|
|
| |
|
| |
LWN.net Weekly Edition for January 24, 2008
By Jonathan Corbet
January 23, 2008
This is the third installment in a ten-year retrospective inspired by LWN's
tenth anniversary; those who have not yet seen them may want to have a look
at Part 1 and Part 2. At the end of the
second part, LWN had just emerged from the peak of the dotcom bubble having
made a deal with Tucows. For almost two years we operated as a part of
that company; here's some highlights from that time.
- April 13, 2000: Linuxcare
postpones its IPO indefinitely and rearranges its management. Minix
is released as free software.
- April 20, 2000: Linux
Business Expo in Chicago. Microsoft's FrontPage back door is exposed.
Devfs flame wars continue. Red Hat fired by its ad agency. Shares of
Caldera, VA Linux Systems and Andover.Net all fall below their IPO
prices.
- April 27, 2000: Oracle
creates Miracle Linux in Japan. Red Hat launches its embedded
developer's kit.
- May 4, 2000: Linuxcare
lays off 35% of its staff and officially cancels its IPO.
Needless to say, by this time we were happy to have found a relatively
stable place to be - times were starting to look a little tough. Between
the end of the Linuxcare IPO - once supposed to be the biggest and best of
them all - and the fact that other Linux companies had fallen below their
initial prices, it seemed that the honeymoon was pretty well over. By this
time, LWN's revenue stream from advertising had pretty well dried up too.
Red Hat's embedded business is a classic case of a lost opportunity. The
acquisition of Cygnus should have placed Red Hat in a strong position in
this sector, but, somehow, it all slipped away.
- May 11, 2000: Red Hat
changes direction, dumps its news site, and jumps into the venture
capital business. The first public BitKeeper release happens. The
Free Standards Group is formed.
- May 18, 2000: Rumors of
Wine 1.0. IBM releases the S/390 port. Memory management problems
plague the pre-2.4 development kernels.
One might think it cynical and mean-spirited to point out that we're still
waiting for Wine 1.0. But we'll do it anyway. The memory management
issues with 2.4 were to be with us for some time, as it turned out.
- May 25, 2000: The Linux
Mall and EBIZ merge. Lineo files for an IPO. Eric Raymond decides to
rewrite the kernel configuration system.
- June 8, 2000: A fight over
whether Reiserfs should go into the 2.4 kernel.
- June 22, 2000: British
telecom claims to own a patent on linking and starts suing ISPs for
being part of the world wide web. 2.4.0 test kernels come out in two
flavors with different memory managers. More Reiserfs flames.
Given that the 2.4.0 release was far overdue, one would think that
arguments over whether a completely new filesystem should be added would be
considered out of place. But they did happen, with Hans Reiser showing
a level of
anger and paranoia that put much of the community off of dealing with
him for years. It is rare that kernel developers are accused of putting
corporate interests above those of the kernel as a whole, but that happened
here.
It is actually worth reflecting on this a bit: kernel developers work for
roughly 200 companies, many of which are direct competitors. But that
competition has remained almost entirely absent from the development
process. We are very good at developing common resources in a highly
collaborative way while competing at different levels.
- June 29, 2000: MySQL
switches to the GPL, moves to SourceForge. 2.4.0-test2
is officially blessed with penguin pee.
- July 20, 2000: Miguel de
Icaza proclaims that "Unix sucks" at OLS. Sun releases StarOffice
under the GPL. Rumors circulate that Caldera might acquire SCO; if
only we'd known where that would go.
Larry Wall announces that Perl 6 will be a complete rewrite of
the language. If only we'd known where that would go - or not go. A
set of locking changes goes into the 2.4.0-test kernel - which is
allegedly stabilizing for release.
- August 3, 2000: Copyleft
is sued by the DVDCCA for putting the DeCSS code on T-shirts.
Caldera's acquisition of SCO's Unix business (and name) becomes
official.
- August 17, 2000: The GNOME
Foundation is formed. Debian 2.2 ("potato") is released.
- August 24, 2000 KDE/GNOME
flame wars break out anew. Eric Raymond strongly
criticizes Linus's management practices. VA Linux claims that
SourceForge hosts "over 76%" of the world's free software.
Caldera/SCO announces the "Linux and Unix marriage" - something it
will wish to annul later on.
Something which was widely understood, but little talked about, during this
time was the great amount of effort VA Linux put into recruiting projects
to SourceForge. It was a clear effort to become the home for as much
software as possible. Quite a few prominent projects moved over with great
fanfare, only to drift away more quietly later on. SourceForge still hosts
a great many projects, but it is seen by many now as a home of last resort.
- August 31, 2000: The Open
Source Development Lab announces its existence.
- September 7, 2000:
Trolltech releases Qt under the GPL. The CueCat saga begins. The RSA
patent is released into the public domain - two weeks before it
expires.
Lest anybody think that the dotcom silliness was truly over by this point,
the CueCat story should convince them otherwise. Digital Convergence spent
many millions of dollars sending around free barcode scanners on the idea
that people would want to swipe codes from advertisements and be taken to
the associated web site. This company considered using the scanner for any
other purpose to be a violation of the DMCA, and made loud threats at
people distributing drivers which enabled such uses. The company's threats
came to nothing, but they foreshadowed the DMCA follies to come.
- September 14, 2000: Linus
decrees
that the kernel is licensed under version 2 (only) of the GPL.
- September 21, 2000: Sun
acquires Cobalt Networks. Caldera dumps $3 million into EBIZ.
Linus proclaims the kernel to be in "final freeze," with only critical
fixes being accepted.
- September 28, 2000: the
Red Hat Network launches. Red Hat 7 is released, featuring
"gcc-2.96," a release which the GCC project never made.
The Red Hat Network was the core of what was to become the subscription
services which support the company so nicely now. Back then, though, that
outcome still was not clear, and Red Hat continued to experiment with a
number of business ideas.
- October 26, 2000: KDE 2.0
is released. LynuxWorks files for an IPO.
- November 2, 2000:
Turbolinux files for an IPO. Linuxcare shuts down its European
operation. Linus describes the 2.4.0-test10 kernel as having "no known
bugs."
- December 7, 2000: The
2.4.0-test12 prepatches include the new PA-RISC architecture and
rework of the task queue API - both of which, apparently, were fixes
for critical problems. EBIZ tells its shareholders that things will
get better soon, honest.
- December 21, 2000: Corel
sells its Linux business to (what becomes) Xandros.
- January 11, 2001: the
2.4.0 kernel is released at last. Linus warns that it's not yet open
season for new patches. The first SELinux prototype is released.
Many people had begun to worry that 2.4.0 would never come. The story of
the development of this kernel, though, was not done yet.
- January 18, 2001: The
Ramen worm attacks Red Hat Linux systems. Turbolinux and Linuxcare
agree to merge. Lineo withdraws its IPO application. VA Linux warns
that earnings will not be up to expectations. Helix Code gets
$15 million in venture investments. The InterBase backdoor is
discovered. Reiserfs gets merged for the 2.4.1 kernel. The first
linux.conf.au happens.
- February 8, 2001: SUSE
(still SuSE then) lays off most of its US staff.
- February 22, 2001: VA
Linux lays off 25% of its staff, gets a new CEO. Turbolinux cancels
its IPO. Microsoft's Jim Allchin calls Linux "un-American".
- March 15, 2001: Eazel
releases Nautilus 1.0, lays off half its staff.
- March 22, 2001: The
Stanford Checker surfaces with a long list of potential kernel bugs.
EBIZ announces a plan to acquire Linux NetworX.
By this point, things were looking downright scary. During the bubble
days, almost anybody who wanted to work in free software development could
get a job somewhere. By this point, though, quite a few people were
without jobs and some of them were leaving the community altogether.
The Stanford Checker was a GCC derivative which could do static analysis;
for many, it was the first real demonstration of what that kind of tool
could do. Despite some early reassurances, this code was never released;
instead, it was used to found Coverity. The community has benefited
strongly from Coverity's work, but imagine what we could have done with the
source to the Checker. It is a little sad that we have been unable to
develop similar capabilities in free software.
- April 5, 2001: Wind River
Systems buys BSDi. The first kernel
summit is held. Alan Cox states that the 2.4 kernel is not yet
stable. Larry Wall begins to post the design of Perl 6.
- April 19, 2001: Wind River
Systems lays off the Slackware staff. MandrakeSoft starts asking for
donations from users.
- April 26, 2001: Ed Felten
receives DMCA threats over his breaking of the Secure Digital Music
Initiative watermarking scheme. Eric Raymond proclaims his intent to
hack the kernel's social systems.
The threats against Ed Felten - who had participated on a contest put on by
SDMI proponents - were a strong signal that, in the U.S., the DMCA could
bite developers hard. Worse was to come, though. Meanwhile, Eric
Raymond's attempts to "hack" a rather unimpressed kernel community provided
a steady stream of comic relief.
- May 3, 2001: Turbolinux
and Linuxcare cancel their merger. VA Linux posts horrific quarterly
earnings. Sony releases Linux for the Playstation 2 console.
- May 10, 2001:
EBIZ cancels its acquisition of Linux NetworX. The Bergen Linux Users
Group implements RFC 1149.
- May 17, 2001: Eazel shuts
down. Enhanced Software Technologies - owned by Atipa - shuts down.
- May 24, 2001: MandrakeSoft
lays off 20% of its employees, including its CEO.
Your editor has said previously that Eazel's plan never seemed (to him) to make
sense; the investors finally came to the same conclusion and pulled the plug. Another
plan which did not make sense was what had happened to MandrakeSoft:
outside managers placed in the company by its venture capitalists had
decide that Mandrake should be an e-learning company - not exactly its area
of core expertise. That strategy just about destroyed MandrakeSoft before
the decision to go back to its distributor roots was made. The company
has taken many years to recover from that mistake.
- June 21, 2001:
Red Hat turns a profit. GCC 3.0 is released.
- June 28, 2001: Caldera
announces plans to move its distribution to per-seat licensing. Linus
announces that the 2.5 development series will open "in a week or
two." Meanwhile memory management problems continue to plague the 2.4
kernel (now at 2.4.5). VA Linux leaves the hardware
business. MandrakeSoft announces plans for an IPO. LynuxWorks
withdraws its IPO application.
In these difficult days, the fact that Red Hat could produce a profit -
even a tiny one - offered a ray of hope. The failure of VA Linux to make
it in the hardware business was a sobering counterexample, though, given
that VA was once the most prominent company selling Linux-installed systems.
- July 4, 2001: Version 1.0
of the Linux Standard Base is released.
- July 12, 2001: The Mono
project is launched. Atipa shuts down.
- July 19, 2001: MySQL and
NuSphere end up alleging GPL violations (and more) in court. Dmitry
Sklyarov is arrested on DMCA charges in Las Vegas. EBIZ warns
stockholders that more money must be found or the company will not be
viable.
More than anything else, the arrest of Dmitry was a wakeup call for the
community. It seemed that, in the U.S., any developer could be arrested
for interfering with the business plans of large companies. As a result of
this action, some developers still refuse to travel to the U.S.
We still miss Liz - but she remains a good friend.
- August 30, 2001: Dmitry
Sklyarov is charged with conspiracy and faces 25 years in prison. VA
Linux takes the SourceForge software proprietary.
- September 6, 2001: IBM and
others put millions of dollars into SUSE to keep it from bankruptcy.
Sistina takes its Global Filesystem (GFS) proprietary.
- September 13, 2001:
Caldera turns in horrific quarterly earnings; layoffs and a
reverse stock split follow. Lineo lays off a large
portion of its staff. Great Bridge, a company seeking to
commercialize PostgreSQL, shuts down entirely. EBIZ goes into chapter
11 bankruptcy.
- September 27, 2001: The
2.4.10 kernel is released.
Few people remember September, 2001, as one of their favorite months.
Beyond the terrible events occurring in the wider world, the problems in
the commercial Linux sector just seemed to get steadily worse.
The 2.4.10 kernel release is an important point as well. Here is where the
longstanding memory-management problems came to a crux; Linus responded
by ripping out the 2.4.9 VM code and replacing it with a completely
different implementation. What followed may be the closest we ever came to
a fork in the Linux development process. Some distributors stayed with
2.4.9 for a long time - RHEL 2 systems (still supported by Red Hat)
are still running a kernel which, at least, claims to be 2.4.9. The worst
passed, however, and this is the point at which 2.4 started toward
something resembling stability.
- October 4, 2001: The World
Wide Web Consortium proposes allowing patented technology with
proprietary licensing into web standards. SUSE brings in another
round of funding and announces the layoff of 120 people.
- October 11, 2001: Michael
Hammel leaves LWN.
Tucows, which had not been helped by having launched a major new offering
on September 11, laid off a number of people, including Michael. His
desktop columns had been a welcome addition to LWN, and his departure was a
big loss.
- October 18, 2001: Progeny
stops development of its Debian-based distribution.
- October 25, 2001: Lindows
announces its existence.
- November 8, 2001: Linus
announces that 2.5 will start soon. Marcelo Tosatti is named as the
2.4 maintainer. IBM open-sources Eclipse. The European software
patent directive picks up steam.
- November 29, 2001: The 2.5
kernel development series starts - with a filesystem corruption bug.
- December 6, 2001: The
Mandrake Club is launched as a fund-raising initiative.
Initially the Mandrake Club was meant to function as a sort of tip jar. As
financial problems at MandrakeSoft got worse, though, it became the
storefront through which the Mandrake distribution was sold. Not everybody
liked how the Club was run, but it doubtless helped MandrakeSoft to survive
into the present.
- December 20, 2001: Charges
against Dmitry Sklyarov are "deferred" and he returns home to Russia.
- January 17, 2002: DeCSS
creator Jon Johansen is indicted in Norway.
- January 31, 2002: LWN is
unacquired. 2.5 kernel patches get dropped, leading to another "Linus
does not scale" discussion.
The indictment of Mr. Johansen made it clear that DMCA-like problems were
not limited to the USA.
Meanwhile, by this time, Tucows had come to terms with the fact that its
acquisition (and ongoing operation) of LWN was not helping it, given the
directions its business was taking. So, after some discussion, LWN was
unacquired - it was given back to its creators, with Tucows holding on to a
small piece just in case. The parting was on the best of terms; it
revalidated our decision to go with Tucows in the first place. But, after
almost two years, it was time for LWN to venture back out into a scary
world as an independent business.
That was the beginning of a new phase, with its
own ups and downs, which will be discussed in the next installment.
Comments (12 posted)
In the first installment in this
series, your editor took on the task of getting video data onto his
system in digital form. Part 3 talked about
authoring DVDs with the nicely edited versions of those video clips. Now
it's time to fill in the missing second part, wherein your editor turns raw
captured video into something suitable for DVD creation.
The task to be accomplished is relatively simple: for each video clip, trim
off the extra junk at the beginning and the end. Some of them also require
internal editing; there were signs of operator error in the form of, say,
extended sequences where the sole subject matter was the floor and,
perhaps, the cinematographer's shoe. Nice transitions between the clips
were desired - a basic fade to black at the end, if nothing else. The
addition of titles is useful. And, as an added bonus, the video clips
needed to be deinterlaced before being written in a form suitable for
passing to the dvdauthor utility.
In the process, your editor encountered several tools in varying states of
readiness. He has become better acquainted than ever with the notion of
"build hell." A rather more than passing acquaintance with the behavior of
the out-of-memory killer in 2.6.24-rc kernels has also been achieved. And,
at the end, your editor believes he has a reasonable sense of the state of
the art in Linux video editing.
Avidemux
![[Avidemux]](/images/ns/grumpy/vedit/avidemux-sm.png)
Avidemux is a GTK-based
editor which, according to its web page, is "designed for simple cutting,
filtering and encoding tasks." It is an interesting combination of
simplicity in some areas combined with great power and complexity in
others. It has a lot of potential, but it also has a few rough edges.
For example, Avidemux handles DVD-style MPEG2 files without trouble. But a
reader who digs far enough into the documentation (which is extensive and
useful, incidentally) finds a warning that one must exercise the "build VBR
time map" option, or audio and video will become unsynchronized in the
final product. This operation is nearly instantaneous on a five-minute
clip; given the problems which can result from not doing it, why does
Avidemux not just build this "time map" when the file is loaded? Why set a
trap like that for your users?
The actual video editing operations are quite simple. Avidemux can only
handle a single video clip, and that clip has a single set of begin/end
points. It is possible to delete from the middle of a clip using those
endpoints; deletion is instantaneous and leaves no sign on the timeline.
There is no "undo" operation, but there is an option to dump all
changes made to the file.
There is a scrollbar which enables quick movement through the clip; the
arrow keys move by single frames. In general, the interface is responsive
on your editor's machine.
| Before |
|---|
 |
| After |
|---|
![[after]](/images/ns/grumpy/vedit/avidemux-int-after.png) |
One place where Avidemux excels is in its selection of video filters.
For example, your editor went looking for a filter to deinterlace the
video; he found 21 different deinterlacing filters. Many of these filters
have an extensive set of configuration options. Actually choosing the
right filter and options for the task at hand is an intimidating task, and
the documentation does not provide a whole lot of guidance. In the end,
Your editor got reasonable results with the "yadif" filter, as can be seen
in the "before" and "after" images on the left.
A fade-to-black ending was achieved with another filter. It works
beautifully, if one does not mind that (1) there is no choice of what
to fade to beyond a "fade to black" toggle, (2) the portion of
the clip to be affected must be identified by typing in frame numbers, and
(3) those frame numbers are not adjusted should somebody, say, delete
some video from an earlier part in the clip. The capability is there, but
the interface needs some work.
Other filters allow cropping, mirroring, color modifications, noise
removal, sharpening, blurring, addition of subtitles, the addition of logos
from image files, the creation of animated DVD menus, etc. Should all of
those be inadequate, the "swiss army knife" filter is there for more
general low-level processing. There is also a scripting interface for
Avidemux, though your editor did not attempt to make use of it.
The interface allows the user to view the video either before or after the
filters have been applied - or both together. The latter mode, though,
tends to run slowly, though the post-filter output, by itself, worked just
fine.
In the end, saving the file out as a DVD "video object" does the job -
though one has to assume that the rather spartan "save" dialog will do
that. Like most (but not all) video editors, Avidemux does not actually
change the video data until told to render a new file. The list of edits,
filters, etc. can be saved as a "project" file (an Avidemux script, really)
so an editing session can be resumed at a future point using the original
material.
The bottom line is that Avidemux is a capable and reasonably solid tool -
your editor was not able to make it crash. Its long list of filters will
be appealing to some users. Its inability to work with more than one clip
at a time will rule it out for many others, though. Like so many other
tools in this category, it's almost there.
Cinelerra
![[Cinelerra]](/images/ns/grumpy/vedit/cinelerra-sm.png)
The Cinelerra tool has an interesting history. It was once known as
"Broadcast 2000," before being withdrawn because somebody was worried about
legal liability. Now it is available as "Cinelerra," but in two versions.
The "official"
version is published by a company named Heroine Warrior, which has no
real interest in the hassles of dealing with a community or making regular
releases. Heroine Warrior is, however, generous enough to make the code
available under the GPL; a group of developers has taken the code and made
Cinelerra CV - the "community
version." This version is supposed to be under active development and move
more quickly, but it still doesn't seem to be moving all that fast,
unfortunately.
There are some good documents for Cinelerra, but, reading them, one starts
to encounter certain themes. For example:
Cinelerra is not perfect. Before long you will be familiar with
the tendency it has to crash
Or this
one:
Quicktime is not the standard for UNIX but we use it because it's
well documented. All of the Quicktime movies on the internet are
compressed. Cinelerra doesn't support most compressed Quicktime
movies but does support some. If it crashes when loading a
Quicktime movie, that means the format probably wasn't supported.
Cinelerra is by far the most complex - and capable - of the tools available
for Linux. If you are looking for an editor designed for the creation of
complicated video with lots of effects, Cinelerra is the tool for you.
Unfortunately, Cinelerra does not appear to have a development community
which is up to the maintenance of a tool of this size. So it is difficult
to work with and not particularly robust.
At startup, Cinelerra puts up four individual windows. The "timeline"
shows all of the tracks being edited, and is the place where much work
actually gets done. There are two video windows; one displays the current
state of the timeline, while the other can be used to look at individual
clips outside of the timeline. Then the "resources" window holds
everything else.
The timeline display is quite nice. Video thumbnails along the line give a
rough sense of what is happening in each clip. The display of audio levels
is also highly useful when one is trying to find specific events; it would
be nice if other tools picked up this idea. A number
of editing operations can be performed directly on the timeline; each
track, for example, has a horizontal line which can be manipulated to
adjust the (audio or video) levels at any given point. So a fade-to-black,
for example, is a simple matter of ramping the video level down at the
right place.
For more complex operations, there is a large list of effects which can be
applied. These effects show up on the timeline next to the tracks they
operate on; their end points can easily be dragged around. Cinelerra will
attempt to render effects when the timeline is being played, but that tends
to slow the program (not the fastest tool to begin with) to a point where
it cannot keep up with normal video rates.
Cinelerra does not modify any data until told to render the project. It
cannot create DVD video objects directly; one must render audio and video
separately, then multiplex them outside of the program. The edit list can
be saved separately.
There is a whole host of features in Cinelerra not found anywhere else.
For example, it can be used to drive a rendering farm for those big
production jobs. There is a motion tracking subsystem built into it
("The intricacies of motion tracking are enough to sustain entire
companies and build careers around"). There's a set of options
for audio and video capture. And so on.
But your editor could never get all that far with Cinelerra before it ran
the system out of memory. One does, indeed, become familiar with its
tendency to crash, but it's especially annoying when it takes the rest of
the system down with it. Cinelerra should really be one of the star
applications in the free software world. It has a great deal of power and
can do amazing things; it could be a professional-quality tool. What it
needs is for the community to truly take
charge of the "community version" and turn it into a system which is fast,
robust, and easier to use. To that end, it would help if the two people on
the planet who can succeed in actually building this system would clean up
that process and, in general, make Cinelerra more welcoming to new
developers. The foundation for a great video editor is here, but there is
a lot of finishing work to be done.
Kdenlive
![[Kdenlive]](/images/ns/grumpy/vedit/kdenlive-sm.png)
Kdenlive is a KDE-based editor under
active development; version 0.5 was released in August, 2007. Having not
found a version for Rawhide, your editor set out to build this tool, only
to give up in despair. So, as an aside, your editor would like to offer a
helpful suggestion to developers who want people to actually use their
code: if you absolutely must use your own build tool instead of
make, and there is just no alternative to using a tool which
nobody has heard of or packages and which does not have a web site or
working download location, please consider just packaging said tool with
your code. Your editor is sure that "unsermake" is vastly superior to the
alternatives which we all have on our systems already, but it doesn't help
if you can't find it.
Of course, even after solving that problem, your editor was not able to
build this tool. Fortunately, Ubuntu ships it, so that is the version
which was used here.
The initial Kdenlive experience is a little rough; it asks for a set of
default parameters. How is one to choose between, say, "CIF NTSC" or "DV
NTSC" or "DV NTSC Widescreen"? There is no help on offer to guide the user
toward the right choice. Once past that, the user sees a window with three
major panes which offer functionality similar to that available from
Cinelerra.
The first step is to bring one or more video clips into the "project tree,"
which is (usually) visible in the upper left pane. These clips can be
viewed in the "clip monitor" on the right. A clip of interest can then be
dragged down to the timeline area, where it can be easily positioned
relative to any others which are already there.
Kdenlive uses the "divide and conquer" editing method. To remove a section
of a clip, the user positions to one end of that section, then selects
"razor" to split the clip in two at that point. Another split at the other
end isolates the section to be removed, which can then be deleted with a
separate operation. There is (with the exception of transitions) no way to
apply an operation to a part of a clip - the area of interest must always
be razored out first.
As a result, the fade-to-black effect is not quite as easily achieved in
Kdenlive as with some other tools. There is a "brightness" effect, but it
changes the brightness to a constant value through the entire clip. The
way to fade out a scene is to add a new clip with a solid color (easily
done in Kdenlive), then use a crossfade transition to join the two clips
together.
Transitions are added by selecting the first track and, via the
right-button menu, selecting the desired transition. Various parameters
(such as the time required for the transition) can then be tweaked. It all
works easily; Kdenlive is a fun tool for quickly piecing together different
bits of video into a coherent whole.
There are separate video windows for displaying individual clips and the
timeline as a whole; by default, they cannot both be viewed at the same
time. Playback is responsive. It's a little more awkward than with some
tools, though: the position cursor is small and hard to grab, and there is
a shortage of keyboard shortcuts for moving around. The timeline is less
informative and less functional than Cinelerra's, but the information one
really needs is there.
When the project is done, there is a nice "export to DVD" option there to
do the rest of the work. Kdenlive can create the video object files and
fire up Qdvdauthor to do the rest, or it can create a
basic, single-title DVD internally and (using k3b) burn it to a disc. Your
editor, thus, should have
mentioned Kdenlive in the DVD authoring article, but he was unaware of this
feature at that time. It all works easily; your editor was able to make a
playable DVD with minimal trouble.
It was not the most beautiful DVD, though, because Kdenlive has no
deinterlacing capability. Those of us unlucky enough to be starting with
interlaced video must handle that operation separately, before or after the
editing process.
While any of the editors discussed here could conceivably work with
high-definition video, Kdenlive is the only one which appears to have been
written with that in mind. Projects can be set up in HD formats without
undue tweaking. Your editor was not in a position to test this capability,
though.
All told, Kdenlive comes across as one of the most finished of the free
editing tools. It is relatively straightforward to use and it has all of
the features that most people are likely to need. For many applications,
this could well be the first tool to reach for.
Kino
![[Kino]](/images/ns/grumpy/vedit/kino-edit-sm.png)
Despite its "K" name, Kino is a GTK-based
video editor. It is quick and easy to use, but also lacking somewhat in
power.
Kino only works with a single video format - the digital video (DV) format
associated with contemporary camcorders. When started with something else
(say, your editor's MPEG files from the capture card), it will offer to
convert the file into DV. This process works, but the result is a
significant (5-10x) increase in the size of the file.
There is no timeline in Kino; instead, it has a "storyboard" in the
leftmost pane. Each video clip becomes a separate scene in the storyboard,
with each being played strictly before the one after it. Like Kdenlive,
Kino works by dividing clips and applying operations to the pieces. So
trimming video is done by "splitting" the scene into wanted and unwanted
parts, then deleting the latter. The documents make much of the "powerful"
three-point trim feature, but your editor doesn't get it; it just seems
like a way to set the beginning and ending split points on the same screen,
but the amount of work remains the same.
Moving within clips is quick and easy in Kino. There is also a
scrollbar-based "jog wheel" for variable-speed motion in either direction.
What your editor really likes, though, are the keyboard shortcuts,
including vi-style bindings for moving, frame-by-frame, through the
material. It makes finding the exact spot to make a cut a quick affair.
Kino offers a reasonable set of effects, though the interface and
implementation are awkward. Most effects apply to a full scene, so the
normal mode of operation is to split scenes where an effect is to be
placed. There is an option to "limit" an effect to a period of time at the
beginning or end of a scene, though, so something like fade-to-black or a
crossfade can be done without making new scenes.
Or so one would think. Unlike most other editors, Kino does not apply
effects at playback time; instead, an effect must be rendered when it is
applied to the scene. The result is a new scene (even if the limit option
described above is used) which contains the result of a new DV file created
by the effect renderer. For good measure, the rendering code places the
rendered file (with a name like 001.kinofx.dv) in the user's home
directory, which can quickly become cluttered with them. This approach
lets Kino display effects without performance problems, but it is a bit
messy and inelegant.
| Internal |
|---|
 |
| External |
|---|
 |
While Kino only works with DV files, it has one of the nicest export
dialogs around. There is a long list of options, one of which is DVD-style
MPEG. There's even a "deinterlace" pulldown with a few options. The
internal deinterlacer is, as advertised in the menu, very fast, but the
results are not all that great. If one, instead, has Kino use the external
YUV deinterlacer, things will be exceedingly slow, but the results are
worth it. Examples from both deinterlacers can be seen on the left.
By default, the DVD exporter creates the necessary video object file and a
simple dvdauthor script for a minimal DVD. There are options, though, to
burn the DVD immediately or to go into Qdvdauthor for further work.
One might mention here that, like most of the other tools discussed here,
Kino does not play nicely with others when it comes to the audio
subsystem. Each tool has its own way of responding to contention, though.
