

Linux at Work

MIT spinoff's little green laptop a hit in remote Peruvian village (Chicago Tribune)

The Chicago Tribune is carrying a look at one of the first OLPC deployments in Peru. "The children of Arahuay prove One Laptop's transformative conceit: that you can revolutionize education and democratize the Internet by giving a simple, durable, power-stingy but feature-packed laptop to the worlds' poorest kids. 'Some tell me that they don't want to be like their parents, working in the fields,' first-grade teacher Erica Velasco says of her pupils. She had just sent them to the Internet to seek out photos of invertebrates - animals without backbones.'"

Comments (13 posted)

Legal

News about LANCOR v. OLPC (Groklaw)

Groklaw looks at a lawsuit filed by LANCOR against OLPC. "Yes, it's begun in a Nigerian court. LANCOR has actually done it. Heaven only knows it makes me want to drink. Guess what the Nigerian keyboard makers want from the One Laptop Per Child charitable organization trying to make the world a better place? $20 million dollars. I kid you not. $20 million dollars in "damages". And an injunction blocking OLPC from distribution in Nigeria."

Comments (10 posted)

Interviews

Interview with Opera's CEO, CTO and General Counsel (Groklaw)

Groklaw has an interview with several Opera executives on the Opera Software complaint to the EU Commission. "This interview is with Opera's CEO Jon S. von Tetzchner, Jason A. Hoida, Deputy General Counsel, and CTO, Håkon Wium Lie. I have yet to see a media report that gets all the story right, so let's let them speak for themselves in their own words: why file a complaint now, what is it about, what remedies are being sought, which standards are involved, and how does failure to implement standards affect the public, and much more." The Free Software Foundation Europe has announced support for Opera's complaint against Microsoft.

Comments (none posted)

Linux for everyone (CPILive.net)

CPILive.net interviews Mark Shuttleworth. "Free software is part of a broader phenomenon, which is a shift toward recognising the value of shared work. Historically, shared stuff had a very bad name. The reputation was that people always abused shared things, and in the physical world, something that is shared and abused becomes worthless. In the digital world, I think we have the inverse effect, where something that is shared can become more valuable than something that is closely held, as long as it is both shared and contributed to by everybody who is sharing in it."

Comments (none posted)

Interview with ECIS's Thomas Vinje Regarding Opera's Complaint (Groklaw)

Groklaw presents an audio interview with Thomas Vinje. "Groklaw's Sean Daly has been busy getting more information for us about the recent announcement by Opera that it has filed a complaint with the European Commission against Microsoft. He's done two interviews. This one is with Thomas Vinje, the lawyer for the European Committee for Interoperable Systems [ECIS], who is helping to represent Opera before the Commission."

Comments (none posted)

Resources

Commercial Sound And Music Software For Linux, Part 2 (Linux Journal)

Dave Phillips presents more commercially available music and sound software for Linux. "As one reader pointed out, "commercial" doesn't necessarily mean closed-sources, just as "proprietary" doesn't necessarily mean "for sale". The question of how to make money from free software development was the instigation for this article, and I discovered that there are income possibilities other than the traditional exchange of goods for money. Two popular channels are the service/support contract and the subscription model."

Comments (none posted)

Building A Linux Music Studio (LinuxPlanet)

LinuxPlanet looks at audio applications for Linux. "This is a great time to be your own recording and sound engineer. There are all kinds of great digital recording gear, from tiny portable recorders to multi-channel mixer-recorders with CD burners, and Linux has a wealth of good-quality audio recording and editing programs. The hard part is figuring out where to start because there is so much to choose from. I'll talk a bit about the different types of digital recorders, and then run through recording a live performance and making a CD using Linux."

Comments (3 posted)

The Sound Of Linux 2007 (Linux Journal)

Dave Phillips highlights the best Linux audio achievements of the year in the Linux Journal. "If I had to select one piece of software that I consider to be crucial to Linux audio development, it'd be JACK. Almost all the software mentioned above either requires it or performs best with it. Some of JACK's notable improvements in 2007 include direct support for MIDI, improved support for multi-processor systems, and a new version for Windows. Linux can claim a variety of excellent sound and music applications, but JACK truly holds the keys to the kingdom."

