|
|
| |
|
| |
LWN.net Weekly Edition for January 17, 2008
By Jake Edge
January 16, 2008
Reviewing code is a thankless, but very important, task for any
software project. For free software projects, the "many eyes make all bugs shallow" aphorism only works if
the eyes actually focus on the code in question. Review Board is a web-based
application that helps reviewers examine the code, while making it easier
for a developer to track those reviews.
Borne out of frustration with the process of code reviews at VMware, Review
Board has made a great deal of progress since being released last May. The idea
behind it is to centralize all of the pieces that need to come together for
a review: code diffs, screenshots of UI functionality, comments by other
developers, etc. On many projects, reviews are handled by email, but that can
be difficult to use; various pieces of the puzzle are spread around in
multiple messages and locations.
Often a reviewer needs to see more context than a simple email diff
provides or wants to comment on a related section of code that is not
contained in the diff; each requires a reviewer to do more work. In a
complicated set of changes, ensuring that the developer and any other
reviewers can follow what code the comments pertain to can also be
difficult. It is these kinds of problems that Review Board is meant to
solve.
![[Review
Board diff]](/images/revboard/revboarddiff_sm.png)
Review Board presents a side-by-side diff view, shown at right, with
lots of extras, many of which will be familiar to users of other graphical
diff tools. Changed lines are highlighted in different colors based on
whether they are additions, deletions, or changes. Changes on a particular
line are highlighted in a slightly darker color so that they can be
distinguished more easily as well. The numbered tabs along the left edge
provide a link to a reviewer's comments about that section of the code.
This is where Review Board shows that it is much more than just a diff
viewer.
Using AJAX
techniques, Review Board allows a reviewer to interact very naturally with
the code. They can highlight a certain section, which will pop up a
text widget that records comments associated with that section of code.
When other reviewers or the developer read those comments, the code snippet
is included, with a link back to the code in the diff view. Each of these
comments can then be commented upon which allows for a conversation about the
code to develop.
![[Review
Board screenshot diff]](/images/revboard/revboardshot_sm.png)
It is not just code that can be annotated; screenshots of application
functionality or bugs can be attached to
reviews, as well. Sections of the screenshot can be highlighted and
commented upon, as shown at left. This feature is an excellent example of
where a web-based tool can shine; doing the same task in text-based email
would be painful. Not all projects need it, but those
that do will find it quite useful as anyone who has spent time trying to
describe a UI problem in email will attest.
Inter-diffs is another useful feature that Review Board provides. Often in
the code review process, several revisions of the original patch are made.
It can be tedious to wade through a large diff, most of which has been
uncontroversial (or resolved earlier) to get to the changes in the area of
interest. Review Board has the ability to see changes between any two
revisions of the patch, which should reduce much of the hassle.
![[Review Board dashboard view]](/images/revboard/revboarddash_sm.png)
Another thing that Review Board does is to assist in managing code
reviews. When a developer posts something for review, various reviewers
can be notified via email. Review Board keeps track of that information,
presenting users with a "dashboard" view of their pending reviews, both
those they submitted and those that others have asked them to do. This
high-level overview is the first screen the user sees when they log on to
the system, shown at right. This makes keeping track of work that needs to
be done – or
who to prod to get a review moving again – much easier.
Currently, Review Board best supports the Subversion and Perforce
version control systems (VCS), but support for others, including
distributed VCS Mercurial and git, are being actively developed and are
usable in their current states. Released under an MIT license, Review
Board is written in Python, using the Django web framework. Development
is hosted at Google Code; the
developers,
unsurprisingly, uses the software for internal code reviews.
Other systems to assist in the code review process do exist. Codestriker is a Perl based
web application that has similar aspirations to Review Board. Also of
interest is Python founder Guido van Rossum's first project at Google: a code review
system he calls "Mondrian".
It is closely tied to Google proprietary code, though, so it seems unlikely to be
released as free software – though it might make an appearance as a
tool for
Google Code projects to use.
Code reviews are very powerful, but generally painful to perform; any
tool that claims that "Code reviews are fun again!
...almost.", as Review Board does, will be welcomed by many. It
will be interesting to see whether a code review tracker becomes a standard
part of newer free software projects. Over the last few years, we have
seen the rise of distributed VCS, bug trackers, and wikis to assist in
distributed development. Will Review Board – or something like it
– be the next tool to be added?
Comments (10 posted)
By Jonathan Corbet
January 16, 2008
A few articles making predictions for 2008 had put an initial public
offering by MySQL on their list. The company had clearly been heading in
that direction for a while; sales were growing, venture capital was coming
in, etc. In the end, though, the MySQL IPO seems destined not to happen -
Sun Microsystems got
there first.
The deal is structured as a full acquisition - Sun will pay about
$800 million for all outstanding shares of MySQL stock. In addition,
about $200 million in options will be covered, so, overall, this is a
billion-dollar deal. Not bad for a company which is based on free
software.
Sun is making the right noises about how this deal will work. There is no
talk of taking MySQL proprietary or changing its license. MySQL will
continue to be supported on all platforms, and not just Solaris. A series
of grants will be made to help university researchers advance the state of
the art in database management systems. There is a lot of talk about
continuing to support "the community," though details are (perhaps
necessarily) scarce. CEO Jonathan Schwartz says
that Sun will be working to improve "the rest of the LAMP" stack, though he
says nothing about the "L" (for Linux) part.
Chances are that this deal will be a good thing for MySQL users. Sun is
clearly making MySQL an important part of its overall strategy (in these
days, one does not toss $1 billion toward unimportant objectives) and
can be expected to continue - or accelerate - development of the system.
Sun's free software orientation is strong enough that the chances of parts
or all of MySQL going proprietary seem small. Indeed, nothing in Sun's
releases says anything about MySQL's commercial licensing business; the
emphasis appears to be strongly on support and services. So MySQL might
just become even more open than it is now.
Sun appears to be positioning itself to compete strongly with Oracle. Both
companies are working hard to be able to offer the entire software stack to
their customers. So Oracle's push into the Linux distribution business and
Sun's database venture are both aimed at having the same story for their
sales staff to tell: we, in some way, own and control all of the software
you are looking to run. No problems with incompatibilities,
finger-pointing, etc. As an added bonus, Sun will happily sell you the
hardware you need too. Do expect an increase in efforts aimed at moving
MySQL users away from the (Oracle-owned) InnoDB engine, though.
For Sun to sell that story, though, it will to have continue to push
Solaris hard as an alternative to Linux. Either that, or the company will
eventually find itself shopping for a Linux distributor of its own. Either
way, it seems likely that competitive pressures for operating systems (and
higher layers) sales and support are set to increase, especially in the
high-performance web server area. Red Hat, whose PostgreSQL-based database
offering appears to have fallen below the radar, may find itself scrambling
for a response.
Sun makes a big point of being able to sell the entire package, and there
is some truth to that. Processors, storage, systems software, database
software, programming languages, office suites, and more can all be had
from one company. What remains to be seen is whether this is really what
customers want. There is a lot of value in being able to integrate
components from multiple sources and not being dependent on a single
vendor. Your editor, who managed a transition from being an all-DEC shop
to an all-Sun shop some twenty years ago, is not convinced that those days
are worth going back to.
Comments (12 posted)
By Jonathan Corbet
January 16, 2008
Last week, we began a
multi-part series looking at the soon-to-be ten years of LWN. At the end
of that episode, we were coming to the realization that the training
business was, perhaps, not going to perform quite as well as our
spreadsheets had suggested it might. It turns out that spreadsheets
created with free software can be just as deceptive as those done with
proprietary programs - who would have ever guessed? So we decided to look into whether it
might be possible to make some sort of deal with some other company -
preferably one with some money - to keep the show going.
Just how one might go about looking for such a deal is not immediately
obvious - especially if you're a bunch of technical people who have no clue
about how corporate acquisitions are done. Somehow, hanging an "Acquire
Us!" sign on the front page did not quite seem like the right way to go.
After some thought, we decided that the best approach might be to just
quietly slip the word to a few people that we might be open to offers, then
sit back and see what happened. As it turned out, that was all we needed
to do. Much of the following story has never been told - but all of the
non-disclosure agreements have run out by now, so this seems like the right
time.
Meanwhile, things were happening at a furious pace in the Linux community.
- August 26, 1999: Red Hat
and Caldera get around to year-2000 compliance. The 2.3.15 patch is
"huge", touching all of 600 files (2.6.24 currently has changes to
over 10,000 files). The first
Ottawa Linux Symposium concludes.
- September 2, 1999: Sun
buys StarDivision, but uses its "community source license" for the
code. Red Hat shuts down "Red Hat Linux" vendors on Amazon.
- September 9, 1999: SCO
(old SCO, mind you, not the current company) trashes Linux in Europe.
Bruce Perens worries that Sun may be trying to grab control of the
Linux desktop through its acquisition of StarDivision. Disruptive
changes in the "stable" 2.2 kernel upset users.
- September 16, 1999: the
2.3 kernel goes into "feature freeze," with Linus predicting a release
by the end of the year. He neglected to specify which year, though.
Cobalt networks files to go public. LinuxOne - a company nobody had
ever heard of - files to go public. Andover.net (the company which
had bought Slashdot) files to go public. The first ext3 filesystem patches
are released.
The 2.3 feature freeze is instructive - 2.4.0 was not released until
January, 2001 - 16 months after this "freeze" went into effect. Over the
next months we'll see plenty of reasons for the delay in the 2.4.0 release;
Linus was famously not a great release manager. But releases which failed
to arrive were the norm back in those days. Free software was much like
proprietary software in that regard. One has to look back to realize just
how much better we have gotten at getting software releases out in a
reasonable period of time.
The IPO filings were beginning to pile up - much to your editor's chagrin.
Actually reading those things is a painful chore, and we felt that
we needed to examine all of them. The relative
newcomers out there may be wondering who that LinuxOne company is. So were
we, at the time. LinuxOne materialized out of thin air, slapped its name
onto a copy of Red Hat Linux, and called itself a Linux company. They
clearly hoped to get in on the general mania and make a bunch of money
before people caught on - they nearly achieved it, too.
- September 30, 1999:
Caldera spinoff Lineo gets going - remember Embedix and Embrowser?
Red Hat drops LWN news from its web site.
Lineo got spun out of Caldera for a couple of apparent reasons: (1) to
isolate the DR-DOS lawsuit
which was being pursued against Microsoft, and (2) to
try to double the number of public offerings. The first objective was
achieved, and the suit was ultimately successful. In the end, though,
Lineo still failed to get off the ground.
- October 7, 1999: Sun
announces that it will be releasing the Solaris source code. The
OpenBSD project grabs the last freely-licensed version of ssh and
starts the OpenSSH project.
- October 14, 1999:
TurboLinux gets a big chunk of venture money. SCO (old SCO) buys a
chunk of the Linux Mall. Crypto export rules in the U.S. begin to
soften. The devfs discussion continues. SGI, VA Linux, and
O'Reilly launch a commercialized version of the Debian distribution.
VA Linux files for its IPO.
Old-timers will remember the Linux Mall - that was the place, once upon a
time, where we bought our Linux CDs (and stuffed penguins too). Yes, we
actually bought Linux on CD and waited for it to show up via mail, though
it may seem a little strange now. The Linux Mall, and its founder Mark
Bolzern, were fixtures in the early days of Linux. As Linux grew and
bandwidth increased, though, the Linux Mall was having a bit of a hard time
of it. The name was famous, though, and the site got a lot of traffic, so
companies interested in getting into the Linux hype were interested in it.
It may be getting a bit ahead of the story, but this is as good a place as
any to let it be known that one of the things that the Linux Mall wanted to
do with its new-found wealth was to acquire a media outlet like LWN. It
was part of the bigger plan of creating a full-featured e-commerce "mall"
centered around Linux. We considered the offer long and hard, but, in the
end, declined it. Just as well: the Linux Mall missed the IPO boat and got
folded into EBIZ, which, in turn, eventually went bankrupt. Had we taken
that path, there would be no LWN now.
- October 21, 1999:
LinuxToday is acquired by Internet.com; co-founder Dave Whitinger leaves
the building. ATI announces that it will be releasing 3D programming
information for its video adapters - the good news here is that it's
finally getting around to doing that.
- November 4, 1999: DVD
encryption is cracked and DeCSS is released. The Y2K-related
"windowing" patent threatens the kernel. Burn all GIFs day. The
kernel gets past the longstanding 1GB limit on installed memory. Slackware 7 (the
successor to Slackware 4) is released. The non-profit Red Hat Center
for Open Source launches - and is never heard from again.
- November 11, 1999: Cobalt
network goes public, shares begin trading at $130.
- November 18, 1999: The Linux
Business Expo is held as part of the once-famous COMDEX event. Red Hat
acquires Cygnus. BitKeeper is said to be getting closer to release.
Mozilla hits milestone 11 and is said to be getting closer to
release. Advogato.org launches.
LWN has only rarely operated booths at conferences, but we did have one at
the Comdex Linux Business Expo. For the curious, here's a picture from
the event featuring LWN editor Rebecca Sobol. That week's LWN edition
was produced from that booth after the floor closed, under the watchful eye
of security guards who didn't think we should be there. Your editor
remembers it as one of the coldest experiences of his life. During the
show, we subjected to constant, highly-amplified screaming obnoxiousness from the
large booth being run by LinuxToday - the acquisition, it seemed, had put
that site onto a rather less dignified path.
The other thing LWN was doing at this event was talking with potential
suitors. One of those was a company called Atipa, which was operating a large booth of
its own. Atipa was a VA-style Linux box vendor with a grand plan for a
Linux portal site which would, eventually, be the place people went
for Linux information. They thought that LWN would make a good
addition to that portal, and were pushing hard to make a deal.
We met a few times with Atipa's CEO, a charismatic man who told a good
story. The company, he said, was going to outdo even the coming VA Linux IPO, which
was already clearly going to be big. Along the way he was going to pick up
companies like Applix and open-source the ApplixWare office suite -
something which would have been nice at the time. He stated flat out that
he was soon to be a billionaire, and that we could share in that bonanza.
It was quite the tale, but we tended to walk out of these meetings
believing every word of it.
With some distance, though, the glow always faded. We wondered why our
visit to the company's headquarters revealed a building almost devoid of
people. The magic "profit happens here" step in their plans seemed less
inevitable when looked at later.
In the end, we did not take this deal. Thereafter, we received
(unverifiable) word that Atipa's
investors started asking some harder questions and found that, perhaps,
they, too, had allowed themselves to be charmed more than they should
have. Atipa rather abruptly found a new CEO, the IPO never happened, and
investors, presumably, lost their money.
Also at the Linux Business Expo, we met with some representatives from
O'Reilly. They were getting the O'Reilly network off the ground, and
thought that LWN might make a good addition to it. They eventually offered us
a deal (which looked more like a traditional angel investment than an
acquisition) and a network
affiliation which would have given us a portion of the revenue from the ads
they sold. Your editor, who has a lot of respect for the people at O'Reilly, has
always had a bit of regret at turning down this offer. It was an
opportunity to get business advice from some very smart people. But it
would almost certainly have been fatal to LWN once the advertising market
fell apart.
Meanwhile, the acquisition of Cygnus by Red Hat led to a fair amount of
online worrying about whether Red Hat was set to take over Linux by virtue
of employing a number of GCC developers. Such fears look a little silly
now, but they seemed real then.
- December 9, 1999:
Andover.net goes public. The kernel gets NUMA support (during a
feature freeze, remember).
Sun announces a Linux Java release, rolling over the "Blackdown" team
which had been working on this release for years.
- December 12, 1999: VA
Linux goes public, setting the record for the largest first-day gain
in NASDAQ history. Eric Raymond gets rich and
lets us all know about it.
The non-free BitKeeper license is revealed. LinuxCare acquires the
Puffin Group and gets another $32 million. The Linux Capital Group
launches; it starts by funding Progeny Linux. Companies send out "we use
Linux" press releases in an attempt to make their stock price go up.
The VA IPO was not just the peak of the Linux bubble - it could well be the
peak of the dotcom bubble as a whole. It was not possible to watch that
stock rise to well over $300 a share on the first day and not be
overwhelmed by a sense of unreality. Still, it seemed like no more than
what Linux deserved, and people somehow expected it to continue.
- January 6, 2000: Linux
survives Y2K. Red Hat buys Hell's Kitchen Software, does nothing with
it. VA Linux launches the SourceForge site.
- January 13, 2000: Caldera
Systems (later to become SCO) files for its IPO. The kernel gets a
new block driver API and 32-bit UIDs - still during the feature freeze.
- January 20, 2000:
LinuxCare files for its IPO. Linus Torvalds shuts down the sale of a
number of Linux-related domain names. Secure Computing Corporation
announces that it will be developing (what becomes) SELinux. Enoch
becomes Gentoo Linux. TurboLinux completes another funding round.
Once upon a time, Caldera Systems was supposed to be among the biggest
winners in the distribution sector - they had the business connections and
the distribution channels. "Linux for business" got the company far enough
to do an IPO, but not much beyond that. This is, of course, the company
which eventually became the SCO Group.
Caldera was well overshadowed by LinuxCare, though. The distribution
business always looked like a hard one to maintain over the long term -
that is why Red Hat was trying to be a web portal company. Services were
going to be the real gold mine, and LinuxCare was going to be at the top of
the Linux support industry. The company got money from left and right (a
funding round produced offers of ten times the target amount) and hired a
long list of well-known Linux hackers.
Need we say that LWN's editors paid a visit to LinuxCare during this time?
It was a hard time for LinuxCare to discuss acquisitions, since the IPO
process was already underway, but discuss they did. So we went to the
famous San Francisco headquarters. Your editor's memories from that day
are strong. LinuxCare was filled with hundreds of people who all believed
they were on the way toward an IPO that would exceed even VA Linux; suffice
to say they were happy about the prospect. Meanwhile, though, a couple
hundred of them were all working in a single not-very-large room called
"the barn"; it resembled, more than anything else, a school lunchroom
filled with long tables. Everybody worked on a laptop because there was no
room in their tiny piece of table space for anything else. They all
complained about having colds. It looked awful.
LinuxCare's negotiator was an ex-fighter jet pilot who retained the "top
gun" attitude. When valuations were discussed, we were told that offering
LinuxCare's pre-IPO shares at $50-60 each was being generous to us. Issues
like editorial control were not really even on the table. In the end, we
turned this deal down, but with a feeling like we were throwing a winning
lottery ticket in the trash. Of course, subsequent events showed that we
need not have worried about this particular missed opportunity.
- February 10, 2000:
Real-time Linux turns out to be patented. VA Linux acquires
Andover.Net. The KDE project moves to SourceForge. Atipa acquires
Enhanced Software Technologies. The Linux Fund announces that it will
be filing for an IPO.
The Andover.Net acquisition was announced at LinuxWorld in New York - LWN
was there, of course. The initial deal included a massive pile of cash to
be handed to Andover.Net's shareholders, but people questioned that handout
to the extent that it eventually went away. Andover.Net's owners had to content
themselves mostly with VA Linux shares, which, already, were worth considerably
less than they had been on IPO day. In the end, Andover.Net turned out to
be a good buy for VA Linux, once it became clear that the Linux-installed
computer business was harder than it had looked.
We were approached by a VA executive at LinuxWorld to see if we were
interested in maybe being acquired sometime. By then, though, we had so
many offers that we couldn't really give them all serious consideration.
So we did not pursue that opportunity.
But, at this event, we did talk with some representatives from ZDNet, who
were also looking for a Linux site to buy. The offer they made was, by
far, the most generous of any. By some reckoning, we should have taken it.
Certainly it would have come out better than most of the other options we
had. But ZDNet would have exercised more editorial control than we would
have liked, and, being already a public company, it didn't offer that IPO
"pop" that we somehow thought was our due. So we ended up not taking that
path.
- February 17, 2000: devfs
is merged into the mainline kernel. Also merged is the "softnet" core
networking rework. Remember, the kernel is in a feature freeze.
- February 24, 2000: Eazel
is founded with the goal of improving Linux usability.
To your editor, Eazel never made sense from the beginning. There was,
truly, no revenue model. Indeed, it seemed like a scam designed to draw
venture money for the purpose of writing Nautilus. To that extent it
succeeded, but the investors cannot have been happy in the end.
- March 2, 2000: Atipa
announces $30 million in investments.
- March 23, 2000: Caldera
Systems goes public; its share price merely doubles. The planned date
for LinuxCare's IPO passes with no offering.
- April 4, 2000: Linuxcare's
IPO is pushed back to April 24 - or so they say. EBIZ acquires
longtime Linux CD distributor InfoMagic. Atipa Linux Solutions
acquires DCG Computer Corp. Sendmail Inc. gets $35 million in
funding.
This was the point where LWN announced that it had been acquired
by a company called Tucows. We had, in fact, been talking with them for
some months, and had made the decision in February. It took some time,
though, for the lawyers to hammer out the final agreement. In the end, we
were probably exceedingly lucky: market conditions were going downhill in a
hurry by this point and, had the negotiations stretched out much longer,
Tucows might have started looking for reasons to back out of the deal.
Or maybe not. We went with Tucows for a number of reasons, but at the top
of the list was that they were clearly smart and decent people who,
while arguably being carried away by the bubble like the rest of us,
clearly had a functioning business underneath it all. Their acquisition of
LWN never yielded the benefits they were looking for, but the people at
Tucows always treated us well and we still count them as friends. Perhaps
we were smart, or perhaps we were just very lucky, but, in retrospect, we
came out of a complex, high-stakes process having made what was probably
the best possible decision.
The Tucows acquisition made it possible for LWN editors Rebecca Sobol and
Forrest Cook to join as regular staff members. It also positioned us
within a safe harbor for the dotcom crash, which was already in progress.
But the story of those years will be the subject of next week's
installment.
Comments (29 posted)
Page editor: Jonathan Corbet
Security
By Jake Edge
January 16, 2008
Security holes can sneak into code in surprising ways, even in highly
scrutinized codebases. Perhaps even more surprising is how long they can
persist in something as popular as the Linux kernel before someone
notices. The release of stable
kernels 2.6.22.16 and 2.6.23.14 this week are instructive for both of
those reasons.
The bug that led to the releases is fixed by a two
line patch, but might be exploitable to cause filesystem corruption.
If it were a bug in a driver for an obscure piece of hardware,
with relatively few users, it might have been less eye opening, but it was
in the Virtual File System (VFS) layer of the kernel. VFS is the
abstraction that allows all kernel filesystems to be used identically
regardless of their underlying implementation. The open() system
call is used to open any file on any type of filesystem; VFS is what makes
that work.
In fact it is the open() path that is affected by the bug.
Due to a faulty test, the bug allows directories to be opened for writing, which is generally a
recipe for disaster. It could also allow a file on a read-only filesystem
to be opened for writing – depending on the underlying filesystem
implementation, that could lead to corruption. In both cases, they are
only locally exploitable.
The bug was introduced in a change to support NFS in October of 2005 – more
than two years ago; all kernels since 2.6.15 are affected. The change
was aimed at making NFSv4 open calls be atomic (because an open is really a
lookup followed by an open), but also did some code reorganization that
changed the semantics of a flag variable. That variable was being used to
determine the access mode for directories and read-only filesystems, so
that change subtly broke the tests.
Part of the problem is that the tests are in a function called
may_open(), which takes two flag parameters:
int may_open(struct nameidata *nd, int acc_mode, int flag)
The incorrect code was using flag in the tests when it should have
been using acc_mode. Each of them is a bitmask of values that, on
first glance, might be easy to confuse – each is related to permissions.
The bit values for each have names like FMODE_WRITE and
MAY_WRITE, which would seem to have a fair amount of overlap. This
may explain why the problem was not spotted at the time it was introduced.
There may be no easy solution to this kind of problem – other than
more scrutiny. Using different types, rather than plain int, for
each flag might have helped, but since the tests were using the right kind
of bit values for flag, that is a somewhat hard sell.
Something unpleasant to consider in all of this is that this may not be the
first time this problem has been noticed. It may just have been the first time
it was noticed by someone who reported it. Folks with a malicious intent
are much less inclined to report bugs. This particular bug is not one that
would be particularly useful to attackers, but we would do well to remember
that fixing a two year old hole means that systems were vulnerable for all
that time. It is not only the good guys who can read code.
Comments (26 posted)
New vulnerabilities
apache: several vulnerabilities
| Package(s): | apache |
CVE #(s): | CVE-2007-5000
CVE-2007-6388
CVE-2008-0005
|
| Created: | January 15, 2008 |
Updated: | July 29, 2008 |
| Description: |
A flaw was found in the mod_imap module. On sites where mod_imap was
enabled and an imagemap file was publicly available, a cross-site scripting
attack was possible. (CVE-2007-5000)
A flaw was found in the mod_status module. On sites where mod_status was
enabled and the status pages were publicly available, a cross-site
scripting attack was possible. (CVE-2007-6388)
A flaw was found in the mod_proxy_ftp module. On sites where mod_proxy_ftp
was enabled and a forward proxy was configured, a cross-site scripting
attack was possible against Web browsers which did not correctly derive the
response character set following the rules in RFC 2616. (CVE-2008-0005) |
| Alerts: |
|
Comments (1 posted)
claws-mail: insecure temp file
| Package(s): | claws-mail |
CVE #(s): | CVE-2007-6208
|
| Created: | January 10, 2008 |
Updated: | January 16, 2008 |
| Description: |
Claws Mail creates temp files in an insecure manner.
This can be used by a local attacker to make a symlink
attack, allowing files with the local user's privileges
to be overwritten. |
| Alerts: |
|
Comments (none posted)
drupal: multiple vulnerabilities
| Package(s): | drupal |
CVE #(s): | |
| Created: | January 14, 2008 |
Updated: | January 16, 2008 |
| Description: |
From the Fedora advisory:
Update to 5.6, security fixes:
DRUPAL-SA-2008-005
DRUPAL-SA-2008-006
DRUPAL-SA-2008-007
see http://drupal.org/security for more information. |
| Alerts: |
|
Comments (none posted)
fail2ban: denial of service
| Package(s): | fail2ban |
CVE #(s): | CVE-2007-4321
|
| Created: | January 10, 2008 |
Updated: | January 16, 2008 |
| Description: |
From the Debian alert:
Daniel B. Cid discovered that fail2ban, a tool to block IP addresses
that cause login failures, is too liberal about parsing SSH log files,
allowing an attacker to block any IP address. |
| Alerts: |
|
Comments (none posted)
gforge: SQL injection
| Package(s): | gforge |
CVE #(s): | CVE-2008-0173
|
| Created: | January 14, 2008 |
Updated: | January 16, 2008 |
| Description: |
From the Debian advisory:
It was discovered that Gforge, a collaborative development tool, did not
properly sanitise some CGI parameters, allowing SQL injection in scripts
related to RSS exports. |
| Alerts: |
|
Comments (none posted)
httpd: cross-site scripting, denial of service
| Package(s): | httpd |
CVE #(s): | CVE-2007-6421
CVE-2007-6422
|
| Created: | January 15, 2008 |
Updated: | April 4, 2008 |
| Description: |
A flaw was found in the mod_proxy_balancer module. On sites where
mod_proxy_balancer was enabled, a cross-site scripting attack against an
authorized user was possible. (CVE-2007-6421)
A flaw was found in the mod_proxy_balancer module. On sites where
mod_proxy_balancer was enabled, an authorized user could send a carefully
crafted request that would cause the Apache child process handling that
request to crash. This could lead to a denial of service if using a
threaded Multi-Processing Module. (CVE-2007-6422) |
| Alerts: |
|
Comments (1 posted)
kernel: denial of service vulnerabilities
| Package(s): | kernel |
CVE #(s): | CVE-2007-4133
CVE-2007-5093
|
| Created: | January 12, 2008 |
Updated: | November 20, 2008 |
| Description: |
The (1) hugetlb_vmtruncate_list and (2) hugetlb_vmtruncate functions
in fs/hugetlbfs/inode.c in the Linux kernel before 2.6.19-rc4 perform
certain prio_tree calculations using HPAGE_SIZE instead of PAGE_SIZE
units, which allows local users to cause a denial of service (panic)
via unspecified vectors.