In this case, if Kino is unable to get exclusive access to the audio
device, it shows its displeasure by playing video (silently, of course) at
ten times the normal speed. After a while one learns to recognize this
particular tantrum, but it still would be nicer if the application would
say something like "I'm not willing to share the audio device, can you
please stop your music player if you want to play back your video?"
Bottom line: Kino is a reasonably capable editor which, after a very short
learning period, is quick and fun to use. It may well be the best option
for people with relatively simple needs. Those wanting more sophisticated
capabilities, though, are likely to see it as an underpowered toy.
LiVES
![[LiVES]](/images/ns/grumpy/vedit/lives-sm.png)
The Linux Video Editing System
(LiVES) is a relatively simple editor with some interesting capabilities.
The web page claims:
LiVES is good enough to be used as a VJ tool for professional
performances, and as a video editor is capable of creating dazzling
clips in a wide variety of formats.
Your editor, however, is not a VJ. So his experience with this tool was
not the best.
The process of importing a video clip into LiVES is slow and
disk-intensive. After some investigation, your editor figured out why:
LiVES works by converting every video frame into a separate JPEG image
file. The end result is a directory containing tens of thousands of images
and a massive expansion in the size of the clip. It also cannot be good
for system performance in general; your editor can only suggest that using
a filesystem with indexed directories would be a good idea.
LiVES is one of those applications with such a sense of its own importance
that it comes up maximized from the outset. The interface reconfigures
itself on the fly depending on what operations are selected - in
particular, video display windows come and go in a frequent and distracting
manner. The default directory for video files in /usr/local.
Cross-fading one clip into another works, but it loses the
synchronization with the audio. Many tasks are done by running external
programs; should that program fail, LiVES will tell the user, but it does
not pass on the information provided by that program. So figuring out
why things fail is a matter of digging through debug and
strace output.
Somewhere in this process, your editor decided that, while LiVES may indeed
make VJs happy, it is not a serious editing tool for the rest of us. There
is the potential for some nice features there, but this application needs a
lot of work before it will be ready for general use.
PiTiVi
![[PiTiVi]](/images/ns/grumpy/vedit/pitivi-sm.png)
One gets used to thinking of video editors as being huge programs written
in relatively fast languages. PiTiVi, however, is an
exception to the rule: it's a smallish application written in Python. Of
course, it's only small when one overlooks some of the external pieces -
like gstreamer.
This application, too, was a bit of a challenge to get going. It has
various dependencies not accounted for in its configure script, including
some strange ones: why does a video editor need to import Zope modules?
Still, your editor had better luck here than with some of the alternatives.
The good news is that, despite its Python implementation, PiTiVi is
responsive when moving around in video clips. On the other hand, moving
around in clips is really about all that PiTiVi can do at this point.
There is a rudimentary timeline display which does not do anything, and no
editing options are available. So PiTiVi, while being a promising start,
is not really an editor at this time.
Conclusion
Worth mentioning in passing: the Open Movie
Editor looks like a tool with some promise. It disliked your editor's
video files, though, claiming that it only supports files with a 25
frames/second rate. Your editor, deep in NTSC country, has no such files.
Hopefully, as this project matures, it will achieve the generality this
kind of tool must have.
The free software community can be aggravating sometimes. We clearly have
the ability and the desire to create top-quality tools for tasks like video
editing. But what we get is a half dozen tools, none of which is a
complete solution to the problem. Your editor would be the first to say
that competition between projects can be a good thing, inspiring everybody
involved to push harder and achieve more. But, still, maybe having fewer
competing tools might just help people to work together and make tools
which are truly great.
That said, the state of the art in Linux video editing is not as bad as one
might think. The tools are there to put together a decent video without a
great deal of trouble. As mentioned above, Kdenlive is arguably the most
polished of these tools, with Kino also being a good candidate for simpler
applications. And Cinelerra remains in its position as the application
that is going to be truly spectacular, once all of those loose ends finally
get tied up.
Your editor once heard Lawrence Lessig say that text is like Latin for
younger people today, and that video is the preferred way to communicate.
If that is true, then we want to make it possible to communicate as richly
as possible while using free tools. We have a good base to build on, and
many smart people have solved many of the hardest problems. Finishing the
job is well within our capabilities.
Comments (27 posted)
LWN editor Jonathan Corbet is pleased to be heading back to Australia for
his fourth visit to linux.conf.au. Beyond the pleasure of attending one of
the best free software events on the planet and meeting LWN readers, there
will be the simple joy
of going somewhere where the temperature is above freezing. But most
pleasing is the opportunity to speak at linux.conf.au on January 30 -
they day we have designated as the tenth anniversary of LWN. It will be a
celebration for sure.
Stay tuned to LWN for reports from the event as it unfolds.
Comments (none posted)
Page editor: Jonathan Corbet
Security
By Jake Edge
January 23, 2008
Various recent, unrelated security issues seem to have a common thread:
Javascript. It is not the fault of the language, exactly, nor of any
particular implementation. It is the fundamental nature of how the
language is used that often causes it to be "front and center" when security
problems are found on the web.
Imagine that your computer reaches out across the net, to an unverified
site, over an unencrypted link and grabs code that it executes with little
in the way of further inspection. When put that way, it sounds rather
dangerous, but that is exactly what browsers do with Javascript code.
There are limits to what Javascript is allowed to do—meant to thwart
malicious uses—but it has to have some privileges on the local
machine in order to be useful.
One of the recent outbreaks is the "random js" attack, which propagates
through Javascript served by legitimate websites. It generates a random
.js filename for each visitor—which is where the name comes
from—inserting a reference to it in a page on the site. It also
stores the IP address of the visitor so that it does not repeat the
infection multiple times. The payload then tries to exploit a dozen or more
Windows vulnerabilities to install malware of various sorts.
The payload is not a problem for Linux users, but the websites hosting the
attack are running Apache, many on Linux. The big unresolved question is
how the servers were infected. It could be as simple as getting root
access via insecure or intercepted root passwords. Or there could be some,
as yet unknown, exploit. That certainly bears watching.
Because of the privileges that Javascript has on a local host, it can be
used to spread malware, by exploiting the trust that
users—those that even concern themselves with such things—have
in the website they are visiting. It can also play a role in redirecting
traffic away from a trusted site, even though the site itself has not been
compromised.
A post
by Nat Torkington at O'Reilly illustrates a common problem that content
providers need to worry about. O'Reilly's perl.com site carried
advertising that required them to load Javascript from the advertiser's
site. All was well until the domain expired. A porn site bought it and
started providing the required Javascript file with new contents
redirecting the users to their site.
A man-in-the-middle or DNS cache poisoning attack could be used for similar
results on a smaller scale basis. One can certainly see how it might be
used by phishers as well. It is a difficult problem, as website owners need
to be able to call out to advertisers' Javascript, but users typically do
not expect to run code from a site they did not directly access.
A theoretical attack on home routers has started to show up in the
wild. It uses Javascript to exploit a vulnerability in home routers to
change the DNS entries for a popular Mexican bank. After that, accesses to
the bank would instead go to the malicious website which would collect
usernames and passwords, allowing the attacker to access the accounts.
Once again, users probably do not expect that surfing to a random site
could suddenly expose them to bank account compromise.
There are some things that can be done. For users, if Javascript
cannot be disabled entirely—something increasingly difficult in the
"Web 2.0" world—it can at least be leashed using NoScript for Firefox.
For website owners, Google's Caja project, seeks to
define a subset of Javascript which implements an object-capability
language, which would make it easier to sandbox remote code. If this
effort succeeds, one can imagine that users could restrict their browsers
to only use the Caja subset some day as well.
Comments (2 posted)
New vulnerabilities
apt-listchanges: arbitrary code execution
| Package(s): | apt-listchanges |
CVE #(s): | CVE-2008-0302
|
| Created: | January 17, 2008 |
Updated: | January 23, 2008 |
| Description: |
From the Debian alert: Felipe Sateler discovered that apt-listchanges, a package change history
notification tool, used unsafe paths when importing its python libraries.
This could allow the execution of arbitrary shell commands if the root user
executed the command in a directory which other local users may write
to. |
| Alerts: |
|
Comments (none posted)
bind: off-by-one error
| Package(s): | bind |
CVE #(s): | CVE-2008-0122
|
| Created: | January 22, 2008 |
Updated: | July 10, 2008 |
| Description: |
Off-by-one error in the inet_network function in libc in FreeBSD 6.2, 6.3,
and 7.0-PRERELEASE and earlier allows context-dependent attackers to cause
a denial of service (crash) and possibly execute arbitrary code via crafted
input that triggers memory corruption. |
| Alerts: |
|
Comments (none posted)
boost: denial of service
| Package(s): | boost |
CVE #(s): | CVE-2008-0171
CVE-2008-0172
|
| Created: | January 17, 2008 |
Updated: | March 22, 2012 |
| Description: |
From the Ubuntu alert:
Will Drewry and Tavis Ormandy discovered that the boost library
did not properly perform input validation on regular expressions.
An attacker could send a specially crafted regular expression to
an application linked against boost and cause a denial of service
via application crash. |
| Alerts: |
|
Comments (none posted)
flac: arbitrary code execution
| Package(s): | flac |
CVE #(s): | CVE-2007-6277
|
| Created: | January 21, 2008 |
Updated: | January 23, 2008 |
| Description: |
From the NVD entry:
Multiple buffer overflows in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allow user-assisted remote attackers to execute arbitrary code via large (1) Metadata Block Size, (2) VORBIS Comment String Size, (3) Picture Metadata MIME-TYPE Size, (4) Picture Description Size, (5) Picture Data Length, (6) Padding Length, and (7) PICTURE Metadata width and height values in a .FLAC file, which result in a heap-based overflow; and large (8) VORBIS Comment String Size Length, (9) Picture MIME-Type, (10) Picture MIME-Type URL, and (11) Picture Description Length values in a .FLAC file, which result in a stack-based overflow. NOTE: some of these issues may overlap CVE-2007-4619. |
| Alerts: |
|
Comments (none posted)
horde3: remote email deletion
| Package(s): | horde3 |
CVE #(s): | CVE-2007-6018
|
| Created: | January 21, 2008 |
Updated: | March 24, 2009 |
| Description: |
From the Debian advisory:
Ulf Harnhammer discovered that the HTML filter of the Horde web
application framework performed insufficient input sanitising, which
may lead to the deletion of emails if a user is tricked into viewing
a malformed email inside the Imp client. |
| Alerts: |
|
Comments (none posted)
hsqldb: unspecified vulnerability
| Package(s): | hsqldb |
CVE #(s): | CVE-2007-4576
|
| Created: | January 22, 2008 |
Updated: | January 23, 2008 |
| Description: |
HSQLDB contains an unspecified
vulnerability which should be fixed in version 1.8.0.8. |
| Alerts: |
|
Comments (none posted)
kernel: local filesystem corruption
| Package(s): | kernel |
CVE #(s): | CVE-2008-0001
|
| Created: | January 17, 2008 |
Updated: | June 13, 2008 |
| Description: |
From the mitre.org CVE description:
VFS in the Linux kernel before 2.6.23.14 performs tests of access mode by using the flag variable instead of the acc_mode variable, which might allow local users to bypass file permissions. |
| Alerts: |
|
Comments (none posted)
libcdio: arbitrary code execution
| Package(s): | libcdio |
CVE #(s): | CVE-2007-6613
|
| Created: | January 21, 2008 |
Updated: | March 7, 2008 |
| Description: |
From the Gentoo advisory:
Devon Miller reported a boundary error in the "print_iso9660_recurse()"
function in files cd-info.c and iso-info.c when processing long
filenames within Joliet images.
A remote attacker could entice a user to open a specially crafted ISO
image in the cd-info and iso-info applications, resulting in the
execution of arbitrary code with the privileges of the user running the
application. Applications linking against shared libraries of libcdio
are not affected. |
| Alerts: |
|
Comments (1 posted)
mantis: information disclosure
| Package(s): | mantis |
CVE #(s): | CVE-2006-6574
|
| Created: | January 21, 2008 |
Updated: | January 23, 2008 |
| Description: |
From the NVD entry:
Mantis before 1.1.0a2 does not implement per-item access control for Issue History (Bug History), which allows remote attackers to obtain sensitive information by reading the Change column, as demonstrated by the Change column of a custom field. |
| Alerts: |
|
Comments (none posted)
mantis: cross-site scripting
| Package(s): | mantis |
CVE #(s): | |
| Created: | January 23, 2008 |
Updated: | January 23, 2008 |
| Description: |
The Mantis 1.1.1 release
contains a security fix for this bug. |
| Alerts: |
|
Comments (none posted)
scponly: arbitrary command execution
| Package(s): | scponly |
CVE #(s): | CVE-2007-6350
CVE-2007-6415
|
| Created: | January 22, 2008 |
Updated: | February 18, 2008 |
| Description: |
scponly 4.6 and earlier allows remote authenticated users to bypass
intended restrictions and execute code by invoking dangerous subcommands
including (1) unison, (2) rsync, (3) svn, and (4) svnserve, as originally
demonstrated by creating a Subversion (SVN) repository with malicious
hooks, then using svn to trigger execution of those hooks. (CVE-2007-6350)
In addition, it was discovered that it was possible to invoke with scp
with certain options that may lead to execution of arbitrary commands.
(CVE-2007-6415). |
| Alerts: |
|
Comments (none posted)
tomcat: information disclosure
| Package(s): | tomcat5.5 |
CVE #(s): | CVE-2008-0128
|
| Created: | January 21, 2008 |
Updated: | March 7, 2008 |
| Description: |
From the Debian advisory:
Olaf Kock discovered that HTTPS encryption was insufficiently
enforced for single-sign-on cookies, which could result in
information disclosure.
|
| Alerts: |
|
Comments (none posted)
wireshark: denial of service
| Package(s): | wireshark |
CVE #(s): | CVE-2007-3389
|
| Created: | January 21, 2008 |
Updated: | February 27, 2008 |
| Description: |
From the NVD entry:
Wireshark before 0.99.6 allows remote attackers to cause a denial of service (crash) via a crafted chunked encoding in an HTTP response, possibly related to a zero-length payload. |
| Alerts: |
|
Comments (1 posted)
wireshark: denial of service
| Package(s): | wireshark |
CVE #(s): | CVE-2007-3391
|
| Created: | January 21, 2008 |
Updated: | February 27, 2008 |
| Description: |
From the NVD entry:
Wireshark 0.99.5 allows remote attackers to cause a denial of service (memory consumption) via a malformed DCP ETSI packet that triggers an infinite loop. |
| Alerts: |
|
Comments (1 posted)
xine-lib: buffer overflows
| Package(s): | xine-lib |
CVE #(s): | CVE-2008-0238
|
| Created: | January 23, 2008 |
Updated: | August 7, 2008 |
| Description: |
From the CVE entry: Multiple heap-based buffer overflows in the rmff_dump_cont function in input/libreal/rmff.c in xine-lib 1.1.9 allow remote attackers to execute arbitrary code via the SDP (1) Title, (2) Author, or (3) Copyright attribute, related to the rmff_dump_header function. |
| Alerts: |
|
Comments (none posted)
Xorg: multiple vulnerabilities
Comments (none posted)
Updated vulnerabilities
acroread: multiple vulnerabilities
| Package(s): | acroread |
CVE #(s): | CVE-2006-5857
CVE-2007-0045
CVE-2007-0046
|
| Created: | January 11, 2007 |
Updated: | October 26, 2009 |
| Description: |
Adobes acrobat reader has the following vulnerabilities:
The Adobe Reader Plugin has a cross site scripting vulnerability that
can be triggered by processes malformed URLs. Arbitrary JavaScript can
be served by a malicious web server, leading to a cross-site scripting
attack.
Maliciously crafted PDF files can be used to trigger two vulnerabilities,
if an attacker can trick a user into viewing the files, arbitrary code
can be executed with the user's privileges. |
| Alerts: |
|
Comments (1 posted)
apache2: information disclosure
| Package(s): | apache |
CVE #(s): | CVE-2007-1862
|
| Created: | June 20, 2007 |
Updated: | February 18, 2008 |
| Description: |
From the Mandriva advisory: "The recall_headers function in mod_mem_cache in Apache 2.2.4 does not
properly copy all levels of header data, which can cause Apache to
return HTTP headers containing previously-used data, which could be
used to obtain potentially sensitive information by unauthorized users." |
| Alerts: |
|
Comments (2 posted)
apache: multiple vulnerabilities
| Package(s): | apache |
CVE #(s): | CVE-2007-3304
CVE-2006-5752
|
| Created: | June 27, 2007 |
Updated: | February 18, 2008 |
| Description: |
The Apache HTTP Server did not verify that a process was an Apache child
process before sending it signals. A local attacker who has the ability to
run scripts on the Apache HTTP Server could manipulate the scoreboard and
cause arbitrary processes to be terminated, which could lead to a denial of
service. (CVE-2007-3304)
A flaw was found in the Apache HTTP Server mod_status module. Sites with
the server-status page publicly accessible and ExtendedStatus enabled were
vulnerable to a cross-site scripting attack. On Red Hat Enterprise Linux
the server-status page is not enabled by default and it is best practice to
not make this publicly available. (CVE-2006-5752) |
| Alerts: |
|
Comments (1 posted)
apache: cross-site scripting
| Package(s): | apache |
CVE #(s): | CVE-2006-3918
|
| Created: | August 9, 2006 |
Updated: | April 4, 2008 |
| Description: |
From the Red Hat advisory: "A bug was found in Apache where an invalid Expect header sent to the server
was returned to the user in an unescaped error message. This could
allow an attacker to perform a cross-site scripting attack if a victim was
tricked into connecting to a site and sending a carefully crafted Expect
header." |
| Alerts: |
|
Comments (none posted)
apache: several vulnerabilities
| Package(s): | apache |
CVE #(s): | CVE-2007-5000
CVE-2007-6388
CVE-2008-0005
|
| Created: | January 15, 2008 |
Updated: | July 29, 2008 |
| Description: |
A flaw was found in the mod_imap module. On sites where mod_imap was
enabled and an imagemap file was publicly available, a cross-site scripting
attack was possible. (CVE-2007-5000)
A flaw was found in the mod_status module. On sites where mod_status was
enabled and the status pages were publicly available, a cross-site
scripting attack was possible. (CVE-2007-6388)
A flaw was found in the mod_proxy_ftp module. On sites where mod_proxy_ftp
was enabled and a forward proxy was configured, a cross-site scripting
attack was possible against Web browsers which did not correctly derive the
response character set following the rules in RFC 2616. (CVE-2008-0005) |
| Alerts: |
|
Comments (1 posted)
apache2: denial of service
| Package(s): | apache2 |
CVE #(s): | CVE-2007-1863
|
| Created: | November 19, 2007 |
Updated: | February 18, 2008 |
| Description: |
From the CVE entry:
cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value. |
| Alerts: |
|
Comments (1 posted)
httpd: denial of service, cross-site scripting
| Package(s): | apache httpd |
CVE #(s): | CVE-2007-3847
CVE-2007-4465
|
| Created: | September 25, 2007 |
Updated: | February 15, 2008 |
| Description: |
A flaw was found in the mod_proxy module. On sites where a reverse proxy is
configured, a remote attacker could send a carefully crafted request that
would cause the Apache child process handling that request to crash. On
sites where a forward proxy is configured, an attacker could cause a
similar crash if a user could be persuaded to visit a malicious site using
the proxy. This could lead to a denial of service if using a threaded
Multi-Processing Module. (CVE-2007-3847)
A flaw was found in the mod_autoindex module. On sites where directory
listings are used, and the AddDefaultCharset directive has been removed
from the configuration, a cross-site-scripting attack may be possible
against browsers which do not correctly derive the response character set
following the rules in RFC 2616. (CVE-2007-4465) |
| Alerts: |
|
Comments (none posted)
asterisk: possible SQL injection
| Package(s): | asterisk |
CVE #(s): | CVE-2007-6170
|
| Created: | December 3, 2007 |
Updated: | April 15, 2008 |
| Description: |
Tilghman Lesher discovered that the logging engine of Asterisk, a free
software PBX and telephony toolkit, performs insufficient sanitizing of
call-related data, which may lead to SQL injection. |
| Alerts: |
|
Comments (none posted)
avahi: denial of service
| Package(s): | avahi |
CVE #(s): | CVE-2007-3372
|
| Created: | June 28, 2007 |
Updated: | December 23, 2008 |
| Description: |
Avahi is vulnerable to a local denial of service that can be caused by
making an erroneous call to the assert() function. |
| Alerts: |
|
Comments (none posted)
bind: insecure permissions
| Package(s): | bind |
CVE #(s): | CVE-2007-6283
|
| Created: | December 21, 2007 |
Updated: | July 10, 2008 |
| Description: |
Red Hat Enterprise Linux 5 and Fedora install the Bind /etc/rndc.key file
with world-readable permissions, which allows local users to perform
unauthorized named commands, such as causing a denial of service by
stopping named. |
| Alerts: |
|
Comments (1 posted)
cacti: SQL injection vulnerability
| Package(s): | cacti |
CVE #(s): | CVE-2007-6035
|
| Created: | November 22, 2007 |
Updated: | February 18, 2008 |
| Description: |
Versions of Cacti prior to 0.8.7a have an SQL injection vulnerability.
Remote attackers can execute arbitrary SQL commands via unspecified vectors. |
| Alerts: |
|
Comments (none posted)
cacti: denial of service
| Package(s): | cacti |
CVE #(s): | CVE-2007-3112
CVE-2007-3113
|
| Created: | September 18, 2007 |
Updated: | December 16, 2009 |
| Description: |
A vulnerability in Cacti 0.8.6i and earlier versions allows remote
authenticated users to cause a denial of service (CPU consumption) via
large values of the graph_start, graph_end, graph_height, or graph_width
parameters. |
| Alerts: |
|
Comments (none posted)
cairo: integer overflow
| Package(s): | Cairo |
CVE #(s): | CVE-2007-5503
|
| Created: | November 29, 2007 |
Updated: | April 10, 2008 |
| Description: |
Cairo has an integer overflow vulnerability in the PNG image processing
code. If a user processes a specially crafted PNG image with an
application that is linked against cairo, arbitrary code can be executed
with the user's privileges. |
| Alerts: |
|
Comments (none posted)
clamav: denial of service
| Package(s): | clamav |
CVE #(s): | CVE-2007-3725
|
| Created: | July 24, 2007 |
Updated: | February 27, 2008 |
| Description: |
A NULL pointer dereference has been discovered in the RAR VM of Clam
Antivirus (ClamAV) which allows user-assisted remote attackers to
cause a denial of service via a specially crafted RAR archives. |
| Alerts: |
|
Comments (none posted)
clamav: multiple vulnerabilities
| Package(s): | clamav |
CVE #(s): | CVE-2007-4510
CVE-2007-4560
|
| Created: | September 3, 2007 |
Updated: | February 13, 2008 |
| Description: |
Several remote vulnerabilities have been discovered in the Clam anti-virus
toolkit. The Common Vulnerabilities and Exposures project identifies the
following problems:
CVE-2007-4510:
It was discovered that the RTF and RFC2397 parsers can be tricked
into dereferencing a NULL pointer, resulting in denial of service.
CVE-2007-4560:
It was discovered clamav-milter performs insufficient input
sanitizing, resulting in the execution of arbitrary shell commands.
|
| Alerts: |
|
Comments (none posted)
clamav: mystery vulnerability
| Package(s): | clamav |
CVE #(s): | CVE-2007-6337
|
| Created: | December 31, 2007 |
Updated: | January 22, 2008 |
| Description: |
Clamav contains "an unspecified vulnerability" associated with the bzip2 decompression code. |
| Alerts: |
|
Comments (1 posted)
clamav: integer overflow and off-by-one
| Package(s): | clamav |
CVE #(s): | CVE-2007-6335
CVE-2007-6336
|
| Created: | December 19, 2007 |
Updated: | July 17, 2008 |
| Description: |
ClamAV contains integer overflow and off-by-one errors which could be exploited (via specially-crafted email) to execute arbitrary code. |
| Alerts: |
|
Comments (none posted)
claws-mail: insecure temp file
| Package(s): | claws-mail |
CVE #(s): | CVE-2007-6208
|
| Created: | January 10, 2008 |
Updated: | January 16, 2008 |
| Description: |
Claws Mail creates temp files in an insecure manner.
This can be used by a local attacker to make a symlink
attack, allowing files with the local user's privileges
to be overwritten. |
| Alerts: |
|
Comments (none posted)
cpio: arbitrary code execution
| Package(s): | cpio |
CVE #(s): | CVE-2005-4268
|
| Created: | January 2, 2006 |
Updated: | March 17, 2010 |
| Description: |
Richard Harms discovered that cpio did not sufficiently validate file
properties when creating archives. Files with e. g. a very large size
caused a buffer overflow. By tricking a user or an automatic backup
system into putting a specially crafted file into a cpio archive, a
local attacker could probably exploit this to execute arbitrary code
with the privileges of the target user (which is likely root in an
automatic backup system). |
| Alerts: |
|
Comments (none posted)
vixie-cron: privilege escalation
| Package(s): | cron |
CVE #(s): | CVE-2006-2607
|
| Created: | May 31, 2006 |
Updated: | June 1, 2009 |
| Description: |
The Vixie cron daemon does not check the return code from setuid(); if that call can be made to fail, a local attacker may be able to execute commands as root. |
| Alerts: |
|
Comments (1 posted)
cscope: buffer overflows
| Package(s): | cscope |
CVE #(s): | CVE-2006-4262
|
| Created: | October 2, 2006 |
Updated: | June 16, 2009 |
| Description: |
Will Drewry of the Google Security Team discovered several buffer overflows
in cscope, a source browsing tool, which might lead to the execution of
arbitrary code. |
| Alerts: |
|
Comments (none posted)
cscope: buffer overflows
| Package(s): | cscope |
CVE #(s): | CVE-2004-2541
|
| Created: | May 22, 2006 |
Updated: | June 19, 2009 |
| Description: |
A buffer overflow in Cscope 15.5, and possibly multiple overflows, allows
remote attackers to execute arbitrary code via a C file with a long
#include line that is later browsed by the target. |
| Alerts: |
|
Comments (1 posted)
cups: denial of service
| Package(s): | cups |
CVE #(s): | CVE-2007-0720
|
| Created: | March 26, 2007 |
Updated: | February 7, 2008 |
| Description: |
Previous versions of the cups package could be forced to hang via a client
"partially negotiating" an ssl connection. In this state, cups would not
allow other connections to be made, a denial of service. |
| Alerts: |
|
Comments (none posted)
cups: buffer overflow
| Package(s): | cups |
CVE #(s): | CVE-2007-5848
|
| Created: | January 7, 2008 |
Updated: | February 27, 2008 |
| Description: |
From the CVE entry:
Buffer overflow in CUPS in Apple Mac OS X 10.4.11 allows local admin users to execute arbitrary code via a crafted URI to the CUPS service.