Comments (8 posted)

Reviews

My Very Own OLPC XO Laptop (Groklaw)

PJ got her very own OLPC XO laptop. "I have one!!! Finally I get to play with the OLPC laptop. It was a gift, and it was given to me in a restaurant, where it created a stir, so there's a story to tell you. I met, at their suggestion, a couple at a restaurant that has wireless, and there it was. My very own XO. It's so tiny. So light. So cute. It's not all green, by the way. When it's closed, it's white with green trim, with a textured finish so it's not slippery, and it's soooo darling. It draws you. I couldn't even eat until I tried it out."

Comments (21 posted)

Miscellaneous

The top Linux/FOSS events of 2007 (ITWire)

ITWire looks back at 2007. "OpenMoko hasn't received the same hype as, say, the Apple iPhone but it is truly remarkable in terms of the product itself as well as the philosophy of the company who freely give away all the keys to let anyone do anything with the phone. Perhaps in time a new release of the Neo may replicate the success of the ASUS Eee in the mobile world. I certainly think this is one product and company to keep an eye on."

Comments (1 posted)

Tech Predictions for 2008 (PC World)

PC World presents some technology predictions for 2008. "As Vista continues to limp toward wider adoption, Linux will make major inroads into the enterprise, as well as in government IT. At the same time, the leaner OS will become a more attractive option for home users and in consumer electronics, spurred by the Open Handset Alliance and the advent of Google's Android mobile platform, which will be built on the Linux kernel. Jim Zemlin, the president of the Linux Foundation, sees 2008 as a "really interesting, breakthrough year for Linux," and we think he's right about that."

Comments (none posted)

Trying to predict 2008 (ZDNet)

Here is a bizarre 2008 prediction posted by "Paul Murphy" at ZDNet. "At the top of the list of continuations is SCO. No matter how the legal action pans out, it will continue to dominate direction setting in the Linux community - and until or unless IBM gets its collective head straight on the issue and cleans house, the polarization this case has led to will continue to undermine Linux legitimacy." LWN's 2008 predictions - to be posted soon - do not mention SCO at all; one wonders if there is anybody else on the planet who thinks this way.

Comments (14 posted)

Page editor: Forrest Cook

Announcements

Non-Commercial announcements

FSFE supports new antitrust investigation against Microsoft

The Free Software Foundation Europe has sent out a press release announcing its support for antitrust investigation against Microsoft in the EU. ""Microsoft should be required openly, fully and faithfully to implement free and open industry standards," is the message of a letter by the Free Software Foundation Europe (FSFE) to European Competition Commissioner Neelie Kroes. To help achieve this goal, FSFE offered its support for a possible antitrust investigation based on the complaint of Opera Software against Microsoft. The complaint was based on anti-competitive behaviour in the web browser market."

Full Story (comments: none)

GnuPG Celebrates 10 Years

The GNU Privacy Guard encryption software project has announced its 10 year anniversary. "It's been a decade now that the very first version of the GNU Privacy Guard [0] has been released. This very first version was not yet known under the name of GnuPG but dubbed "g10" as a reference on the German constitution article on freedom of telecommunication (Grundgesetz Artikel 10) and as a pun on the G-10 law which allows the secret services to bypass these constitutional guaranteed freedoms."

Full Story (comments: 12)

Samba team gets Microsoft protocol documents

The Samba team has announced the signing of an agreement with Microsoft which will result in the delivery of Microsoft's protocol documentation. "We will be able to use the information obtained to continue to develop Samba and create more Free Software. We are hoping to get back to the productive relationship we had with Microsoft during the early 1990's when we shared information about these protocols. The agreement also clarifies the exact patent numbers concerned so there is no possibility of misunderstandings around this issue."

Comments (5 posted)

EU antitrust case over: Samba receives interoperability information

The Free Software Foundation Europe has sent out a press release concerning the winning of interoperability information by the Samba project. "In 2004 the European Commission found Microsoft guilty of monopoly abuse in the IT marketplace and demanded that complete interoperability information be made available to competitors. Microsoft objected to this decision and was overruled in September 2007 by the European Court of First Instance (CFI). The CFI found Microsoft guilty of deliberate obstruction of interoperability and upheld the obligation for Microsoft to share its protocol information. The Samba Team has decided to make use of Micrsoft's obligation under the European judgements. Through the Protocol Freedom Information Foundation (PFIF), network interoperability information has been requested and a one-time access fee of 10.000 EUR is being paid to give Samba team full access to important specifications."