The disconnect method in the Philips USB Webcam (pwc) driver in Linux
kernel 2.6.x before 2.6.22.6 relies on user space to close the device,
which allows user-assisted local attackers to cause a denial of service
(USB subsystem hang and CPU consumption in khubd) by not closing the
device after the disconnect is invoked. NOTE: this rarely crosses
privilege boundaries, unless the attacker can convince the victim to
unplug the affected device. |
| Alerts: |
|
Comments (none posted)
libxml2: denial of service
| Package(s): | libxml2 |
CVE #(s): | CVE-2007-6284
|
| Created: | January 11, 2008 |
Updated: | January 31, 2008 |
| Description: |
A denial of service flaw was found in the way libxml2 processes certain
content. If an application linked against libxml2 processes malformed XML
content, it could cause the application to stop responding. |
| Alerts: |
|
Comments (none posted)
moodle: cross-site scripting
| Package(s): | moodle |
CVE #(s): | CVE-2008-0123
|
| Created: | January 16, 2008 |
Updated: | November 12, 2008 |
| Description: |
Moodle suffers from a cross-site scripting vulnerability which is only open during the install process. |
| Alerts: |
|
Comments (none posted)
openafs: denial of service
| Package(s): | openafs |
CVE #(s): | CVE-2007-6599
|
| Created: | January 10, 2008 |
Updated: | January 25, 2008 |
| Description: |
From the Gentoo advisory:
Russ Allbery, Jeffrey Altman, Dan Hyde and Thomas Mueller discovered a
race condition due to an improper handling of the clients callbacks
lists.
A remote attacker could construct cases which trigger the race
condition, resulting in a server crash. |
| Alerts: |
|
Comments (none posted)
paramiko: insecure random pool usage
| Package(s): | paramiko |
CVE #(s): | CVE-2008-0299
|
| Created: | January 16, 2008 |
Updated: | March 4, 2008 |
| Description: |
Programs which keep more than one paramiko connection open may leak random pool information. |
| Alerts: |
|
Comments (none posted)
R: buffer overflows
| Package(s): | R |
CVE #(s): | |
| Created: | January 10, 2008 |
Updated: | January 16, 2008 |
| Description: |
The R language has a copy of PCRE, that has a number of buffer
overflow and memory corruption vulnerabilities. If an attacker creates
specially crafted regular expressions, it may be possible to create a
denial of service, execute arbitrary code or disclose unauthorized
information. |
| Alerts: |
|
Comments (none posted)
xfce4: multiple vulnerabilities
| Package(s): | xfce4 |
CVE #(s): | CVE-2007-6531
CVE-2007-6532
|
| Created: | January 10, 2008 |
Updated: | January 16, 2008 |
| Description: |
From the Gentoo alert:
Gregory Andersen reported that the Xfce4 panel does not correctly
calculate memory boundaries, leading to a stack-based buffer overflow
in the launcher_update_panel_entry() function (CVE-2007-6531). Daichi
Kawahata reported libxfcegui4 did not copy provided values when
creating "SessionClient" structs, possibly leading to access of freed
memory areas (CVE-2007-6532). |
| Alerts: |
|
Comments (none posted)
xine-lib: buffer overflow
| Package(s): | xine-lib |
CVE #(s): | CVE-2008-0225
|
| Created: | January 16, 2008 |
Updated: | August 7, 2008 |
| Description: |
xine-lib contains a buffer overflow which could be exploited (via a specially-crafted stream) to execute arbitrary code; see this advisory for more information. |
| Alerts: |
|
Comments (none posted)
Updated vulnerabilities
acroread: multiple vulnerabilities
| Package(s): | acroread |
CVE #(s): | CVE-2006-5857
CVE-2007-0045
CVE-2007-0046
|
| Created: | January 11, 2007 |
Updated: | October 26, 2009 |
| Description: |
Adobes acrobat reader has the following vulnerabilities:
The Adobe Reader Plugin has a cross site scripting vulnerability that
can be triggered by processes malformed URLs. Arbitrary JavaScript can
be served by a malicious web server, leading to a cross-site scripting
attack.
Maliciously crafted PDF files can be used to trigger two vulnerabilities,
if an attacker can trick a user into viewing the files, arbitrary code
can be executed with the user's privileges. |
| Alerts: |
|
Comments (1 posted)
apache2: information disclosure
| Package(s): | apache |
CVE #(s): | CVE-2007-1862
|
| Created: | June 20, 2007 |
Updated: | February 18, 2008 |
| Description: |
From the Mandriva advisory: "The recall_headers function in mod_mem_cache in Apache 2.2.4 does not
properly copy all levels of header data, which can cause Apache to
return HTTP headers containing previously-used data, which could be
used to obtain potentially sensitive information by unauthorized users." |
| Alerts: |
|
Comments (2 posted)
apache: multiple vulnerabilities
| Package(s): | apache |
CVE #(s): | CVE-2007-3304
CVE-2006-5752
|
| Created: | June 27, 2007 |
Updated: | February 18, 2008 |
| Description: |
The Apache HTTP Server did not verify that a process was an Apache child
process before sending it signals. A local attacker who has the ability to
run scripts on the Apache HTTP Server could manipulate the scoreboard and
cause arbitrary processes to be terminated, which could lead to a denial of
service. (CVE-2007-3304)
A flaw was found in the Apache HTTP Server mod_status module. Sites with
the server-status page publicly accessible and ExtendedStatus enabled were
vulnerable to a cross-site scripting attack. On Red Hat Enterprise Linux
the server-status page is not enabled by default and it is best practice to
not make this publicly available. (CVE-2006-5752) |
| Alerts: |
|
Comments (1 posted)
apache: cross-site scripting
| Package(s): | apache |
CVE #(s): | CVE-2006-3918
|
| Created: | August 9, 2006 |
Updated: | April 4, 2008 |
| Description: |
From the Red Hat advisory: "A bug was found in Apache where an invalid Expect header sent to the server
was returned to the user in an unescaped error message. This could
allow an attacker to perform a cross-site scripting attack if a victim was
tricked into connecting to a site and sending a carefully crafted Expect
header." |
| Alerts: |
|
Comments (none posted)
apache2: denial of service
| Package(s): | apache2 |
CVE #(s): | CVE-2007-1863
|
| Created: | November 19, 2007 |
Updated: | February 18, 2008 |
| Description: |
From the CVE entry:
cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value. |
| Alerts: |
|
Comments (1 posted)
httpd: denial of service, cross-site scripting
| Package(s): | apache httpd |
CVE #(s): | CVE-2007-3847
CVE-2007-4465
|
| Created: | September 25, 2007 |
Updated: | February 15, 2008 |
| Description: |
A flaw was found in the mod_proxy module. On sites where a reverse proxy is
configured, a remote attacker could send a carefully crafted request that
would cause the Apache child process handling that request to crash. On
sites where a forward proxy is configured, an attacker could cause a
similar crash if a user could be persuaded to visit a malicious site using
the proxy. This could lead to a denial of service if using a threaded
Multi-Processing Module. (CVE-2007-3847)
A flaw was found in the mod_autoindex module. On sites where directory
listings are used, and the AddDefaultCharset directive has been removed
from the configuration, a cross-site-scripting attack may be possible
against browsers which do not correctly derive the response character set
following the rules in RFC 2616. (CVE-2007-4465) |
| Alerts: |
|
Comments (none posted)
Asterisk: denial of service
| Package(s): | asterisk |
CVE #(s): | |
| Created: | January 4, 2008 |
Updated: | January 9, 2008 |
| Description: |
Asterisk has issued a
security advisory on a remote crash vulnerability in the SIP channel
driver. |
| Alerts: |
|
Comments (none posted)
asterisk: possible SQL injection
| Package(s): | asterisk |
CVE #(s): | CVE-2007-6170
|
| Created: | December 3, 2007 |
Updated: | April 15, 2008 |
| Description: |
Tilghman Lesher discovered that the logging engine of Asterisk, a free
software PBX and telephony toolkit, performs insufficient sanitizing of
call-related data, which may lead to SQL injection. |
| Alerts: |
|
Comments (none posted)
autofs: privilege escalation
| Package(s): | autofs |
CVE #(s): | CVE-2007-6285
|
| Created: | December 21, 2007 |
Updated: | January 14, 2008 |
| Description: |
The default configuration for autofs 5 (autofs5) on Red Hat Enterprise
Linux (RHEL) 4 and 5 does not specify the nodev mount option for the -hosts
map, which allows local users to access "important devices" by operating a
remote NFS server and creating special device files on that server. |
| Alerts: |
|
Comments (1 posted)
autofs: insecure default configuration
| Package(s): | autofs |
CVE #(s): | CVE-2007-5964
|
| Created: | December 12, 2007 |
Updated: | January 14, 2008 |
| Description: |
Versions of the autofs automounter daemon as shipped by Red Hat (and possibly other distributors) are installed with an insecure configuration; in particular, the "hosts" map lacks the "nosuid" option, allowing an attacker who has control over an NFS server to run setuid programs on vulnerable systems. |
| Alerts: |
|
Comments (none posted)
avahi: denial of service
| Package(s): | avahi |
CVE #(s): | CVE-2007-3372
|
| Created: | June 28, 2007 |
Updated: | December 23, 2008 |
| Description: |
Avahi is vulnerable to a local denial of service that can be caused by
making an erroneous call to the assert() function. |
| Alerts: |
|
Comments (none posted)
bind: insecure permissions
| Package(s): | bind |
CVE #(s): | CVE-2007-6283
|
| Created: | December 21, 2007 |
Updated: | July 10, 2008 |
| Description: |
Red Hat Enterprise Linux 5 and Fedora install the Bind /etc/rndc.key file
with world-readable permissions, which allows local users to perform
unauthorized named commands, such as causing a denial of service by
stopping named. |
| Alerts: |
|
Comments (1 posted)
cacti: SQL injection vulnerability
| Package(s): | cacti |
CVE #(s): | CVE-2007-6035
|
| Created: | November 22, 2007 |
Updated: | February 18, 2008 |
| Description: |
Versions of Cacti prior to 0.8.7a have an SQL injection vulnerability.
Remote attackers can execute arbitrary SQL commands via unspecified vectors. |
| Alerts: |
|
Comments (none posted)
cacti: denial of service
| Package(s): | cacti |
CVE #(s): | CVE-2007-3112
CVE-2007-3113
|
| Created: | September 18, 2007 |
Updated: | December 16, 2009 |
| Description: |
A vulnerability in Cacti 0.8.6i and earlier versions allows remote
authenticated users to cause a denial of service (CPU consumption) via
large values of the graph_start, graph_end, graph_height, or graph_width
parameters. |
| Alerts: |
|
Comments (none posted)
cairo: integer overflow
| Package(s): | Cairo |
CVE #(s): | CVE-2007-5503
|
| Created: | November 29, 2007 |
Updated: | April 10, 2008 |
| Description: |
Cairo has an integer overflow vulnerability in the PNG image processing
code. If a user processes a specially crafted PNG image with an
application that is linked against cairo, arbitrary code can be executed
with the user's privileges. |
| Alerts: |
|
Comments (none posted)
clamav: denial of service
| Package(s): | clamav |
CVE #(s): | CVE-2007-3725
|
| Created: | July 24, 2007 |
Updated: | February 27, 2008 |
| Description: |
A NULL pointer dereference has been discovered in the RAR VM of Clam
Antivirus (ClamAV) which allows user-assisted remote attackers to
cause a denial of service via a specially crafted RAR archives. |
| Alerts: |
|
Comments (none posted)
clamav: multiple vulnerabilities
| Package(s): | clamav |
CVE #(s): | CVE-2007-4510
CVE-2007-4560
|
| Created: | September 3, 2007 |
Updated: | February 13, 2008 |
| Description: |
Several remote vulnerabilities have been discovered in the Clam anti-virus
toolkit. The Common Vulnerabilities and Exposures project identifies the
following problems:
CVE-2007-4510:
It was discovered that the RTF and RFC2397 parsers can be tricked
into dereferencing a NULL pointer, resulting in denial of service.
CVE-2007-4560:
It was discovered clamav-milter performs insufficient input
sanitizing, resulting in the execution of arbitrary shell commands.
|
| Alerts: |
|
Comments (none posted)
clamav: mystery vulnerability
| Package(s): | clamav |
CVE #(s): | CVE-2007-6337
|
| Created: | December 31, 2007 |
Updated: | January 22, 2008 |
| Description: |
Clamav contains "an unspecified vulnerability" associated with the bzip2 decompression code. |
| Alerts: |
|
Comments (1 posted)
clamav: integer overflow and off-by-one
| Package(s): | clamav |
CVE #(s): | CVE-2007-6335
CVE-2007-6336
|
| Created: | December 19, 2007 |
Updated: | July 17, 2008 |
| Description: |
ClamAV contains integer overflow and off-by-one errors which could be exploited (via specially-crafted email) to execute arbitrary code. |
| Alerts: |
|
Comments (none posted)
cpio: arbitrary code execution
| Package(s): | cpio |
CVE #(s): | CVE-2005-4268
|
| Created: | January 2, 2006 |
Updated: | March 17, 2010 |
| Description: |
Richard Harms discovered that cpio did not sufficiently validate file
properties when creating archives. Files with e. g. a very large size
caused a buffer overflow. By tricking a user or an automatic backup
system into putting a specially crafted file into a cpio archive, a
local attacker could probably exploit this to execute arbitrary code
with the privileges of the target user (which is likely root in an
automatic backup system). |
| Alerts: |
|
Comments (none posted)
vixie-cron: privilege escalation
| Package(s): | cron |
CVE #(s): | CVE-2006-2607
|
| Created: | May 31, 2006 |
Updated: | June 1, 2009 |
| Description: |
The Vixie cron daemon does not check the return code from setuid(); if that call can be made to fail, a local attacker may be able to execute commands as root. |
| Alerts: |
|
Comments (1 posted)
cscope: buffer overflows
| Package(s): | cscope |
CVE #(s): | CVE-2006-4262
|
| Created: | October 2, 2006 |
Updated: | June 16, 2009 |
| Description: |
Will Drewry of the Google Security Team discovered several buffer overflows
in cscope, a source browsing tool, which might lead to the execution of
arbitrary code. |
| Alerts: |
|
Comments (none posted)
cscope: buffer overflows
| Package(s): | cscope |
CVE #(s): | CVE-2004-2541
|
| Created: | May 22, 2006 |
Updated: | June 19, 2009 |
| Description: |
A buffer overflow in Cscope 15.5, and possibly multiple overflows, allows
remote attackers to execute arbitrary code via a C file with a long
#include line that is later browsed by the target. |
| Alerts: |
|
Comments (1 posted)
cups: denial of service
| Package(s): | cups |
CVE #(s): | CVE-2007-0720
|
| Created: | March 26, 2007 |
Updated: | February 7, 2008 |
| Description: |
Previous versions of the cups package could be forced to hang via a client
"partially negotiating" an ssl connection. In this state, cups would not
allow other connections to be made, a denial of service. |
| Alerts: |
|
Comments (none posted)
cups: buffer overflow
| Package(s): | cups |
CVE #(s): | CVE-2007-5848
|
| Created: | January 7, 2008 |
Updated: | February 27, 2008 |
| Description: |
From the CVE entry:
Buffer overflow in CUPS in Apple Mac OS X 10.4.11 allows local admin users to execute arbitrary code via a crafted URI to the CUPS service.
From the rPath advisory:
Previous versions of the cups package contain a buffer-overflow
weakness. It is not believed that this weakness can be exploited
to execute malicious code. |
| Alerts: |
|
Comments (1 posted)
cups: multiple vulnerabilities
Comments (none posted)
debian-goodies: privilege escalation
| Package(s): | debian-goodies |
CVE #(s): | CVE-2007-3912
|
| Created: | October 5, 2007 |
Updated: | March 24, 2008 |
| Description: |
Thomas de Grenier de Latour discovered that the checkrestart program included
in debian-goodies did not correctly handle shell meta-characters. A local
attacker could exploit this to gain the privileges of the user running
checkrestart. |
| Alerts: |
|
Comments (none posted)
Django: denial of service
| Package(s): | Django |
CVE #(s): | CVE-2007-5712
|
| Created: | November 12, 2007 |
Updated: | September 22, 2008 |
| Description: |
From the CVE notice:
The internationalization (i18n) framework in Django 0.91, 0.95, 0.95.1, and 0.96, and as used in other products such as PyLucid, when the USE_I18N option and the i18n component are enabled, allows remote attackers to cause a denial of service (memory consumption) via many HTTP requests with large Accept-Language headers. |
| Alerts: |
|
Comments (none posted)
dovecot: privilege escalation
| Package(s): | dovecot |
CVE #(s): | CVE-2007-4211
|
| Created: | August 15, 2007 |
Updated: | May 21, 2008 |
| Description: |
From the rPath advisory: "Previous versions of the dovecot package are vulnerable to a
minor privilege escalation attack in which an authenticated
user may exploit an ACL plugin weakness to save message flags
without having proper permissions." |
| Alerts: |
|
Comments (none posted)
dovecot: directory traversal
| Package(s): | dovecot |
CVE #(s): | CVE-2007-2231
|
| Created: | May 8, 2007 |
Updated: | May 21, 2008 |
| Description: |
Directory traversal vulnerability in index/mbox/mbox-storage.c in Dovecot
before 1.0.rc29, when using the zlib plugin, allows remote attackers to
read arbitrary gzipped (.gz) mailboxes (mbox files) via a .. (dot dot)
sequence in the mailbox name. |
| Alerts: |
|
Comments (none posted)
dovecot: multiple vulnerabilities
| Package(s): | dovecot |
CVE #(s): | CVE-2007-6598
|
| Created: | January 3, 2008 |
Updated: | October 7, 2008 |
| Description: |
Dovecot has multiple vulnerabilities including an issue involving the
confusion between LDAP-authenticated logins across users with the
same password and a denial of service involving a connecting user. |
| Alerts: |
|
Comments (none posted)
e2fsprogs: integer overflows
| Package(s): | e2fsprogs |
CVE #(s): | CVE-2007-5497
|
| Created: | December 7, 2007 |
Updated: | February 12, 2008 |
| Description: |
Rafal Wojtczuk of McAfee AVERT Research discovered that e2fsprogs,
ext2 file system utilities and libraries, contained multiple
integer overflows in memory allocations, based on sizes taken directly
from filesystem information. These could result in heap-based
overflows potentially allowing the execution of arbitrary code. |
| Alerts: |
|
Comments (none posted)
eggdrop: stack-based buffer overflow
| Package(s): | eggdrop |
CVE #(s): | CVE-2007-2807
|
| Created: | September 7, 2007 |
Updated: | December 8, 2009 |
| Description: |
A stack-based buffer overflow in mod/server.mod/servrmsg.c in Eggdrop
1.6.18, and possibly earlier, allows user-assisted, malicious remote IRC
servers to execute arbitrary code via a long private message. |
| Alerts: |
|
Comments (none posted)
elinks: code execution
| Package(s): | elinks |
CVE #(s): | CVE-2007-2027
|
| Created: | May 7, 2007 |
Updated: | October 30, 2009 |
| Description: |
Arnaud Giersch discovered that elinks incorrectly attempted to load
gettext catalogs from a relative path. If a user were tricked into
running elinks from a specific directory, a local attacker could execute
code with user privileges. |
| Alerts: |
|
Comments (none posted)
elinks: arbitrary file access
| Package(s): | elinks |
CVE #(s): | CVE-2006-5925
|
| Created: | November 16, 2006 |
Updated: | October 22, 2009 |
| Description: |
The elinks text-mode browser has an arbitrary file access vulnerability
in the Elinks SMB protocol handler. If a user can be tricked into
visiting a specially crafted web page, arbitrary files may be read or
written with the user's permissions. |
| Alerts: |
|
Comments (none posted)
emacs: buffer overflow
| Package(s): | emacs |
CVE #(s): | CVE-2007-6109
|
| Created: | December 10, 2007 |
Updated: | May 6, 2008 |
| Description: |
From the National Vulnerability Database:
Buffer overflow in emacs allows attackers to have an unknown impact, as demonstrated via a vector involving the command line. |
| Alerts: |
|
Comments (none posted)
emacs: command execution via local variables
| Package(s): | emacs |
CVE #(s): | CVE-2007-5795
|
| Created: | November 14, 2007 |
Updated: | February 5, 2008 |
| Description: |
From the original Debian problem report: "In Debian's version of GNU Emacs 22.1+1-2, the `hack-local-variables'
function does not behave correctly when `enable-local-variables' is
set to :safe. The documentation of `enable-local-variables' states
that the value :safe means to set only safe variables, as determined
by `safe-local-variable-p' and `risky-local-variable-p' (and the data
driving them), but Emacs ignores this and instead sets all the local
variables." When this setting (which is not the default) is in effect, opening a hostile file could lead to the execution of arbitrary commands. |
| Alerts: |
|
Comments (1 posted)
evolution: format string error
| Package(s): | evolution |
CVE #(s): | CVE-2007-1002
|
| Created: | March 27, 2007 |
Updated: | February 27, 2008 |
| Description: |
A format string error in the "write_html()" function in calendar/gui/
e-cal-component-memo-preview.c when displaying a memo's categories can
potentially be exploited to execute arbitrary code via a specially crafted
shared memo containing format specifiers. |
| Alerts: |
|
Comments (1 posted)
pop mail man-in-the-middle attacks
| Package(s): | evolution thunderbird mutt fetchmail |
CVE #(s): | CVE-2007-1558
|
| Created: | May 8, 2007 |
Updated: | July 3, 2009 |
| Description: |
The APOP protocol allows remote attackers to guess the first 3 characters
of a password via man-in-the-middle (MITM) attacks that use crafted message
IDs and MD5 collisions. NOTE: this design-level issue potentially affects
all products that use APOP, including (1) Thunderbird, (2) Evolution, (3)
mutt, and (4) fetchmail. |
| Alerts: |
|
Comments (none posted)
exiftags: multiple vulnerabilities
| Package(s): | exiftags |
CVE #(s): | CVE-2007-6354
CVE-2007-6355
CVE-2007-6356
|
| Created: | December 31, 2007 |
Updated: | April 1, 2008 |
| Description: |
From the Gentoo advisory: Meder Kydyraliev (Google Security) discovered that Exif metadata is not
properly sanitized before being processed, resulting in illegal memory
access in the postprop() and other functions (CVE-2007-6354). He also
discovered integer overflow vulnerabilities in the parsetag() and other
functions (CVE-2007-6355) and an infinite recursion in the readifds()
function caused by recursive IFD references (CVE-2007-6356). |
| Alerts: |
|
Comments (none posted)
exiv2: integer overflow
| Package(s): | exiv2 |
CVE #(s): | CVE-2007-6353
|
| Created: | December 21, 2007 |
Updated: | October 15, 2008 |
| Description: |
Integer overflow in exif.cpp in exiv2 library allows context-dependent attackers to execute arbitrary code via a crafted EXIF file that triggers a heap-based buffer overflow. |
| Alerts: |
|
Comments (none posted)
fetchmail: denial of service
| Package(s): | fetchmail |
CVE #(s): | CVE-2007-4565
|
| Created: | September 5, 2007 |
Updated: | October 30, 2009 |
| Description: |
fetchmail before 6.3.9 allows context-dependent attackers to cause a denial of service (NULL dereference and application crash) by refusing certain warning messages that are sent over SMTP. |
| Alerts: |
|
Comments (none posted)
firebird: buffer overflow
| Package(s): | firebird |
CVE #(s): | CVE-2007-3181
|
| Created: | July 2, 2007 |
Updated: | March 27, 2008 |
| Description: |
The Firebird DBMS has a buffer overflow vulnerability involving
the processing of connect requests with an overly large p_cnct_count
value. Remote attackers can send a specially crafted
request to the server in order to potentially execute arbitrary code with
the permissions of the Firebird user. |
| Alerts: |
|
Comments (none posted)
firefox: multiple vulnerabilities
| Package(s): | firefox |
CVE #(s): | CVE-2007-3844
CVE-2007-3845
|
| Created: | August 1, 2007 |
Updated: | February 20, 2008 |
| Description: |
A flaw was discovered in handling of "about:blank" windows used by
addons. A malicious web site could exploit this to modify the contents,
or steal confidential data (such as passwords), of other web pages.
(CVE-2007-3844)
Jesper Johansson discovered that spaces and double-quotes were
not correctly handled when launching external programs. In rare
configurations, after tricking a user into opening a malicious web page,
an attacker could execute helpers with arbitrary arguments with the
user's privileges. (CVE-2007-3845) |
| Alerts: |
|
Comments (none posted)
firefox: multiple vulnerabilities
| Package(s): | firefox seamonkey |
CVE #(s): | CVE-2007-5947
CVE-2007-5959
CVE-2007-5960
|
| Created: | November 27, 2007 |
Updated: | March 3, 2008 |
| Description: |
A cross-site scripting flaw was found in the way Firefox handled the
jar: URI scheme. It was possible for a malicious website to leverage this
flaw and conduct a cross-site scripting attack against a user running
Firefox. (CVE-2007-5947)
Several flaws were found in the way Firefox processed certain malformed web
content. A webpage containing malicious content could cause Firefox to
crash, or potentially execute arbitrary code as the user running Firefox.
(CVE-2007-5959)
A race condition existed when Firefox set the "window.location" property
for a webpage. This flaw could allow a webpage to set an arbitrary Referer
header, which may lead to a Cross-site Request Forgery (CSRF) attack
against websites that rely only on the Referer header for protection.
(CVE-2007-5960)
|
| Alerts: |
|
Comments (1 posted)
firefox, thunderbird, seamonkey: multiple vulnerabilities
| Package(s): | firefox, thunderbird, seamonkey |
CVE #(s): | CVE-2007-3738
CVE-2007-3656
CVE-2007-3670
CVE-2007-3285
CVE-2007-3737
CVE-2007-3089
CVE-2007-3736
CVE-2007-3734
CVE-2007-3735
|
| Created: | July 18, 2007 |
Updated: | May 12, 2008 |
| Description: |
shutdown and moz_bug_r_a4 reported two separate ways to modify an
XPCNativeWrapper such that subsequent access by the browser would result in
executing user-supplied code. (CVE-2007-3738)
Michal Zalewski reported that it was possible to bypass the same-origin
checks and read from cached (wyciwyg) documents It is possible to access
wyciwyg:// documents without proper same domain policy checks through the
use of HTTP 302 redirects. This enables the attacker to steal sensitive
data displayed on dynamically generated pages; perform cache poisoning; and
execute own code or display own content with URL bar and SSL certificate
data of the attacked page (URL spoofing++). (CVE-2007-3656)
Internet Explorer calls registered URL protocols without escaping quotes
and may be used to pass unexpected and potentially dangerous data to the
application that registers that URL Protocol. (CVE-2007-3670)
Ronald van den Heetkamp reported that a filename URL containing %00
(encoded null) can cause Firefox to interpret the file extension
differently than the underlying Windows operating system potentially
leading to unsafe actions such as running a program. This is only
accessible locally. (CVE-2007-3285)
An attacker can use an element outside of a document to call an event
handler allowing content to run arbitrary code with chrome
privileges. (CVE-2007-3737)
Ronen Zilberman and Michal Zalewski both reported that it was possible to
exploit a timing issue to inject content into about:blank frames in a
page. When opening a window from a script, it is possible to spoof the
content of the newly opened window's frames within a short time frame,
while the window is loading. (CVE-2007-3089)
Mozilla contributor moz_bug_r_a4 demonstrated that the methods
addEventListener and setTimeout could be used to inject script into another
site in violation of the browser's same-origin policy. This could be used
to access or modify private or valuable information from that other
site. (CVE-2007-3736)
As part of the Firefox 2.0.0.5 update releases Mozilla developers fixed
many bugs to improve the stability of the product. Some of these crashes
that showed evidence of memory corruption under certain circumstances and
we presume that with enough effort at least some of these could be
exploited to run arbitrary code. Note: Thunderbird shares the browser
engine with Firefox and could be vulnerable if JavaScript were to be
enabled in mail. This is not the default setting and we strongly discourage
users from running JavaScript in mail. Without further investigation we
cannot rule out the possibility that for some of these an attacker might be
able to prepare memory for exploitation through some means other than
JavaScript, such as large images. (CVE-2007-3734, CVE-2007-3735) |
| Alerts: |
|
Comments (none posted)
flac: arbitrary code execution
| Package(s): | flac |
CVE #(s): | CVE-2007-4619
|
| Created: | October 22, 2007 |
Updated: | January 21, 2008 |
| Description: |
From the Red Hat advisory:
A security flaw was found in the way flac processed audio data. An
attacker could create a carefully crafted FLAC audio file in such a way that
it could cause an application linked with flac libraries to crash or execute
arbitrary code when it was opened. (CVE-2007-4619)
|
| Alerts: |
|
Comments (none posted)
flash-plugin: lots of problems
Comments (3 posted)
freetype: arbitrary code execution
| Package(s): | freetype |
CVE #(s): | CVE-2007-2754
|
| Created: | May 24, 2007 |
Updated: | June 1, 2010 |
| Description: |
The Freetype font rendering library versions 2.3.4 and below
has an integer sign error. Remote attackers may be able to
create a specially crafted TrueType Font file with a negative
n_points value that will cause an integer overflow and heap-based
buffer overflow, allowing the execution of arbitrary code. |
| Alerts: |
|
Comments (none posted)
freetype: integer overflows
| Package(s): | freetype |
CVE #(s): | CVE-2006-0747
CVE-2006-1861
CVE-2006-2493
CVE-2006-2661
CVE-2006-3467
|
| Created: | June 8, 2006 |
Updated: | June 1, 2010 |
| Description: |
The FreeType library has several integer overflow vulnerabilities.
If a user can be tricked into installing a specially
crafted font file, arbitrary code can be executed with the privilege
of the user. |
| Alerts: |
|
Comments (none posted)
gallery2: multiple vulnerabilities
| Package(s): | gallery2 |
CVE #(s): | CVE-2007-6685
CVE-2007-6686
CVE-2007-6687
CVE-2007-6688
CVE-2007-6689
CVE-2007-6690
CVE-2007-6691
CVE-2007-6692
CVE-2007-6693
|
| Created: | December 27, 2007 |
Updated: | February 12, 2008 |
| Description: |
Versions of the Gallery photo management application before 2.2.4
have the following vulnerabilities: (1) an unauthorized album creation and file upload, (2) a local file inclusion vulnerability, (3) several cross site scripting vulnerabilities, (4) a web-accessibility protection problem,
(5) problems with checks for disallowed file
extensions with file uploads, (6) missing permissions checks on GR commands,
(7) several information disclosures, (8) an arbitrary URL redirection
problem and (9) a proxied request weakness. |
| Alerts: |
|
Comments (none posted)
gcc: file overwrite vulnerability
| Package(s): | gcc |
CVE #(s): | CVE-2006-3619
|
| Created: | September 6, 2006 |
Updated: | March 14, 2008 |
| Description: |
The fastjar utility found in the GNU compiler collection does not perform adequate file path checking, allowing the creation or overwriting of files outside of the current directory tree. |
| Alerts: |
|
Comments (none posted)
gd: buffer overflow
| Package(s): | gd |
CVE #(s): | CVE-2007-0455
|
| Created: | February 7, 2007 |
Updated: | November 18, 2009 |
| Description: |
The gd graphics library contains a buffer overflow which could enable a remote attacker to execute arbitrary code. Note that various other packages include code from gd and could also be vulnerable. |
| Alerts: |
|
Comments (2 posted)
gd: multiple vulnerabilities
| Package(s): | gd |
CVE #(s): | CVE-2007-3472
CVE-2007-3473
CVE-2007-3474
CVE-2007-3475
CVE-2007-3476
CVE-2007-3477
CVE-2007-3478
|
| Created: | August 6, 2007 |
Updated: | November 6, 2009 |
| Description: |
Integer overflow in gdImageCreateTrueColor function in the GD Graphics
Library (libgd) before 2.0.35 allows user-assisted remote attackers
to have unspecified remote attack vectors and impact. (CVE-2007-3472)
The gdImageCreateXbm function in the GD Graphics Library (libgd)
before 2.0.35 allows user-assisted remote attackers to cause a denial
of service (crash) via unspecified vectors involving a gdImageCreate
failure. (CVE-2007-3473)
Multiple unspecified vulnerabilities in the GIF reader in the
GD Graphics Library (libgd) before 2.0.35 allow user-assisted
remote attackers to have unspecified attack vectors and
impact. (CVE-2007-3474)
The GD Graphics Library (libgd) before 2.0.35 allows user-assisted
remote attackers to cause a denial of service (crash) via a GIF image
that has no global color map. (CVE-2007-3475)
Array index error in gd_gif_in.c in the GD Graphics Library (libgd)
before 2.0.35 allows user-assisted remote attackers to cause
a denial of service (crash and heap corruption) via large color
index values in crafted image data, which results in a segmentation
fault. (CVE-2007-3476)
The (a) imagearc and (b) imagefilledarc functions in GD Graphics
Library (libgd) before 2.0.35 allows attackers to cause a denial
of service (CPU consumption) via a large (1) start or (2) end angle
degree value. (CVE-2007-3477)
Race condition in gdImageStringFTEx (gdft_draw_bitmap) in gdft.c in the
GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote
attackers to cause a denial of service (crash) via unspecified vectors,
possibly involving truetype font (TTF) support. (CVE-2007-3478) |
| Alerts: |
|
Comments (none posted)
gd: denial of service
| Package(s): | gd |
CVE #(s): | CVE-2007-2756
|
| Created: | June 14, 2007 |
Updated: | February 28, 2008 |
| Description: |
Libgd2 has a denial of service vulnerability involving the incorrect
validation of PNG callback results. If an application that is linked
against libgd2 is used to process a specially-crafted PNG file,
a denial of service involving CPU resource consumption can be
caused. |
| Alerts: |
|
Comments (none posted)
gedit: format string vulnerability
| Package(s): | gedit |
CVE #(s): | CAN-2005-1686
|
| Created: | June 9, 2005 |
Updated: | February 5, 2009 |
| Description: |
A format string vulnerability has been discovered in gedit. Calling
the program with specially crafted file names caused a buffer
overflow, which could be exploited to execute arbitrary code with the
privileges of the gedit user. |
| Alerts: |
|
Comments (1 posted)
gftp: buffer overflows
| Package(s): | gftp |
CVE #(s): | CVE-2007-3962
CVE-2007-3961
|
| Created: | November 2, 2007 |
Updated: | January 22, 2008 |
| Description: |
Kalle Olavi Niemitalo discovered two boundary errors in fsplib code
included in gFTP when processing overly long directory or file names. A
remote attacker could trigger these vulnerabilities by enticing a user to
download a file with a specially crafted directory or file name, possibly
resulting in the execution of arbitrary code (CVE-2007-3962) or a Denial of
Service (CVE-2007-3961). |
| Alerts: |
|
Comments (none posted)
gimp: multiple vulnerabilities
| Package(s): | gimp |
CVE #(s): | CVE-2007-2949
|
| Created: | June 28, 2007 |
Updated: | February 27, 2008 |
| Description: |
The gimp image editor has several vulnerabilities, including
a problem where it can open PSD files with excessive dimensions
and a possible stack overflow in the Sunras loader. |
| Alerts: |
|
Comments (none posted)
gnome-screensaver: keyboard lock bypass
| Package(s): | gnome-screensaver |
CVE #(s): | CVE-2007-3920
|
| Created: | October 24, 2007 |
Updated: | October 15, 2009 |
| Description: |
From the Ubuntu advisory:
Jens Askengren discovered that gnome-screensaver became confused when
running under Compiz, and could lose keyboard lock focus. A local
attacker could exploit this to bypass the user's locked screen saver. |
| Alerts: |
|
Comments (none posted)
openssh: inappropriate use of trusted cookies
| Package(s): | gnome-ssh-askpass openssh |
CVE #(s): | CVE-2007-4752
|
| Created: | September 11, 2007 |
Updated: | August 25, 2008 |
| Description: |
OpenSSH in versions prior
4.7 could use a trusted X11 cookie if the creation of an untrusted
cookie failed. |
| Alerts: |
|
Comments (none posted)
grip: buffer overflow
| Package(s): | grip |
CVE #(s): | CAN-2005-0706
|
| Created: | March 10, 2005 |
Updated: | November 19, 2008 |
| Description: |
Grip, a CD ripper, has a buffer overflow vulnerability that can
occur when the CDDB server returns more than 16 matches. |
| Alerts: |
|
Comments (none posted)
gzip: multiple vulnerabilities
| Package(s): | gzip |
CVE #(s): | CVE-2006-4334
CVE-2006-4335
CVE-2006-4336
CVE-2006-4337
CVE-2006-4338
|
| Created: | September 19, 2006 |
Updated: | January 20, 2010 |
| Description: |
Tavis Ormandy of the Google Security Team discovered two denial of service
flaws in the way gzip expanded archive files. If a victim expanded a
specially crafted archive, it could cause the gzip executable to hang or
crash.
Tavis Ormandy of the Google Security Team discovered several code execution
flaws in the way gzip expanded archive files. If a victim expanded a
specially crafted archive, it could cause the gzip executable to crash or
execute arbitrary code. |
| Alerts: |
|
Comments (1 posted)
horde-kronolith: local file inclusion
| Package(s): | horde-kronolith |
CVE #(s): | CVE-2006-6175
|
| Created: | January 17, 2007 |
Updated: | March 7, 2008 |
| Description: |
Kronolith contains a mistake in lib/FBView.php where a raw, unfiltered
string is used instead of a sanitized string to view local files. An
authenticated attacker could craft an HTTP GET request that uses directory
traversal techniques to execute any file on the web server as PHP code,
which could allow information disclosure or arbitrary code execution with
the rights of the user running the PHP application (usually the webserver
user). |
| Alerts: |
|
Comments (none posted)
hplip: arbitrary command execution
| Package(s): | hplip |
CVE #(s): | CVE-2007-5208
|
| Created: | October 12, 2007 |
Updated: | January 14, 2008 |
| Description: |
Kees Cook discovered a flaw in the way the hplip hpssd daemon handled user
input. A local attacker could send a specially crafted request to the hpssd
daemon, possibly allowing them to run arbitrary commands as the root user. |
| Alerts: |
|
Comments (none posted)
imagemagick: multiple vulnerabilities
| Package(s): | imagemagick |
CVE #(s): | CVE-2007-4985
CVE-2007-4986
CVE-2007-4987
CVE-2007-4988
|
| Created: | October 4, 2007 |
Updated: | August 11, 2009 |
| Description: |
The ImageMagick image decoders have multiple vulnerabilities.
If a user can be tricked into processing a specially crafted
DCM, DIB, XBM, XCF, or XWD image, arbitrary code may be executed with
the user's privileges. |
| Alerts: |
|
Comments (none posted)
ImageMagick: integer overflows
| Package(s): | imagemagick |
CVE #(s): | CVE-2007-1797
|
| Created: | April 4, 2007 |
Updated: | August 11, 2009 |
| Description: |
Multiple integer overflows in ImageMagick before 6.3.3-5 allow remote
attackers to execute arbitrary code via (1) a crafted DCM image, which
results in a heap-based overflow in the ReadDCMImage function, or (2) the
(a) colors or (b) comments field in a crafted XWD image, which results in a
heap-based overflow in the ReadXWDImage function, different issues than
CVE-2007-1667. |
| Alerts: |
|
Comments (none posted)
jasper: denial of service
| Package(s): | jasper |
CVE #(s): | CVE-2007-2721
|
| Created: | June 1, 2007 |
Updated: | April 19, 2010 |
| Description: |
The jpc_qcx_getcompparms function in jpc/jpc_cs.c could allow remote
user-assisted attackers to cause a denial of service (crash) and possibly
corrupt the heap via malformed image files. |
| Alerts: |
|
Comments (none posted)
java: multiple vulnerabilities
| Package(s): | java |
CVE #(s): | CVE-2006-4339
CVE-2006-4790
CVE-2006-6731
CVE-2006-6736
CVE-2006-6737
CVE-2006-6745
|
| Created: | January 18, 2007 |
Updated: | June 4, 2010 |
| Description: |
java has multiple vulnerabilities, these include:
an RSA exponent padding attack vulnerability, two vulnerabilities
which allow untrusted applets to access data in other applets,
vulnerabilities that involve applets gaining privileges due to
serialization bugs in the JRE and buffer overflows in the java image
handling routines that can give attackers read/write/execute capabilities
for local files. |
| Alerts: |
|
Comments (1 posted)
java-1.5.0-sun: multiple vulnerabilities
| Package(s): | java-1.5.0-sun |
CVE #(s): | CVE-2007-3503
CVE-2007-3655
CVE-2007-3698
CVE-2007-3922
|
| Created: | August 6, 2007 |
Updated: | June 24, 2008 |
| Description: |
The Javadoc tool was able to generate HTML documentation pages that
contained cross-site scripting (XSS) vulnerabilities. A remote attacker
could use this to inject arbitrary web script or HTML. (CVE-2007-3503)
The Java Web Start URL parsing component contained a buffer overflow
vulnerability within the parsing code for JNLP files. A remote attacker
could create a malicious JNLP file that could trigger this flaw and execute
arbitrary code when opened. (CVE-2007-3655)
The JSSE component did not correctly process SSL/TLS handshake requests. A
remote attacker who is able to connect to a JSSE-based service could
trigger this flaw leading to a denial-of-service. (CVE-2007-3698)
A flaw was found in the applet class loader. An untrusted applet could use
this flaw to circumvent network access restrictions, possibly connecting to
services hosted on the machine that executed the applet. (CVE-2007-3922)
|
| Alerts: |
|
Comments (none posted)
java-1.5.0-sun: multiple vulnerabilities
| Package(s): | java-1.5.0-sun |
CVE #(s): | CVE-2007-5232
CVE-2007-5238
CVE-2007-5239
CVE-2007-5240
CVE-2007-5273
CVE-2007-5274
|
| Created: | October 12, 2007 |
Updated: | April 25, 2008 |
| Description: |
Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier,
JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier,
and SDK and JRE 1.3.1_20 and earlier, when applet caching is enabled,
allows remote attackers to violate the security model for an applet's
outbound connections via a DNS rebinding attack. (CVE-2007-5232)
Java Web Start in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0
Update 12 and earlier, and SDK and JRE 1.4.2_15 and earlier does not
properly enforce access restrictions for untrusted applications, which
allows user-assisted remote attackers to obtain sensitive information (the
Java Web Start cache location) via an untrusted application, aka "three
vulnerabilities." (CVE-2007-5238)
Java Web Start in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0
Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE
1.3.1_20 and earlier does not properly enforce access restrictions for
untrusted (1) applications and (2) applets, which allows user-assisted
remote attackers to copy or rename arbitrary files when local users perform
drag-and-drop operations from the untrusted application or applet window
onto certain types of desktop applications. (CVE-2007-5239)
Visual truncation vulnerability in the Java Runtime Environment in Sun JDK
and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK
and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier allows
remote attackers to circumvent display of the untrusted-code warning banner
by creating a window larger than the workstation screen. (CVE-2007-5240)
Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier,
JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier,
and SDK and JRE 1.3.1_20 and earlier, when an HTTP proxy server is used,
allows remote attackers to violate the security model for an applet's
outbound connections via a multi-pin DNS rebinding attack in which the
applet download relies on DNS resolution on the proxy server, but the
applet's socket operations rely on DNS resolution on the local machine, a
different issue than CVE-2007-5274. NOTE: this is similar to
CVE-2007-5232. (CVE-2007-5273)
Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier,
JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier,
and SDK and JRE 1.3.1_20 and earlier, when Firefox or Opera is used, allows
remote attackers to violate the security model for JavaScript outbound
connections via a multi-pin DNS rebinding attack dependent on the
LiveConnect API, in which JavaScript download relies on DNS resolution by
the browser, but JavaScript socket operations rely on separate DNS
resolution by a Java Virtual Machine (JVM), a different issue than
CVE-2007-5273. NOTE: this is similar to CVE-2007-5232. (CVE-2007-5274) |
| Alerts: |
|
Comments (1 posted)
JRockit: multiple vulnerabilities
Comments (none posted)
kdebase: denial of service
| Package(s): | kdebase |
CVE #(s): | CVE-2007-5963
|
| Created: | December 18, 2007 |
Updated: | January 19, 2009 |
| Description: |
The kdebase package is vulnerable to a denial of service in which a local user can render KDM unusable for logins by any user or cause KDM to exceed system resource limits. |
| Alerts: |
|
Comments (none posted)
kdelibs: kate backup file permission leak
| Package(s): | kdelibs kate kwrite |
CVE #(s): | CAN-2005-1920
|
| Created: | July 19, 2005 |
Updated: | September 21, 2010 |
| Description: |
Kate / Kwrite, as shipped with KDE 3.2.x up to including 3.4.0, creates a file backup before saving a modified file. These backup files are created with default permissions, even if the original file had more strict permissions set. See this advisory for more information. |
| Alerts: |
|
Comments (1 posted)
kernel: out-of-bounds access
| Package(s): | kernel |
CVE #(s): | CVE-2007-4573
|
| Created: | September 25, 2007 |
Updated: | December 6, 2010 |
| Description: |
The IA32 system call emulation functionality in Linux kernel 2.4.x and
2.6.x before 2.6.22.7, when running on the x86_64 architecture, does not
zero extend the eax register after the 32bit entry path to ptrace is used,
which might allow local users to gain privileges by triggering an
out-of-bounds access to the system call table using the %RAX register. |
| Alerts: |
|
Comments (none posted)
kernel: ALSA returns incorrect write size
| Package(s): | kernel |
CVE #(s): | CVE-2007-4571
|
| Created: | September 28, 2007 |
Updated: | June 20, 2008 |
| Description: |
The snd_mem_proc_read function in sound/core/memalloc.c in the Advanced
Linux Sound Architecture (ALSA) in the Linux kernel before 2.6.22.8 does
not return the correct write size, which allows local users to obtain
sensitive information (kernel memory contents) via a small count argument,
as demonstrated by multiple reads of /proc/driver/snd-page-alloc. |
| Alerts: |
|
Comments (none posted)
kernel: denial of service
| Package(s): | kernel |
CVE #(s): | CVE-2006-4535
CVE-2006-4538
|
| Created: | September 18, 2006 |
Updated: | January 5, 2009 |
| Description: |
Sridhar Samudrala discovered a local denial of service vulnerability
in the handling of SCTP sockets. By opening such a socket with a
special SO_LINGER value, a local attacker could exploit this to crash
the kernel. (CVE-2006-4535)
Kirill Korotaev discovered that the ELF loader on the ia64 and sparc
platforms did not sufficiently verify the memory layout. By attempting
to execute a specially crafted executable, a local user could exploit
this to crash the kernel. (CVE-2006-4538) |
| Alerts: |
|
Comments (none posted)
kernel: denial of service
| Package(s): | kernel |
CVE #(s): | CVE-2007-1861
CVE-2007-2242
|
| Created: | May 1, 2007 |
Updated: | February 8, 2008 |
| Description: |
The netlink protocol has an infinite recursion bug that allows users to
cause a kernel crash. Also the IPv6 protocol allows remote attackers to
cause a denial of service via crafted IPv6 type 0 route headers
(IPV6_RTHDR_TYPE_0) that create network amplification between two routers. |
| Alerts: |
|
Comments (none posted)
kernel: remote denial of service
| Package(s): | kernel |
CVE #(s): | CVE-2006-6058
CVE-2007-4997
|
| Created: | November 9, 2007 |
Updated: | June 13, 2008 |
| Description: |
The Minix filesystem code in Linux kernel 2.6.x up to 2.6.18, and possibly
other versions, allows local users to cause a denial of service (hang) via
a malformed minix file stream that triggers an infinite loop in the
minix_bmap function. NOTE: this issue might be due to an integer overflow
or signedness error.
Integer underflow in the ieee80211_rx function in
net/ieee80211/ieee80211_rx.c in the Linux kernel 2.6.x before 2.6.23 allows
remote attackers to cause a denial of service (crash) via a crafted SKB
length value in a runt IEEE 802.11 frame when the IEEE80211_STYPE_QOS_DATA
flag is set, aka an "off-by-two error." |
| Alerts: |
|
Comments (1 posted)
kernel: several vulnerabilities
| Package(s): | kernel |
CVE #(s): | CVE-2007-1353
CVE-2007-2451
CVE-2007-2453
|
| Created: | June 11, 2007 |
Updated: | March 6, 2008 |
| Description: |
Ilja van Sprundel discovered that Bluetooth setsockopt calls could leak
kernel memory contents via an uninitialized stack buffer. A local attacker
could exploit this flaw to view sensitive kernel information.
(CVE-2007-1353)
The GEODE-AES driver did not correctly initialize its encryption key.
Any data encrypted using this type of device would be easily compromised.
(CVE-2007-2451)
The random number generator was hashing a subset of the available
entropy, leading to slightly less random numbers. Additionally, systems
without an entropy source would be seeded with the same inputs at boot
time, leading to a repeatable series of random numbers. (CVE-2007-2453) |
| Alerts: |
|
Comments (none posted)
kernel: signal handling flaw on PPC
| Package(s): | kernel |
CVE #(s): | CVE-2007-3107
|
| Created: | July 10, 2007 |
Updated: | February 4, 2008 |
| Description: |
A flaw in the signal handling on PowerPC-based systems that allowed a
local user to cause a denial of service (floating point corruption). |
| Alerts: |
|
Comments (none posted)
kernel: several vulnerabilities
| Package(s): | kernel |
CVE #(s): | CVE-2006-5823
CVE-2006-6054
CVE-2007-1592
|
| Created: | June 12, 2007 |
Updated: | March 21, 2011 |
| Description: |
A flaw in the cramfs file system allows invalid compressed data to cause
memory corruption (CVE-2006-5823)
A flaw in the ext2 file system allows an invalid inode size to cause a
denial of service (system hang) (CVE-2006-6054)
A flaw in IPV6 flow label handling allows a local user to cause a denial of
service (crash) (CVE-2007-1592) |
| Alerts: |
|
Comments (none posted)
kernel: denial of service
| Package(s): | kernel |
CVE #(s): | CVE-2007-5500
|
| Created: | November 28, 2007 |
Updated: | July 8, 2008 |
| Description: |
The wait_task_stopped function in the Linux kernel before 2.6.23.8 checks a TASK_TRACED bit instead of an exit_state value, which allows local users to cause a denial of service (machine crash) via unspecified vectors. |
| Alerts: |
|
Comments (none posted)
kernel: denial of service
| Package(s): | kernel |
CVE #(s): | CVE-2007-5501
|
| Created: | November 28, 2007 |
Updated: | March 7, 2008 |
| Description: |
The tcp_sacktag_write_queue function in net/ipv4/tcp_input.c in Linux kernel 2.6.21 through 2.6.23.7, and 2.6.24-rc through 2.6.24-rc2, allows remote attackers to cause a denial of service (crash) via crafted ACK responses that trigger a NULL pointer dereference. |
| Alerts: |
|
Comments (none posted)
kernel: denial of service
| Package(s): | kernel |
CVE #(s): | CVE-2006-2935
CVE-2006-4145
CVE-2006-3745
|
| Created: | September 1, 2006 |
Updated: | July 30, 2008 |
| Description: |
Previous versions of the kernel package are subject to several
vulnerabilities. Certain malformed UDF filesystems can cause the system to
crash (denial of service). Malformed CDROM firmware or USB storage devices
(such as USB keys) could cause system crash (denial of service), and if
they were intentionally malformed, can cause arbitrary code to run with
elevated privileges. In addition, the SCTP protocol is subject to a remote
system crash (denial of service) attack. |
| Alerts: |
|
Comments (none posted)
kernel: several vulnerabilities
| Package(s): | kernel |
CVE #(s): | CVE-2007-2172
CVE-2007-3739
CVE-2007-4308
|
| Created: | December 3, 2007 |
Updated: | January 8, 2009 |
| Description: |
A typo in Linux kernel 2.6 before 2.6.21-rc6 and 2.4 before 2.4.35 causes
RTA_MAX to be used as an array size instead of RTN_MAX, which leads to an
"out of bound access" by the (1) dn_fib_props (dn_fib.c, DECNet) and (2)
fib_props (fib_semantics.c, IPv4) functions. (CVE-2007-2172)
mm/mmap.c in the hugetlb kernel, when run on PowerPC systems, does not
prevent stack expansion from entering into reserved kernel page memory,
which allows local users to cause a denial of service (OOPS) via
unspecified vectors. (CVE-2007-3739)
The (1) aac_cfg_open and (2) aac_compat_ioctl functions in the SCSI layer
ioctl path in aacraid in the Linux kernel before 2.6.23-rc2 do not check
permissions for ioctls, which might allow local users to cause a denial of
service or gain privileges. (CVE-2007-4308) |
| Alerts: |
|
Comments (none posted)
kernel: buffer overflows
| Package(s): | kernel |
CVE #(s): | CVE-2007-5904
|
| Created: | December 3, 2007 |
Updated: | June 20, 2008 |
| Description: |
Multiple buffer overflows in CIFS VFS in Linux kernel 2.6.23 and earlier
allows remote attackers to cause a denial of service (crash) and possibly
execute arbitrary code via long SMB responses that trigger the overflows in
the SendReceive function. |
| Alerts: |
|
Comments (none posted)
kernel: multiple vulnerabilities
| Package(s): | kernel |
CVE #(s): | CVE-2006-5749
CVE-2006-4814
CVE-2006-6106
|
| Created: | January 5, 2007 |
Updated: | January 8, 2009 |
| Description: |
A security issue has been reported in Linux kernel due to an error in
drivers/isdn/i4l/isdn_ppp.c as the "isdn_ppp_ccp_reset_alloc_state()"
function never initializes an event timer before scheduling it with the
"add_timer()" function.
The mincore function in the kernel does not properly lock access to user
space, which has unspecified impact and attack vectors, possibly related to
a deadlock.
Another vulnerability has been reported in Linux kernel caused by a
boundary error within the handling of incoming CAPI messages in
net/bluetooth/cmtp/capi.c. This can be exploited to overwrite certain
Kernel data structures. |
| Alerts: |
|
Comments (none posted)
kernel: several vulnerabilities
| Package(s): | kernel |
CVE #(s): | CVE-2007-3851
CVE-2007-3848
CVE-2007-3105
|
| Created: | August 17, 2007 |
Updated: | January 8, 2009 |
| Description: |
The drm/i915 component in the Linux kernel before 2.6.22.2, when used with
i965G and later chipsets, allows local users with access to an X11 session
and Direct Rendering Manager (DRM) to write to arbitrary memory locations
and gain privileges via a crafted batchbuffer. (CVE-2007-3851)
Linux kernel 2.4.35 and other versions allows local users to send arbitrary
signals to a child process that is running at higher privileges by causing
a setuid-root parent process to die, which delivers an attacker-controlled
parent process death signal (PR_SET_PDEATHSIG). (CVE-2007-3848)
Stack-based buffer overflow in the random number generator (RNG)
implementation in the Linux kernel before 2.6.22 might allow local root
users to cause a denial of service or gain privileges by setting the
default wakeup threshold to a value greater than the output pool size,
which triggers writing random numbers to the stack by the pool transfer
function involving "bound check ordering". NOTE: this issue might only
cross privilege boundaries in environments that have granular assignment of
privileges for root. (CVE-2007-3105) |
| Alerts: |
|
Comments (1 posted)
kernel: multiple vulnerabilities
| Package(s): | kernel |
CVE #(s): | CVE-2007-3104
CVE-2007-3740
CVE-2007-3843
CVE-2007-6063
|
| Created: | December 4, 2007 |
Updated: | January 8, 2009 |
| Description: |
The sysfs_readdir function in the Linux kernel 2.6 allows local users to
cause a denial of service (kernel OOPS) by dereferencing a null pointer to
an inode in a dentry. (CVE-2007-3104)
The CIFS filesystem, when Unix extension support is enabled, did not honor
the umask of a process, which allowed local users to gain
privileges.(CVE-2007-3740)
The Linux kernel checked the wrong global variable for the CIFS sec mount
option, which might allow remote attackers to spoof CIFS network traffic
that the client configured for security signatures, as demonstrated by lack
of signing despite sec=ntlmv2i in a SetupAndX request. (CVE-2007-3843)
Buffer overflow in the isdn_net_setcfg function in isdn_net.c in the Linux
kernel allowed local users to have an unknown impact via a crafted argument
to the isdn_ioctl function. (CVE-2007-6063) |
| Alerts: |
|
Comments (none posted)
kernel: denial of service
| Package(s): | kernel |
CVE #(s): | CVE-2007-5966
|
| Created: | December 19, 2007 |
Updated: | February 3, 2010 |
| Description: |
A bug in high-resolution timers (prior to kernel 2.6.22.15) can cause very long sleeps when large timeout values are used. |
| Alerts: |
|
Comments (none posted)
krb5: multiple vulnerabilities
| Package(s): | krb5 |
CVE #(s): | CVE-2007-2442
CVE-2007-2443
CVE-2007-2798
|
| Created: | June 27, 2007 |
Updated: | March 24, 2008 |
| Description: |
David Coffey discovered an uninitialized pointer free flaw in the
RPC library used by kadmind. A remote unauthenticated attacker who
could access kadmind could trigger the flaw causing kadmind to crash
or possibly execute arbitrary code (CVE-2007-2442).
David Coffey also discovered an overflow flaw in the same RPC library.
A remote unauthenticated attacker who could access kadmind could
trigger the flaw causing kadmind to crash or possibly execute arbitrary
code (CVE-2007-2443).
Finally, a stack buffer overflow vulnerability was found in kadmind
that allowed an unauthenticated user able to access kadmind the
ability to trigger the vulnerability and possibly execute arbitrary
code (CVE-2007-2798). |
| Alerts: |
|
Comments (none posted)
krb5: uninitialized pointers
| Package(s): | krb5 |
CVE #(s): | CVE-2006-6143
CVE-2006-3084
|
| Created: | January 10, 2007 |
Updated: | July 7, 2010 |
| Description: |
The kdamind daemon can, in some situations, perform operations on uninitialized pointers. This bug could conceivably open up the system to a code execution attack by an unauthenticated remote attacker, but it appears to be difficult to exploit. See this advisory for details. |
| Alerts: |
|
Comments (1 posted)
krb5: local privilege escalation
| Package(s): | krb5 |
CVE #(s): | CVE-2006-3083
|
| Created: | August 9, 2006 |
Updated: | July 7, 2010 |
| Description: |
Some kerberos applications fail to check the results of setuid() calls, with the result that, if that call fails, they could continue to execute as root after thinking they had switched to a nonprivileged user. A local attacker who can cause these calls to fail (through resource exhaustion, presumably) could exploit this bug to gain root privileges. |
| Alerts: |
|
Comments (none posted)
krb5: buffer overflow, uninitialized pointer
| Package(s): | krb5 |
CVE #(s): | CVE-2007-3999
CVE-2007-4000
|
| Created: | September 4, 2007 |
Updated: | March 24, 2008 |
| Description: |
Tenable Network Security discovered a stack buffer overflow flaw in the RPC
library used by kadmind. A remote unauthenticated attacker who can access
kadmind could trigger this flaw and cause kadmind to crash.
Garrett Wollman discovered an uninitialized pointer flaw in kadmind. A
remote unauthenticated attacker who can access kadmind could trigger this
flaw and cause kadmind to crash. |
| Alerts: |
|
Comments (none posted)
krb5: multiple vulnerabilities
| Package(s): | krb5 |
CVE #(s): | CVE-2007-0956
CVE-2007-0957
CVE-2007-1216
|
| Created: | April 3, 2007 |
Updated: | March 24, 2008 |
| Description: |
A flaw was found in the username handling of the MIT krb5 telnet daemon
(telnetd). A remote attacker who can access the telnet port of a target
machine could log in as root without requiring a password. MIT krb5 Security Advisory 2007-001
Buffer overflows were found which affect the Kerberos KDC and the kadmin
server daemon. A remote attacker who can access the KDC could exploit this
bug to run arbitrary code with the privileges of the KDC or kadmin server
processes. MIT krb5 Security Advisory
2007-002
A double-free flaw was found in the GSSAPI library used by the kadmin
server daemon. MIT krb5 Security Advisory
2007-003 |
| Alerts: |
|
Comments (none posted)
kvirc: remote arbitrary code execution
| Package(s): | kvirc |
CVE #(s): | CVE-2007-2951
|
| Created: | September 14, 2007 |
Updated: | February 27, 2008 |
| Description: |
Stefan Cornelius from Secunia Research discovered that the
"parseIrcUrl()" function in file src/kvirc/kernel/kvi_ircurl.cpp does
not properly sanitize parts of the URI when building the command for
KVIrc's internal script system. |
| Alerts: |
|
Comments (none posted)
lcms: stack-based buffer overflow
| Package(s): | lcms |
CVE #(s): | CVE-2007-2741
|
| Created: | November 23, 2007 |
Updated: | October 14, 2008 |
| Description: |
Stack-based buffer overflow in Little CMS (lmcs) before 1.15 allows remote
attackers to execute arbitrary code or cause a denial of service
(application crash) via a crafted ICC profile in a JPG file. |
| Alerts: |
|
Comments (none posted)
lftp: shell command execution
| Package(s): | lftp |
CVE #(s): | CVE-2007-2348
|
| Created: | May 4, 2007 |
Updated: | September 16, 2009 |
| Description: |
mirror --script in lftp before 3.5.9 does not properly quote shell
metacharacters, which might allow remote user-assisted attackers to execute
shell commands via a malicious script. NOTE: it is not clear whether this
issue crosses security boundaries, since the script already supports
commands such as "get" which could overwrite executable files. |
| Alerts: |
|
Comments (none posted)
libarchive: pax extension header vulnerabilities
| Package(s): | libarchive |
CVE #(s): | CVE-2007-3641
CVE-2007-3644
CVE-2007-3645
|
| Created: | August 9, 2007 |
Updated: | February 27, 2008 |
| Description: |
libarchive, a library for manipulating different streaming archive
formats, has a number of pax extension header vulnerabilities.
These may be used to cause a denial of service or for the execution
of arbitrary code. |
| Alerts: |
|
Comments (none posted)
libcdio: buffer overflows
| Package(s): | libcdio |
CVE #(s): | |
| Created: | January 3, 2008 |
Updated: | January 9, 2008 |
| Description: |
The libcdio CD-ROM access library has two buffer overflow
vulnerabilities involving long Joliet file names and the
cdio buffer. |
| Alerts: |
|
Comments (none posted)
libexif: integer overflow
| Package(s): | libexif |
CVE #(s): | CVE-2007-2645
|
| Created: | June 1, 2007 |
Updated: | February 11, 2008 |
| Description: |
Integer overflow in the exif_data_load_data_entry function in exif-data.c
in libexif before 0.6.14 allows user-assisted remote attackers to cause a
denial of service (crash) or possibly execute arbitrary code via crafted
EXIF data, involving the (1) doff or (2) s variable. |
| Alerts: |
|
Comments (none posted)
libexif: integer overflow
| Package(s): | libexif |
CVE #(s): | CVE-2007-6352
|
| Created: | December 19, 2007 |
Updated: | October 15, 2008 |
| Description: |
From the Red Hat advisory: An integer overflow flaw was found in the way libexif parses Exif image
tags. If a victim opens a carefully crafted Exif image file, it could cause
the application linked against libexif to execute arbitrary code, or crash. |
| Alerts: |
|
Comments (none posted)
libexif: denial of service
| Package(s): | libexif |
CVE #(s): | CVE-2007-6351
|
| Created: | December 19, 2007 |
Updated: | October 15, 2008 |
| Description: |
From the Red Hat advisory: An infinite recursion flaw was found in the way libexif parses Exif image
tags. If a victim opens a carefully crafted Exif image file, it could cause
the application linked against libexif to crash. |
| Alerts: |
|
Comments (none posted)
libgd2: buffer overflow
| Package(s): | libgd2 |
CVE #(s): | CVE-2007-3996
|
| Created: | December 19, 2007 |
Updated: | October 13, 2009 |
| Description: |
The GD library does not perform proper bounds checking when creating images; as a result, an attacker could, via crafted input, potentially execute arbitrary code. |
| Alerts: |
|
Comments (none posted)
libmodplug: boundary errors
| Package(s): | libmodplug |
CVE #(s): | CVE-2006-4192
|
| Created: | December 11, 2006 |
Updated: | May 4, 2011 |
| Description: |
Luigi Auriemma has reported various boundary errors in load_it.cpp and
a boundary error in the "CSoundFile::ReadSample()" function in
sndfile.cpp. A remote attacker can entice a user to read crafted modules
or ITP files, which may trigger a buffer overflow resulting in the
execution of arbitrary code with the privileges of the user running the
application. |
| Alerts: |
|
Comments (none posted)
libphp-phpmailer: command execution
| Package(s): | libphp-phpmailer |
CVE #(s): | CVE-2007-3215
|
| Created: | June 20, 2007 |
Updated: | June 25, 2009 |
| Description: |
libphp-phpmailer does not do sufficient input validation, enabling shell command injection attacks. |
| Alerts: |
|
Comments (none posted)
libpng: several vulnerabilities
| Package(s): | libpng |
CVE #(s): | CVE-2007-5266
CVE-2007-5267
CVE-2007-5268
CVE-2007-5269
|
| Created: | October 19, 2007 |
Updated: | March 23, 2009 |
| Description: |
Certain chunk handlers in libpng before 1.0.29 and 1.2.x before 1.2.21
allow remote attackers to cause a denial of service (crash) via crafted (1)
pCAL (png_handle_pCAL), (2) sCAL (png_handle_sCAL), (3) tEXt
(png_push_read_tEXt), (4) iTXt (png_handle_iTXt), and (5) ztXT
(png_handle_ztXt) chunking in PNG images, which trigger out-of-bounds read
operations. (CVE-2007-5269)
pngrtran.c in libpng before 1.0.29 and 1.2.x before 1.2.21 use (1) logical
instead of bitwise operations and (2) incorrect comparisons, which might
allow remote attackers to cause a denial of service (crash) via a crafted
PNG image. (CVE-2007-5268)
Off-by-one error in ICC profile chunk handling in the png_set_iCCP function
in pngset.c in libpng before 1.2.22 beta1 allows remote attackers to cause
a denial of service (crash) via a crafted PNG image, due to an incorrect
fix for CVE-2007-5266. (CVE-2007-5267)
Off-by-one error in ICC profile chunk handling in the png_set_iCCP function
in pngset.c in libpng before 1.0.29 beta1 and 1.2.x before 1.2.21 beta1
allows remote attackers to cause a denial of service (crash) via a crafted
PNG image that prevents a name field from being NULL terminated.
(CVE-2007-5266) |
| Alerts: |
|
Comments (none posted)
libpng: denial of service
| Package(s): | libpng |
CVE #(s): | CVE-2007-2445
|
| Created: | May 17, 2007 |
Updated: | March 23, 2009 |
| Description: |
Libpng can be crashed when processing malformed PNG files.
It may also be possible to exploit this vulnerability to execute arbitrary
code. |
| Alerts: |
|
Comments (none posted)
libpng: buffer overflow
| Package(s): | libpng |
CVE #(s): | CVE-2006-3334
|
| Created: | July 19, 2006 |
Updated: | December 15, 2008 |
| Description: |
In pngrutil.c, the function png_decompress_chunk() allocates
insufficient space for an error message, potentially overwriting stack
data, leading to a buffer overflow. |
| Alerts: |
|
Comments (none posted)
libpng: heap based buffer overflow
| Package(s): | libpng |
CVE #(s): | CVE-2006-0481
|
| Created: | February 13, 2006 |
Updated: | December 15, 2008 |
| Description: |
A heap based buffer overflow bug was found in the way libpng strips alpha
channels from a PNG image. An attacker could create a carefully crafted PNG
image file in such a way that it could cause an application linked with
libpng to crash or execute arbitrary code when the file is opened by a
victim. |
| Alerts: |
|
Comments (1 posted)
libsndfile: heap-based buffer overflow
| Package(s): | libsndfile |
CVE #(s): | CVE-2007-4974
|
| Created: | September 25, 2007 |
Updated: | January 9, 2008 |
| Description: |
Heap-based buffer overflow in libsndfile 1.0.17 and earlier might allow
remote attackers to execute arbitrary code via a FLAC file with crafted PCM
data containing a block with a size that exceeds the previous block size. |
| Alerts: |
|
Comments (none posted)
libtiff: buffer overflow
| Package(s): | libtiff |
CVE #(s): | CVE-2006-2193
|
| Created: | June 15, 2006 |
Updated: | September 1, 2008 |
| Description: |
The t2p_write_pdf_string function in libtiff 3.8.2 and earlier is vulnerable
to a buffer overflow. Attackers can use a TIFF file with UTF-8 characters
in the DocumentName tag to overflow a buffer, causing a denial of service,
and possibly the execution of arbitrary code. |
| Alerts: |
|
Comments (none posted)
libvorbis: multiple memory corruption flaws
| Package(s): | libvorbis |
CVE #(s): | CVE-2007-3106
CVE-2007-4029
|
| Created: | July 27, 2007 |
Updated: | January 22, 2008 |
| Description: |
This iSEC Partners security advisory has
details on multiple memory corruption flaws in libvorbis. |
| Alerts: |
|
Comments (none posted)
libvorbis: multiple vulnerabilities
| Package(s): | libvorbis |
CVE #(s): | CVE-2007-4065
CVE-2007-4066
|
| Created: | October 11, 2007 |
Updated: | January 22, 2008 |
| Description: |
libvorbis has a number of vulnerabilities that can be triggered by
opening a specially crafted Ogg file. Vulnerabilities include
crashing and the execution of arbitrary code. |
| Alerts: |
|
Comments (1 posted)
libxml2 - arbitrary code execution
| Package(s): | libxml2 |
CVE #(s): | CAN-2004-0110
|
| Created: | February 26, 2004 |
Updated: | August 19, 2009 |
| Description: |
Yuuichi Teranishi discovered a flaw in libxml2 versions prior to 2.6.6.
When fetching a remote resource via FTP or HTTP, libxml2 uses special
parsing routines. These routines can overflow a buffer if passed a very
long URL. If an attacker is able to find an application using libxml2 that
parses remote resources and allows them to influence the URL, then this
flaw could be used to execute arbitrary code. |
| Alerts: |
|
Comments (none posted)
libxml2: multiple buffer overflows
| Package(s): | libxml2 |
CVE #(s): | CAN-2004-0989
|
| Created: | October 28, 2004 |
Updated: | August 19, 2009 |
| Description: |
libxml2 prior to version 2.6.14 has multiple buffer overflow
vulnerabilities, if a local user passes a specially crafted
FTP URL, arbitrary code may be executed. |
| Alerts: |
|
Comments (none posted)
liferea: weak permissions
| Package(s): | liferea |
CVE #(s): | CVE-2007-5751
|
| Created: | November 2, 2007 |
Updated: | December 22, 2008 |
| Description: |
Liferea before 1.4.6 uses weak permissions (0644) for the feedlist.opml backup file, which allows local users to obtain credentials. |
| Alerts: |
|
Comments (1 posted)
lighttpd: denial of service
| Package(s): | lighttpd |
CVE #(s): | CVE-2007-3946
CVE-2007-3947
CVE-2007-3948
CVE-2007-3949
CVE-2007-3950
|
| Created: | July 19, 2007 |
Updated: | July 15, 2008 |
| Description: |
The lighttpd web server has multiple vulnerabilities involving
a remote access-control setting circumvention that is performed
by the sending of malformed requests. This can be used to crash
the server and cause a denial of service. |
| Alerts: |
|
Comments (none posted)
kernel: information leak, denial of service
| Package(s): | linux-2.6 |
CVE #(s): | CVE-2007-6206
CVE-2007-6417
|
| Created: | December 21, 2007 |
Updated: | September 1, 2010 |
| Description: |
Blake Frantz discovered that when a core file owned by a non-root user exists, and a root-owned process dumps core over it, the core file retains its original ownership. This could be used by a local user to gain access to sensitive information. (CVE-2007-6206)
Hugh Dickins discovered an issue in the tmpfs filesystem where, under a rare circumstance, a kernel page maybe improperly cleared, leaking sensitive kernel memory to userspace or resulting in a DoS (crash). (CVE-2007-6417) |
| Alerts: |
|
Comments (none posted)
vmware-player-kernel: several vulnerabilities
| Package(s): | linux-restricted-modules-2.6.17/20, vmware-player-kernel-2.6.15 |
CVE #(s): | CVE-2007-0061
CVE-2007-0062
CVE-2007-0063
CVE-2007-4496
CVE-2007-4497
|
| Created: | November 16, 2007 |
Updated: | March 13, 2009 |
| Description: |
Neel Mehta and Ryan Smith discovered that the VMWare Player DHCP server
did not correctly handle certain packet structures. Remote attackers
could send specially crafted packets and gain root privileges.
(CVE-2007-0061, CVE-2007-0062, CVE-2007-0063)
Rafal Wojtczvk discovered multiple memory corruption issues in VMWare
Player. Attackers with administrative privileges in a guest operating
system could cause a denial of service or possibly execute arbitrary
code on the host operating system. (CVE-2007-4496, CVE-2007-4497)
|
| Alerts: |
|
Comments (none posted)
lynx: arbitrary command execution
| Package(s): | lynx |
CVE #(s): | CVE-2005-2929
|
| Created: | November 14, 2005 |
Updated: | September 14, 2009 |
| Description: |
An arbitrary command execute bug was found in the lynx "lynxcgi:" URI
handler. An attacker could create a web page redirecting to a malicious URL
which could execute arbitrary code as the user running lynx. |
| Alerts: |
|
Comments (none posted)
madwifi: denial of service
| Package(s): | madwifi |
CVE #(s): | CVE-2007-5448
|
| Created: | November 8, 2007 |
Updated: | January 11, 2008 |
| Description: |
The MadWifi driver for Atheros Wireless Lan cards
does not process beacon frames correctly. This can be
used by a remote attacker to cause a denial of service. |
| Alerts: |
|
Comments (none posted)
mantis: cross-site scripting
| Package(s): | mantis |
CVE #(s): | CVE-2007-6611
|
| Created: | January 7, 2008 |
Updated: | March 4, 2008 |
| Description: |
From the CVE entry:
Cross-site scripting (XSS) vulnerability in view.php in Mantis before 1.1.0 allows remote attackers to inject arbitrary web script or HTML via a filename. |
| Alerts: |
|
Comments (none posted)
mapserver: multiple cross-site scripting vulnerabilities
| Package(s): | mapserver |
CVE #(s): | CVE-2007-4542
CVE-2007-4629
|
| Created: | September 5, 2007 |
Updated: | April 7, 2008 |
| Description: |
CVE-2007-4542: Multiple cross-site scripting (XSS) vulnerabilities in MapServer before 4.10.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving the (1) processLine function in maptemplate.c and the (2) writeError function in mapserv.c in the mapserv CGI program.
CVE-2007-4629: Buffer overflow in the processLine function in maptemplate.c in MapServer before 4.10.3 allows attackers to cause a denial of service and possibly execute arbitrary code via a mapfile with a long layer name, group name, or metadata entry name. |
| Alerts: |
|
Comments (none posted)
maradns: denial of service
| Package(s): | maradns |
CVE #(s): | CVE-2008-0061
|
| Created: | January 4, 2008 |
Updated: | January 30, 2008 |
| Description: |
MaraDNS 1.0 before 1.0.41, 1.2 before 1.2.12.08, and 1.3 before 1.3.07.04
allows remote attackers to cause a denial of service via a crafted DNS
packet that prevents an authoritative name (CNAME) record from resolving,
aka "improper rotation of resource records." |
| Alerts: |
|
Comments (none posted)
mod_jk: proxy bypass
| Package(s): | mod_jk |
CVE #(s): | CVE-2007-1860
|
| Created: | May 30, 2007 |
Updated: | March 7, 2008 |
| Description: |
From the Red Hat advisory: "Versions of mod_jk before 1.2.23 decoded request URLs by default inside
Apache httpd and forwarded the encoded URL to Tomcat, which itself did a
second decoding. If Tomcat was used behind mod_jk and configured to only
proxy some contexts, an attacker could construct a carefully crafted HTTP
request to work around the context restriction and potentially access
non-proxied content." |
| Alerts: |
|
Comments (none posted)
moin: arbitrary JavaScript execution
| Package(s): | moin |
CVE #(s): | CVE-2007-2423
|
| Created: | May 8, 2007 |
Updated: | March 10, 2008 |
| Description: |
A flaw was discovered in MoinMoin's error reporting when using the
AttachFile action. By tricking a user into viewing a crafted MoinMoin
URL, an attacker could execute arbitrary JavaScript as the current
MoinMoin user, possibly exposing the user's authentication information
for the domain where MoinMoin was hosted. |
| Alerts: |
|
Comments (none posted)
mono: arbitrary code execution via integer overflow
| Package(s): | mono |
CVE #(s): | CVE-2007-5197
|
| Created: | November 6, 2007 |
Updated: | December 7, 2009 |
| Description: |
From the Debian advisory: An integer overflow in the BigInteger data type implementation has been
discovered in the free .NET runtime Mono.
|
| Alerts: |
|
Comments (none posted)
moodle: cross-site scripting
| Package(s): | moodle |
CVE #(s): | CVE-2007-3555
|
| Created: | August 7, 2007 |
Updated: | December 22, 2008 |
| Description: |
A cross-site scripting (XSS) vulnerability in index.php in Moodle 1.7.1
allows remote attackers to inject arbitrary web script or HTML via a style
expression in the search parameter. |
| Alerts: |
|
Comments (none posted)
mplayer: buffer overflow
| Package(s): | mplayer |
CVE #(s): | CVE-2007-1246
|
| Created: | March 8, 2007 |
Updated: | April 1, 2008 |
| Description: |
MPlayer versions up to 1.0rc1 have a buffer overflow in the
loader/dmo/DMO_VideoDecoder.c DMO_VideoDecoder_Open function.
user-assisted remote attackers can use this to create a buffer overflow
and possibly execute arbitrary code. |
| Alerts: |
|
Comments (none posted)
mt-daapd: multiple vulnerabilities
| Package(s): | mt-daapd |
CVE #(s): | CVE-2007-5825
CVE-2007-5824
|
| Created: | December 31, 2007 |
Updated: | September 1, 2008 |
| Description: |
From the Gentoo advisory: nnp discovered multiple vulnerabilities in the XML-RPC handler in the
file webserver.c. The ws_addarg() function contains a format string
vulnerability, as it does not properly sanitize username and password
data from the "Authorization: Basic" HTTP header line (CVE-2007-5825).
The ws_decodepassword() and ws_getheaders() functions do not correctly
handle empty Authorization header lines, or header lines without a ':'
character, leading to NULL pointer dereferences (CVE-2007-5824). |
| Alerts: |
|
Comments (none posted)
MySQL: denial of service
| Package(s): | mysql |
CVE #(s): | CVE-2007-5925
|
| Created: | November 19, 2007 |
Updated: | February 8, 2008 |
| Description: |
From the CVE entry:
The convert_search_mode_to_innobase function in ha_innodb.cc in the InnoDB engine in MySQL 5.1.23-BK and earlier allows remote authenticated users to cause a denial of service (database crash) via a certain CONTAINS operation on an indexed column, which triggers an assertion error. |
| Alerts: |
|
Comments (none posted)
mysql: denial of service
| Package(s): | mysql |
CVE #(s): | CVE-2007-1420
|
| Created: | March 22, 2007 |
Updated: | May 21, 2008 |
| Description: |
MySQL subselect queries using "ORDER BY" can be used by an attacker with
access to a MySQL instance in order to create an intermittent denial
of service. |
| Alerts: |
|
Comments (none posted)
mysql: format string bug
| Package(s): | mysql |
CVE #(s): | CVE-2006-3469
|
| Created: | July 21, 2006 |
Updated: | July 30, 2008 |
| Description: |
Jean-David Maillefer discovered a format string bug in the
date_format() function's error reporting. By calling the function with
invalid arguments, an authenticated user could exploit this to crash
the server. |
| Alerts: |
|
Comments (none posted)
MySQL: privilege violations
| Package(s): | mysql |
CVE #(s): | CVE-2006-4031
CVE-2006-4226
|
| Created: | August 25, 2006 |
Updated: | July 30, 2008 |
| Description: |
MySQL 4.1 before 4.1.21 and 5.0 before 5.0.24 allows a local user to access
a table through a previously created MERGE table, even after the user's
privileges are revoked for the original table, which might violate intended
security policy (CVE-2006-4031).
MySQL 4.1 before 4.1.21, 5.0 before 5.0.25, and 5.1 before 5.1.12, when run
on case-sensitive filesystems, allows remote authenticated users to create
or access a database when the database name differs only in case from a
database for which they have permissions (CVE-2006-4226). |
| Alerts: |
|
Comments (none posted)
mysql: privilege escalation
| Package(s): | mysql |
CVE #(s): | CVE-2007-6303
|
| Created: | December 19, 2007 |
Updated: | April 7, 2008 |
| Description: |
From the CVE entry: MySQL 5.0.x before 5.0.52, 5.1.x before 5.1.23, and 6.0.x before 6.0.4 does not update the DEFINER value of a view when the view is altered, which allows remote authenticated users to gain privileges via a sequence of statements including a CREATE SQL SECURITY DEFINER VIEW statement and an ALTER VIEW statement. |
| Alerts: |
|
Comments (none posted)
MySQL: logging bypass
| Package(s): | mysql |
CVE #(s): | CVE-2006-0903
|
| Created: | April 4, 2006 |
Updated: | May 21, 2008 |
| Description: |
MySQL 5.0.18 and earlier allows local users to bypass logging mechanisms
via SQL queries that contain the NULL character, which are not properly
handled by the mysql_real_query function. NOTE: this issue was originally
reported for the mysql_query function, but the vendor states that since
mysql_query expects a null character, this is not an issue for mysql_query. |
| Alerts: |
|
Comments (2 posted)
MySQL: privilege escalation
| Package(s): | MySQL |
CVE #(s): | CVE-2007-3781
CVE-2007-5969
|
| Created: | December 11, 2007 |
Updated: | May 21, 2008 |
| Description: |
MySQL Community Server before 5.0.51, when a table relies on symlinks created through explicit DATA DIRECTORY and INDEX DIRECTORY options, allows remote authenticated users to overwrite system table information and gain privileges via a RENAME TABLE statement that changes the symlink to point to an existing file. (CVE-2007-5969)
MySQL Community Server before 5.0.45 does not require privileges such as SELECT for the source table in a CREATE TABLE LIKE statement, which allows remote authenticated users to obtain sensitive information such as the table structure. (CVE-2007-3781) |
| Alerts: |
|
Comments (none posted)
mysql-dfsg: multiple vulnerabilities
| Package(s): | mysql-dfsg |
CVE #(s): | CVE-2007-2583
CVE-2007-2691
CVE-2007-2692
CVE-2007-3782
|
| Created: | November 27, 2007 |
Updated: | July 30, 2008 |
| Description: |
The in_decimal::set function in item_cmpfunc.cc in MySQL before 5.0.40, and
5.1 before 5.1.18-beta, allows context-dependent attackers to cause a
denial of service (crash) via a crafted IF clause that results in a
divide-by-zero error and a NULL pointer dereference. (CVE-2007-2583)
MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 does not
require the DROP privilege for RENAME TABLE statements, which allows remote
authenticated users to rename arbitrary tables. (CVE-2007-2691)
The mysql_change_db function in MySQL 5.0.x before 5.0.40 and 5.1.x before
5.1.18 does not restore THD::db_access privileges when returning from SQL
SECURITY INVOKER stored routines, which allows remote authenticated users
to gain privileges. (CVE-2007-2692)
MySQL Community Server before 5.0.45 allows remote authenticated users to
gain update privileges for a table in another database via a view that
refers to this external table. (CVE-2007-3782) |
| Alerts: |
|
Comments (none posted)
mysql: denial of service
| Package(s): | mysql-dfsg-5.0 |
CVE #(s): | CVE-2007-6304
|
| Created: | December 21, 2007 |
Updated: | April 7, 2008 |
| Description: |
Philip Stoev discovered that the the federated engine of MySQL
did not properly handle responses with a small number of columns.
An authenticated user could use a crafted response to a SHOW
TABLE STATUS query and cause a denial of service. |
| Alerts: |
|
Comments (none posted)
nagios: cross-site scripting
| Package(s): | nagios |
CVE #(s): | CVE-2007-5624
|
| Created: | December 7, 2007 |
Updated: | September 14, 2009 |
| Description: |
Cross-site scripting (XSS) vulnerability in Nagios 2.x before 2.10 allows remote attackers to inject arbitrary web script or HTML via unknown vectors to unspecified CGI scripts. |
| Alerts: |
|
Comments (none posted)
nagios-plugins: buffer overflow
| Package(s): | nagios-plugins |
CVE #(s): | CVE-2007-5198
|
| Created: | October 23, 2007 |
Updated: | April 17, 2008 |
| Description: |
Buffer overflow in the redir function in check_http.c in Nagios Plugins
before 1.4.10 allows remote web servers to execute arbitrary code via long
Location header responses (redirects). |
| Alerts: |
|
Comments (none posted)
nagios-plugins: check_snmp buffer overflow
| Package(s): | nagios-plugins |
CVE #(s): | CVE-2007-5623
|
| Created: | November 2, 2007 |
Updated: | April 17, 2008 |
| Description: |
Buffer overflow in the check_snmp function in Nagios Plugins (nagios-plugins) 1.4.10 allows remote attackers to cause a denial of service (crash) via crafted snmpget replies. |
| Alerts: |
|
Comments (none posted)
nbd: arbitrary code execution
| Package(s): | nbd |
CVE #(s): | CVE-2005-3534
|
| Created: | January 6, 2006 |
Updated: | March 7, 2011 |
| Description: |
Kurt Fitzner discovered that the NBD (network block device) server did not
correctly verify the maximum size of request packets. By sending specially
crafted large request packets, a remote attacker who is allowed to access
the server could exploit this to execute arbitrary code with root
privileges. |
| Alerts: |
|
Comments (none posted)
ncompress: buffer underflow
| Package(s): | ncompress |
CVE #(s): | CVE-2006-1168
|
| Created: | August 10, 2006 |
Updated: | February 21, 2012 |
| Description: |
The ncompress compression utility has a missing boundary check.
A local user can use a maliciously created file to cause a
a .bss buffer underflow. |
| Alerts: |
|
Comments (none posted)
net-snmp: denial of service
| Package(s): | net-snmp |
CVE #(s): | CVE-2007-5846
|
| Created: | November 16, 2007 |
Updated: | February 7, 2008 |
| Description: |
A flaw was discovered in the way net-snmp handled certain requests. A
remote attacker who can connect to the snmpd UDP port (161 by default)
could send a malicious packet causing snmpd to crash, resulting in a
denial of service. |
| Alerts: |
|
Comments (none posted)
nginx: cross site scripting
| Package(s): | nginx |
CVE #(s): | |
| Created: | July 20, 2007 |
Updated: | September 14, 2009 |
| Description: |
Nginx [engine x] is an HTTP(S) server, HTTP(S) reverse proxy and IMAP/POP3
proxy server written by Igor Sysoev. The "msie_refresh" directive could
allow cross site scripting. |
| Alerts: |
|
Comments (none posted)
nss_ldap: credential or other information disclosure
| Package(s): | nss_ldap |
CVE #(s): | CVE-2007-5794
|
| Created: | November 26, 2007 |
Updated: | July 30, 2008 |
| Description: |
From the Gentoo advisory:
Josh Burley reported that nss_ldap does not properly handle the LDAP
connections due to a race condition that can be triggered by
multi-threaded applications using nss_ldap, which might lead to
requested data being returned to a wrong process.
|
| Alerts: |
|
Comments (none posted)
opal: denial of service
| Package(s): | opal |
CVE #(s): | CVE-2007-4924
|
| Created: | October 8, 2007 |
Updated: | January 9, 2008 |
| Description: |
From the Red Hat advisory: A flaw was discovered in the way opal handled certain Session Initiation
Protocol (SIP) packets. An attacker could use this flaw to crash an
application, such as Ekiga, which is linked with opal. (CVE-2007-4924) |
| Alerts: |
|
Comments (none posted)
openldap: denial of service
| Package(s): | openldap |
CVE #(s): | CVE-2007-5707
|
| Created: | November 8, 2007 |
Updated: | April 9, 2008 |
| Description: |
The OpenLDAP Lightweight Directory Access Protocol suite has a problem
with handling of malformed objectClasses LDAP attributes by the slapd
daemon. Both local and remote attackers can use this to crash slapd,
causing a denial of service. |
| Alerts: |
|
Comments (none posted)
openldap: denial of service
| Package(s): | openldap |
CVE #(s): | CVE-2007-5708
|
| Created: | November 23, 2007 |
Updated: | April 9, 2008 |
| Description: |
slapo-pcache (overlays/pcache.c) in slapd in OpenLDAP before 2.3.39, when
running as a proxy-caching server, allocates memory using a malloc variant
instead of calloc, which prevents an array from being initialized properly
and might allow attackers to cause a denial of service (segmentation fault)
via unknown vectors that prevent the array from being null terminated. |
| Alerts: |
|
Comments (none posted)
OpenOffice.org: arbitrary code execution
| Package(s): | openoffice.org |
CVE #(s): | CVE-2007-0245
|
| Created: | June 13, 2007 |
Updated: | June 12, 2008 |
| Description: |
A specially crafted RTF file could cause the
filter to overwrite data on the heap, which may lead to the execution
of arbitrary code. |
| Alerts: |
|
Comments (none posted)
openoffice.org: arbitrary code execution via TIFF images
| Package(s): | openoffice.org |
CVE #(s): | CVE-2007-2834
|
| Created: | September 17, 2007 |
Updated: | June 12, 2008 |
| Description: |
A heap overflow vulnerability has been discovered in the TIFF parsing
code of the OpenOffice.org suite. The parser uses untrusted values
from the TIFF file to calculate the number of bytes of memory to
allocate. A specially crafted TIFF image could trigger an integer
overflow and subsequently a buffer overflow that could cause the
execution of arbitrary code. |
| Alerts: |
|
Comments (none posted)
openoffice.org: arbitrary code execution
| Package(s): | openoffice.org |
CVE #(s): | CVE-2007-4575
|
| Created: | December 5, 2007 |
Updated: | September 10, 2008 |
| Description: |
From the OpenOffice advisory:
A security vulnerability in HSQLDB, the default database engine shipped with OpenOffice.org 2 (all versions), may allow attackers to execute arbitrary static Java code, by manipulating database documents to be opened by a user. |
| Alerts: |
|
Comments (none posted)
openssh: remote denial of service
| Package(s): | openssh |
CVE #(s): | CVE-2006-4924
CVE-2006-5051
|
| Created: | September 27, 2006 |
Updated: | September 17, 2008 |
| Description: |
Openssh 4.4 fixes some
security issues, including a pre-authentication denial of service, an
unsafe signal hander and on portable OpenSSH a GSSAPI authentication abort
could be used to determine the validity of usernames on some platforms. |
| Alerts: |
|
Comments (none posted)
openssl: off-by-one error
| Package(s): | openssl |
CVE #(s): | CVE-2007-4995
|
| Created: | October 23, 2007 |
Updated: | May 13, 2008 |
| Description: |
Off-by-one error in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8f
and 0.9.7 allows remote attackers to execute arbitrary code via unspecified
vectors. |
| Alerts: |
|
Comments (none posted)
openssl: off-by-one error
| Package(s): | openssl |
CVE #(s): | CVE-2007-5135
|
| Created: | October 3, 2007 |
Updated: | July 31, 2008 |
| Description: |
From the Debian advisory: An off-by-one error has been identified in the SSL_get_shared_ciphers()
routine in the libssl library from OpenSSL, an implementation of Secure
Socket Layer cryptographic libraries and utilities. This error could
allow an attacker to crash an application making use of OpenSSL's libssl
library, or potentially execute arbitrary code in the security context
of the user running such an application. |
| Alerts: |
|
Comments (none posted)
openssl: private key attack
| Package(s): | openssl |
CVE #(s): | CVE-2007-3108
|
| Created: | August 7, 2007 |
Updated: | May 13, 2008 |
| Description: |
OpenSSL could allow a local user in certain circumstances to divulge
information about private keys being used. |
| Alerts: |
|
Comments (none posted)
opera: multiple vulnerabilities
| Package(s): | opera |
CVE #(s): | CVE-2007-6520
CVE-2007-6521
CVE-2007-6522
CVE-2007-6523
CVE-2007-6524
|
| Created: | January 7, 2008 |
Updated: | January 9, 2008 |
| Description: |
From the SUSE advisory:
CVE-2007-6520: Fixed an issue where plug-ins could be used to allow
cross domain scripting, as reported by David Bloom. Details will be
disclosed at a later date.
CVE-2007-6521: Fixed an issue with TLS certificates that could
be used to execute arbitrary code, as reported by Alexander Klink
(Cynops GmbH). Details will be disclosed at a later date.
CVE-2007-6522: Rich text editing can no longer be used to allow cross
domain scripting, as reported by David Bloom. See our advisory.
CVE-2007-6523: Fixed a problem where malformed BMP files could cause
Opera to temporarily freeze.
CVE-2007-6524: Prevented bitmaps from revealing random data from
memory, as reported by Gynvael Coldwind. Details will be disclosed
at a later date. |
| Alerts: |
|
Comments (none posted)
opera: multiple vulnerabilities
| Package(s): | opera |
CVE #(s): | CVE-2007-4367
CVE-2007-3929
CVE-2007-3142
CVE-2007-3819
|
| Created: | August 23, 2007 |
Updated: | February 27, 2008 |
| Description: |
The Opera browser has multiple vulnerabilities.
The JavaScript engine is vulnerable to a virtual function call on an invalid pointer that can be triggered by specially crafted JavaScript.
A freed pointer in the BitTorrent support may be
accessed, this can be used for malicious code execution.
The browser is vulnerable to several memory read protection
errors. There are URI display errors that can be used to trick
users into visiting arbitrary web sites. |
| Alerts: |
|
Comments (none posted)
pcre: CVE consolidation
| Package(s): | pcre |
CVE #(s): | CVE-2005-4872
CVE-2006-7227
CVE-2006-7224
|
| Created: | November 15, 2007 |
Updated: | May 13, 2008 |
| Description: |
PCRE has flaws in the way it handles malformed regular
expressions.
If an application linked against PCRE, such as Konqueror,
encounters a maliciously created regular expression, it may be possible
to run arbitrary code. Vulnerabilities CVE-2005-4872 and CVE-2006-7227
have been combined into CVE-2006-7224. |
| Alerts: |
|
Comments (5 posted)
pcre: two arbitrary code execution vulnerabilities
| Package(s): | pcre |
CVE #(s): | CVE-2007-1659
CVE-2007-1660
|
| Created: | November 6, 2007 |
Updated: | July 16, 2008 |
| Description: |
Multiple flaws were found in the way pcre handles certain malformed regular
expressions. If an application linked against pcre, such as Konqueror,
parses a malicious regular expression, it may be possible to run arbitrary
code as the user running the application. (CVE-2007-1659, CVE-2007-1660) |
| Alerts: |
|
Comments (none posted)
pcre: buffer overflows in library
| Package(s): | pcre |
CVE #(s): | CVE-2006-7228
CVE-2006-7230
CVE-2007-1661
CVE-2007-4766
CVE-2007-4767
|
| Created: | November 23, 2007 |
Updated: | July 16, 2008 |
| Description: |
Specially crafted regular expressions could lead to buffer overflows in the pcre library. Applications using pcre to process regular expressions from untrusted sources could therefore potentially be exploited by attackers to execute arbitrary code as the user running the application. |
| Alerts: |
|
Comments (1 posted)
pcre: buffer overflows
| Package(s): | pcre3 |
CVE #(s): | CVE-2007-1662
CVE-2007-4768
|
| Created: | November 27, 2007 |
Updated: | May 7, 2008 |
| Description: |
Perl-Compatible Regular Expression (PCRE) library before 7.3 reads past the
end of the string when searching for unmatched brackets and parentheses,
which allows context-dependent attackers to cause a denial of service
(crash), possibly involving forward references. (CVE-2007-1662)
Heap-based buffer overflow in Perl-Compatible Regular Expression (PCRE)
library before 7.3 allows context-dependent attackers to execute arbitrary
code via a singleton Unicode sequence in a character class in a regex
pattern, which is incorrectly optimized. (CVE-2007-4768) |
| Alerts: |
|
Comments (none posted)
peercast: buffer overflow
| Package(s): | peercast |
CVE #(s): | CVE-2007-6454
|
| Created: | December 28, 2007 |
Updated: | May 21, 2008 |
| Description: |
A heap-based buffer overflow in the handshakeHTTP function in servhs.cpp in PeerCast 0.1217 and earlier, and SVN 344 and earlier, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long SOURCE request. |
| Alerts: |
|
Comments (none posted)
perl-Net-DNS: predictable id sequence
| Package(s): | perl-Net-DNS |
CVE #(s): | CVE-2007-3377
|
| Created: | June 26, 2007 |
Updated: | March 12, 2008 |
| Description: |
Net::DNS before 0.60 uses an id sequence that is predictable and the same
in all child processes. |
| Alerts: |
|
Comments (none posted)
php: several vulnerabilities
| Package(s): | php |
CVE #(s): | CVE-2006-4481
CVE-2006-4484
CVE-2006-4485
|
| Created: | September 8, 2006 |
Updated: | June 13, 2008 |
| Description: |
The file_exists and imap_reopen functions in PHP before 5.1.5 do not check
for the safe_mode and open_basedir settings, which allows local users to
bypass the settings (CVE-2006-4481).
A buffer overflow in the LWZReadByte function in ext/gd/libgd/gd_gif_in.c
in the GD extension in PHP before 5.1.5 allows remote attackers to have an
unknown impact via a GIF file with input_code_size greater than
MAX_LWZ_BITS, which triggers an overflow when initializing the table array
(CVE-2006-4484).
The stripos function in PHP before 5.1.5 has unknown impact and attack
vectors related to an out-of-bounds read (CVE-2006-4485). |
| Alerts: |
|
Comments (1 posted)
php: multiple vulnerabilities
| Package(s): | php |
CVE #(s): | CVE-2007-2872
CVE-2007-2756
|
| Created: | June 1, 2007 |
Updated: | January 29, 2008 |
| Description: |
According to a vendor release announcement multiple
security enhancements and fixes were fixed in version 5.2.3 of the
programming language PHP. |
| Alerts: |
|
Comments (none posted)
php: multiple vulnerabilities
| Package(s): | php |
CVE #(s): | CVE-2007-3799
CVE-2007-3998
CVE-2007-4659
CVE-2007-4658
CVE-2007-4670
CVE-2007-4661
|
| Created: | October 23, 2007 |
Updated: | May 19, 2008 |
| Description: |
From the Red Hat advisory:
Various integer overflow flaws were found in the PHP gd extension. A
script that could be forced to resize images from an untrusted source could
possibly allow a remote attacker to execute arbitrary code as the apache
user. (CVE-2007-3996)
A previous security update introduced a bug into PHP session cookie
handling. This could allow an attacker to stop a victim from viewing a
vulnerable web site if the victim has first visited a malicious web page
under the control of the attacker, and that page can set a cookie for the
vulnerable web site. (CVE-2007-4670)
A flaw was found in the PHP money_format function. If a remote attacker
was able to pass arbitrary data to the money_format function this could
possibly result in an information leak or denial of service. Note that is
is unusual for a PHP script to pass user-supplied data to the money_format
function. (CVE-2007-4658)
A flaw was found in the PHP wordwrap function. If a remote attacker was
able to pass arbitrary data to the wordwrap function this could possibly
result in a denial of service. (CVE-2007-3998)
A bug was found in PHP session cookie handling. This could allow an
attacker to create a cross-site cookie insertion attack if a victim follows
an untrusted carefully-crafted URL. (CVE-2007-3799)
A flaw was found in handling of dynamic changes to global variables. A
script which used certain functions which change global variables could
be forced to enable the register_globals configuration option, possibly
resulting in global variable injection. (CVE-2007-4659)
An integer overflow flaw was found in the PHP chunk_split function. If a
remote attacker was able to pass arbitrary data to the third argument of
chunk_split they could possibly execute arbitrary code as the apache user.
Note that it is unusual for a PHP script to use the chunk_split function
with a user-supplied third argument. (CVE-2007-4661) |
| Alerts: |
|
Comments (none posted)
php: buffer overflows
| Package(s): | php |
CVE #(s): | CVE-2006-5465
|
| Created: | November 3, 2006 |
Updated: | January 18, 2010 |
| Description: |
The Hardened-PHP Project discovered buffer overflows in
htmlentities/htmlspecialchars internal routines to the PHP Project. Of
course the whole purpose of these functions is to be filled with user
input. (The overflow can only be when UTF-8 is used) |
| Alerts: |
|
Comments (none posted)
php5: multiple vulnerabilities
| Package(s): | php5 |
CVE #(s): | CVE-2007-4657
CVE-2007-4660
CVE-2007-4662
|
| Created: | November 30, 2007 |
Updated: | July 4, 2008 |
| Description: |
Multiple integer overflows in PHP 4 before 4.4.8, and PHP 5 before 5.2.4,
allow remote attackers to obtain sensitive information (memory contents) or
cause a denial of service (thread crash) via a large len value to the (1)
strspn or (2) strcspn function, which triggers an out-of-bounds read. NOTE:
this affects different product versions than CVE-2007-3996.
(CVE-2007-4657)
Unspecified vulnerability in the chunk_split function in PHP before 5.2.4
has unknown impact and attack vectors, related to an incorrect size
calculation. (CVE-2007-4660)
Buffer overflow in the php_openssl_make_REQ function in PHP before 5.2.4
has unknown impact and attack vectors. (CVE-2007-4662) |
| Alerts: |
|
Comments (none posted)
php5: multiple vulnerabilities
| Package(s): | php5 |
CVE #(s): | CVE-2007-4783
CVE-2007-4840
CVE-2007-5898
CVE-2007-5899
CVE-2007-5900
|
| Created: | November 20, 2007 |
Updated: | January 18, 2010 |
| Description: |
The php5 package contains multiple vulnerabilities, the most serious of which involve several Denial of Service attacks (application crashes and temporary application hangs). It is not currently known that these vulnerabilities can be exploited to execute malicious code. |
| Alerts: |
|
Comments (none posted)
phpbb2: missing input sanitizing
| Package(s): | phpbb2 |
CVE #(s): | CVE-2006-1896
|
| Created: | May 22, 2006 |
Updated: | February 11, 2008 |
| Description: |
It was discovered that phpbb2, a web based bulletin board, insufficiently
sanitizes values passed to the "Font Color 3" setting, which might lead to
the execution of injected code by admin users. |
| Alerts: |
|
Comments (none posted)
phpbb2: multiple vulnerabilities
| Package(s): | phpbb2 |
CVE #(s): | CVE-2005-3310
CVE-2005-3415
CVE-2005-3416
CVE-2005-3417
CVE-2005-3418
CVE-2005-3419
CVE-2005-3420
CVE-2005-3536
CVE-2005-3537
|
| Created: | December 22, 2005 |
Updated: | February 11, 2008 |
| Description: |
The phpbb2 web forum has a number of vulnerabilities including:
a web script injection problem, a protection mechanism bypass, a
security check bypass, a remote global variable bypass, cross site
scripting vulnerabilities, an SQL injection vulnerability,
a remote regular expression modification problem, missing input
sanitizing, and a missing request validation problem. |
| Alerts: |
|
Comments (none posted)
phpmyadmin: multiple vulnerabilities
| Package(s): | phpmyadmin |
CVE #(s): | CVE-2006-6942
CVE-2006-6944
CVE-2007-1325
CVE-2007-1395
CVE-2007-2245
|
| Created: | September 10, 2007 |
Updated: | March 19, 2009 |
| Description: |
Several remote vulnerabilities have been discovered in phpMyAdmin, a
program to administrate MySQL over the web. The Common Vulnerabilities
and Exposures project identifies the following problems:
CVE-2007-1325:
The PMA_ArrayWalkRecursive function in libraries/common.lib.php
does not limit recursion on arrays provided by users, which allows
context-dependent attackers to cause a denial of service (web
server crash) via an array with many dimensions.
CVE-2007-1395:
Incomplete blacklist vulnerability in index.php allows remote
attackers to conduct cross-site scripting (XSS) attacks by
injecting arbitrary JavaScript or HTML in a (1) db or (2) table
parameter value followed by an uppercase </SCRIPT> end tag,
which bypasses the protection against lowercase </script>.
CVE-2007-2245:
Multiple cross-site scripting (XSS) vulnerabilities allow remote
attackers to inject arbitrary web script or HTML via (1) the
fieldkey parameter to browse_foreigners.php or (2) certain input
to the PMA_sanitize function.
CVE-2006-6942:
Multiple cross-site scripting (XSS) vulnerabilities allow remote
attackers to inject arbitrary HTML or web script via (1) a comment
for a table name, as exploited through (a) db_operations.php,
(2) the db parameter to (b) db_create.php, (3) the newname parameter
to db_operations.php, the (4) query_history_latest,
(5) query_history_latest_db, and (6) querydisplay_tab parameters to
(c) querywindow.php, and (7) the pos parameter to (d) sql.php.
CVE-2006-6944:
phpMyAdmin allows remote attackers to bypass Allow/Deny access rules
that use IP addresses via false headers.
|
| Alerts: |
|
Comments (none posted)
phpMyAdmin: cross-site scripting vulnerabilities
| Package(s): | phpMyAdmin |
CVE #(s): | CVE-2007-5386
CVE-2007-5589
|
| Created: | November 2, 2007 |
Updated: | March 14, 2008 |
| Description: |
Cross-site scripting (XSS) vulnerability in scripts/setup.php in phpMyAdmin
2.11.1, when accessed by a browser that does not URL-encode requests,
allows remote attackers to inject arbitrary web script or HTML via the
query string.
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before
2.11.1.2 allow remote attackers to inject arbitrary web script or HTML via
certain input available in (1) PHP_SELF in (a) server_status.php, and (b)
grab_globals.lib.php, (c) display_change_password.lib.php, and (d)
common.lib.php in libraries/; and certain input available in PHP_SELF and
(2) PATH_INFO in libraries/common.inc.php. NOTE: there might also be other
vectors related to (3) REQUEST_URI. |
| Alerts: |
|
Comments (none posted)
phpMyAdmin: information disclosure
| Package(s): | phpMyAdmin |
CVE #(s): | CVE-2007-0095
|
| Created: | December 11, 2007 |
Updated: | September 25, 2008 |
| Description: |
phpMyAdmin 2.9.1.1 allows remote attackers to obtain sensitive information
via a direct request for themes/darkblue_orange/layout.inc.php, which
reveals the path in an error message. |
| Alerts: |
|
Comments (none posted)
phpMyAdmin: SQL injection
| Package(s): | phpMyAdmin |
CVE #(s): | CVE-2007-5976
CVE-2007-5977
|
| Created: | November 22, 2007 |
Updated: | March 19, 2009 |
| Description: |
phpMyAdmin prior to version 2.11.2.1 has an SQL injection vulnerability
in db_create.php. Remote authenticated users with CREATE DATABASE privileges can use this to execute arbitrary SQL commands via the db parameter.
db_create.php also has a related cross-site scripting vulnerability.
Remote authenticated users can inject arbitrary web scripts or HTML
using a hex-encoded IMG element in the db parameter in a POST request. |
| Alerts: |
|
Comments (none posted)
phpPgAdmin: cross-site scripting
| Package(s): | phppgadmin |
CVE #(s): | CVE-2007-2865
CVE-2007-5728
|
| Created: | June 18, 2007 |
Updated: | January 21, 2009 |
| Description: |
A cross-site scripting (XSS) vulnerability in sqledit.php in phpPgAdmin
4.1.1 allows remote attackers to inject arbitrary web script or HTML via
the server parameter. |
| Alerts: |
|
Comments (none posted)
poppler and xpdf: multiple vulnerabilities
| Package(s): | poppler xpdf |
CVE #(s): | CVE-2007-4352
CVE-2007-5392
CVE-2007-5393
|
| Created: | November 8, 2007 |
Updated: | February 26, 2008 |
| Description: |
The xpdf and poppler PDF libraries contain several vulnerabilities which can lead to arbitrary command execution via hostile PDF files. Numerous other applications which use these libraries (PDF viewers, CUPS, etc.) will be affected by the vulnerabilities as well. |
| Alerts: |
|
Comments (none posted)
postgresql: several vulnerabilities
| Package(s): | postgresql |
CVE #(s): | CVE-2007-3278
CVE-2007-3279
CVE-2007-3280
|
| Created: | September 25, 2007 |
Updated: | February 1, 2008 |
| Description: |
PostgreSQL 8.1 and probably later and earlier versions, when local trust
authentication is enabled and the Database Link library (dblink) is
installed, allows remote attackers to access arbitrary accounts and execute
arbitrary SQL queries via a dblink host parameter that proxies the
connection from 127.0.0.1. (CVE-2007-3278)
PostgreSQL 8.1 and probably later and earlier versions, when the PL/pgSQL
(plpgsql) language has been created, grants certain plpgsql privileges to
the PUBLIC domain, which allows remote attackers to create and execute
functions, as demonstrated by functions that perform local brute-force
password guessing attacks, which may evade intrusion
detection. (CVE-2007-3279)
The Database Link library (dblink) in PostgreSQL 8.1 implements functions
via CREATE statements that map to arbitrary libraries based on the C
programming language, which allows remote authenticated superusers to map
and execute a function from any library, as demonstrated by using the
system function in libc.so.6 to gain shell access. (CVE-2007-3280) |
| Alerts: |
|
Comments (1 posted)
PostgreSQL: multiple vulnerabilities
| Package(s): | postgresql |
CVE #(s): | CVE-2007-6600
CVE-2007-4772
CVE-2007-6067
CVE-2007-4769
CVE-2007-6601
|
| Created: | January 9, 2008 |
Updated: | January 17, 2013 |
| Description: |
Several vulnerabilities have been found in the PostgreSQL database manager. The developers call the fixes "critical," but also note that, as of the time of the update, none of them were known to be exploited; see this advisory for more information. |
| Alerts: |
|
Comments (none posted)
pulseaudio: denial of service
| Package(s): | pulseaudio |
CVE #(s): | CVE-2007-1804
|
| Created: | May 30, 2007 |
Updated: | March 10, 2008 |
| Description: |
The pulseaudio network code suffers from a denial of service vulnerability exploitable by an unauthenticated attacker. |
| Alerts: |
|
Comments (none posted)
pwlib: denial of service
| Package(s): | pwlib |
CVE #(s): | CVE-2007-4897
|
| Created: | October 8, 2007 |
Updated: | January 9, 2008 |
| Description: |
From the Red Hat advisory: A memory management flaw was discovered in PWLib. An attacker could use this
flaw to crash an application, such as Ekiga, which is linked with pwlib
(CVE-2007-4897).
|
| Alerts: |
|
Comments (none posted)
python: information disclosure
| Package(s): | python |
CVE #(s): | CVE-2007-2052
|
| Created: | May 9, 2007 |
Updated: | July 30, 2009 |
| Description: |
Python 2.4 and 2.5 contain a bug in PyLocale_strxfrm() which could enable an attacker to read portions of unrelated memory. |
| Alerts: |
|
Comments (none posted)
python: integer overflows
| Package(s): | python |
CVE #(s): | CVE-2007-4965
|
| Created: | October 30, 2007 |
Updated: | July 30, 2009 |
| Description: |
Multiple integer overflows in the imageop module in Python 2.5.1 and
earlier allow context-dependent attackers to cause a denial of service
(application crash) and possibly obtain sensitive information (memory
contents) via crafted arguments to (1) the tovideo method, and unspecified
other vectors related to (2) imageop.c, (3) rbgimgmodule.c, and other
files, which trigger heap-based buffer overflows. |
| Alerts: |
|
Comments (none posted)
python-cherrypy: unauthorized file access via malicious cookie
| Package(s): | python-cherrypy |
CVE #(s): | CVE-2008-0252
|
| Created: | January 9, 2008 |
Updated: | February 6, 2008 |
| Description: |
From the Fedora advisory:
Malicious cookies may allow access to
files outside the session directory. |
| Alerts: |
|
Comments (none posted)
qemu: multiple vulnerabilities
Comments (none posted)
qt4: security restriction bypass
| Package(s): | qt4 |
CVE #(s): | CVE-2007-5965
|
| Created: | January 3, 2008 |
Updated: | February 21, 2008 |
| Description: |
Trolltech Qt has a privilege escalation vulnerability.
An error can be triggered in QSslSocket when verifying SSL certificates,
attackers can use this to bypass the SSL certificate verification
and acquire unauthorized access to a vulnerable application. |
| Alerts: |
|
Comments (1 posted)
quagga: denial of service
| Package(s): | quagga |
CVE #(s): | CVE-2007-4826
|
| Created: | September 14, 2007 |
Updated: | October 25, 2010 |
| Description: |
The bgpd daemon in Quagga prior to 0.99.9 allowed remote BGP peers to cause
a denial of service crash via a malformed OPEN message or COMMUNITY
attribute. |
| Alerts: |
|
Comments (none posted)
quake: buffer overflow
| Package(s): | quake3-bin |
CVE #(s): | CVE-2006-2236
|
| Created: | May 10, 2006 |
Updated: | January 12, 2009 |
| Description: |
Games based on the Quake 3 engine are vulnerable to a buffer overflow exploitable by a hostile game server. |
| Alerts: |
|
Comments (none posted)
rails: multiple vulnerabilities
| Package(s): | rails |
CVE #(s): | CVE-2007-5380
CVE-2007-3227
CVE-2007-5379
|
| Created: | November 15, 2007 |
Updated: | December 21, 2009 |
| Description: |
Ruby on Rails has the following vulnerabilities:
ActiveResource does not properly sanitize filenames in the Hash.from_xml() function.
The session_id can be set from the URL from the session management.
The to_json() function does not properly sanitize input before it is
returned to the user. |
| Alerts: |
|
Comments (none posted)
rsync: restricted file access
| Package(s): | rsync |
CVE #(s): | CVE-2007-6199
CVE-2007-6200
|
| Created: | December 5, 2007 |
Updated: | September 23, 2011 |
| Description: |
From the CVE entry:
rsync before 3.0.0pre6, when running a writable rsync daemon that is not using chroot, allows remote attackers to access restricted files via unknown vectors that cause rsync to create a symlink that points outside of the module's hierarchy. |
| Alerts: |
|
Comments (none posted)
ruby: insufficient SSL certificate validation
| Package(s): | ruby |
CVE #(s): | CVE-2007-5162
CVE-2007-5770
|
| Created: | October 8, 2007 |
Updated: | October 10, 2008 |
| Description: |
The connect method in lib/net/http.rb in the (1) Net::HTTP and (2) Net::HTTPS libraries in Ruby 1.8.5 and 1.8.6 does not verify that the commonName (CN) field in a server certificate matches the domain name in an HTTPS request, which makes it easier for remote attackers to intercept SSL transmissions via a man-in-the-middle attack or spoofed web site. |
| Alerts: |
|
Comments (none posted)
ruby-gnome2: format string vulnerability
| Package(s): | ruby-gnome2 |
CVE #(s): | CVE-2007-6183
|
| Created: | December 7, 2007 |
Updated: | December 22, 2008 |
| Description: |
A format string vulnerability in the mdiag_initialize function in gtk/src/rbgtkmessagedialog.c in Ruby-GNOME 2 (aka Ruby/Gnome2) 0.16.0, and SVN versions before 20071127, allows context-dependent attackers to execute arbitrary code via format string specifiers in the message parameter. |
| Alerts: |
|
Comments (none posted)
samba: buffer overflow
| Package(s): | samba |
CVE #(s): | CVE-2007-4572
|
| Created: | November 15, 2007 |
Updated: | December 3, 2008 |
| Description: |
The Samba user authentication is vulnerable to a heap-based buffer overflow.
Remote unauthenticated users can use this to crash the Samba server
and cause a denial of service. |
| Alerts: |
|
Comments (none posted)
samba: stack-based buffer overflow
| Package(s): | samba |
CVE #(s): | CVE-2007-6015
|
| Created: | December 11, 2007 |
Updated: | December 3, 2008 |
| Description: |
A stack buffer overflow flaw was found in the way Samba authenticates
remote users. A remote unauthenticated user could trigger this flaw to
cause the Samba server to crash, or execute arbitrary code with the
permissions of the Samba server. |
| Alerts: |
|
Comments (none posted)
samba: buffer overflow
| Package(s): | samba |
CVE #(s): | CVE-2007-5398
|
| Created: | November 15, 2007 |
Updated: | December 3, 2008 |
| Description: |
Samba's mechanism for creating NetBIOS replies is vulnerable to a
buffer overflow. Samba servers that are configured to run as a
WINS server can be crashed by a remote unauthenticated user,
execution of arbitrary code may also be possible. |
| Alerts: |
|
Comments (none posted)
slocate: information disclosure
| Package(s): | slocate |
CVE #(s): | CVE-2007-0227
|
| Created: | February 22, 2007 |
Updated: | September 4, 2012 |
| Description: |
The slocate permission checking code has a local information disclosure
vulnerability. During the reporting of matching files, slocate does not
respect the parent directory's read permissions, resulting in hidden
filenames being viewable by other local users. |
| Alerts: |
|
Comments (none posted)
squid: denial of service
| Package(s): | squid |
CVE #(s): | CVE-2007-6239
|
| Created: | December 18, 2007 |
Updated: | March 25, 2009 |
| Description: |
A flaw was found in the way squid stored HTTP headers for cached objects
in system memory. An attacker could cause squid to use additional memory,
and trigger high CPU usage when processing requests for certain cached
objects, possibly leading to a denial of service. |
| Alerts: |
|
Comments (none posted)
streamripper: buffer overflow
| Package(s): | streamripper |
CVE #(s): | CVE-2007-4337
|
| Created: | September 14, 2007 |
Updated: | December 9, 2008 |
| Description: |
Chris Rohlf discovered several boundary errors in the
httplib_parse_sc_header() function when processing HTTP headers. |
| Alerts: |
|
Comments (none posted)
subversion: possible information leak
| Package(s): | subversion |
CVE #(s): | CVE-2007-2448
|
| Created: | October 30, 2007 |
Updated: | February 1, 2011 |
| Description: |
Subversion 1.4.3 and earlier does not properly implement the "partial
access" privilege for users who have access to changed paths but not copied
paths, which allows remote authenticated users to obtain sensitive
information (revision properties) via svn (1) propget, (2) proplist, or (3)
propedit. |
| Alerts: |
|
Comments (none posted)
Sun JDK/JRE: multiple vulnerabilities
| Package(s): | Sun JDK/JRE |
CVE #(s): | CVE-2007-2435
CVE-2007-2788
CVE-2007-2789
|
| Created: | June 1, 2007 |
Updated: | April 18, 2008 |
| Description: |
An unspecified vulnerability involving an "incorrect use of system
classes" was reported by the Fujitsu security team. Additionally, Chris
Evans from the Google Security Team reported an integer overflow
resulting in a buffer overflow in the ICC parser used with JPG or BMP
files, and an incorrect open() call to /dev/tty when processing certain
BMP files. |
| Alerts: |
|
Comments (none posted)
syslog-ng: denial of service
| Package(s): | syslog-ng |
CVE #(s): | CVE-2007-6437
|
| Created: | December 31, 2007 |
Updated: | January 21, 2008 |
| Description: |
The syslog-ng daemon does not properly handle messages containing an unterminated time stamp, resulting in the dereferencing of a NULL pointer and subsequent crash. |
| Alerts: |
|
Comments (1 posted)
sysstat: insecure temporary files
| Package(s): | sysstat |
CVE #(s): | CVE-2007-3852
|
| Created: | August 20, 2007 |
Updated: | September 23, 2011 |
| Description: |
The init script (sysstat.in) in sysstat 5.1.2 up to 7.1.6 creates
/tmp/sysstat.run insecurely, which allows local users to execute arbitrary
code. |
| Alerts: |
|
Comments (1 posted)
t1lib: buffer overflow
| Package(s): | t1lib |
CVE #(s): | CVE-2007-4033
|
| Created: | September 20, 2007 |
Updated: | February 12, 2008 |
| Description: |
T1lib, an enhanced rasterizer for X11 Type 1 fonts, does
not properly perform bounds checking. An attacker can send
specially crafted input to applications linked against the library in
order to create a buffer overflow, resulting in a denial of service
or the execution of arbitrary code. |
| Alerts: |
|
Comments (none posted)
tar: buffer overflow
| Package(s): | tar |
CVE #(s): | CVE-2007-4476
|
| Created: | October 16, 2007 |
Updated: | March 17, 2010 |
| Description: |
Buffer overflow in the safer_name_suffix function in GNU tar has unspecified attack vectors and impact, resulting in a "crashing stack." |
| Alerts: |
|
Comments (none posted)
tcpreen: denial of service
| Package(s): | tcpreen |
CVE #(s): | CVE-2007-6562
|
| Created: | January 3, 2008 |
Updated: | January 9, 2008 |
| Description: |
The tcpreen TCP connection monitoring tool has multiple buffer overflow
vulnerabilities, these may be used to cause a denial of service. |
| Alerts: |
|
Comments (none posted)
tetex: buffer overflow
| Package(s): | tetex |
CVE #(s): | CVE-2007-0650
|
| Created: | May 8, 2007 |
Updated: | May 13, 2008 |
| Description: |
A buffer overflow in the open_sty function in mkind.c for makeindex 2.14 in
teTeX might allow user-assisted remote attackers to overwrite files and
possibly execute arbitrary code via a long filename. NOTE: other overflows
exist but might not be exploitable, such as a heap-based overflow in the
check_idx function. |
| Alerts: |
|
Comments (1 posted)
teTeX: multiple vulnerabilities
| Package(s): | tetex |
CVE #(s): | CVE-2007-5937
CVE-2007-5936
CVE-2007-5935
|
| Created: | November 19, 2007 |
Updated: | May 10, 2010 |
| Description: |
From the Gentoo advisory:
Joachim Schrod discovered several buffer overflow vulnerabilities and
an insecure temporary file creation in the "dvilj" application that is
used by dvips to convert DVI files to printer formats (CVE-2007-5937,
CVE-2007-5936). Bastien Roucaries reported that the "dvips" application
is vulnerable to two stack-based buffer overflows when processing DVI
documents with long \href{} URIs (CVE-2007-5935). teTeX also includes
code from Xpdf that is vulnerable to a memory corruption and two
heap-based buffer overflows (GLSA 200711-22); and it contains code from
T1Lib that is vulnerable to a buffer overflow when processing an overly
long font filename (GLSA 200710-12). |
| Alerts: |
|
Comments (none posted)
Tk: buffer overflow
| Package(s): | tk8.3 |
CVE #(s): | CVE-2007-5378
|
| Created: | November 28, 2007 |
Updated: | March 17, 2009 |
| Description: |
The Tk toolkit's GIF-reading code contains a buffer overflow which could be exploited via a malicious image file. Fixes may be found in versions 8.4.12 and 8.3.5. |
| Alerts: |
|
Comments (none posted)
tk: denial of service
| Package(s): | tk8.3 tk8.4 |
CVE #(s): | CVE-2007-5137
|
| Created: | October 12, 2007 |
Updated: | March 17, 2009 |
| Description: |
It was discovered that Tk could be made to overrun a buffer when loading
certain images. If a user were tricked into opening a specially crafted GIF
image, remote attackers could cause a denial of service or execute
arbitrary code with user privileges. |
| Alerts: |
|
Comments (none posted)
tog-pegasus: stack buffer overflow
| Package(s): | tog-pegasus |
CVE #(s): | CVE-2008-0003
|
| Created: | January 8, 2008 |
Updated: | January 12, 2008 |
| Description: |
During a security audit, a stack buffer overflow flaw was found in the PAM
authentication code in the OpenPegasus CIM management server. An
unauthenticated remote user could trigger this flaw and potentially execute
arbitrary code with root privileges. |
| Alerts: |
|
Comments (none posted)
tomboy: execution of arbitrary code
| Package(s): | tomboy |
CVE #(s): | CVE-2005-4790
|
| Created: | November 9, 2007 |
Updated: | February 22, 2011 |
| Description: |
Jan Oravec reported that the "/usr/bin/tomboy" script sets the
"LD_LIBRARY_PATH" environment variable incorrectly, which might result
in the current working directory (.) to be included when searching for
dynamically linked libraries of the Mono Runtime application.
Note that the tomboy vulnerability was added in 2007. |
| Alerts: |
|
Comments (none posted)
tomcat: directory traversal
| Package(s): | tomcat |
CVE #(s): | CVE-2007-0450
|
| Created: | May 2, 2007 |
Updated: | February 27, 2008 |
| Description: |
Versions of tomcat prior to 5.5.22 do not properly filter filename separator characters, enabling information disclosure attacks. |
| Alerts: |
|
Comments (none posted)
tomcat: cross-site scripting
| Package(s): | tomcat |
CVE #(s): | CVE-2007-2449
CVE-2007-2450
|
| Created: | July 17, 2007 |
Updated: | February 17, 2009 |
| Description: |
Some JSPs within the 'examples' web application did not escape user
provided data. If the JSP examples were accessible, this flaw could allow a
remote attacker to perform cross-site scripting attacks (CVE-2007-2449).
Note: it is recommended the 'examples' web application not be installed on
a production system.
The Manager and Host Manager web applications did not escape user provided
data. If a user is logged in to the Manager or Host Manager web
application, an attacker could perform a cross-site scripting attack
(CVE-2007-2450). |
| Alerts: |
|
Comments (1 posted)
tomcat: multiple vulnerabilities
| Package(s): | tomcat |
CVE #(s): | CVE-2007-3382
CVE-2007-3385
CVE-2007-3386
|
| Created: | September 26, 2007 |
Updated: | September 13, 2010 |
| Description: |
Tomcat was found treating single quote characters -- ' -- as delimiters in
cookies. This could allow remote attackers to obtain sensitive information,
such as session IDs, for session hijacking attacks (CVE-2007-3382).
It was reported Tomcat did not properly handle the following character
sequence in a cookie: \" (a backslash followed by a double-quote). It was
possible remote attackers could use this failure to obtain sensitive
information, such as session IDs, for session hijacking attacks
(CVE-2007-3385).
A cross-site scripting (XSS) vulnerability existed in the Host Manager
Servlet. This allowed remote attackers to inject arbitrary HTML and web
script via crafted requests (CVE-2007-3386). |
| Alerts: |
|
Comments (none posted)
tomcat: arbitrary file disclosure via path traversal
| Package(s): | tomcat5 |
CVE #(s): | CVE-2007-5461
|
| Created: | November 19, 2007 |
Updated: | February 17, 2009 |
| Description: |
From the CVE entry:
Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag. |
| Alerts: |
|
Comments (none posted)
unp: code execution via malicious file names
| Package(s): | unp |
CVE #(s): | CVE-2007-6610
|
| Created: | January 9, 2008 |
Updated: | January 9, 2008 |
| Description: |
The unp unpacking tool (prior to version 1.0.14) does not properly check file names, allowing the execution of shell commands. |
| Alerts: |
|
Comments (none posted)
vim: arbitrary code execution
| Package(s): | vim |
CVE #(s): | CVE-2007-2953
|
| Created: | July 30, 2007 |
Updated: | November 27, 2008 |
| Description: |
vim is vulnerable to a user-assisted attack in which vim may execute arbitrary code when helptags is run on data that has been maliciously crafted. |
| Alerts: |
|
Comments (none posted)
vlc: several vulnerabilities
| Package(s): | vlc |
CVE #(s): | CVE-2007-3316
CVE-2007-3467
CVE-2007-3468
|
| Created: | July 10, 2007 |
Updated: | March 10, 2008 |
| Description: |
Several remote vulnerabilities have been discovered in the VideoLan
multimedia player and streamer, which may lead to the execution of
arbitrary code. |
| Alerts: |
|
Comments (none posted)
wireshark: multiple vulnerabilities
| Package(s): | wireshark |
CVE #(s): | CVE-2007-3390
CVE-2007-3392
CVE-2007-3393
|
| Created: | June 28, 2007 |
Updated: | February 27, 2008 |
| Description: |
The wireshark network traffic analyzer has three vulnerabilities
that can be used to create a denial of service. These include
off-by-one overflows in the iSeries dissector, vulnerabilities in
the MMS and SSL dissectors that can cause an infinite loop and
an off-by-one overflow in the DHCP/BOOTP dissector. |
| Alerts: |
|
Comments (none posted)
wireshark: lots of dissector vulnerabilities
Comments (1 posted)
wordpress: multiple vulnerabilities
| Package(s): | wordpress |
CVE #(s): | CVE-2007-6013
CVE-2007-6318
|
| Created: | January 3, 2008 |
Updated: | January 9, 2008 |
| Description: |
The Wordpress online publishing and weblog utility has multiple
SQL injection vulnerabilities in versions 2.3.1 and earlier.
Remote attackers can use this to execute arbitrary SQL commands
via the s parameter. |
| Alerts: |
|
Comments (none posted)
wzdftpd: denial of service
| Package(s): | wzdftpd |
CVE #(s): | CVE-2007-5300
|
| Created: | January 7, 2008 |
Updated: | January 9, 2008 |
| Description: |
From the CVE entry:
Off-by-one error in the do_login_loop function in libwzd-core/wzd_login.c in wzdftpd 0.8.0, 0.8.2, and possibly other versions and earlier allows remote attackers to cause a denial of service (daemon crash) via a long USER command that triggers a stack-based buffer overflow. |
| Alerts: |
|
Comments (none posted)
x11: xfs font server overflows
| Package(s): | x11 |
CVE #(s): | CVE-2007-4568
CVE-2007-4989
CVE-2007-4990
|
| Created: | October 4, 2007 |
Updated: | January 18, 2008 |
| Description: |
xorg-x11 has a number of integer and heap overflow vulnerabilities in
the xfs font server. A local attacker may be able to use these for
the execution of arbitrary code with elevated privileges. |
| Alerts: |
|
Comments (none posted)
xen-utils: insecure temp files
| Package(s): | xen-utils |
CVE #(s): | CVE-2007-3919
|
| Created: | October 25, 2007 |
Updated: | May 16, 2008 |
| Description: |
The xen-utils collection of XEN administrative tools uses temporary files
insecurely. Local users can use this to truncate arbitrary files. |
| Alerts: |
|
Comments (none posted)
XFree86 X.org: integer overflows
| Package(s): | xfree86 x.org |
CVE #(s): | CVE-2007-1003
CVE-2007-1667
CVE-2007-1351
CVE-2007-1352
|
| Created: | April 3, 2007 |
Updated: | August 11, 2009 |
| Description: |
iDefense reported an integer overflow flaw in the XFree86 XC-MISC
extension. A malicious authorized client could exploit this issue to cause
a denial of service (crash) or potentially execute arbitrary code with root
privileges on the XFree86 server. (CVE-2007-1003)
iDefense reported two integer overflows in the way X.org handled various
font files. A malicious local user could exploit these issues to
potentially execute arbitrary code with the privileges of the X.org server.
(CVE-2007-1351, CVE-2007-1352)
An integer overflow flaw was found in the XFree86 XGetPixel() function.
Improper use of this function could cause an application calling it to
function improperly, possibly leading to a crash or arbitrary code
execution. (CVE-2007-1667) |
| Alerts: |
|
Comments (none posted)
xine-lib: arbitrary code execution
| Package(s): | xine-lib |
CVE #(s): | CVE-2007-1387
|
| Created: | March 13, 2007 |
Updated: | April 1, 2008 |
| Description: |
Moritz Jodeit discovered that the DirectShow loader of Xine did not
correctly validate the size of an allocated buffer. By tricking a user
into opening a specially crafted media file, an attacker could execute
arbitrary code with the user's privileges. |
| Alerts: |
|
Comments (none posted)
xine-lib: buffer overflow
| Package(s): | xine-lib |
CVE #(s): | CVE-2006-1664
|
| Created: | April 27, 2006 |
Updated: | February 27, 2008 |
| Description: |
xine-lib does an improper input data boundary check on
MPEG streams. A specially crafted MPEG file can be
created that can cause arbitrary code execution when the
file is accessed. |
| Alerts: |
|
Comments (none posted)
xmms: BMP handling vulnerability
| Package(s): | xmms |
CVE #(s): | CVE-2007-0653
CVE-2007-0654
|
| Created: | March 28, 2007 |
Updated: | July 26, 2011 |
| Description: |
xmms suffers from vulnerabilities in its handling of BMP images. Should a hostile image be included in an xmms skin, it could lead to code execution on the user's system. |
| Alerts: |
|
Comments (none posted)
X.org: temp file vulnerability
| Package(s): | X.org |
CVE #(s): | CVE-2007-3103
|
| Created: | July 12, 2007 |
Updated: | July 2, 2009 |
| Description: |
The X.Org X11 xfs font server has a temp file vulnerability in the
startup script. A local user can modify the permissions of the script
in order to elevate their local privileges. |
| Alerts: |
|
Comments (none posted)
xorg-server: local privilege escalation
| Package(s): | xorg-server |
CVE #(s): | CVE-2007-4730
|
| Created: | September 10, 2007 |
Updated: | January 24, 2008 |
| Description: |
Aaron Plattner discovered a buffer overflow in the Composite extension
of the X.org X server, which can lead to local privilege escalation. |
| Alerts: |
|
Comments (none posted)
xulrunner, firefox, thunderbird: multiple vulnerabilities
| Package(s): | xulrunner, firefox, thunderbird |
CVE #(s): | CVE-2007-1095
CVE-2007-2292
CVE-2007-3511
CVE-2007-5334
CVE-2007-5337
CVE-2007-5338
CVE-2007-5339
CVE-2007-5340
CVE-2006-2894
|
| Created: | October 22, 2007 |
Updated: | May 12, 2008 |
| Description: |
From the Debian advisory:
CVE-2007-1095:
Michal Zalewski discovered that the unload event handler had access to
the address of the next page to be loaded, which could allow information
disclosure or spoofing.
CVE-2007-2292:
Stefano Di Paola discovered that insufficient validation of user names
used in Digest authentication on a web site allows HTTP response splitting
attacks.
CVE-2007-3511:
It was discovered that insecure focus handling of the file upload
control can lead to information disclosure. This is a variant of
CVE-2006-2894.
CVE-2007-5334:
Eli Friedman discovered that web pages written in Xul markup can hide the
titlebar of windows, which can lead to spoofing attacks.
CVE-2007-5337:
Georgi Guninski discovered the insecure handling of smb:// and sftp:// URI
schemes may lead to information disclosure. This vulnerability is only
exploitable if Gnome-VFS support is present on the system.
CVE-2007-5338:
"moz_bug_r_a4" discovered that the protection scheme offered by XPCNativeWrappers
could be bypassed, which might allow privilege escalation.
CVE-2007-5339:
L. David Baron, Boris Zbarsky, Georgi Guninski, Paul Nickerson, Olli Pettay,
Jesse Ruderman, Vladimir Sukhoy, Daniel Veditz, and Martijn Wargers discovered
crashes in the layout engine, which might allow the execution of arbitrary code.
CVE-2007-5340:
Igor Bukanov, Eli Friedman, and Jesse Ruderman discovered crashes in the
Javascript engine, which might allow the execution of arbitrary code.
|
| Alerts: |
|
Comments (1 posted)
Page editor: Jake Edge
Kernel development
Brief items
The current 2.6 prepatch is 2.6.24-rc8, released by Linus on
January 15. It contains a fair number of fixes but not much else.
" So I'm pretty sure this is the last -rc, and the final 2.6.24 will
probably be out next weekend or so. But in the meantime, let's give this a
final shakedown, and see if we can fix any last regressions still."
See the
long-format changelog for the details.
As of this writing, a very small number of fixes has been merged post-rc8.
There have been no -mm releases over the last week.
The current stable 2.6 kernel is 2.6.23.14, released (along with 2.6.22.16) on January 14.
These releases contain a single patch: a fix for the filesystem security
vulnerability discussed on this
week's Security Page.
For older kernels: 2.6.16.58 was released on
January 16 with several fixes.
Comments (none posted)
Kernel development news
I wonder what a tiny, SANE register-based bytecode
interface might look like. Have a single page shared between kernel and
userland, for each thread. Userland fills that page with bytecode, for a
virtual machines with 256 registers -- where instructions roughly equate to
syscalls.
The common case -- a single syscall like open(2) -- would be a single byte
bytecode, plus a couple VM register stores. The result is stored in
another VM register.
But this format enables more complex cases, where userland programs can
pass strings of syscalls into the kernel, and let them execute until some
exceptional condition occurs. Results would be stored in VM registers (or
userland addresses stored in VM registers...).
-- Jeff Garzik
Comments (2 posted)
By Jonathan Corbet
January 15, 2008
Chris Mason has recently released Btrfs v0.10, which contains a
number of interesting new features. In general, Btrfs has come a long way
since LWN first wrote about
it last June. Btrfs may, in some years, be the filesystem most of us
are using - at least, for those of us who will still be using rotating
storage then. So it bears watching.
Btrfs, remember, is an entire new filesystem being developed by Chris
Mason. It is a copy-on-write system which is capable of quickly creating
snapshots of the state of the filesystem at any time. The snapshotting is
so fast, in fact, that it is used as the Btrfs transactional mechanism,
eliminating the need for a separate journal. It supports subvolumes -
essentially the existence of multiple, independent filesystems on the same
device. Btrfs is designed for speed, and also provides checksumming for
all stored data.
Some kernel patches show up and quickly find their way into production
use. For example, one year ago, nobody (outside of the -ck list, perhaps) was talking
about fair scheduling; but, as of this writing, the CFS scheduler has been
shipping for a few months. KVM also went from initial posting to merged
over the course of about two kernel release cycles.
Filesystems do not work that way, though.
Filesystem developers tend to be a cautious, conservative bunch; those who
aren't that way tend not to survive their first few encounters with users
who have lost data. This is all a way of saying that, even though Btrfs is
advancing quickly, one should not plan on using it in any sort of
production role for a while yet. As if to drive that point home, Btrfs
still crashes the system when the filesystem runs out of space. The v0.10
patch, like its predecessors, also changes the on-disk format.
The on-disk format change is one of the key features in this version of the
Btrfs patch. The format now includes back references on almost all objects
in the filesystem. As a result, it is now easy to answer questions like
"to which file does this block belong?" Back references have a few uses,
not the least of which is the addition of some redundant information which
can be used to check the integrity of the filesystem. If a file claims to
own a set of blocks which, in turn, claim to belong to a different file,
then something is clearly wrong. Back references can also be used to
quickly determine which files are affected when disk blocks turn bad.
Most users, however, will be more interested in another new feature which
has been enabled by the existence of back references: online resizing. It
is now possible to change the size of a Btrfs filesystem while it is
mounted and busy - this includes shrinking the filesystem. If the Btrfs
code has to give up some space, it can now quickly find the affected files
and move the necessary blocks out of the way. So Btrfs should work nicely
with the device mapper code, growing or shrinking filesystems as conditions
require.
Another interesting feature in v0.10 is the associated in-place ext3
converter. It is now possible to non-destructively convert an existing
ext3 filesystem to Btrfs - and to go back if need be. The converter works
by stashing a copy of the ext3 metadata found at the beginning of the disk, then
creating a parallel directory tree in the free space on the filesystem. So
the entire ext3 filesystem remains on the disk, taking up some space but
preserving a fallback should Btrfs not work out. The actual file data is
shared between the two filesystems; since Btrfs does copy-on-write, the
original ext3 filesystem remains even after the Btrfs filesystem has been
changed. Switching to Btrfs forevermore is a simple matter of deleting the
ext3 subvolume, recovering the extra disk space in the process.
Finally, the copy-on-write mechanism can be turned off now with a mount option. For
certain types of workloads, copy-on-write just slows things down without
providing any real advantages. Since (1) one of those workloads is
relational database management, and (2) Chris works for Oracle, the
only surprise here is that this option took as long as it did to arrive.
If multiple snapshots reference a given file, though, copy-on-write is
still performed; otherwise it would not be possible to keep the snapshots
independent of each other.
For those who are curious about where Btrfs will go from here, Chris has
posted a
timeline describing what he plans to accomplish over the coming year.
Next on the list would appear to be "storage pools," allowing a Btrfs
filesystem to span multiple devices. Once that's in place, striping and
mirroring will be implemented within the filesystem. Longer-term projects
include per-directory snapshots, fine-grained locking (the filesystem
currently uses a single, global lock), built-in incremental backup support,
and online filesystem checking. Fixing that pesky out-of-space problem
isn't on the list, but one assumes Chris has it in the back of his mind
somewhere.
Comments (28 posted)
By Jonathan Corbet
January 15, 2008
There are a number of filesystem-related patches aimed at the upcoming
2.6.25 merge window; one of those is the unprivileged mount patch by
Miklos Szeredi. This patch enables an unprivileged user process to call
the mount() system call and - in certain circumstances - have that
call actually succeed. It could eventually lead to a situation where users
have more flexibility to create their own environments and the setuid
mount utility is no longer needed.
This patch adds a new field (uid) to the vfsmount
structure, allowing the kernel to keep track of the owner of a specific
filesystem mount. The system administrator can give ownership of a
specific mount to a user with the new MNT_SETUSER flag. A common
pattern might be to bind-mount a user's home directory on top of itself,
giving the user the ownership of that mount. Once that
has been done, the user is allowed to freely mount other filesystems below
that mount point - with a couple of conditions:
- There is a system-wide limit on the number of allowed user mounts;
once that limit is hit, no more unprivileged mounts will be allowed
until somebody unmounts something. The current patch has no provision
for per-user or per-group mount limits, but such a feature would not
be particularly hard to add should the need arise.
- The filesystem type must be marked as being safe for unprivileged
mounts. Miklos notes that a filesystem must go through "a thorough
audit" before this flag can be set with any confidence. The patch, as
posted, marks the fuse filesystem (which allows for the creation of
filesystems implemented in user space) as being safe; fuse was
designed for this mode of operation in the first place. Bind mounts
are also allowed, with some additional conditions.
If the system allows the mount, the flags allowing for setuid and device
files will be forcibly cleared - unless the user has the requisite
capabilities anyway. Users are allowed to unmount filesystems they own,
again without privilege, but cannot unmount any others. Another new mount
flag (MNT_NOMNT) marks a specific filesystem as being the end of
the line - no unprivileged submounts are allowed below it.
The end result of
[PULL QUOTE:
One might well wonder why this change to the mount() system call
is called for, given that users have been able to do unprivileged mounts
for years.
END QUOTE]
all this should be a mechanism by which users can organize their filesystem
hierarchies without any need for administrative privileges, and without the
risk of compromising system security.
One might well wonder why this change to the mount() system call
is called for, given that users have been able to do unprivileged mounts
for years. The answer is that the current mechanism has a couple of
shortcomings. Every potential unprivileged mount must be explicitly
enabled via a line in /etc/fstab. That works well for simple
situations, such as allowing a user to mount a CD or a USB storage device.
When users start wanting to do more complicated things, like mounting their
own special fuse filesystems, the /etc/fstab mechanism breaks
down. There is a separate, setuid program which grants the right to make
unprivileged fuse mounts, but it represents a workaround rather than a
proper solution.
The current user mount mechanism also requires that the mount
utility be installed setuid root. Every setuid binary is a potential
security hole, so there is value in eliminating privileged programs when
possible. The unprivileged mount patch offers the possibility of
eliminating the setuid mount program while simultaneously leaving policy
control in the hands of the system administrator. So, unless something
surprising comes up, chances are good that this capability will appear in
the 2.6.25 kernel.
Comments (3 posted)
By Jonathan Corbet
January 16, 2008
The ext3 system uses the classic Unix block pointer method for keeping
track of the blocks in each file. For a given file, the on-disk inode
structure contains space for twelve block numbers; they point to the first
twelve blocks in the file - the first 48KB of space. If the file is larger
than that, a 13th pointer contains the address of the first indirect
block; this block contains another 1024 (on a 4K block filesystem)
block pointers. Should that not suffice, there's a 14th pointer for the
double-indirect block - each entry in that block is the address of an
indirect block. And if even that is not enough, there's a 15th entry
pointing to a triple-indirect block full of pointers to double-indirect
blocks.
This is a very efficient representation for small files - the kinds of
files Unix systems typically held, once upon a time. In current times, when one can forget
about that directory full of DVD images and never even notice the lost
space, it does not work quite as well - there is a lot of overhead for all
of those individual block pointers, and a large data structure to manage.
That is why removing a large file on an ext3 filesystem can take a long
time - the system has to chase down all of those indirect blocks, which, in
turn, forces a lot of disk activity and head seeks. For this reason,
contemporary filesystems tend to use extent-based mechanisms to associate
blocks with files, but that is not really an option for ext3.
An additional problem with all those indirect blocks is that filesystem
checkers must locate and verify them all. That, again, causes a lot of
head seeking and makes fsck run slowly. Slow filesystem checking was the
motivation behind this patch from
Abhishek Rai which attempts to improve performance on filesystems with
a lot of indirect blocks.
The approach taken is relatively simple: the patch just tries to group
indirect block allocations together on the disk. The current ext3 code
will allocate indirect blocks when they are needed to account for data
blocks being added to the file; they are usually placed adjacent to those
data blocks. One might think that this placement would speed subsequent
accesses to the file, but that is not necessarily so; the reading or
writing of the indirect block will tend to happen at a different time than
operations on the data blocks. What this placement does accomplish,
though, is the distribution of the indirect blocks all over the disk. So a
process which must examine all of the indirect blocks associated with a
file must cause the disk to do a lot of head seeks.
The "metaclustering" approach works by reserving a set of contiguous
blocks at the end of each block group. Whenever an indirect block is
needed, the filesystem tries to get one from this dedicated area first.
The end result is that all of the indirect blocks are located next to each
other. Should somebody need to read a number of those blocks without being
interested in the contents of the data blocks, they can grab them all
quickly with minimal seeking. Filesystem checkers, as it happens, need to
do exactly that - as does the file removal process. The patch did not come
with benchmarks, but the speedup that comes from the elimination of all
those seeks should be significant.
Even so, Andrew Morton questioned the need
for this patch, worrying that its benefits do not justify the risks that
comes with modifying an established, heavily-used filesystem:
In any decent environment, people will fsck their ext3 filesystems
during planned downtime, and the benefit of reducing that downtime
from 6 hours/machine to 2 hours/machine is probably fairly small,
given that there is no service interruption.
Others disagreed, though, noting that it's the unplanned filesystem
checks which are often the most time-critical. That includes the
delightful "maximal mount count" boot-time check which, in your editor's
experience, always happens when one is trying to get set up to give a talk
somewhere. So this patch might just find eventual acceptance - it should
be relatively low-risk and does not require any on-disk format changes.
This is a filesystem patch, though, so nobody will be in any hurry to get
it into the mainline before a lot of testing and review has been done.
Comments (39 posted)
By Jonathan Corbet
January 15, 2008
LWN last looked at the unionfs
filesystem almost exactly one year ago. Things have been relatively
quiet on the unionfs front during much of that time, but unionfs has not
gone away. Now the unionfs developers are back with an improved version
and a determined push to get the code into 2.6.25. So another look seems
indicated.
The core idea behind unionfs is to allow multiple, independent filesystems
to be merged into a single, coherent whole. As an example, consider a user
with a distribution install DVD full of packages, a small disk, and
painfully slow bandwidth. It would be nice to keep the DVD-stored packages
around for future installation. What is also nice, though, is to be able
to keep a directory full of updates from the distributor and use those,
when they exist, in favor of the read-only DVD version. Using unionfs,
this user could mount the DVD read-only, then mount a writable filesystem
(for the updates) on top of the DVD. Updated packages go into the writable
filesystem, but all of the available packages are visible, together, in the
unified view. To avoid confusion, the user could delete obsoleted
packages, at which point they would no longer be visible in the unionfs
filesystem, even though they cannot actually be deleted from the underlying
DVD. Thus unionfs allows the creation of an apparently writable filesystem
on a read-only base; many other applications are possible as well.
If a user rewrites a file which is stored on a read-only "branch" of a
union filesystem, the response is relatively straightforward: the
newly-written file is stored on a higher-priority, writable branch. If no
such branch exists, the operation fails. Dealing with the deletion of a
file from a read-only branch is trickier, though. In this case, unionfs
will create a "whiteout" in the form of a special file (starting with
.wh.) on a writable branch. Some reviewers have disliked this
approach since it will clutter the upper branch with those special files
over time. But it is hard to come up with another way to handle deletion,
especially if (as is the case here) your goal is to keep core VFS changes
to an absolute minimum.
That hasn't kept the unionfs developers from trying, though. Off to the
side, they have a version of unionfs which maintains a small,
special-purpose partition of its own (on writable storage). Metadata
(whiteouts, in particular) is stored to this special unionfs partition and no
longer clutters the component filesystems. There are other advantages to
the dedicated partition scheme, including the ability to include one
unionfs as a branch in a second union; see the unionfs ODF
document for more information on this approach, which the developers
hope to slowly migrate into the version they are currently proposing for
the mainline.
Another persistent problem with unionfs has been coping with modifications
made directly to the component branches without going through the union. The
January, 2007 version of the patch came packaged with some dire warnings:
direct modification of unionfs branches could lead to system crashes and
data loss. Given that filesystems which have been bundled into a union
still exist independently, they will always present a tempting target for
modification, even when there is not a specific reason (wanting to put
files onto a specific component filesystem, for example). So a unionfs
implementation which cannot handle such modifications sets a trap for every
user who uses it.
The developers claim to have solved this problem in the current version of the
patch. Now, almost every entry into the unionfs code causes it to check the
modification times for the relevant file in all layers of the union. If
the file turns out to have been changed, unionfs will forget about the file
and reload the information from scratch, causing the most current version
of the file (or directory) to be visible to the user. This approach solves
the problem in a relatively efficient manner, with one exception: unionfs
cannot tell when a process modifies a file which it has mapped into its
address space with mmap(). So, in that case, changes may not be
visible to processes accessing the affected file through the unionfs.
In both cases, the unionfs developers would really prefer to have better
support from the VFS. Some operating systems have provided native support
for whiteouts, but Linux lacks that support. There is also no way for a
filesystem at the bottom of a stack of filesystems to notify the higher
layers that something has been changed. Fixing either of these would
require significant VFS modifications, though, and the changes might
propagate down into the individual filesystem implementations as well. So
nobody is expecting them to happen anytime soon.
Another significant change in unionfs is the elimination of the
ioctl() interface for the management of branches. All changes to
an existing unionfs are now done using the remount option of the
mount command. This change eliminates the need for a separate
utility for unionfs configuration and makes it possible to do complicated
changes in an atomic manner.
The end result of all this is that the unionfs hackers think that the time
has come to put the code into the mainline. There, it would become the
second supported stacking filesystem (the first being eCryptfs), and would
help toward the long-term goal of making the VFS layer work better with
stacking. Some people speak as if the merging of unionfs into 2.6.25 is a
done deal, but that is not yet guaranteed. Christoph Hellwig, whose
opinion on such things carries a heavy weight, is opposed to the unionfs idea:
I think we made it pretty clear that unionfs is not the way to go,
and that we'll get the union mount patches clear once the
per-mountpoint r/o and unprivileged mount patches series are in
and stable.
Unionfs hacker Erez Zadok responds that
unionfs is working - and used - now, while getting union support into the
VFS is a distant prospect. So he recommends:
I think a better approach would be to start with Unionfs (a
standalone file system that doesn't touch the rest of the kernel).
And as Linux gradually starts supporting more and more features
that help unioning/stacking in general, to change Unionfs to use
those features (e.g., native whiteout support). Eventually there
could be basic unioning support at the VFS level, and concurrently
a file-system which offers the extra features (e.g., persistency).
When one looks at a recent posting of the union mount patch, it's hard
to see them as a near-term solution. As described by its author (Bharata
Rao), this work is in an early, exploratory state; there are a number of
problems for which solutions are not really in sight. The union mount
approach, which does the hard work in the VFS layer, may well be the right
long-term approach, but it will not be in a state where it can be shipped
to users anytime soon.
In the end, the problem is a hard one, and unionfs has a considerable lead
toward being a real solution. That, alone, is not enough to guarantee that
unionfs will make it into the 2.6.25 kernel, but it does help that cause
considerably. Anybody opposing the merger of unionfs will have to explain
why the union filesystem capability should not be available to Linux users
in 2008.
Comments (12 posted)
Patches and updates
Kernel trees
Core kernel code
Development tools
Device drivers
Documentation
Filesystems and block I/O
Memory management
Networking
Architecture-specific
Virtualization and containers
Benchmarks and bugs
Miscellaneous
Page editor: Jonathan Corbet
Distributions
News and Editorials
January 16, 2008
This article was contributed by Donnie Berkholz
It all started with a blog post
by Daniel Robbins. That was on January 11. But of course, it didn't really
start there. That's just when the internal furor over the revocation of the
Gentoo Foundation's corporate license became public. Developers had been
trying to figure out what to do in the internal gentoo-core mailing list
for about a week, and as such things do, it leaked.
The larger-scale problems didn't even start there. The Gentoo Weekly
Newsletter hasn't been posted for 13 weeks, and the Gentoo homepage hadn't seen any changes in the
same amount of time. Furthermore, Gentoo's second release of 2007, dubbed
2007.1, never happened and on Monday was announced canceled.
What do these problems mean? Is Gentoo collapsing? Another blog
post by Daniel Robbins suggests part of the answer—serious
communication problems exist between developers and the rest of the Gentoo
community. The relevant aspect here is that developers are so focused on
working in their little areas that they fail to tell the world what they're
doing. Everyone wants to develop, and nobody wants to spend time telling the
world what's being developed. Most developers don't want to spend time doing
anything but develop. In the same way, developers don't enjoy spending time
dealing with "boring" issues like donations, copyright, tax returns, etc.,
nor are they generally any good at it.
Development remains active in the background—new versions of packages
appear, bugs are fixed, the gentoo-dev mailing list is quite active, and so
is IRC. Developers continue to blog on Planet Gentoo. But none of that is
apparent to Gentoo users, who go to the homepage, read the weekly
newsletter, and wait for the next release. To users, things can look like
they're in stasis.
That's where Gentoo needs to concentrate its efforts: telling the world what
developers are doing. To accomplish that, the project will either need to
find new contributors interested in doing this or streamline its processes
so that less effort is required to communicate (for example, automatically
including Planet information or new versions from packages.gentoo.org on the
homepage). Specifically, one hope with the foundation is to hand off the
work to people who enjoy dealing with it, so developers can concentrate on
development—people at Software in the Public Interest, or the Software
Freedom Conservancy. An announcement on the Gentoo homepage proposing a move
to a monthly newsletter brought nearly 20 offers of help in only 2 days, so
it may be that the project hasn't been looking for non-development help in
all the right places.
Gentoo isn't dying, but its developers need to tell that to the world.
Comments (9 posted)
New Releases
DesktopBSD, a project that uses both
FreeBSD and the KDE desktop, has released version 1.6.
Full Story (comments: none)
Mandriva has released the second alpha of Mandriva Linux 2008.1, the spring
edition. " This pre-release brings a near-final snapshot of KDE 4.0
(final 4.0 packages are currently being uploaded to the Cooker
repositories), new NVIDIA and ATI drivers, the chance to test the
experimental nouveau open source driver for NVIDIA cards, kernel 2.6.24rc7,
and more."
Full Story (comments: none)
Hardy Heron Alpha-3 has been released. Hardy will become Ubuntu 8.04.
This release can be downloaded as Ubuntu, Kubuntu, Edubuntu, Ubuntu JeOS,
Xubuntu and Gobuntu.
Full Story (comments: none)
Distribution News
Debian GNU/Linux
Debian's i18n team met Caceres, Spain last month, thanks to the Junta de
Extremadura. Click below for a summary of the meeting.
Full Story (comments: none)
Debian's Qt/KDE team also benefited from the meetings sponsored by the
Government of Extremadura. During the meeting they decided that Lenny will
ship with KDE 3. " However, we will close bugs filed against
applications declared dead by upstream, such as aRts." A KDE 4
development platform will also ship with Lenny.
Full Story (comments: none)
Christian Perrier has a report from FOSS.in which took place last month in
Bangalore, India. " Sam Hocevar was attending the conference, as DPL,
on behalf of Debian (travel expenses covered by Debian funds). Christian
Perrier, wearing his i18n hat, proposed self as a speaker as well after
sollicitations from the Debian-in community (travel expenses sponsored by
FOSS.in organizers)."
Full Story (comments: none)
Fedora
Outgoing Fedora leader Max Spevack has sent a goodbye letter of sorts from
FUDCon and announced that the new project leader will be Paul Frields. " Many of you already know Paul. He has been part of the Fedora community
since 2003, not long after the Red Hat Linux Project officially merged
with the original Fedora.us. Paul has worked with Fedora's
documentation, packaging, marketing, news, and artwork teams. He also
served as one of the inaugural members of the Fedora Project Board."
Full Story (comments: 1)
Gentoo Linux
The Gentoo Foundation lost its charter a few weeks ago, causing Daniel Robbins, founder of Gentoo, to offer to return as President of the foundation. His offer comes with a number of conditions, not least of which is that the current trustees resign in favor of those he chooses. " If I return as President, I will preserve the not-for-profit aspect of Gentoo. Beyond this, you can expect everything to be very, very different than how things are today." No word yet on a response from the current trustees.
Comments (21 posted)
Mandriva Linux
Mandriva and Turbolinux have announced the creation of a joint venture called "Manbo-Labs," the purpose of which is to create a common base distribution that both can build their products on. " Manbo-Labs' team is composed of more than ten developers from France, Japan, Brazil and also includes developers from the community. Altogether, they have been working on building a common Linux base system to be released in April 2008. Mandriva Linux 2008 Spring will be based on this system."
Comments (11 posted)
Slackware Linux
The first release candidate of GNOME.SlackBuild (GSB) is available for
testing by Slackware 12.0 users. " Originally based on the Freerock
GNOME project, GNOME.SlackBuild (GSB) provides the latest GNOME stable
(2.20.3) binary packages and complete source build system for Slackware
Linux."
Full Story (comments: none)
SUSE Linux and openSUSE
The openSUSE project has roadmap and schedule of the
milestones in the journey to version 11.0. According to the schedule
openSUSE 11.0 Alpha 1 will be out later this week.
Comments (none posted)
Distribution Newsletters
The Fedora Weekly News for January 7, 2008 includes "Fedora's way forward"
by Max Spevack, Planet Fedora articles on "Transition", "Fedora marketing
revitalization", "To all FUDCon attendees", "FUDCon 2008 - Day 2" and
"FUDCon 2008 - Day 1", and much more.
Full Story (comments: none)
The openSUSE Weekly
News covers KDE 4.0 Released with openSUSE Packages and openSUSE-based
live CD, openSUSE Shop Now Live, Lenovo delivers preloaded SUSE Linux
Enterprise Desktop 10, Temporary Download Failure, In Tips and Tricks:
Webpin: Package Search from the Web or from your Shell, and several other
topics.
Comments (none posted)
The January
2008 edition of PCLinuxOS Magazine is out. Articles include Throwing
Windows Out The Window, Common Information Commands, Help With
Documentation, Howto Repair kdeinit Problems, It's Magic - PMagic,
PCLinuxOS Based Distros - Update, Squeeze Your Data - A New Compression
Strategy, and much more.
Comments (none posted)
The Ubuntu Weekly Newsletter for January 12, 2008 looks at Hardy Alpha 3
released, Ubuntu 7.10 Desktop Course, KDE 4.0, a new member and MOTUs, MOTU
Council election, an upcoming Hug Day, Forums tutorial of the week, and
much more.
Full Story (comments: none)
The DistroWatch
Weekly for January 14, 2008 is out. " The release of KDE 4.0.0,
the deepening crisis in Gentoo Linux and a series of announcements from the
Fedora User and Developer Conference (FUDCon) dominated the headlines last
week. As expected, the major new version from the popular desktop
environment project received mixed reaction from distribution makers and
users; while some distros were quick to release binary packages and special
KDE 4 live CDs for users to sample the new code, it's clear that the first
KDE 4 release is far from ready to take over our desktops. Also in this
issue, openSUSE has published a roadmap leading towards the upcoming
release of version 11.0 and VectorLinux has announced the first 64-bit
edition of its Slackware-based distribution."
Comments (none posted)
Page editor: Rebecca Sobol
Development
By Forrest Cook
January 16, 2008
Ubuntu Tweak
is a GNOME desktop configuration tool that works with
versions 7.04 and 7.10 of the Ubuntu distribution.
From the application's splash screen:
This is a tool for Ubuntu which makes it easy to change hidden system and
desktop settings. Ubuntu Tweak is currently only for the GNOME Desktop
Environment.
Version 0.2.4 of Ubuntu tweak was
announced in December, 2007:
"With many bugs fixed and two language added, the stable version of Ubuntu Tweak 0.2.4 released!"
Installation was trivial, the .deb file was
downloaded
in the Firefox web browser; that, in turn, allowed the installer application
to be run. A minute later, the software was ready to go.
The application was automatically added to the GNOME
Applications/System Tools pulldown menu.
![[Ubuntu Tweak]](/images/ns/UbuntuTweakLogo.png)
So, what can Ubuntu Tweak do?
There are a number of top-level icons, some with multiple sub-icons.
Top-level categories include: Computer, Startup, Desktop, System and
Security. Clicking on the Computer icon reveals useful information
such as the hostname, distribution version, kernel rev, platform, CPU
type and speed and memory capacity. The username, home directory, shell and
default language are also displayed.
The Startup icon allows the user to toggle features such as the
automatic saving of session changes, the logout prompt, remote
TCP connections and the splash screen.
The Desktop icon allows numerous features to be adjusted on the
Desktop Icon Settings, the Metacity window manager, Compiz Fusion,
the GNOME panel and menu and the Nautilus file browser.
The System icon has toggles and sliders for controlling various
power management parameters. Lastly, the Security option has
toggles for disabling the Run Application dialog, the Lock Screen,
Printing, Printer Setup, Save to Disk and User Switching.
That's about all there is to this version of Ubuntu Tweak,
there is room to add many more control options.
Ubuntu Tweak seems like a useful tool for managing options that don't
really fit anywhere else on the desktop environment.
The only surprise is that this is, by name, only useful for
the Ubuntu distribution. It seems as though making a multi-distribution
GNOME-tweak would not require many changes to the code.
Comments (6 posted)
System Applications
Database Software
Version 1.2 of eXist has been
announced.
" eXist is a native XML database featuring efficient, index-based XQuery processing, extensions for keyword search, XUpdate support, and tight integration with existing XML development tools."
Comments (none posted)
Version 2.11.4 of phpMyAdmin has been
announced.
" phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the Web. Currently it can create and drop databases, create/drop/alter tables, delete/edit/add fields, execute any SQL statement, manage keys on fields.
Welcome to phpMyAdmin 2.11.4, a bugfix-only version."
Comments (none posted)
The January 13, 2008 edition of the Postgres Weekly News
is online with the latest PostgreSQL DBMS articles and resources.
Full Story (comments: none)
Web Site Development
Version 1.0 of BitNami RubyStack is available.
" It is a free, all-in-one
binary installer for Apache, MySQL, Ruby and the Rails framework. You
basically click-click-finish your way to a complete Rails
installation, including third-party modules such a Mongrel and
ImageMagick. It runs on Windows, Linux and OS X and is distributed
under the Apache license. If you have been curious about Rails and
wanted to try it out, this is your opportunity."
Full Story (comments: none)
Version 0.6.3 of JAMWiki has been
announced.
" JAMWiki is a Wiki engine implemented using Java/JSP that attempts to provide much of the functionality of MediaWiki. It can be run with or without a database and is designed to be fast and easy to set up. Please visit jamwiki.org for further details.
JAMWiki 0.6.3 (code name "Foodscapes") is now available for download. The 0.6.3 release is a minor release that includes several enhancements and minor fixes."
Comments (none posted)
Desktop Applications
Audio Applications
Version 2.2 of Ardour,
a multi-track audio recording system, has been announced.
" Ardour version 2.2 has been released, filled with several significant new features and lots of helpful bugfixes. The editing model has been significantly improved for much faster workflow, and Ardour now uses the Rubber Band library for timestretching (and offers pitchshifting as well)."
Comments (none posted)
Version 0.109.0 of the JACK Audio Connection Kit has been announced.
Changes include nuerous API changes, some new capabilities and bug fixes.
Full Story (comments: none)
The first stable release of the
LV2 specification has been announced.
" LV2 is a simple but extensible successor of
LADSPA, intended to address
the limitations of LADSPA which many applications have outgrown. By
creating LV2 "extensions" (which can be done independently), virtually
any feature is possible for LV2 plugins and hosts.
This release (revision 1) has been in active use by many projects for
several months, including several extensions for advanced features
beyond the capabilities of LADSPA or DSSI."
Full Story (comments: 12)
The initial release of lv2dynparam extension and helper
have been announced.
" lv2dynparam is LV2 extension for dynamic parameters.
The extension consists of a header describing the extension interface
and libraries, one for plugins and one for hosts, to expose
functionality in more usable, from programmer point of view, interface."
Full Story (comments: none)
Version 1 of lv2vocoder plugin has been announced.
" Perhaps you don't know what a vocoder is, but I'm sure you have heard
one before. Vocoders are often used to add a robotic effect to vocals
in music."
Full Story (comments: none)
Version 0.4.2 of SLV2 has been announced.
" SLV2 is a C library to make the use of LV2 plugins as simple as possible for host applications.
Unlike LADSPA, LV2 is (more or less) designed with the assumption that
hosts will use a library to discover/load/use plugins. SLV2 is one such
library, which does the Right Thing with as little burden on host
authors as possible.
This release corresponds to the new stable LV2 release, Revision 1."
Full Story (comments: none)
Release 20080109 of ssg, the Simple Sine Generator, is out.
" It now requires lv2core.
Simple Sine Generator is very simple instrument/generator plugin with
midi in and audio out ports. It expected to be useful for testing LV2
hosts and as base for writing your own plugins."
Full Story (comments: none)
Version 1 of zynadd plugin has been announced.
" The zyn project main goal is to extract synth engines from ZynAddSubFX
and pack them in LV2 plugin format. Resulting plugin(s) are heavily
based on work made by Nasca Octavian Paul."
Full Story (comments: none)
Version 1 of zynjacku has been announced.
" zynjacku is JACK based, GTK (2.x) host for LV2 synths. It has one JACK
MIDI input port (routed to all hosted synths) and one (two for stereo
synths) JACK audio output port per plugin. Such design provides
multi-timbral sound by running several synth plugins.
zynjacku is a nunchaku weapon for JACK audio synthesis. You have solid
parts for synthesis itself and you have flexible part that allows
synthesis to suit your needs."
Full Story (comments: none)
Version 0.4.0 of Patchage has been announced.
" After ages of SVN-only development, Patchage 0.4.0 released. This
release is essentially a complete rewrite of the last stable release
(ancient history, but still in distributions).
Released in parallel are my libraries RAUL (Realtime Audio Utility
Library) and FlowCanvas (the canvas widget for Patchage, Ingen, etc),
which Patchage depends on. If you're a C++ LAD hacker, these might be
useful on their own."
Full Story (comments: none)
Business Applications
Version 2.0.4 of JasperReports, an open source business intelligence and
reporting engine, has been
announced. The changes include:
" support for Dotted and Double line style added;
- warning messages added to signal the use of deprecated pen and box
attributes and tags in JRXML; all samples refactored;
- minor bug fixes and improvements".
Comments (none posted)
Data Visualization
The 0.5 Beta 3 version of
videoIO Toolbox for Matlab has been announced. The software is:
" A library providing easy, flexible, and efficient read/write access to video files using a wide variety of codecs in MATLAB on Windows and GNU/Linux platforms, using DirectShow and ffmpeg backends, respectively.
The 0.5-beta3 version has been released. It includes full 64-bit support, new imread and load plugins, and numerous fixes and improvements."
Comments (none posted)
Desktop Environments
Stable version 2.20.3 of GNOME has been announced.
" This is the final
release in a series of point releases for the stable 2.20 branch.
Come and see all the bug fixing, all the new translations and all the
updated documentation brought to you by the wonderful team of GNOME
contributors! While development is underway on the GNOME 2.21/2.22
road, work on the stable branch continued to make it even more solid."
Full Story (comments: none)
Version 2.20.3 of GARNOME has been announced.
" This release incorporates the GNOME 2.20.3 Desktop and Developer
Platform, fine-tuned and updated with love by the GARNOME Team.
Come and see all the bug fixing, all the new translations and all the
updated documentation brought to you by the wonderful team of GNOME
contributors! This is the fourth release of the current stable GNOME
branch, and the third bug-fixing release, which ships with the latest
and greatest stable releases."
Full Story (comments: none)
The following new GNOME software has been announced this week:
- Accerciser 1.1.5 (new feature, bug fix and translation work)
- Agave 0.4.4 (new feature and translation work)
- Anjuta DevStudio 2.3.2 (new features, bug fixes and translation work)
- atk 1.21.5 (bug fixes)
- cairo 1.4.14 (bug fixes)
- cheese 2.21.5 (new features, bug fixes and translation work)
- Clutter 0.5.2 (new features and bug fixes)
- Conduit 0.3.5 (new features and bug fixes)
- Deskbar-Applet 2.21.5 (new features, bug fixes and translation work)
- Empathy 0.21.5.1 (bug fixes and ABI change)
- Empathy 0.21.5.2 (new features, bug fixes and translation work)
- eog 2.21.4 (new features, bug fixes and translation work)
- Evolution 2.21.5 and related (new features, bug fixes and translation work)
- gbrainy 0.5 (new features and bug fixes)
- gcalctool v5.21.5 (bug fixes, documentation and translation work)
- GLib 2.15.2 (new features, bug fixes and translation work)
- gnome-applets 2.21.4 (support for latest libgweather)
- gnome-control-center 2.21.5 (new features, bug fixes and translation work)
- Gnome-games 2.21.5 (new features, bug fixes, documentation and translation work)
- gnome-keyring 2.21.5 (new features, bug fixes and translation work)
- gnome-settings-daemon 2.21.5 (new features and bug fixes)
- gnome-settings-daemon 2.21.5.2 (new feature, bug fix and translation work)
- gnome-speech 0.4.18 (bug fix)
- Gtk2-Perl 2.21.5 (new features and bug fixes)
- libepc 0.3.2 (bug fix)
- libepc 0.3.3 (bug fix)
- Libgweather 2.21.2 (unstable testing release)
- Mousetweaks 2.21.5 (new features and translation work)
- nautilus-python 0.5.0 (new features and bug fixes)
- Orca 2.21.5 (bug fixes and translation work)
- ScroogLyrics 0.11 (new features and code rewrite)
- TaskJuggler 2.4.1-beta1 (bug fixes)
- Tinymail 0.0.7 (bug fixes)
- Tomboy 0.9.4 (new features, bug fixes and translation work)
You can find more new GNOME software releases at
gnomefiles.org.
Comments (none posted)
As expected, the KDE 4.0 release is now available. See the full announcement for
details, screenshots, and download information, or the visual guide
for even more screenshots.
Full Story (comments: 8)
KDE.News covers
the release of KDE 4.0.
" Several years of design, development and testing came together today for the release of KDE 4.0. This is our most significant release in our 11 year history and marks both the end of the long and intensive development cycle leading up to KDE 4.0 and the start of the KDE 4 era."
Comments (none posted)
The January 6, 2008 edition of the
KDE Commit-Digest has been
announced.
The content summary says:
" Final commits for KDE 4.0 Final before the
tagging freeze. KDE 4.0 Final tagged for release. Lots of optimisations and
bugs fixed across KDE. Kickoff menu items can now be added to the Plasma
desktop or panel. Improved resize and rotate for Plasma applets. Document
list sorting in Kate. Various progress in KDevelop. Mailody moves towards
using Akonadi for its IMAP functionality, various improvements in Akonadi.
Start of a KHotNewStuff2 implementation in Kalzium for downloading molecular
files. Experimental IVTV support in the Kalva video player..."
Comments (none posted)
The following new KDE software has been announced this week:
You can find more new KDE software releases at
kde-apps.org.
Comments (none posted)
The following new Xorg software has been announced this week:
More information can be found on the
X.Org Foundation wiki.
Comments (none posted)
Desktop Publishing
Version 1.3.3.10 of Scribus,
a desktop publishing system, has been
announced.
" This stable release adds the following:
Several fixes and improvements to text frames and the Story Editor. New Arabic Translation. More translation and documentation updates. Many improvements to PDF Forms exporting and non-Latin script handling in PDFs. Several fixes to protect against possible crashes. Improved Color Managed Display in some cases. Some fixes to the Scripting plugin.
One of the major additions to this release is the final complete German translation of the Scribus documentation by Christoph Schäfer and Volker Ribbert."
Comments (none posted)
Electronics
Version 1.3.1.20080110 of gEDA/gaf, an electronic EDA suite, has been
announced.
" This release rolls a bunch of fixes, updates, and translations
that occurred over the past 10 days. Many thanks to everybody involved
including all the contributers and language translators!"
Comments (none posted)
Version 2.0 of gerbv,
a Gerber CAD file viewer, has been
announced.
" Gerbv release 2.0.0 represents a a whole new look for gerbv. Most importantly, the layer control GUI has been made much more powerful through the outstanding work of Julian Lamb. Julian has also re-worked the GUI's button and menus to make them more convenient to use."
Comments (2 posted)
Fonts and Images
The HarfBuzz font project has adopted a new, simplified license
for portions of its ftlayout code.
" Between 1998 and 2004 the FreeType project developed an implementation
of the OpenType Layout specification (formerly TrueType Open), called
ftlayout, that eventually was ripped out of FreeType 2 and was
salvaged by Pango and Qt developers and integrated into their layout
engines. The code was further developed by the two projects
separately and was merged back and renamed to HarfBuzz.
The ftlayout code, like the rest of FreeType, was dual-licensed under
GPL+FTL. The license, while quite liberal, posed delicate
incompatibility issues with Pango's LGPL license because of the
so-called advertisement clause in the FTL."
Full Story (comments: none)
Games
Version 0.11.0 of ScummVM has been
announced.
" ScummVM is a program which allows you to run certain classic graphical point-and-click adventure games, provided you already have their data files. The clever part about this: ScummVM just replaces the executables shipped with the games, allowing you to play them on systems for which they were never designed.
This release adds support for 8 new games, including freeware Lure of the Temptress as well as I Have no Mouth, and I Must Scream, Elvira 1 and 2, Waxworks and Sierra pre-AGI games. Also iPhone and Maemo ports are distributed officially. Many bugfixes, more non-English versions of the games are supported, and much much more."
Comments (none posted)
Version 2.2 of UFO:Alien has been
announced.
" It is the year 2084. You control a secret organisation charged with defending Earth from a brutal alien enemy. Build up your bases, prepare your team, and dive head-first into the fast and flowing turn-based combat.
The UFO:AI development team is proud to announce the release of UFO:Alien Invasion Version 2.2
We worked hard on this new stunning version for more than half a year. Now it's here for you to play it."
Comments (none posted)
Interoperability
Version 0.9.53 of Wine has been announced.
Changes include:
" RunOnce and Run entries now executed on startup,
Beginnings of support for emulated disk devices,
Many Richedit improvements, Nicer looking color dialog and
Lots of bug fixes."
Comments (none posted)
Web Browsers
Version 0.97.5 of Lobo Browser has been
announced.
" Lobo is an open source web browser that is written entirely in Java. It is being developed with the aim to support HTML 4, Javascript and CSS2. The general goal of the project is to produce a browser that is fast, easy to extend, secure and feature-rich.
Lobo is being released along with its pure Java rendering engine, Cobra. Version 0.97.5 introduces a BrowserPanel class, improved float layout and many bug fixes. Several patches contributed by user guenze are also included with this release."
Comments (none posted)
The January 10, 2008 edition of the Mozilla Links Newsletter
is online, take a look for the latest news about the Mozilla browser
and related projects.
Full Story (comments: none)
Miscellaneous
Version 0.5 of wfyd has been
announced. The software is a:
" Minimalistic time tracking program with nag capabilities.
After more than two years of inactivity, wfyd project has moved to SourceForge.net. New release contains some small bug fixes."
Comments (none posted)
Languages and Tools
C
The January 11, 2008 edition of the GCC 4.3.0 Status Report has
been published.
" We are in Stage 3. When we reach 100 open regressions, we will go to
regression-only mode. When we approach the 4.3.0 release, we will
create a branch, and open Stage 1 for 4.4.0."
Full Story (comments: none)
Caml
The January 15, 2008 edition of the Caml Weekly News
is out with new articles about the Caml language.
Full Story (comments: none)
Lisp
Version 0.9i of Embeddable Common Lisp is available.
" This version fixes a lot of bugs and contains some improvements, such
as finalization, an implementation of serve-event, and condition
variables."
Full Story (comments: 1)
Version 1.0.13 of Steel Bank Common Lisp (SBCL) has been released.
" This version speeds up sequence functions, supports
executing external programs with Unicode input/output, and fixes
many bugs."
Full Story (comments: none)
Perl
The December 30, 2007 to January 5, 2008 edition of
This Week on perl5-porters is out with the latest Perl 5 news.
Comments (none posted)
Shells
Version 1.23.0 of fish, the friendly interactive shell, has been released.
Changes include:
" Case insesitive tab completions: If no completions can be found with
an exact case match, fish attempts to use case insensitive matching as
a fall back.
Better navigation in multi line commands. The up/down keys are now
used to move up and down in a multi line command. They are still used
to search the history when used to go 'beyond the end'.
A new key binding system that makes it very easy to edit the key
bindings interactively, new binding modes are written in shell script."
Full Story (comments: none)
IDEs
Version 0.0.4 of XPL editor has been
announced.
" The XPL editor is an RCP Eclipse application based on the eXtensible Presentation Language, an xml-based presentation language built on top of Visual Design Patterns."
Comments (none posted)
Libraries
Version 0.9.0 of libfishsound, an interface for decoding and
encoding audio data using Xiph.Org codecs, has been announced.
" This release introduces support for the FLAC lossless audio codec,
originally contributed by Tobias Gehrig."
Full Story (comments: none)
Version 0.9.6 of liboggz, an interface for reading and writing ogg streams,
is available.
" This release adds a new oggz-comment tool, and improvements to liboggz's
determination of timestamps and seeking. Specifically, liboggz now inspects
the encoded data in order reconstruct the expected granulepos (corresponding
to a timestamp) for every packet in an Ogg stream. This allows applications
to use reliable timestamps, even though these are only sparsely recorded in
most Ogg streams."
Full Story (comments: none)
Version Control
Version 1.5.4-rc3 of the git distributed version control system has
been announced.
" In any case, we managed to keep the changes only to fixes (both
code and documentation) this round, aside from the promised gitk
i18n enhancements. This should be pretty much the same as what
we will have in final, hopefully due by the end of the month.
Please give it a good beating."
Full Story (comments: none)
Technical preview release version 0.2 of Push Me Pull You,
a GUI for distributed revision control systems, is available.
" PMPU supports plain hg, hg forest repositories, bzr, git and darcs asunderlying repositories. It aims to provide a powerful graphical interface to the underlying functionality, based around the workflow of incoming and outgoing changesets.
PMPU is implemented in Python and PyQt4 and is tested on Linux, though it
should work on other Unix platforms."
Full Story (comments: none)
Page editor: Forrest Cook
Linux in the news
Recommended Reading
TMCnet
covers comments by Nicholas Negroponte about dual-booting the OLPC.
" Negroponte told IDG News Service that OLPC working with Microsoft very closely to make a dual-boot system so that, like on an Apple, you can boot either one up.
The version thats up and running of Windows on the XO is very fast, it's very, very successful, Negroponte said. We're working very hard to do both.
He pointed out that this is a brand-new development for the XO laptops, as the low-cost notebooks are known, and came about because of Microsofts friendlier attitude toward open source software."
Comments (38 posted)
Bruce Perens
examines
Microsoft's reaction to the OLPC.
" It's a threat Microsoft can't let stand: the entire third world learning Linux as children, and growing up to use it. And Microsoft is going to get its way.
It comes after a sudden wave of SCO-like problems for the OLPC project. A specious patent lawsuit over keyboards. Board-member Intel thrown out of the project for attempting to convince national governments to drop OLPC purchases and go with its own (Windows) product. First, OLPC is shown what its problems will be if it doesn't cooperate with Microsoft. Then, Microsoft approaches with money and technical help - you just have to run Windows to get it."
Comments (33 posted)
Business
InformationWeek
covers a partnership between Broadcom and Trolltech.
" Chipmaker Broadcom and software developer Trolltech this week formed a partnership to create a multimedia voice over IP development platform based on Linux.
The development platform is intended for original equipment manufacturers that want to build what the companies call "next-generation" IP phones. It combines Broadcom's VoIP technology and Trolltech's Qtopia Linux platform and user interface for mobile devices."
Comments (none posted)
Linux Adoption
InformationWeek has an overview of the recent proliferation of "mainstream" Linux systems. The article highlights various machines, targeted at regular consumers, that run Linux. " What's behind the growing interest in open source computing, long the preserve of self-styled computer geeks? Linux's increasing popularity among mainstream PC users may in part reflect a backlash against Microsoft. The company's new Windows Vista OS has failed to capture users' hearts and minds, let alone their wallets."
Comments (37 posted)
Interviews
ComputerWorld interviews
LWN editor Jonathan Corbet about his upcoming linux.conf.au talk. Your
editor promises that he had nothing to do with the title they chose for
this article.
Comments (10 posted)
Resources
LinuxDevices looks at A la
Mobile's Linux phone stack. " A la Mobile demonstrated its Linux
phone stack working with Google's Android APIs (application programming
interfaces). The demonstration is intended to show how the Linux kernel,
drivers, and middleware in a la Mobile's Convergent Linux Platform (CLP)
can accelerate Android development, the company said."
Comments (none posted)
Technocrat looks at
gSOAP. " [gSOAP] takes a header defining C or C++ functions, or a URL
for someone else's web service definition, and automatically writes both
clients and servers in C or C++. The impact of this program on a
programmer's task is as great as that of a compiler converting a
high-level-language to assembly code."
Comments (25 posted)
Reviews
Linux-Watch takes a look
at Bazaar. " In a blog posting, Canonical CEO and Ubuntu founder Mark
Shuttleworth observed that the new version has many "small but useful
branches with bug fixes for various corner cases, operating systems and
integrations with other tools." In particular, Shuttleworth noted the rapid
development of the Bazaar Plugin for the Eclipse IDE (Integrated
Development Environment). Since Eclipse, according to the 2007 Linux
Foundation survey is the single most important Linux desktop application
development platform, this integration effort is likely to be well used by
Linux programmers."
Comments (25 posted)
Linux Devices
takes a peek at the Everex CloudBook Ultra-Mobile PC, which was
officially announced at the Consumer Electronics Show.
" As reported, the two-pound laptop is equipped with a Via C7-M ULV processor clocked at 1.2GHz, plus 512MB RAM, a 4-in-1 memory card reader, and a 30GB hard drive. The laptop features a 7-inch, 800x480-pixel screen, plus WiFi, Ethernet, two USB ports, and DVI-Out. The story adds new details such as the CloudBook's 1.3M-bps Ezonics webcam and its touted ability to average five hours of battery life."
Comments (17 posted)
News.com
covers Shuttle's new KPC line of inexpensive Linux PCs that were unveiled at CES.
" It'll have an Intel Celeron processor, a 945GC chipset, 512MB of memory and either a 60GB or 80GB hard drive. What it won't have: an optical drive or a PCI Express slot. Despite that, it's a pretty good-looking box, and comes in red, blue, white, and black, each with a different icon stamped on the front.
Shuttle(Credit: Shuttle)
Shuttle also says there will be a $99 barebones version of the KPC."
Comments (2 posted)
Wired
takes a look at LightZone, a commercial photo editor package.
" If you're finding DigiKam or F-Spot, two of the many photo organization and editing tools for Linux, a bit limiting you may want to give Lightzone a try. The software isn't free, and curiously, isn't available for purchase either, but judging by the 20-day demo version currently available, it could end up a serious contender in the hybrid photo editing/managing market."
Comments (none posted)
Page editor: Forrest Cook
Announcements
Non-Commercial announcements
The Apache Software Foundation has
announced the highlights of 2007, it's strongest year to date.
" The Apache Software
Foundation (ASF) -- stewards, incubators, and developers of leading Open
Source projects, including Apache HTTP Server, the world's most popular Web
server software for twelve years running -- today announced the 2007 year
finished as its strongest ever, reinforcing the broad-reaching success of
"The Apache Way."
Lauded as one of the most compelling communities in Open Source, the
all-volunteer Foundation looked back on milestones achieved during 2007,
with ASF activities having grown at a steady rate."
Comments (none posted)
The Creative Commons has announced CC0, " a Creative Commons
project designed to promote and protect the public domain by 1) enabling
authors to easily waive their copyrights in particular works and to
communicate that waiver to others, and 2) providing a means by which
any person can assert that there are no copyrights in a particular work,
in a way that allows others to judge the reliability of that
assertion." There is a great deal of uncertainty around how the
public domain works all over the world, so any additional light on the
subject should be a good thing.
Full Story (comments: none)
Commercial announcements
Engine Yard has
announced the receipt of $3.5 million in funding.
" Engine Yard, a leading provider
of Ruby on Rails application deployment and support, today announced the
closing of a $3.5 million Series A investment from Benchmark Capital. The
funds will be used to expand the company's global operations, to strengthen
its customer service organization worldwide, and to enhance the core
technologies that underlie Ruby on Rails applications."
Comments (1 posted)
Ohloh has
announced a decision to release its technology as open-source
software.
" Ohloh,
an open source network for people who create and use open source software,
today announced that it is open sourcing its technology. The development
community can access Ohloh source code and contribute to Ohloh via a new
part of the Ohloh web site, Ohloh Labs. This
means Ohloh tools and the Ohloh website itself will be freely available and
modifiable by the community."
Comments (none posted)
OpenMoko and Pulster have announced a partnership.
" OpenMoko, creator of the first completely integrated open
source
mobile platform, today announced it has inked a deal with mobile
device distributor, Pulster, in Germany. The agreement comes fresh
on the heels of Openmoko's announcement that it has become an
independent subsidiary of Taiwan powerhouse, FIC. Pulster specializes
in online sales of mobile devices, selling into the industrial and
education markets with focus on Linux-based solutions."
Full Story (comments: none)
The OpenVZ project has released new virtual
appliance software for Ubuntu 7.10.
" Users simply download a file and then can use OpenVZ software to create a
virtual server running Ubuntu 7.10 in about one minute.
"This combination of open source technologies enables someone new to Ubuntu
a really easy way to get up and running, while current users have
alternative method of running Ubuntu with negligible -- if any -- impact on
their system resources," said Malcolm Yates, ISV Alliances Manager at
Canonical, the commercial sponsor of the Ubuntu project."
Full Story (comments: none)
MySQL AB has
announced the use of MySQL Enterprise by Virgin Mobile.
" Virgin Mobile, a leading Mobile Virtual Network Operator (MVNO), has implemented a MySQL Enterprise Platinum subscription to manage its data using the world's most popular open source database.
The mobile phone operator has become very popular thanks to a particularly attractive offer: unlimited outgoing SMS text messages towards all operators, for an unlimited time.
In terms of mobile applications, SMS remains the most commonly used medium. The considerable storage and processing requirements for SMS require a highly available database management system."
Comments (1 posted)
New Books
O'Reilly has published the book Advanced Rails
by Brad Ediger.
Full Story (comments: none)
O'Reilly has published the book Apache Cookbook, Second Edition
by Ken Coar and Rich Bowen.
Full Story (comments: none)
Calls for Presentations
A call for papers has gone out for the EuroSec Workshop.
The event takes place on March 31, 2008, submissions are due by
February 15.
" EuroSec (http://www.cs.vu.nl/eurosec08/) is a new workshop associated
with the Annual ACM SIGOPS EuroSys conference. The workshop aims to
bring together researchers, practitioners, system administrators, system
programmers, and others interested in the latest advances in the
security of computer systems and networks. The focus of the workshop is
on novel, practical, systems-oriented work.
EuroSec will be held on the 31st of March, 2008, in Glasgow, Scotland."
Full Story (comments: none)
O'Reilly has announced the call for participation for the 2008 O'Reilly
Open Source Convention (OSCON), which will take place July 21 - 25, 2008 in
Portland, Oregon. The deadline for proposals is February 4, 2008.
" Program co-chairs Edd Dumbill and Allison Randal are keen to focus
on what the next ten years of open source development will bring to the
industry. "On the tenth anniversary of OSCON," noted Randal, "we're
looking ahead to the next ten years. We want to hear about the disruptive
technologies and revolutionary solutions that are changing the game of open
source. If the first ten years of OSCON were about opening the minds of big
business to the philosophy of open source, is the next ten years about
opening the minds of the open source community to the possibilities of its
future?""
Full Story (comments: none)
A call for papers has gone out for sambaXP 2008.
" From April 17th to 18th 2008 developers and users will meet again in
Goettingen, Germany at the seventh international Samba conference, the
"samba eXPerience 2008".
The sambaXP is the leading event with focus on the most important free
alternative to proprietary SMB/CIFS servers.
The call for papers and early bird registration are open until January 28th
2008."
Full Story (comments: none)
Upcoming Events
The XMMS2 audio player developers
will attend the 2008 FOSDEM conference.
" This years FOSDEM will take place in Brussels, Belgium the 23-24 of February. We have been talking about this event on the mail-list for a while now and it seems like a couple of XMMS2 developers will now show up."
Comments (none posted)
The Linux Users' Group of Davis will hold another free Linux Installfest
workshop in Davis, California on January 26.
Full Story (comments: none)
The Southern California Linux Expo schedule has been finalized.
" The commercial booths have all been filled. Several non-profit groups
have recently been added to the SCALE expo floor: Enlightenment, which
will be showcasing the work going into E17. Enlightenment is rarely
seen at conferences, so this is your opportunity to learn about the
desktop that first defined the term "eye candy". Also added were
OpenMoko and Damn Small Linux. And for the first time all three of the
major BSDs, OpenBSD, NetBSD, and FreeBSD will have booths at SCALE."
Full Story (comments: none)
The Southern California Linux Expo (SCALE) has announced the addition of two half-day training classes. The morning class is "Open-Source Email Systems: One Approach to
Spam Fighting" taught by Austin Godber, while the afternoon class is "Introduction to Virtualization on Linux with
Xen" taught by Chris St. Pierre. The classes will be held on the first day of SCALE, 8 February 2008 at the Los Angeles airport Westin. Click below for more information.
Full Story (comments: 1)
The YAPC::Asia 2008
Perl conference has been
announced.
" YAPC::Asia 2008 is announced to be held on May 15-16th in Tokyo. More detailed information from the organizers will follow."
Comments (none posted)
Events: January 24, 2008 to March 24, 2008
The following event listing is taken from the
LWN.net Calendar.
| Date(s) | Event | Location |
|---|
| January 24 |
Federal DBA Day |
Washington DC, USA |
January 28
February 2 |
Linux.conf.au 2008 |
Melbourne, Australia |
January 28
February 1 |
Ruby on Rails Bootcamp with Charles B. Quinn |
Atlanta, Georgia, USA |
January 29
January 31 |
Solution Linux 2008 |
Paris, France |
| February 1 |
Open Island |
Belfast, United Kingdom |
February 6
February 10 |
O'Reilly Money:Tech Conference |
New York, NY, USA |
| February 7 |
Frozen Perl 2009 |
Minneapolis, United States |
February 8
February 10 |
Southern California Linux Expo |
Los Angeles, USA |
February 10
February 13 |
NDSS Symposium 2008 |
San Diego, CA, USA |
| February 11 |
Florida Linux Show 2008 |
Jacksonville, Florida, USA |
| February 11 |
Open Source Software (OSS) and the U.S. Department of Defense (DoD) |
Alexandria, VA, USA |
February 13
February 15 |
German Perl-Workshop |
Regionales Rechenzentrum Erlangen, Germany |
| February 16 |
Frozen Perl 2008 Workshop |
Minneapolis, USA |
February 19
February 20 |
Linux Developer Symposium |
Beijing, China |
February 19
February 20 |
Files and Backup |
London, UK |
February 22
February 24 |
freed.in/2008 |
Delhi, India |
February 23
February 24 |
Free/Open Source Developers' European Meeting 2008 |
Brussels, Belgium |
February 23
February 26 |
Linux World Mexico |
Mexico City, Mexico |
February 25
February 26 |
2008 Linux Storage and Filesystem Workshop |
San Jose, CA, USA |
February 25
February 29 |
NEW PHP 5 and PostgreSQL Bootcamp with Mark Fenoglio |
Atlanta, Georgia, USA |
February 25
February 27 |
German Perl Workshop |
Frankfurt, Germany |
February 28
March 1 |
Linux Audio Conference |
Cologne, Germany |
March 1
March 2 |
Chemnitzer Linux-Tage 2008 |
Chemnitz, Germany |
March 3
March 6 |
O'Reilly Emerging Technology Conference |
San Diego, CA, USA |
March 3
March 6 |
Drupalcon Boston 2008 |
Boston, MA, USA |
March 4
March 9 |
CeBIT Germany |
Hannover, Germany |
March 8
March 14 |
Asia OSS Conference & Showcase 2008 |
Guangzhou, China |
March 11
March 12 |
4th AustralAsian Cleantech Forum |
Melbourne, Australia |
March 14
March 16 |
PyCon 2008 |
Chicago, IL, USA |
| March 15 |
FSF Associate Members Meeting |
Cambridge, MA, USA |
March 16
March 19 |
BossaConference 2008 - International Conference on Open Source Software for Mobile Embedded Platforms |
Pernambuco, Brazil |
March 16
March 21 |
Novell BrainShare 2008 |
Salt Lake City, UT, USA |
March 16
March 20 |
Free Software and Open Source Foundation for Africa |
Dakar, Senegal |
March 17
March 20 |
Eclipse Community Conference |
Santa Clara, CA, USA |
March 17
March 20 |
Spring VON.x Conference |
San Jose, CA, USA |
March 19
March 20 |
LinuxWorld Expo 2008 Brussels |
Brussels, Belgium |
If your event does not appear here, please
tell us about it.
Page editor: Forrest Cook
|
|
|