From the rPath advisory:
Previous versions of the cups package contain a buffer-overflow
weakness. It is not believed that this weakness can be exploited
to execute malicious code. |
| Alerts: |
|
Comments (1 posted)
cups: multiple vulnerabilities
Comments (none posted)
debian-goodies: privilege escalation
| Package(s): | debian-goodies |
CVE #(s): | CVE-2007-3912
|
| Created: | October 5, 2007 |
Updated: | March 24, 2008 |
| Description: |
Thomas de Grenier de Latour discovered that the checkrestart program included
in debian-goodies did not correctly handle shell meta-characters. A local
attacker could exploit this to gain the privileges of the user running
checkrestart. |
| Alerts: |
|
Comments (none posted)
Django: denial of service
| Package(s): | Django |
CVE #(s): | CVE-2007-5712
|
| Created: | November 12, 2007 |
Updated: | September 22, 2008 |
| Description: |
From the CVE notice:
The internationalization (i18n) framework in Django 0.91, 0.95, 0.95.1, and 0.96, and as used in other products such as PyLucid, when the USE_I18N option and the i18n component are enabled, allows remote attackers to cause a denial of service (memory consumption) via many HTTP requests with large Accept-Language headers. |
| Alerts: |
|
Comments (none posted)
dovecot: privilege escalation
| Package(s): | dovecot |
CVE #(s): | CVE-2007-4211
|
| Created: | August 15, 2007 |
Updated: | May 21, 2008 |
| Description: |
From the rPath advisory: "Previous versions of the dovecot package are vulnerable to a
minor privilege escalation attack in which an authenticated
user may exploit an ACL plugin weakness to save message flags
without having proper permissions." |
| Alerts: |
|
Comments (none posted)
dovecot: directory traversal
| Package(s): | dovecot |
CVE #(s): | CVE-2007-2231
|
| Created: | May 8, 2007 |
Updated: | May 21, 2008 |
| Description: |
Directory traversal vulnerability in index/mbox/mbox-storage.c in Dovecot
before 1.0.rc29, when using the zlib plugin, allows remote attackers to
read arbitrary gzipped (.gz) mailboxes (mbox files) via a .. (dot dot)
sequence in the mailbox name. |
| Alerts: |
|
Comments (none posted)
dovecot: multiple vulnerabilities
| Package(s): | dovecot |
CVE #(s): | CVE-2007-6598
|
| Created: | January 3, 2008 |
Updated: | October 7, 2008 |
| Description: |
Dovecot has multiple vulnerabilities including an issue involving the
confusion between LDAP-authenticated logins across users with the
same password and a denial of service involving a connecting user. |
| Alerts: |
|
Comments (none posted)
drupal: multiple vulnerabilities
| Package(s): | drupal |
CVE #(s): | |
| Created: | January 14, 2008 |
Updated: | January 16, 2008 |
| Description: |
From the Fedora advisory:
Update to 5.6, security fixes:
DRUPAL-SA-2008-005
DRUPAL-SA-2008-006
DRUPAL-SA-2008-007
see http://drupal.org/security for more information. |
| Alerts: |
|
Comments (none posted)
e2fsprogs: integer overflows
| Package(s): | e2fsprogs |
CVE #(s): | CVE-2007-5497
|
| Created: | December 7, 2007 |
Updated: | February 12, 2008 |
| Description: |
Rafal Wojtczuk of McAfee AVERT Research discovered that e2fsprogs,
ext2 file system utilities and libraries, contained multiple
integer overflows in memory allocations, based on sizes taken directly
from filesystem information. These could result in heap-based
overflows potentially allowing the execution of arbitrary code. |
| Alerts: |
|
Comments (none posted)
eggdrop: stack-based buffer overflow
| Package(s): | eggdrop |
CVE #(s): | CVE-2007-2807
|
| Created: | September 7, 2007 |
Updated: | December 8, 2009 |
| Description: |
A stack-based buffer overflow in mod/server.mod/servrmsg.c in Eggdrop
1.6.18, and possibly earlier, allows user-assisted, malicious remote IRC
servers to execute arbitrary code via a long private message. |
| Alerts: |
|
Comments (none posted)
elinks: code execution
| Package(s): | elinks |
CVE #(s): | CVE-2007-2027
|
| Created: | May 7, 2007 |
Updated: | October 30, 2009 |
| Description: |
Arnaud Giersch discovered that elinks incorrectly attempted to load
gettext catalogs from a relative path. If a user were tricked into
running elinks from a specific directory, a local attacker could execute
code with user privileges. |
| Alerts: |
|
Comments (none posted)
elinks: arbitrary file access
| Package(s): | elinks |
CVE #(s): | CVE-2006-5925
|
| Created: | November 16, 2006 |
Updated: | October 22, 2009 |
| Description: |
The elinks text-mode browser has an arbitrary file access vulnerability
in the Elinks SMB protocol handler. If a user can be tricked into
visiting a specially crafted web page, arbitrary files may be read or
written with the user's permissions. |
| Alerts: |
|
Comments (none posted)
emacs: buffer overflow
| Package(s): | emacs |
CVE #(s): | CVE-2007-6109
|
| Created: | December 10, 2007 |
Updated: | May 6, 2008 |
| Description: |
From the National Vulnerability Database:
Buffer overflow in emacs allows attackers to have an unknown impact, as demonstrated via a vector involving the command line. |
| Alerts: |
|
Comments (none posted)
emacs: command execution via local variables
| Package(s): | emacs |
CVE #(s): | CVE-2007-5795
|
| Created: | November 14, 2007 |
Updated: | February 5, 2008 |
| Description: |
From the original Debian problem report: "In Debian's version of GNU Emacs 22.1+1-2, the `hack-local-variables'
function does not behave correctly when `enable-local-variables' is
set to :safe. The documentation of `enable-local-variables' states
that the value :safe means to set only safe variables, as determined
by `safe-local-variable-p' and `risky-local-variable-p' (and the data
driving them), but Emacs ignores this and instead sets all the local
variables." When this setting (which is not the default) is in effect, opening a hostile file could lead to the execution of arbitrary commands. |
| Alerts: |
|
Comments (1 posted)
evolution: format string error
| Package(s): | evolution |
CVE #(s): | CVE-2007-1002
|
| Created: | March 27, 2007 |
Updated: | February 27, 2008 |
| Description: |
A format string error in the "write_html()" function in calendar/gui/
e-cal-component-memo-preview.c when displaying a memo's categories can
potentially be exploited to execute arbitrary code via a specially crafted
shared memo containing format specifiers. |
| Alerts: |
|
Comments (1 posted)
pop mail man-in-the-middle attacks
| Package(s): | evolution thunderbird mutt fetchmail |
CVE #(s): | CVE-2007-1558
|
| Created: | May 8, 2007 |
Updated: | July 3, 2009 |
| Description: |
The APOP protocol allows remote attackers to guess the first 3 characters
of a password via man-in-the-middle (MITM) attacks that use crafted message
IDs and MD5 collisions. NOTE: this design-level issue potentially affects
all products that use APOP, including (1) Thunderbird, (2) Evolution, (3)
mutt, and (4) fetchmail. |
| Alerts: |
|
Comments (none posted)
exiftags: multiple vulnerabilities
| Package(s): | exiftags |
CVE #(s): | CVE-2007-6354
CVE-2007-6355
CVE-2007-6356
|
| Created: | December 31, 2007 |
Updated: | April 1, 2008 |
| Description: |
From the Gentoo advisory: Meder Kydyraliev (Google Security) discovered that Exif metadata is not
properly sanitized before being processed, resulting in illegal memory
access in the postprop() and other functions (CVE-2007-6354). He also
discovered integer overflow vulnerabilities in the parsetag() and other
functions (CVE-2007-6355) and an infinite recursion in the readifds()
function caused by recursive IFD references (CVE-2007-6356). |
| Alerts: |
|
Comments (none posted)
exiv2: integer overflow
| Package(s): | exiv2 |
CVE #(s): | CVE-2007-6353
|
| Created: | December 21, 2007 |
Updated: | October 15, 2008 |
| Description: |
Integer overflow in exif.cpp in exiv2 library allows context-dependent attackers to execute arbitrary code via a crafted EXIF file that triggers a heap-based buffer overflow. |
| Alerts: |
|
Comments (none posted)
fail2ban: denial of service
| Package(s): | fail2ban |
CVE #(s): | CVE-2007-4321
|
| Created: | January 10, 2008 |
Updated: | January 16, 2008 |
| Description: |
From the Debian alert:
Daniel B. Cid discovered that fail2ban, a tool to block IP addresses
that cause login failures, is too liberal about parsing SSH log files,
allowing an attacker to block any IP address. |
| Alerts: |
|
Comments (none posted)
fetchmail: denial of service
| Package(s): | fetchmail |
CVE #(s): | CVE-2007-4565
|
| Created: | September 5, 2007 |
Updated: | October 30, 2009 |
| Description: |
fetchmail before 6.3.9 allows context-dependent attackers to cause a denial of service (NULL dereference and application crash) by refusing certain warning messages that are sent over SMTP. |
| Alerts: |
|
Comments (none posted)
firebird: buffer overflow
| Package(s): | firebird |
CVE #(s): | CVE-2007-3181
|
| Created: | July 2, 2007 |
Updated: | March 27, 2008 |
| Description: |
The Firebird DBMS has a buffer overflow vulnerability involving
the processing of connect requests with an overly large p_cnct_count
value. Remote attackers can send a specially crafted
request to the server in order to potentially execute arbitrary code with
the permissions of the Firebird user. |
| Alerts: |
|
Comments (none posted)
firefox: multiple vulnerabilities
| Package(s): | firefox |
CVE #(s): | CVE-2007-3844
CVE-2007-3845
|
| Created: | August 1, 2007 |
Updated: | February 20, 2008 |
| Description: |
A flaw was discovered in handling of "about:blank" windows used by
addons. A malicious web site could exploit this to modify the contents,
or steal confidential data (such as passwords), of other web pages.
(CVE-2007-3844)
Jesper Johansson discovered that spaces and double-quotes were
not correctly handled when launching external programs. In rare
configurations, after tricking a user into opening a malicious web page,
an attacker could execute helpers with arbitrary arguments with the
user's privileges. (CVE-2007-3845) |
| Alerts: |
|
Comments (none posted)
firefox: multiple vulnerabilities
| Package(s): | firefox seamonkey |
CVE #(s): | CVE-2007-5947
CVE-2007-5959
CVE-2007-5960
|
| Created: | November 27, 2007 |
Updated: | March 3, 2008 |
| Description: |
A cross-site scripting flaw was found in the way Firefox handled the
jar: URI scheme. It was possible for a malicious website to leverage this
flaw and conduct a cross-site scripting attack against a user running
Firefox. (CVE-2007-5947)
Several flaws were found in the way Firefox processed certain malformed web
content. A webpage containing malicious content could cause Firefox to
crash, or potentially execute arbitrary code as the user running Firefox.
(CVE-2007-5959)
A race condition existed when Firefox set the "window.location" property
for a webpage. This flaw could allow a webpage to set an arbitrary Referer
header, which may lead to a Cross-site Request Forgery (CSRF) attack
against websites that rely only on the Referer header for protection.
(CVE-2007-5960)
|
| Alerts: |
|
Comments (1 posted)
firefox, thunderbird, seamonkey: multiple vulnerabilities
| Package(s): | firefox, thunderbird, seamonkey |
CVE #(s): | CVE-2007-3738
CVE-2007-3656
CVE-2007-3670
CVE-2007-3285
CVE-2007-3737
CVE-2007-3089
CVE-2007-3736
CVE-2007-3734
CVE-2007-3735
|
| Created: | July 18, 2007 |
Updated: | May 12, 2008 |
| Description: |
shutdown and moz_bug_r_a4 reported two separate ways to modify an
XPCNativeWrapper such that subsequent access by the browser would result in
executing user-supplied code. (CVE-2007-3738)
Michal Zalewski reported that it was possible to bypass the same-origin
checks and read from cached (wyciwyg) documents It is possible to access
wyciwyg:// documents without proper same domain policy checks through the
use of HTTP 302 redirects. This enables the attacker to steal sensitive
data displayed on dynamically generated pages; perform cache poisoning; and
execute own code or display own content with URL bar and SSL certificate
data of the attacked page (URL spoofing++). (CVE-2007-3656)
Internet Explorer calls registered URL protocols without escaping quotes
and may be used to pass unexpected and potentially dangerous data to the
application that registers that URL Protocol. (CVE-2007-3670)
Ronald van den Heetkamp reported that a filename URL containing %00
(encoded null) can cause Firefox to interpret the file extension
differently than the underlying Windows operating system potentially
leading to unsafe actions such as running a program. This is only
accessible locally. (CVE-2007-3285)
An attacker can use an element outside of a document to call an event
handler allowing content to run arbitrary code with chrome
privileges. (CVE-2007-3737)
Ronen Zilberman and Michal Zalewski both reported that it was possible to
exploit a timing issue to inject content into about:blank frames in a
page. When opening a window from a script, it is possible to spoof the
content of the newly opened window's frames within a short time frame,
while the window is loading. (CVE-2007-3089)
Mozilla contributor moz_bug_r_a4 demonstrated that the methods
addEventListener and setTimeout could be used to inject script into another
site in violation of the browser's same-origin policy. This could be used
to access or modify private or valuable information from that other
site. (CVE-2007-3736)
As part of the Firefox 2.0.0.5 update releases Mozilla developers fixed
many bugs to improve the stability of the product. Some of these crashes
that showed evidence of memory corruption under certain circumstances and
we presume that with enough effort at least some of these could be
exploited to run arbitrary code. Note: Thunderbird shares the browser
engine with Firefox and could be vulnerable if JavaScript were to be
enabled in mail. This is not the default setting and we strongly discourage
users from running JavaScript in mail. Without further investigation we
cannot rule out the possibility that for some of these an attacker might be
able to prepare memory for exploitation through some means other than
JavaScript, such as large images. (CVE-2007-3734, CVE-2007-3735) |
| Alerts: |
|
Comments (none posted)
flac: arbitrary code execution
| Package(s): | flac |
CVE #(s): | CVE-2007-4619
|
| Created: | October 22, 2007 |
Updated: | January 21, 2008 |
| Description: |
From the Red Hat advisory:
A security flaw was found in the way flac processed audio data. An
attacker could create a carefully crafted FLAC audio file in such a way that
it could cause an application linked with flac libraries to crash or execute
arbitrary code when it was opened. (CVE-2007-4619)
|
| Alerts: |
|
Comments (none posted)
flash-plugin: lots of problems
Comments (3 posted)
freetype: arbitrary code execution
| Package(s): | freetype |
CVE #(s): | CVE-2007-2754
|
| Created: | May 24, 2007 |
Updated: | June 1, 2010 |
| Description: |
The Freetype font rendering library versions 2.3.4 and below
has an integer sign error. Remote attackers may be able to
create a specially crafted TrueType Font file with a negative
n_points value that will cause an integer overflow and heap-based
buffer overflow, allowing the execution of arbitrary code. |
| Alerts: |
|
Comments (none posted)
freetype: integer overflows
| Package(s): | freetype |
CVE #(s): | CVE-2006-0747
CVE-2006-1861
CVE-2006-2493
CVE-2006-2661
CVE-2006-3467
|
| Created: | June 8, 2006 |
Updated: | June 1, 2010 |
| Description: |
The FreeType library has several integer overflow vulnerabilities.
If a user can be tricked into installing a specially
crafted font file, arbitrary code can be executed with the privilege
of the user. |
| Alerts: |
|
Comments (none posted)
gallery2: multiple vulnerabilities
| Package(s): | gallery2 |
CVE #(s): | CVE-2007-6685
CVE-2007-6686
CVE-2007-6687
CVE-2007-6688
CVE-2007-6689
CVE-2007-6690
CVE-2007-6691
CVE-2007-6692
CVE-2007-6693
|
| Created: | December 27, 2007 |
Updated: | February 12, 2008 |
| Description: |
Versions of the Gallery photo management application before 2.2.4
have the following vulnerabilities: (1) an unauthorized album creation and file upload, (2) a local file inclusion vulnerability, (3) several cross site scripting vulnerabilities, (4) a web-accessibility protection problem,
(5) problems with checks for disallowed file
extensions with file uploads, (6) missing permissions checks on GR commands,
(7) several information disclosures, (8) an arbitrary URL redirection
problem and (9) a proxied request weakness. |
| Alerts: |
|
Comments (none posted)
gcc: file overwrite vulnerability
| Package(s): | gcc |
CVE #(s): | CVE-2006-3619
|
| Created: | September 6, 2006 |
Updated: | March 14, 2008 |
| Description: |
The fastjar utility found in the GNU compiler collection does not perform adequate file path checking, allowing the creation or overwriting of files outside of the current directory tree. |
| Alerts: |
|
Comments (none posted)
gd: buffer overflow
| Package(s): | gd |
CVE #(s): | CVE-2007-0455
|
| Created: | February 7, 2007 |
Updated: | November 18, 2009 |
| Description: |
The gd graphics library contains a buffer overflow which could enable a remote attacker to execute arbitrary code. Note that various other packages include code from gd and could also be vulnerable. |
| Alerts: |
|
Comments (2 posted)
gd: multiple vulnerabilities
| Package(s): | gd |
CVE #(s): | CVE-2007-3472
CVE-2007-3473
CVE-2007-3474
CVE-2007-3475
CVE-2007-3476
CVE-2007-3477
CVE-2007-3478
|
| Created: | August 6, 2007 |
Updated: | November 6, 2009 |
| Description: |
Integer overflow in gdImageCreateTrueColor function in the GD Graphics
Library (libgd) before 2.0.35 allows user-assisted remote attackers
to have unspecified remote attack vectors and impact. (CVE-2007-3472)
The gdImageCreateXbm function in the GD Graphics Library (libgd)
before 2.0.35 allows user-assisted remote attackers to cause a denial
of service (crash) via unspecified vectors involving a gdImageCreate
failure. (CVE-2007-3473)
Multiple unspecified vulnerabilities in the GIF reader in the
GD Graphics Library (libgd) before 2.0.35 allow user-assisted
remote attackers to have unspecified attack vectors and
impact. (CVE-2007-3474)
The GD Graphics Library (libgd) before 2.0.35 allows user-assisted
remote attackers to cause a denial of service (crash) via a GIF image
that has no global color map. (CVE-2007-3475)
Array index error in gd_gif_in.c in the GD Graphics Library (libgd)
before 2.0.35 allows user-assisted remote attackers to cause
a denial of service (crash and heap corruption) via large color
index values in crafted image data, which results in a segmentation
fault. (CVE-2007-3476)
The (a) imagearc and (b) imagefilledarc functions in GD Graphics
Library (libgd) before 2.0.35 allows attackers to cause a denial
of service (CPU consumption) via a large (1) start or (2) end angle
degree value. (CVE-2007-3477)
Race condition in gdImageStringFTEx (gdft_draw_bitmap) in gdft.c in the
GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote
attackers to cause a denial of service (crash) via unspecified vectors,
possibly involving truetype font (TTF) support. (CVE-2007-3478) |
| Alerts: |
|
Comments (none posted)
gd: denial of service
| Package(s): | gd |
CVE #(s): | CVE-2007-2756
|
| Created: | June 14, 2007 |
Updated: | February 28, 2008 |
| Description: |
Libgd2 has a denial of service vulnerability involving the incorrect
validation of PNG callback results. If an application that is linked
against libgd2 is used to process a specially-crafted PNG file,
a denial of service involving CPU resource consumption can be
caused. |
| Alerts: |
|
Comments (none posted)
gedit: format string vulnerability
| Package(s): | gedit |
CVE #(s): | CAN-2005-1686
|
| Created: | June 9, 2005 |
Updated: | February 5, 2009 |
| Description: |
A format string vulnerability has been discovered in gedit. Calling
the program with specially crafted file names caused a buffer
overflow, which could be exploited to execute arbitrary code with the
privileges of the gedit user. |
| Alerts: |
|
Comments (1 posted)
gforge: SQL injection
| Package(s): | gforge |
CVE #(s): | CVE-2008-0173
|
| Created: | January 14, 2008 |
Updated: | January 16, 2008 |
| Description: |
From the Debian advisory:
It was discovered that Gforge, a collaborative development tool, did not
properly sanitise some CGI parameters, allowing SQL injection in scripts
related to RSS exports. |
| Alerts: |
|
Comments (none posted)
gftp: buffer overflows
| Package(s): | gftp |
CVE #(s): | CVE-2007-3962
CVE-2007-3961
|
| Created: | November 2, 2007 |
Updated: | January 22, 2008 |
| Description: |
Kalle Olavi Niemitalo discovered two boundary errors in fsplib code
included in gFTP when processing overly long directory or file names. A
remote attacker could trigger these vulnerabilities by enticing a user to
download a file with a specially crafted directory or file name, possibly
resulting in the execution of arbitrary code (CVE-2007-3962) or a Denial of
Service (CVE-2007-3961). |
| Alerts: |
|
Comments (none posted)
gimp: multiple vulnerabilities
| Package(s): | gimp |
CVE #(s): | CVE-2007-2949
|
| Created: | June 28, 2007 |
Updated: | February 27, 2008 |
| Description: |
The gimp image editor has several vulnerabilities, including
a problem where it can open PSD files with excessive dimensions
and a possible stack overflow in the Sunras loader. |
| Alerts: |
|
Comments (none posted)
gnome-screensaver: keyboard lock bypass
| Package(s): | gnome-screensaver |
CVE #(s): | CVE-2007-3920
|
| Created: | October 24, 2007 |
Updated: | October 15, 2009 |
| Description: |
From the Ubuntu advisory:
Jens Askengren discovered that gnome-screensaver became confused when
running under Compiz, and could lose keyboard lock focus. A local
attacker could exploit this to bypass the user's locked screen saver. |
| Alerts: |
|
Comments (none posted)
openssh: inappropriate use of trusted cookies
| Package(s): | gnome-ssh-askpass openssh |
CVE #(s): | CVE-2007-4752
|
| Created: | September 11, 2007 |
Updated: | August 25, 2008 |
| Description: |
OpenSSH in versions prior
4.7 could use a trusted X11 cookie if the creation of an untrusted
cookie failed. |
| Alerts: |
|
Comments (none posted)
grip: buffer overflow
| Package(s): | grip |
CVE #(s): | CAN-2005-0706
|
| Created: | March 10, 2005 |
Updated: | November 19, 2008 |
| Description: |
Grip, a CD ripper, has a buffer overflow vulnerability that can
occur when the CDDB server returns more than 16 matches. |
| Alerts: |
|
Comments (none posted)
gzip: multiple vulnerabilities
| Package(s): | gzip |
CVE #(s): | CVE-2006-4334
CVE-2006-4335
CVE-2006-4336
CVE-2006-4337
CVE-2006-4338
|
| Created: | September 19, 2006 |
Updated: | January 20, 2010 |
| Description: |
Tavis Ormandy of the Google Security Team discovered two denial of service
flaws in the way gzip expanded archive files. If a victim expanded a
specially crafted archive, it could cause the gzip executable to hang or
crash.
Tavis Ormandy of the Google Security Team discovered several code execution
flaws in the way gzip expanded archive files. If a victim expanded a
specially crafted archive, it could cause the gzip executable to crash or
execute arbitrary code. |
| Alerts: |
|
Comments (1 posted)
horde-kronolith: local file inclusion
| Package(s): | horde-kronolith |
CVE #(s): | CVE-2006-6175
|
| Created: | January 17, 2007 |
Updated: | March 7, 2008 |
| Description: |
Kronolith contains a mistake in lib/FBView.php where a raw, unfiltered
string is used instead of a sanitized string to view local files. An
authenticated attacker could craft an HTTP GET request that uses directory
traversal techniques to execute any file on the web server as PHP code,
which could allow information disclosure or arbitrary code execution with
the rights of the user running the PHP application (usually the webserver
user). |
| Alerts: |
|
Comments (none posted)
httpd: cross-site scripting, denial of service
| Package(s): | httpd |
CVE #(s): | CVE-2007-6421
CVE-2007-6422
|
| Created: | January 15, 2008 |
Updated: | April 4, 2008 |
| Description: |
A flaw was found in the mod_proxy_balancer module. On sites where
mod_proxy_balancer was enabled, a cross-site scripting attack against an
authorized user was possible. (CVE-2007-6421)
A flaw was found in the mod_proxy_balancer module. On sites where
mod_proxy_balancer was enabled, an authorized user could send a carefully
crafted request that would cause the Apache child process handling that
request to crash. This could lead to a denial of service if using a
threaded Multi-Processing Module. (CVE-2007-6422) |
| Alerts: |
|
Comments (1 posted)
imagemagick: multiple vulnerabilities
| Package(s): | imagemagick |
CVE #(s): | CVE-2007-4985
CVE-2007-4986
CVE-2007-4987
CVE-2007-4988
|
| Created: | October 4, 2007 |
Updated: | August 11, 2009 |
| Description: |
The ImageMagick image decoders have multiple vulnerabilities.
If a user can be tricked into processing a specially crafted
DCM, DIB, XBM, XCF, or XWD image, arbitrary code may be executed with
the user's privileges. |
| Alerts: |
|
Comments (none posted)
ImageMagick: integer overflows
| Package(s): | imagemagick |
CVE #(s): | CVE-2007-1797
|
| Created: | April 4, 2007 |
Updated: | August 11, 2009 |
| Description: |
Multiple integer overflows in ImageMagick before 6.3.3-5 allow remote
attackers to execute arbitrary code via (1) a crafted DCM image, which
results in a heap-based overflow in the ReadDCMImage function, or (2) the
(a) colors or (b) comments field in a crafted XWD image, which results in a
heap-based overflow in the ReadXWDImage function, different issues than
CVE-2007-1667. |
| Alerts: |
|
Comments (none posted)
jasper: denial of service
| Package(s): | jasper |
CVE #(s): | CVE-2007-2721
|
| Created: | June 1, 2007 |
Updated: | April 19, 2010 |
| Description: |
The jpc_qcx_getcompparms function in jpc/jpc_cs.c could allow remote
user-assisted attackers to cause a denial of service (crash) and possibly
corrupt the heap via malformed image files. |
| Alerts: |
|
Comments (none posted)
java: multiple vulnerabilities
| Package(s): | java |
CVE #(s): | CVE-2006-4339
CVE-2006-4790
CVE-2006-6731
CVE-2006-6736
CVE-2006-6737
CVE-2006-6745
|
| Created: | January 18, 2007 |
Updated: | June 4, 2010 |
| Description: |
java has multiple vulnerabilities, these include:
an RSA exponent padding attack vulnerability, two vulnerabilities
which allow untrusted applets to access data in other applets,
vulnerabilities that involve applets gaining privileges due to
serialization bugs in the JRE and buffer overflows in the java image
handling routines that can give attackers read/write/execute capabilities
for local files. |
| Alerts: |
|
Comments (1 posted)
java-1.5.0-sun: multiple vulnerabilities
| Package(s): | java-1.5.0-sun |
CVE #(s): | CVE-2007-3503
CVE-2007-3655
CVE-2007-3698
CVE-2007-3922
|
| Created: | August 6, 2007 |
Updated: | June 24, 2008 |
| Description: |
The Javadoc tool was able to generate HTML documentation pages that
contained cross-site scripting (XSS) vulnerabilities. A remote attacker
could use this to inject arbitrary web script or HTML. (CVE-2007-3503)
The Java Web Start URL parsing component contained a buffer overflow
vulnerability within the parsing code for JNLP files. A remote attacker
could create a malicious JNLP file that could trigger this flaw and execute
arbitrary code when opened. (CVE-2007-3655)
The JSSE component did not correctly process SSL/TLS handshake requests. A
remote attacker who is able to connect to a JSSE-based service could
trigger this flaw leading to a denial-of-service. (CVE-2007-3698)
A flaw was found in the applet class loader. An untrusted applet could use
this flaw to circumvent network access restrictions, possibly connecting to
services hosted on the machine that executed the applet. (CVE-2007-3922)
|
| Alerts: |
|
Comments (none posted)
java-1.5.0-sun: multiple vulnerabilities
| Package(s): | java-1.5.0-sun |
CVE #(s): | CVE-2007-5232
CVE-2007-5238
CVE-2007-5239
CVE-2007-5240
CVE-2007-5273
CVE-2007-5274
|
| Created: | October 12, 2007 |
Updated: | April 25, 2008 |
| Description: |
Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier,
JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier,
and SDK and JRE 1.3.1_20 and earlier, when applet caching is enabled,
allows remote attackers to violate the security model for an applet's
outbound connections via a DNS rebinding attack. (CVE-2007-5232)
Java Web Start in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0
Update 12 and earlier, and SDK and JRE 1.4.2_15 and earlier does not
properly enforce access restrictions for untrusted applications, which
allows user-assisted remote attackers to obtain sensitive information (the
Java Web Start cache location) via an untrusted application, aka "three
vulnerabilities." (CVE-2007-5238)
Java Web Start in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0
Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE
1.3.1_20 and earlier does not properly enforce access restrictions for
untrusted (1) applications and (2) applets, which allows user-assisted
remote attackers to copy or rename arbitrary files when local users perform
drag-and-drop operations from the untrusted application or applet window
onto certain types of desktop applications. (CVE-2007-5239)
Visual truncation vulnerability in the Java Runtime Environment in Sun JDK
and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK
and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier allows
remote attackers to circumvent display of the untrusted-code warning banner
by creating a window larger than the workstation screen. (CVE-2007-5240)
Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier,
JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier,
and SDK and JRE 1.3.1_20 and earlier, when an HTTP proxy server is used,
allows remote attackers to violate the security model for an applet's
outbound connections via a multi-pin DNS rebinding attack in which the
applet download relies on DNS resolution on the proxy server, but the
applet's socket operations rely on DNS resolution on the local machine, a
different issue than CVE-2007-5274. NOTE: this is similar to
CVE-2007-5232. (CVE-2007-5273)
Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier,
JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier,
and SDK and JRE 1.3.1_20 and earlier, when Firefox or Opera is used, allows
remote attackers to violate the security model for JavaScript outbound
connections via a multi-pin DNS rebinding attack dependent on the
LiveConnect API, in which JavaScript download relies on DNS resolution by
the browser, but JavaScript socket operations rely on separate DNS
resolution by a Java Virtual Machine (JVM), a different issue than
CVE-2007-5273. NOTE: this is similar to CVE-2007-5232. (CVE-2007-5274) |
| Alerts: |
|
Comments (1 posted)
JRockit: multiple vulnerabilities
Comments (none posted)
kdebase: denial of service
| Package(s): | kdebase |
CVE #(s): | CVE-2007-5963
|
| Created: | December 18, 2007 |
Updated: | January 19, 2009 |
| Description: |
The kdebase package is vulnerable to a denial of service in which a local user can render KDM unusable for logins by any user or cause KDM to exceed system resource limits. |
| Alerts: |
|
Comments (none posted)
kdelibs: kate backup file permission leak
| Package(s): | kdelibs kate kwrite |
CVE #(s): | CAN-2005-1920
|
| Created: | July 19, 2005 |
Updated: | September 21, 2010 |
| Description: |
Kate / Kwrite, as shipped with KDE 3.2.x up to including 3.4.0, creates a file backup before saving a modified file. These backup files are created with default permissions, even if the original file had more strict permissions set. See this advisory for more information. |
| Alerts: |
|
Comments (1 posted)
kernel: out-of-bounds access
| Package(s): | kernel |
CVE #(s): | CVE-2007-4573
|
| Created: | September 25, 2007 |
Updated: | December 6, 2010 |
| Description: |
The IA32 system call emulation functionality in Linux kernel 2.4.x and
2.6.x before 2.6.22.7, when running on the x86_64 architecture, does not
zero extend the eax register after the 32bit entry path to ptrace is used,
which might allow local users to gain privileges by triggering an
out-of-bounds access to the system call table using the %RAX register. |
| Alerts: |
|
Comments (none posted)
kernel: ALSA returns incorrect write size
| Package(s): | kernel |
CVE #(s): | CVE-2007-4571
|
| Created: | September 28, 2007 |
Updated: | June 20, 2008 |
| Description: |
The snd_mem_proc_read function in sound/core/memalloc.c in the Advanced
Linux Sound Architecture (ALSA) in the Linux kernel before 2.6.22.8 does
not return the correct write size, which allows local users to obtain
sensitive information (kernel memory contents) via a small count argument,
as demonstrated by multiple reads of /proc/driver/snd-page-alloc. |
| Alerts: |
|
Comments (none posted)
kernel: denial of service
| Package(s): | kernel |
CVE #(s): | CVE-2006-4535
CVE-2006-4538
|
| Created: | September 18, 2006 |
Updated: | January 5, 2009 |
| Description: |
Sridhar Samudrala discovered a local denial of service vulnerability
in the handling of SCTP sockets. By opening such a socket with a
special SO_LINGER value, a local attacker could exploit this to crash
the kernel. (CVE-2006-4535)
Kirill Korotaev discovered that the ELF loader on the ia64 and sparc
platforms did not sufficiently verify the memory layout. By attempting
to execute a specially crafted executable, a local user could exploit
this to crash the kernel. (CVE-2006-4538) |
| Alerts: |
|
Comments (none posted)
kernel: denial of service
| Package(s): | kernel |
CVE #(s): | CVE-2007-1861
CVE-2007-2242
|
| Created: | May 1, 2007 |
Updated: | February 8, 2008 |
| Description: |
The netlink protocol has an infinite recursion bug that allows users to
cause a kernel crash. Also the IPv6 protocol allows remote attackers to
cause a denial of service via crafted IPv6 type 0 route headers
(IPV6_RTHDR_TYPE_0) that create network amplification between two routers. |
| Alerts: |
|
Comments (none posted)
kernel: remote denial of service
| Package(s): | kernel |
CVE #(s): | CVE-2006-6058
CVE-2007-4997
|
| Created: | November 9, 2007 |
Updated: | June 13, 2008 |
| Description: |
The Minix filesystem code in Linux kernel 2.6.x up to 2.6.18, and possibly
other versions, allows local users to cause a denial of service (hang) via
a malformed minix file stream that triggers an infinite loop in the
minix_bmap function. NOTE: this issue might be due to an integer overflow
or signedness error.
Integer underflow in the ieee80211_rx function in
net/ieee80211/ieee80211_rx.c in the Linux kernel 2.6.x before 2.6.23 allows
remote attackers to cause a denial of service (crash) via a crafted SKB
length value in a runt IEEE 802.11 frame when the IEEE80211_STYPE_QOS_DATA
flag is set, aka an "off-by-two error." |
| Alerts: |
|
Comments (1 posted)
kernel: several vulnerabilities
| Package(s): | kernel |
CVE #(s): | CVE-2007-1353
CVE-2007-2451
CVE-2007-2453
|
| Created: | June 11, 2007 |
Updated: | March 6, 2008 |
| Description: |
Ilja van Sprundel discovered that Bluetooth setsockopt calls could leak
kernel memory contents via an uninitialized stack buffer. A local attacker
could exploit this flaw to view sensitive kernel information.
(CVE-2007-1353)
The GEODE-AES driver did not correctly initialize its encryption key.
Any data encrypted using this type of device would be easily compromised.
(CVE-2007-2451)
The random number generator was hashing a subset of the available
entropy, leading to slightly less random numbers. Additionally, systems
without an entropy source would be seeded with the same inputs at boot
time, leading to a repeatable series of random numbers. (CVE-2007-2453) |
| Alerts: |
|
Comments (none posted)
kernel: signal handling flaw on PPC
| Package(s): | kernel |
CVE #(s): | CVE-2007-3107
|
| Created: | July 10, 2007 |
Updated: | February 4, 2008 |
| Description: |
A flaw in the signal handling on PowerPC-based systems that allowed a
local user to cause a denial of service (floating point corruption). |
| Alerts: |
|
Comments (none posted)
kernel: several vulnerabilities
| Package(s): | kernel |
CVE #(s): | CVE-2006-5823
CVE-2006-6054
CVE-2007-1592
|
| Created: | June 12, 2007 |
Updated: | March 21, 2011 |
| Description: |
A flaw in the cramfs file system allows invalid compressed data to cause
memory corruption (CVE-2006-5823)
A flaw in the ext2 file system allows an invalid inode size to cause a
denial of service (system hang) (CVE-2006-6054)
A flaw in IPV6 flow label handling allows a local user to cause a denial of
service (crash) (CVE-2007-1592) |
| Alerts: |
|
Comments (none posted)
kernel: denial of service
| Package(s): | kernel |
CVE #(s): | CVE-2007-5500
|
| Created: | November 28, 2007 |
Updated: | July 8, 2008 |
| Description: |
The wait_task_stopped function in the Linux kernel before 2.6.23.8 checks a TASK_TRACED bit instead of an exit_state value, which allows local users to cause a denial of service (machine crash) via unspecified vectors. |
| Alerts: |
|
Comments (none posted)
kernel: denial of service
| Package(s): | kernel |
CVE #(s): | CVE-2007-5501
|
| Created: | November 28, 2007 |
Updated: | March 7, 2008 |
| Description: |
The tcp_sacktag_write_queue function in net/ipv4/tcp_input.c in Linux kernel 2.6.21 through 2.6.23.7, and 2.6.24-rc through 2.6.24-rc2, allows remote attackers to cause a denial of service (crash) via crafted ACK responses that trigger a NULL pointer dereference. |
| Alerts: |
|
Comments (none posted)
kernel: denial of service
| Package(s): | kernel |
CVE #(s): | CVE-2006-2935
CVE-2006-4145
CVE-2006-3745
|
| Created: | September 1, 2006 |
Updated: | July 30, 2008 |
| Description: |
Previous versions of the kernel package are subject to several
vulnerabilities. Certain malformed UDF filesystems can cause the system to
crash (denial of service). Malformed CDROM firmware or USB storage devices
(such as USB keys) could cause system crash (denial of service), and if
they were intentionally malformed, can cause arbitrary code to run with
elevated privileges. In addition, the SCTP protocol is subject to a remote
system crash (denial of service) attack. |
| Alerts: |
|
Comments (none posted)
kernel: several vulnerabilities
| Package(s): | kernel |
CVE #(s): | CVE-2007-2172
CVE-2007-3739
CVE-2007-4308
|
| Created: | December 3, 2007 |
Updated: | January 8, 2009 |
| Description: |
A typo in Linux kernel 2.6 before 2.6.21-rc6 and 2.4 before 2.4.35 causes
RTA_MAX to be used as an array size instead of RTN_MAX, which leads to an
"out of bound access" by the (1) dn_fib_props (dn_fib.c, DECNet) and (2)
fib_props (fib_semantics.c, IPv4) functions. (CVE-2007-2172)
mm/mmap.c in the hugetlb kernel, when run on PowerPC systems, does not
prevent stack expansion from entering into reserved kernel page memory,
which allows local users to cause a denial of service (OOPS) via
unspecified vectors. (CVE-2007-3739)
The (1) aac_cfg_open and (2) aac_compat_ioctl functions in the SCSI layer
ioctl path in aacraid in the Linux kernel before 2.6.23-rc2 do not check
permissions for ioctls, which might allow local users to cause a denial of
service or gain privileges. (CVE-2007-4308) |
| Alerts: |
|
Comments (none posted)
kernel: buffer overflows
| Package(s): | kernel |
CVE #(s): | CVE-2007-5904
|
| Created: | December 3, 2007 |
Updated: | June 20, 2008 |
| Description: |
Multiple buffer overflows in CIFS VFS in Linux kernel 2.6.23 and earlier
allows remote attackers to cause a denial of service (crash) and possibly
execute arbitrary code via long SMB responses that trigger the overflows in
the SendReceive function. |
| Alerts: |
|
Comments (none posted)
kernel: multiple vulnerabilities
| Package(s): | kernel |
CVE #(s): | CVE-2006-5749
CVE-2006-4814
CVE-2006-6106
|
| Created: | January 5, 2007 |
Updated: | January 8, 2009 |
| Description: |
A security issue has been reported in Linux kernel due to an error in
drivers/isdn/i4l/isdn_ppp.c as the "isdn_ppp_ccp_reset_alloc_state()"
function never initializes an event timer before scheduling it with the
"add_timer()" function.
The mincore function in the kernel does not properly lock access to user
space, which has unspecified impact and attack vectors, possibly related to
a deadlock.
Another vulnerability has been reported in Linux kernel caused by a
boundary error within the handling of incoming CAPI messages in
net/bluetooth/cmtp/capi.c. This can be exploited to overwrite certain
Kernel data structures. |
| Alerts: |
|
Comments (none posted)
kernel: several vulnerabilities
| Package(s): | kernel |
CVE #(s): | CVE-2007-3851
CVE-2007-3848
CVE-2007-3105
|
| Created: | August 17, 2007 |
Updated: | January 8, 2009 |
| Description: |
The drm/i915 component in the Linux kernel before 2.6.22.2, when used with
i965G and later chipsets, allows local users with access to an X11 session
and Direct Rendering Manager (DRM) to write to arbitrary memory locations
and gain privileges via a crafted batchbuffer. (CVE-2007-3851)
Linux kernel 2.4.35 and other versions allows local users to send arbitrary
signals to a child process that is running at higher privileges by causing
a setuid-root parent process to die, which delivers an attacker-controlled
parent process death signal (PR_SET_PDEATHSIG). (CVE-2007-3848)
Stack-based buffer overflow in the random number generator (RNG)
implementation in the Linux kernel before 2.6.22 might allow local root
users to cause a denial of service or gain privileges by setting the
default wakeup threshold to a value greater than the output pool size,
which triggers writing random numbers to the stack by the pool transfer
function involving "bound check ordering". NOTE: this issue might only
cross privilege boundaries in environments that have granular assignment of
privileges for root. (CVE-2007-3105) |
| Alerts: |
|
Comments (1 posted)
kernel: denial of service vulnerabilities
| Package(s): | kernel |
CVE #(s): | CVE-2007-4133
CVE-2007-5093
|
| Created: | January 12, 2008 |
Updated: | November 20, 2008 |
| Description: |
The (1) hugetlb_vmtruncate_list and (2) hugetlb_vmtruncate functions
in fs/hugetlbfs/inode.c in the Linux kernel before 2.6.19-rc4 perform
certain prio_tree calculations using HPAGE_SIZE instead of PAGE_SIZE
units, which allows local users to cause a denial of service (panic)
via unspecified vectors.
The disconnect method in the Philips USB Webcam (pwc) driver in Linux
kernel 2.6.x before 2.6.22.6 relies on user space to close the device,
which allows user-assisted local attackers to cause a denial of service
(USB subsystem hang and CPU consumption in khubd) by not closing the
device after the disconnect is invoked. NOTE: this rarely crosses
privilege boundaries, unless the attacker can convince the victim to
unplug the affected device. |
| Alerts: |
|
Comments (none posted)
kernel: multiple vulnerabilities
| Package(s): | kernel |
CVE #(s): | CVE-2007-3104
CVE-2007-3740
CVE-2007-3843
CVE-2007-6063
|
| Created: | December 4, 2007 |
Updated: | January 8, 2009 |
| Description: |
The sysfs_readdir function in the Linux kernel 2.6 allows local users to
cause a denial of service (kernel OOPS) by dereferencing a null pointer to
an inode in a dentry. (CVE-2007-3104)
The CIFS filesystem, when Unix extension support is enabled, did not honor
the umask of a process, which allowed local users to gain
privileges.(CVE-2007-3740)
The Linux kernel checked the wrong global variable for the CIFS sec mount
option, which might allow remote attackers to spoof CIFS network traffic
that the client configured for security signatures, as demonstrated by lack
of signing despite sec=ntlmv2i in a SetupAndX request. (CVE-2007-3843)
Buffer overflow in the isdn_net_setcfg function in isdn_net.c in the Linux
kernel allowed local users to have an unknown impact via a crafted argument
to the isdn_ioctl function. (CVE-2007-6063) |
| Alerts: |
|
Comments (none posted)
kernel: denial of service
| Package(s): | kernel |
CVE #(s): | CVE-2007-5966
|
| Created: | December 19, 2007 |
Updated: | February 3, 2010 |
| Description: |
A bug in high-resolution timers (prior to kernel 2.6.22.15) can cause very long sleeps when large timeout values are used. |
| Alerts: |
|
Comments (none posted)
krb5: multiple vulnerabilities
| Package(s): | krb5 |
CVE #(s): | CVE-2007-2442
CVE-2007-2443
CVE-2007-2798
|
| Created: | June 27, 2007 |
Updated: | March 24, 2008 |
| Description: |
David Coffey discovered an uninitialized pointer free flaw in the
RPC library used by kadmind. A remote unauthenticated attacker who
could access kadmind could trigger the flaw causing kadmind to crash
or possibly execute arbitrary code (CVE-2007-2442).
David Coffey also discovered an overflow flaw in the same RPC library.
A remote unauthenticated attacker who could access kadmind could
trigger the flaw causing kadmind to crash or possibly execute arbitrary
code (CVE-2007-2443).
Finally, a stack buffer overflow vulnerability was found in kadmind
that allowed an unauthenticated user able to access kadmind the
ability to trigger the vulnerability and possibly execute arbitrary
code (CVE-2007-2798). |
| Alerts: |
|
Comments (none posted)
krb5: uninitialized pointers
| Package(s): | krb5 |
CVE #(s): | CVE-2006-6143
CVE-2006-3084
|
| Created: | January 10, 2007 |
Updated: | July 7, 2010 |
| Description: |
The kdamind daemon can, in some situations, perform operations on uninitialized pointers. This bug could conceivably open up the system to a code execution attack by an unauthenticated remote attacker, but it appears to be difficult to exploit. See this advisory for details. |
| Alerts: |
|
Comments (1 posted)
krb5: local privilege escalation
| Package(s): | krb5 |
CVE #(s): | CVE-2006-3083
|
| Created: | August 9, 2006 |
Updated: | July 7, 2010 |
| Description: |
Some kerberos applications fail to check the results of setuid() calls, with the result that, if that call fails, they could continue to execute as root after thinking they had switched to a nonprivileged user. A local attacker who can cause these calls to fail (through resource exhaustion, presumably) could exploit this bug to gain root privileges. |
| Alerts: |
|
Comments (none posted)
krb5: buffer overflow, uninitialized pointer
| Package(s): | krb5 |
CVE #(s): | CVE-2007-3999
CVE-2007-4000
|
| Created: | September 4, 2007 |
Updated: | March 24, 2008 |
| Description: |
Tenable Network Security discovered a stack buffer overflow flaw in the RPC
library used by kadmind. A remote unauthenticated attacker who can access
kadmind could trigger this flaw and cause kadmind to crash.
Garrett Wollman discovered an uninitialized pointer flaw in kadmind. A
remote unauthenticated attacker who can access kadmind could trigger this
flaw and cause kadmind to crash. |
| Alerts: |
|
Comments (none posted)
krb5: multiple vulnerabilities
| Package(s): | krb5 |
CVE #(s): | CVE-2007-0956
CVE-2007-0957
CVE-2007-1216
|
| Created: | April 3, 2007 |
Updated: | March 24, 2008 |
| Description: |
A flaw was found in the username handling of the MIT krb5 telnet daemon
(telnetd). A remote attacker who can access the telnet port of a target
machine could log in as root without requiring a password. MIT krb5 Security Advisory 2007-001
Buffer overflows were found which affect the Kerberos KDC and the kadmin
server daemon. A remote attacker who can access the KDC could exploit this
bug to run arbitrary code with the privileges of the KDC or kadmin server
processes. MIT krb5 Security Advisory
2007-002
A double-free flaw was found in the GSSAPI library used by the kadmin
server daemon. MIT krb5 Security Advisory
2007-003 |
| Alerts: |
|
Comments (none posted)
kvirc: remote arbitrary code execution
| Package(s): | kvirc |
CVE #(s): | CVE-2007-2951
|
| Created: | September 14, 2007 |
Updated: | February 27, 2008 |
| Description: |
Stefan Cornelius from Secunia Research discovered that the
"parseIrcUrl()" function in file src/kvirc/kernel/kvi_ircurl.cpp does
not properly sanitize parts of the URI when building the command for
KVIrc's internal script system. |
| Alerts: |
|
Comments (none posted)
lcms: stack-based buffer overflow
| Package(s): | lcms |
CVE #(s): | CVE-2007-2741
|
| Created: | November 23, 2007 |
Updated: | October 14, 2008 |
| Description: |
Stack-based buffer overflow in Little CMS (lmcs) before 1.15 allows remote
attackers to execute arbitrary code or cause a denial of service
(application crash) via a crafted ICC profile in a JPG file. |
| Alerts: |
|
Comments (none posted)
lftp: shell command execution
| Package(s): | lftp |
CVE #(s): | CVE-2007-2348
|
| Created: | May 4, 2007 |
Updated: | September 16, 2009 |
| Description: |
mirror --script in lftp before 3.5.9 does not properly quote shell
metacharacters, which might allow remote user-assisted attackers to execute
shell commands via a malicious script. NOTE: it is not clear whether this
issue crosses security boundaries, since the script already supports
commands such as "get" which could overwrite executable files. |
| Alerts: |
|
Comments (none posted)
libarchive: pax extension header vulnerabilities
| Package(s): | libarchive |
CVE #(s): | CVE-2007-3641
CVE-2007-3644
CVE-2007-3645
|
| Created: | August 9, 2007 |
Updated: | February 27, 2008 |
| Description: |
libarchive, a library for manipulating different streaming archive
formats, has a number of pax extension header vulnerabilities.
These may be used to cause a denial of service or for the execution
of arbitrary code. |
| Alerts: |
|
Comments (none posted)
libexif: integer overflow
| Package(s): | libexif |
CVE #(s): | CVE-2007-2645
|
| Created: | June 1, 2007 |
Updated: | February 11, 2008 |
| Description: |
Integer overflow in the exif_data_load_data_entry function in exif-data.c
in libexif before 0.6.14 allows user-assisted remote attackers to cause a
denial of service (crash) or possibly execute arbitrary code via crafted
EXIF data, involving the (1) doff or (2) s variable. |
| Alerts: |
|
Comments (none posted)
libexif: integer overflow
| Package(s): | libexif |
CVE #(s): | CVE-2007-6352
|
| Created: | December 19, 2007 |
Updated: | October 15, 2008 |
| Description: |
From the Red Hat advisory: An integer overflow flaw was found in the way libexif parses Exif image
tags. If a victim opens a carefully crafted Exif image file, it could cause
the application linked against libexif to execute arbitrary code, or crash. |
| Alerts: |
|
Comments (none posted)
libexif: denial of service
| Package(s): | libexif |
CVE #(s): | CVE-2007-6351
|
| Created: | December 19, 2007 |
Updated: | October 15, 2008 |
| Description: |
From the Red Hat advisory: An infinite recursion flaw was found in the way libexif parses Exif image
tags. If a victim opens a carefully crafted Exif image file, it could cause
the application linked against libexif to crash. |
| Alerts: |
|
Comments (none posted)
libgd2: buffer overflow
| Package(s): | libgd2 |
CVE #(s): | CVE-2007-3996
|
| Created: | December 19, 2007 |
Updated: | October 13, 2009 |
| Description: |
The GD library does not perform proper bounds checking when creating images; as a result, an attacker could, via crafted input, potentially execute arbitrary code. |
| Alerts: |
|
Comments (none posted)
libmodplug: boundary errors
| Package(s): | libmodplug |
CVE #(s): | CVE-2006-4192
|
| Created: | December 11, 2006 |
Updated: | May 4, 2011 |
| Description: |
Luigi Auriemma has reported various boundary errors in load_it.cpp and
a boundary error in the "CSoundFile::ReadSample()" function in
sndfile.cpp. A remote attacker can entice a user to read crafted modules
or ITP files, which may trigger a buffer overflow resulting in the
execution of arbitrary code with the privileges of the user running the
application. |
| Alerts: |
|
Comments (none posted)
libphp-phpmailer: command execution
| Package(s): | libphp-phpmailer |
CVE #(s): | CVE-2007-3215
|
| Created: | June 20, 2007 |
Updated: | June 25, 2009 |
| Description: |
libphp-phpmailer does not do sufficient input validation, enabling shell command injection attacks. |
| Alerts: |
|
Comments (none posted)
libpng: several vulnerabilities
| Package(s): | libpng |
CVE #(s): | CVE-2007-5266
CVE-2007-5267
CVE-2007-5268
CVE-2007-5269
|
| Created: | October 19, 2007 |
Updated: | March 23, 2009 |
| Description: |
Certain chunk handlers in libpng before 1.0.29 and 1.2.x before 1.2.21
allow remote attackers to cause a denial of service (crash) via crafted (1)
pCAL (png_handle_pCAL), (2) sCAL (png_handle_sCAL), (3) tEXt
(png_push_read_tEXt), (4) iTXt (png_handle_iTXt), and (5) ztXT
(png_handle_ztXt) chunking in PNG images, which trigger out-of-bounds read
operations. (CVE-2007-5269)
pngrtran.c in libpng before 1.0.29 and 1.2.x before 1.2.21 use (1) logical
instead of bitwise operations and (2) incorrect comparisons, which might
allow remote attackers to cause a denial of service (crash) via a crafted
PNG image. (CVE-2007-5268)
Off-by-one error in ICC profile chunk handling in the png_set_iCCP function
in pngset.c in libpng before 1.2.22 beta1 allows remote attackers to cause
a denial of service (crash) via a crafted PNG image, due to an incorrect
fix for CVE-2007-5266. (CVE-2007-5267)
Off-by-one error in ICC profile chunk handling in the png_set_iCCP function
in pngset.c in libpng before 1.0.29 beta1 and 1.2.x before 1.2.21 beta1
allows remote attackers to cause a denial of service (crash) via a crafted
PNG image that prevents a name field from being NULL terminated.
(CVE-2007-5266) |
| Alerts: |
|
Comments (none posted)
libpng: denial of service
| Package(s): | libpng |
CVE #(s): | CVE-2007-2445
|
| Created: | May 17, 2007 |
Updated: | March 23, 2009 |
| Description: |
Libpng can be crashed when processing malformed PNG files.
It may also be possible to exploit this vulnerability to execute arbitrary
code. |
| Alerts: |
|
Comments (none posted)
libpng: buffer overflow
| Package(s): | libpng |
CVE #(s): | CVE-2006-3334
|
| Created: | July 19, 2006 |
Updated: | December 15, 2008 |
| Description: |
In pngrutil.c, the function png_decompress_chunk() allocates
insufficient space for an error message, potentially overwriting stack
data, leading to a buffer overflow. |
| Alerts: |
|
Comments (none posted)
libpng: heap based buffer overflow
| Package(s): | libpng |
CVE #(s): | CVE-2006-0481
|
| Created: | February 13, 2006 |
Updated: | December 15, 2008 |
| Description: |
A heap based buffer overflow bug was found in the way libpng strips alpha
channels from a PNG image. An attacker could create a carefully crafted PNG
image file in such a way that it could cause an application linked with
libpng to crash or execute arbitrary code when the file is opened by a
victim. |
| Alerts: |
|
Comments (1 posted)
libtiff: buffer overflow
| Package(s): | libtiff |
CVE #(s): | CVE-2006-2193
|
| Created: | June 15, 2006 |
Updated: | September 1, 2008 |
| Description: |
The t2p_write_pdf_string function in libtiff 3.8.2 and earlier is vulnerable
to a buffer overflow. Attackers can use a TIFF file with UTF-8 characters
in the DocumentName tag to overflow a buffer, causing a denial of service,
and possibly the execution of arbitrary code. |
| Alerts: |
|
Comments (none posted)
libvorbis: multiple memory corruption flaws
| Package(s): | libvorbis |
CVE #(s): | CVE-2007-3106
CVE-2007-4029
|
| Created: | July 27, 2007 |
Updated: | January 22, 2008 |
| Description: |
This iSEC Partners security advisory has
details on multiple memory corruption flaws in libvorbis. |
| Alerts: |
|
Comments (none posted)
libvorbis: multiple vulnerabilities
| Package(s): | libvorbis |
CVE #(s): | CVE-2007-4065
CVE-2007-4066
|
| Created: | October 11, 2007 |
Updated: | January 22, 2008 |
| Description: |
libvorbis has a number of vulnerabilities that can be triggered by
opening a specially crafted Ogg file. Vulnerabilities include
crashing and the execution of arbitrary code. |
| Alerts: |
|
Comments (1 posted)
libxml2: denial of service
| Package(s): | libxml2 |
CVE #(s): | CVE-2007-6284
|
| Created: | January 11, 2008 |
Updated: | January 31, 2008 |
| Description: |
A denial of service flaw was found in the way libxml2 processes certain
content. If an application linked against libxml2 processes malformed XML
content, it could cause the application to stop responding. |
| Alerts: |
|
Comments (none posted)
libxml2 - arbitrary code execution
| Package(s): | libxml2 |
CVE #(s): | CAN-2004-0110
|
| Created: | February 26, 2004 |
Updated: | August 19, 2009 |
| Description: |
Yuuichi Teranishi discovered a flaw in libxml2 versions prior to 2.6.6.
When fetching a remote resource via FTP or HTTP, libxml2 uses special
parsing routines. These routines can overflow a buffer if passed a very
long URL. If an attacker is able to find an application using libxml2 that
parses remote resources and allows them to influence the URL, then this
flaw could be used to execute arbitrary code. |
| Alerts: |
|
Comments (none posted)
libxml2: multiple buffer overflows
| Package(s): | libxml2 |
CVE #(s): | CAN-2004-0989
|
| Created: | October 28, 2004 |
Updated: | August 19, 2009 |
| Description: |
libxml2 prior to version 2.6.14 has multiple buffer overflow
vulnerabilities, if a local user passes a specially crafted
FTP URL, arbitrary code may be executed. |
| Alerts: |
|
Comments (none posted)
liferea: weak permissions
| Package(s): | liferea |
CVE #(s): | CVE-2007-5751
|
| Created: | November 2, 2007 |
Updated: | December 22, 2008 |
| Description: |
Liferea before 1.4.6 uses weak permissions (0644) for the feedlist.opml backup file, which allows local users to obtain credentials. |
| Alerts: |
|
Comments (1 posted)
lighttpd: denial of service
| Package(s): | lighttpd |
CVE #(s): | CVE-2007-3946
CVE-2007-3947
CVE-2007-3948
CVE-2007-3949
CVE-2007-3950
|
| Created: | July 19, 2007 |
Updated: | July 15, 2008 |
| Description: |
The lighttpd web server has multiple vulnerabilities involving
a remote access-control setting circumvention that is performed
by the sending of malformed requests. This can be used to crash
the server and cause a denial of service. |
| Alerts: |
|
Comments (none posted)
kernel: information leak, denial of service
| Package(s): | linux-2.6 |
CVE #(s): | CVE-2007-6206
CVE-2007-6417
|
| Created: | December 21, 2007 |
Updated: | September 1, 2010 |
| Description: |
Blake Frantz discovered that when a core file owned by a non-root user exists, and a root-owned process dumps core over it, the core file retains its original ownership. This could be used by a local user to gain access to sensitive information. (CVE-2007-6206)
Hugh Dickins discovered an issue in the tmpfs filesystem where, under a rare circumstance, a kernel page maybe improperly cleared, leaking sensitive kernel memory to userspace or resulting in a DoS (crash). (CVE-2007-6417) |
| Alerts: |
|
Comments (none posted)
vmware-player-kernel: several vulnerabilities
| Package(s): | linux-restricted-modules-2.6.17/20, vmware-player-kernel-2.6.15 |
CVE #(s): | CVE-2007-0061
CVE-2007-0062
CVE-2007-0063
CVE-2007-4496
CVE-2007-4497
|
| Created: | November 16, 2007 |
Updated: | March 13, 2009 |
| Description: |
Neel Mehta and Ryan Smith discovered that the VMWare Player DHCP server
did not correctly handle certain packet structures. Remote attackers
could send specially crafted packets and gain root privileges.
(CVE-2007-0061, CVE-2007-0062, CVE-2007-0063)
Rafal Wojtczvk discovered multiple memory corruption issues in VMWare
Player. Attackers with administrative privileges in a guest operating
system could cause a denial of service or possibly execute arbitrary
code on the host operating system. (CVE-2007-4496, CVE-2007-4497)
|
| Alerts: |
|
Comments (none posted)
lynx: arbitrary command execution
| Package(s): | lynx |
CVE #(s): | CVE-2005-2929
|
| Created: | November 14, 2005 |
Updated: | September 14, 2009 |
| Description: |
An arbitrary command execute bug was found in the lynx "lynxcgi:" URI
handler. An attacker could create a web page redirecting to a malicious URL
which could execute arbitrary code as the user running lynx. |
| Alerts: |
|
Comments (none posted)
mantis: cross-site scripting
| Package(s): | mantis |
CVE #(s): | CVE-2007-6611
|
| Created: | January 7, 2008 |
Updated: | March 4, 2008 |
| Description: |
From the CVE entry:
Cross-site scripting (XSS) vulnerability in view.php in Mantis before 1.1.0 allows remote attackers to inject arbitrary web script or HTML via a filename. |
| Alerts: |
|
Comments (none posted)
mapserver: multiple cross-site scripting vulnerabilities
| Package(s): | mapserver |
CVE #(s): | CVE-2007-4542
CVE-2007-4629
|
| Created: | September 5, 2007 |
Updated: | April 7, 2008 |
| Description: |
CVE-2007-4542: Multiple cross-site scripting (XSS) vulnerabilities in MapServer before 4.10.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving the (1) processLine function in maptemplate.c and the (2) writeError function in mapserv.c in the mapserv CGI program.
CVE-2007-4629: Buffer overflow in the processLine function in maptemplate.c in MapServer before 4.10.3 allows attackers to cause a denial of service and possibly execute arbitrary code via a mapfile with a long layer name, group name, or metadata entry name. |
| Alerts: |
|
Comments (none posted)
maradns: denial of service
| Package(s): | maradns |
CVE #(s): | CVE-2008-0061
|
| Created: | January 4, 2008 |
Updated: | January 30, 2008 |
| Description: |
MaraDNS 1.0 before 1.0.41, 1.2 before 1.2.12.08, and 1.3 before 1.3.07.04
allows remote attackers to cause a denial of service via a crafted DNS
packet that prevents an authoritative name (CNAME) record from resolving,
aka "improper rotation of resource records." |
| Alerts: |
|
Comments (none posted)
mod_jk: proxy bypass
| Package(s): | mod_jk |
CVE #(s): | CVE-2007-1860
|
| Created: | May 30, 2007 |
Updated: | March 7, 2008 |
| Description: |
From the Red Hat advisory: "Versions of mod_jk before 1.2.23 decoded request URLs by default inside
Apache httpd and forwarded the encoded URL to Tomcat, which itself did a
second decoding. If Tomcat was used behind mod_jk and configured to only
proxy some contexts, an attacker could construct a carefully crafted HTTP
request to work around the context restriction and potentially access
non-proxied content." |
| Alerts: |
|
Comments (none posted)
moin: arbitrary JavaScript execution
| Package(s): | moin |
CVE #(s): | CVE-2007-2423
|
| Created: | May 8, 2007 |
Updated: | March 10, 2008 |
| Description: |
A flaw was discovered in MoinMoin's error reporting when using the
AttachFile action. By tricking a user into viewing a crafted MoinMoin
URL, an attacker could execute arbitrary JavaScript as the current
MoinMoin user, possibly exposing the user's authentication information
for the domain where MoinMoin was hosted. |
| Alerts: |
|
Comments (none posted)
mono: arbitrary code execution via integer overflow
| Package(s): | mono |
CVE #(s): | CVE-2007-5197
|
| Created: | November 6, 2007 |
Updated: | December 7, 2009 |
| Description: |
From the Debian advisory: An integer overflow in the BigInteger data type implementation has been
discovered in the free .NET runtime Mono.
|
| Alerts: |
|
Comments (none posted)
moodle: cross-site scripting
| Package(s): | moodle |
CVE #(s): | CVE-2008-0123
|
| Created: | January 16, 2008 |
Updated: | November 12, 2008 |
| Description: |
Moodle suffers from a cross-site scripting vulnerability which is only open during the install process. |
| Alerts: |
|
Comments (none posted)
moodle: cross-site scripting
| Package(s): | moodle |
CVE #(s): | CVE-2007-3555
|
| Created: | August 7, 2007 |
Updated: | December 22, 2008 |
| Description: |
A cross-site scripting (XSS) vulnerability in index.php in Moodle 1.7.1
allows remote attackers to inject arbitrary web script or HTML via a style
expression in the search parameter. |
| Alerts: |
|
Comments (none posted)
mplayer: buffer overflow
| Package(s): | mplayer |
CVE #(s): | CVE-2007-1246
|
| Created: | March 8, 2007 |
Updated: | April 1, 2008 |
| Description: |
MPlayer versions up to 1.0rc1 have a buffer overflow in the
loader/dmo/DMO_VideoDecoder.c DMO_VideoDecoder_Open function.
user-assisted remote attackers can use this to create a buffer overflow
and possibly execute arbitrary code. |
| Alerts: |
|
Comments (none posted)
mt-daapd: multiple vulnerabilities
| Package(s): | mt-daapd |
CVE #(s): | CVE-2007-5825
CVE-2007-5824
|
| Created: | December 31, 2007 |
Updated: | September 1, 2008 |
| Description: |
From the Gentoo advisory: nnp discovered multiple vulnerabilities in the XML-RPC handler in the
file webserver.c. The ws_addarg() function contains a format string
vulnerability, as it does not properly sanitize username and password
data from the "Authorization: Basic" HTTP header line (CVE-2007-5825).
The ws_decodepassword() and ws_getheaders() functions do not correctly
handle empty Authorization header lines, or header lines without a ':'
character, leading to NULL pointer dereferences (CVE-2007-5824). |
| Alerts: |
|
Comments (none posted)
MySQL: denial of service
| Package(s): | mysql |
CVE #(s): | CVE-2007-5925
|
| Created: | November 19, 2007 |
Updated: | February 8, 2008 |
| Description: |
From the CVE entry:
The convert_search_mode_to_innobase function in ha_innodb.cc in the InnoDB engine in MySQL 5.1.23-BK and earlier allows remote authenticated users to cause a denial of service (database crash) via a certain CONTAINS operation on an indexed column, which triggers an assertion error. |
| Alerts: |
|
Comments (none posted)
mysql: denial of service
| Package(s): | mysql |
CVE #(s): | CVE-2007-1420
|
| Created: | March 22, 2007 |
Updated: | May 21, 2008 |
| Description: |
MySQL subselect queries using "ORDER BY" can be used by an attacker with
access to a MySQL instance in order to create an intermittent denial
of service. |
| Alerts: |
|
Comments (none posted)
mysql: format string bug
| Package(s): | mysql |
CVE #(s): | CVE-2006-3469
|
| Created: | July 21, 2006 |
Updated: | July 30, 2008 |
| Description: |
Jean-David Maillefer discovered a format string bug in the
date_format() function's error reporting. By calling the function with
invalid arguments, an authenticated user could exploit this to crash
the server. |
| Alerts: |
|
Comments (none posted)
MySQL: privilege violations
| Package(s): | mysql |
CVE #(s): | CVE-2006-4031
CVE-2006-4226
|
| Created: | August 25, 2006 |
Updated: | July 30, 2008 |
| Description: |
MySQL 4.1 before 4.1.21 and 5.0 before 5.0.24 allows a local user to access
a table through a previously created MERGE table, even after the user's
privileges are revoked for the original table, which might violate intended
security policy (CVE-2006-4031).
MySQL 4.1 before 4.1.21, 5.0 before 5.0.25, and 5.1 before 5.1.12, when run
on case-sensitive filesystems, allows remote authenticated users to create
or access a database when the database name differs only in case from a
database for which they have permissions (CVE-2006-4226). |
| Alerts: |
|
Comments (none posted)
mysql: privilege escalation
| Package(s): | mysql |
CVE #(s): | CVE-2007-6303
|
| Created: | December 19, 2007 |
Updated: | April 7, 2008 |
| Description: |
From the CVE entry: MySQL 5.0.x before 5.0.52, 5.1.x before 5.1.23, and 6.0.x before 6.0.4 does not update the DEFINER value of a view when the view is altered, which allows remote authenticated users to gain privileges via a sequence of statements including a CREATE SQL SECURITY DEFINER VIEW statement and an ALTER VIEW statement. |
| Alerts: |
|
Comments (none posted)
MySQL: logging bypass
| Package(s): | mysql |
CVE #(s): | CVE-2006-0903
|
| Created: | April 4, 2006 |
Updated: | May 21, 2008 |
| Description: |
MySQL 5.0.18 and earlier allows local users to bypass logging mechanisms
via SQL queries that contain the NULL character, which are not properly
handled by the mysql_real_query function. NOTE: this issue was originally
reported for the mysql_query function, but the vendor states that since
mysql_query expects a null character, this is not an issue for mysql_query. |
| Alerts: |
|
Comments (2 posted)
MySQL: privilege escalation
| Package(s): | MySQL |
CVE #(s): | CVE-2007-3781
CVE-2007-5969
|
| Created: | December 11, 2007 |
Updated: | May 21, 2008 |
| Description: |
MySQL Community Server before 5.0.51, when a table relies on symlinks created through explicit DATA DIRECTORY and INDEX DIRECTORY options, allows remote authenticated users to overwrite system table information and gain privileges via a RENAME TABLE statement that changes the symlink to point to an existing file. (CVE-2007-5969)
MySQL Community Server before 5.0.45 does not require privileges such as SELECT for the source table in a CREATE TABLE LIKE statement, which allows remote authenticated users to obtain sensitive information such as the table structure. (CVE-2007-3781) |
| Alerts: |
|
Comments (none posted)
mysql-dfsg: multiple vulnerabilities
| Package(s): | mysql-dfsg |
CVE #(s): | CVE-2007-2583
CVE-2007-2691
CVE-2007-2692
CVE-2007-3782
|
| Created: | November 27, 2007 |
Updated: | July 30, 2008 |
| Description: |
The in_decimal::set function in item_cmpfunc.cc in MySQL before 5.0.40, and
5.1 before 5.1.18-beta, allows context-dependent attackers to cause a
denial of service (crash) via a crafted IF clause that results in a
divide-by-zero error and a NULL pointer dereference. (CVE-2007-2583)
MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 does not
require the DROP privilege for RENAME TABLE statements, which allows remote
authenticated users to rename arbitrary tables. (CVE-2007-2691)
The mysql_change_db function in MySQL 5.0.x before 5.0.40 and 5.1.x before
5.1.18 does not restore THD::db_access privileges when returning from SQL
SECURITY INVOKER stored routines, which allows remote authenticated users
to gain privileges. (CVE-2007-2692)
MySQL Community Server before 5.0.45 allows remote authenticated users to
gain update privileges for a table in another database via a view that
refers to this external table. (CVE-2007-3782) |
| Alerts: |
|
Comments (none posted)
mysql: denial of service
| Package(s): | mysql-dfsg-5.0 |
CVE #(s): | CVE-2007-6304
|
| Created: | December 21, 2007 |
Updated: | April 7, 2008 |
| Description: |
Philip Stoev discovered that the the federated engine of MySQL
did not properly handle responses with a small number of columns.
An authenticated user could use a crafted response to a SHOW
TABLE STATUS query and cause a denial of service. |
| Alerts: |
|
Comments (none posted)
nagios: cross-site scripting
| Package(s): | nagios |
CVE #(s): | CVE-2007-5624
|
| Created: | December 7, 2007 |
Updated: | September 14, 2009 |
| Description: |
Cross-site scripting (XSS) vulnerability in Nagios 2.x before 2.10 allows remote attackers to inject arbitrary web script or HTML via unknown vectors to unspecified CGI scripts. |
| Alerts: |
|
Comments (none posted)
nagios-plugins: buffer overflow
| Package(s): | nagios-plugins |
CVE #(s): | CVE-2007-5198
|
| Created: | October 23, 2007 |
Updated: | April 17, 2008 |
| Description: |
Buffer overflow in the redir function in check_http.c in Nagios Plugins
before 1.4.10 allows remote web servers to execute arbitrary code via long
Location header responses (redirects). |
| Alerts: |
|
Comments (none posted)
nagios-plugins: check_snmp buffer overflow
| Package(s): | nagios-plugins |
CVE #(s): | CVE-2007-5623
|
| Created: | November 2, 2007 |
Updated: | April 17, 2008 |
| Description: |
Buffer overflow in the check_snmp function in Nagios Plugins (nagios-plugins) 1.4.10 allows remote attackers to cause a denial of service (crash) via crafted snmpget replies. |
| Alerts: |
|
Comments (none posted)
nbd: arbitrary code execution
| Package(s): | nbd |
CVE #(s): | CVE-2005-3534
|
| Created: | January 6, 2006 |
Updated: | March 7, 2011 |
| Description: |
Kurt Fitzner discovered that the NBD (network block device) server did not
correctly verify the maximum size of request packets. By sending specially
crafted large request packets, a remote attacker who is allowed to access
the server could exploit this to execute arbitrary code with root
privileges. |
| Alerts: |
|
Comments (none posted)
ncompress: buffer underflow
| Package(s): | ncompress |
CVE #(s): | CVE-2006-1168
|
| Created: | August 10, 2006 |
Updated: | February 21, 2012 |
| Description: |
The ncompress compression utility has a missing boundary check.
A local user can use a maliciously created file to cause a
a .bss buffer underflow. |
| Alerts: |
|
Comments (none posted)
net-snmp: denial of service
| Package(s): | net-snmp |
CVE #(s): | CVE-2007-5846
|
| Created: | November 16, 2007 |
Updated: | February 7, 2008 |
| Description: |
A flaw was discovered in the way net-snmp handled certain requests. A
remote attacker who can connect to the snmpd UDP port (161 by default)
could send a malicious packet causing snmpd to crash, resulting in a
denial of service. |
| Alerts: |
|
Comments (none posted)
nginx: cross site scripting
| Package(s): | nginx |
CVE #(s): | |
| Created: | July 20, 2007 |
Updated: | September 14, 2009 |
| Description: |
Nginx [engine x] is an HTTP(S) server, HTTP(S) reverse proxy and IMAP/POP3
proxy server written by Igor Sysoev. The "msie_refresh" directive could
allow cross site scripting. |
| Alerts: |
|
Comments (none posted)
nss_ldap: credential or other information disclosure
| Package(s): | nss_ldap |
CVE #(s): | CVE-2007-5794
|
| Created: | November 26, 2007 |
Updated: | July 30, 2008 |
| Description: |
From the Gentoo advisory:
Josh Burley reported that nss_ldap does not properly handle the LDAP
connections due to a race condition that can be triggered by
multi-threaded applications using nss_ldap, which might lead to
requested data being returned to a wrong process.
|
| Alerts: |
|
Comments (none posted)
openafs: denial of service
| Package(s): | openafs |
CVE #(s): | CVE-2007-6599
|
| Created: | January 10, 2008 |
Updated: | January 25, 2008 |
| Description: |
From the Gentoo advisory:
Russ Allbery, Jeffrey Altman, Dan Hyde and Thomas Mueller discovered a
race condition due to an improper handling of the clients callbacks
lists.
A remote attacker could construct cases which trigger the race
condition, resulting in a server crash. |
| Alerts: |
|
Comments (none posted)
openldap: denial of service
| Package(s): | openldap |
CVE #(s): | CVE-2007-5707
|
| Created: | November 8, 2007 |
Updated: | April 9, 2008 |
| Description: |
The OpenLDAP Lightweight Directory Access Protocol suite has a problem
with handling of malformed objectClasses LDAP attributes by the slapd
daemon. Both local and remote attackers can use this to crash slapd,
causing a denial of service. |
| Alerts: |
|
Comments (none posted)
openldap: denial of service
| Package(s): | openldap |
CVE #(s): | CVE-2007-5708
|
| Created: | November 23, 2007 |
Updated: | April 9, 2008 |
| Description: |
slapo-pcache (overlays/pcache.c) in slapd in OpenLDAP before 2.3.39, when
running as a proxy-caching server, allocates memory using a malloc variant
instead of calloc, which prevents an array from being initialized properly
and might allow attackers to cause a denial of service (segmentation fault)
via unknown vectors that prevent the array from being null terminated. |
| Alerts: |
|
Comments (none posted)
OpenOffice.org: arbitrary code execution
| Package(s): | openoffice.org |
CVE #(s): | CVE-2007-0245
|
| Created: | June 13, 2007 |
Updated: | June 12, 2008 |
| Description: |
A specially crafted RTF file could cause the
filter to overwrite data on the heap, which may lead to the execution
of arbitrary code. |
| Alerts: |
|
Comments (none posted)
openoffice.org: arbitrary code execution via TIFF images
| Package(s): | openoffice.org |
CVE #(s): | CVE-2007-2834
|
| Created: | September 17, 2007 |
Updated: | June 12, 2008 |
| Description: |
A heap overflow vulnerability has been discovered in the TIFF parsing
code of the OpenOffice.org suite. The parser uses untrusted values
from the TIFF file to calculate the number of bytes of memory to
allocate. A specially crafted TIFF image could trigger an integer
overflow and subsequently a buffer overflow that could cause the
execution of arbitrary code. |
| Alerts: |
|
Comments (none posted)
openoffice.org: arbitrary code execution
| Package(s): | openoffice.org |
CVE #(s): | CVE-2007-4575
|
| Created: | December 5, 2007 |
Updated: | September 10, 2008 |
| Description: |
From the OpenOffice advisory:
A security vulnerability in HSQLDB, the default database engine shipped with OpenOffice.org 2 (all versions), may allow attackers to execute arbitrary static Java code, by manipulating database documents to be opened by a user. |
| Alerts: |
|
Comments (none posted)
openssh: remote denial of service
| Package(s): | openssh |
CVE #(s): | CVE-2006-4924
CVE-2006-5051
|
| Created: | September 27, 2006 |
Updated: | September 17, 2008 |
| Description: |
Openssh 4.4 fixes some
security issues, including a pre-authentication denial of service, an
unsafe signal hander and on portable OpenSSH a GSSAPI authentication abort
could be used to determine the validity of usernames on some platforms. |
| Alerts: |
|
Comments (none posted)
openssl: off-by-one error
| Package(s): | openssl |
CVE #(s): | CVE-2007-4995
|
| Created: | October 23, 2007 |
Updated: | May 13, 2008 |
| Description: |
Off-by-one error in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8f
and 0.9.7 allows remote attackers to execute arbitrary code via unspecified
vectors. |
| Alerts: |
|
Comments (none posted)
openssl: off-by-one error
| Package(s): | openssl |
CVE #(s): | CVE-2007-5135
|
| Created: | October 3, 2007 |
Updated: | July 31, 2008 |
| Description: |
From the Debian advisory: An off-by-one error has been identified in the SSL_get_shared_ciphers()
routine in the libssl library from OpenSSL, an implementation of Secure
Socket Layer cryptographic libraries and utilities. This error could
allow an attacker to crash an application making use of OpenSSL's libssl
library, or potentially execute arbitrary code in the security context
of the user running such an application. |
| Alerts: |
|
Comments (none posted)
openssl: private key attack
| Package(s): | openssl |
CVE #(s): | CVE-2007-3108
|
| Created: | August 7, 2007 |
Updated: | May 13, 2008 |
| Description: |
OpenSSL could allow a local user in certain circumstances to divulge
information about private keys being used. |
| Alerts: |
|
Comments (none posted)
opera: multiple vulnerabilities
| Package(s): | opera |
CVE #(s): | CVE-2007-4367
CVE-2007-3929
CVE-2007-3142
CVE-2007-3819
|
| Created: | August 23, 2007 |
Updated: | February 27, 2008 |
| Description: |
The Opera browser has multiple vulnerabilities.
The JavaScript engine is vulnerable to a virtual function call on an invalid pointer that can be triggered by specially crafted JavaScript.
A freed pointer in the BitTorrent support may be
accessed, this can be used for malicious code execution.
The browser is vulnerable to several memory read protection
errors. There are URI display errors that can be used to trick
users into visiting arbitrary web sites. |
| Alerts: |
|
Comments (none posted)
paramiko: insecure random pool usage
| Package(s): | paramiko |
CVE #(s): | CVE-2008-0299
|
| Created: | January 16, 2008 |
Updated: | March 4, 2008 |
| Description: |
Programs which keep more than one paramiko connection open may leak random pool information. |
| Alerts: |
|
Comments (none posted)
pcre: CVE consolidation
| Package(s): | pcre |
CVE #(s): | CVE-2005-4872
CVE-2006-7227
CVE-2006-7224
|
| Created: | November 15, 2007 |
Updated: | May 13, 2008 |
| Description: |
PCRE has flaws in the way it handles malformed regular
expressions.
If an application linked against PCRE, such as Konqueror,
encounters a maliciously created regular expression, it may be possible
to run arbitrary code. Vulnerabilities CVE-2005-4872 and CVE-2006-7227
have been combined into CVE-2006-7224. |
| Alerts: |
|
Comments (5 posted)
pcre: two arbitrary code execution vulnerabilities
| Package(s): | pcre |
CVE #(s): | CVE-2007-1659
CVE-2007-1660
|
| Created: | November 6, 2007 |
Updated: | July 16, 2008 |
| Description: |
Multiple flaws were found in the way pcre handles certain malformed regular
expressions. If an application linked against pcre, such as Konqueror,
parses a malicious regular expression, it may be possible to run arbitrary
code as the user running the application. (CVE-2007-1659, CVE-2007-1660) |
| Alerts: |
|
Comments (none posted)
pcre: buffer overflows in library
| Package(s): | pcre |
CVE #(s): | CVE-2006-7228
CVE-2006-7230
CVE-2007-1661
CVE-2007-4766
CVE-2007-4767
|
| Created: | November 23, 2007 |
Updated: | July 16, 2008 |
| Description: |
Specially crafted regular expressions could lead to buffer overflows in the pcre library. Applications using pcre to process regular expressions from untrusted sources could therefore potentially be exploited by attackers to execute arbitrary code as the user running the application. |
| Alerts: |
|
Comments (1 posted)
pcre: buffer overflows
| Package(s): | pcre3 |
CVE #(s): | CVE-2007-1662
CVE-2007-4768
|
| Created: | November 27, 2007 |
Updated: | May 7, 2008 |
| Description: |
Perl-Compatible Regular Expression (PCRE) library before 7.3 reads past the
end of the string when searching for unmatched brackets and parentheses,
which allows context-dependent attackers to cause a denial of service
(crash), possibly involving forward references. (CVE-2007-1662)
Heap-based buffer overflow in Perl-Compatible Regular Expression (PCRE)
library before 7.3 allows context-dependent attackers to execute arbitrary
code via a singleton Unicode sequence in a character class in a regex
pattern, which is incorrectly optimized. (CVE-2007-4768) |
| Alerts: |
|
Comments (none posted)
peercast: buffer overflow
| Package(s): | peercast |
CVE #(s): | CVE-2007-6454
|
| Created: | December 28, 2007 |
Updated: | May 21, 2008 |
| Description: |
A heap-based buffer overflow in the handshakeHTTP function in servhs.cpp in PeerCast 0.1217 and earlier, and SVN 344 and earlier, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long SOURCE request. |
| Alerts: |
|
Comments (none posted)
perl-Net-DNS: predictable id sequence
| Package(s): | perl-Net-DNS |
CVE #(s): | CVE-2007-3377
|
| Created: | June 26, 2007 |
Updated: | March 12, 2008 |
| Description: |
Net::DNS before 0.60 uses an id sequence that is predictable and the same
in all child processes. |
| Alerts: |
|
Comments (none posted)
php: several vulnerabilities
| Package(s): | php |
CVE #(s): | CVE-2006-4481
CVE-2006-4484
CVE-2006-4485
|
| Created: | September 8, 2006 |
Updated: | June 13, 2008 |
| Description: |
The file_exists and imap_reopen functions in PHP before 5.1.5 do not check
for the safe_mode and open_basedir settings, which allows local users to
bypass the settings (CVE-2006-4481).
A buffer overflow in the LWZReadByte function in ext/gd/libgd/gd_gif_in.c
in the GD extension in PHP before 5.1.5 allows remote attackers to have an
unknown impact via a GIF file with input_code_size greater than
MAX_LWZ_BITS, which triggers an overflow when initializing the table array
(CVE-2006-4484).
The stripos function in PHP before 5.1.5 has unknown impact and attack
vectors related to an out-of-bounds read (CVE-2006-4485). |
| Alerts: |
|
Comments (1 posted)
php: multiple vulnerabilities
| Package(s): | php |
CVE #(s): | CVE-2007-2872
CVE-2007-2756
|
| Created: | June 1, 2007 |
Updated: | January 29, 2008 |
| Description: |
According to a vendor release announcement multiple
security enhancements and fixes were fixed in version 5.2.3 of the
programming language PHP. |
| Alerts: |
|
Comments (none posted)
php: multiple vulnerabilities
| Package(s): | php |
CVE #(s): | CVE-2007-3799
CVE-2007-3998
CVE-2007-4659
CVE-2007-4658
CVE-2007-4670
CVE-2007-4661
|
| Created: | October 23, 2007 |
Updated: | May 19, 2008 |
| Description: |
From the Red Hat advisory:
Various integer overflow flaws were found in the PHP gd extension. A
script that could be forced to resize images from an untrusted source could
possibly allow a remote attacker to execute arbitrary code as the apache
user. (CVE-2007-3996)
A previous security update introduced a bug into PHP session cookie
handling. This could allow an attacker to stop a victim from viewing a
vulnerable web site if the victim has first visited a malicious web page
under the control of the attacker, and that page can set a cookie for the
vulnerable web site. (CVE-2007-4670)
A flaw was found in the PHP money_format function. If a remote attacker
was able to pass arbitrary data to the money_format function this could
possibly result in an information leak or denial of service. Note that is
is unusual for a PHP script to pass user-supplied data to the money_format
function. (CVE-2007-4658)
A flaw was found in the PHP wordwrap function. If a remote attacker was
able to pass arbitrary data to the wordwrap function this could possibly
result in a denial of service. (CVE-2007-3998)
A bug was found in PHP session cookie handling. This could allow an
attacker to create a cross-site cookie insertion attack if a victim follows
an untrusted carefully-crafted URL. (CVE-2007-3799)
A flaw was found in handling of dynamic changes to global variables. A
script which used certain functions which change global variables could
be forced to enable the register_globals configuration option, possibly
resulting in global variable injection. (CVE-2007-4659)
An integer overflow flaw was found in the PHP chunk_split function. If a
remote attacker was able to pass arbitrary data to the third argument of
chunk_split they could possibly execute arbitrary code as the apache user.
Note that it is unusual for a PHP script to use the chunk_split function
with a user-supplied third argument. (CVE-2007-4661) |
| Alerts: |
|
Comments (none posted)
php: buffer overflows
| Package(s): | php |
CVE #(s): | CVE-2006-5465
|
| Created: | November 3, 2006 |
Updated: | January 18, 2010 |
| Description: |
The Hardened-PHP Project discovered buffer overflows in
htmlentities/htmlspecialchars internal routines to the PHP Project. Of
course the whole purpose of these functions is to be filled with user
input. (The overflow can only be when UTF-8 is used) |
| Alerts: |
|
Comments (none posted)
php5: multiple vulnerabilities
| Package(s): | php5 |
CVE #(s): | CVE-2007-4657
CVE-2007-4660
CVE-2007-4662
|
| Created: | November 30, 2007 |
Updated: | July 4, 2008 |
| Description: |
Multiple integer overflows in PHP 4 before 4.4.8, and PHP 5 before 5.2.4,
allow remote attackers to obtain sensitive information (memory contents) or
cause a denial of service (thread crash) via a large len value to the (1)
strspn or (2) strcspn function, which triggers an out-of-bounds read. NOTE:
this affects different product versions than CVE-2007-3996.
(CVE-2007-4657)
Unspecified vulnerability in the chunk_split function in PHP before 5.2.4
has unknown impact and attack vectors, related to an incorrect size
calculation. (CVE-2007-4660)
Buffer overflow in the php_openssl_make_REQ function in PHP before 5.2.4
has unknown impact and attack vectors. (CVE-2007-4662) |
| Alerts: |
|
Comments (none posted)
php5: multiple vulnerabilities
| Package(s): | php5 |
CVE #(s): | CVE-2007-4783
CVE-2007-4840
CVE-2007-5898
CVE-2007-5899
CVE-2007-5900
|
| Created: | November 20, 2007 |
Updated: | January 18, 2010 |
| Description: |
The php5 package contains multiple vulnerabilities, the most serious of which involve several Denial of Service attacks (application crashes and temporary application hangs). It is not currently known that these vulnerabilities can be exploited to execute malicious code. |
| Alerts: |
|
Comments (none posted)
phpbb2: missing input sanitizing
| Package(s): | phpbb2 |
CVE #(s): | CVE-2006-1896
|
| Created: | May 22, 2006 |
Updated: | February 11, 2008 |
| Description: |
It was discovered that phpbb2, a web based bulletin board, insufficiently
sanitizes values passed to the "Font Color 3" setting, which might lead to
the execution of injected code by admin users. |
| Alerts: |
|
Comments (none posted)
phpbb2: multiple vulnerabilities
| Package(s): | phpbb2 |
CVE #(s): | CVE-2005-3310
CVE-2005-3415
CVE-2005-3416
CVE-2005-3417
CVE-2005-3418
CVE-2005-3419
CVE-2005-3420
CVE-2005-3536
CVE-2005-3537
|
| Created: | December 22, 2005 |
Updated: | February 11, 2008 |
| Description: |
The phpbb2 web forum has a number of vulnerabilities including:
a web script injection problem, a protection mechanism bypass, a
security check bypass, a remote global variable bypass, cross site
scripting vulnerabilities, an SQL injection vulnerability,
a remote regular expression modification problem, missing input
sanitizing, and a missing request validation problem. |
| Alerts: |
|
Comments (none posted)
phpmyadmin: multiple vulnerabilities
| Package(s): | phpmyadmin |
CVE #(s): | CVE-2006-6942
CVE-2006-6944
CVE-2007-1325
CVE-2007-1395
CVE-2007-2245
|
| Created: | September 10, 2007 |
Updated: | March 19, 2009 |
| Description: |
Several remote vulnerabilities have been discovered in phpMyAdmin, a
program to administrate MySQL over the web. The Common Vulnerabilities
and Exposures project identifies the following problems:
CVE-2007-1325:
The PMA_ArrayWalkRecursive function in libraries/common.lib.php
does not limit recursion on arrays provided by users, which allows
context-dependent attackers to cause a denial of service (web
server crash) via an array with many dimensions.
CVE-2007-1395:
Incomplete blacklist vulnerability in index.php allows remote
attackers to conduct cross-site scripting (XSS) attacks by
injecting arbitrary JavaScript or HTML in a (1) db or (2) table
parameter value followed by an uppercase </SCRIPT> end tag,
which bypasses the protection against lowercase </script>.
CVE-2007-2245:
Multiple cross-site scripting (XSS) vulnerabilities allow remote
attackers to inject arbitrary web script or HTML via (1) the
fieldkey parameter to browse_foreigners.php or (2) certain input
to the PMA_sanitize function.
CVE-2006-6942:
Multiple cross-site scripting (XSS) vulnerabilities allow remote
attackers to inject arbitrary HTML or web script via (1) a comment
for a table name, as exploited through (a) db_operations.php,
(2) the db parameter to (b) db_create.php, (3) the newname parameter
to db_operations.php, the (4) query_history_latest,
(5) query_history_latest_db, and (6) querydisplay_tab parameters to
(c) querywindow.php, and (7) the pos parameter to (d) sql.php.
CVE-2006-6944:
phpMyAdmin allows remote attackers to bypass Allow/Deny access rules
that use IP addresses via false headers.
|
| Alerts: |
|
Comments (none posted)
phpMyAdmin: cross-site scripting vulnerabilities
| Package(s): | phpMyAdmin |
CVE #(s): | CVE-2007-5386
CVE-2007-5589
|
| Created: | November 2, 2007 |
Updated: | March 14, 2008 |
| Description: |
Cross-site scripting (XSS) vulnerability in scripts/setup.php in phpMyAdmin
2.11.1, when accessed by a browser that does not URL-encode requests,
allows remote attackers to inject arbitrary web script or HTML via the
query string.
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before
2.11.1.2 allow remote attackers to inject arbitrary web script or HTML via
certain input available in (1) PHP_SELF in (a) server_status.php, and (b)
grab_globals.lib.php, (c) display_change_password.lib.php, and (d)
common.lib.php in libraries/; and certain input available in PHP_SELF and
(2) PATH_INFO in libraries/common.inc.php. NOTE: there might also be other
vectors related to (3) REQUEST_URI. |
| Alerts: |
|
Comments (none posted)
phpMyAdmin: information disclosure
| Package(s): | phpMyAdmin |
CVE #(s): | CVE-2007-0095
|
| Created: | December 11, 2007 |
Updated: | September 25, 2008 |
| Description: |
phpMyAdmin 2.9.1.1 allows remote attackers to obtain sensitive information
via a direct request for themes/darkblue_orange/layout.inc.php, which
reveals the path in an error message. |
| Alerts: |
|
Comments (none posted)
phpMyAdmin: SQL injection
| Package(s): | phpMyAdmin |
CVE #(s): | CVE-2007-5976
CVE-2007-5977
|
| Created: | November 22, 2007 |
Updated: | March 19, 2009 |
| Description: |
phpMyAdmin prior to version 2.11.2.1 has an SQL injection vulnerability
in db_create.php. Remote authenticated users with CREATE DATABASE privileges can use this to execute arbitrary SQL commands via the db parameter.
db_create.php also has a related cross-site scripting vulnerability.
Remote authenticated users can inject arbitrary web scripts or HTML
using a hex-encoded IMG element in the db parameter in a POST request. |
| Alerts: |
|
Comments (none posted)
phpPgAdmin: cross-site scripting
| Package(s): | phppgadmin |
CVE #(s): | CVE-2007-2865
CVE-2007-5728
|
| Created: | June 18, 2007 |
Updated: | January 21, 2009 |
| Description: |
A cross-site scripting (XSS) vulnerability in sqledit.php in phpPgAdmin
4.1.1 allows remote attackers to inject arbitrary web script or HTML via
the server parameter. |
| Alerts: |
|
Comments (none posted)
poppler and xpdf: multiple vulnerabilities
| Package(s): | poppler xpdf |
CVE #(s): | CVE-2007-4352
CVE-2007-5392
CVE-2007-5393
|
| Created: | November 8, 2007 |
Updated: | February 26, 2008 |
| Description: |
The xpdf and poppler PDF libraries contain several vulnerabilities which can lead to arbitrary command execution via hostile PDF files. Numerous other applications which use these libraries (PDF viewers, CUPS, etc.) will be affected by the vulnerabilities as well. |
| Alerts: |
|
Comments (none posted)
postgresql: several vulnerabilities
| Package(s): | postgresql |
CVE #(s): | CVE-2007-3278
CVE-2007-3279
CVE-2007-3280
|
| Created: | September 25, 2007 |
Updated: | February 1, 2008 |
| Description: |
PostgreSQL 8.1 and probably later and earlier versions, when local trust
authentication is enabled and the Database Link library (dblink) is
installed, allows remote attackers to access arbitrary accounts and execute
arbitrary SQL queries via a dblink host parameter that proxies the
connection from 127.0.0.1. (CVE-2007-3278)
PostgreSQL 8.1 and probably later and earlier versions, when the PL/pgSQL
(plpgsql) language has been created, grants certain plpgsql privileges to
the PUBLIC domain, which allows remote attackers to create and execute
functions, as demonstrated by functions that perform local brute-force
password guessing attacks, which may evade intrusion
detection. (CVE-2007-3279)
The Database Link library (dblink) in PostgreSQL 8.1 implements functions
via CREATE statements that map to arbitrary libraries based on the C
programming language, which allows remote authenticated superusers to map
and execute a function from any library, as demonstrated by using the
system function in libc.so.6 to gain shell access. (CVE-2007-3280) |
| Alerts: |
|
Comments (1 posted)
PostgreSQL: multiple vulnerabilities
| Package(s): | postgresql |
CVE #(s): | CVE-2007-6600
CVE-2007-4772
CVE-2007-6067
CVE-2007-4769
CVE-2007-6601
|
| Created: | January 9, 2008 |
Updated: | January 17, 2013 |
| Description: |
Several vulnerabilities have been found in the PostgreSQL database manager. The developers call the fixes "critical," but also note that, as of the time of the update, none of them were known to be exploited; see this advisory for more information. |
| Alerts: |
|
Comments (none posted)
pulseaudio: denial of service
| Package(s): | pulseaudio |
CVE #(s): | CVE-2007-1804
|
| Created: | May 30, 2007 |
Updated: | March 10, 2008 |
| Description: |
The pulseaudio network code suffers from a denial of service vulnerability exploitable by an unauthenticated attacker. |
| Alerts: |
|
Comments (none posted)
python: information disclosure
| Package(s): | python |
CVE #(s): | CVE-2007-2052
|
| Created: | May 9, 2007 |
Updated: | July 30, 2009 |
| Description: |
Python 2.4 and 2.5 contain a bug in PyLocale_strxfrm() which could enable an attacker to read portions of unrelated memory. |
| Alerts: |
|
Comments (none posted)
python: integer overflows
| Package(s): | python |
CVE #(s): | CVE-2007-4965
|
| Created: | October 30, 2007 |
Updated: | July 30, 2009 |
| Description: |
Multiple integer overflows in the imageop module in Python 2.5.1 and
earlier allow context-dependent attackers to cause a denial of service
(application crash) and possibly obtain sensitive information (memory
contents) via crafted arguments to (1) the tovideo method, and unspecified
other vectors related to (2) imageop.c, (3) rbgimgmodule.c, and other
files, which trigger heap-based buffer overflows. |
| Alerts: |
|
Comments (none posted)
python-cherrypy: unauthorized file access via malicious cookie
| Package(s): | python-cherrypy |
CVE #(s): | CVE-2008-0252
|
| Created: | January 9, 2008 |
Updated: | February 6, 2008 |
| Description: |
From the Fedora advisory:
Malicious cookies may allow access to
files outside the session directory. |
| Alerts: |
|
Comments (none posted)
qemu: multiple vulnerabilities
Comments (none posted)
qt4: security restriction bypass
| Package(s): | qt4 |
CVE #(s): | CVE-2007-5965
|
| Created: | January 3, 2008 |
Updated: | February 21, 2008 |
| Description: |
Trolltech Qt has a privilege escalation vulnerability.
An error can be triggered in QSslSocket when verifying SSL certificates,
attackers can use this to bypass the SSL certificate verification
and acquire unauthorized access to a vulnerable application. |
| Alerts: |
|
Comments (1 posted)
quagga: denial of service
| Package(s): | quagga |
CVE #(s): | CVE-2007-4826
|
| Created: | September 14, 2007 |
Updated: | October 25, 2010 |
| Description: |
The bgpd daemon in Quagga prior to 0.99.9 allowed remote BGP peers to cause
a denial of service crash via a malformed OPEN message or COMMUNITY
attribute. |
| Alerts: |
|
Comments (none posted)
quake: buffer overflow
| Package(s): | quake3-bin |
CVE #(s): | CVE-2006-2236
|
| Created: | May 10, 2006 |
Updated: | January 12, 2009 |
| Description: |
Games based on the Quake 3 engine are vulnerable to a buffer overflow exploitable by a hostile game server. |
| Alerts: |
|
Comments (none posted)
R: buffer overflows
| Package(s): | R |
CVE #(s): | |
| Created: | January 10, 2008 |
Updated: | January 16, 2008 |
| Description: |
The R language has a copy of PCRE, that has a number of buffer
overflow and memory corruption vulnerabilities. If an attacker creates
specially crafted regular expressions, it may be possible to create a
denial of service, execute arbitrary code or disclose unauthorized
information. |
| Alerts: |
|
Comments (none posted)
rails: multiple vulnerabilities
| Package(s): | rails |
CVE #(s): | CVE-2007-5380
CVE-2007-3227
CVE-2007-5379
|
| Created: | November 15, 2007 |
Updated: | December 21, 2009 |
| Description: |
Ruby on Rails has the following vulnerabilities:
ActiveResource does not properly sanitize filenames in the Hash.from_xml() function.
The session_id can be set from the URL from the session management.
The to_json() function does not properly sanitize input before it is
returned to the user. |
| Alerts: |
|
Comments (none posted)
rsync: restricted file access
| Package(s): | rsync |
CVE #(s): | CVE-2007-6199
CVE-2007-6200
|
| Created: | December 5, 2007 |
Updated: | September 23, 2011 |
| Description: |
From the CVE entry:
rsync before 3.0.0pre6, when running a writable rsync daemon that is not using chroot, allows remote attackers to access restricted files via unknown vectors that cause rsync to create a symlink that points outside of the module's hierarchy. |
| Alerts: |
|
Comments (none posted)
ruby: insufficient SSL certificate validation
| Package(s): | ruby |
CVE #(s): | CVE-2007-5162
CVE-2007-5770
|
| Created: | October 8, 2007 |
Updated: | October 10, 2008 |
| Description: |
The connect method in lib/net/http.rb in the (1) Net::HTTP and (2) Net::HTTPS libraries in Ruby 1.8.5 and 1.8.6 does not verify that the commonName (CN) field in a server certificate matches the domain name in an HTTPS request, which makes it easier for remote attackers to intercept SSL transmissions via a man-in-the-middle attack or spoofed web site. |
| Alerts: |
|
Comments (none posted)
ruby-gnome2: format string vulnerability
| Package(s): | ruby-gnome2 |
CVE #(s): | CVE-2007-6183
|
| Created: | December 7, 2007 |
Updated: | December 22, 2008 |
| Description: |
A format string vulnerability in the mdiag_initialize function in gtk/src/rbgtkmessagedialog.c in Ruby-GNOME 2 (aka Ruby/Gnome2) 0.16.0, and SVN versions before 20071127, allows context-dependent attackers to execute arbitrary code via format string specifiers in the message parameter. |
| Alerts: |
|
Comments (none posted)
samba: buffer overflow
| Package(s): | samba |
CVE #(s): | CVE-2007-4572
|
| Created: | November 15, 2007 |
Updated: | December 3, 2008 |
| Description: |
The Samba user authentication is vulnerable to a heap-based buffer overflow.
Remote unauthenticated users can use this to crash the Samba server
and cause a denial of service. |
| Alerts: |
|
Comments (none posted)
samba: stack-based buffer overflow
| Package(s): | samba |
CVE #(s): | CVE-2007-6015
|
| Created: | December 11, 2007 |
Updated: | December 3, 2008 |
| Description: |
A stack buffer overflow flaw was found in the way Samba authenticates
remote users. A remote unauthenticated user could trigger this flaw to
cause the Samba server to crash, or execute arbitrary code with the
permissions of the Samba server. |
| Alerts: |
|
Comments (none posted)
samba: buffer overflow
| Package(s): | samba |
CVE #(s): | CVE-2007-5398
|
| Created: | November 15, 2007 |
Updated: | December 3, 2008 |
| Description: |
Samba's mechanism for creating NetBIOS replies is vulnerable to a
buffer overflow. Samba servers that are configured to run as a
WINS server can be crashed by a remote unauthenticated user,
execution of arbitrary code may also be possible. |
| Alerts: |
|
Comments (none posted)
slocate: information disclosure
| Package(s): | slocate |
CVE #(s): | CVE-2007-0227
|
| Created: | February 22, 2007 |
Updated: | September 4, 2012 |
| Description: |
The slocate permission checking code has a local information disclosure
vulnerability. During the reporting of matching files, slocate does not
respect the parent directory's read permissions, resulting in hidden
filenames being viewable by other local users. |
| Alerts: |
|
Comments (none posted)
squid: denial of service
| Package(s): | squid |
CVE #(s): | CVE-2007-6239
|
| Created: | December 18, 2007 |
Updated: | March 25, 2009 |
| Description: |
A flaw was found in the way squid stored HTTP headers for cached objects
in system memory. An attacker could cause squid to use additional memory,
and trigger high CPU usage when processing requests for certain cached
objects, possibly leading to a denial of service. |
| Alerts: |
|
Comments (none posted)
streamripper: buffer overflow
| Package(s): | streamripper |
CVE #(s): | CVE-2007-4337
|
| Created: | September 14, 2007 |
Updated: | December 9, 2008 |
| Description: |
Chris Rohlf discovered several boundary errors in the
httplib_parse_sc_header() function when processing HTTP headers. |
| Alerts: |
|
Comments (none posted)
subversion: possible information leak
| Package(s): | subversion |
CVE #(s): | CVE-2007-2448
|
| Created: | October 30, 2007 |
Updated: | February 1, 2011 |
| Description: |
Subversion 1.4.3 and earlier does not properly implement the "partial
access" privilege for users who have access to changed paths but not copied
paths, which allows remote authenticated users to obtain sensitive
information (revision properties) via svn (1) propget, (2) proplist, or (3)
propedit. |
| Alerts: |
|
Comments (none posted)
Sun JDK/JRE: multiple vulnerabilities
| Package(s): | Sun JDK/JRE |
CVE #(s): | CVE-2007-2435
CVE-2007-2788
CVE-2007-2789
|
| Created: | June 1, 2007 |
Updated: | April 18, 2008 |
| Description: |
An unspecified vulnerability involving an "incorrect use of system
classes" was reported by the Fujitsu security team. Additionally, Chris
Evans from the Google Security Team reported an integer overflow
resulting in a buffer overflow in the ICC parser used with JPG or BMP
files, and an incorrect open() call to /dev/tty when processing certain
BMP files. |
| Alerts: |
|
Comments (none posted)
syslog-ng: denial of service
| Package(s): | syslog-ng |
CVE #(s): | CVE-2007-6437
|
| Created: | December 31, 2007 |
Updated: | January 21, 2008 |
| Description: |
The syslog-ng daemon does not properly handle messages containing an unterminated time stamp, resulting in the dereferencing of a NULL pointer and subsequent crash. |
| Alerts: |
|
Comments (1 posted)
sysstat: insecure temporary files
| Package(s): | sysstat |
CVE #(s): | CVE-2007-3852
|
| Created: | August 20, 2007 |
Updated: | September 23, 2011 |
| Description: |
The init script (sysstat.in) in sysstat 5.1.2 up to 7.1.6 creates
/tmp/sysstat.run insecurely, which allows local users to execute arbitrary
code. |
| Alerts: |
|
Comments (1 posted)
t1lib: buffer overflow
| Package(s): | t1lib |
CVE #(s): | CVE-2007-4033
|
| Created: | September 20, 2007 |
Updated: | February 12, 2008 |
| Description: |
T1lib, an enhanced rasterizer for X11 Type 1 fonts, does
not properly perform bounds checking. An attacker can send
specially crafted input to applications linked against the library in
order to create a buffer overflow, resulting in a denial of service
or the execution of arbitrary code. |
| Alerts: |
|
Comments (none posted)
tar: buffer overflow
| Package(s): | tar |
CVE #(s): | CVE-2007-4476
|
| Created: | October 16, 2007 |
Updated: | March 17, 2010 |
| Description: |
Buffer overflow in the safer_name_suffix function in GNU tar has unspecified attack vectors and impact, resulting in a "crashing stack." |
| Alerts: |
|
Comments (none posted)
tetex: buffer overflow
| Package(s): | tetex |
CVE #(s): | CVE-2007-0650
|
| Created: | May 8, 2007 |
Updated: | May 13, 2008 |
| Description: |
A buffer overflow in the open_sty function in mkind.c for makeindex 2.14 in
teTeX might allow user-assisted remote attackers to overwrite files and
possibly execute arbitrary code via a long filename. NOTE: other overflows
exist but might not be exploitable, such as a heap-based overflow in the
check_idx function. |
| Alerts: |
|
Comments (1 posted)
teTeX: multiple vulnerabilities
| Package(s): | tetex |
CVE #(s): | CVE-2007-5937
CVE-2007-5936
CVE-2007-5935
|
| Created: | November 19, 2007 |
Updated: | May 10, 2010 |
| Description: |
From the Gentoo advisory:
Joachim Schrod discovered several buffer overflow vulnerabilities and
an insecure temporary file creation in the "dvilj" application that is
used by dvips to convert DVI files to printer formats (CVE-2007-5937,
CVE-2007-5936). Bastien Roucaries reported that the "dvips" application
is vulnerable to two stack-based buffer overflows when processing DVI
documents with long \href{} URIs (CVE-2007-5935). teTeX also includes
code from Xpdf that is vulnerable to a memory corruption and two
heap-based buffer overflows (GLSA 200711-22); and it contains code from
T1Lib that is vulnerable to a buffer overflow when processing an overly
long font filename (GLSA 200710-12). |
| Alerts: |
|
Comments (none posted)
Tk: buffer overflow
| Package(s): | tk8.3 |
CVE #(s): | CVE-2007-5378
|
| Created: | November 28, 2007 |
Updated: | March 17, 2009 |
| Description: |
The Tk toolkit's GIF-reading code contains a buffer overflow which could be exploited via a malicious image file. Fixes may be found in versions 8.4.12 and 8.3.5. |
| Alerts: |
|
Comments (none posted)
tk: denial of service
| Package(s): | tk8.3 tk8.4 |
CVE #(s): | CVE-2007-5137
|
| Created: | October 12, 2007 |
Updated: | March 17, 2009 |
| Description: |
It was discovered that Tk could be made to overrun a buffer when loading
certain images. If a user were tricked into opening a specially crafted GIF
image, remote attackers could cause a denial of service or execute
arbitrary code with user privileges. |
| Alerts: |
|
Comments (none posted)
tomboy: execution of arbitrary code
| Package(s): | tomboy |
CVE #(s): | CVE-2005-4790
|
| Created: | November 9, 2007 |
Updated: | February 22, 2011 |
| Description: |
Jan Oravec reported that the "/usr/bin/tomboy" script sets the
"LD_LIBRARY_PATH" environment variable incorrectly, which might result
in the current working directory (.) to be included when searching for
dynamically linked libraries of the Mono Runtime application.
Note that the tomboy vulnerability was added in 2007. |
| Alerts: |
|
Comments (none posted)
tomcat: directory traversal
| Package(s): | tomcat |
CVE #(s): | CVE-2007-0450
|
| Created: | May 2, 2007 |
Updated: | February 27, 2008 |
| Description: |
Versions of tomcat prior to 5.5.22 do not properly filter filename separator characters, enabling information disclosure attacks. |
| Alerts: |
|
Comments (none posted)
tomcat: cross-site scripting
| Package(s): | tomcat |
CVE #(s): | CVE-2007-2449
CVE-2007-2450
|
| Created: | July 17, 2007 |
Updated: | February 17, 2009 |
| Description: |
Some JSPs within the 'examples' web application did not escape user
provided data. If the JSP examples were accessible, this flaw could allow a
remote attacker to perform cross-site scripting attacks (CVE-2007-2449).
Note: it is recommended the 'examples' web application not be installed on
a production system.
The Manager and Host Manager web applications did not escape user provided
data. If a user is logged in to the Manager or Host Manager web
application, an attacker could perform a cross-site scripting attack
(CVE-2007-2450). |
| Alerts: |
|
Comments (1 posted)
tomcat: multiple vulnerabilities
| Package(s): | tomcat |
CVE #(s): | CVE-2007-3382
CVE-2007-3385
CVE-2007-3386
|
| Created: | September 26, 2007 |
Updated: | September 13, 2010 |
| Description: |
Tomcat was found treating single quote characters -- ' -- as delimiters in
cookies. This could allow remote attackers to obtain sensitive information,
such as session IDs, for session hijacking attacks (CVE-2007-3382).
It was reported Tomcat did not properly handle the following character
sequence in a cookie: \" (a backslash followed by a double-quote). It was
possible remote attackers could use this failure to obtain sensitive
information, such as session IDs, for session hijacking attacks
(CVE-2007-3385).
A cross-site scripting (XSS) vulnerability existed in the Host Manager
Servlet. This allowed remote attackers to inject arbitrary HTML and web
script via crafted requests (CVE-2007-3386). |
| Alerts: |
|
Comments (none posted)
tomcat: arbitrary file disclosure via path traversal
| Package(s): | tomcat5 |
CVE #(s): | CVE-2007-5461
|
| Created: | November 19, 2007 |
Updated: | February 17, 2009 |
| Description: |
From the CVE entry:
Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag. |
| Alerts: |
|
Comments (none posted)
vim: arbitrary code execution
| Package(s): | vim |
CVE #(s): | CVE-2007-2953
|
| Created: | July 30, 2007 |
Updated: | November 27, 2008 |
| Description: |
vim is vulnerable to a user-assisted attack in which vim may execute arbitrary code when helptags is run on data that has been maliciously crafted. |
| Alerts: |
|
Comments (none posted)
vlc: several vulnerabilities
| Package(s): | vlc |
CVE #(s): | CVE-2007-3316
CVE-2007-3467
CVE-2007-3468
|
| Created: | July 10, 2007 |
Updated: | March 10, 2008 |
| Description: |
Several remote vulnerabilities have been discovered in the VideoLan
multimedia player and streamer, which may lead to the execution of
arbitrary code. |
| Alerts: |
|
Comments (none posted)
wireshark: multiple vulnerabilities
| Package(s): | wireshark |
CVE #(s): | CVE-2007-3390
CVE-2007-3392
CVE-2007-3393
|
| Created: | June 28, 2007 |
Updated: | February 27, 2008 |
| Description: |
The wireshark network traffic analyzer has three vulnerabilities
that can be used to create a denial of service. These include
off-by-one overflows in the iSeries dissector, vulnerabilities in
the MMS and SSL dissectors that can cause an infinite loop and
an off-by-one overflow in the DHCP/BOOTP dissector. |
| Alerts: |
|
Comments (none posted)
wireshark: lots of dissector vulnerabilities
Comments (1 posted)
x11: xfs font server overflows
| Package(s): | x11 |
CVE #(s): | CVE-2007-4568
CVE-2007-4989
CVE-2007-4990
|
| Created: | October 4, 2007 |
Updated: | January 18, 2008 |
| Description: |
xorg-x11 has a number of integer and heap overflow vulnerabilities in
the xfs font server. A local attacker may be able to use these for
the execution of arbitrary code with elevated privileges. |
| Alerts: |
|
Comments (none posted)
xen-utils: insecure temp files
| Package(s): | xen-utils |
CVE #(s): | CVE-2007-3919
|
| Created: | October 25, 2007 |
Updated: | May 16, 2008 |
| Description: |
The xen-utils collection of XEN administrative tools uses temporary files
insecurely. Local users can use this to truncate arbitrary files. |
| Alerts: |
|
Comments (none posted)
xfce4: multiple vulnerabilities
| Package(s): | xfce4 |
CVE #(s): | CVE-2007-6531
CVE-2007-6532
|
| Created: | January 10, 2008 |
Updated: | January 16, 2008 |
| Description: |
From the Gentoo alert:
Gregory Andersen reported that the Xfce4 panel does not correctly
calculate memory boundaries, leading to a stack-based buffer overflow
in the launcher_update_panel_entry() function (CVE-2007-6531). Daichi
Kawahata reported libxfcegui4 did not copy provided values when
creating "SessionClient" structs, possibly leading to access of freed
memory areas (CVE-2007-6532). |
| Alerts: |
|
Comments (none posted)
XFree86 X.org: integer overflows
| Package(s): | xfree86 x.org |
CVE #(s): | CVE-2007-1003
CVE-2007-1667
CVE-2007-1351
CVE-2007-1352
|
| Created: | April 3, 2007 |
Updated: | August 11, 2009 |
| Description: |
iDefense reported an integer overflow flaw in the XFree86 XC-MISC
extension. A malicious authorized client could exploit this issue to cause
a denial of service (crash) or potentially execute arbitrary code with root
privileges on the XFree86 server. (CVE-2007-1003)
iDefense reported two integer overflows in the way X.org handled various
font files. A malicious local user could exploit these issues to
potentially execute arbitrary code with the privileges of the X.org server.
(CVE-2007-1351, CVE-2007-1352)
An integer overflow flaw was found in the XFree86 XGetPixel() function.
Improper use of this function could cause an application calling it to
function improperly, possibly leading to a crash or arbitrary code
execution. (CVE-2007-1667) |
| Alerts: |
|
Comments (none posted)
xine-lib: arbitrary code execution
| Package(s): | xine-lib |
CVE #(s): | CVE-2007-1387
|
| Created: | March 13, 2007 |
Updated: | April 1, 2008 |
| Description: |
Moritz Jodeit discovered that the DirectShow loader of Xine did not
correctly validate the size of an allocated buffer. By tricking a user
into opening a specially crafted media file, an attacker could execute
arbitrary code with the user's privileges. |
| Alerts: |
|
Comments (none posted)
xine-lib: buffer overflow
| Package(s): | xine-lib |
CVE #(s): | CVE-2008-0225
|
| Created: | January 16, 2008 |
Updated: | August 7, 2008 |
| Description: |
xine-lib contains a buffer overflow which could be exploited (via a specially-crafted stream) to execute arbitrary code; see this advisory for more information. |
| Alerts: |
|
Comments (none posted)
xine-lib: buffer overflow
| Package(s): | xine-lib |
CVE #(s): | CVE-2006-1664
|
| Created: | April 27, 2006 |
Updated: | February 27, 2008 |
| Description: |
xine-lib does an improper input data boundary check on
MPEG streams. A specially crafted MPEG file can be
created that can cause arbitrary code execution when the
file is accessed. |
| Alerts: |
|
Comments (none posted)
xmms: BMP handling vulnerability
| Package(s): | xmms |
CVE #(s): | CVE-2007-0653
CVE-2007-0654
|
| Created: | March 28, 2007 |
Updated: | July 26, 2011 |
| Description: |
xmms suffers from vulnerabilities in its handling of BMP images. Should a hostile image be included in an xmms skin, it could lead to code execution on the user's system. |
| Alerts: |
|
Comments (none posted)
X.org: temp file vulnerability
| Package(s): | X.org |
CVE #(s): | CVE-2007-3103
|
| Created: | July 12, 2007 |
Updated: | July 2, 2009 |
| Description: |
The X.Org X11 xfs font server has a temp file vulnerability in the
startup script. A local user can modify the permissions of the script
in order to elevate their local privileges. |
| Alerts: |
|
Comments (none posted)
xorg-server: local privilege escalation
| Package(s): | xorg-server |
CVE #(s): | CVE-2007-4730
|
| Created: | September 10, 2007 |
Updated: | January 24, 2008 |
| Description: |
Aaron Plattner discovered a buffer overflow in the Composite extension
of the X.org X server, which can lead to local privilege escalation. |
| Alerts: |
|
Comments (none posted)
xulrunner, firefox, thunderbird: multiple vulnerabilities
| Package(s): | xulrunner, firefox, thunderbird |
CVE #(s): | CVE-2007-1095
CVE-2007-2292
CVE-2007-3511
CVE-2007-5334
CVE-2007-5337
CVE-2007-5338
CVE-2007-5339
CVE-2007-5340
CVE-2006-2894
|
| Created: | October 22, 2007 |
Updated: | May 12, 2008 |
| Description: |
From the Debian advisory:
CVE-2007-1095:
Michal Zalewski discovered that the unload event handler had access to
the address of the next page to be loaded, which could allow information
disclosure or spoofing.
CVE-2007-2292:
Stefano Di Paola discovered that insufficient validation of user names
used in Digest authentication on a web site allows HTTP response splitting
attacks.
CVE-2007-3511:
It was discovered that insecure focus handling of the file upload
control can lead to information disclosure. This is a variant of
CVE-2006-2894.
CVE-2007-5334:
Eli Friedman discovered that web pages written in Xul markup can hide the
titlebar of windows, which can lead to spoofing attacks.
CVE-2007-5337:
Georgi Guninski discovered the insecure handling of smb:// and sftp:// URI
schemes may lead to information disclosure. This vulnerability is only
exploitable if Gnome-VFS support is present on the system.
CVE-2007-5338:
"moz_bug_r_a4" discovered that the protection scheme offered by XPCNativeWrappers
could be bypassed, which might allow privilege escalation.
CVE-2007-5339:
L. David Baron, Boris Zbarsky, Georgi Guninski, Paul Nickerson, Olli Pettay,
Jesse Ruderman, Vladimir Sukhoy, Daniel Veditz, and Martijn Wargers discovered
crashes in the layout engine, which might allow the execution of arbitrary code.
CVE-2007-5340:
Igor Bukanov, Eli Friedman, and Jesse Ruderman discovered crashes in the
Javascript engine, which might allow the execution of arbitrary code.
|
| Alerts: |
|
Comments (1 posted)
Page editor: Jake Edge
Kernel development
Brief items
The current 2.6 prepatch remains 2.6.24-rc8; no new prepatches have
been released over the last week. Around 100 patches have gone into the
mainline repository since -rc8 was released. Your editor expects the final
2.6.24 release just before everybody heads off to linux.conf.au.
The current -mm tree is 2.6.24-rc8-mm1. Andrew has been
expressing some frustration with the process of bringing together -mm
patches:
The volume of rejects and build errors which are caused by
subsystem maintainers fiddling with other people's stuff is quite
out of control. Something needs to happen here.
What has happened for the moment is that a lot of git trees have been
dropped from this release. Other changes include asynchronous crypto
support in the device mapper, a number of Chinese translations of core
kernel documents, a lot of IDE updates, and a Sony memory stick driver.
For older kernels: 2.6.16.59 was released with
about a dozen fixes on January 19. 2.6.16.60-rc1 (January 22)
starts the next cycle with several more fixes.
Comments (none posted)
Kernel development news
As my daughter would say: that patch fell out of the ugly tree, and hit
every branch on the way down. Very impressive.
-- Linus Torvalds (for the curious, here is
the referenced patch)
These things are all _soo_ much simpler than all the issues you
have to do in the kernel, so this is just a complete toy compared
to all the things we do inside Linux to do the same thing with
pluggable hashes on a per-path-component basis etc.
(User space developers are weenies. One of the most fun parts of
git development for me has been how easy everything is ;)
-- Linus Torvalds (thanks to Nicholas
Pitre)
One thing the kernel never faced was fifteen years of fundamental
stagnation with a wealth of kludge-arounds piled on top.
-- Keith Packard
Are you saying that this linux can run on a computer without
windows underneath it, at all ? As in, without a boot disk, without
any drivers, and without any services ?
That sounds preposterous to me.
-- "jerryleecooper"
Comments (16 posted)
By Jonathan Corbet
January 23, 2008
Last week's Kernel Page may
have been filesystem-heavy, but there was still a big omission, in the form
of ext4. But ext4, being the successor to ext3, may well be the filesystem
many of us are using a few years from now. Things have been relatively
quiet on that front - at least, outside of the relevant mailing lists - but
the ext4 developers have not been idle. Some of their work has now come to
the surface with Ted Ts'o's posting of the ext4 merge plans for 2.6.25.
One of the changes going into ext4 is a lifting of the longstanding 4KB
block size limit. That does not mean that just any block size works, though,
and this feature will benefit fewer people than one might think, for one
specific reason: the block size must still be no larger than the page size
on the host system. So those of us running x86 systems with 4KB pages will
be stuck with 4KB blocks still. And, on any system, the maximum block size
is now 64KB.
One amusing effect of this change is that the size of a directory entry can
now be as large as 64KB as well. But the field which holds the size of
directory entries is only 16 bits wide. So a special hack has been
employed to recognize 64KB directory entries and keep everything
consistent.
Some internal variables have overflow problems as well. Block numbers are
stored as a signed, 32-bit quantity, and so are block group numbers. That
limits the maximum size of a filesystem to a mere 256PB. In 2.6.25, these values will
become unsigned long variables, eliminating that intolerably low limit.
Through some trickery, the inode field which stores the number of blocks
associated with a file will be expanded to 48 bits, raising the
maximum size of an individual file to just under 248 512-byte
blocks.
The work does not stop there, though: another patch redefines that field
to mean the number of filesystem blocks (instead of 512-byte sectors) used
by the file. This is a change which has to be handled carefully, since it
is an on-disk format change which could create trouble for people with
existing ext4 filesystems. Everybody who is using ext4 should certainly be
doing so with the knowledge that it's a development filesystem and is only
suitable for storing files which are not valuable for more than about
30 minutes - Rawhide OpenOffice.org updates, say. But it still would be
nice to not trash every existing ext4 filesystem out there. So the
i_blocks field will continue, by default, to hold the number of
512-byte blocks. But, if that field exceeds 32 bits and forces the use of
48-bit numbers, it is thereafter interpreted as filesystem blocks. Since
no existing filesystems are yet using 48-bit numbers, this approach
successfully avoids breaking them.
Journal checksums are another feature arriving for 2.6.25. If the system
crashes, the journal is used to recover any transactions which were
committed, but which did not actually make it to disk. It sure would
be nice to know that the journal, as stored in the filesystem, is intact
before using it to make changes elsewhere.
The checksum enables the filesystem to ensure that the journal is good and
avoid (further) corrupting the filesystem if it is not. An interesting
side benefit is that the checksum loosens the constraints on how the
journal is written to disk, since an incompletely-written journal will now
be detected; that should help to improve filesystem performance slightly.
Note that full data checksumming is still not on the agenda for ext4. But
checksumming the journal is a good (if small) step in the right direction.
Another change is a VFS API change, in that it turns the i_version
field of the inode structure into an unsigned, 64-bit value on all
architectures. This version number is incremented when the file is
changed, and it's stored (split into two fields) in the on-disk inode.
64-bit version numbers are required by NFSv4, which uses them to provide
the dreaded "stale file handle" error when things change.
There is a new ioctl() (EXT4_IOC_MIGRATE) which can be
used to explicitly request that the on-disk inode for a file be converted
to the ext4 format.
The ext4 filesystem is extent-based, and has been for some time.
"Extent-based" means that it tracks block allocations by extents (first
block, number of blocks) rather than storing pointers to each individual
block, as is done in ext3. There are a number of performance benefits to
doing things this way, especially for larger files. Those benefits
disappear, though, if a file's blocks cannot be grouped into the smallest
number of extents possible.
One technique which greatly helps in optimizing block allocations for files
is to allocate them in relatively large groups, rather than individually.
In 2.6.25, ext4 will contain the multi-block allocator, which does exactly
that. One might think that allocating a few blocks at a time would not be
that big of a change, but the multi-block allocator is by far the most
complex patch in the set. A lot of effort and heuristics go into deciding
how many blocks to allocate, finding the optimal set of blocks, tracking
the allocation, recovering blocks which end up never being used, ensuring
that an application cannot read pre-allocated (but unwritten) blocks in
search of leaked secrets, etc. It is quite a bit of code, but it is worth
the trouble; multi-block allocation will be enabled by default in 2.6.25.
As noted above, a number of these patches force changes to the on-disk data
structure. According to Ted, though, these should be the last on-disk
changes for ext4. There are some features which still will not have been
merged when 2.6.25 comes around - delayed allocation and online
defragmentation among them - but they should not require format changes.
So ext4 is getting closer to the point where it is considered ready for
production use.
It is not at that point yet, though, and people who use it are still
doing so at their own risk. To help drive that point home, Ted has
proposed a new mount flag
(called test_fs) which communicates to the kernel the user's
understanding that they are about to mount a developmental filesystem and
will not go filing lawsuits if things go wrong. In the absence of this
mount option, an ext4 filesystem will refuse to mount. One might think
that child-proofing the filesystem in this way would not be necessary, but
some extra care in this area can only be a good thing. Filesystem-related
surprises are rarely welcome.
Comments (14 posted)
By Jake Edge
January 23, 2008
Stuttering audio or an unresponsive desktop – typically caused by
operating system latency – are two things that annoy
users. They can be difficult problems to diagnose, though, as they are
transient
and buried deep inside the kernel. A new tool, LatencyTOP, seeks to provide more
information on where latency is occurring so that it can be fixed or avoided.
Latency is the measure of how much time elapses between when an action is
initiated and when its effects become visible. If a user clicks the mouse
button in an application, the latency is the amount of time between that
click and when the associated action begins. There are lots of different
reasons for
latency, some of which are outside of Linux's control; being able
to measure what latency the OS is contributing will be very useful.
LatencyTOP is reporting on a specific subset of latency causes, as described
in the announcement:
There are many types and causes of latency, and LatencyTOP [focuses on the]
type
that causes audio skipping and desktop stutters. Specifically, LatencyTOP
focuses on the cases where the applications want to run and execute useful
code, but there's some resource that's not currently available (and the
kernel then blocks the process). This is done both on a system level and
on a per process level, so that you can see what's happening to the system,
and which process is suffering and/or causing the delays.
LatencyTOP measures the average and maximum amount of latency in various
operations by inserting annotation calls in the kernel. An example from
the announcement is instructive:
asmlinkage long sys_sync(void)
{
+ struct latency_entry reason;
+ set_latency_reason("sync system call", &reason);
do_sync(1);
+ restore_latency_reason(&reason);
+
return 0;
}
The scheduler accumulates any time spent sleeping, between the
set_latency_reason() and restore_latency_reason() calls,
charging it to the "sync system call". Any lower level calls to set the
latency reason will be ignored in this code path – they may be useful
in other code paths – as it is the highest level active reason that
gets charged.
The current interface for annotating is likely to change, though the
semantics will stay the same. Comments on the
original submission suggested using the kernel markers feature that was
merged for 2.6.24. LatencyTOP developer Arjan van de Ven seems amenable to
that; reusing a kernel interface, rather than adding a new one, is
generally the right choice. There is other work to do as well, the patch
was submitted for other kernel hackers to test and comment on, not to be
merged into the mainline.
![[LatencyTOP
application]](/images/latencytop_sm.png)
LatencyTOP comes with a userspace application, shown at right, that
displays the information gathered. It reads from the
/proc/latency_stats file that is created by the LatencyTOP infrastructure patch
– so long as you enable CONFIG_LATENCYTOP in the kernel. It displays
the nine – an off-by-one in the code as it would seem that ten
were intended – largest latencies over the past 30 seconds in the upper pane.
![[LatencyTOP
application]](/images/latencytop2_sm.png)
A list of process names runs along the bottom of the display, which can be
selected with the arrow keys. The latency sources for
that process will then be shown in the lower pane. The example at left
shows the tool with the
firefox process selected. As can be seen, there are still lots of areas
that need annotations – "Unknown reason" along with the wait channel are
displayed when the reason has not been set. When narrowing a problem down,
it should be straightforward for a kernel hacker to add annotations to the
appropriate locations.
LatencyTOP, like its sibling PowerTOP –
also developed by van de Ven at the Intel Open Source Technology Center
– is a powerful tool for trying to track down system problems. It
will probably undergo some changes along the way: the userspace
application is still rather rudimentary and the kernel data collection
needs finer-grained locking. But, before too long, a mainstream tool
to measure system latency based on this work should appear.
Comments (5 posted)
By Jonathan Corbet
January 23, 2008
Virtualized guests running under Linux like to think that they are doing
their own memory management. The truth of the matter, though, is that the
host system cannot allow guests to directly modify the page tables used by
the hardware; allowing that sort of access would compromise the security of
the host. So, somehow, the host must be involved in the guest's memory
management. One common technique is through the use of shadow page
tables. Guest systems maintain their own page tables, but they are not the
tables used by the memory management unit. Instead, whenever the guest
makes a change to its tables, the host system intercepts the operation,
checks it for validity, then mirrors the change in the real page tables,
which "shadow" those maintained by the guest.
One problem with this technique, as implemented in Linux currently, is that
there is no easy way for the host to feed page table changes back to the
guest. In particular, if the host system decides that it wants to push a
given page out to swap, it can't tell the guest that the page is no longer
resident. So virtualization mechanisms like KVM avoid the problem
altogether by pinning pages in memory
when they are mapped in shadow page tables. That solves the problem, but
it makes it impossible to swap processes running KVM-based virtual machines out of main
memory.
This seems like a good thing to fix. And a fix exists, in the form of the
MMU notifiers patch posted by
Andrea Arcangeli (from his shiny new Qumranet address). This patch allows
an interested subsystem to be notified whenever specific memory management
events take place. The process starts by setting up a set of callbacks:
struct mmu_notifier_ops {
void (*release)(struct mmu_notifier *mn,
struct mm_struct *mm);
int (*age_page)(struct mmu_notifier *mn,
struct mm_struct *mm,
unsigned long address);
void (*invalidate_page)(struct mmu_notifier *mn,
struct mm_struct *mm,
unsigned long address);
void (*invalidate_range)(struct mmu_notifier *mn,
struct mm_struct *mm,
unsigned long start, unsigned long end);
};
These callbacks are bundled into an mmu_notifier structure:
struct mmu_notifier {
struct hlist_node hlist;
const struct mmu_notifier_ops *ops;
};
The interested code then registers its notifier with:
void mmu_notifier_register(struct mmu_notifier *mn,
struct mm_struct *mm);
Here, mm is the mm_struct structure associated with a
given address space. It is not expected that anybody will be interested in
all memory management events, so notifiers are associated with
specific address spaces. Once the notifier is in place, the callbacks will
be invoked when interesting things happen:
- release() is called when the relevant mm_struct
is about to go away. So it will be the last callback made to that
notifier.
- age_page() indicates that the memory management subsystem
wants to clear the "referenced" flag on the page associated with the
given address. This callback should return the previous
value of the referenced bit, or the closest approximation available on
the host architecture.
- invalidate_page() and invalidate_range() are both
ways of telling the guest that the given address(es) are no longer
valid - the page has been reclaimed. Upon return from this callback,
the affected address range should not be referenced by the guest.
For the curious, the KVM patches
(showing how these notifiers are used there) have also been posted.
While this patch set is aimed at KVM, there has been some interest from
other directions as well - virtual machines are not the only places where
separate (but related) page tables are maintained. Graphical processing
units on contemporary video cards are an example - they have their own
memory management units and have some interesting management issues of their own.
Remote DMA (RDMA) engines are another possible user. So these patches have
attracted comments from a few potential users, and have changed
significantly since their first posting. The discussion is still ongoing,
so further changes may come about before the notifiers find their way into
the mainline.
Comments (3 posted)
Patches and updates
Kernel trees
Core kernel code
Development tools
Device drivers
Documentation
Filesystems and block I/O
Janitorial
Networking
Architecture-specific
Security-related
Virtualization and containers
Benchmarks and bugs
Page editor: Jonathan Corbet
Distributions
News and Editorials
By Rebecca Sobol
January 23, 2008
The openSUSE project board has proposed a code
conduct for mailing lists and IRC. This would be in addition to the
existing Guiding
Principles, mailing list
netiquette guide and IRC
rules.
There seems to be a trend among open source projects to adopt a code of
conduct. As the number of people participating on mailing lists and IRC
channels increases, so does the level of poorly stated questions, off-topic
chatter and other annoyances. As levels of frustration increase so does
the potential for rudeness. Whether a poster intends to be rude, or is
only perceived to be rude makes little difference. The international
nature of this communication almost ensures there will be some
misunderstandings based on culture and language.
So do codes of conduct really work? They can, but often they do not. If
the code is not enforced then there is no incentive for anyone to read the
code, much less follow it. If the code is too actively enforced it will
stifle communication. Somewhere in between there must be a happy medium.
Finding it can be a challenge for even the most diplomatic of enforcers.
There are no quick fixes for the problems that come with active channels of
communication. There are many documents throughout the web that urge
people to be polite and helpful, how to ask better questions and how to
provide better answers. LWN readers may be more aware of them than the
average netizen. It is up to the aware to educate the unaware in as kind
and gentle a manner as possible.
Comments (4 posted)
New Releases
The FreeBSD Release Engineering Team has announced the
availability of FreeBSD 6.3-RELEASE. This release continues the development
of the 6-STABLE branch providing performance and stability improvements,
many bug fixes and new features.
Comments (none posted)
The third alpha of Foresight 2.0 has been released. " The Foresight
2.0 alpha series features a new tar-based installer, that should install in
less than 10 minutes, including formatting a 200 GB hard drive. Foresight
is also developing new editions including KDE and XFCE in addition to GNOME
available for x86 and x86_64 processors."
Full Story (comments: none)
The second maintenance release of "Dapper Drake" is available. " Over 600 post-release updates have been integrated, so that fewer
updates will need to be downloaded after installation, and a number of
bugs in the installation system have been corrected. These include
security updates and corrections for other high-impact bugs, with a
focus on maintaining stability and compatibility with Ubuntu 6.06 LTS." Click below for more details.
Full Story (comments: none)
Distribution News
Debian GNU/Linux
Petter Reinholdtsen has announced an experimental dependency based
boot sequencing project for Debian.
" For a few years now, I have worked on a replacement for the trusty old
way of organising the Debian boot. Did you ever make a package with an
init.d script, and wonder which sequence number to pick for your
script? I am talking about the numbers in the file names in
/etc/rc[S0-6].d/. Or are you one of the lucky ones that could just ask
for the defaults, and ignore the problem? Picking a good sequence
number is very hard some times, for example when you want to run after
program Z started at sequence number 20 and before program X also
started sequence number 20."
Full Story (comments: 35)
Fedora
The lawyers at Red Hat have become concerned about a set of game patents
which, apparently, are being actively enforced. These patents cover
" A game where 'targets' move across the screen to a predetermined
point or line, where the player hits a button/key/mouse click as the
target(s) crosses that point or line, and gets points." What that
means is that games of the "Guitar Hero" or "Dance Dance Revolution" genre
( pydance, for example) cannot be
part of the Fedora distribution.
Full Story (comments: 20)
The Fedora 8 package repository has been built for ARMv5 EABI, soft-float,
little endian. " The easiest way to start using Fedora 8/ARM is to
download the prebuilt root filesystem, which can be booted in QEMU, or
chroot'ed into or booted from on any ARMv5 or later processor running in
little endian mode. Additional packages can be installed by using yum,
which is provided in the filesystem."
Full Story (comments: none)
John Poelstra provides a recap of the January 13th meeting of the Fedora
board. Topics include a budget update, FUDCon F9 survey, FUDCon F10
Boston, customized spin requests, and several other topics.
Full Story (comments: none)
Gentoo Linux
Grant Goodyear, a Gentoo trustee, has posted some
information on Gentoo's status. " Many, many people have assumed,
quite understandably, that with the Foundation's charter having been
revoked, that the Foundation has thus ceased to exist. That's not really
true. You can see this by looking at the NM statutes, but it's simplest to
see by looking at what happens when NM receives the application for
reinstatement. The New Mexico public regulation commission will determine
if all of our paperwork is in order. If it isn't, they'll let us know what
we need to do to complete it. Once it is, the commission will cancel the
certificate of revocation and file a certificate of reinstatement that
takes effect "as of the effective date of the administrative revocation and
the corporation resumes carrying on its business as if the administrative
revocation had never occurred"."
Comments (none posted)
SUSE Linux and openSUSE
The openSUSE build service repository has new GPG keys. Click below to
find out more about this security feature.
Full Story (comments: 1)
Distribution Newsletters
The Fedora Weekly News for January 14, 2008 looks at the vote for the
Fedora 9 codename, Planet Fedora articles "Looking for a few good
hackers!", "Fire in the Attic, Proof of the Prize", and "PackageKit
Interview", and several other topics.
Full Story (comments: none)
A new monthly publication, taking the place of the Gentoo Weekly Newsletter that went silent last October, has been announced. The January issue of Gentoo Monthly news carries a report of the Gentoo council meeting as well as information on the Gentoo Foundation status and reactions to Daniel Robbins offer (which was covered on last week's Distributions page), KDE 4 in Gentoo, Gentoo at FOSS.in and more. Click below for the issue.
Full Story (comments: 3)
This is a special edition of the Gentoo Weekly Newsletter, covering
statistics from October 15 to December 21, 2007.
Full Story (comments: none)
This edition of the openSUSE Weekly News looks at openSUSE 11.0 Alpha 1,
Federico unveils the latest community member, Qt 4.4 in Factory; FOSDEM
draft online; more work on imaging support for the OBS, tips and tricks and
much more.
Full Story (comments: none)
The Ubuntu Weekly Newsletter for January 19, 2008 covers layout contest for
Kubuntu.org, Ubuntu case studies, mugs from Germany for your Loco Team,
FOSS in Egypt, and much more.
Full Story (comments: none)
The DistroWatch
Weekly for January 21, 2008 is out. " Continued efforts to
resolve the leadership issues in Gentoo Linux, a controversy following the
Manbo Labs deal between Mandriva and Turbolinux, and the unexpected
purchase of MySQL by Sun Microsystems were the main headlines of the past
week. But much has happened behind all the high-profile announcements too:
openSUSE released the first prototype of its new, Qt4-based installer,
Ubuntu published a free, 400-page desktop course, KDE continued to defend
its decision to release version 4.0.0 in a seemingly unfinished state, and
Dreamlinux announced the upcoming version 3.0 of its Mac OS X-like desktop
distribution. Finally, don't miss our feature story, a hands-on report
about Linux in Vietnam."
Comments (none posted)
Newsletters and articles of interest
Christopher Negus describes
the use of livecd-creator to create your own Fedora spin. " The
livecd-creator command is packaged in the livecd-tools package, along with
more than a dozen sample kickstart files. These kickstart files can be used
to build your own specialized live CD immediately, including a GNOME
desktop, KDE desktop, developer workstation, electronic lab workstation,
gaming desktop, or a minimal Fedora system."
Comments (none posted)
Interviews
Jonathan Roberts interviews
Richard Hughes and Robin Norwood about the PackageKit project.
" PackageKit aims to take the pain out of the package management on
GNU/Linux systems and create a system that can compete with Windows and
Mac. Development is proceeding at a rapid pace and it is set to be
available in Fedora 9. To find out more, we talked to Richard Hughes,
project creator, and Robin Norwood, the Fedora feature owner; as always,
you can catch some screenshots at the end!"
Comments (57 posted)
Distribution reviews
PlanetOSS has a review
of Arch Linux. " The best part of Arch is pacman (at least for
me). Pacman is a package management system which maintains the compressed
pkg files. If you know the basic options of pacman you do not need a GUI
tool for package management. Pacman is a package management system which
maintains the compressed pkg files."
Comments (none posted)
Page editor: Rebecca Sobol
Development
By Forrest Cook
January 22, 2008
LADSPA, Richard Furse's
Linux Audio Developer's Simple Plugin API, provides a plug-in
framework for software audio effects. LADSPA applications are
divided into two categories, host applications and plugins.
From the LADSPA site:
LADSPA is a standard that allows software audio processors and effects to be plugged into a wide range of audio synthesis and recording packages.
For instance, it allows a developer to write a reverb program and bundle it into a LADSPA "plugin library." Ordinary users can then use this reverb within any LADSPA-friendly audio application. Most major audio applications on Linux support LADSPA.
Recently, the
LV2 Audio Plugin Standard
was announced
by Dave Robillard, the aim of LV2 is to replace LADSPA:
LV2 is a standard for plugins and matching host applications, mainly targeted at audio processing and generation.
LV2 is a simple but extensible successor of LADSPA.
intended to address the limitations of LADSPA which many applications
have outgrown.
While LADSPA has been quite successful with many plugins and hosts, it is quite limited and can't be extended without breaking existing implementations. LV2 in contrast is designed with extensibility in mind right from start.
One of the LADSPA limitations comes from the use of fixed data fields
in the plugin binaries. LV2 defines its plugin data by using the
Resource Description Framework (RDF) standard.
This allows for a much wider variety of plugin data definitions.
The RDF files also allow for the inclusion of multiple string
definitions, which allows for plugin internationalization.
The core LV2 code is intentionally designed to be small and generic,
while allowing for support of independently designed extensions.
Plugin identification has been changed from an ID number to a URI,
this allows for extended capabilities such as the reference or fetching
of plugins across the network.
While LADSPA only used floating point numbers for port connections, LV2
supports port type extensions. This can be used to handle
MIDI, OSC
(OpenSound Control), frequency domain and other types of data.
LV2 bundles of all of the data for each plugin into a single directory
for easy access. As with ALSA, the actual lv2 core specification
is relatively simple, the
lv2core-1.tar.gz
source file consists of a C header file, some build files and
documentation.
Several software packages were released at the same time as the
LV2 standard announcement.
SLV2 0.4.2 is a C library
that is used to access the LV2 plugins:
"Unlike LADSPA, LV2 is (more or less) designed with the assumption that
hosts will use a library to discover/load/use plugins. SLV2 is one such
library, which does the Right Thing with as little burden on host
authors as possible."
The
lv2dynparam extension and helper was also announced:
"The extension consists of a header describing the extension interface
and libraries, one for plugins and one for hosts, to expose
functionality in more usable, from programmer point of view, interface."
Three LV2 compatible plugins were also announced by author Nedko Arnaudov, these include the
lv2vocoder version 1,
Simple Sine Generator 20080109 and
zynadd plugin version 1.
Arnaudov also released
zynjacku version 1,
a JACK based GTK2 host for LV2 synthesizers.
The success of LV2 will revolve around its adoption by one or more of the
major LADSPA applications, as well as the conversion of more LADSPA
plugins. Conceptually, LV2 seems like a step forward for the Linux audio
plugin architecture.
Comments (1 posted)
System Applications
Database Software
A new release of Mogwai ERDesigner NG has been
announced.
" The Mogwai project is proud to announce the redesigned version of the famous Mogwai ERDesigner entity relationship design tool!
Mogwai ERDesigner NG is the redesigned version of the prior Mogwai ERDesigner. In its current development phase, it supports visual editing and reverse engineering of the following databases : MySQL, MSSQL, PostgreSQL , Oracle and generic JDBC. The database model is stored as a XML file, so it can be further processed by other tools.
The new Release 1.0.1 includes some bugfixes, and is also the base for further development like SQL DDL generation and schema version tracking."
Comments (none posted)
Version 8.3 RC2 of the PostgreSQL DBMS has been announced.
" The community testing of RC1 has yielded positive results. We avoided
several serious bugs and are now releasing 8.3 RC2. We need the entire
community to continue testing to help us get to the final release.
Please report your bugs before the end of the month!"
Full Story (comments: none)
The January 20, 2008 edition of the Postgres Weekly News
is online with the latest PostgreSQL DBMS articles and resources.
Full Story (comments: none)
Device Drivers
Version 2.7p3 of owfs
is available,
this release features performance improvements and C# support.
" OWFS -- 1-Wire file system. Use the Dallas 1-Wire and iButton chips with standard linux commands. Create temperature loggers. Monitor everything. OWHTTPD -- same system, only used as a light weight web server. OWFS is also ported to WRT54G and Coldfire".
Comments (none posted)
Interoperability
Version 4.0.0alpha2 of Samba has been
announced.
" Samba 4 is the ambitious next version of the Samba suite that is being developed in parallel to the stable 3.0 series. The main emphasis in this branch is support for the Active Directory logon protocols used by Windows 2000 and above.
Samba 4 is currently not yet in a state where it is usable in production environments. Note the WARNINGS below, and the STATUS file, which aims to document what should and should not work."
Comments (none posted)
Security
Version 1.3 of WifiZoo, a tool for passively gathering wifi information,
has been announced.
" WifiZoo v1.3 is out there. this is a minor release, it basically
addresses some minor functionality issues and stuff".
Full Story (comments: none)
Telecom
Stable version 3.0 of OpenBaseMovil has been
announced.
" OpenBaseMovil is an enterprise-class J2ME application framework, which includes many features being the most notable the J2ME Relational Database Engine openbasemovil-db, but also the user interface engine that allows you to create your views using XML, and lots of other useful things like local connectivity to Bluetooth devices like bar-code scanners, printers or GPS antennas."
Comments (none posted)
Web Site Development
Version 1.8.6 of Midgard is out with major bug fixes and enhancements.
" Midgard is a capable open source content management system for running
mid-to-high-end websites. In addition to the built-in content management
features, Midgard also provides a highly object-oriented component architecture
for building interactive web applications that integrate seamlessly with the
website."
Full Story (comments: 2)
Miscellaneous
Version 3.1 of Data Crow, a cross-platform
movie, video, book, image, software and music cataloger/DBMS, has been
announced.
" This latest production version is a major overhaul of the internal system of Data Crow. The changes will not be immediately apparent to the average user however it has caused noticeable positive side effects: increased startup performance, lower memory usage, better performing views."
Comments (none posted)
Desktop Applications
Audio Applications
KDE.News has
announced
the publication of
Issue 11
of the Amarok Insider.
" Amarok Insider is the newsletter previously known as Amarok Weekly News (AWN), and is now hosted on the official Amarok website. The new issue covers the freshly released Amarok 2.0 Technical Preview, Amarok's Media Device architecture, the Context View, Playlist, Service Framework, the MS Windows version, recent happenings inside the Amarok team, and much more."
Comments (none posted)
Open Sound Control (OSC)
support is being added
to the Ardour multi-track audio editor.
" Jonathan Stowe wrote a Perl module to allow remote control of Ardour with Perl via OSC. At present, OSC control is limited to transport and per-track solo/mute/rec-enable operations. Hopefully with this module there to make testing and development of a remote control application easier, OSC control can be expanded in interesting ways."
Comments (none posted)
Version 1.0.4 of wxCommunicator, a cross platform SIP application, has been
announced.
" wxCommunicator 1.0.3a has been released. It is compiled with wxWidgets 2.8.7 and sipxtapi SDK 3.1.1.0 built on 21.1.2008. Easier dialing - just enter number, 2 new ringtones, faster call history deletion, audio energy meters."
Comments (none posted)
Desktop Environments
Version 2.21.5 of GNOME has been announced.
" This is the fifth release of the GNOME 2.21.x series, heading towards
the stable GNOME 2.22.x release."
Full Story (comments: none)
Version 2.21.5 of GARNOME has been announced.
" The "more change brings more change" release.
We are pleased to announce the release of GARNOME 2.21.5 Desktop and
Developer Platform. This is the fifth development release on our road
towards GNOME 2.22.0, which will be released in March 2008.
This release comes with more features, more fixes, and yet more madness."
Full Story (comments: none)
The following new GNOME software has been announced this week:
You can find more new GNOME software releases at
gnomefiles.org.
Comments (none posted)
Day two of the KDE 4.0 release event is covered by KDE.news. There were presentations on KDE 4 history and roadmap, KOffice, the Qt GPLv3 licensing, Amarok, and more. " Then, Aaron explored
what KDE is, and what our community is based on - freedom and openness.
Freedom to do work, have fun, and connect with others. Further, Aaron moved
on to KDE 4, and discussed the near-future plans and ideas. The vision of KDE
4 is based upon three principles: beauty, accessibility, and functionality."
Comments (none posted)
Trolltech has announced that, effective immediately, the Qt libraries will be distributable under version 3 of the GPL. " Trolltech hopes that its move will inspire free software projects to use GPL v3 when programming with Qt." Qt will be dual-licensed, with GPLv2 remaining an option.
Comments (40 posted)
A new KDE release schedule has been announced:
" KDE switches to time-based, 6 months release cycle,
KDE 4.1 to be released in July"
Full Story (comments: none)
The following new KDE software has been announced this week:
You can find more new KDE software releases at
kde-apps.org.
Comments (none posted)
Financial Applications
Version1.2.12 of LedgerSMB, a web-based accounting system,
has been announced.
" The LedgerSMB team has released LedgerSMB 1.2.12 which includes a number of
non-critical bug fixes. The major fixes in this release include fixes to
warehouse transfer logic, some error handling corner cases, and some fixes
to lastcost/avgcost updates."
Full Story (comments: none)
Music Applications
Version 0.6.2 of Jackbeat, an audio sequencer, has been announced.
This releases adds several new capabilities, bug fixes and new drum
kits.
Full Story (comments: none)
Version 0.0 of miniloop has been announced.
" miniloop is a simple live looping program. It can load a number of
stereo audio loops of equal length from the disk and loop them in sync
with each other, sending each loop to a different pair of JACK audio
outputs. These outputs are intended to be subsequently fed into an
external software mixer, such as Ardour. For live performance, you
will want to control the mixer using a MIDI control surface."
Full Story (comments: none)
Video Applications
Version 0.9.0 of the Dirac video CODEC has been announced:
" Major release complying with the latest Dirac Bytestream Specification
Dirac 2.0.0. The specification document can be downloaded from
http://dirac.sourceforge.net/specification.html".
This release includes numerous enhancements and bug fixes.
Full Story (comments: 2)
Languages and Tools
C
The January 21, 2008 edition of the GCC 4.2.3 Status Report
has been published.
" The 4.2 branch is in regression-only mode. Since it has been more
than two months since the last release, I propose to prepare 4.2.3-rc1
on Friday 25 January, with either rc2 or the final release on Friday 1
February. Therefore, the branch will go into slush (all changes must
be approved by an RM) at 18:00 UTC on Friday, until the release is
out."
Full Story (comments: none)
The January 21, 2008 edition of the GCC 4.3.0 Status Report
has been published.
" We are in Stage 3. When we reach 100 open regressions, we will go to
regression-only mode; one of the release managers will announce the
exact time the mode is entered. When we approach the 4.3.0 release,
we will create a branch, and open Stage 1 for 4.4.0."
Full Story (comments: 1)
Martin Michlmayr has sent in a report on the status of the GCC 4.3
compiler on the HPPA architecture.
" I recently compiled the Debian archive (around 7000 packages that need
to be compiled) on HPPA (PA RISC) using trunk to identify new issues
before GCC 4.3 is released."
Full Story (comments: none)
Caml
The January 23, 2008 edition of the Caml Weekly News
is out with new articles about the Caml language.
Full Story (comments: none)
Perl
Version 0.5.2 of the Parrot virtual machine has been
announced.
" Parrot 0.5.2 Highlights:
"make perl6" uses the new pbc_to_exe tool to build a Perl 6 executable. It's still a ways from being a finished implementation of Perl 6, but we're working on that. Come join us! Parrot now has a LOLCODE implementation!"
Comments (none posted)
The
Perl 6 Design Minutes for the January 9, 2008 meeting have been
posted.
" The Perl 6 design team met by phone on 09 January 2008. Larry, Allison, Patrick, Jerry, Will, Jesse, Nicholas, and chromatic attended."
Comments (none posted)
The January 6-12, 2008 edition of
This Week on perl5-porters is out with the latest Perl 5 news.
Comments (none posted)
PHP
The January 3, 2008 edition of the Zend Weekly Summary
is out with new articles about PHP. Contents include:
" Taint mode decision; late static binding; property type hinting; PECL/core relations; WDSL load error; how to disable the built-in POST handler; a cleanup and maintenance offer; optional scalar type hinting [continued]; string parser BC breakage; ternary shortcut reaches PHP_5_3".
Comments (none posted)
Python
The January 21, 2008 edition of the Python-URL! is online with
a new collection of Python article links.
Full Story (comments: none)
XML
Version 1.1.0.6 of XML Copy Editor, a validating XML editor, has been
announced.
" Version 1.1.0.6 introduces full Aspell support and XML Schema-based element inspection."
Comments (none posted)
Version Control
Version 1.0a1 of ODF-SVN has been
announced.
" odfsvn is a toolset that allow you to manage ODF documents in a subversion repository: it allows simple methods to checkout documents from a repository, update documents to the latest version and commit changes."
Comments (none posted)
Miscellaneous
Version 0.2.0 of Bugzilla C# Proxy has been
announced.
" Bugzproxy is a C# based assembly that provides access to a Bugzilla server, using the WebService interface of Bugzilla 3.0 or newer (at least 3.0.2 recommended). Works with both MS Windows and Linux/Mono.
This release adds several minor changes, a more .net like API, and support for appending a comment to a bug."
Comments (none posted)
Version 4.19 of SP-Forth has been
announced.
" ANS Forth for Win32 and Linux/x86 (used to compile the following SF projects: acWEB, acFTP, acFreeProxy, acSMTP, Forth-Script)
This release features fixes and improvements in kernel, adds more documentation."
Comments (none posted)
Page editor: Forrest Cook
Linux in the news
Recommended Reading
ars technica has posted a detailed review of KDE 4.0. " The KDE development team controversially decided to release 4.0 in a premature state in order to stimulate user interest and promote accelerated development. The result is that KDE 4.0 is, in many ways, like a preview for developers and technical enthusiasts rather than a release for enterprise desktops and production environments. My extensive testing shows that KDE 4.0 can be used on a day-to-day basis, but there are many inconveniences posed by the software's current limitations. In this article, I will try to provide a balance of forward-looking analysis and detailed descriptions of the software's current state."
Comments (none posted)
O'ReillyNet compares
LILO and GRUB. " LILO (Linux Loader) and GRUB (GRand Unified
Bootloader) are both configured as a primary boot loader (installed on the
MBR) or secondary boot loader (installed onto a bootable partition). Both
work with supporting operating systems such as Linux, FreeBSD, Net BSD, and
OpenBSD. They can work with unsupported operating system, such as Microsoft
Windows XP, in the configuration file. Both allow users—root
users—to boot into single-user-mode."
Comments (41 posted)
Trade Shows and Conferences
KDE.news wraps up its coverage of the KDE 4.0 release event with a summary of the talks and demos from the final day. Some of the topics covered were KDE on Windows and Mac, KStars, KNetworkManager, Open Document Format, and more. " There were also big name visitors from the Linux community including Andrew
Morton and developers with NVidia and AMD, as well as many from within our
hosts, Google. This event has not only been a successful celebration of the
start of our KDE 4 series, it has also been an excellent opportunity to meet
and talk with a section of our community who have been unable to get to our
European conferences."
Comments (8 posted)
Companies
Heise Security reports that Crispin
Cowan, creator of AppArmor, has joined the Windows Security Team.
" In October of last year, Novell parted with Cowan and five other
AppArmor developers, who had been brought on board in mid-2005 following
the company's acquisition of Immunix, which included AppArmor."
Comments (none posted)
ITPro
looks at Red Hat's history and current state.
" As the biggest open source company in the world, Red Hat stands at a significant crossroads between its open source roots and significant growth in enterprise demand for its products, as underlined by changes made to its management, discontent within its user community and a sharp rise in profits."
Comments (1 posted)
Linux Adoption
Heise Online reports that
the German Federal Employment Office (BA) has switched to Linux.
" The BA is using the OpenSuse 10.1 Remastered distribution and the
latest version of the Firefox web browser. The software was installed on
the server as a repository and the clients can access it via PXE Boot. The
BA told heise online that the switch, concluded at the end of last year,
lasted some nine months including planning and did not involve any external
service providers - it carried no additional costs."
Comments (1 posted)
Guardian Unlimited
examines a collaborative Linux effort between North and South Korea.
" Under the banner of "Hana Linux" - literally "One" Linux - the two countries have agreed to work on a groundbreaking IT development project that might shatter the final Cold War boundary.
South Korea is one of Linux's biggest converts. Since discovering the free operating system in 2003, officials have unveiled plans to switch all government-run offices to Linux. Now under the terms of the agreement signed between the two states, South Korea will set up Linux training centres in North Korea."
Comments (16 posted)
Legal
Groklaw
analyzes an Open Document Format Alliance paper that
finds a number of problems with the recent Burton Group Report on
ODF and MSOOXML.
" 6. Burton calls ODF "somewhat simple" compared to OOXML. Smile. Being simpler than Microsoft's 6,000-page initial offering is probably not hard to accomplish. Nor is it a bad thing in a standard. Call it a feature, not a bug. You want people to be able to use the standard, after all. Many of the comments that the National Bodies' technical committees offered had to do with the sheer impossibility of even evaluating something so long and complicated in a short space of time."
Comments (none posted)
Resources
InformationWeek offers
advice to those who would create their own distribution.
" Remastering, or respinning, involves installing a given
distribution, customizing it, and then recompiling the distribution,
modifications and all, back into an image file (typically an .ISO). In the
last couple of years this approach has become much easier thanks to
collections of community-created tools and scripts to automate the process,
so it's something that is rapidly becoming a native function for many
distributions. If you're just getting your feet wet with Linux and want to
try your hand at creating a modified distribution, this is the best place
to start."
Comments (3 posted)
Page editor: Forrest Cook
Announcements
Non-Commercial announcements
The OpenSAF Foundation has been
formed by telecommunications and enterprise computing companies to
promote the development and adoption of an open source implementation of a
high availability base platform middleware based on Service Availability
Forum(TM) (SA Forum) Specifications. This project uses the LGPLv2.1
license.
Comments (none posted)
Commercial announcements
Cluster Resources, Inc. has announced the release of its
Moab Workload Manager 5.2 HPC resource management and scheduling software.
" Running one Linux cluster and one Windows cluster, each with different peak
usage and idle times is expensive and inefficient; running Windows on a
Linux cluster yields maximum hardware utilization and ROI. Moab 5.2 removes
the barrier of a node's operating system by maximizing workload throughput
with a single self-optimizing system that balances the number of nodes
running a particular OS against user/group and workload service levels."
Full Story (comments: none)
Indamixx Portable Studio is a bundle of open-source audio software
on a portable tablet computer which was recently
announced
with a price tag of $999.99.
" The hardware is the Samsung Q1 Ultra. It comes with a 90 day
manufacturers warranty. Online technical support is provided by
64studio.com for 90 days and we have included 90 days of icecast2
server access for those who enjoy streaming audio with IDJC".
Currently, the
Indamixx site
only contains a photo of the device.
Comments (none posted)
Linspire, Inc. has
announced that it is partnering with Mirus Innovations to sell a
$199 PC through Sears.
" Value-priced - after $100 mail-in rebate - Linux PC features an Intel Celeron 1.6GHz Intel Celeron processor, 1GB memory, 80GB hard drive,
Freespire 2.0, free CNR software delivery service and more".
Comments (11 posted)
Openads has
announced the receipt of 15.5 Million dollars in funding.
" Openads, the developer of the free,
open source ad server now used by more than 30,000 publishers worldwide,
today announced the completion of its Series B financing. The $15.5 million
investment was led by Accel Partners, with participation from existing
investors Index Ventures, First Round Capital, Mangrove Capital Partners
and O'Reilly AlphaTech Ventures. The company will use the funds to
accelerate product development and expand its team to support its large
publisher community, which is now using Openads to deliver billions of ads
daily in over 100 countries around the world."
Comments (none posted)
Timesys Corporation has announced that it will provide Linux support for
the Xilinx high-performance Virtex FPGA platform.
" Starting today, Timesys is offering LinuxLink subscriptions for
the Xilinx Virtex-4 FX platform, which provides up to two PowerPC(R)
405, 32-bit RISC processor cores in a single device. Additional
support for other Xilinx FPGAs will be available in the coming months."
Full Story (comments: none)
Resources
The January 16, 2008 edition of the FSFE Newsletter is online
with the latest Free Software Foundation Europe news.
Topics include:
MS vs EU - Microsoft Releases Interoperability Information To SAMBA,
FSFE Supports New Antitrust Case, Google Contributes To The FTF,
Free Software Story In Berlin, FScons, Privatsphaere.org Meeting On Privacy,
STACS Session In Belgrade and
Serbian Ministry For Information Society Undertakes Localisation Efforts.
Full Story (comments: none)
Peter Alguacil takes a look
at Google search trends. Comparisons include Ubuntu, Red Hat, SUSE, Fedora
and Debian. KDE and GNOME, and more. " Though looking at search
statistics can never give a complete picture, this gives an interesting
perspective to how things are going for Linux, especially when viewed
through the eyes of such a dominant and pervasive search engine as
Google."
Comments (42 posted)
Event Reports
KDE.News has a report from the
KDE 4.0 Release Event in Mountain View, California. " The Plasma
gathering was probably the busiest, drawing a large crowd. Aaron Seigo,
lead Plasma developer, initiated the session with an introduction of Plasma
concepts, explanations of fundamental design decisions, and how Plasma
enables new interaction possibilities over the KDE 4 cycle."
Comments (none posted)
Meeting Minutes
The minutes from the January 2, 2008 GNOME Foundation Meeting have been
published.
Full Story (comments: none)
The minutes from the January 16, 2008 Linux Foundation Desktop Linux
Workgroup Conference Call have been published.
Full Story (comments: none)
Calls for Presentations
A call for papers has gone out for a Special Issue of the
SIGOPS Operating Systems Review on the topic of
Research and Developments in the Linux Kernel.
" For this OSR special issue, we welcome technical papers covering the
latest advances that have been or will soon be merged into the Linux
kernel, as well as wild idea papers discussing promising experimental
work. In recognition of the current chasm that we wish to bridge, we
encourage papers from both the Linux kernel community and the research
community."
The submission deadline is March 14, 2008.
Full Story (comments: none)
A
call for papers has gone out for the 2008 Samba eXPerience.
" From April 17th to 18th 2008 developers and users will meet again in Goettingen, Germany at the seventh international Samba conference, the "samba eXPerience 2008"." The submission deadline is January 28.
Comments (none posted)
A call for papers has gone out for the Troopers 08 Security Conference.
" Troopers 08 - get skilled or get owned" is a new two-day conference that brings together some of
the brightest minds of the international infosec community. The event will be held on 23rd and 24th
april 2008 in Munich/Germany. Keynotes will be given by Dan Bernstein and Christofer Hoff.
There will be two tracks, a kind-of-classical one that we call the "Attack Track" (covering
cutting-edge hacktechniques and security discussions) and another one we call the "Defend Track"
which mainly addresses ISOs from large organizations and their specific needs and concerns."
The submission deadline is February 15.
Full Story (comments: none)
Upcoming Events
David Cramer's
blog
notes the presence of the Django web platform team at
PyCon in March.
" Of course, Django will be very well represented at PyCon, with activities for Djangonauts of all skill levels:
I'll be teaching a Beginning Django tutorial aimed at folks just getting started with Django. In past years this tutorial has filled up rapidly, so if you'd like to attend I recommend signing up soon.
Also on the tutorial day will be a Django "Code Lab" designed for people with some Django projects already under their belts. We've got a great panel of experts lined up to critique and improve your code: Adrian Holovaty, James Bennett, and yours truly."
Comments (none posted)
The 2nd Linux Foundation Collaboration Summit will be held on April
8-10, 2008 at the UT Austin Supercomputing Center in Austin, TX.
" This unique, invitation-only event brings together the brightest minds in
the Linux ecosystem from the kernel, end user, desktop, legal and vendor
communities to collaborate on the advancement of the Linux platform.
Attendees can expect purposive discussion, examination and debate through
engaging plenary session content and workgroup meetings. Breakout sessions
contain all the domain expertise and key players necessary to make immediate
contributions to the platform."
Full Story (comments: none)
The UKUUG Spring 2008 Conference
has been announced.
" UKUUG is the UK's open systems organisation, promoting the use of open systems, standards and software everywhere, UKUUG holds two annual conferences as well as seminars and tutorials throughout the year.
UKUUG's Spring conference is aimed at people with responsibility for large systems; 2007's conference targetted virtual systems and this interest is being maintained for 2008."
Comments (none posted)
Events: January 31, 2008 to March 31, 2008
The following event listing is taken from the
LWN.net Calendar.
| Date(s) | Event | Location |
|---|
January 28
February 2 |
Linux.conf.au 2008 |
Melbourne, Australia |
January 28
February 1 |
Ruby on Rails Bootcamp with Charles B. Quinn |
Atlanta, Georgia, USA |
January 29
January 31 |
Solution Linux 2008 |
Paris, France |
| February 1 |
Open Island |
Belfast, United Kingdom |
February 6
February 10 |
O'Reilly Money:Tech Conference |
New York, NY, USA |
| February 7 |
Frozen Perl 2009 |
Minneapolis, United States |
February 8
February 10 |
Southern California Linux Expo |
Los Angeles, USA |
February 10
February 13 |
NDSS Symposium 2008 |
San Diego, CA, USA |
| February 11 |
Florida Linux Show 2008 |
Jacksonville, Florida, USA |
| February 11 |
Open Source Software (OSS) and the U.S. Department of Defense (DoD) |
Alexandria, VA, USA |
February 13
February 15 |
German Perl-Workshop |
Regionales Rechenzentrum Erlangen, Germany |
| February 16 |
Frozen Perl 2008 Workshop |
Minneapolis, USA |
February 19
February 20 |
Linux Developer Symposium |
Beijing, China |
February 19
February 20 |
Files and Backup |
London, UK |
February 22
February 24 |
freed.in/2008 |
Delhi, India |
February 23
February 24 |
Free/Open Source Developers' European Meeting 2008 |
Brussels, Belgium |
February 23
February 26 |
Linux World Mexico |
Mexico City, Mexico |
February 25
February 26 |
2008 Linux Storage and Filesystem Workshop |
San Jose, CA, USA |
February 25
February 29 |
NEW PHP 5 and PostgreSQL Bootcamp with Mark Fenoglio |
Atlanta, Georgia, USA |
February 25
February 27 |
German Perl Workshop |
Frankfurt, Germany |
February 28
March 1 |
Linux Audio Conference |
Cologne, Germany |
March 1
March 2 |
Chemnitzer Linux-Tage 2008 |
Chemnitz, Germany |
March 3
March 6 |
O'Reilly Emerging Technology Conference |
San Diego, CA, USA |
March 3
March 6 |
Drupalcon Boston 2008 |
Boston, MA, USA |
March 4
March 9 |
CeBIT Germany |
Hannover, Germany |
March 8
March 14 |
Asia OSS Conference & Showcase 2008 |
Guangzhou, China |
March 11
March 12 |
4th AustralAsian Cleantech Forum |
Melbourne, Australia |
March 14
March 16 |
PyCon 2008 |
Chicago, IL, USA |
| March 15 |
FSF Associate Members Meeting |
Cambridge, MA, USA |
March 16
March 19 |
BossaConference 2008 - International Conference on Open Source Software for Mobile Embedded Platforms |
Pernambuco, Brazil |
March 16
March 21 |
Novell BrainShare 2008 |
Salt Lake City, UT, USA |
March 16
March 20 |
Free Software and Open Source Foundation for Africa |
Dakar, Senegal |
March 17
March 20 |
Eclipse Community Conference |
Santa Clara, CA, USA |
March 17
March 20 |
Spring VON.x Conference |
San Jose, CA, USA |
March 19
March 20 |
LinuxWorld Expo 2008 Brussels |
Brussels, Belgium |
| March 24 |
SDForum Global Open Source Conference |
San Francisco, CA, USA |
March 26
March 28 |
CanSecWest 2008 |
Vancouver, BC, Canada |
| March 26 |
Document Freedom Day |
Everywhere, Worldwide |
March 29
March 30 |
PostgreSQL Conference East 2008 |
College Park, MD, USA |
If your event does not appear here, please
tell us about it.
Audio and Video programs
Free Electrons has released free
Ogg/Theora videos from the first edition of the European Edition of CELF's
Embedded Linux Conference, which happened in Linz, Austria last
November, together with the 9th Real-Time
Linux Workshop organized by the Real-Time Linux Foundation.
Full Story (comments: none)
Page editor: Forrest Cook
|
|
|