Full Story (comments: 1)

Commercial announcements

dimdim partners with SugarCRM

dimdim has announced a partnership with SugarCRM. "dimdim, the world's leading open source web meeting company, today announced that it will be a Premium Provider on SugarExchange, the SugarCRM Marketplace. SugarCRM, the world's leading provider of commercial open source customer relationship management (CRM) software has been integrated with dimdim's open source web meeting software, giving companies of all sizes an integrated collaboration and CRM system that is the most fully-functioned, cost-efficient, and customizable solution available anywhere."

Comments (none posted)

A message from Matthew Szulik

Here's a message from Matthew Szulik in the wake of his abrupt decision to step down as CEO of Red Hat. "I take pride when customers and industry types comment to me that the people of Red Hat are 'different.' Not like the cylons who have come to dominate the industry of technology. Through our actions, the open source community and the people of Red Hat are defining a modern economic relationship between developer and customer. Collaboration. Transparency and value delivered. Our customers and marketplace are responding as evidenced by our financials and strong market potential."

Comments (none posted)

Webot announces media player for Nokia N810 Internet Tablet

Webot has announced a media player for the Nokia N810 Internet Tablet. "To build the media player, Webot tailored its existing media search, sharing, and player technologies to the unique design of the tablet. With a tap of the screen, users can play any song from any of their computers, anywhere in the world. The system also offers digital picture frames that are automatically updated as new photos arrive, and the ability to share photo albums with family and friends."

Comments (none posted)

New Books

Prototype and script.aculo.us--New from Pragmatic Bookshelf

Pragmatic Bookshelf has published the book Prototype & script.aculo.us by Christophe Porteneuve.

Full Story (comments: none)

Packt Publishing announces Qmail Quickstarter

Packt Publishing has published the book Qmail Quickstarter by Kyle Wheeler.

Full Story (comments: 2)

Resources

OLPC News 2007-12-30

The December 30 edition of the One Laptop Per Child project news is out. There is a lot going on, naturally, but the big news is that Mary Lou Jepsen, the creator of the unique display used on the OLPC XO, is moving on to other ventures. "Mary Lou was OLPC employee Number One, both in terms of when she joined the organization and in terms of the breadth and depth of her contributions. Thank you and best of luck with your adventures in a new role and new year."

Full Story (comments: none)

Quantum cryptography on the OLPC

The OLPC XO laptop is supposed to be for kids, but, as can be seen on this page, the grownups have been having fun with it as well. "After a few hours of tinkering with the kernel config, timezones (the xo's had to be synchronized with an accuracy of at least 0.5 sec) and the dependencies, the team successfully tested the first 'entanglement based quantum key distribution' between two xo laptops!"

Full Story (comments: none)

Calls for Presentations

Black Hat Briefings Call for Papers

Calls for papers have gone out for several Black Hat Briefings events. "Black Hat is proud to be holding Trainings and Briefings in Washington D.C., Amsterdam, Las Vegas, Japan, and a mystery location in 2008."

Full Story (comments: none)

CFP CISIS '08

The first call for papers has gone out for the International Workshop on Computational Intelligence in Security for Information Systems (CISIS'08). The event will be held in Genova, Italy on October 23-24, 2008, submissions are due by March 14.

Full Story (comments: none)

FOSDEM 2008: Devroom Talks Wanted (KDE.News)

KDE.News has announced a call for speakers for the FOSDEM 2008 Devroom Talks. "As always, KDE will have a presence at next year's FOSDEM in Belgium on 23-24 February 2008. FOSDEM is a European meeting of free software developers, to listen to a plethora of interesting talks about anything related to free software. We are looking for people to give a talk in the KDE or cross-desktop devroom. On Sunday, we will be sharing a room with the developers from Gnome. This means that just like last year, we are also interested in talks that transcend free desktops generally."

Comments (none posted)

LinuxWorld conference CFP

A call for papers has gone out for the LinuxWorld conference, the submission deadline is February 22, 2008. The conference will take place on August 4-7, 2008 in San Francisco, CA. "Do you have a topic that would add important content to LinuxWorld? conference program? Then submit your speaking proposal by completing the online form. Prior to filling out the form, please review the content tracks, guidelines, evaluation criteria and other important facts regarding speaking opportunities."

Full Story (comments: none)

Upcoming Events

First OCaml users group meeting in Paris

The first Paris OCaml users group meeting will be held on January 26, 2008.

Full Story (comments: none)

QualiPSo Conference 2008

The QualiPSo Conference 2008, the first international conference on Open Source Software quality, will take place in Rome, Italy on January 16-17, 2008.

Comments (none posted)

SCALE Early Bird Registration Ends Jan 5th.

The sixth annual Southern California Linux Expo (SCALE) has announced two new keynote speakers, Jono Bacon of Canonical and Stormy Peters of OpenLogic in conjunction with a reminder about early bird registration. SCALE will be held 8-10 February 2008 at the Los Angeles airport Westin hotel. Click below for more information.

Full Story (comments: none)

SCALE is Full

The Southern California Linux Expo has announced its speakers. The event takes place on February 8-10, 2008 in Los Angeles, CA. "The So Cal Linux Expo has filled all available speaker slots for not only the SCALE 6X main conference, but also all three Friday specialty conferences. Over the Friday and Saturday of SCALE there are 36 speaker slots. The SCALE committee received over 75 submittals for the main conference, which were gradually weeded down to those that the committee felt most matched SCALE's goals. Information on the selected session topics is available on the SCALE website".

Full Story (comments: none)

Events: January 10, 2008 to March 10, 2008

The following event listing is taken from the LWN.net Calendar.

Date(s)EventLocation
January 11
January 13
FUDCon Raleigh 2008 Raleigh, NC, USA
January 16
January 17
QualiPSo Conference 2008 Rome, Italy
January 17
January 19
KDE 4 release event Mountain View, CA, USA
January 24 Federal DBA Day Washington DC, USA
January 28
February 2
Linux.conf.au 2008 Melbourne, Australia
January 28
February 1
Ruby on Rails Bootcamp with Charles B. Quinn Atlanta, Georgia, USA
January 29
January 31
Solution Linux 2008 Paris, France
February 1 Open Island Belfast, United Kingdom
February 6
February 10
O'Reilly Money:Tech Conference New York, NY, USA
February 7 Frozen Perl 2009 Minneapolis, United States
February 8
February 10
Southern California Linux Expo Los Angeles, USA
February 10
February 13
NDSS Symposium 2008 San Diego, CA, USA
February 11 Florida Linux Show 2008 Jacksonville, Florida, USA
February 11 Open Source Software (OSS) and the U.S. Department of Defense (DoD) Alexandria, VA, USA
February 13
February 15
German Perl-Workshop Regionales Rechenzentrum Erlangen, Germany
February 16 Frozen Perl 2008 Workshop Minneapolis, USA
February 19
February 20
Linux Developer Symposium Beijing, China
February 19
February 20
Files and Backup London, UK
February 22
February 24
freed.in/2008 Delhi, India
February 23
February 24
Free/Open Source Developers' European Meeting 2008 Brussels, Belgium
February 23
February 26
Linux World Mexico Mexico City, Mexico
February 25
February 26
2008 Linux Storage and Filesystem Workshop San Jose, CA, USA
February 25
February 29
NEW PHP 5 and PostgreSQL Bootcamp with Mark Fenoglio Atlanta, Georgia, USA
February 25
February 27
German Perl Workshop Frankfurt, Germany
February 28
March 1
Linux Audio Conference Cologne, Germany
March 1
March 2
Chemnitzer Linux-Tage 2008 Chemnitz, Germany
March 3
March 6
O'Reilly Emerging Technology Conference San Diego, CA, USA
March 3
March 6
Drupalcon Boston 2008 Boston, MA, USA
March 4
March 9
CeBIT Germany Hannover, Germany
March 8
March 14
Asia OSS Conference & Showcase 2008 Guangzhou, China

If your event does not appear here, please tell us about it.

Audio and Video programs

Samba/Windows interoperability news: Jeremy Allison (LinuxWorld)

LinuxWorld has an audio interview with Jeremy Allison. "One of the lead developers at the popular Samba project, which implements Microsoft file and print sharing, talks about today's protocol documentation announcement." (Thanks to Don Marti).

Comments (3 posted)

Page editor: Forrest Cook

Copyright © 2008, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds