LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

LWN Weekly Edition

Leading items
Security
Kernel development
Distributions
Development
Linux in the news
Announcements
->Multipage format

 

This page

Previous week
Following week

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

LWN.net Weekly Edition for January 31, 2008

Ten-year timeline part 4: the end and the beginning

By Jonathan Corbet
January 30, 2008
When your editor started this series, the idea was to have four installments covering the ten-year life (so far) of LWN. Well, this is the fourth installment, and it gets less than halfway there. This is not, it seems, a topic which inspires brevity. So this series will continue past the anniversary, though your editor anticipates picking up the pace a bit for the second five years. There is less to be learned, arguably, by looking at events in the relatively recent past.

Anyway, at the end of the third installment, LWN had been unacquired by Tucows and was, once again, on its own. The worst of the dotcom bust may have passed, but it was still a somewhat scary environment in which to be attempting to restart a business. It was, in fact, even scarier than we had thought when we so naively set out to show that we could do a better job of bringing in the cash than Tucows did.

  • February 7, 2002: Linus tries BitKeeper at last.

  • February 14, 2002: Sun states that it will "ship a full implementation of the Linux operating system." Dave Whitinger joins LWN.net.

Dave Whitinger was, of course, one of the founders of LinuxToday. He joined LWN with the intent of helping us develop the advertising side of the business. That did not work out as intended, but it is hardly Dave's fault; it was a terrible time to be trying to sell advertising.

  • February 28, 2002: Sun cuts off free access to StarOffice, but we had OpenOffice.org by then and didn't mind. BitKeeper starts to settle in as the kernel's source management system.

Linus stuck with BitKeeper after his initial trial, setting a number of things in motion. For the next few years, the use of proprietary software at the core of the kernel development process would be a constant source of unhappiness and worry - and, in fact, the story had just the sort of unhappy ending that some observers had feared. But this was also the move which rationalized the kernel work flow and made the whole system scale; the incredible rate of change we see now would not have been possible without it. The use of BitKeeper also made the community aware of what distributed source control could do and, eventually, inspired the creation of a number of free programs with the same essential features. One could say that the community would have eventually developed these systems on its own without the push from Larry McVoy and BitKeeper, and that's probably true. But the fact is: we didn't do it at that time, so we had no real alternative to BitKeeper.

  • March 7, 2002: Martin Dalecki's "IDE cleanup" patches start to raise concerns among kernel developers, who have this strange notion that their disks should actually work. A petition against the use of BitKeeper circulates on the net. Eric Raymond goes around telling the world that the kernel development process is "in crisis."

  • March 14, 2002: Richard Stallman claims that the GNU HURD will be ready by the end of the year. MandrakeSoft pleads for donations to keep the business alive - and LWN does too. Martin Dalecki officially takes over IDE maintenance - and breaks more systems.

We got about $5,000 from our initial plea for donations. It was a real act of generosity on the part of our readers, but one does not keep a business with five employees going for very long with that sort of money.

  • March 28, 2002: The proposed "consumer broadband and digital television promotion act" would require DRM technology in all software which touches digital media. Lineo lays off more staff.

  • April 25, 2002: More BitKeeper flames. Lineo goes through a "recapitalization" effort to be able to do things like pay its employees.

  • May 2, 2002: OpenOffice.org 1.0 is released.

  • June 6, 2002: LWN switches to the "new" site code. Red Hat applies for a few software patents. ADEOS, a real-time system which avoids the RTLinux patent, is released. UnitedLinux launches. Mozilla 1.0 is released.

It is amazing how many readers hated the new code. Certainly there were a lot of silly things in the initial version of the site; we fixed a number of them in a hurry. Many readers disliked the ability to post comments - often posting comments to that effect. The addition of comments was something we thought about carefully for a long time; we were quite concerned that they could ruin the feel of the site. In the end, it seems, trusting our readers has paid off; the quality of the conversation here is often quite good.

UnitedLinux was a cooperative effort between Caldera, Conectiva, SuSE, and Turbolinux; the idea was to join together to create a common base from which each could then craft a separate product. The effort was never all that successful, and the presence of Caldera would, of course, doom it outright in the end. But it was a big deal at the time. It is interesting to see that Mandriva (despite MandrakeSoft's refusal to join UnitedLinux) and Turbolinux are now attempting a very similar sort of arrangement.

  • June 13, 2002: Secure Computing Corporation claims patents on SELinux.

  • June 27, 2002: The 2002 kernel summit sets October 31 as the date for the 2.6 feature freeze. GNOME 2.0 is released.

  • July 4, 2002: Darl McBride takes over at SCO.

  • July 25, 2002: LWN announces "the end of the road." The "IDE cleanup" patch series (up to number 100) causes system lockups and file corruption. Debian GNU/Linux 3.0 ("woody") is released. Version 1.0 of the Ogg Vorbis codec is released.

By the end of July, we had come to realize that the advertising business was not going to work out for LWN, and we were short of other ideas. The bank account had reached a point where we could not pay even very small expenses. So we concluded that it was time to throw in the towel and try something else - though we had no clue of what "something else" might be. It was with a heavy heart that we announced our plan to shut down the site.

What happened next is that our donation box, which had sat mostly empty after the initial announcement, was suddenly topped up to the tune of about $35,000. Many of the donations came with notes to the effect of "use this to throw a big party." This, shall we say, got our attention. We decided that, just maybe, the subscription idea was worth a try after all, and decided to make a go of it. It was not the end after all.

  • August 1, 2002: A new beginning. HP tries to use the DMCA to shut down disclosure of security holes.

  • August 15, 2002: Distributions from MandrakeSoft, Red Hat, and SuSE are certified to be compliant with the Linux Standard Base.

This was when our credit card merchant bank at the time decided that all those donations might just be fraudulent. So they seized the money back out of our bank account. That, too, got our attention. It took a few months and some lawyer time to get the money you all had sent in our direction; during that time, it was money from PayPal (the subject of everybody else's horror stories) that kept the lights on while our main source of cash was blocked.

Needless to say, we got a new merchant bank, which we still use to this day. The new bank exhibits a rather higher clue level than the old one did, but we also learned a valuable lesson: don't mess with the credit card money pipeline. Every now and then, somebody asks why we don't accept pure donations; this is why.

  • August 22, 2002: Martin Dalecki quits and the entire series of 115 "IDE cleanup" patches is deleted from the 2.5 kernel.

  • August 29, 2002: British Telecom's attempt to patent the web dies in court. The BitKeeper license changes. Caldera becomes the SCO Group.

  • September 12, 2002: Some patches get dropped after Linus starts running his mail through a spam filter.

It's hard to believe that, only 5+ years ago, somebody with an email address as well distributed as Linus's could get by without spam filtering. There are a lot of free "productivity" applications, but, arguably, few have actually increased productivity to the extent that SpamAssassin has.

  • September 26, 2002: The first development release of the "Phoenix" browser is announced. UnitedLinux upsets the community by releasing a closed beta.

Phoenix was the Mozilla Foundation's answer to (relatively) lightweight browsers like Galeon, which had managed to turn the Gecko engine into something which was truly usable. The Phoenix browser proved popular, and eventually became the tool now known as Firefox.

  • October 3, 2002: The first subscriber-only weekly edition. Eldred v. Ashcroft is argued in the U.S. Supreme Court.

Eldred v. Ashcroft, argued by Lawrence Lessig, was an attempt to roll back copyright extension in the US; it eventually was unsuccessful. To this day, there still has not really been a successful challenge to the extensions to copyright passed over the last few decades - though some especially nasty attempts to make things even worse were defeated.

With the October 3, 2002 edition, LWN adopted the new policy of requiring subscriptions in order to read our original content prior to the publication of the weekly edition. That policy has stayed essentially unchanged since then, despite the occasional temptation to increase the subscriber-only period. Subscription rates have also stayed unchanged, even though raising them is also tempting.

Subscriptions have certainly been successful, in that they have kept the operation going in the years since then. And there is a real joy associated with being truly answerable to our readers instead of advertisers. Nonetheless, it is a challenging business; people do not like to pay to read web-based content. The fact that so many of our readers are willing to do so is most gratifying. Trends in other parts of the net are moving away from this approach, though, with formerly subscription sites moving to pure advertising models. So it will be interesting to see how it all plays out in the future.

Meanwhile, next week's installment will look at how things went for Linux (and LWN) starting toward the end of 2002. Stay tuned.

Comments (39 posted)

LCA: Bruce Schneier on the two sides of security

By Jonathan Corbet
January 30, 2008
The conference portion of linux.conf.au opened on Wednesday morning with a keynote by Bruce Schneier. LCA is a sold-out event; in fact, there are rather more attendees than can be fit into the hall where the keynotes are held. Thus the room was packed, with the second-class citizens - those with yellow badges who put off registration until late - watching a remote feed in a separate room. Those folks may have had a more distant experience, but it was almost certainly a cooler one too.

Bruce's key point is that we need to rethink how we try to achieve security, though it took a while to explain just why that is. Security, he says, has two components:

  • The feeling of security: that which helps us to sleep well at night.

  • The reality of security: whether we are, in fact, secure.

These two aspects of the problem are entirely separate from each other, but they both have to be addressed if our security goals are to be achieved.

Security is always a set of tradeoffs which we are all making every day. As an example, consider that, in all likelihood, nobody in the audience was wearing a bulletproof vest. It's not that the vests do not work; instead, nobody feels that the cost of wearing a bulletproof vest is justified given the risk. On a bigger scale, the answer to the question of how to prevent more 9/11-like attacks is clear: ban all aircraft. In fact, that was done in the US for a few days after those attacks, but, in the longer term, that is not a tradeoff that people are willing to make.

So the fundamental question for any security tradeoff is: is it worth it? As it happens, we are quite bad at making that decision. We tend to respond to feelings rather than reality. Spectacular risks drive us more than everyday risks. We fear the strange over the familiar and the personified (think Osama bin Laden) over the anonymous. Involuntary risks are seen as being bigger than those entered into voluntarily. In the end, evolution has equipped us quite well for making tradeoffs in the small communities we lived in many, many thousands of years ago. We are less well equipped for the world we live in now.

Since we respond to feelings more than reality, there are strong economic incentives for solutions which address feelings. The result is snake-oil products and security theater. Sometimes people notice that they are being sold bad security (later Bruce mentioned a US survey which indicated that the Transportation Security Agency is now less trusted than the taxation agency), but, all too often, they don't. They have a poor understanding of the risks and the costs involved, and there are plenty of people with strong interests in confusing the issue.

The security market is a lemons market, one where buyers and sellers have asymmetric access to information. Economic research shows that, in such markets, the bad products tend to drive the good ones out of the market. There is no easy way to evaluate the work which has gone into the creation of a truly secure product, so buyers respond to other, less reliable signals. Things like price, sales claims, or the Gartner Group. These signals are sloppy and prone to manipulation. When security is outsourced to outside agencies - governments, say - the problem gets even worse.

In the business world, information eventually brings some order to a lemons market. As businesses learn about what really works, access to information evens out - though there is always a problem with very rare, high-cost events where information is not available. In the individual world, though, it is much harder, because fear plays a much bigger role.

The fact of the matter is that fear is wired deeply into how we work - it is a result of a very old part of our brain. As humans, we have the ability to override our fears when reason indicates that we should, but it is a hard thing to do. The default state is that fear rules. So this is Bruce's core point: the feelings matter. All that security theater out there is not entirely stupid; any security solution must address the fears that people feel. We must address both aspects of security.

The problem is where the feeling of security and the reality of security diverge from each other. If only feelings are addressed, security has not really been achieved. If only the reality of security is addressed, people feel insecure and may make bad decisions. Either way, the full problem has not been solved. Addressing this all-too-common problem is hard, though; Bruce knows of no better way than the spreading of good information.

Your editor's perspective follows - nothing from this point on was said during the talk. It seems that he has a point here. Consider some common situations in the free software world:

  • A large number of security updates from a distributor may be an indication that the reality of security is being achieved: problems are being found and fixed before they are exploited. But all those updates can undermine the feeling of security. The seemingly endless stream of Wireshark updates is a case in point; most of these problems are found through proactive auditing by the developers and have never been exploited by the Bad Guys. But the feeling of insecurity associated with Wireshark can be strong. This feeling can push users toward other software which, while not having that long history of security updates, is actually less secure.

  • A system running SELinux may, in fact, be highly secure. But many administrators still turn it off. SELinux does not make them feel secure because they do not understand it, and they fear (rightly or wrongly) that it will interfere with the proper operation of the system. But, by turning it off, they undoubtedly expose themselves to a number of attacks which SELinux would block.

We should hear Bruce's point and think a bit more about how we can ensure that free software creates the feeling of security - but a feeling which is backed up by real security. It's a hard problem, one which lacks technical solutions. But we'll find ourselves less secure than we would otherwise be if we do not address that side of the issue.

Comments (17 posted)

A ten-year retrospective from LWN's other co-founder

January 28, 2008

This article was contributed by Elizabeth O. Coolbaugh

Hello to all LWN readers! For the tenth anniversary of LWN, I've been dragged out of my closet to say a few words. Am I stunned that LWN is still going after 10 years? Not really. Much more stunning to me is the realization that the number of years LWN has been published without me are now almost double the number of years it was published with me. That is much harder to get over. As a result, all new readers from 2002 on have no reason to know who I am or what I've written in the past. For those of you that remember me and have asked about me, thank you and rest assured that I haven't forgotten you either.

My name is Elizabeth Coolbaugh (Liz) and I was there for the very first issue as well as many issues that followed in 1998 through 2001. I've always said it was the very best job I ever had. I wish for all of you, if you haven't experienced it yet, a job where your first weeks of work are greeted with happy, enthusiastic letters. As the years went by, letters of praise, though much sparser, never totally ceased. You couldn't have a better incentive to work harder and harder!

Jon has done an excellent job of going over the history of the first few years already, so all I can add is some tidbits or personal viewpoints. I'll mention that for me, the start of LWN was actually back in the early 1980's, when Jon, Becky and I came together as a programming team in the then infamous "Assembly Language Programming" class offered through the Engineering School at CU Boulder. We got a chance to experience lots of late nights, interesting hardware experiences and how to keep going with pizza, chocolate, caffeine, etc. That is a good way to get to know your future business partners. Jon and Becky never let me down and we all found different strengths to add to the mix. Forrest was around, too, though not working with us directly at the time.

Jon mentioned that I was between jobs at the time we began. In fact, I had left NCAR three months pregnant. I loved working at NCAR for many, many years, but I had always said that I would leave it when the work stopped being fun. It actually stopped being fun about two years before that, but I had weathered rough times before and waited to make sure the situation wasn't going to turn-around before choosing to move on. The challenge of a new baby on the way (and the continuing challenge of the Multiple Sclerosis that eventually led to my departure from LWN) finally made it "the right time".

So I'd actually had most of a year off to recuperate, re-organize, have a baby and test the job market waters. What I wanted was a job that used my professional skills and yet was part-time, to help me keep the health I'd regained. What a pipe-dream! Companies that [Liz in Singapore] would have gladly recruited me full-time just tossed my resume into the nearest recycle bin. The nicer ones told me to go out and find someone else with identical skills who wanted to job-share a full-time job and they would be willing to consider the possibility. Not bloody likely.

So when Jon and I were having lunch and he suggested we might be able to work together to create something giving me what I wanted and allowing him to eventually leave NCAR, it seemed to be the right idea at the right time. I never regretted the decision, but in fact, I had a full-time working spouse to cushion the decision. Brandon's reaction (my husband) to becoming the sole support of the family and a new father in one fell swoop was a little different -- much like a deer full-blinded by headlights.

In the spirit of true confessions, though I had fifteen years experience in the computing field and had worked with many different operating systems, VMS and Solaris being primary, I'd never actually touched a Linux system. Jon's unwavering belief in my ability to pick it all up in a heartbeat was both daunting and encouraging at the same time. So I installed my first Linux system only three or four months before we first started publishing. It did give me a fresh, unbiased view of the whole community, though. Okay, not totally unbiased. I did sit on the emacs side of the whole emacs/vi war.

To get started, I subscribed to say, a hundred different newsgroups and mailing lists full of people I'd never met, topics I'd never heard of and flame wars I didn't care to read. It was truly a new skill to develop to learn to skim through them searching for the topics people cared about, the posts that actually carried real information and gently lift each little kernel of "news" out and place in into the newsletter, then wait to hear how well I'd done.

The response was totally overwhelming. I will never, ever forget the emails we received those first couple of months. New people were finding us each week and so the responses kept coming in. They drove me to try and make my contributions worthy of the praise they sent. It is because of those emails that I'm not surprised LWN is still out there today. People wanted and needed what we had to offer. Jon's vision of what people liked and wanted has always been clear and that is another important piece of why LWN is still going strong.

My take on the Red Hat Support fiasco: I have no hard feelings. Although my work as a systems administrator had always included supporting people and I had enjoyed the interaction, I had no idea what I was getting into offering 24 hour support from my home. Just as my daughter was getting old enough to give me a full-night's sleep, I was getting phone calls at 2am and 3am, having to wake up to a fully alert state and go into emergency fix-it mode. I'm surprised I survived until all the contracts we had sold finally expired. In the long run, Red Hat's ideas gave us the courage to start our own business and since writing for LWN was what I learned to love, I consider the end result to have worked out for the best. I also carefully noted for the future that telephone support work was definite going to be a last resort for any future career moves.

Meanwhile, since the few contracts we had didn't bring in enough to pay the bills, let alone enough to support Jon's full-time entry, I also did contract work as a technical writer, remote or on-site administration of Linux for some local companies and I don't even remember what else. Eventually, Jon had to take the risk, forgo waiting for a reliable income and quit his day job in order to increase the income stream. Note that his early work on LWN was always done in addition to continuing his full-time job and trying to increase our income stream at the same time. No wonder he got grumpy if I was out sick or worse, got to head to a fun Linux conference, leaving him to pick up the slack! Of course, it was terrifying in turn for me when the situation reversed and Jon was unavailable. Picking up the kernel page for the week? Ack! I didn't usually complain. Instead, I kept my head low, worked hard and hoped not to see too many corrections or criticisms come in.

It was wonderful for both Jon and I when we were finally able to add Becky to the mix. I think initially we were only able to scrape up enough to pay her for 10 hours a week, but every hour helped. I haven't forgotten, Becky (okay, it should be Rebecca, but she'll always be Becky to me), the hours you put in at a very low rate of pay. Of course, we did pay you first -- the downside to being the business owners for us.

Over the course of the next couple of years, we continued to bring in our income from other sources. We did actually initiate putting some advertising on our site and it brought in a tiny amount of money, but the bread and butter of the company continued to be contract work done in addition to the weekly publication. That included our most successful side foray, building and teaching Linux classes.

What else did I love about LWN? I so enjoyed the friendships I made throughout so many different communities. Will Rogers once said he never met a man he didn't like. Well, I've met many! But truly, in all the years I worked for LWN, I never met anyone I didn't like. Sometimes people I liked said things or did things that I didn't like, but underneath it, they were all good people, smart, idealistic and very strongly opinionated. That was part of what I liked and enjoyed, so I never held people's opinions against them.

The conferences I attended and at which I spoke were like the icing on the cake. I got to meet in-person people I had only come to know through newsgroups and mailing lists or occasionally personal correspondence. I got to meet even more people and share in the excitement. And yes, I do remember the late nights going out for food, drink and conversation with you -- the Atlanta Showcase, LinuxWorld San Jose, Embedded Systems Conference San Jose, LinuxWorld New York, the Colorado Linux Info Quest and the Singapore Linux Conference. Each one provides me with rich memories. My trip out to Singapore was one high-point. So many good and wonderful people and such a wonderful experience. I thought it was to be the first of many international conferences that I would be attending and I am still so sad that it was my last. I particularly regret never making it out to any of early Linux conferences in India, despite invitations.

Professionally, though, the highlight of the work was actually developing myself as a journalist, rather than a computer expert. I enjoyed researching more in-depth articles. When rumors floated my way, I loved actually going out and contacting the people involved first hand by telephone -- short-circuiting email and the rest, to discuss the issues and get their first-hand viewpoints. Since our community wasn't exactly hounded by the media back then, everybody actually wanted to talk to me and was more than happy to give me the straight scoop, instead of just seeing themselves misquoted elsewhere the next day, with the resultant flames. Best of all, I was occasionally able to get the sources of both sides of a controversy together and talk. I can think of at least twice where problems got resolved as a result, people got together and I got the scoop on a story the next day that had literally changed as a result of my work. Very heady stuff.

Jon has already done an excellent job of covering our experience with the dot-com bubble, so I won't add to his description. It was truly a unique life experience that we enjoyed to the fullest, knowing that another like it was unlikely to come by us again. We were very fortunate in our decisions and I agree that the people at Tucows were extremely good to us.

Well, at this point, all this happened a long time ago. I had a great time and regret nothing I did, only the things I didn't get time to do. For those who have asked after me personally, be assured that health-wise, giving up my job was again the right choice at the right time and I'm doing much, much better than I was in August of 2001. You're still not likely to see me back any time in the near future. I focus my research skills now-a-days on tracking traditional and alternative medical discoveries, implementing what seems good to me and serving as an ad-hoc resource for other family members. Oh yes, and serving as a chauffeur to my daughter, who is now ten years old, just as LWN is. Take care, all of you, remember to be proud of what you are achieving and *always* have fun doing it. I stand by my opinion that when work ceases to be fun, it is time for a change.

Comments (12 posted)

Page editor: Jake Edge

Security

Finding bugs lurking in the DOM

By Jake Edge
January 30, 2008

The Document Object Model (DOM) for HTML is quite useful for handling a variety of dynamic effects for web pages, but it is complex. It interacts with Javascript and CSS (or they with it) in ways that are sometimes surprising—the DOM has often been the source of browser bugs. A new project, from well-known DOM bug finder Michal Zalewski, seeks to systematically exercise the DOM in browsers to eliminate as many holes as it can.

The project, with the unassuming name of DOM access checker (or dom-checker) was just announced on the full-disclosure mailing list (along with Bugtraq and others). Zalewski and colleague Filipe Almeida, both of Google, describe their tool as follows:

DOM access checker is a tool designed to automatically validate numerous aspects of domain security policy enforcement (cross-domain DOM access, Javascript cookies, XMLHttpRequest calls, event and transition handling) to detect common security attack or information disclosure vectors.

[DOM Checker]

The checker consists of a three HTML files and a Javascript configuration file that can be loaded from the internet via HTTP (a live version is available from the project website) or from the local disk, using the file:// protocol. Ideally, they should be loaded from both places and give the same results. The screenshot for a sample run using Firefox 3 (Fedora/3.0b3pre-0.beta2.12.nightly20080121.fc9 for the curious) is at left.

After pressing the "Click here to begin tests" button, the Javascript test harness runs 15 major tests, each with many separate subtests. Each subtest reports success or failure to the screen as it runs. Firefox 3 failed 15 of the 1500 or so checks in the standard set of tests.

According to the announcement, "DOM Checker had been used to find a number of major security bypass and information disclosure problems in several popular browsers." Zalewski and Almeida worked with the browser teams to resolve the most serious issues. But, common browsers will still fail up to 30 of the less important tests—for privacy, rather than security, holes.

The hope is that the browser vendors pick up these tests to use as part of their quality assurance process. They could also be used for regression testing to find problems that have crept in while fixing other bugs or adding new features. The checker is a framework that could easily be extended with additional tests covering other areas of DOM functionality. With the advent of AJAX, DOM manipulations via Javascript are being used more and more by web sites, so tools to discover these kinds of bugs are welcome.

Comments (5 posted)

New vulnerabilities

gforge: cross-site scripting

Package(s):gforge CVE #(s):CVE-2007-0176
Created:January 28, 2008 Updated:January 30, 2008
Description:

From the NVD entry:

Cross-site scripting (XSS) vulnerability in search/advanced_search.php in GForge 4.5.11 allows remote attackers to inject arbitrary web script or HTML via the words parameter.

Alerts:
Debian DSA-1475-1 2008-01-26

Comments (none posted)

icu: arbitrary code execution

Package(s):icu CVE #(s):CVE-2007-4770 CVE-2007-4771
Created:January 25, 2008 Updated:May 15, 2008
Description: From the Red Hat advisory: Will Drewry reported multiple flaws in the way libicu processed certain malformed regular expressions. If an application linked against ICU, such as OpenOffice.org, processed a carefully crafted regular expression, it may be possible to execute arbitrary code as the user running the application.
Alerts:
Gentoo 200805-16 2008-05-14
SuSE SUSE-SA:2008:023 2008-04-18
Ubuntu USN-591-1 2008-03-24
Debian DSA-1511-1 2008-03-03
Gentoo 200803-20 2008-03-11
SuSE SUSE-SR:2008:005 2008-03-06
rPath rPSA-2008-0043-1 2008-02-06
Mandriva MDVSA-2008:026 2008-01-25
Fedora FEDORA-2008-1036 2008-01-27
Fedora FEDORA-2008-1076 2008-01-27
Red Hat RHSA-2008:0090-01 2008-01-25

Comments (none posted)

kernel: several vulnerabilities

Package(s):linux-2.6 CVE #(s):CVE-2007-2878 CVE-2007-6151
Created:January 29, 2008 Updated:January 8, 2009
Description: From the Debian advisory: Bart Oldeman reported a denial of service (DoS) issue in the VFAT filesystem that allows local users to corrupt a kernel structure resulting in a system crash. This is only an issue for systems which make use of the VFAT compat ioctl interface, such as systems running an 'amd64' flavor kernel. ADLAB discovered a possible memory overrun in the ISDN subsystem that may permit a local user to overwrite kernel memory leading by issuing ioctls with unterminated data.
Alerts:
Red Hat RHSA-2008:0787-01 2009-01-05
Red Hat RHSA-2009:0001-01 2009-01-08
SuSE SUSE-SA:2008:032 2008-07-07
Mandriva MDVSA-2008:112 2007-06-12
CentOS CESA-2008:0211 2008-05-07
Red Hat RHSA-2008:0211-01 2008-05-07
Mandriva MDVSA-2008:086 2008-04-15
SuSE SUSE-SA:2008:017 2008-03-28
Debian DSA-1504 2008-02-22
Debian DSA-1503 2008-02-22
Debian DSA-1503-2 2008-03-06
Ubuntu USN-578-1 2008-02-14
SuSE SUSE-SA:2008:007 2008-02-12
Ubuntu USN-574-1 2008-02-04
Red Hat RHSA-2008:0055-01 2008-01-31
Debian DSA-1479 2008-01-29

Comments (none posted)

mysql: buffer overflows

Package(s):mysql-dfsg-5.0 CVE #(s):CVE-2008-0226 CVE-2008-0227
Created:January 29, 2008 Updated:July 21, 2008
Description: From the Debian advisory: Luigi Auriemma discovered two buffer overflows in YaSSL, an SSL implementation included in the MySQL database package, which could lead to denial of service and possibly the execution of arbitrary code.
Alerts:
Mandriva MDVSA-2008:150 2007-07-19
Ubuntu USN-588-2 2008-04-02
Ubuntu USN-588-1 2008-03-19
rPath rPSA-2008-0040-1 2008-02-05
Debian DSA-1478-1 2008-01-28

Comments (none posted)

netkit-ftpd: denial of service

Package(s):netkit-ftpd CVE #(s):CVE-2007-6263
Created:January 30, 2008 Updated:January 30, 2008
Description:

From the Gentoo advisory:

A remote attacker can send specially crafted FTP data to a server with passive mode and SSL support, causing the ftpd daemon to crash.

Alerts:
Gentoo 200801-17 2008-01-29

Comments (none posted)

ngircd: denial of service

Package(s):ngircd CVE #(s):CVE-2008-0285
Created:January 28, 2008 Updated:January 30, 2008
Description:

From the NVD entry:

ngIRCd 0.10.x before 0.10.4 and 0.11.0 before 0.11.0-pre2 allows remote attackers to cause a denial of service (crash) via crafted IRC PART message, which triggers an invalid dereference.

Alerts:
Gentoo 200801-13:02 2008-01-27

Comments (none posted)

pulseaudio: ignores setuid() return value

Package(s):pulseaudio CVE #(s):CVE-2008-0008
Created:January 25, 2008 Updated:February 14, 2008
Description: Pulseaudio ignores setuid() return value. A user can cause the call to fail by exhausting the resources in some cases.
Alerts:
Gentoo 200802-07 2008-02-13
Ubuntu USN-573-1 2008-01-31
Mandriva MDVSA-2008:027 2007-01-25
Debian DSA-1476-1 2008-01-27
Fedora FEDORA-2008-0994 2008-01-24
Fedora FEDORA-2008-0963 2008-01-24

Comments (none posted)

tikiwiki: multiple vulnerabilities

Package(s):tikiwiki CVE #(s):CVE-2007-6528 CVE-2007-6526 CVE-2007-6529
Created:January 24, 2008 Updated:January 30, 2008
Description: From the Gentoo alert:

Jesus Olmos Gonzalez from isecauditors reported insufficient sanitization of the "movies" parameter in file tiki-listmovies.php (CVE-2007-6528).

Mesut Timur from H-Labs discovered that the input passed to the "area_name" parameter in file tiki-special_chars.php is not properly sanitised before being returned to the user (CVE-2007-6526).

redflo reported multiple unspecified vulnerabilities in files tiki-edit_css.php, tiki-list_games.php, and tiki-g-admin_shared_source.php (CVE-2007-6529).

Alerts:
Gentoo 200801-10 2008-01-23

Comments (none posted)

yarssr: arbitrary code execution

Package(s):yarssr CVE #(s):CVE-2007-5837
Created:January 28, 2008 Updated:January 30, 2008
Description:

From the NVD entry:

GUI.pm in yarssr 0.2.2, when Gnome default URL handling is disabled, allows remote attackers to execute arbitrary commands via shell metacharacters in a link element in a feed.

Alerts:
Debian DSA-1477-1 2008-01-27

Comments (none posted)

Updated vulnerabilities

acroread: multiple vulnerabilities

Package(s):acroread CVE #(s):CVE-2006-5857 CVE-2007-0045 CVE-2007-0046
Created:January 11, 2007 Updated:October 26, 2009
Description: Adobes acrobat reader has the following vulnerabilities:

The Adobe Reader Plugin has a cross site scripting vulnerability that can be triggered by processes malformed URLs. Arbitrary JavaScript can be served by a malicious web server, leading to a cross-site scripting attack.

Maliciously crafted PDF files can be used to trigger two vulnerabilities, if an attacker can trick a user into viewing the files, arbitrary code can be executed with the user's privileges.

Alerts:
SuSE SUSE-SA:2009:049 2009-10-26
Gentoo 200910-03 2009-10-25
Red Hat RHSA-2007:0021-01 2007-01-22
Gentoo 200701-16 2007-01-22
SuSE SUSE-SA:2007:011 2007-01-22
Red Hat RHSA-2007:0017-01 2007-01-11

Comments (1 posted)

apache2: information disclosure

Package(s):apache CVE #(s):CVE-2007-1862
Created:June 20, 2007 Updated:February 18, 2008
Description: From the Mandriva advisory: "The recall_headers function in mod_mem_cache in Apache 2.2.4 does not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously-used data, which could be used to obtain potentially sensitive information by unauthorized users."
Alerts:
Fedora FEDORA-2008-1711 2008-02-15
Fedora FEDORA-2007-0704 2007-06-26
Mandriva MDKSA-2007:127 2007-06-19

Comments (2 posted)

apache: multiple vulnerabilities

Package(s):apache CVE #(s):CVE-2007-3304 CVE-2006-5752
Created:June 27, 2007 Updated:February 18, 2008
Description: The Apache HTTP Server did not verify that a process was an Apache child process before sending it signals. A local attacker who has the ability to run scripts on the Apache HTTP Server could manipulate the scoreboard and cause arbitrary processes to be terminated, which could lead to a denial of service. (CVE-2007-3304)

A flaw was found in the Apache HTTP Server mod_status module. Sites with the server-status page publicly accessible and ExtendedStatus enabled were vulnerable to a cross-site scripting attack. On Red Hat Enterprise Linux the server-status page is not enabled by default and it is best practice to not make this publicly available. (CVE-2006-5752)

Alerts:
Fedora FEDORA-2008-1711 2008-02-15
SuSE SUSE-SA:2007:061 2007-11-19
Fedora FEDORA-2007-2214 2007-09-18
rPath rPSA-2007-0182-1 2007-09-14
Ubuntu USN-499-1 2007-08-16
Red Hat RHSA-2007:0662-01 2007-07-13
Red Hat RHSA-2007:0557-01 2007-07-13
Fedora FEDORA-2007-615 2007-07-12
Mandriva MDKSA-2007:142 2007-07-04
Mandriva MDKSA-2007:141 2007-07-04
Mandriva MDKSA-2007:140 2007-07-04
Fedora FEDORA-2007-617 2007-07-02
rPath rPSA-2007-0136-1 2007-06-27
Red Hat RHSA-2007:0556-01 2007-06-26
Red Hat RHSA-2007:0534-01 2007-06-26
Red Hat RHSA-2007:0533-01 2007-06-27
Red Hat RHSA-2007:0532-01 2007-06-26

Comments (1 posted)

apache: cross-site scripting

Package(s):apache CVE #(s):CVE-2006-3918
Created:August 9, 2006 Updated:April 4, 2008
Description: From the Red Hat advisory: "A bug was found in Apache where an invalid Expect header sent to the server was returned to the user in an unescaped error message. This could allow an attacker to perform a cross-site scripting attack if a victim was tricked into connecting to a site and sending a carefully crafted Expect header."
Alerts:
SuSE SUSE-SA:2008:021 2008-04-04
Ubuntu USN-575-1 2008-02-04
SuSE SUSE-SA:2006:051 2006-09-08
Debian DSA-1167-1 2005-09-04
Red Hat RHSA-2006:0619-01 2006-08-10
Red Hat RHSA-2006:0618-01 2006-08-08

Comments (none posted)

apache: several vulnerabilities

Package(s):apache CVE #(s):CVE-2007-5000 CVE-2007-6388 CVE-2008-0005
Created:January 15, 2008 Updated:July 29, 2008
Description: A flaw was found in the mod_imap module. On sites where mod_imap was enabled and an imagemap file was publicly available, a cross-site scripting attack was possible. (CVE-2007-5000)

A flaw was found in the mod_status module. On sites where mod_status was enabled and the status pages were publicly available, a cross-site scripting attack was possible. (CVE-2007-6388)

A flaw was found in the mod_proxy_ftp module. On sites where mod_proxy_ftp was enabled and a forward proxy was configured, a cross-site scripting attack was possible against Web browsers which did not correctly derive the response character set following the rules in RFC 2616. (CVE-2008-0005)

Alerts:
Slackware SSA:2008-210-02 2008-07-29
rPath rPSA-2008-0035-1 2008-07-16
SuSE SUSE-SA:2008:021 2008-04-04
Fedora FEDORA-2008-1711 2008-02-15
Gentoo 200803-19 2008-03-11
Fedora FEDORA-2008-1695 2008-02-15
Slackware SSA:2008-045-02 2008-02-15
Slackware SSA:2008-045-01 2008-02-15
Ubuntu USN-575-1 2008-02-04
Red Hat RHSA-2008:0009-01 2008-01-21
Mandriva MDVSA-2008:016 2007-01-16
Mandriva MDVSA-2008:015 2008-01-16
Mandriva MDVSA-2008:014 2008-01-16
Red Hat RHSA-2008:0008-01 2008-01-15
Red Hat RHSA-2008:0007-01 2008-01-15
Red Hat RHSA-2008:0006-01 2008-01-15
Red Hat RHSA-2008:0005-01 2008-01-15
Red Hat RHSA-2008:0004-01 2008-01-15

Comments (1 posted)

apache2: denial of service

Package(s):apache2 CVE #(s):CVE-2007-1863
Created:November 19, 2007 Updated:February 18, 2008
Description:

From the CVE entry:

cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value.

Alerts:
Fedora FEDORA-2008-1711 2008-02-15
SuSE SUSE-SA:2007:061 2007-11-19

Comments (1 posted)

httpd: denial of service, cross-site scripting

Package(s):apache httpd CVE #(s):CVE-2007-3847 CVE-2007-4465
Created:September 25, 2007 Updated:February 15, 2008
Description: A flaw was found in the mod_proxy module. On sites where a reverse proxy is configured, a remote attacker could send a carefully crafted request that would cause the Apache child process handling that request to crash. On sites where a forward proxy is configured, an attacker could cause a similar crash if a user could be persuaded to visit a malicious site using the proxy. This could lead to a denial of service if using a threaded Multi-Processing Module. (CVE-2007-3847)

A flaw was found in the mod_autoindex module. On sites where directory listings are used, and the AddDefaultCharset directive has been removed from the configuration, a cross-site-scripting attack may be possible against browsers which do not correctly derive the response character set following the rules in RFC 2616. (CVE-2007-4465)

Alerts:
Slackware SSA:2008-045-02 2008-02-15
Ubuntu USN-575-1 2008-02-04
Red Hat RHSA-2008:0008-01 2008-01-15
Red Hat RHSA-2008:0006-01 2008-01-15
Red Hat RHSA-2008:0005-01 2008-01-15
Red Hat RHSA-2008:0004-01 2008-01-15
Mandriva MDKSA-2007:235 2007-12-03
SuSE SUSE-SA:2007:061 2007-11-19
Red Hat RHSA-2007:0747-02 2007-11-15
Gentoo 200711-06 2007-11-07
Red Hat RHSA-2007:0746-04 2007-11-07
Red Hat RHSA-2007:0911-01 2007-10-25
Fedora FEDORA-2007-707 2007-09-24

Comments (none posted)

apt-listchanges: arbitrary code execution

Package(s):apt-listchanges CVE #(s):CVE-2008-0302
Created:January 17, 2008 Updated:January 23, 2008
Description: From the Debian alert: Felipe Sateler discovered that apt-listchanges, a package change history notification tool, used unsafe paths when importing its python libraries. This could allow the execution of arbitrary shell commands if the root user executed the command in a directory which other local users may write to.
Alerts:
Ubuntu USN-572-1 2008-01-18
Debian DSA-1465-2 2008-01-17
Debian DSA-1465-1 2008-01-17

Comments (none posted)

asterisk: possible SQL injection

Package(s):asterisk CVE #(s):CVE-2007-6170
Created:December 3, 2007 Updated:April 15, 2008
Description: Tilghman Lesher discovered that the logging engine of Asterisk, a free software PBX and telephony toolkit, performs insufficient sanitizing of call-related data, which may lead to SQL injection.
Alerts:
Gentoo 200804-13 2008-04-14
SuSE SUSE-SR:2008:005 2008-03-06
Debian DSA-1417-1 2007-12-02

Comments (none posted)

avahi: denial of service

Package(s):avahi CVE #(s):CVE-2007-3372
Created:June 28, 2007 Updated:December 23, 2008
Description: Avahi is vulnerable to a local denial of service that can be caused by making an erroneous call to the assert() function.
Alerts:
Debian DSA-1690-1 2008-12-22
Ubuntu USN-696-1 2008-12-18
Mandriva MDKSA-2007:185 2007-09-17
Foresight FLEA-2007-0030-1 2007-06-28

Comments (none posted)

bind: insecure permissions

Package(s):bind CVE #(s):CVE-2007-6283
Created:December 21, 2007 Updated:July 10, 2008
Description: Red Hat Enterprise Linux 5 and Fedora install the Bind /etc/rndc.key file with world-readable permissions, which allows local users to perform unauthorized named commands, such as causing a denial of service by stopping named.
Alerts:
Fedora FEDORA-2008-6281 2008-07-09
Red Hat RHSA-2008:0300-02 2008-05-21
Fedora FEDORA-2008-0903 2008-01-22
Fedora FEDORA-2007-4655 2007-12-20
Fedora FEDORA-2007-4658 2007-12-20

Comments (1 posted)

bind: off-by-one error

Package(s):bind CVE #(s):CVE-2008-0122
Created:January 22, 2008 Updated:July 10, 2008
Description: Off-by-one error in the inet_network function in libc in FreeBSD 6.2, 6.3, and 7.0-PRERELEASE and earlier allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted input that triggers memory corruption.
Alerts:
Fedora FEDORA-2008-6281 2008-07-09
Red Hat RHSA-2008:0300-02 2008-05-21
SuSE SUSE-SR:2008:006 2008-03-14
rPath rPSA-2008-0029-1 2008-01-24
Fedora FEDORA-2008-0904 2008-01-22
Fedora FEDORA-2008-0903 2008-01-22

Comments (none posted)

boost: denial of service

Package(s):boost CVE #(s):CVE-2008-0171 CVE-2008-0172
Created:January 17, 2008 Updated:March 22, 2012
Description: From the Ubuntu alert: Will Drewry and Tavis Ormandy discovered that the boost library did not properly perform input validation on regular expressions. An attacker could send a specially crafted regular expression to an application linked against boost and cause a denial of service via application crash.
Alerts:
Gentoo 200802-08 2008-02-14
SuSE SUSE-SR:2008:006 2008-03-14
Fedora FEDORA-2008-0754 2008-03-13
rPath rPSA-2008-0063-1 2008-02-13
Mandriva MDVSA-2008:032 2007-02-01
Fedora FEDORA-2008-0880 2008-01-22
Ubuntu USN-570-1 2008-01-16
Red Hat RHSA-2012:0305-03 2012-02-21
Oracle ELSA-2012-0305 2012-03-07
Scientific Linux SL-boos-20120321 2012-03-21

Comments (none posted)

cacti: SQL injection vulnerability

Package(s):cacti CVE #(s):CVE-2007-6035
Created:November 22, 2007 Updated:February 18, 2008
Description: Versions of Cacti prior to 0.8.7a have an SQL injection vulnerability. Remote attackers can execute arbitrary SQL commands via unspecified vectors.
Alerts:
Fedora FEDORA-2008-1737 2008-02-15
Fedora FEDORA-2008-1699 2008-02-15
Debian DSA-1418-1 2007-12-02
Mandriva MDKSA-2007:231 2007-11-22
Fedora FEDORA-2007-3683 2007-11-22
Gentoo 200712-02:02 2007-12-05
SuSE SUSE-SR:2007:024 2007-11-22
Fedora FEDORA-2007-3667 2007-11-22

Comments (none posted)

cacti: denial of service

Package(s):cacti CVE #(s):CVE-2007-3112 CVE-2007-3113
Created:September 18, 2007 Updated:December 16, 2009
Description: A vulnerability in Cacti 0.8.6i and earlier versions allows remote authenticated users to cause a denial of service (CPU consumption) via large values of the graph_start, graph_end, graph_height, or graph_width parameters.
Alerts:
Debian DSA-1954-1 2009-12-16
Fedora FEDORA-2008-1737 2008-02-15
Fedora FEDORA-2007-3683 2007-11-22
Fedora FEDORA-2007-2199 2007-09-18
Mandriva MDKSA-2007:184 2007-09-17

Comments (none posted)

cairo: integer overflow

Package(s):Cairo CVE #(s):CVE-2007-5503
Created:November 29, 2007 Updated:April 10, 2008
Description: Cairo has an integer overflow vulnerability in the PNG image processing code. If a user processes a specially crafted PNG image with an application that is linked against cairo, arbitrary code can be executed with the user's privileges.
Alerts:
Debian DSA-1542-1 2008-04-09
SuSE SUSE-SR:2008:003 2008-02-07
Mandriva MDVSA-2008:019 2007-01-21
Fedora FEDORA-2007-3818 2008-01-16
rPath rPSA-2008-0015-1 2008-01-15
Ubuntu USN-550-3 2007-12-13
Ubuntu USN-550-2 2007-12-10
Gentoo 200712-04 2007-12-09
Ubuntu USN-550-1 2007-12-03
Slackware SSA:2007-337-01 2007-12-04
Red Hat RHSA-2007:1078-02 2007-11-29
Gentoo 201209-25 2012-09-29

Comments (none posted)

clamav: denial of service

Package(s):clamav CVE #(s):CVE-2007-3725
Created:July 24, 2007 Updated:February 27, 2008
Description: A NULL pointer dereference has been discovered in the RAR VM of Clam Antivirus (ClamAV) which allows user-assisted remote attackers to cause a denial of service via a specially crafted RAR archives.
Alerts:
SuSE SUSE-SR:2007:015 2007-08-03
Gentoo 200708-04 2007-08-09
Mandriva MDKSA-2007:150 2007-07-25
Debian DSA-1340-1 2007-07-24

Comments (none posted)

clamav: multiple vulnerabilities

Package(s):clamav CVE #(s):CVE-2007-4510 CVE-2007-4560
Created:September 3, 2007 Updated:February 13, 2008
Description: Several remote vulnerabilities have been discovered in the Clam anti-virus toolkit. The Common Vulnerabilities and Exposures project identifies the following problems:

CVE-2007-4510: It was discovered that the RTF and RFC2397 parsers can be tricked into dereferencing a NULL pointer, resulting in denial of service.

CVE-2007-4560: It was discovered clamav-milter performs insufficient input sanitizing, resulting in the execution of arbitrary shell commands.

Alerts:
Fedora FEDORA-2008-1608 2008-02-13
Fedora FEDORA-2008-0170 2008-01-22
Gentoo 200709-14 2007-09-20
Fedora FEDORA-2007-2050 2007-09-07
Mandriva MDKSA-2007:172 2007-08-31
Debian DSA-1366-1 2007-09-01

Comments (none posted)

clamav: integer overflow and off-by-one

Package(s):clamav CVE #(s):CVE-2007-6335 CVE-2007-6336
Created:December 19, 2007 Updated:July 17, 2008
Description: ClamAV contains integer overflow and off-by-one errors which could be exploited (via specially-crafted email) to execute arbitrary code.
Alerts:
Fedora FEDORA-2008-6422 2008-07-17
Fedora FEDORA-2008-1625 2008-02-13
Fedora FEDORA-2008-1608 2008-02-13
Fedora FEDORA-2008-0115 2008-01-22
Fedora FEDORA-2008-0170 2008-01-22
SuSE SUSE-SR:2008:001 2008-01-09
Mandriva MDVSA-2008:003 2007-01-08
Debian DSA-1435-1 2007-12-19
Gentoo 200712-20 2007-12-29

Comments (none posted)

cpio: arbitrary code execution

Package(s):cpio CVE #(s):CVE-2005-4268
Created:January 2, 2006 Updated:March 17, 2010
Description: Richard Harms discovered that cpio did not sufficiently validate file properties when creating archives. Files with e. g. a very large size caused a buffer overflow. By tricking a user or an automatic backup system into putting a specially crafted file into a cpio archive, a local attacker could probably exploit this to execute arbitrary code with the privileges of the target user (which is likely root in an automatic backup system).
Alerts:
CentOS CESA-2010:0145 2010-03-17
Red Hat RHSA-2010:0145-01 2010-03-15
rPath rPSA-2007-0094-1 2007-05-07
Red Hat RHSA-2007:0245-02 2007-05-01
Ubuntu USN-234-1 2006-01-02

Comments (none posted)

vixie-cron: privilege escalation

Package(s):cron CVE #(s):CVE-2006-2607
Created:May 31, 2006 Updated:June 1, 2009
Description: The Vixie cron daemon does not check the return code from setuid(); if that call can be made to fail, a local attacker may be able to execute commands as root.
Alerts:
Ubuntu USN-778-1 2009-06-01
Red Hat RHSA-2006:0539-01 2006-07-12
Gentoo 200606-07 2006-06-09
SuSE SUSE-SA:2006:027 2006-05-31
rPath rPSA-2006-0082-1 2006-05-25

Comments (1 posted)

cscope: buffer overflows

Package(s):cscope CVE #(s):CVE-2006-4262
Created:October 2, 2006 Updated:June 16, 2009
Description: Will Drewry of the Google Security Team discovered several buffer overflows in cscope, a source browsing tool, which might lead to the execution of arbitrary code.
Alerts:
CentOS CESA-2009:1101 2009-06-16
Red Hat RHSA-2009:1101-01 2009-06-15
Gentoo 200610-08 2006-10-20
Debian DSA-1186-1 2006-09-30

Comments (none posted)

cscope: buffer overflows

Package(s):cscope CVE #(s):CVE-2004-2541
Created:May 22, 2006 Updated:June 19, 2009
Description: A buffer overflow in Cscope 15.5, and possibly multiple overflows, allows remote attackers to execute arbitrary code via a C file with a long #include line that is later browsed by the target.
Alerts:
CentOS CESA-2009:1102 2009-06-19
CentOS CESA-2009:1101 2009-06-16
Red Hat RHSA-2009:1102-01 2009-06-15
Red Hat RHSA-2009:1101-01 2009-06-15
Gentoo 200606-10 2006-06-11
Debian DSA-1064-1 2006-05-19

Comments (1 posted)

cups: denial of service

Package(s):cups CVE #(s):CVE-2007-0720
Created:March 26, 2007 Updated:February 7, 2008
Description: Previous versions of the cups package could be forced to hang via a client "partially negotiating" an ssl connection. In this state, cups would not allow other connections to be made, a denial of service.
Alerts:
Mandriva MDVSA-2008:036 2007-02-06
Mandriva MDKSA-2007:086 2007-04-16
Red Hat RHSA-2007:0123-01 2007-04-16
Gentoo 200703-28 2007-03-31
Foresight FLEA-2007-0003-1 2007-03-25

Comments (none posted)

cups: buffer overflow

Package(s):cups CVE #(s):CVE-2007-5848
Created:January 7, 2008 Updated:February 27, 2008
Description:

From the CVE entry:

Buffer overflow in CUPS in Apple Mac OS X 10.4.11 allows local admin users to execute arbitrary code via a crafted URI to the CUPS service.

From the rPath advisory:

Previous versions of the cups package contain a buffer-overflow weakness. It is not believed that this weakness can be exploited to execute malicious code.

Alerts:
Mandriva MDVSA-2008:050 2008-02-26
SuSE SUSE-SR:2008:002 2008-01-25
SuSE SUSE-SA:2008:002 2008-01-10
rPath rPSA-2008-0008-1 2008-01-05

Comments (1 posted)

cups: multiple vulnerabilities

Package(s):cups CVE #(s):CVE-2007-5849 CVE-2007-6358 CVE-2007-4352 CVE-2007-5392 CVE-2007-5393
Created:December 19, 2007 Updated:October 16, 2008
Description: The cups 1.3.5 release fixes a number of vulnerabilities in the PDF filters. Additionally, there is a buffer overflow in the SNMP code and a temporary file vulnerability.
Alerts:
Fedora FEDORA-2008-8801 2008-10-16
Debian DSA-1537-1 2008-04-02
Mandriva MDVSA-2008:036 2007-02-06
Debian DSA-1480-1 2008-02-05
SuSE SUSE-SR:2008:002 2008-01-25
SuSE SUSE-SA:2008:002 2008-01-10
Ubuntu USN-563-1 2008-01-09
Debian DSA-1437-1 2007-12-26
Gentoo 200712-14 2007-12-18

Comments (none posted)

debian-goodies: privilege escalation

Package(s):debian-goodies CVE #(s):CVE-2007-3912
Created:October 5, 2007 Updated:March 24, 2008
Description: Thomas de Grenier de Latour discovered that the checkrestart program included in debian-goodies did not correctly handle shell meta-characters. A local attacker could exploit this to gain the privileges of the user running checkrestart.
Alerts:
Debian DSA-1527-1 2008-03-24
Ubuntu USN-526-1 2007-10-04

Comments (none posted)

Django: denial of service

Package(s):Django CVE #(s):CVE-2007-5712
Created:November 12, 2007 Updated:September 22, 2008
Description:

From the CVE notice:

The internationalization (i18n) framework in Django 0.91, 0.95, 0.95.1, and 0.96, and as used in other products such as PyLucid, when the USE_I18N option and the i18n component are enabled, allows remote attackers to cause a denial of service (memory consumption) via many HTTP requests with large Accept-Language headers.

Alerts:
Debian DSA-1640-1 2008-09-20
Fedora FEDORA-2007-2788 2007-11-09
Fedora FEDORA-2007-3157 2007-11-09

Comments (none posted)

dovecot: privilege escalation

Package(s):dovecot CVE #(s):CVE-2007-4211
Created:August 15, 2007 Updated:May 21, 2008
Description: From the rPath advisory: "Previous versions of the dovecot package are vulnerable to a minor privilege escalation attack in which an authenticated user may exploit an ACL plugin weakness to save message flags without having proper permissions."
Alerts:
Red Hat RHSA-2008:0297-02 2008-05-21
Fedora FEDORA-2007-664 2007-08-20
rPath rPSA-2007-0161-1 2007-08-14

Comments (none posted)

dovecot: directory traversal

Package(s):dovecot CVE #(s):CVE-2007-2231
Created:May 8, 2007 Updated:May 21, 2008
Description: Directory traversal vulnerability in index/mbox/mbox-storage.c in Dovecot before 1.0.rc29, when using the zlib plugin, allows remote attackers to read arbitrary gzipped (.gz) mailboxes (mbox files) via a .. (dot dot) sequence in the mailbox name.
Alerts:
Red Hat RHSA-2008:0297-02 2008-05-21
Debian DSA-1359-1 2007-08-28
Ubuntu USN-487-1 2007-07-17
Fedora FEDORA-2007-493 2007-05-07

Comments (none posted)

dovecot: multiple vulnerabilities

Package(s):dovecot CVE #(s):CVE-2007-6598
Created:January 3, 2008 Updated:October 7, 2008
Description: Dovecot has multiple vulnerabilities including an issue involving the confusion between LDAP-authenticated logins across users with the same password and a denial of service involving a connecting user.
Alerts:
SuSE SUSE-SR:2008:020 2008-10-07
Red Hat RHSA-2008:0297-02 2008-05-21
Ubuntu USN-567-1 2008-01-10
Debian DSA-1457-1 2008-01-09
rPath rPSA-2008-0001-1 2008-01-03

Comments (none posted)

e2fsprogs: integer overflows

Package(s):e2fsprogs CVE #(s):CVE-2007-5497
Created:December 7, 2007 Updated:February 12, 2008
Description: Rafal Wojtczuk of McAfee AVERT Research discovered that e2fsprogs, ext2 file system utilities and libraries, contained multiple integer overflows in memory allocations, based on sizes taken directly from filesystem information. These could result in heap-based overflows potentially allowing the execution of arbitrary code.
Alerts:
Foresight FLEA-2008-0005-1 2008-02-11
Fedora FEDORA-2007-4447 2008-01-16
Fedora FEDORA-2007-4461 2008-01-16
Red Hat RHSA-2008:0003-01 2008-01-07
Gentoo 200712-13 2007-12-18
rPath rPSA-2007-0262-1 2007-12-11
Debian DSA-1422 2007-12-07
Mandriva MDKSA-2007:242 2007-12-10
Ubuntu USN-555-1 2007-12-08

Comments (none posted)

eggdrop: stack-based buffer overflow

Package(s):eggdrop CVE #(s):CVE-2007-2807
Created:September 7, 2007 Updated:December 8, 2009
Description: A stack-based buffer overflow in mod/server.mod/servrmsg.c in Eggdrop 1.6.18, and possibly earlier, allows user-assisted, malicious remote IRC servers to execute arbitrary code via a long private message.
Alerts:
Mandriva MDVSA-2009:126-1 2009-12-08
Debian DSA-1826-1 2009-07-04
Mandriva MDVSA-2009:126 2009-06-01
Fedora FEDORA-2009-5572 2009-05-28
Fedora FEDORA-2009-5568 2009-05-28
Debian DSA-1448-1 2008-01-05
Fedora FEDORA-2007-4325 2007-12-10
Fedora FEDORA-2007-4305 2007-12-10
Gentoo 200709-07 2007-09-15
Mandriva MDKSA-2007:175 2007-09-06

Comments (none posted)

elinks: code execution

Package(s):elinks CVE #(s):CVE-2007-2027
Created:May 7, 2007 Updated:October 30, 2009
Description: Arnaud Giersch discovered that elinks incorrectly attempted to load gettext catalogs from a relative path. If a user were tricked into running elinks from a specific directory, a local attacker could execute code with user privileges.
Alerts:
Red Hat RHSA-2009:1471-01 2009-10-01
CentOS CESA-2009:1471 2009-10-06
CentOS CESA-2009:1471 2009-10-30
Gentoo 200706-03 2007-06-06
Ubuntu USN-457-1 2007-05-07
Oracle ELSA-2013-0250 2013-02-11

Comments (none posted)

elinks: arbitrary file access

Package(s):elinks CVE #(s):CVE-2006-5925
Created:November 16, 2006 Updated:October 22, 2009
Description: The elinks text-mode browser has an arbitrary file access vulnerability in the Elinks SMB protocol handler. If a user can be tricked into visiting a specially crafted web page, arbitrary files may be read or written with the user's permissions.
Alerts:
Ubuntu USN-851-1 2009-10-21
Gentoo 200701-27 2007-01-30
OpenPKG OpenPKG-SA-2006.043 2006-12-26
Debian DSA-1240-1 2006-12-21
Gentoo 200612-16 2006-12-14
Debian DSA-1228-1 2006-12-05
Debian DSA-1226-1 2006-12-03
Fedora FEDORA-2006-1278 2006-11-21
Fedora FEDORA-2006-1277 2006-11-21
Mandriva MDKSA-2006:216 2006-11-20
Red Hat RHSA-2006:0742-01 2006-11-15

Comments (none posted)

emacs: buffer overflow

Package(s):emacs CVE #(s):CVE-2007-6109
Created:December 10, 2007 Updated:May 6, 2008
Description:

From the National Vulnerability Database:

Buffer overflow in emacs allows attackers to have an unknown impact, as demonstrated via a vector involving the command line.

Alerts:
Ubuntu USN-607-1 2008-05-06
SuSE SUSE-SR:2008:003 2008-02-07
Mandriva MDVSA-2008:034 2007-02-04
Gentoo 200712-03 2007-12-09

Comments (none posted)

emacs: command execution via local variables

Package(s):emacs CVE #(s):CVE-2007-5795
Created:November 14, 2007 Updated:February 5, 2008
Description: From the original Debian problem report: "In Debian's version of GNU Emacs 22.1+1-2, the `hack-local-variables' function does not behave correctly when `enable-local-variables' is set to :safe. The documentation of `enable-local-variables' states that the value :safe means to set only safe variables, as determined by `safe-local-variable-p' and `risky-local-variable-p' (and the data driving them), but Emacs ignores this and instead sets all the local variables." When this setting (which is not the default) is in effect, opening a hostile file could lead to the execution of arbitrary commands.
Alerts:
Mandriva MDVSA-2008:034 2007-02-04
Gentoo 200712-03 2007-12-09
Ubuntu USN-541-1 2007-11-13
Fedora FEDORA-2007-2946 2007-11-17
Fedora FEDORA-2007-3056 2007-11-17

Comments (1 posted)

evolution: format string error

Package(s):evolution CVE #(s):CVE-2007-1002
Created:March 27, 2007 Updated:February 27, 2008
Description: A format string error in the "write_html()" function in calendar/gui/ e-cal-component-memo-preview.c when displaying a memo's categories can potentially be exploited to execute arbitrary code via a specially crafted shared memo containing format specifiers.
Alerts:
SuSE SUSE-SR:2007:015 2007-08-03
Gentoo 200706-02 2007-06-06
Red Hat RHSA-2007:0158-01 2007-05-03
Foresight FLEA-2007-0010-1 2007-04-05
Fedora FEDORA-2007-404 2007-04-04
Fedora FEDORA-2007-393 2007-04-04
Mandriva MDKSA-2007:070 2007-03-27

Comments (1 posted)

pop mail man-in-the-middle attacks

Package(s):evolution thunderbird mutt fetchmail CVE #(s):CVE-2007-1558
Created:May 8, 2007 Updated:July 3, 2009
Description: The APOP protocol allows remote attackers to guess the first 3 characters of a password via man-in-the-middle (MITM) attacks that use crafted message IDs and MD5 collisions. NOTE: this design-level issue potentially affects all products that use APOP, including (1) Thunderbird, (2) Evolution, (3) mutt, and (4) fetchmail.
Alerts:
CentOS CESA-2009:1140 2009-07-02
Red Hat RHSA-2009:1140-02 2009-07-02
Fedora FEDORA-2007-1447 2007-08-06
rPath rPSA-2007-0127-1 2007-06-19
Foresight FLEA-2007-0026-1 2007-06-18
rPath rPSA-2007-0122-1 2007-06-14
Red Hat RHSA-2007:0385-01 2007-06-07
rPath rPSA-2007-0114-1 2007-06-04
Mandriva MDKSA-2007:113 2007-06-04
Red Hat RHSA-2007:0386-01 2007-06-04
Fedora FEDORA-2007-0001 2007-06-01
Fedora FEDORA-2007-552 2007-05-31
Fedora FEDORA-2007-552 2007-05-31
Fedora FEDORA-2007-552 2007-05-31
Fedora FEDORA-2007-552 2007-05-31
Fedora FEDORA-2007-550 2007-05-31
Fedora FEDORA-2007-551 2007-05-31
Red Hat RHSA-2007:0401-01 2007-05-30
Fedora FEDORA-2007-539 2007-05-30
Fedora FEDORA-2007-540 2007-05-30
Red Hat RHSA-2007:0344-01 2007-05-30
Mandriva MDKSA-2007:107 2007-05-19
Mandriva MDKSA-2007:105 2007-05-17
Red Hat RHSA-2007:0353-01 2007-05-17
Fedora FEDORA-2007-484 2007-05-07
Fedora FEDORA-2007-485 2007-05-07

Comments (none posted)

exiftags: multiple vulnerabilities

Package(s):exiftags CVE #(s):CVE-2007-6354 CVE-2007-6355 CVE-2007-6356
Created:December 31, 2007 Updated:April 1, 2008
Description: From the Gentoo advisory: Meder Kydyraliev (Google Security) discovered that Exif metadata is not properly sanitized before being processed, resulting in illegal memory access in the postprop() and other functions (CVE-2007-6354). He also discovered integer overflow vulnerabilities in the parsetag() and other functions (CVE-2007-6355) and an infinite recursion in the readifds() function caused by recursive IFD references (CVE-2007-6356).
Alerts:
Debian DSA-1533-2 2008-04-01
Debian DSA-1533-1 2008-03-27
Gentoo 200712-17 2007-12-29

Comments (none posted)

exiv2: integer overflow

Package(s):exiv2 CVE #(s):CVE-2007-6353
Created:December 21, 2007 Updated:October 15, 2008
Description: Integer overflow in exif.cpp in exiv2 library allows context-dependent attackers to execute arbitrary code via a crafted EXIF file that triggers a heap-based buffer overflow.
Alerts:
Ubuntu USN-655-1 2008-10-15
Mandriva MDVSA-2008:119 2007-06-19
Debian DSA-1474-1 2008-01-23
Mandriva MDVSA-2008:006 2007-01-10
SuSE SUSE-SR:2008:001 2008-01-09
Gentoo 200712-16 2007-12-29
Fedora FEDORA-2007-4591 2007-12-20
Fedora FEDORA-2007-4551 2007-12-20

Comments (none posted)

fetchmail: denial of service

Package(s):fetchmail CVE #(s):CVE-2007-4565
Created:September 5, 2007 Updated:October 30, 2009
Description: fetchmail before 6.3.9 allows context-dependent attackers to cause a denial of service (NULL dereference and application crash) by refusing certain warning messages that are sent over SMTP.
Alerts:
CentOS CESA-2009:1427 2009-09-08
Red Hat RHSA-2009:1427-01 2009-09-08
CentOS CESA-2009:1427 2009-10-30
Ubuntu USN-520-1 2007-09-26
Debian DSA-1377-2 2007-09-21
Debian DSA-1377 2007-09-21
Mandriva MDKSA-2007:179 2007-09-11
Foresight FLEA-2007-0053-1 2007-09-06
rPath rPSA-2007-0178-1 2007-09-05
Fedora FEDORA-2007-1983 2007-09-04
Fedora FEDORA-2007-689 2007-09-04

Comments (none posted)

firebird: buffer overflow

Package(s):firebird CVE #(s):CVE-2007-3181
Created:July 2, 2007 Updated:March 27, 2008
Description: The Firebird DBMS has a buffer overflow vulnerability involving the processing of connect requests with an overly large p_cnct_count value. Remote attackers can send a specially crafted request to the server in order to potentially execute arbitrary code with the permissions of the Firebird user.
Alerts:
Debian DSA-1529-1 2008-03-24
Gentoo 200707-01 2007-07-01

Comments (none posted)

firefox: multiple vulnerabilities

Package(s):firefox CVE #(s):CVE-2007-3844 CVE-2007-3845
Created:August 1, 2007 Updated:February 20, 2008
Description:

A flaw was discovered in handling of "about:blank" windows used by addons. A malicious web site could exploit this to modify the contents, or steal confidential data (such as passwords), of other web pages. (CVE-2007-3844)

Jesper Johansson discovered that spaces and double-quotes were not correctly handled when launching external programs. In rare configurations, after tricking a user into opening a malicious web page, an attacker could execute helpers with arbitrary arguments with the user's privileges. (CVE-2007-3845)

Alerts:
Mandriva MDVSA-2007:047 2007-02-19
Fedora FEDORA-2007-3414 2007-11-16
Fedora FEDORA-2007-3431 2007-11-16
Red Hat RHSA-2007:0981-01 2007-10-19
Red Hat RHSA-2007:0980-01 2007-10-19
Red Hat RHSA-2007:0979-01 2007-10-19
Debian DSA-1391-1 2007-10-19
Gentoo 200708-09 2007-08-14
rPath rPSA-2007-0157-1 2007-08-10
Slackware SSA:2007-215-01 2007-08-06
Debian DSA-1346-1 2007-08-04
Debian DSA-1345-1 2007-08-04
Debian DSA-1344-1 2007-08-03
Foresight FLEA-2007-0040-1 2007-08-03
Slackware SSA:2007-213-01 2007-08-02
Mandriva MDKSA-2007:152 2007-08-01
Foresight FLEA-2007-0039-1 2007-08-01
Ubuntu USN-493-1 2007-07-31

Comments (none posted)

firefox: multiple vulnerabilities

Package(s):firefox seamonkey CVE #(s):CVE-2007-5947 CVE-2007-5959 CVE-2007-5960
Created:November 27, 2007 Updated:March 3, 2008
Description: A cross-site scripting flaw was found in the way Firefox handled the jar: URI scheme. It was possible for a malicious website to leverage this flaw and conduct a cross-site scripting attack against a user running Firefox. (CVE-2007-5947)

Several flaws were found in the way Firefox processed certain malformed web content. A webpage containing malicious content could cause Firefox to crash, or potentially execute arbitrary code as the user running Firefox. (CVE-2007-5959)

A race condition existed when Firefox set the "window.location" property for a webpage. This flaw could allow a webpage to set an arbitrary Referer header, which may lead to a Cross-site Request Forgery (CSRF) attack against websites that rely only on the Referer header for protection. (CVE-2007-5960)

Alerts:
rPath rPSA-2008-0093-1 2008-02-29
Foresight FLEA-2008-0001-1 2008-02-11
Gentoo 200712-21 2007-12-29
Red Hat RHSA-2007:1083-01 2007-12-19
Mandriva MDKSA-2007:246 2007-12-13
Fedora FEDORA-2007-4098 2007-12-06
Debian DSA-1425-1 2007-12-08
Fedora FEDORA-2007-4106 2007-12-06
rPath rPSA-2007-0260-1 2007-12-06
Fedora FEDORA-2007-756 2007-12-03
Slackware SSA:2007-333-01 2007-11-30
Fedora FEDORA-2007-3962 2007-11-29
Fedora FEDORA-2007-3952 2007-11-29
Red Hat RHSA-2007:1082-01 2007-11-26
Debian DSA-1424-1 2007-12-08
Ubuntu USN-546-2 2007-12-04
SuSE SUSE-SA:2007:066 2007-12-05
Slackware SSA:2007-331-01 2007-11-28
Ubuntu USN-546-1 2007-11-26
Red Hat RHSA-2007:1084-01 2007-11-26

Comments (1 posted)

firefox, thunderbird, seamonkey: multiple vulnerabilities

Package(s):firefox, thunderbird, seamonkey CVE #(s):CVE-2007-3738 CVE-2007-3656 CVE-2007-3670 CVE-2007-3285 CVE-2007-3737 CVE-2007-3089 CVE-2007-3736 CVE-2007-3734 CVE-2007-3735
Created:July 18, 2007 Updated:May 12, 2008
Description: shutdown and moz_bug_r_a4 reported two separate ways to modify an XPCNativeWrapper such that subsequent access by the browser would result in executing user-supplied code. (CVE-2007-3738)

Michal Zalewski reported that it was possible to bypass the same-origin checks and read from cached (wyciwyg) documents It is possible to access wyciwyg:// documents without proper same domain policy checks through the use of HTTP 302 redirects. This enables the attacker to steal sensitive data displayed on dynamically generated pages; perform cache poisoning; and execute own code or display own content with URL bar and SSL certificate data of the attacked page (URL spoofing++). (CVE-2007-3656)

Internet Explorer calls registered URL protocols without escaping quotes and may be used to pass unexpected and potentially dangerous data to the application that registers that URL Protocol. (CVE-2007-3670)

Ronald van den Heetkamp reported that a filename URL containing %00 (encoded null) can cause Firefox to interpret the file extension differently than the underlying Windows operating system potentially leading to unsafe actions such as running a program. This is only accessible locally. (CVE-2007-3285)

An attacker can use an element outside of a document to call an event handler allowing content to run arbitrary code with chrome privileges. (CVE-2007-3737)

Ronen Zilberman and Michal Zalewski both reported that it was possible to exploit a timing issue to inject content into about:blank frames in a page. When opening a window from a script, it is possible to spoof the content of the newly opened window's frames within a short time frame, while the window is loading. (CVE-2007-3089)

Mozilla contributor moz_bug_r_a4 demonstrated that the methods addEventListener and setTimeout could be used to inject script into another site in violation of the browser's same-origin policy. This could be used to access or modify private or valuable information from that other site. (CVE-2007-3736)

As part of the Firefox 2.0.0.5 update releases Mozilla developers fixed many bugs to improve the stability of the product. Some of these crashes that showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Note: Thunderbird shares the browser engine with Firefox and could be vulnerable if JavaScript were to be enabled in mail. This is not the default setting and we strongly discourage users from running JavaScript in mail. Without further investigation we cannot rule out the possibility that for some of these an attacker might be able to prepare memory for exploitation through some means other than JavaScript, such as large images. (CVE-2007-3734, CVE-2007-3735)

Alerts:
Debian DSA-1574-1 2008-05-12
Debian DSA-1534-2 2008-04-24
Debian DSA-1535-1 2008-03-30
Debian DSA-1534-1 2008-03-28
Debian DSA-1532-1 2008-03-27
Mandriva MDVSA-2007:047 2007-02-19
Ubuntu USN-503-1 2007-08-24
Slackware SSA:2007-222-04 2007-08-13
SuSE SUSE-SA:2007:049 2007-08-02
Slackware SSA:2007-205-02 2007-07-25
Slackware SSA:2007-205-01 2007-07-25
Foresight FLEA-2007-0033-1 2007-07-24
Debian DSA-1339-1 2007-07-23
Debian DSA-1338-1 2007-07-23
Fedora FEDORA-2007-1181 2007-07-20
Fedora FEDORA-2007-1180 2007-07-20
Debian DSA-1337-1 2007-07-22
Fedora FEDORA-2007-642 2007-07-20
Fedora FEDORA-2007-641 2007-07-20
rPath rPSA-2007-0148-1 2007-07-20
Ubuntu USN-490-1 2007-07-19
Slackware SSA:2007-200-01 2007-07-20
Fedora FEDORA-2007-1159 2007-07-19
Fedora FEDORA-2007-1157 2007-07-19
Fedora FEDORA-2007-1155 2007-07-19
Red Hat RHSA-2007:0724-01 2007-07-18
Red Hat RHSA-2007:0723-01 2007-07-18
Red Hat RHSA-2007:0722-01 2007-07-18
Fedora FEDORA-2007-1143 2007-07-18
Fedora FEDORA-2007-1144 2007-07-18
Fedora FEDORA-2007-1142 2007-07-18
Fedora FEDORA-2007-1138 2007-07-18

Comments (none posted)

flac: arbitrary code execution

Package(s):flac CVE #(s):CVE-2007-6277
Created:January 21, 2008 Updated:January 23, 2008
Description:

From the NVD entry:

Multiple buffer overflows in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allow user-assisted remote attackers to execute arbitrary code via large (1) Metadata Block Size, (2) VORBIS Comment String Size, (3) Picture Metadata MIME-TYPE Size, (4) Picture Description Size, (5) Picture Data Length, (6) Padding Length, and (7) PICTURE Metadata width and height values in a .FLAC file, which result in a heap-based overflow; and large (8) VORBIS Comment String Size Length, (9) Picture MIME-Type, (10) Picture MIME-Type URL, and (11) Picture Description Length values in a .FLAC file, which result in a stack-based overflow. NOTE: some of these issues may overlap CVE-2007-4619.

Alerts:
Debian DSA-1469-1 2008-01-20

Comments (none posted)

flash-plugin: lots of problems

Package(s):flash-plugin CVE #(s):CVE-2007-5275 CVE-2007-4324 CVE-2007-4768 CVE-2007-6242 CVE-2007-6243 CVE-2007-6244 CVE-2007-6245 CVE-2007-6246
Created:December 19, 2007 Updated:November 14, 2008
Description: A vast number of vulnerabilities exists in the proprietary Flash plugin for Firefox.
Alerts:
SuSE SUSE-SR:2008:025 2008-11-14
Red Hat RHSA-2008:0980-02 2008-11-12
Red Hat RHSA-2008:0945-01 2008-10-28
Gentoo 200804-21 2008-04-18
SuSE SUSE-SA:2008:022 2008-04-11
Red Hat RHSA-2008:0221-01 2008-04-08
Gentoo 200801-07:02 2008-01-20
Red Hat RHSA-2007:1126-01 2007-12-18
SuSE SUSE-SA:2007:069 2007-12-21

Comments (3 posted)

freetype: arbitrary code execution

Package(s):freetype CVE #(s):CVE-2007-2754
Created:May 24, 2007 Updated:June 1, 2010
Description: The Freetype font rendering library versions 2.3.4 and below has an integer sign error. Remote attackers may be able to create a specially crafted TrueType Font file with a negative n_points value that will cause an integer overflow and heap-based buffer overflow, allowing the execution of arbitrary code.
Alerts:
Gentoo 201006-01 2010-06-01
Fedora FEDORA-2009-5644 2009-05-28
Fedora FEDORA-2009-5558 2009-05-28
CentOS CESA-2009:0329 2009-05-22
Red Hat RHSA-2009:1062-01 2009-05-22
Red Hat RHSA-2009:0329-02 2009-05-22
Debian DSA-1334 2007-07-18
SuSE SUSE-SA:2007:041 2007-07-04
Fedora FEDORA-2007-561 2007-06-18
Mandriva MDKSA-2007:121 2007-06-13
Foresight FLEA-2007-0025-1 2007-06-13
Red Hat RHSA-2007:0403-01 2007-06-11
Debian DSA-1302-1 2007-06-10
Fedora FEDORA-2007-0033 2007-06-01
Ubuntu USN-466-1 2007-05-30
Gentoo 200705-22 2007-05-30
Trustix TSLSA-2007-0019 2007-05-25
rPath rPSA-2007-0108-1 2007-05-23
Foresight FLEA-2007-0020-1 2007-05-21
OpenPKG OpenPKG-SA-2007.018 2007-05-24

Comments (none posted)

freetype: integer overflows

Package(s):freetype CVE #(s):CVE-2006-0747 CVE-2006-1861 CVE-2006-2493 CVE-2006-2661 CVE-2006-3467
Created:June 8, 2006 Updated:June 1, 2010
Description: The FreeType library has several integer overflow vulnerabilities. If a user can be tricked into installing a specially crafted font file, arbitrary code can be executed with the privilege of the user.
Alerts:
Gentoo 201006-01 2010-06-01
Fedora FEDORA-2009-5644 2009-05-28
Fedora FEDORA-2009-5558 2009-05-28
CentOS CESA-2009:0329 2009-05-22
Red Hat RHSA-2009:1062-01 2009-05-22
Red Hat RHSA-2009:0329-02 2009-05-22
Gentoo 200710-09 2007-10-09
Debian DSA-1178-1 2006-09-16
Ubuntu USN-341-1 2006-09-06
Gentoo 200609-04 2006-09-06
rPath rPSA-2006-0157-1 2006-08-25
Mandriva MDKSA-2006:148 2006-08-24
Red Hat RHSA-2006:0635-01 2006-08-21
Red Hat RHSA-2006:0634-01 2006-08-21
Fedora FEDORA-2006-912 2006-08-14
SuSE SUSE-SA:2006:045 2006-08-01
OpenPKG OpenPKG-SA-2006.017 2006-07-28
Ubuntu USN-324-1 2006-07-27
Slackware SSA:2006-207-02 2006-07-27
Mandriva MDKSA-2006:129 2006-07-20
Gentoo 200607-02 2006-07-09
SuSE SUSE-SA:2006:037 2006-06-27
Mandriva MDKSA-2006:099-1 2006-06-13
Mandriva MDKSA-2006:099 2006-06-12
rPath rPSA-2006-0100-1 2006-06-12
Debian DSA-1095-1 2006-06-10
Ubuntu USN-291-1 2006-06-08

Comments (none posted)

gallery2: multiple vulnerabilities

Package(s):gallery2 CVE #(s):CVE-2007-6685 CVE-2007-6686 CVE-2007-6687 CVE-2007-6688 CVE-2007-6689 CVE-2007-6690 CVE-2007-6691 CVE-2007-6692 CVE-2007-6693
Created:December 27, 2007 Updated:February 12, 2008
Description: Versions of the Gallery photo management application before 2.2.4 have the following vulnerabilities: (1) an unauthorized album creation and file upload, (2) a local file inclusion vulnerability, (3) several cross site scripting vulnerabilities, (4) a web-accessibility protection problem, (5) problems with checks for disallowed file extensions with file uploads, (6) missing permissions checks on GR commands, (7) several information disclosures, (8) an arbitrary URL redirection problem and (9) a proxied request weakness.
Alerts:
Gentoo 200802-04 2008-02-11
Fedora FEDORA-2007-4778 2007-12-26
Fedora FEDORA-2007-4777 2007-12-26

Comments (none posted)

gcc: file overwrite vulnerability

Package(s):gcc CVE #(s):CVE-2006-3619
Created:September 6, 2006 Updated:March 14, 2008
Description: The fastjar utility found in the GNU compiler collection does not perform adequate file path checking, allowing the creation or overwriting of files outside of the current directory tree.
Alerts:
Mandriva MDVSA-2008:066 2007-03-13
Red Hat RHSA-2007:0473-01 2007-06-11
Red Hat RHSA-2007:0220-02 2007-05-01
Debian DSA-1170-1 2006-09-06

Comments (none posted)

gd: buffer overflow

Package(s):gd CVE #(s):CVE-2007-0455
Created:February 7, 2007 Updated:November 18, 2009
Description: The gd graphics library contains a buffer overflow which could enable a remote attacker to execute arbitrary code. Note that various other packages include code from gd and could also be vulnerable.
Alerts:
Debian DSA-1936-1 2009-11-17
Red Hat RHSA-2008:0146-01 2008-02-28
Ubuntu USN-473-1 2007-06-11
OpenPKG OpenPKG-SA-2007.016 2007-05-18
Trustix TSLSA-2007-0007 2007-02-13
Fedora FEDORA-2007-150 2007-02-12
Fedora FEDORA-2007-149 2007-02-12
rPath rPSA-2007-0028-1 2007-02-08
Mandriva MDKSA-2007:038 2006-02-06
Mandriva MDKSA-2007:036 2006-02-06
Mandriva MDKSA-2007:035 2006-02-06

Comments (2 posted)

gd: multiple vulnerabilities

Package(s):gd CVE #(s):CVE-2007-3472 CVE-2007-3473 CVE-2007-3474 CVE-2007-3475 CVE-2007-3476 CVE-2007-3477 CVE-2007-3478
Created:August 6, 2007 Updated:November 6, 2009
Description: Integer overflow in gdImageCreateTrueColor function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to have unspecified remote attack vectors and impact. (CVE-2007-3472)

The gdImageCreateXbm function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors involving a gdImageCreate failure. (CVE-2007-3473)

Multiple unspecified vulnerabilities in the GIF reader in the GD Graphics Library (libgd) before 2.0.35 allow user-assisted remote attackers to have unspecified attack vectors and impact. (CVE-2007-3474)

The GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via a GIF image that has no global color map. (CVE-2007-3475)

Array index error in gd_gif_in.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash and heap corruption) via large color index values in crafted image data, which results in a segmentation fault. (CVE-2007-3476)

The (a) imagearc and (b) imagefilledarc functions in GD Graphics Library (libgd) before 2.0.35 allows attackers to cause a denial of service (CPU consumption) via a large (1) start or (2) end angle degree value. (CVE-2007-3477)

Race condition in gdImageStringFTEx (gdft_draw_bitmap) in gdft.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors, possibly involving truetype font (TTF) support. (CVE-2007-3478)

Alerts:
Ubuntu USN-854-1 2009-11-05
Debian DSA-1613-1 2008-07-22
Red Hat RHSA-2008:0146-01 2008-02-28
SuSE SUSE-SR:2007:015 2007-08-03
Fedora FEDORA-2007-692 2007-09-18
Fedora FEDORA-2007-2055 2007-09-07
Foresight FLEA-2007-0052-1 2007-09-06
rPath rPSA-2007-0176-1 2007-09-05
Trustix TSLSA-2007-0024 2007-08-10
Gentoo 200708-05 2007-08-09
Mandriva MDKSA-2007:153 2007-08-03

Comments (none posted)

gd: denial of service

Package(s):gd CVE #(s):CVE-2007-2756
Created:June 14, 2007 Updated:February 28, 2008
Description: Libgd2 has a denial of service vulnerability involving the incorrect validation of PNG callback results. If an application that is linked against libgd2 is used to process a specially-crafted PNG file, a denial of service involving CPU resource consumption can be caused.
Alerts:
Red Hat RHSA-2008:0146-01 2008-02-28
Slackware SSA:2007-178-01 2007-06-27
SuSE SUSE-SR:2007:013 2007-06-22
Mandriva MDKSA-2007:124 2007-06-13
Mandriva MDKSA-2007:123 2007-06-13
Mandriva MDKSA-2007:122 2007-06-13

Comments (none posted)

gedit: format string vulnerability

Package(s):gedit CVE #(s):CAN-2005-1686
Created:June 9, 2005 Updated:February 5, 2009
Description: A format string vulnerability has been discovered in gedit. Calling the program with specially crafted file names caused a buffer overflow, which could be exploited to execute arbitrary code with the privileges of the gedit user.
Alerts:
Fedora FEDORA-2009-1189 2009-01-29
Fedora FEDORA-2009-1187 2009-01-29
Debian DSA-753-1 2005-07-12
Mandriva MDKSA-2005:102 2005-06-15
Red Hat RHSA-2005:499-01 2005-06-13
Gentoo 200506-09 2005-06-11
Ubuntu USN-138-1 2005-06-09

Comments (1 posted)

gimp: multiple vulnerabilities

Package(s):gimp CVE #(s):CVE-2007-2949
Created:June 28, 2007 Updated:February 27, 2008
Description: The gimp image editor has several vulnerabilities, including a problem where it can open PSD files with excessive dimensions and a possible stack overflow in the Sunras loader.
Alerts:
SuSE SUSE-SR:2007:015 2007-08-03
Red Hat RHSA-2007:0513-01 2007-09-26
Mandriva MDKSA-2007:170 2007-08-23
Slackware SSA:2007-222-01 2007-08-13
Foresight FLEA-2007-0038-1 2007-08-01
Gentoo 200707-09 2007-07-25
Fedora FEDORA-2007-627 2007-07-16
Debian DSA-1335-1 2007-07-18
Fedora FEDORA-2007-1099 2007-07-16
Fedora FEDORA-2007-1044 2007-07-12
rPath rPSA-2007-0138-1 2007-07-11
Ubuntu USN-480-1 2007-07-04
Fedora FEDORA-2007-618 2007-06-27
Fedora FEDORA-2007-619 2007-06-27
Fedora FEDORA-2007-0725 2007-06-27

Comments (none posted)

gnome-screensaver: keyboard lock bypass

Package(s):gnome-screensaver CVE #(s):CVE-2007-3920
Created:October 24, 2007 Updated:October 15, 2009
Description: From the Ubuntu advisory:

Jens Askengren discovered that gnome-screensaver became confused when running under Compiz, and could lose keyboard lock focus. A local attacker could exploit this to bypass the user's locked screen saver.

Alerts:
SuSE SUSE-SA:2008:027 2008-06-13
Red Hat RHSA-2008:0485-02 2008-05-21
Fedora FEDORA-2008-0956 2008-01-24
Fedora FEDORA-2008-0930 2008-01-24
Ubuntu USN-537-2 2007-11-02
Ubuntu USN-537-1 2007-10-23

Comments (none posted)

openssh: inappropriate use of trusted cookies

Package(s):gnome-ssh-askpass openssh CVE #(s):CVE-2007-4752
Created:September 11, 2007 Updated:August 25, 2008
Description: OpenSSH in versions prior 4.7 could use a trusted X11 cookie if the creation of an untrusted cookie failed.
Alerts:
CentOS CESA-2008:0855 2008-08-22
Red Hat RHSA-2008:0855-01 2008-08-22
Debian DSA-1576-1 2008-05-14
Ubuntu USN-566-1 2008-01-09
Mandriva MDKSA-2007:236 2007-12-04
Gentoo 200711-02 2007-11-01
Fedora FEDORA-2007-715 2007-10-15
Foresight FLEA-2007-0055-1 2007-09-17
Slackware SSA:2007-255-01 2007-09-13
rPath rPSA-2007-0181-1 2007-09-10

Comments (none posted)

grip: buffer overflow

Package(s):grip CVE #(s):CAN-2005-0706
Created:March 10, 2005 Updated:November 19, 2008
Description: Grip, a CD ripper, has a buffer overflow vulnerability that can occur when the CDDB server returns more than 16 matches.
Alerts:
Fedora FEDORA-2008-9604 2008-11-19
Fedora FEDORA-2008-9521 2008-11-19
Fedora-Legacy FLSA:152919 2005-09-15
Mandriva MDKSA-2005:074 2005-04-20
Mandriva MDKSA-2005:075 2005-04-20
Gentoo 200504-07 2005-04-08
Mandrake MDKSA-2005:066 2005-04-01
Red Hat RHSA-2005:304-01 2005-03-28
Gentoo 200503-21 2005-03-17
Fedora FEDORA-2005-203 2005-03-09
Fedora FEDORA-2005-202 2005-03-09

Comments (none posted)

gzip: multiple vulnerabilities

Package(s):gzip CVE #(s):CVE-2006-4334 CVE-2006-4335 CVE-2006-4336 CVE-2006-4337 CVE-2006-4338
Created:September 19, 2006 Updated:January 20, 2010
Description: Tavis Ormandy of the Google Security Team discovered two denial of service flaws in the way gzip expanded archive files. If a victim expanded a specially crafted archive, it could cause the gzip executable to hang or crash.

Tavis Ormandy of the Google Security Team discovered several code execution flaws in the way gzip expanded archive files. If a victim expanded a specially crafted archive, it could cause the gzip executable to crash or execute arbitrary code.

Alerts:
Debian DSA-1974-1 2010-01-20
Fedora FEDORA-2007-557 2007-05-31
Gentoo 200611-24 2006-11-28
Fedora-Legacy FLSA:211760 2006-11-13
Fedora FEDORA-2006-989 2006-10-10
SuSE SUSE-SA:2006:056 2006-09-26
Gentoo 200609-13 2006-09-23
Trustix TSLSA-2006-0052 2006-09-22
Mandriva MDKSA-2006:167 2006-09-20
Slackware SSA:2006-262-01 2006-09-20
OpenPKG OpenPKG-SA-2006.020 2006-09-20
Debian DSA-1181-1 2006-09-19
rPath rPSA-2006-0170-1 2006-09-19
Ubuntu USN-349-1 2006-09-19
Red Hat RHSA-2006:0667-01 2006-09-19

Comments (1 posted)

horde3: remote email deletion

Package(s):horde3 CVE #(s):CVE-2007-6018
Created:January 21, 2008 Updated:March 24, 2009
Description:

From the Debian advisory:

Ulf Harnhammer discovered that the HTML filter of the Horde web application framework performed insufficient input sanitising, which may lead to the deletion of emails if a user is tricked into viewing a malformed email inside the Imp client.

Alerts:
SuSE SUSE-SR:2009:007 2009-03-24
Fedora FEDORA-2008-2087 2008-02-28
Fedora FEDORA-2008-2040 2008-02-28
Fedora FEDORA-2008-2087 2008-02-28
Fedora FEDORA-2008-2040 2008-02-28
Fedora FEDORA-2008-2087 2008-02-28
Fedora FEDORA-2008-2040 2008-02-28
Gentoo 200802-03 2008-02-11
Debian DSA-1470-1 2008-01-20

Comments (none posted)

horde-kronolith: local file inclusion

Package(s):horde-kronolith CVE #(s):CVE-2006-6175
Created:January 17, 2007 Updated:March 7, 2008
Description: Kronolith contains a mistake in lib/FBView.php where a raw, unfiltered string is used instead of a sanitized string to view local files. An authenticated attacker could craft an HTTP GET request that uses directory traversal techniques to execute any file on the web server as PHP code, which could allow information disclosure or arbitrary code execution with the rights of the user running the PHP application (usually the webserver user).
Alerts:
Gentoo 200701-11 2007-01-16

Comments (none posted)

hsqldb: unspecified vulnerability

Package(s):hsqldb CVE #(s):CVE-2007-4576
Created:January 22, 2008 Updated:January 23, 2008
Description: HSQLDB contains an unspecified vulnerability which should be fixed in version 1.8.0.8.
Alerts:
Fedora FEDORA-2007-4119 2008-01-22
Fedora FEDORA-2007-4171 2008-01-22

Comments (none posted)

httpd: cross-site scripting, denial of service

Package(s):httpd CVE #(s):CVE-2007-6421 CVE-2007-6422
Created:January 15, 2008 Updated:April 4, 2008
Description: A flaw was found in the mod_proxy_balancer module. On sites where mod_proxy_balancer was enabled, a cross-site scripting attack against an authorized user was possible. (CVE-2007-6421)

A flaw was found in the mod_proxy_balancer module. On sites where mod_proxy_balancer was enabled, an authorized user could send a carefully crafted request that would cause the Apache child process handling that request to crash. This could lead to a denial of service if using a threaded Multi-Processing Module. (CVE-2007-6422)

Alerts:
SuSE SUSE-SA:2008:021 2008-04-04
Gentoo 200803-19 2008-03-11
Fedora FEDORA-2008-1695 2008-02-15
Fedora FEDORA-2008-1711 2008-02-15
Slackware SSA:2008-045-01 2008-02-15
Ubuntu USN-575-1 2008-02-04
Red Hat RHSA-2008:0009-01 2008-01-21
Red Hat RHSA-2008:0008-01 2008-01-15

Comments (1 posted)

imagemagick: multiple vulnerabilities

Package(s):imagemagick CVE #(s):CVE-2007-4985 CVE-2007-4986 CVE-2007-4987 CVE-2007-4988
Created:October 4, 2007 Updated:August 11, 2009
Description: The ImageMagick image decoders have multiple vulnerabilities. If a user can be tricked into processing a specially crafted DCM, DIB, XBM, XCF, or XWD image, arbitrary code may be executed with the user's privileges.
Alerts:
Debian DSA-1858-1 2009-08-10
Red Hat RHSA-2008:0145-01 2008-04-16
Red Hat RHSA-2008:0165-01 2008-04-16
Mandriva MDVSA-2008:035 2007-02-05
Foresight FLEA-2007-0066-1 2007-11-11
Gentoo 200710-27 2007-10-24
rPath rPSA-2007-0220-1 2007-10-18
Ubuntu USN-523-1 2007-10-03
Oracle ELSA-2012-0301 2012-03-07

Comments (none posted)

ImageMagick: integer overflows

Package(s):imagemagick CVE #(s):CVE-2007-1797
Created:April 4, 2007 Updated:August 11, 2009
Description: Multiple integer overflows in ImageMagick before 6.3.3-5 allow remote attackers to execute arbitrary code via (1) a crafted DCM image, which results in a heap-based overflow in the ReadDCMImage function, or (2) the (a) colors or (b) comments field in a crafted XWD image, which results in a heap-based overflow in the ReadXWDImage function, different issues than CVE-2007-1667.
Alerts:
Debian DSA-1858-1 2009-08-10
Red Hat RHSA-2008:0165-01 2008-04-16
Red Hat RHSA-2008:0145-01 2008-04-16
Fedora FEDORA-2007-1340 2007-07-30
Mandriva MDKSA-2007:147 2007-07-20
Ubuntu USN-481-1 2007-07-10
Gentoo 200705-13 2007-05-10
Fedora FEDORA-2007-414 2007-04-17
Fedora FEDORA-2007-413 2007-04-05
rPath rPSA-2007-0064-1 2007-04-04

Comments (none posted)

jasper: denial of service

Package(s):jasper CVE #(s):CVE-2007-2721
Created:June 1, 2007 Updated:April 19, 2010
Description: The jpc_qcx_getcompparms function in jpc/jpc_cs.c could allow remote user-assisted attackers to cause a denial of service (crash) and possibly corrupt the heap via malformed image files.
Alerts:
Debian DSA-2036-1 2010-04-17
Mandriva MDVSA-2009:142-1 2009-12-03
Mandriva MDVSA-2009:164 2009-07-28
Mandriva MDVSA-2009:142 2009-06-26
CentOS CESA-2009:0012 2009-02-11
Red Hat RHSA-2009:0012-01 2009-02-11
Mandriva MDKSA-2007:209 2007-11-05
Mandriva MDKSA-2007:208 2007-11-05
Ubuntu USN-501-2 2007-10-22
Ubuntu USN-501-1 2007-08-20
Mandriva MDKSA-2007:129 2007-06-19
Fedora FEDORA-2007-0001 2007-06-01

Comments (none posted)

java: multiple vulnerabilities

Package(s):java CVE #(s):CVE-2006-4339 CVE-2006-4790 CVE-2006-6731 CVE-2006-6736 CVE-2006-6737 CVE-2006-6745
Created:January 18, 2007 Updated:June 4, 2010
Description: java has multiple vulnerabilities, these include: an RSA exponent padding attack vulnerability, two vulnerabilities which allow untrusted applets to access data in other applets, vulnerabilities that involve applets gaining privileges due to serialization bugs in the JRE and buffer overflows in the java image handling routines that can give attackers read/write/execute capabilities for local files.
Alerts:
Pardus 2010-67 2010-06-04
Gentoo 200705-20 2007-05-26
Red Hat RHSA-2007:0073-01 2007-02-09
Red Hat RHSA-2007:0072-01 2007-02-08
Red Hat RHSA-2007:0062-02 2007-02-07
Gentoo 200701-15 2007-01-22
SuSE SUSE-SA:2007:010 2007-01-18

Comments (1 posted)

java-1.5.0-sun: multiple vulnerabilities

Package(s):java-1.5.0-sun CVE #(s):CVE-2007-3503 CVE-2007-3655 CVE-2007-3698 CVE-2007-3922
Created:August 6, 2007 Updated:June 24, 2008
Description: The Javadoc tool was able to generate HTML documentation pages that contained cross-site scripting (XSS) vulnerabilities. A remote attacker could use this to inject arbitrary web script or HTML. (CVE-2007-3503)

The Java Web Start URL parsing component contained a buffer overflow vulnerability within the parsing code for JNLP files. A remote attacker could create a malicious JNLP file that could trigger this flaw and execute arbitrary code when opened. (CVE-2007-3655)

The JSSE component did not correctly process SSL/TLS handshake requests. A remote attacker who is able to connect to a JSSE-based service could trigger this flaw leading to a denial-of-service. (CVE-2007-3698)

A flaw was found in the applet class loader. An untrusted applet could use this flaw to circumvent network access restrictions, possibly connecting to services hosted on the machine that executed the applet. (CVE-2007-3922)

Alerts:
Red Hat RHSA-2008:0133-01 2008-06-24
SuSE SUSE-SA:2008:025 2008-04-25
Gentoo 200804-20 2008-04-17
Red Hat RHSA-2008:0132-01 2008-02-14
Red Hat RHSA-2007:1086-01 2007-12-12
SuSE SUSE-SA:2007:056 2007-10-18
Red Hat RHSA-2007:0956-01 2007-10-16
Slackware SSA:2007-243-01 2007-08-31
Red Hat RHSA-2007:0829-01 2007-08-07
Red Hat RHSA-2007:0818-01 2007-08-06

Comments (none posted)

java-1.5.0-sun: multiple vulnerabilities

Package(s):java-1.5.0-sun CVE #(s):CVE-2007-5232 CVE-2007-5238 CVE-2007-5239 CVE-2007-5240 CVE-2007-5273 CVE-2007-5274
Created:October 12, 2007 Updated:April 25, 2008
Description: Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when applet caching is enabled, allows remote attackers to violate the security model for an applet's outbound connections via a DNS rebinding attack. (CVE-2007-5232)

Java Web Start in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, and SDK and JRE 1.4.2_15 and earlier does not properly enforce access restrictions for untrusted applications, which allows user-assisted remote attackers to obtain sensitive information (the Java Web Start cache location) via an untrusted application, aka "three vulnerabilities." (CVE-2007-5238)

Java Web Start in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier does not properly enforce access restrictions for untrusted (1) applications and (2) applets, which allows user-assisted remote attackers to copy or rename arbitrary files when local users perform drag-and-drop operations from the untrusted application or applet window onto certain types of desktop applications. (CVE-2007-5239)

Visual truncation vulnerability in the Java Runtime Environment in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier allows remote attackers to circumvent display of the untrusted-code warning banner by creating a window larger than the workstation screen. (CVE-2007-5240)

Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when an HTTP proxy server is used, allows remote attackers to violate the security model for an applet's outbound connections via a multi-pin DNS rebinding attack in which the applet download relies on DNS resolution on the proxy server, but the applet's socket operations rely on DNS resolution on the local machine, a different issue than CVE-2007-5274. NOTE: this is similar to CVE-2007-5232. (CVE-2007-5273)

Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when Firefox or Opera is used, allows remote attackers to violate the security model for JavaScript outbound connections via a multi-pin DNS rebinding attack dependent on the LiveConnect API, in which JavaScript download relies on DNS resolution by the browser, but JavaScript socket operations rely on separate DNS resolution by a Java Virtual Machine (JVM), a different issue than CVE-2007-5273. NOTE: this is similar to CVE-2007-5232. (CVE-2007-5274)

Alerts:
SuSE SUSE-SA:2008:025 2008-04-25
Gentoo 200804-20 2008-04-17
Red Hat RHSA-2008:0100-01 2008-03-11
Red Hat RHSA-2008:0156-02 2008-03-05
Red Hat RHSA-2008:0132-01 2008-02-14
Red Hat RHSA-2007:1041-01 2007-11-26
Foresight FLEA-2007-0061-1 2007-10-26
SuSE SUSE-SA:2007:055 2007-10-17
Red Hat RHSA-2007:0963-01 2007-10-12

Comments (1 posted)

JRockit: multiple vulnerabilities

Package(s):jrockit-jdk-bin CVE #(s):CVE-2007-2788 CVE-2007-4381 CVE-2007-3716 CVE-2007-2789 CVE-2007-3004 CVE-2007-3005 CVE-2007-3503 CVE-2007-3698 CVE-2007-3922
Created:September 24, 2007 Updated:June 24, 2008
Description: An integer overflow vulnerability exists in the embedded ICC profile image parser (CVE-2007-2788), an unspecified vulnerability exists in the font parsing implementation (CVE-2007-4381), and an error exists when processing XSLT stylesheets contained in XSLT Transforms in XML signatures (CVE-2007-3716), among other vulnerabilities.
Alerts:
Red Hat RHSA-2008:0133-01 2008-06-24
SuSE SUSE-SA:2008:025 2008-04-25
Gentoo 200804-20 2008-04-17
Red Hat RHSA-2008:0100-01 2008-03-11
Red Hat RHSA-2008:0132-01 2008-02-14
Red Hat RHSA-2007:1086-01 2007-12-12
Gentoo 200709-15 2007-09-23

Comments (none posted)

kdebase: denial of service

Package(s):kdebase CVE #(s):CVE-2007-5963
Created:December 18, 2007 Updated:January 19, 2009
Description: The kdebase package is vulnerable to a denial of service in which a local user can render KDM unusable for logins by any user or cause KDM to exceed system resource limits.
Alerts:
Mandriva MDVSA-2009:017 2009-01-16
rPath rPSA-2007-0268-1 2007-12-17

Comments (none posted)

kdelibs: kate backup file permission leak

Package(s):kdelibs kate kwrite CVE #(s):CAN-2005-1920
Created:July 19, 2005 Updated:September 21, 2010
Description: Kate / Kwrite, as shipped with KDE 3.2.x up to including 3.4.0, creates a file backup before saving a modified file. These backup files are created with default permissions, even if the original file had more strict permissions set. See this advisory for more information.
Alerts:
Gentoo 200611-21 2006-11-27
Debian DSA-804-2 2005-11-10
Debian DSA-804-1 2005-09-08
Red Hat RHSA-2005:612-01 2005-07-27
Ubuntu USN-150-1 2005-07-21
Mandriva MDKSA-2005:122 2005-07-20
Fedora FEDORA-2005-594 2005-07-19

Comments (1 posted)

kernel: out-of-bounds access

Package(s):kernel CVE #(s):CVE-2007-4573
Created:September 25, 2007 Updated:December 6, 2010
Description: The IA32 system call emulation functionality in Linux kernel 2.4.x and 2.6.x before 2.6.22.7, when running on the x86_64 architecture, does not zero extend the eax register after the 32bit entry path to ptrace is used, which might allow local users to gain privileges by triggering an out-of-bounds access to the system call table using the %RAX register.
Alerts:
Mandriva MDVSA-2010:247 2010-12-03
Mandriva MDVSA-2010:188 2010-09-23
Mandriva MDVSA-2010:198 2010-10-07
Mandriva MDVSA-2008:105 2007-05-21
Debian DSA-1504 2008-02-22
Mandriva MDVSA-2008:008 2008-01-11
SuSE SUSE-SA:2007:064 2007-12-04
SuSE SUSE-SA:2007:053 2007-10-12
Mandriva MDKSA-2007:195 2007-10-15
Mandriva MDKSA-2007:196 2007-10-15
Debian DSA-1381-2 2007-10-12
Debian DSA-1381-1 2007-10-02
Debian DSA-1378-2 2007-09-28
Debian DSA-1378-1 2007-09-27
Red Hat RHSA-2007:0938-01 2007-09-27
Red Hat RHSA-2007:0937-01 2007-09-27
Red Hat RHSA-2007:0936-01 2007-09-27
Ubuntu USN-518-1 2007-09-25
rPath rPSA-2007-0198-1 2007-09-24
Fedora FEDORA-2007-712 2007-09-24
Fedora FEDORA-2007-2298 2007-09-25

Comments (none posted)

kernel: ALSA returns incorrect write size

Package(s):kernel CVE #(s):CVE-2007-4571
Created:September 28, 2007 Updated:June 20, 2008
Description: The snd_mem_proc_read function in sound/core/memalloc.c in the Advanced Linux Sound Architecture (ALSA) in the Linux kernel before 2.6.22.8 does not return the correct write size, which allows local users to obtain sensitive information (kernel memory contents) via a small count argument, as demonstrated by multiple reads of /proc/driver/snd-page-alloc.
Alerts:
Ubuntu USN-618-1 2008-06-19
Debian DSA-1505 2008-02-22
Debian DSA-1479 2008-01-29
Red Hat RHSA-2007:0993-01 2007-11-29
Red Hat RHSA-2007:0939-01 2007-11-01
SuSE SUSE-SA:2007:053 2007-10-12
Fedora FEDORA-2007-714 2007-10-08
Fedora FEDORA-2007-2349 2007-09-28
rPath rPSA-2007-0202-1 2007-09-27

Comments (none posted)

kernel: denial of service

Package(s):kernel CVE #(s):CVE-2006-4535 CVE-2006-4538
Created:September 18, 2006 Updated:January 5, 2009
Description: Sridhar Samudrala discovered a local denial of service vulnerability in the handling of SCTP sockets. By opening such a socket with a special SO_LINGER value, a local attacker could exploit this to crash the kernel. (CVE-2006-4535)

Kirill Korotaev discovered that the ELF loader on the ia64 and sparc platforms did not sufficiently verify the memory layout. By attempting to execute a specially crafted executable, a local user could exploit this to crash the kernel. (CVE-2006-4538)

Alerts:
Red Hat RHSA-2008:0787-01 2009-01-05
Red Hat RHSA-2007:1049-01 2007-12-03
Mandriva MDKSA-2006:182 2006-10-11
Red Hat RHSA-2006:0689-01 2006-10-05
Debian DSA-1184-2 2006-09-26
Debian DSA-1184-1 2006-09-25
Debian DSA-1183-1 2006-09-25
Ubuntu USN-347-1 2006-09-18

Comments (none posted)

kernel: denial of service

Package(s):kernel CVE #(s):CVE-2007-1861 CVE-2007-2242
Created:May 1, 2007 Updated:February 8, 2008
Description: The netlink protocol has an infinite recursion bug that allows users to cause a kernel crash. Also the IPv6 protocol allows remote attackers to cause a denial of service via crafted IPv6 type 0 route headers (IPV6_RTHDR_TYPE_0) that create network amplification between two routers.
Alerts:
SuSE SUSE-SA:2008:006 2008-02-07
Ubuntu USN-508-1 2007-08-31
Mandriva MDKSA-2007:171 2007-08-28
Ubuntu USN-489-1 2007-07-19
Ubuntu USN-486-1 2007-07-17
SuSE SUSE-SA:2007:051 2007-09-06
Mandriva MDKSA-2007:216 2007-11-13
Red Hat RHSA-2007:0347-01 2007-05-16
Debian DSA-1289-1 2007-05-13
Foresight FLEA-2007-0016-1 2007-05-08
rPath rPSA-2007-0084-1 2007-05-01
Fedora FEDORA-2007-483 2007-05-01
Fedora FEDORA-2007-482 2007-05-01

Comments (none posted)

kernel: remote denial of service

Package(s):kernel CVE #(s):CVE-2006-6058 CVE-2007-4997
Created:November 9, 2007 Updated:June 13, 2008
Description: The Minix filesystem code in Linux kernel 2.6.x up to 2.6.18, and possibly other versions, allows local users to cause a denial of service (hang) via a malformed minix file stream that triggers an infinite loop in the minix_bmap function. NOTE: this issue might be due to an integer overflow or signedness error.

Integer underflow in the ieee80211_rx function in net/ieee80211/ieee80211_rx.c in the Linux kernel 2.6.x before 2.6.23 allows remote attackers to cause a denial of service (crash) via a crafted SKB length value in a runt IEEE 802.11 frame when the IEEE80211_STYPE_QOS_DATA flag is set, aka an "off-by-two error."

Alerts:
Mandriva MDVSA-2008:112 2007-06-12
Mandriva MDVSA-2008:105 2007-05-21
Debian DSA-1504 2008-02-22
Ubuntu USN-578-1 2008-02-14
SuSE SUSE-SA:2008:006 2008-02-07
Ubuntu USN-574-1 2008-02-04
Mandriva MDVSA-2008:008 2008-01-11
Debian DSA-1436-1 2007-12-20
Debian DSA-1428-2 2007-12-11
SuSE SUSE-SA:2007:064 2007-12-04
Red Hat RHSA-2007:1104-01 2007-12-19
Ubuntu USN-558-1 2007-12-19
Debian DSA-1428-1 2007-12-10
Red Hat RHSA-2007:0993-01 2007-11-29
Mandriva MDKSA-2007:232 2007-11-28
rPath rPSA-2007-0245-2 2007-11-21
rPath rPSA-2007-0245-1 2007-11-21
Mandriva MDKSA-2007:226 2007-11-19
Red Hat RHSA-2007:0672-01 2007-08-08
SuSE SUSE-SA:2007:059 2007-11-09

Comments (1 posted)

kernel: local filesystem corruption

Package(s):kernel CVE #(s):CVE-2008-0001
Created:January 17, 2008 Updated:June 13, 2008
Description: From the mitre.org CVE description: VFS in the Linux kernel before 2.6.23.14 performs tests of access mode by using the flag variable instead of the acc_mode variable, which might allow local users to bypass file permissions.
Alerts:
Mandriva MDVSA-2008:112 2007-06-12
SuSE SUSE-SA:2008:013 2008-03-06
Ubuntu USN-578-1 2008-02-14
Mandriva MDVSA-2008:044 2008-02-12
Fedora FEDORA-2008-0984 2008-02-05
SuSE SUSE-SA:2008:006 2008-02-07
Ubuntu USN-574-1 2008-02-04
Red Hat RHSA-2008:0055-01 2008-01-31
Debian DSA-1479 2008-01-29
Fedora FEDORA-2008-0958 2008-01-29
Fedora FEDORA-2008-0748 2008-01-24
Red Hat RHSA-2008:0089-01 2008-01-23
rPath rPSA-2008-0021-1 2008-01-17

Comments (none posted)

kernel: several vulnerabilities

Package(s):kernel CVE #(s):CVE-2007-1353 CVE-2007-2451 CVE-2007-2453
Created:June 11, 2007 Updated:March 6, 2008
Description: Ilja van Sprundel discovered that Bluetooth setsockopt calls could leak kernel memory contents via an uninitialized stack buffer. A local attacker could exploit this flaw to view sensitive kernel information. (CVE-2007-1353)

The GEODE-AES driver did not correctly initialize its encryption key. Any data encrypted using this type of device would be easily compromised. (CVE-2007-2451)

The random number generator was hashing a subset of the available entropy, leading to slightly less random numbers. Additionally, systems without an entropy source would be seeded with the same inputs at boot time, leading to a repeatable series of random numbers. (CVE-2007-2453)

Alerts:
Debian DSA-1504 2008-02-22
Debian DSA-1503-2 2008-03-06
Debian DSA-1503 2008-02-22
Red Hat RHSA-2007:0488-01 2007-06-25
Debian DSA-1356-1 2007-08-15
SuSE SUSE-SA:2007:051 2007-09-06
Mandriva MDKSA-2007:216 2007-11-13
Mandriva MDKSA-2007:171 2007-08-28
Red Hat RHSA-2007:0671-01 2007-08-16
Red Hat RHSA-2007:0673-01 2007-08-08
Red Hat RHSA-2007:0672-01 2007-08-08
Ubuntu USN-489-1 2007-07-19
Ubuntu USN-486-1 2007-07-17
Fedora FEDORA-2007-600 2007-06-25
Fedora FEDORA-2007-599 2007-06-21
SuSE SUSE-SA:2007:035 2007-06-14
Red Hat RHSA-2007:0376-01 2007-06-14
Fedora FEDORA-2007-0409 2007-06-13
Ubuntu USN-470-1 2007-06-08

Comments (none posted)

kernel: signal handling flaw on PPC

Package(s):kernel CVE #(s):CVE-2007-3107
Created:July 10, 2007 Updated:February 4, 2008
Description: A flaw in the signal handling on PowerPC-based systems that allowed a local user to cause a denial of service (floating point corruption).
Alerts:
Ubuntu USN-574-1 2008-02-04
SuSE SUSE-SA:2007:053 2007-10-12
SuSE SUSE-SA:2007:051 2007-09-06
Red Hat RHSA-2007:0595-01 2007-07-10

Comments (none posted)

kernel: several vulnerabilities

Package(s):kernel CVE #(s):CVE-2006-5823 CVE-2006-6054 CVE-2007-1592
Created:June 12, 2007 Updated:March 21, 2011
Description: A flaw in the cramfs file system allows invalid compressed data to cause memory corruption (CVE-2006-5823)

A flaw in the ext2 file system allows an invalid inode size to cause a denial of service (system hang) (CVE-2006-6054)

A flaw in IPV6 flow label handling allows a local user to cause a denial of service (crash) (CVE-2007-1592)

Alerts:
Mandriva MDVSA-2011:051 2011-03-18
Debian DSA-1503-2 2008-03-06
Debian DSA-1504 2008-02-22
Debian DSA-1503 2008-02-22
Red Hat RHSA-2007:0673-01 2007-08-08
Red Hat RHSA-2007:0672-01 2007-08-08
SuSE SUSE-SA:2007:035 2007-06-14
Red Hat RHSA-2007:0347-01 2007-05-16
SuSE SUSE-SA:2007:043 2007-07-09
Debian DSA-1304-1 2007-06-16
rPath rPSA-2007-0124-1 2007-06-14
Red Hat RHSA-2007:0436-01 2007-06-11

Comments (none posted)

kernel: denial of service

Package(s):kernel CVE #(s):CVE-2007-5500
Created:November 28, 2007 Updated:July 8, 2008
Description: The wait_task_stopped function in the Linux kernel before 2.6.23.8 checks a TASK_TRACED bit instead of an exit_state value, which allows local users to cause a denial of service (machine crash) via unspecified vectors.
Alerts:
SuSE SUSE-SA:2008:032 2008-07-07
SuSE SUSE-SA:2008:030 2008-06-20
Mandriva MDVSA-2008:112 2007-06-12
SuSE SUSE-SA:2008:013 2008-03-06
Ubuntu USN-578-1 2008-02-14
Mandriva MDVSA-2008:044 2008-02-12
Ubuntu USN-574-1 2008-02-04
Red Hat RHSA-2008:0055-01 2008-01-31
Mandriva MDVSA-2008:008 2008-01-11
Ubuntu USN-558-1 2007-12-19
Debian DSA-1428-2 2007-12-11
Debian DSA-1428-1 2007-12-10
Fedora FEDORA-2007-759 2007-12-07
Fedora FEDORA-2007-3751 2007-12-06
Fedora FEDORA-2007-3837 2007-12-03
SuSE SUSE-SA:2007:063 2007-12-03
rPath rPSA-2007-0245-2 2007-11-21
rPath rPSA-2007-0245-1 2007-11-21

Comments (none posted)

kernel: denial of service

Package(s):kernel CVE #(s):CVE-2007-5501
Created:November 28, 2007 Updated:March 7, 2008
Description: The tcp_sacktag_write_queue function in net/ipv4/tcp_input.c in Linux kernel 2.6.21 through 2.6.23.7, and 2.6.24-rc through 2.6.24-rc2, allows remote attackers to cause a denial of service (crash) via crafted ACK responses that trigger a NULL pointer dereference.
Alerts:
SuSE SUSE-SA:2008:013 2008-03-06
Mandriva MDVSA-2008:044 2008-02-12
Ubuntu USN-574-1 2008-02-04
Ubuntu USN-558-1 2007-12-19
Fedora FEDORA-2007-759 2007-12-07
Fedora FEDORA-2007-3751 2007-12-06
Fedora FEDORA-2007-3837 2007-12-03
SuSE SUSE-SA:2007:063 2007-12-03
rPath rPSA-2007-0245-2 2007-11-21
rPath rPSA-2007-0245-1 2007-11-21

Comments (none posted)

kernel: denial of service

Package(s):kernel CVE #(s):CVE-2006-2935 CVE-2006-4145 CVE-2006-3745
Created:September 1, 2006 Updated:July 30, 2008
Description: Previous versions of the kernel package are subject to several vulnerabilities. Certain malformed UDF filesystems can cause the system to crash (denial of service). Malformed CDROM firmware or USB storage devices (such as USB keys) could cause system crash (denial of service), and if they were intentionally malformed, can cause arbitrary code to run with elevated privileges. In addition, the SCTP protocol is subject to a remote system crash (denial of service) attack.
Alerts:
Red Hat RHSA-2008:0665-01 2008-07-24
SuSE SUSE-SA:2007:053 2007-10-12
SuSE SUSE-SA:2006:064 2006-11-10
Red Hat RHSA-2006:0710-01 2006-10-19
SuSE SUSE-SA:2006:057 2006-09-28
Trustix TSLSA-2006-0051 2006-09-15
Ubuntu USN-346-2 2006-09-14
Ubuntu USN-346-1 2006-09-14
rPath rPSA-2006-0162-1 2006-08-31

Comments (none posted)

kernel: several vulnerabilities

Package(s):kernel CVE #(s):CVE-2007-2172 CVE-2007-3739 CVE-2007-4308
Created:December 3, 2007 Updated:January 8, 2009
Description: A typo in Linux kernel 2.6 before 2.6.21-rc6 and 2.4 before 2.4.35 causes RTA_MAX to be used as an array size instead of RTN_MAX, which leads to an "out of bound access" by the (1) dn_fib_props (dn_fib.c, DECNet) and (2) fib_props (fib_semantics.c, IPv4) functions. (CVE-2007-2172)

mm/mmap.c in the hugetlb kernel, when run on PowerPC systems, does not prevent stack expansion from entering into reserved kernel page memory, which allows local users to cause a denial of service (OOPS) via unspecified vectors. (CVE-2007-3739)

The (1) aac_cfg_open and (2) aac_compat_ioctl functions in the SCSI layer ioctl path in aacraid in the Linux kernel before 2.6.23-rc2 do not check permissions for ioctls, which might allow local users to cause a denial of service or gain privileges. (CVE-2007-4308)

Alerts:
Red Hat RHSA-2008:0787-01 2009-01-05
Red Hat RHSA-2009:0001-01 2009-01-08
SuSE SUSE-SA:2008:017 2008-03-28
Debian DSA-1504 2008-02-22
Debian DSA-1503 2008-02-22
Debian DSA-1503-2 2008-03-06
SuSE SUSE-SA:2008:006 2008-02-07
SuSE SUSE-SA:2007:064 2007-12-04
Red Hat RHSA-2007:1049-01 2007-12-03

Comments (none posted)

kernel: buffer overflows

Package(s):kernel CVE #(s):CVE-2007-5904
Created:December 3, 2007 Updated:June 20, 2008
Description: Multiple buffer overflows in CIFS VFS in Linux kernel 2.6.23 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long SMB responses that trigger the overflows in the SendReceive function.
Alerts:
SuSE SUSE-SA:2008:030 2008-06-20
Ubuntu USN-618-1 2008-06-19
SuSE SUSE-SA:2008:017 2008-03-28
Red Hat RHSA-2008:0167-01 2008-03-14
SuSE SUSE-SA:2008:013 2008-03-06
rPath rPSA-2008-0048-1 2008-02-08
Red Hat RHSA-2008:0089-01 2008-01-23
Debian DSA-1428-2 2007-12-11
SuSE SUSE-SA:2007:064 2007-12-04
SuSE SUSE-SA:2007:063 2007-12-03

Comments (none posted)

kernel: multiple vulnerabilities

Package(s):kernel CVE #(s):CVE-2006-5749 CVE-2006-4814 CVE-2006-6106
Created:January 5, 2007 Updated:January 8, 2009
Description: A security issue has been reported in Linux kernel due to an error in drivers/isdn/i4l/isdn_ppp.c as the "isdn_ppp_ccp_reset_alloc_state()" function never initializes an event timer before scheduling it with the "add_timer()" function.

The mincore function in the kernel does not properly lock access to user space, which has unspecified impact and attack vectors, possibly related to a deadlock.

Another vulnerability has been reported in Linux kernel caused by a boundary error within the handling of incoming CAPI messages in net/bluetooth/cmtp/capi.c. This can be exploited to overwrite certain Kernel data structures.

Alerts:
Red Hat RHSA-2008:0787-01 2009-01-05
Red Hat RHSA-2009:0001-01 2009-01-08
CentOS CESA-2008:0211 2008-05-07
Red Hat RHSA-2008:0211-01 2008-05-07
Debian DSA-1503 2008-02-22
Debian DSA-1503-2 2008-03-06
SuSE SUSE-SA:2007:035 2007-06-14
SuSE SUSE-SA:2007:053 2007-10-12
Ubuntu USN-416-2 2007-03-01
Ubuntu USN-416-1 2007-02-01
rPath rPSA-2007-0031-1 2007-02-09
Mandriva MDKSA-2007:040 2007-02-07
Red Hat RHSA-2007:0014-01 2007-01-30
Mandriva MDKSA-2007:025 2007-01-23
Fedora FEDORA-2007-058 2007-01-18
Mandriva MDKSA-2007:012 2006-01-12
Trustix TSLSA-2007-0002 2007-01-05

Comments (none posted)

kernel: several vulnerabilities

Package(s):kernel CVE #(s):CVE-2007-3851 CVE-2007-3848 CVE-2007-3105
Created:August 17, 2007 Updated:January 8, 2009
Description: The drm/i915 component in the Linux kernel before 2.6.22.2, when used with i965G and later chipsets, allows local users with access to an X11 session and Direct Rendering Manager (DRM) to write to arbitrary memory locations and gain privileges via a crafted batchbuffer. (CVE-2007-3851)

Linux kernel 2.4.35 and other versions allows local users to send arbitrary signals to a child process that is running at higher privileges by causing a setuid-root parent process to die, which delivers an attacker-controlled parent process death signal (PR_SET_PDEATHSIG). (CVE-2007-3848)

Stack-based buffer overflow in the random number generator (RNG) implementation in the Linux kernel before 2.6.22 might allow local root users to cause a denial of service or gain privileges by setting the default wakeup threshold to a value greater than the output pool size, which triggers writing random numbers to the stack by the pool transfer function involving "bound check ordering". NOTE: this issue might only cross privilege boundaries in environments that have granular assignment of privileges for root. (CVE-2007-3105)

Alerts:
Red Hat RHSA-2008:0787-01 2009-01-05
Red Hat RHSA-2009:0001-01 2009-01-08
Mandriva MDVSA-2008:105 2007-05-21
SuSE SUSE-SA:2008:017 2008-03-28
Debian DSA-1504 2008-02-22
Debian DSA-1503-2 2008-03-06
Debian DSA-1503 2008-02-22
SuSE SUSE-SA:2008:006 2008-02-07
Red Hat RHSA-2007:1049-01 2007-12-03
SuSE SUSE-SA:2007:053 2007-10-12
Debian DSA-1356-1 2007-08-15
Mandriva MDKSA-2007:216 2007-11-13
Red Hat RHSA-2007:0939-01 2007-11-01
Red Hat RHSA-2007:0940-01 2007-10-22
Red Hat RHSA-2007:0705-01 2007-09-13
SuSE SUSE-SA:2007:051 2007-09-06
Fedora FEDORA-2007-679 2007-09-04
Ubuntu USN-510-1 2007-08-31
Debian DSA-1363-1 2007-08-31
Ubuntu USN-508-1 2007-08-31
Ubuntu USN-509-1 2007-08-31
Fedora FEDORA-2007-1785 2007-08-23
rPath rPSA-2007-0164-1 2007-08-16

Comments (1 posted)

kernel: denial of service vulnerabilities

Package(s):kernel CVE #(s):CVE-2007-4133 CVE-2007-5093
Created:January 12, 2008 Updated:November 20, 2008
Description: The (1) hugetlb_vmtruncate_list and (2) hugetlb_vmtruncate functions in fs/hugetlbfs/inode.c in the Linux kernel before 2.6.19-rc4 perform certain prio_tree calculations using HPAGE_SIZE instead of PAGE_SIZE units, which allows local users to cause a denial of service (panic) via unspecified vectors.

The disconnect method in the Philips USB Webcam (pwc) driver in Linux kernel 2.6.x before 2.6.22.6 relies on user space to close the device, which allows user-assisted local attackers to cause a denial of service (USB subsystem hang and CPU consumption in khubd) by not closing the device after the disconnect is invoked. NOTE: this rarely crosses privilege boundaries, unless the attacker can convince the victim to unplug the affected device.

Alerts:
CentOS CESA-2008:0972 2008-11-20
Red Hat RHSA-2008:0972-01 2008-11-19
CentOS CESA-2008:0275 2008-05-21
Mandriva MDVSA-2008:105 2007-05-21
Red Hat RHSA-2008:0275-01 2008-05-20
Debian DSA-1504 2008-02-22
Debian DSA-1503-2 2008-03-06
Debian DSA-1503 2008-02-22
Ubuntu USN-578-1 2008-02-14
Ubuntu USN-574-1 2008-02-04
Mandriva MDVSA-2008:008 2008-01-11

Comments (none posted)

kernel: multiple vulnerabilities

Package(s):kernel CVE #(s):CVE-2007-3104 CVE-2007-3740 CVE-2007-3843 CVE-2007-6063
Created:December 4, 2007 Updated:January 8, 2009
Description: The sysfs_readdir function in the Linux kernel 2.6 allows local users to cause a denial of service (kernel OOPS) by dereferencing a null pointer to an inode in a dentry. (CVE-2007-3104)

The CIFS filesystem, when Unix extension support is enabled, did not honor the umask of a process, which allowed local users to gain privileges.(CVE-2007-3740)

The Linux kernel checked the wrong global variable for the CIFS sec mount option, which might allow remote attackers to spoof CIFS network traffic that the client configured for security signatures, as demonstrated by lack of signing despite sec=ntlmv2i in a SetupAndX request. (CVE-2007-3843)

Buffer overflow in the isdn_net_setcfg function in isdn_net.c in the Linux kernel allowed local users to have an unknown impact via a crafted argument to the isdn_ioctl function. (CVE-2007-6063)

Alerts:
Red Hat RHSA-2008:0787-01 2009-01-05
CentOS CESA-2008:0973 2008-12-17
Red Hat RHSA-2008:0973-03 2008-12-16
Red Hat RHSA-2009:0001-01 2009-01-08
Mandriva MDVSA-2008:112 2007-06-12
Mandriva MDVSA-2008:105 2007-05-21
Debian DSA-1504 2008-02-22
Red Hat RHSA-2008:0154-01 2008-03-05
Debian DSA-1503-2 2008-03-06
Debian DSA-1503 2008-02-22
Ubuntu USN-578-1 2008-02-14
SuSE SUSE-SA:2008:006 2008-02-07
Ubuntu USN-574-1 2008-02-04
Red Hat RHSA-2008:0055-01 2008-01-31
Red Hat RHSA-2008:0089-01 2008-01-23
Mandriva MDVSA-2008:008 2008-01-11
Debian DSA-1436-1 2007-12-20
Debian DSA-1428-2 2007-12-11
Debian DSA-1428-1 2007-12-10
SuSE SUSE-SA:2007:064 2007-12-04

Comments (none posted)

kernel: denial of service

Package(s):kernel CVE #(s):CVE-2007-5966
Created:December 19, 2007 Updated:February 3, 2010
Description: A bug in high-resolution timers (prior to kernel 2.6.22.15) can cause very long sleeps when large timeout values are used.
Alerts:
Red Hat RHSA-2010:0079-01 2010-02-02
CentOS CESA-2009:1193 2009-08-05
Red Hat RHSA-2009:1193-01 2009-08-04
Red Hat RHSA-2008:0585-01 2008-08-26
Mandriva MDVSA-2008:112 2007-06-12
SuSE SUSE-SA:2008:006 2008-02-07
Ubuntu USN-574-1 2008-02-04
Debian DSA-1436-1 2007-12-20
rPath rPSA-2007-0269-1 2007-12-18

Comments (none posted)

krb5: multiple vulnerabilities

Package(s):krb5 CVE #(s):CVE-2007-2442 CVE-2007-2443 CVE-2007-2798
Created:June 27, 2007 Updated:March 24, 2008
Description: David Coffey discovered an uninitialized pointer free flaw in the RPC library used by kadmind. A remote unauthenticated attacker who could access kadmind could trigger the flaw causing kadmind to crash or possibly execute arbitrary code (CVE-2007-2442).

David Coffey also discovered an overflow flaw in the same RPC library. A remote unauthenticated attacker who could access kadmind could trigger the flaw causing kadmind to crash or possibly execute arbitrary code (CVE-2007-2443).

Finally, a stack buffer overflow vulnerability was found in kadmind that allowed an unauthenticated user able to access kadmind the ability to trigger the vulnerability and possibly execute arbitrary code (CVE-2007-2798).

Alerts:
Gentoo 200707-11 2007-07-25
SuSE SUSE-SA:2007:038 2007-07-03
Trustix TSLSA-2007-0021 2007-06-29
Fedora FEDORA-2007-0740 2007-06-27
Debian DSA-1323-1 2007-06-28
rPath rPSA-2007-0135-1 2007-06-27
Foresight FLEA-2007-0029-1 2007-06-27
Fedora FEDORA-2007-621 2007-06-28
Fedora FEDORA-2007-620 2007-06-28
Ubuntu USN-477-1 2007-06-26
Red Hat RHSA-2007:0562-01 2007-06-26
Red Hat RHSA-2007:0384-01 2007-06-26
Mandriva MDKSA-2007:137 2007-06-26

Comments (none posted)

krb5: uninitialized pointers

Package(s):krb5 CVE #(s):CVE-2006-6143 CVE-2006-3084
Created:January 10, 2007 Updated:July 7, 2010
Description: The kdamind daemon can, in some situations, perform operations on uninitialized pointers. This bug could conceivably open up the system to a code execution attack by an unauthenticated remote attacker, but it appears to be difficult to exploit. See this advisory for details.
Alerts:
Mandriva MDVSA-2010:129 2010-07-07
Gentoo 200701-21 2007-01-24
Ubuntu USN-408-1 2007-01-15
rPath rPSA-2007-0006-1 2007-01-11
Mandriva MDKSA-2007:008 2006-01-10
SuSE SUSE-SA:2007:004 2007-01-10
OpenPKG OpenPKG-SA-2007.006 2007-01-10
Fedora FEDORA-2007-033 2007-01-09
Fedora FEDORA-2007-034 2007-01-09

Comments (1 posted)

krb5: local privilege escalation

Package(s):krb5 CVE #(s):CVE-2006-3083
Created:August 9, 2006 Updated:July 7, 2010
Description: Some kerberos applications fail to check the results of setuid() calls, with the result that, if that call fails, they could continue to execute as root after thinking they had switched to a nonprivileged user. A local attacker who can cause these calls to fail (through resource exhaustion, presumably) could exploit this bug to gain root privileges.
Alerts:
Mandriva MDVSA-2010:129 2010-07-07
SuSE SUSE-SR:2006:022 2006-09-08
Gentoo 200608-21 2006-08-23
Ubuntu USN-334-1 2006-08-16
Fedora FEDORA-2006-905 2006-08-09
Mandriva MDKSA-2006:139 2006-09-09
Gentoo 200608-15 2006-08-10
rPath rPSA-2006-0150-1 2006-08-09
Red Hat RHSA-2006:0612-01 2006-08-08
Debian DSA-1146-1 2006-08-09

Comments (none posted)

krb5: buffer overflow, uninitialized pointer

Package(s):krb5 CVE #(s):CVE-2007-3999 CVE-2007-4000
Created:September 4, 2007 Updated:March 24, 2008
Description: Tenable Network Security discovered a stack buffer overflow flaw in the RPC library used by kadmind. A remote unauthenticated attacker who can access kadmind could trigger this flaw and cause kadmind to crash.

Garrett Wollman discovered an uninitialized pointer flaw in kadmind. A remote unauthenticated attacker who can access kadmind could trigger this flaw and cause kadmind to crash.

Alerts:
Fedora FEDORA-2008-1017 2008-03-06
SuSE SUSE-SR:2007:024 2007-11-22
Debian DSA-1387 2007-10-15
Gentoo 200710-01 2007-10-04
Red Hat RHSA-2007:0951-01 2007-10-02
Red Hat RHSA-2007:0913-01 2007-09-19
Trustix TSLSA-2007-0026 2007-09-17
Mandriva MDKSA-2007:181 2007-09-12
Gentoo 200709-01 2007-09-11
Ubuntu USN-511-2 2007-09-07
Mandriva MDKSA-2007:174-1 2007-09-07
Fedora FEDORA-2007-694 2007-09-07
Fedora FEDORA-2007-2066 2007-09-07
Debian DSA-1367-2 2007-09-06
Foresight FLEA-2007-0050-1 2007-09-06
Mandriva MDKSA-2007:174 2007-09-06
Red Hat RHSA-2007:0892-01 2007-09-07
rPath rPSA-2007-0179-1 2007-09-06
Ubuntu USN-511-1 2007-09-04
Fedora FEDORA-2007-2017 2007-09-04
Fedora FEDORA-2007-690 2007-09-04
Debian DSA-1368-1 2007-09-04
Debian DSA-1367-1 2007-09-04
Red Hat RHSA-2007:0858-01 2007-09-04

Comments (none posted)

krb5: multiple vulnerabilities

Package(s):krb5 CVE #(s):CVE-2007-0956 CVE-2007-0957 CVE-2007-1216
Created:April 3, 2007 Updated:March 24, 2008
Description: A flaw was found in the username handling of the MIT krb5 telnet daemon (telnetd). A remote attacker who can access the telnet port of a target machine could log in as root without requiring a password. MIT krb5 Security Advisory 2007-001

Buffer overflows were found which affect the Kerberos KDC and the kadmin server daemon. A remote attacker who can access the KDC could exploit this bug to run arbitrary code with the privileges of the KDC or kadmin server processes. MIT krb5 Security Advisory 2007-002

A double-free flaw was found in the GSSAPI library used by the kadmin server daemon. MIT krb5 Security Advisory 2007-003

Alerts:
Mandriva MDKSA-2007:077-1 2007-04-10
Foresight FLEA-2007-0008-1 2007-04-05
SuSE SUSE-SA:2007:025 2007-04-05
Mandriva MDKSA-2007:077 2006-04-04
rPath rPSA-2007-0063-1 2007-04-04
Ubuntu USN-449-1 2007-04-04
Gentoo 200704-02 2007-04-03
Fedora FEDORA-2007-409 2007-04-03
Fedora FEDORA-2007-408 2007-04-03
Debian DSA-1276-1 2007-04-03
Red Hat RHSA-2007:0095-01 2007-04-03

Comments (none posted)

kvirc: remote arbitrary code execution

Package(s):kvirc CVE #(s):CVE-2007-2951
Created:September 14, 2007 Updated:February 27, 2008
Description: Stefan Cornelius from Secunia Research discovered that the "parseIrcUrl()" function in file src/kvirc/kernel/kvi_ircurl.cpp does not properly sanitize parts of the URI when building the command for KVIrc's internal script system.
Alerts:
SuSE SUSE-SR:2007:015 2007-08-03
Gentoo 200709-02 2007-09-13

Comments (none posted)

lcms: stack-based buffer overflow

Package(s):lcms CVE #(s):CVE-2007-2741
Created:November 23, 2007 Updated:October 14, 2008
Description: Stack-based buffer overflow in Little CMS (lmcs) before 1.15 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ICC profile in a JPG file.
Alerts:
Ubuntu USN-652-1 2008-10-14
Mandriva MDKSA-2007:238 2007-12-06
SuSE SUSE-SR:2007:024 2007-11-22

Comments (none posted)

lftp: shell command execution

Package(s):lftp CVE #(s):CVE-2007-2348
Created:May 4, 2007 Updated:September 16, 2009
Description: mirror --script in lftp before 3.5.9 does not properly quote shell metacharacters, which might allow remote user-assisted attackers to execute shell commands via a malicious script. NOTE: it is not clear whether this issue crosses security boundaries, since the script already supports commands such as "get" which could overwrite executable files.
Alerts:
CentOS CESA-2009:1278 2009-09-15
Red Hat RHSA-2009:1278-02 2009-09-02
rPath rPSA-2007-0085-1 2007-05-03

Comments (none posted)

libarchive: pax extension header vulnerabilities

Package(s):libarchive CVE #(s):CVE-2007-3641 CVE-2007-3644 CVE-2007-3645
Created:August 9, 2007 Updated:February 27, 2008
Description: libarchive, a library for manipulating different streaming archive formats, has a number of pax extension header vulnerabilities. These may be used to cause a denial of service or for the execution of arbitrary code.
Alerts:
SuSE SUSE-SR:2007:015 2007-08-03
Debian DSA-1455-1 2008-01-08
Gentoo 200708-03 2007-08-08

Comments (none posted)

libcdio: arbitrary code execution

Package(s):libcdio CVE #(s):CVE-2007-6613
Created:January 21, 2008 Updated:March 7, 2008
Description:

From the Gentoo advisory:

Devon Miller reported a boundary error in the "print_iso9660_recurse()" function in files cd-info.c and iso-info.c when processing long filenames within Joliet images.

A remote attacker could entice a user to open a specially crafted ISO image in the cd-info and iso-info applications, resulting in the execution of arbitrary code with the privileges of the user running the application. Applications linking against shared libraries of libcdio are not affected.

Alerts:
Ubuntu USN-580-1 2008-02-20
SuSE SUSE-SR:2008:005 2008-03-06
Mandriva MDVSA-2008:037 2007-02-07
Gentoo 200801-08 2008-01-20

Comments (1 posted)

libexif: integer overflow

Package(s):libexif CVE #(s):CVE-2007-2645
Created:June 1, 2007 Updated:February 11, 2008
Description: Integer overflow in the exif_data_load_data_entry function in exif-data.c in libexif before 0.6.14 allows user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted EXIF data, involving the (1) doff or (2) s variable.
Alerts:
Debian DSA-1487-1 2008-02-08
Slackware SSA:2007-164-01 2007-06-14
Fedora FEDORA-2007-0414 2007-06-13
Fedora FEDORA-2007-548 2007-06-11
Ubuntu USN-471-1 2007-06-11
Mandriva MDKSA-2007:118 2007-06-08
Gentoo 200706-01 2007-06-05
rPath rPSA-2007-0115-1 2007-06-04
Foresight FLEA-2007-0024-1 2007-06-04
Fedora FEDORA-2007-0001 2007-06-01

Comments (none posted)

libexif: integer overflow

Package(s):libexif CVE #(s):CVE-2007-6352
Created:December 19, 2007 Updated:October 15, 2008
Description: From the Red Hat advisory: An integer overflow flaw was found in the way libexif parses Exif image tags. If a victim opens a carefully crafted Exif image file, it could cause the application linked against libexif to execute arbitrary code, or crash.
Alerts:
Ubuntu USN-654-1 2008-10-14
Debian DSA-1487-1 2008-02-08
SuSE SUSE-SR:2008:002 2008-01-25
Mandriva MDVSA-2008:005 2007-01-09
rPath rPSA-2008-0006-1 2008-01-04
Fedora FEDORA-2007-4667 2007-12-20
Gentoo 200712-15 2007-12-29
Fedora FEDORA-2007-4608 2007-12-20
Red Hat RHSA-2007:1165-01 2007-12-19
Red Hat RHSA-2007:1166-01 2007-12-19

Comments (none posted)

libexif: denial of service

Package(s):libexif CVE #(s):CVE-2007-6351
Created:December 19, 2007 Updated:October 15, 2008
Description: From the Red Hat advisory: An infinite recursion flaw was found in the way libexif parses Exif image tags. If a victim opens a carefully crafted Exif image file, it could cause the application linked against libexif to crash.
Alerts:
Ubuntu USN-654-1 2008-10-14
Debian DSA-1487-1 2008-02-08
SuSE SUSE-SR:2008:002 2008-01-25
Mandriva MDVSA-2008:005 2007-01-09
rPath rPSA-2008-0006-1 2008-01-04
Gentoo 200712-15 2007-12-29
Fedora FEDORA-2007-4667 2007-12-20
Red Hat RHSA-2007:1165-01 2007-12-19
Fedora FEDORA-2007-4608 2007-12-20

Comments (none posted)

libgd2: buffer overflow

Package(s):libgd2 CVE #(s):CVE-2007-3996
Created:December 19, 2007 Updated:October 13, 2009
Description: The GD library does not perform proper bounds checking when creating images; as a result, an attacker could, via crafted input, potentially execute arbitrary code.
Alerts:
Mandriva MDVSA-2009:264 2009-10-09
Ubuntu USN-720-1 2009-02-12
Debian DSA-1613-1 2008-07-22
SuSE SUSE-SA:2008:004 2008-01-29
Red Hat RHSA-2007:0891-01 2007-10-25
Red Hat RHSA-2007:0917-01 2007-10-23
Ubuntu USN-557-1 2007-12-18

Comments (none posted)

libmodplug: boundary errors

Package(s):libmodplug CVE #(s):CVE-2006-4192
Created:December 11, 2006 Updated:May 4, 2011
Description: Luigi Auriemma has reported various boundary errors in load_it.cpp and a boundary error in the "CSoundFile::ReadSample()" function in sndfile.cpp. A remote attacker can entice a user to read crafted modules or ITP files, which may trigger a buffer overflow resulting in the execution of arbitrary code with the privileges of the user running the application.
Alerts:
CentOS CESA-2011:0477 2011-05-04
Red Hat RHSA-2011:0477-01 2011-05-02
Ubuntu USN-521-1 2007-09-27
Mandriva MDKSA-2007:001 2007-01-02
Gentoo 200612-04 2006-12-10

Comments (none posted)

libphp-phpmailer: command execution

Package(s):libphp-phpmailer CVE #(s):CVE-2007-3215
Created:June 20, 2007 Updated:June 25, 2009
Description: libphp-phpmailer does not do sufficient input validation, enabling shell command injection attacks.
Alerts:
Ubuntu USN-791-1 2009-06-24
Debian DSA-1315-1 2007-06-19

Comments (none posted)

libpng: several vulnerabilities

Package(s):libpng CVE #(s):CVE-2007-5266 CVE-2007-5267 CVE-2007-5268 CVE-2007-5269
Created:October 19, 2007 Updated:March 23, 2009
Description: Certain chunk handlers in libpng before 1.0.29 and 1.2.x before 1.2.21 allow remote attackers to cause a denial of service (crash) via crafted (1) pCAL (png_handle_pCAL), (2) sCAL (png_handle_sCAL), (3) tEXt (png_push_read_tEXt), (4) iTXt (png_handle_iTXt), and (5) ztXT (png_handle_ztXt) chunking in PNG images, which trigger out-of-bounds read operations. (CVE-2007-5269)

pngrtran.c in libpng before 1.0.29 and 1.2.x before 1.2.21 use (1) logical instead of bitwise operations and (2) incorrect comparisons, which might allow remote attackers to cause a denial of service (crash) via a crafted PNG image. (CVE-2007-5268)

Off-by-one error in ICC profile chunk handling in the png_set_iCCP function in pngset.c in libpng before 1.2.22 beta1 allows remote attackers to cause a denial of service (crash) via a crafted PNG image, due to an incorrect fix for CVE-2007-5266. (CVE-2007-5267)

Off-by-one error in ICC profile chunk handling in the png_set_iCCP function in pngset.c in libpng before 1.0.29 beta1 and 1.2.x before 1.2.21 beta1 allows remote attackers to cause a denial of service (crash) via a crafted PNG image that prevents a name field from being NULL terminated. (CVE-2007-5266)

Alerts:
Debian DSA-1750-1 2009-03-22
Ubuntu USN-730-1 2009-03-06
Fedora FEDORA-2008-3979 2008-05-28
SuSE SUSE-SR:2007:025 2007-12-05
Slackware SSA:2007-325-01 2007-11-21
Slackware SSA:2007-325-01a 2007-11-22
Mandriva MDKSA-2007:217 2007-11-13
Foresight FLEA-2007-0065-1 2007-11-11
Gentoo 200711-08 2007-11-07
Fedora FEDORA-2007-734 2007-11-05
Ubuntu USN-538-1 2007-10-25
Red Hat RHSA-2007:0992-01 2007-10-23
Fedora FEDORA-2007-2521 2007-10-24
Fedora FEDORA-2007-2666 2007-10-24
rPath rPSA-2007-0219-1 2007-10-18
Oracle ELSA-2012-0317 2012-02-21
Gentoo 201209-25 2012-09-29

Comments (none posted)

libpng: denial of service

Package(s):libpng CVE #(s):CVE-2007-2445
Created:May 17, 2007 Updated:March 23, 2009
Description: Libpng can be crashed when processing malformed PNG files. It may also be possible to exploit this vulnerability to execute arbitrary code.
Alerts:
Debian DSA-1750-1 2009-03-22
Debian DSA-1613-1 2008-07-22
Fedora FEDORA-2008-3979 2008-05-28
Ubuntu USN-472-1 2007-06-11
Mandriva MDKSA-2007:116 2007-06-05
Gentoo 200705-24 2007-05-31
Fedora FEDORA-2007-0001 2007-06-01
Fedora FEDORA-2007-529 2007-05-24
Fedora FEDORA-2007-528 2007-05-24
Red Hat RHSA-2007:0356-01 2007-05-17
OpenPKG OpenPKG-SA-2007.013 2007-05-18
Foresight FLEA-2007-0018-1 2007-05-17
Slackware SSA:2007-136-01 2007-05-17
rPath rPSA-2007-0102-1 2007-05-16
Oracle ELSA-2012-0317 2012-02-21

Comments (none posted)

libpng: buffer overflow

Package(s):libpng CVE #(s):CVE-2006-3334
Created:July 19, 2006 Updated:December 15, 2008
Description: In pngrutil.c, the function png_decompress_chunk() allocates insufficient space for an error message, potentially overwriting stack data, leading to a buffer overflow.
Alerts:
Gentoo 200812-15 2008-12-14
Mandriva MDKSA-2006:213 2006-11-16
rPath rPSA-2006-0133-1 2006-07-19
Gentoo 200607-06 2006-07-19

Comments (none posted)

libpng: heap based buffer overflow

Package(s):libpng CVE #(s):CVE-2006-0481
Created:February 13, 2006 Updated:December 15, 2008
Description: A heap based buffer overflow bug was found in the way libpng strips alpha channels from a PNG image. An attacker could create a carefully crafted PNG image file in such a way that it could cause an application linked with libpng to crash or execute arbitrary code when the file is opened by a victim.
Alerts:
Gentoo 200812-15 2008-12-14
Red Hat RHSA-2006:0205-01 2006-02-13

Comments (1 posted)

libtiff: buffer overflow

Package(s):libtiff CVE #(s):CVE-2006-2193
Created:June 15, 2006 Updated:September 1, 2008
Description: The t2p_write_pdf_string function in libtiff 3.8.2 and earlier is vulnerable to a buffer overflow. Attackers can use a TIFF file with UTF-8 characters in the DocumentName tag to overflow a buffer, causing a denial of service, and possibly the execution of arbitrary code.
Alerts:
CentOS CESA-2008:0848 2008-08-30
Red Hat RHSA-2008:0848-01 2008-08-28
Fedora FEDORA-2006-952 2006-09-05
SuSE SUSE-SA:2006:044 2006-08-01
Gentoo 200607-03 2006-07-09
SuSE SUSE-SR:2006:014 2006-06-20
Trustix TSLSA-2006-0036 2006-06-16
Mandriva MDKSA-2006:102 2006-06-14

Comments (none posted)

libxml2: denial of service

Package(s):libxml2 CVE #(s):CVE-2007-6284
Created:January 11, 2008 Updated:January 31, 2008
Description: A denial of service flaw was found in the way libxml2 processes certain content. If an application linked against libxml2 processes malformed XML content, it could cause the application to stop responding.
Alerts:
Gentoo 200801-20 2008-01-30
SuSE SUSE-SR:2008:002 2008-01-25
rPath rPSA-2008-0017-1 2008-01-15
Ubuntu USN-569-1 2008-01-14
Debian DSA-1461-1 2008-01-13
Mandriva MDVSA-2008:010 2007-01-11
Fedora FEDORA-2008-0477 2008-01-11
Fedora FEDORA-2008-0462 2008-01-11
Red Hat RHSA-2008:0032-01 2008-01-11

Comments (none posted)

libxml2 - arbitrary code execution

Package(s):libxml2 CVE #(s):CAN-2004-0110
Created:February 26, 2004 Updated:August 19, 2009
Description: Yuuichi Teranishi discovered a flaw in libxml2 versions prior to 2.6.6. When fetching a remote resource via FTP or HTTP, libxml2 uses special parsing routines. These routines can overflow a buffer if passed a very long URL. If an attacker is able to find an application using libxml2 that parses remote resources and allows them to influence the URL, then this flaw could be used to execute arbitrary code.
Alerts:
Fedora FEDORA-2009-8594 2009-08-15
Fedora FEDORA-2009-8582 2009-08-15
Fedora-Legacy FLSA:1324 2004-07-19
Conectiva CLA-2004:836 2004-03-31
Gentoo 200403-01 2004-03-06
Trustix TSLSA-2004-0010 2004-03-05
OpenPKG OpenPKG-SA-2004.003 2004-03-05
Netwosix NW-2004-0004 2004-03-04
Debian DSA-455-1 2004-03-03
Mandrake MDKSA-2004:018 2004-03-03
Red Hat RHSA-2004:091-02 2004-03-03
Whitebox WBSA-2004:090-01 2004-03-01
Red Hat RHSA-2004:090-01 2004-02-26
Fedora FEDORA-2004-087 2004-02-25
Red Hat RHSA-2004:091-01 2004-02-26

Comments (none posted)

libxml2: multiple buffer overflows

Package(s):libxml2 CVE #(s):CAN-2004-0989
Created:October 28, 2004 Updated:August 19, 2009
Description: libxml2 prior to version 2.6.14 has multiple buffer overflow vulnerabilities, if a local user passes a specially crafted FTP URL, arbitrary code may be executed.
Alerts:
Fedora FEDORA-2009-8594 2009-08-15
Fedora FEDORA-2009-8582 2009-08-15
Ubuntu USN-89-1 2005-02-28
Red Hat RHSA-2004:650-01 2004-12-16
Conectiva CLA-2004:890 2004-11-18
Red Hat RHSA-2004:615-01 2004-11-12
Mandrake MDKSA-2004:127 2004-11-04
Debian DSA-582-1 2004-11-02
Gentoo 200411-05 2004-11-02
Trustix TSLSA-2004-0055 2004-10-29
OpenPKG OpenPKG-SA-2004.050 2004-10-31
Ubuntu USN-10-1 2004-10-28
Fedora FEDORA-2004-353 2004-10-28

Comments (none posted)

liferea: weak permissions

Package(s):liferea CVE #(s):CVE-2007-5751
Created:November 2, 2007 Updated:December 22, 2008
Description: Liferea before 1.4.6 uses weak permissions (0644) for the feedlist.opml backup file, which allows local users to obtain credentials.
Alerts:
Fedora FEDORA-2008-11551 2008-12-21
Fedora FEDORA-2008-3249 2008-04-22
Fedora FEDORA-2008-3283 2008-04-22
Fedora FEDORA-2008-2682 2008-03-26
Fedora FEDORA-2008-2662 2008-03-26
Fedora FEDORA-2008-1535 2008-02-13
Fedora FEDORA-2008-1435 2008-02-13
Fedora FEDORA-2007-3701 2007-11-29
Fedora FEDORA-2007-3733 2007-11-29
Fedora FEDORA-2007-2853 2007-11-06
Fedora FEDORA-2007-2725 2007-11-01

Comments (1 posted)

lighttpd: denial of service

Package(s):lighttpd CVE #(s):CVE-2007-3946 CVE-2007-3947 CVE-2007-3948 CVE-2007-3949 CVE-2007-3950
Created:July 19, 2007 Updated:July 15, 2008
Description: The lighttpd web server has multiple vulnerabilities involving a remote access-control setting circumvention that is performed by the sending of malformed requests. This can be used to crash the server and cause a denial of service.
Alerts:
Debian DSA-1609-1 2008-07-15
SuSE SUSE-SR:2007:015 2007-08-03
Debian DSA-1362 2007-08-29
Gentoo 200708-11 2007-08-16
Fedora FEDORA-2007-1299 2007-07-26
Foresight FLEA-2007-0034-1 2007-07-26
rPath rPSA-2007-0145-1 2007-07-19

Comments (none posted)

kernel: information leak, denial of service

Package(s):linux-2.6 CVE #(s):CVE-2007-6206 CVE-2007-6417
Created:December 21, 2007 Updated:September 1, 2010
Description: Blake Frantz discovered that when a core file owned by a non-root user exists, and a root-owned process dumps core over it, the core file retains its original ownership. This could be used by a local user to gain access to sensitive information. (CVE-2007-6206)

Hugh Dickins discovered an issue in the tmpfs filesystem where, under a rare circumstance, a kernel page maybe improperly cleared, leaking sensitive kernel memory to userspace or resulting in a DoS (crash). (CVE-2007-6417)

Alerts:
SUSE SUSE-SA:2010:036 2010-09-01
Red Hat RHSA-2008:0787-01 2009-01-05
Red Hat RHSA-2009:0001-01 2009-01-08
CentOS CESA-2008:0885 2008-09-25
Red Hat RHSA-2008:0885-01 2008-09-24
SuSE SUSE-SA:2008:032 2008-07-07
SuSE SUSE-SA:2008:030 2008-06-20
Mandriva MDVSA-2008:112 2007-06-12
CentOS CESA-2008:0211 2008-05-07
Red Hat RHSA-2008:0211-01 2008-05-07
Mandriva MDVSA-2008:086 2008-04-15
Debian DSA-1503-2 2008-03-06
Debian DSA-1504 2008-02-22
Debian DSA-1503 2008-02-22
Ubuntu USN-578-1 2008-02-14
SuSE SUSE-SA:2008:007 2008-02-12
Mandriva MDVSA-2008:044 2008-02-12
rPath rPSA-2008-0048-1 2008-02-08
SuSE SUSE-SA:2008:006 2008-02-07
Ubuntu USN-574-1 2008-02-04
Red Hat RHSA-2008:0055-01 2008-01-31
Red Hat RHSA-2008:0089-01 2008-01-23
Debian DSA-1436-1 2007-12-20

Comments (none posted)

vmware-player-kernel: several vulnerabilities

Package(s):linux-restricted-modules-2.6.17/20, vmware-player-kernel-2.6.15 CVE #(s):CVE-2007-0061 CVE-2007-0062 CVE-2007-0063 CVE-2007-4496 CVE-2007-4497
Created:November 16, 2007 Updated:March 13, 2009
Description: Neel Mehta and Ryan Smith discovered that the VMWare Player DHCP server did not correctly handle certain packet structures. Remote attackers could send specially crafted packets and gain root privileges. (CVE-2007-0061, CVE-2007-0062, CVE-2007-0063)

Rafal Wojtczvk discovered multiple memory corruption issues in VMWare Player. Attackers with administrative privileges in a guest operating system could cause a denial of service or possibly execute arbitrary code on the host operating system. (CVE-2007-4496, CVE-2007-4497)

Alerts:
rPath rPSA-2009-0041-1 2009-03-12
SuSE SUSE-SR:2009:005 2009-03-02
Gentoo 200808-05 2008-08-06
Gentoo 200711-23 2007-11-18
Ubuntu USN-543-1 2007-11-15

Comments (none posted)

lynx: arbitrary command execution

Package(s):lynx CVE #(s):CVE-2005-2929
Created:November 14, 2005 Updated:September 14, 2009
Description: An arbitrary command execute bug was found in the lynx "lynxcgi:" URI handler. An attacker could create a web page redirecting to a malicious URL which could execute arbitrary code as the user running lynx.
Alerts:
Gentoo 200909-15 2009-09-12
Fedora-Legacy FLSA:152832 2005-12-17
OpenPKG OpenPKG-SA-2005.026 2005-12-03
Fedora FEDORA-2005-1079 2005-11-14
Fedora FEDORA-2005-1078 2005-11-14
Gentoo 200511-09 2005-11-13
Mandriva MDKSA-2005:211 2005-11-12
Red Hat RHSA-2005:839-01 2005-11-11

Comments (none posted)

mantis: information disclosure

Package(s):mantis CVE #(s):CVE-2006-6574
Created:January 21, 2008 Updated:January 23, 2008
Description:

From the NVD entry:

Mantis before 1.1.0a2 does not implement per-item access control for Issue History (Bug History), which allows remote attackers to obtain sensitive information by reading the Change column, as demonstrated by the Change column of a custom field.

Alerts:
Debian DSA-1467-1 2008-01-19

Comments (none posted)

mantis: cross-site scripting

Package(s):mantis CVE #(s):CVE-2007-6611
Created:January 7, 2008 Updated:March 4, 2008
Description:

From the CVE entry:

Cross-site scripting (XSS) vulnerability in view.php in Mantis before 1.1.0 allows remote attackers to inject arbitrary web script or HTML via a filename.

Alerts:
Gentoo 200803-04 2008-03-03
Debian DSA-1467-1 2008-01-19
Fedora FEDORA-2008-0353 2008-01-07
Fedora FEDORA-2008-0282 2008-01-07

Comments (none posted)

mantis: cross-site scripting

Package(s):mantis CVE #(s):
Created:January 23, 2008 Updated:January 23, 2008
Description: The Mantis 1.1.1 release contains a security fix for this bug.
Alerts:
Fedora FEDORA-2008-0856 2008-01-22
Fedora FEDORA-2008-0796 2008-01-22

Comments (none posted)

mapserver: multiple cross-site scripting vulnerabilities

Package(s):mapserver CVE #(s):CVE-2007-4542 CVE-2007-4629
Created:September 5, 2007 Updated:April 7, 2008
Description:

CVE-2007-4542: Multiple cross-site scripting (XSS) vulnerabilities in MapServer before 4.10.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving the (1) processLine function in maptemplate.c and the (2) writeError function in mapserv.c in the mapserv CGI program.

CVE-2007-4629: Buffer overflow in the processLine function in maptemplate.c in MapServer before 4.10.3 allows attackers to cause a denial of service and possibly execute arbitrary code via a mapfile with a long layer name, group name, or metadata entry name.

Alerts:
Debian DSA-1539-1 2008-04-04
Fedora FEDORA-2007-2018 2007-09-04

Comments (none posted)

maradns: denial of service

Package(s):maradns CVE #(s):CVE-2008-0061
Created:January 4, 2008 Updated:January 30, 2008
Description: MaraDNS 1.0 before 1.0.41, 1.2 before 1.2.12.08, and 1.3 before 1.3.07.04 allows remote attackers to cause a denial of service via a crafted DNS packet that prevents an authoritative name (CNAME) record from resolving, aka "improper rotation of resource records."
Alerts:
Gentoo 200801-16 2008-01-29
Debian DSA-1445-1 2008-01-03

Comments (none posted)

mod_jk: proxy bypass

Package(s):mod_jk CVE #(s):CVE-2007-1860
Created:May 30, 2007 Updated:March 7, 2008
Description: From the Red Hat advisory: "Versions of mod_jk before 1.2.23 decoded request URLs by default inside Apache httpd and forwarded the encoded URL to Tomcat, which itself did a second decoding. If Tomcat was used behind mod_jk and configured to only proxy some contexts, an attacker could construct a carefully crafted HTTP request to work around the context restriction and potentially access non-proxied content."
Alerts:
SuSE SUSE-SR:2008:005 2008-03-06
Gentoo 200708-15 2007-08-19
Debian DSA-1312-1 2007-06-18
Red Hat RHSA-2007:0380-01 2007-05-30
Red Hat RHSA-2007:0379-01 2007-05-30

Comments (none posted)

moin: arbitrary JavaScript execution

Package(s):moin CVE #(s):CVE-2007-2423
Created:May 8, 2007 Updated:March 10, 2008
Description: A flaw was discovered in MoinMoin's error reporting when using the AttachFile action. By tricking a user into viewing a crafted MoinMoin URL, an attacker could execute arbitrary JavaScript as the current MoinMoin user, possibly exposing the user's authentication information for the domain where MoinMoin was hosted.
Alerts:
Debian DSA-1514-1 2008-03-09
Ubuntu USN-458-1 2007-05-07

Comments (none posted)

mono: arbitrary code execution via integer overflow

Package(s):mono CVE #(s):CVE-2007-5197
Created:November 6, 2007 Updated:December 7, 2009
Description:

From the Debian advisory: An integer overflow in the BigInteger data type implementation has been discovered in the free .NET runtime Mono.

Alerts:
Mandriva MDVSA-2009:322 2009-12-07
Fedora FEDORA-2007-745 2007-11-15
Ubuntu USN-553-1 2007-12-04
Mandriva MDKSA-2007:218 2007-11-14
Fedora FEDORA-2007-3130 2007-11-09
Gentoo 200711-10 2007-11-07
Fedora FEDORA-2007-2969 2007-11-08
Debian DSA-1397-1 2007-11-03

Comments (none posted)

moodle: cross-site scripting

Package(s):moodle CVE #(s):CVE-2008-0123
Created:January 16, 2008 Updated:November 12, 2008
Description: Moodle suffers from a cross-site scripting vulnerability which is only open during the install process.
Alerts:
Fedora FEDORA-2008-9502 2008-11-08
SuSE SUSE-SR:2008:003 2008-02-07
Fedora FEDORA-2008-0627 2008-01-15

Comments (none posted)

moodle: cross-site scripting

Package(s):moodle CVE #(s):CVE-2007-3555
Created:August 7, 2007 Updated:December 22, 2008
Description: A cross-site scripting (XSS) vulnerability in index.php in Moodle 1.7.1 allows remote attackers to inject arbitrary web script or HTML via a style expression in the search parameter.
Alerts:
Debian DSA-1691-1 2008-12-22
Fedora FEDORA-2008-0610 2008-01-15
Fedora FEDORA-2007-1445 2007-08-06

Comments (none posted)

mplayer: buffer overflow

Package(s):mplayer CVE #(s):CVE-2007-1246
Created:March 8, 2007 Updated:April 1, 2008
Description: MPlayer versions up to 1.0rc1 have a buffer overflow in the loader/dmo/DMO_VideoDecoder.c DMO_VideoDecoder_Open function. user-assisted remote attackers can use this to create a buffer overflow and possibly execute arbitrary code.
Alerts:
Debian DSA-1536-1 2008-03-31
Gentoo 200705-21 2007-05-30
Foresight FLEA-2007-0013-1 2007-04-23
Slackware SSA:2007-109-02 2007-04-20
Gentoo 200704-09 2007-04-14
Ubuntu USN-433-1 2007-03-09
Mandriva MDKSA-2007:057 2007-03-08
Mandriva MDKSA-2007:055 2007-03-08

Comments (none posted)

mt-daapd: multiple vulnerabilities

Package(s):mt-daapd CVE #(s):CVE-2007-5825 CVE-2007-5824
Created:December 31, 2007 Updated:September 1, 2008
Description: From the Gentoo advisory: nnp discovered multiple vulnerabilities in the XML-RPC handler in the file webserver.c. The ws_addarg() function contains a format string vulnerability, as it does not properly sanitize username and password data from the "Authorization: Basic" HTTP header line (CVE-2007-5825). The ws_decodepassword() and ws_getheaders() functions do not correctly handle empty Authorization header lines, or header lines without a ':' character, leading to NULL pointer dereferences (CVE-2007-5824).
Alerts:
Debian DSA-1597-2 2008-08-30
Debian DSA-1597-1 2008-06-12
Gentoo 200712-18 2007-12-29

Comments (none posted)

MySQL: denial of service

Package(s):mysql CVE #(s):CVE-2007-5925
Created:November 19, 2007 Updated:February 8, 2008
Description:

From the CVE entry:

The convert_search_mode_to_innobase function in ha_innodb.cc in the InnoDB engine in MySQL 5.1.23-BK and earlier allows remote authenticated users to cause a denial of service (database crash) via a certain CONTAINS operation on an indexed column, which triggers an assertion error.

Alerts:
SuSE SUSE-SR:2008:003 2008-02-07
Ubuntu USN-559-1 2007-12-21
Red Hat RHSA-2007:1157-01 2007-12-19
Fedora FEDORA-2007-4471 2007-12-15
Mandriva MDKSA-2007:243 2007-12-10
Fedora FEDORA-2007-4465 2007-12-15
Red Hat RHSA-2007:1155-01 2007-12-18
Gentoo 200711-25 2007-11-18
Debian DSA-1413-1 2007-11-26
Ubuntu USN-1397-1 2012-03-12

Comments (none posted)

mysql: denial of service

Package(s):mysql CVE #(s):CVE-2007-1420
Created:March 22, 2007 Updated:May 21, 2008
Description: MySQL subselect queries using "ORDER BY" can be used by an attacker with access to a MySQL instance in order to create an intermittent denial of service.
Alerts:
Red Hat RHSA-2008:0364-01 2008-05-21
Mandriva MDKSA-2007:139 2007-07-04
rPath rPSA-2007-0107-1 2007-05-23
Gentoo 200705-11 2007-05-08
Ubuntu USN-440-1 2007-03-21

Comments (none posted)

mysql: format string bug

Package(s):mysql CVE #(s):CVE-2006-3469
Created:July 21, 2006 Updated:July 30, 2008
Description: Jean-David Maillefer discovered a format string bug in the date_format() function's error reporting. By calling the function with invalid arguments, an authenticated user could exploit this to crash the server.
Alerts:
Red Hat RHSA-2008:0768-01 2008-07-24
Slackware SSA:2006-211-01 2006-07-31
Ubuntu USN-321-1 2006-07-21

Comments (none posted)

MySQL: privilege violations

Package(s):mysql CVE #(s):CVE-2006-4031 CVE-2006-4226
Created:August 25, 2006 Updated:July 30, 2008
Description: MySQL 4.1 before 4.1.21 and 5.0 before 5.0.24 allows a local user to access a table through a previously created MERGE table, even after the user's privileges are revoked for the original table, which might violate intended security policy (CVE-2006-4031).

MySQL 4.1 before 4.1.21, 5.0 before 5.0.25, and 5.1 before 5.1.12, when run on case-sensitive filesystems, allows remote authenticated users to create or access a database when the database name differs only in case from a database for which they have permissions (CVE-2006-4226).

Alerts:
Red Hat RHSA-2008:0768-01 2008-07-24
Red Hat RHSA-2008:0364-01 2008-05-21
Red Hat RHSA-2007:0152-01 2007-04-03
Red Hat RHSA-2007:0083-01 2007-02-19
Fedora FEDORA-2006-1298 2006-11-27
Fedora FEDORA-2006-1297 2006-11-27
Ubuntu USN-338-1 2006-09-05
Mandriva MDKSA-2006:149 2006-08-24

Comments (none posted)

mysql: privilege escalation

Package(s):mysql CVE #(s):CVE-2007-6303
Created:December 19, 2007 Updated:April 7, 2008
Description: From the CVE entry: MySQL 5.0.x before 5.0.52, 5.1.x before 5.1.23, and 6.0.x before 6.0.4 does not update the DEFINER value of a view when the view is altered, which allows remote authenticated users to gain privileges via a sequence of statements including a CREATE SQL SECURITY DEFINER VIEW statement and an ALTER VIEW statement.
Alerts:
Gentoo 200804-04 2008-04-06
Ubuntu USN-588-2 2008-04-02
Ubuntu USN-588-1 2008-03-19
SuSE SUSE-SR:2008:003 2008-02-07
Mandriva MDVSA-2008:017 2008-01-19
Red Hat RHSA-2007:1157-01 2007-12-19
Fedora FEDORA-2007-4465 2007-12-15
Fedora FEDORA-2007-4471 2007-12-15

Comments (none posted)

MySQL: logging bypass

Package(s):mysql CVE #(s):CVE-2006-0903
Created:April 4, 2006 Updated:May 21, 2008
Description: MySQL 5.0.18 and earlier allows local users to bypass logging mechanisms via SQL queries that contain the NULL character, which are not properly handled by the mysql_real_query function. NOTE: this issue was originally reported for the mysql_query function, but the vendor states that since mysql_query expects a null character, this is not an issue for mysql_query.
Alerts:
Red Hat RHSA-2008:0364-01 2008-05-21
Ubuntu USN-274-2 2006-05-15
Ubuntu USN-274-1 2006-04-27
Mandriva MDKSA-2006:064 2006-04-03

Comments (2 posted)

MySQL: privilege escalation

Package(s):MySQL CVE #(s):CVE-2007-3781 CVE-2007-5969
Created:December 11, 2007 Updated:May 21, 2008
Description: MySQL Community Server before 5.0.51, when a table relies on symlinks created through explicit DATA DIRECTORY and INDEX DIRECTORY options, allows remote authenticated users to overwrite system table information and gain privileges via a RENAME TABLE statement that changes the symlink to point to an existing file. (CVE-2007-5969)

MySQL Community Server before 5.0.45 does not require privileges such as SELECT for the source table in a CREATE TABLE LIKE statement, which allows remote authenticated users to obtain sensitive information such as the table structure. (CVE-2007-3781)

Alerts:
Red Hat RHSA-2008:0364-01 2008-05-21
Gentoo 200804-04 2008-04-06
SuSE SUSE-SR:2008:003 2008-02-07
rPath rPSA-2008-0018-1 2008-01-17
Debian DSA-1451-1 2008-01-06
Ubuntu USN-559-1 2007-12-21
Red Hat RHSA-2007:1157-01 2007-12-19
Fedora FEDORA-2007-4471 2007-12-15
Fedora FEDORA-2007-4465 2007-12-15
Red Hat RHSA-2007:1155-01 2007-12-18
Mandriva MDKSA-2007:243 2007-12-10

Comments (none posted)

mysql-dfsg: multiple vulnerabilities

Package(s):mysql-dfsg CVE #(s):CVE-2007-2583 CVE-2007-2691 CVE-2007-2692 CVE-2007-3782
Created:November 27, 2007 Updated:July 30, 2008
Description: The in_decimal::set function in item_cmpfunc.cc in MySQL before 5.0.40, and 5.1 before 5.1.18-beta, allows context-dependent attackers to cause a denial of service (crash) via a crafted IF clause that results in a divide-by-zero error and a NULL pointer dereference. (CVE-2007-2583)

MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements, which allows remote authenticated users to rename arbitrary tables. (CVE-2007-2691)

The mysql_change_db function in MySQL 5.0.x before 5.0.40 and 5.1.x before 5.1.18 does not restore THD::db_access privileges when returning from SQL SECURITY INVOKER stored routines, which allows remote authenticated users to gain privileges. (CVE-2007-2692)

MySQL Community Server before 5.0.45 allows remote authenticated users to gain update privileges for a table in another database via a view that refers to this external table. (CVE-2007-3782)

Alerts:
Red Hat RHSA-2008:0768-01 2008-07-24
Red Hat RHSA-2008:0364-01 2008-05-21
Ubuntu USN-588-2 2008-04-02
Ubuntu USN-588-1 2008-03-19
SuSE SUSE-SR:2008:003 2008-02-07
Mandriva MDVSA-2008:028 2007-01-29
Debian DSA-1413-1 2007-11-26

Comments (none posted)

mysql: denial of service

Package(s):mysql-dfsg-5.0 CVE #(s):CVE-2007-6304
Created:December 21, 2007 Updated:April 7, 2008
Description: Philip Stoev discovered that the the federated engine of MySQL did not properly handle responses with a small number of columns. An authenticated user could use a crafted response to a SHOW TABLE STATUS query and cause a denial of service.
Alerts:
Gentoo 200804-04 2008-04-06
SuSE SUSE-SR:2008:003 2008-02-07
Mandriva MDVSA-2008:028 2007-01-29
Mandriva MDVSA-2008:017 2008-01-19
Debian DSA-1451-1 2008-01-06
Ubuntu USN-559-1 2007-12-21

Comments (none posted)

nagios: cross-site scripting

Package(s):nagios CVE #(s):CVE-2007-5624
Created:December 7, 2007 Updated:September 14, 2009
Description: Cross-site scripting (XSS) vulnerability in Nagios 2.x before 2.10 allows remote attackers to inject arbitrary web script or HTML via unknown vectors to unspecified CGI scripts.
Alerts:
Debian DSA-1883-2 2009-09-14
Debian DSA-1883-1 2009-09-10
SuSE SUSE-SR:2008:011 2008-05-09
Mandriva MDVSA-2008:067 2008-03-18
Fedora FEDORA-2007-4145 2007-12-06
Fedora FEDORA-2007-4123 2007-12-06

Comments (none posted)

nagios-plugins: buffer overflow

Package(s):nagios-plugins CVE #(s):CVE-2007-5198
Created:October 23, 2007 Updated:April 17, 2008
Description: Buffer overflow in the redir function in check_http.c in Nagios Plugins before 1.4.10 allows remote web servers to execute arbitrary code via long Location header responses (redirects).
Alerts:
Fedora FEDORA-2008-3061 2008-04-17
Fedora FEDORA-2008-3098 2008-04-17
Fedora FEDORA-2008-3146 2008-04-17
Mandriva MDVSA-2008:067 2008-03-18
Debian DSA-1495-2 2008-02-17
Debian DSA-1495-1 2008-02-12
SuSE SUSE-SR:2007:025 2007-12-05
Ubuntu USN-532-1 2007-10-22

Comments (none posted)

nagios-plugins: check_snmp buffer overflow

Package(s):nagios-plugins CVE #(s):CVE-2007-5623
Created:November 2, 2007 Updated:April 17, 2008
Description: Buffer overflow in the check_snmp function in Nagios Plugins (nagios-plugins) 1.4.10 allows remote attackers to cause a denial of service (crash) via crafted snmpget replies.
Alerts:
Fedora FEDORA-2008-3061 2008-04-17
Fedora FEDORA-2008-3146 2008-04-17
Mandriva MDVSA-2008:067 2008-03-18
Debian DSA-1495-2 2008-02-17
Debian DSA-1495-1 2008-02-12
SuSE SUSE-SR:2007:025 2007-12-05
Gentoo 200711-11 2007-11-08
Fedora FEDORA-2007-2876 2007-11-06
Fedora FEDORA-2007-2713 2007-11-01

Comments (none posted)

nbd: arbitrary code execution

Package(s):nbd CVE #(s):CVE-2005-3534
Created:January 6, 2006 Updated:March 7, 2011
Description: Kurt Fitzner discovered that the NBD (network block device) server did not correctly verify the maximum size of request packets. By sending specially crafted large request packets, a remote attacker who is allowed to access the server could exploit this to execute arbitrary code with root privileges.
Alerts:
SuSE SUSE-SR:2006:001 2006-01-13
Ubuntu USN-237-1 2006-01-06

Comments (none posted)

ncompress: buffer underflow

Package(s):ncompress CVE #(s):CVE-2006-1168
Created:August 10, 2006 Updated:February 21, 2012
Description: The ncompress compression utility has a missing boundary check. A local user can use a maliciously created file to cause a a .bss buffer underflow.
Alerts:
Gentoo 200610-03 2006-10-06
Red Hat RHSA-2006:0663-01 2006-09-12
Mandriva MDKSA-2006:140 2006-08-09
Debian DSA-1149-1 2006-08-10
Red Hat RHSA-2012:0308-03 2012-02-21
Scientific Linux SL-busy-20120321 2012-03-21
Red Hat RHSA-2012:0810-04 2012-06-20
Scientific Linux SL-busy-20120709 2012-07-09
Mageia MGASA-2012-0171 2012-07-19
Mandriva MDVSA-2012:129 2012-08-10
Mandriva MDVSA-2012:129-1 2012-08-10

Comments (none posted)

net-snmp: denial of service

Package(s):net-snmp CVE #(s):CVE-2007-5846
Created:November 16, 2007 Updated:February 7, 2008
Description: A flaw was discovered in the way net-snmp handled certain requests. A remote attacker who can connect to the snmpd UDP port (161 by default) could send a malicious packet causing snmpd to crash, resulting in a denial of service.
Alerts:
Debian DSA-1483-1 2008-02-06
Ubuntu USN-564-1 2008-01-09
SuSE SUSE-SR:2007:025 2007-12-05
Gentoo 200711-31 2007-11-20
Mandriva MDKSA-2007:225 2007-11-19
Red Hat RHSA-2007:1045-01 2007-11-15
Fedora FEDORA-2007-3019 2007-11-20

Comments (none posted)

nginx: cross site scripting

Package(s):nginx CVE #(s):
Created:July 20, 2007 Updated:September 14, 2009
Description: Nginx [engine x] is an HTTP(S) server, HTTP(S) reverse proxy and IMAP/POP3 proxy server written by Igor Sysoev. The "msie_refresh" directive could allow cross site scripting.
Alerts:
Fedora FEDORA-2007-1158 2007-07-19

Comments (none posted)

nss_ldap: credential or other information disclosure

Package(s):nss_ldap CVE #(s):CVE-2007-5794
Created:November 26, 2007 Updated:July 30, 2008
Description:

From the Gentoo advisory:

Josh Burley reported that nss_ldap does not properly handle the LDAP connections due to a race condition that can be triggered by multi-threaded applications using nss_ldap, which might lead to requested data being returned to a wrong process.

Alerts:
Red Hat RHSA-2008:0715-01 2008-07-24
Red Hat RHSA-2008:0389-02 2008-05-21
Mandriva MDVSA-2008:049 2007-02-25
Foresight FLEA-2008-0003-1 2008-02-11
SuSE SUSE-SR:2008:003 2008-02-07
Debian DSA-1430-1 2007-12-11
rPath rPSA-2007-0255-1 2007-11-30
Gentoo 200711-33 2007-11-25

Comments (none posted)

openafs: denial of service

Package(s):openafs CVE #(s):CVE-2007-6599
Created:January 10, 2008 Updated:January 25, 2008
Description: From the Gentoo advisory: Russ Allbery, Jeffrey Altman, Dan Hyde and Thomas Mueller discovered a race condition due to an improper handling of the clients callbacks lists. A remote attacker could construct cases which trigger the race condition, resulting in a server crash.
Alerts:
SuSE SUSE-SR:2008:002 2008-01-25
Debian DSA-1458-1 2008-01-10
Gentoo 200801-04 2008-01-09

Comments (none posted)

openldap: denial of service

Package(s):openldap CVE #(s):CVE-2007-5707
Created:November 8, 2007 Updated:April 9, 2008
Description: The OpenLDAP Lightweight Directory Access Protocol suite has a problem with handling of malformed objectClasses LDAP attributes by the slapd daemon. Both local and remote attackers can use this to crash slapd, causing a denial of service.
Alerts:
Debian DSA-1541-1 2008-04-08
Gentoo 200803-28 2008-03-19
Ubuntu USN-551-1 2007-12-04
Fedora FEDORA-2007-3124 2007-11-20
SuSE SUSE-SR:2007:024 2007-11-22
Red Hat RHSA-2007:1038-01 2007-11-15
Fedora FEDORA-2007-741 2007-11-15
Fedora FEDORA-2007-2796 2007-11-09
Mandriva MDKSA-2007:215 2007-11-08
Red Hat RHSA-2007:1037-01 2007-11-08

Comments (none posted)

openldap: denial of service

Package(s):openldap CVE #(s):CVE-2007-5708
Created:November 23, 2007 Updated:April 9, 2008
Description: slapo-pcache (overlays/pcache.c) in slapd in OpenLDAP before 2.3.39, when running as a proxy-caching server, allocates memory using a malloc variant instead of calloc, which prevents an array from being initialized properly and might allow attackers to cause a denial of service (segmentation fault) via unknown vectors that prevent the array from being null terminated.
Alerts:
Debian DSA-1541-1 2008-04-08
Gentoo 200803-28 2008-03-19
Mandriva MDVSA-2008:058 2007-03-05
Ubuntu USN-551-1 2007-12-04
Fedora FEDORA-2007-3124 2007-11-20
SuSE SUSE-SR:2007:024 2007-11-22

Comments (none posted)

OpenOffice.org: arbitrary code execution

Package(s):openoffice.org CVE #(s):CVE-2007-0245
Created:June 13, 2007 Updated:June 12, 2008
Description: A specially crafted RTF file could cause the filter to overwrite data on the heap, which may lead to the execution of arbitrary code.
Alerts:
Fedora FEDORA-2008-5239 2008-06-11
Fedora FEDORA-2008-4104 2008-05-17
rPath rPSA-2007-0160-1 2007-08-14
Ubuntu USN-482-1 2007-07-10
Mandriva MDKSA-2007:144 2007-07-10
Gentoo 200707-02 2007-07-02
SuSE SUSE-SA:2007:037 2007-06-28
Fedora FEDORA-2007-606 2007-06-25
Fedora FEDORA-2007-0410 2007-06-13
Fedora FEDORA-2007-572 2007-06-12
Red Hat RHSA-2007:0406-01 2007-06-13
Debian DSA-1307-1 2007-06-12

Comments (none posted)

openoffice.org: arbitrary code execution via TIFF images

Package(s):openoffice.org CVE #(s):CVE-2007-2834
Created:September 17, 2007 Updated:June 12, 2008
Description: A heap overflow vulnerability has been discovered in the TIFF parsing code of the OpenOffice.org suite. The parser uses untrusted values from the TIFF file to calculate the number of bytes of memory to allocate. A specially crafted TIFF image could trigger an integer overflow and subsequently a buffer overflow that could cause the execution of arbitrary code.
Alerts:
Fedora FEDORA-2008-5239 2008-06-11
Fedora FEDORA-2008-4104 2008-05-17
Gentoo 200710-24 2007-10-23
Ubuntu USN-524-1 2007-10-04
Fedora FEDORA-2007-2372 2007-10-03
SuSE SUSE-SA:2007:052 2007-09-21
Mandriva MDKSA-2007:186 2007-09-17
rPath rPSA-2007-0189-1 2007-09-18
Foresight FLEA-2007-0056-1 2007-09-18
Fedora FEDORA-2007-700 2007-09-18
Red Hat RHSA-2007:0848-01 2007-09-18
Debian DSA-1375-1 2007-09-17

Comments (none posted)

openoffice.org: arbitrary code execution

Package(s):openoffice.org CVE #(s):CVE-2007-4575
Created:December 5, 2007 Updated:September 10, 2008
Description:

From the OpenOffice advisory:

A security vulnerability in HSQLDB, the default database engine shipped with OpenOffice.org 2 (all versions), may allow attackers to execute arbitrary static Java code, by manipulating database documents to be opened by a user.

Alerts:
Fedora FEDORA-2008-7531 2008-09-05
Fedora FEDORA-2008-5247 2008-06-11
Fedora FEDORA-2008-5239 2008-06-11
Fedora FEDORA-2008-4104 2008-05-17
Ubuntu USN-609-1 2008-05-06
Mandriva MDVSA-2008:095 2008-05-02
Fedora FEDORA-2008-3251 2008-04-22
Red Hat RHSA-2008:0158-01 2008-03-24
Gentoo 200712-25 2007-12-30
SuSE SUSE-SA:2007:067 2007-12-11
Fedora FEDORA-2007-4172 2007-12-06
Red Hat RHSA-2007:1090-01 2007-12-05
Fedora FEDORA-2007-762 2007-12-07
Fedora FEDORA-2007-4120 2007-12-06
Red Hat RHSA-2007:1048-01 2007-12-05
Debian DSA-1419-1 2007-12-05

Comments (none posted)

openssh: remote denial of service

Package(s):openssh CVE #(s):CVE-2006-4924 CVE-2006-5051
Created:September 27, 2006 Updated:September 17, 2008
Description: Openssh 4.4 fixes some security issues, including a pre-authentication denial of service, an unsafe signal hander and on portable OpenSSH a GSSAPI authentication abort could be used to determine the validity of usernames on some platforms.
Alerts:
Debian DSA-1638-1 2008-09-16
Debian DSA-1212-1 2006-11-15
Fedora FEDORA-2006-1011 2006-10-03
Debian DSA-1189-1 2006-10-04
Mandriva MDKSA-2006:179 2006-10-03
Ubuntu USN-355-1 2006-10-02
OpenPKG OpenPKG-SA-2006.022 2006-10-01
Slackware SSA:2006-272-02 2006-09-29
Red Hat RHSA-2006:0698-01 2006-09-28
Red Hat RHSA-2006:0697-01 2006-09-28
Gentoo 200609-17:02 2006-09-27
rPath rPSA-2006-0174-1 2006-09-27
Gentoo 200609-17 2006-09-27

Comments (none posted)

openssl: off-by-one error

Package(s):openssl CVE #(s):CVE-2007-4995
Created:October 23, 2007 Updated:May 13, 2008
Description: Off-by-one error in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8f and 0.9.7 allows remote attackers to execute arbitrary code via unspecified vectors.
Alerts:
Debian DSA-1571-1 2008-05-13
Mandriva MDKSA-2007:237 2007-12-04
Gentoo 200710-30:02 2007-10-27
Ubuntu USN-534-1 2007-10-22

Comments (none posted)

openssl: off-by-one error

Package(s):openssl CVE #(s):CVE-2007-5135
Created:October 3, 2007 Updated:July 31, 2008
Description: From the Debian advisory: An off-by-one error has been identified in the SSL_get_shared_ciphers() routine in the libssl library from OpenSSL, an implementation of Secure Socket Layer cryptographic libraries and utilities. This error could allow an attacker to crash an application making use of OpenSSL's libssl library, or potentially execute arbitrary code in the security context of the user running such an application.
Alerts:
rPath rPSA-2008-0241-1 2008-07-30
SuSE SUSE-SR:2008:005 2008-03-06
Red Hat RHSA-2007:1003-02 2007-11-15
Red Hat RHSA-2007:0813-01 2007-10-22
Fedora FEDORA-2007-2530 2007-10-18
Fedora FEDORA-2007-725 2007-10-15
SuSE SUSE-SR:2007:020 2007-10-12
Red Hat RHSA-2007:0964-01 2007-10-12
Debian DSA-1379-2 2007-10-10
Gentoo 200710-06 2007-10-07
Mandriva MDKSA-2007:193 2007-10-04
rPath rPSA-2007-0206-1 2007-10-03
Foresight FLEA-2007-0058-1 2007-10-03
Debian DSA-1379 2007-10-02

Comments (none posted)

openssl: private key attack

Package(s):openssl CVE #(s):CVE-2007-3108
Created:August 7, 2007 Updated:May 13, 2008
Description: OpenSSL could allow a local user in certain circumstances to divulge information about private keys being used.
Alerts:
Debian DSA-1571-1 2008-05-13
Red Hat RHSA-2007:1003-02 2007-11-15
Ubuntu USN-522-1 2007-09-29
rPath rPSA-2007-0199-1 2007-09-25
Fedora FEDORA-2007-661 2007-08-13
Foresight FLEA-2007-0043-1 2007-08-13
rPath rPSA-2007-0155-1 2007-08-10
Fedora FEDORA-2007-1444 2007-08-06

Comments (none posted)

opera: multiple vulnerabilities

Package(s):opera CVE #(s):CVE-2007-4367 CVE-2007-3929 CVE-2007-3142 CVE-2007-3819
Created:August 23, 2007 Updated:February 27, 2008
Description: The Opera browser has multiple vulnerabilities. The JavaScript engine is vulnerable to a virtual function call on an invalid pointer that can be triggered by specially crafted JavaScript. A freed pointer in the BitTorrent support may be accessed, this can be used for malicious code execution. The browser is vulnerable to several memory read protection errors. There are URI display errors that can be used to trick users into visiting arbitrary web sites.
Alerts:
SuSE SUSE-SR:2007:015 2007-08-03
SuSE SUSE-SA:2007:050 2007-08-30
Gentoo 200708-17 2007-08-22

Comments (none posted)

paramiko: insecure random pool usage

Package(s):paramiko CVE #(s):CVE-2008-0299
Created:January 16, 2008 Updated:March 4, 2008
Description: Programs which keep more than one paramiko connection open may leak random pool information.
Alerts:
Gentoo 200803-07 2008-03-03
Fedora FEDORA-2008-0644 2008-01-15
Fedora FEDORA-2008-0722 2008-01-15

Comments (none posted)

pcre: CVE consolidation

Package(s):pcre CVE #(s):CVE-2005-4872 CVE-2006-7227 CVE-2006-7224
Created:November 15, 2007 Updated:May 13, 2008
Description: PCRE has flaws in the way it handles malformed regular expressions. If an application linked against PCRE, such as Konqueror, encounters a maliciously created regular expression, it may be possible to run arbitrary code. Vulnerabilities CVE-2005-4872 and CVE-2006-7227 have been combined into CVE-2006-7224.
Alerts:
Gentoo 200805-11 2008-05-12
Debian DSA-1570-1 2008-05-06
Mandriva MDVSA-2008:030 2008-01-31
SuSE SUSE-SA:2008:004 2008-01-29
Gentoo 200711-30 2007-11-20
SuSE SUSE-SA:2007:062 2007-11-23
Red Hat RHSA-2007:1052-02 2007-11-15

Comments (5 posted)

pcre: two arbitrary code execution vulnerabilities

Package(s):pcre CVE #(s):CVE-2007-1659 CVE-2007-1660
Created:November 6, 2007 Updated:July 16, 2008
Description: Multiple flaws were found in the way pcre handles certain malformed regular expressions. If an application linked against pcre, such as Konqueror, parses a malicious regular expression, it may be possible to run arbitrary code as the user running the application. (CVE-2007-1659, CVE-2007-1660)
Alerts:
Red Hat RHSA-2008:0546-01 2008-07-16
Debian DSA-1570-1 2008-05-06
Fedora FEDORA-2008-1842 2008-03-06
Mandriva MDVSA-2008:030 2008-01-31
SuSE SUSE-SA:2008:004 2008-01-29
SuSE SUSE-SR:2007:025 2007-12-05
Red Hat RHSA-2007:1065-01 2007-11-29
Red Hat RHSA-2007:1068-01 2007-11-29
Red Hat RHSA-2007:1063-01 2007-11-29
Gentoo 200711-30 2007-11-20
Ubuntu USN-547-1 2007-11-27
SuSE SUSE-SA:2007:062 2007-11-23
Foresight FLEA-2007-0064-1 2007-11-11
Mandriva MDKSA-2007:213 2007-11-08
Mandriva MDKSA-2007:212 2007-11-08
Mandriva MDKSA-2007:211 2007-11-08
rPath rPSA-2007-0231-1 2007-11-06
Debian DSA-1399-1 2007-11-05
Red Hat RHSA-2007:0968-01 2007-11-05
Red Hat RHSA-2007:0967-01 2007-11-05

Comments (none posted)

pcre: buffer overflows in library

Package(s):pcre CVE #(s):CVE-2006-7228 CVE-2006-7230 CVE-2007-1661 CVE-2007-4766 CVE-2007-4767
Created:November 23, 2007 Updated:July 16, 2008
Description: Specially crafted regular expressions could lead to buffer overflows in the pcre library. Applications using pcre to process regular expressions from untrusted sources could therefore potentially be exploited by attackers to execute arbitrary code as the user running the application.
Alerts:
Red Hat RHSA-2008:0546-01 2008-07-16
Debian DSA-1570-1 2008-05-06
Fedora FEDORA-2008-1842 2008-03-06
Gentoo 200802-10 2008-02-23
Mandriva MDVSA-2008:030 2008-01-31
SuSE SUSE-SA:2008:004 2008-01-29
Mandriva MDVSA-2008:012 2008-01-14
Red Hat RHSA-2007:1077-01 2007-12-10
Debian DSA-1399-1 2007-11-05
Red Hat RHSA-2007:1076-02 2007-12-10
Red Hat RHSA-2007:1065-01 2007-11-29
Red Hat RHSA-2007:1068-01 2007-11-29
Red Hat RHSA-2007:1063-01 2007-11-29
Red Hat RHSA-2007:1059-01 2007-11-29
Ubuntu USN-547-1 2007-11-27
SuSE SUSE-SA:2007:062 2007-11-23
Gentoo 200711-30 2007-11-20

Comments (1 posted)

pcre: buffer overflows

Package(s):pcre3 CVE #(s):CVE-2007-1662 CVE-2007-4768
Created:November 27, 2007 Updated:May 7, 2008
Description: Perl-Compatible Regular Expression (PCRE) library before 7.3 reads past the end of the string when searching for unmatched brackets and parentheses, which allows context-dependent attackers to cause a denial of service (crash), possibly involving forward references. (CVE-2007-1662)

Heap-based buffer overflow in Perl-Compatible Regular Expression (PCRE) library before 7.3 allows context-dependent attackers to execute arbitrary code via a singleton Unicode sequence in a character class in a regex pattern, which is incorrectly optimized. (CVE-2007-4768)

Alerts:
Debian DSA-1570-1 2008-05-06
Fedora FEDORA-2008-1842 2008-03-06
Debian DSA-1399-1 2007-11-05
Gentoo 200711-30 2007-11-20
Ubuntu USN-547-1 2007-11-27

Comments (none posted)

peercast: buffer overflow

Package(s):peercast CVE #(s):CVE-2007-6454
Created:December 28, 2007 Updated:May 21, 2008
Description: A heap-based buffer overflow in the handshakeHTTP function in servhs.cpp in PeerCast 0.1217 and earlier, and SVN 344 and earlier, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long SOURCE request.
Alerts:
Debian DSA-1583-1 2008-05-20
Gentoo 200801-22:02 2008-01-30
Debian DSA-1441-1 2007-12-28

Comments (none posted)

perl-Net-DNS: predictable id sequence

Package(s):perl-Net-DNS CVE #(s):CVE-2007-3377
Created:June 26, 2007 Updated:March 12, 2008
Description: Net::DNS before 0.60 uses an id sequence that is predictable and the same in all child processes.
Alerts:
Debian DSA-1515-1 2008-03-11
SuSE SUSE-SR:2007:017 2007-08-17
Gentoo 200708-06 2007-08-11
rPath rPSA-2007-0142-1 2007-07-17
Ubuntu USN-483-1 2007-07-11
Mandriva MDKSA-2007:146 2007-07-12
Red Hat RHSA-2007:0675-01 2007-07-12
Red Hat RHSA-2007:0674-01 2007-07-12
Fedora FEDORA-2007-609 2007-07-02
Fedora FEDORA-2007-612 2007-07-02
Fedora FEDORA-2007-0668 2007-06-25

Comments (none posted)

php: several vulnerabilities

Package(s):php CVE #(s):CVE-2006-4481 CVE-2006-4484 CVE-2006-4485
Created:September 8, 2006 Updated:June 13, 2008
Description: The file_exists and imap_reopen functions in PHP before 5.1.5 do not check for the safe_mode and open_basedir settings, which allows local users to bypass the settings (CVE-2006-4481).

A buffer overflow in the LWZReadByte function in ext/gd/libgd/gd_gif_in.c in the GD extension in PHP before 5.1.5 allows remote attackers to have an unknown impact via a GIF file with input_code_size greater than MAX_LWZ_BITS, which triggers an overflow when initializing the table array (CVE-2006-4484).

The stripos function in PHP before 5.1.5 has unknown impact and attack vectors related to an out-of-bounds read (CVE-2006-4485).

Alerts:
SuSE SUSE-SR:2008:013 2008-06-13
Mandriva MDVSA-2008:077 2007-03-26
SuSE SUSE-SR:2008:005 2008-03-06
Red Hat RHSA-2008:0146-01 2008-02-28
Fedora FEDORA-2008-1643 2008-02-13
Foresight FLEA-2008-0007-1 2008-02-11
Fedora FEDORA-2008-1122 2008-02-05
Fedora FEDORA-2008-1131 2008-02-05
SuSE SUSE-SR:2008:003 2008-02-07
Mandriva MDVSA-2008:038 2007-02-07
rPath rPSA-2008-0046-1 2008-02-06
Gentoo 200802-01 2008-02-06
rPath rPSA-2006-0182-1 2006-10-05
SuSE SUSE-SA:2006:052 2006-09-21
Red Hat RHSA-2006:0669-01 2006-09-21
Mandriva MDKSA-2006:162 2006-09-07

Comments (1 posted)

php: multiple vulnerabilities

Package(s):php CVE #(s):CVE-2007-2872 CVE-2007-2756
Created:June 1, 2007 Updated:January 29, 2008
Description: According to a vendor release announcement multiple security enhancements and fixes were fixed in version 5.2.3 of the programming language PHP.
Alerts:
SuSE SUSE-SA:2008:004 2008-01-29
Ubuntu USN-549-2 2007-12-03
Red Hat RHSA-2007:0891-01 2007-10-25
Ubuntu USN-549-1 2007-11-29
Red Hat RHSA-2007:0888-01 2007-10-23
Gentoo 200710-02 2007-10-07
Red Hat RHSA-2007:0889-01 2007-09-26
Fedora FEDORA-2007-709 2007-09-24
Mandriva MDKSA-2007:187 2007-09-21
Red Hat RHSA-2007:0890-02 2007-09-20
Fedora FEDORA-2007-2215 2007-09-18
rPath rPSA-2007-0188-1 2007-09-17
Slackware SSA:2007-255-03 2007-09-13
rPath rPSA-2007-0117-1 2007-06-07
Slackware SSA:2007-152-01 2007-06-04
OpenPKG OpenPKG-SA-2007.020 2007-06-01

Comments (none posted)

php: multiple vulnerabilities

Package(s):php CVE #(s):CVE-2007-3799 CVE-2007-3998 CVE-2007-4659 CVE-2007-4658 CVE-2007-4670 CVE-2007-4661
Created:October 23, 2007 Updated:May 19, 2008
Description: From the Red Hat advisory:

Various integer overflow flaws were found in the PHP gd extension. A script that could be forced to resize images from an untrusted source could possibly allow a remote attacker to execute arbitrary code as the apache user. (CVE-2007-3996)

A previous security update introduced a bug into PHP session cookie handling. This could allow an attacker to stop a victim from viewing a vulnerable web site if the victim has first visited a malicious web page under the control of the attacker, and that page can set a cookie for the vulnerable web site. (CVE-2007-4670)

A flaw was found in the PHP money_format function. If a remote attacker was able to pass arbitrary data to the money_format function this could possibly result in an information leak or denial of service. Note that is is unusual for a PHP script to pass user-supplied data to the money_format function. (CVE-2007-4658)

A flaw was found in the PHP wordwrap function. If a remote attacker was able to pass arbitrary data to the wordwrap function this could possibly result in a denial of service. (CVE-2007-3998)

A bug was found in PHP session cookie handling. This could allow an attacker to create a cross-site cookie insertion attack if a victim follows an untrusted carefully-crafted URL. (CVE-2007-3799)

A flaw was found in handling of dynamic changes to global variables. A script which used certain functions which change global variables could be forced to enable the register_globals configuration option, possibly resulting in global variable injection. (CVE-2007-4659)

An integer overflow flaw was found in the PHP chunk_split function. If a remote attacker was able to pass arbitrary data to the third argument of chunk_split they could possibly execute arbitrary code as the apache user. Note that it is unusual for a PHP script to use the chunk_split function with a user-supplied third argument. (CVE-2007-4661)

Alerts:
Debian DSA-1578-1 2008-05-17
SuSE SUSE-SR:2007:015 2007-08-03
SuSE SUSE-SA:2008:004 2008-01-29
Debian DSA-1444-2 2008-01-23
Debian DSA-1444-1 2008-01-03
Ubuntu USN-549-2 2007-12-03
Ubuntu USN-549-1 2007-11-29
Red Hat RHSA-2007:0891-01 2007-10-25
rPath rPSA-2007-0221-1 2007-10-24
Red Hat RHSA-2007:0917-01 2007-10-23

Comments (none posted)

php: buffer overflows

Package(s):php CVE #(s):CVE-2006-5465
Created:November 3, 2006 Updated:January 18, 2010
Description: The Hardened-PHP Project discovered buffer overflows in htmlentities/htmlspecialchars internal routines to the PHP Project. Of course the whole purpose of these functions is to be filled with user input. (The overflow can only be when UTF-8 is used)
Alerts:
Mandriva MDVSA-2010:007 2010-01-15
SuSE SUSE-SA:2006:067 2006-11-15
rPath rPSA-2006-0205-1 2006-11-09
Red Hat RHSA-2006:0731-01 2006-11-10
Red Hat RHSA-2006:0730-01 2006-11-06
Debian DSA-1206-1 2006-11-06
Fedora FEDORA-2006-1169 2006-11-06
Fedora FEDORA-2006-1168 2006-11-06
Slackware SSA:2006-307-01 2006-11-06
OpenPKG OpenPKG-SA-2006.028 2006-11-06
Ubuntu USN-375-1 2006-11-02
Mandriva MDKSA-2006:196 2006-11-02

Comments (none posted)

php5: multiple vulnerabilities

Package(s):php5 CVE #(s):CVE-2007-4657 CVE-2007-4660 CVE-2007-4662
Created:November 30, 2007 Updated:July 4, 2008
Description: Multiple integer overflows in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, allow remote attackers to obtain sensitive information (memory contents) or cause a denial of service (thread crash) via a large len value to the (1) strspn or (2) strcspn function, which triggers an out-of-bounds read. NOTE: this affects different product versions than CVE-2007-3996. (CVE-2007-4657)

Unspecified vulnerability in the chunk_split function in PHP before 5.2.4 has unknown impact and attack vectors, related to an incorrect size calculation. (CVE-2007-4660)

Buffer overflow in the php_openssl_make_REQ function in PHP before 5.2.4 has unknown impact and attack vectors. (CVE-2007-4662)

Alerts:
Mandriva MDVSA-2008:125 2008-07-03
Mandriva MDVSA-2008:126 2007-07-03
Debian DSA-1578-1 2008-05-17
Debian DSA-1444-2 2008-01-23
Debian DSA-1444-1 2008-01-03
Ubuntu USN-549-2 2007-12-03
Ubuntu USN-549-1 2007-11-29

Comments (none posted)

php5: multiple vulnerabilities

Package(s):php5 CVE #(s):CVE-2007-4783 CVE-2007-4840 CVE-2007-5898 CVE-2007-5899 CVE-2007-5900
Created:November 20, 2007 Updated:January 18, 2010
Description: The php5 package contains multiple vulnerabilities, the most serious of which involve several Denial of Service attacks (application crashes and temporary application hangs). It is not currently known that these vulnerabilities can be exploited to execute malicious code.
Alerts:
Mandriva MDVSA-2010:007 2010-01-15
Ubuntu USN-720-1 2009-02-12
Ubuntu USN-628-1 2008-07-23
CentOS CESA-2008:0545 2008-07-16
CentOS CESA-2008:0544 2008-07-16
Red Hat RHSA-2008:0545-01 2008-07-16
Red Hat RHSA-2008:0546-01 2008-07-16
Red Hat RHSA-2008:0544-01 2008-07-16
Red Hat RHSA-2008:0582-01 2008-07-22
Mandriva MDVSA-2008:127 2008-07-03
Mandriva MDVSA-2008:125 2008-07-03
Mandriva MDVSA-2008:126 2007-07-03
Red Hat RHSA-2008:0505-01 2008-07-02
Fedora FEDORA-2008-3606 2008-06-20
Fedora FEDORA-2008-3864 2008-06-20
SuSE SUSE-SA:2008:004 2008-01-29
Debian DSA-1444-2 2008-01-23
Debian DSA-1444-1 2008-01-03
Ubuntu USN-549-2 2007-12-03
rPath rPSA-2007-0242-1 2007-11-19
Ubuntu USN-549-1 2007-11-29

Comments (none posted)

phpbb2: missing input sanitizing

Package(s):phpbb2 CVE #(s):CVE-2006-1896
Created:May 22, 2006 Updated:February 11, 2008
Description: It was discovered that phpbb2, a web based bulletin board, insufficiently sanitizes values passed to the "Font Color 3" setting, which might lead to the execution of injected code by admin users.
Alerts:
Debian DSA-1066-1 2006-05-20

Comments (none posted)

phpbb2: multiple vulnerabilities

Package(s):phpbb2 CVE #(s):CVE-2005-3310 CVE-2005-3415 CVE-2005-3416 CVE-2005-3417 CVE-2005-3418 CVE-2005-3419 CVE-2005-3420 CVE-2005-3536 CVE-2005-3537
Created:December 22, 2005 Updated:February 11, 2008
Description: The phpbb2 web forum has a number of vulnerabilities including: a web script injection problem, a protection mechanism bypass, a security check bypass, a remote global variable bypass, cross site scripting vulnerabilities, an SQL injection vulnerability, a remote regular expression modification problem, missing input sanitizing, and a missing request validation problem.
Alerts:
Debian DSA-925-1 2005-12-22

Comments (none posted)

phpmyadmin: multiple vulnerabilities

Package(s):phpmyadmin CVE #(s):CVE-2006-6942 CVE-2006-6944 CVE-2007-1325 CVE-2007-1395 CVE-2007-2245
Created:September 10, 2007 Updated:March 19, 2009
Description: Several remote vulnerabilities have been discovered in phpMyAdmin, a program to administrate MySQL over the web. The Common Vulnerabilities and Exposures project identifies the following problems:

CVE-2007-1325: The PMA_ArrayWalkRecursive function in libraries/common.lib.php does not limit recursion on arrays provided by users, which allows context-dependent attackers to cause a denial of service (web server crash) via an array with many dimensions.

CVE-2007-1395: Incomplete blacklist vulnerability in index.php allows remote attackers to conduct cross-site scripting (XSS) attacks by injecting arbitrary JavaScript or HTML in a (1) db or (2) table parameter value followed by an uppercase </SCRIPT> end tag, which bypasses the protection against lowercase </script>.

CVE-2007-2245: Multiple cross-site scripting (XSS) vulnerabilities allow remote attackers to inject arbitrary web script or HTML via (1) the fieldkey parameter to browse_foreigners.php or (2) certain input to the PMA_sanitize function.

CVE-2006-6942: Multiple cross-site scripting (XSS) vulnerabilities allow remote attackers to inject arbitrary HTML or web script via (1) a comment for a table name, as exploited through (a) db_operations.php, (2) the db parameter to (b) db_create.php, (3) the newname parameter to db_operations.php, the (4) query_history_latest, (5) query_history_latest_db, and (6) querydisplay_tab parameters to (c) querywindow.php, and (7) the pos parameter to (d) sql.php.

CVE-2006-6944: phpMyAdmin allows remote attackers to bypass Allow/Deny access rules that use IP addresses via false headers.

Alerts:
Gentoo 200903-32 2009-03-18
Mandriva MDKSA-2007:199 2007-10-17
Debian DSA-1370-2 2007-09-10
Debian DSA-1370-1 2007-09-09

Comments (none posted)

phpMyAdmin: cross-site scripting vulnerabilities

Package(s):phpMyAdmin CVE #(s):CVE-2007-5386 CVE-2007-5589
Created:November 2, 2007 Updated:March 14, 2008
Description: Cross-site scripting (XSS) vulnerability in scripts/setup.php in phpMyAdmin 2.11.1, when accessed by a browser that does not URL-encode requests, allows remote attackers to inject arbitrary web script or HTML via the query string.

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.11.1.2 allow remote attackers to inject arbitrary web script or HTML via certain input available in (1) PHP_SELF in (a) server_status.php, and (b) grab_globals.lib.php, (c) display_change_password.lib.php, and (d) common.lib.php in libraries/; and certain input available in PHP_SELF and (2) PATH_INFO in libraries/common.inc.php. NOTE: there might also be other vectors related to (3) REQUEST_URI.

Alerts:
SuSE SUSE-SR:2008:006 2008-03-14
Fedora FEDORA-2007-3639 2007-11-22
Fedora FEDORA-2007-3666 2007-11-22
Debian DSA-1403-1 2007-11-08
Fedora FEDORA-2007-2738 2007-11-01

Comments (none posted)

phpMyAdmin: information disclosure

Package(s):phpMyAdmin CVE #(s):CVE-2007-0095
Created:December 11, 2007 Updated:September 25, 2008
Description: phpMyAdmin 2.9.1.1 allows remote attackers to obtain sensitive information via a direct request for themes/darkblue_orange/layout.inc.php, which reveals the path in an error message.
Alerts:
Fedora FEDORA-2008-8286 2008-09-24
Fedora FEDORA-2008-8269 2008-09-24
Fedora FEDORA-2008-6502 2008-07-17
Fedora FEDORA-2008-6450 2008-07-17
Fedora FEDORA-2008-2229 2008-03-03
Fedora FEDORA-2008-2189 2008-03-03
Fedora FEDORA-2007-4298 2007-12-10
Fedora FEDORA-2007-4334 2007-12-10

Comments (none posted)

phpMyAdmin: SQL injection

Package(s):phpMyAdmin CVE #(s):CVE-2007-5976 CVE-2007-5977
Created:November 22, 2007 Updated:March 19, 2009
Description: phpMyAdmin prior to version 2.11.2.1 has an SQL injection vulnerability in db_create.php. Remote authenticated users with CREATE DATABASE privileges can use this to execute arbitrary SQL commands via the db parameter.

db_create.php also has a related cross-site scripting vulnerability. Remote authenticated users can inject arbitrary web scripts or HTML using a hex-encoded IMG element in the db parameter in a POST request.

Alerts:
Gentoo 200903-32 2009-03-18
Mandriva MDKSA-2007:229 2007-11-20
Fedora FEDORA-2007-3639 2007-11-22
Fedora FEDORA-2007-3636 2007-11-22
Fedora FEDORA-2007-3666 2007-11-22
Fedora FEDORA-2007-3627 2007-11-22

Comments (none posted)

phpPgAdmin: cross-site scripting

Package(s):phppgadmin CVE #(s):CVE-2007-2865 CVE-2007-5728
Created:June 18, 2007 Updated:January 21, 2009
Description: A cross-site scripting (XSS) vulnerability in sqledit.php in phpPgAdmin 4.1.1 allows remote attackers to inject arbitrary web script or HTML via the server parameter.
Alerts:
Debian DSA-1693-1 2008-12-27
Debian DSA-1693-2 2009-01-21
SuSE SUSE-SR:2007:024 2007-11-22
Fedora FEDORA-2007-1013 2007-07-11
Fedora FEDORA-2007-0469 2007-06-16

Comments (none posted)

poppler and xpdf: multiple vulnerabilities

Package(s):poppler xpdf CVE #(s):CVE-2007-4352 CVE-2007-5392 CVE-2007-5393
Created:November 8, 2007 Updated:February 26, 2008
Description: The xpdf and poppler PDF libraries contain several vulnerabilities which can lead to arbitrary command execution via hostile PDF files. Numerous other applications which use these libraries (PDF viewers, CUPS, etc.) will be affected by the vulnerabilities as well.
Alerts:
Debian DSA-1509-1 2008-02-25
Debian DSA-1480-1 2008-02-05
Fedora FEDORA-2007-4031 2007-12-10
Mandriva MDKSA-2007:230 2007-11-20
Fedora FEDORA-2007-3308 2007-11-20
Mandriva MDKSA-2007:228 2007-11-19
Mandriva MDKSA-2007:227 2007-11-19
Gentoo 200711-22 2007-11-18
Mandriva MDKSA-2007:221 2007-11-15
Mandriva MDKSA-2007:220 2007-11-15
SuSE SUSE-SA:2007:060 2007-11-14
Ubuntu USN-542-1 2007-11-14
rPath rPSA-2007-0252-1 2007-11-28
Fedora FEDORA-2007-3390 2007-11-20
Fedora FEDORA-2007-750 2007-11-21
Debian DSA-1408-1 2007-11-21
Mandriva MDKSA-2007:223 2007-11-17
Mandriva MDKSA-2007:222 2007-11-17
Mandriva MDKSA-2007:219 2007-11-15
Ubuntu USN-542-2 2007-11-15
Fedora FEDORA-2007-2985 2007-11-13
Fedora FEDORA-2007-2985 2007-11-13
Fedora FEDORA-2007-2985 2007-11-13
Fedora FEDORA-2007-2985 2007-11-13
Fedora FEDORA-2007-2985 2007-11-13
Fedora FEDORA-2007-2985 2007-11-13
Fedora FEDORA-2007-2985 2007-11-13
Fedora FEDORA-2007-2985 2007-11-13
Fedora FEDORA-2007-2985 2007-11-13
Fedora FEDORA-2007-2985 2007-11-13
Fedora FEDORA-2007-2985 2007-11-13
Fedora FEDORA-2007-2985 2007-11-13
Fedora FEDORA-2007-2985 2007-11-13
Fedora FEDORA-2007-2985 2007-11-13
Fedora FEDORA-2007-2985 2007-11-13
Fedora FEDORA-2007-2985 2007-11-13
Fedora FEDORA-2007-2985 2007-11-13
Fedora FEDORA-2007-2985 2007-11-13
Fedora FEDORA-2007-2985 2007-11-13
Fedora FEDORA-2007-2985 2007-11-13
Slackware SSA:2007-316-01 2007-11-12
Red Hat RHSA-2007:1051-01 2007-11-12
Red Hat RHSA-2007:1024-01 2007-11-12
Fedora FEDORA-2007-3093 2007-11-09
Fedora FEDORA-2007-3014 2007-11-09
Fedora FEDORA-2007-3001 2007-11-09
Fedora FEDORA-2007-3100 2007-11-09
Fedora FEDORA-2007-3059 2007-11-09
Fedora FEDORA-2007-3031 2007-11-09
Red Hat RHSA-2007:1031-01 2007-11-07
Red Hat RHSA-2007:1030-01 2007-11-07
Red Hat RHSA-2007:1029-01 2007-11-07
Red Hat RHSA-2007:1028-01 2007-11-07
Red Hat RHSA-2007:1026-01 2007-11-07
Red Hat RHSA-2007:1025-01 2007-11-07
Red Hat RHSA-2007:1023-01 2007-11-07
Red Hat RHSA-2007:1022-01 2007-11-07
Red Hat RHSA-2007:1021-01 2007-11-07
Fedora FEDORA-2007-746 2007-11-15

Comments (none posted)

postgresql: several vulnerabilities

Package(s):postgresql CVE #(s):CVE-2007-3278 CVE-2007-3279 CVE-2007-3280
Created:September 25, 2007 Updated:February 1, 2008
Description: PostgreSQL 8.1 and probably later and earlier versions, when local trust authentication is enabled and the Database Link library (dblink) is installed, allows remote attackers to access arbitrary accounts and execute arbitrary SQL queries via a dblink host parameter that proxies the connection from 127.0.0.1. (CVE-2007-3278)

PostgreSQL 8.1 and probably later and earlier versions, when the PL/pgSQL (plpgsql) language has been created, grants certain plpgsql privileges to the PUBLIC domain, which allows remote attackers to create and execute functions, as demonstrated by functions that perform local brute-force password guessing attacks, which may evade intrusion detection. (CVE-2007-3279)

The Database Link library (dblink) in PostgreSQL 8.1 implements functions via CREATE statements that map to arbitrary libraries based on the C programming language, which allows remote authenticated superusers to map and execute a function from any library, as demonstrated by using the system function in libc.so.6 to gain shell access. (CVE-2007-3280)

Alerts:
Red Hat RHSA-2008:0040-01 2008-02-01
Gentoo 200801-15 2008-01-29
Ubuntu USN-568-1 2008-01-14
Debian DSA-1463-1 2008-01-14
Debian DSA-1460-1 2008-01-13
Red Hat RHSA-2008:0039-01 2008-01-11
Red Hat RHSA-2008:0038-01 2008-01-11
Mandriva MDKSA-2007:188 2007-09-25

Comments (1 posted)

PostgreSQL: multiple vulnerabilities

Package(s):postgresql CVE #(s):CVE-2007-6600 CVE-2007-4772 CVE-2007-6067 CVE-2007-4769 CVE-2007-6601
Created:January 9, 2008 Updated:January 17, 2013
Description: Several vulnerabilities have been found in the PostgreSQL database manager. The developers call the fixes "critical," but also note that, as of the time of the update, none of them were known to be exploited; see this advisory for more information.
Alerts:
Mandriva MDVSA-2009:251-1 2009-12-08
Red Hat RHSA-2009:1461-01 2009-09-23
CentOS CESA-2009:1485 2009-10-07
Fedora FEDORA-2009-9473 2009-09-11
Fedora FEDORA-2009-9474 2009-09-11
Red Hat RHSA-2009:1484-01 2009-10-07
Red Hat RHSA-2009:1485-01 2009-10-07
CentOS CESA-2009:1484 2009-10-09
CentOS CESA-2009:1484 2009-10-30
Mandriva MDVSA-2008:059 2007-03-05
Red Hat RHSA-2008:0134-01 2008-02-21
Red Hat RHSA-2008:0040-01 2008-02-01
Gentoo 200801-15 2008-01-29
rPath rPSA-2008-0016-1 2008-01-15
Ubuntu USN-568-1 2008-01-14
Debian DSA-1463-1 2008-01-14
Debian DSA-1460-1 2008-01-13
Fedora FEDORA-2008-0552 2008-01-11
Fedora FEDORA-2008-0478 2008-01-11
Red Hat RHSA-2008:0039-01 2008-01-11
Red Hat RHSA-2008:0038-01 2008-01-11
Mandriva MDVSA-2008:004 2008-01-09
Oracle ELSA-2013-0122 2013-01-12
Scientific Linux SL-tcl-20130116 2013-01-16
CentOS CESA-2013:0122 2013-01-09

Comments (none posted)

pulseaudio: denial of service

Package(s):pulseaudio CVE #(s):CVE-2007-1804
Created:May 30, 2007 Updated:March 10, 2008
Description: The pulseaudio network code suffers from a denial of service vulnerability exploitable by an unauthenticated attacker.
Alerts:
Mandriva MDVSA-2008:065 2007-03-09
Ubuntu USN-465-1 2007-05-25

Comments (none posted)

python: information disclosure

Package(s):python CVE #(s):CVE-2007-2052
Created:May 9, 2007 Updated:July 30, 2009
Description: Python 2.4 and 2.5 contain a bug in PyLocale_strxfrm() which could enable an attacker to read portions of unrelated memory.
Alerts:
CentOS CESA-2009:1176 2009-07-29
Red Hat RHSA-2009:1176-01 2009-07-27
Debian DSA-1620-1 2008-07-27
Debian DSA-1551-1 2008-04-19
Ubuntu USN-585-1 2008-03-11
Red Hat RHSA-2007:1076-02 2007-12-10
Red Hat RHSA-2007:1077-01 2007-12-10
Foresight FLEA-2007-0019-1 2007-05-21
rPath rPSA-2007-0104-1 2007-05-17
Mandriva MDKSA-2007:099 2007-05-08

Comments (none posted)

python: integer overflows

Package(s):python CVE #(s):CVE-2007-4965
Created:October 30, 2007 Updated:July 30, 2009
Description: Multiple integer overflows in the imageop module in Python 2.5.1 and earlier allow context-dependent attackers to cause a denial of service (application crash) and possibly obtain sensitive information (memory contents) via crafted arguments to (1) the tovideo method, and unspecified other vectors related to (2) imageop.c, (3) rbgimgmodule.c, and other files, which trigger heap-based buffer overflows.
Alerts:
CentOS CESA-2009:1176 2009-07-29
Red Hat RHSA-2009:1176-01 2009-07-27
Mandriva MDVSA-2009:036 2009-02-12
Mandriva MDVSA-2008:164 2008-08-07
Mandriva MDVSA-2008:163 2007-08-07
Debian DSA-1620-1 2008-07-27
Gentoo 200807-01 2008-07-01
Debian DSA-1551-1 2008-04-19
Ubuntu USN-585-1 2008-03-11
Foresight FLEA-2008-0002-1 2008-02-11
SuSE SUSE-SR:2008:003 2008-02-07
Mandriva MDVSA-2008:013 2007-01-14
Mandriva MDVSA-2008:012 2008-01-14
Red Hat RHSA-2007:1076-02 2007-12-10
rPath rPSA-2007-0254-1 2007-11-30
Gentoo 200711-07 2007-11-07
Fedora FEDORA-2007-2663 2007-10-29

Comments (none posted)

python-cherrypy: unauthorized file access via malicious cookie

Package(s):python-cherrypy CVE #(s):CVE-2008-0252
Created:January 9, 2008 Updated:February 6, 2008
Description:

From the Fedora advisory:

Malicious cookies may allow access to files outside the session directory.

Alerts:
Debian DSA-1481-1 2008-02-05
Gentoo 200801-11 2008-01-27
rPath rPSA-2008-0030-1 2008-01-24
Fedora FEDORA-2008-0333 2008-01-07
Fedora FEDORA-2008-0299 2008-01-07

Comments (none posted)

qemu: multiple vulnerabilities

Package(s):qemu CVE #(s):CVE-2007-1320 CVE-2007-1321 CVE-2007-1322 CVE-2007-1323 CVE-2007-1366
Created:May 1, 2007 Updated:January 19, 2009
Description: Several vulnerabilities have been discovered in the QEMU processor emulator, which may lead to the execution of arbitrary code or denial of service.
Alerts:
Fedora FEDORA-2008-11705 2008-12-24
Fedora FEDORA-2008-10000 2008-11-22
Fedora FEDORA-2008-9556 2008-11-12
SuSE SUSE-SR:2009:002 2009-01-19
Mandriva MDVSA-2008:162 2008-08-07
Fedora FEDORA-2008-4386 2008-05-28
Fedora FEDORA-2008-4604 2008-05-28
Fedora FEDORA-2007-713 2007-10-08
Debian DSA-1384-1 2007-10-05
Fedora FEDORA-2007-2270 2007-10-03
Red Hat RHSA-2007:0323-01 2007-10-02
Debian-Testing DTSA-38-1 2007-05-26
Debian DSA-1284-1 2007-05-01

Comments (none posted)

qt4: security restriction bypass

Package(s):qt4 CVE #(s):CVE-2007-5965
Created:January 3, 2008 Updated:February 21, 2008
Description: Trolltech Qt has a privilege escalation vulnerability. An error can be triggered in QSslSocket when verifying SSL certificates, attackers can use this to bypass the SSL certificate verification and acquire unauthorized access to a vulnerable application.
Alerts:
Ubuntu USN-579-1 2008-02-20
Mandriva MDVSA-2008:042 2008-02-07
SuSE SUSE-SR:2008:002 2008-01-25
Fedora FEDORA-2007-4285 2008-01-03
Fedora FEDORA-2007-4354 2008-01-03

Comments (1 posted)

quagga: denial of service

Package(s):quagga CVE #(s):CVE-2007-4826
Created:September 14, 2007 Updated:October 25, 2010
Description: The bgpd daemon in Quagga prior to 0.99.9 allowed remote BGP peers to cause a denial of service crash via a malformed OPEN message or COMMUNITY attribute.
Alerts:
CentOS CESA-2010:0785 2010-10-25
CentOS CESA-2010:0785 2010-10-20
Red Hat RHSA-2010:0785-01 2010-10-20
Debian DSA-1379-1 2007-10-01
Trustix TSLSA-2007-0028 2007-09-21
Fedora FEDORA-2007-2196 2007-09-18
Ubuntu USN-512-1 2007-09-15
Mandriva MDKSA-2007:182 2007-09-13
Oracle ELSA-2012-1258 2012-09-13

Comments (none posted)

quake: buffer overflow

Package(s):quake3-bin CVE #(s):CVE-2006-2236
Created:May 10, 2006 Updated:January 12, 2009
Description: Games based on the Quake 3 engine are vulnerable to a buffer overflow exploitable by a hostile game server.
Alerts:
Gentoo 200901-06 2009-01-11
Gentoo 200605-12 2006-05-10

Comments (none posted)

rails: multiple vulnerabilities

Package(s):rails CVE #(s):CVE-2007-5380 CVE-2007-3227 CVE-2007-5379
Created:November 15, 2007 Updated:December 21, 2009
Description: Ruby on Rails has the following vulnerabilities: ActiveResource does not properly sanitize filenames in the Hash.from_xml() function.

The session_id can be set from the URL from the session management.

The to_json() function does not properly sanitize input before it is returned to the user.

Alerts:
Gentoo 200912-02 2009-12-20
SuSE SUSE-SR:2007:025 2007-12-05
SuSE SUSE-SR:2007:024 2007-11-22
Gentoo 200711-17 2007-11-14

Comments (none posted)

rsync: restricted file access

Package(s):rsync CVE #(s):CVE-2007-6199 CVE-2007-6200
Created:December 5, 2007 Updated:September 23, 2011
Description:

From the CVE entry:

rsync before 3.0.0pre6, when running a writable rsync daemon that is not using chroot, allows remote attackers to access restricted files via unknown vectors that cause rsync to create a symlink that points outside of the module's hierarchy.

Alerts:
CentOS CESA-2011:0999 2011-09-22
Red Hat RHSA-2011:0999-01 2011-07-21
Foresight FLEA-2008-0004-1 2008-02-11
Mandriva MDVSA-2008:011 2007-01-11
SuSE SUSE-SR:2008:001 2008-01-09
rPath rPSA-2007-0257-1 2007-12-04

Comments (none posted)

ruby: insufficient SSL certificate validation

Package(s):ruby CVE #(s):CVE-2007-5162 CVE-2007-5770
Created:October 8, 2007 Updated:October 10, 2008
Description: The connect method in lib/net/http.rb in the (1) Net::HTTP and (2) Net::HTTPS libraries in Ruby 1.8.5 and 1.8.6 does not verify that the commonName (CN) field in a server certificate matches the domain name in an HTTPS request, which makes it easier for remote attackers to intercept SSL transmissions via a man-in-the-middle attack or spoofed web site.
Alerts:
Fedora FEDORA-2008-6094 2008-07-04
Fedora FEDORA-2008-6033 2008-07-03
Ubuntu USN-596-1 2008-03-26
Fedora FEDORA-2008-2443 2008-03-13
Fedora FEDORA-2008-2458 2008-03-13
Mandriva MDVSA-2008:029 2007-01-31
Debian DSA-1411-1 2007-11-24
SuSE SUSE-SR:2007:024 2007-11-22
Debian DSA-1412-1 2007-11-24
Debian DSA-1410-1 2007-11-24
Red Hat RHSA-2007:0961-01 2007-11-13
Red Hat RHSA-2007:0965-01 2007-11-13
Foresight FLEA-2007-0068-1 2007-11-11
Fedora FEDORA-2007-2812 2007-11-06
Fedora FEDORA-2007-738 2007-11-05
Fedora FEDORA-2007-2685 2007-10-29
Fedora FEDORA-2007-2406 2007-10-08
Fedora FEDORA-2007-718 2007-10-08

Comments (none posted)

ruby-gnome2: format string vulnerability

Package(s):ruby-gnome2 CVE #(s):CVE-2007-6183
Created:December 7, 2007 Updated:December 22, 2008
Description: A format string vulnerability in the mdiag_initialize function in gtk/src/rbgtkmessagedialog.c in Ruby-GNOME 2 (aka Ruby/Gnome2) 0.16.0, and SVN versions before 20071127, allows context-dependent attackers to execute arbitrary code via format string specifiers in the message parameter.
Alerts:
Fedora FEDORA-2008-11551 2008-12-21
Fedora FEDORA-2008-3249 2008-04-22
Fedora FEDORA-2008-3283 2008-04-22
Fedora FEDORA-2008-2682 2008-03-26
Fedora FEDORA-2008-2662 2008-03-26
Fedora FEDORA-2008-1535 2008-02-13
Mandriva MDVSA-2008:033 2007-02-01
Debian DSA-1431-1 2007-12-11
Gentoo 200712-09 2007-12-09
Fedora FEDORA-2007-4216 2007-12-06
Fedora FEDORA-2007-4229 2007-12-06

Comments (none posted)

samba: buffer overflow

Package(s):samba CVE #(s):CVE-2007-4572
Created:November 15, 2007 Updated:December 3, 2008
Description: The Samba user authentication is vulnerable to a heap-based buffer overflow. Remote unauthenticated users can use this to crash the Samba server and cause a denial of service.
Alerts:
Fedora FEDORA-2008-10638 2008-12-02
Ubuntu USN-617-2 2008-06-30
Ubuntu USN-617-1 2008-06-17
Red Hat RHSA-2007:1114-01 2007-12-10
Fedora FEDORA-2007-760 2007-12-03
Debian DSA-1409-3 2007-11-29
Gentoo 200711-29 2007-11-20
Mandriva MDKSA-2007:224-2 2007-11-23
Debian DSA-1409-1 2007-11-22
Mandriva MDKSA-2007:224-1 2007-11-21
Ubuntu USN-544-2 2007-11-16
Fedora FEDORA-2007-3403 2007-11-16
Fedora FEDORA-2007-3402 2007-11-16
SuSE SUSE-SA:2007:065 2007-12-05
Mandriva MDKSA-2007:224-3 2007-11-29
Debian DSA-1409-2 2007-11-26
Fedora FEDORA-2007-751 2007-11-21
Slackware SSA:2007-320-01 2007-11-19
rPath rPSA-2007-0241-1 2007-11-16
Mandriva MDKSA-2007:224 2007-11-17
Ubuntu USN-544-1 2007-11-16
Red Hat RHSA-2007:1017-01 2007-11-15
Red Hat RHSA-2007:1016-01 2007-11-15
Red Hat RHSA-2007:1013-01 2007-11-15

Comments (none posted)

samba: stack-based buffer overflow

Package(s):samba CVE #(s):CVE-2007-6015
Created:December 11, 2007 Updated:December 3, 2008
Description: A stack buffer overflow flaw was found in the way Samba authenticates remote users. A remote unauthenticated user could trigger this flaw to cause the Samba server to crash, or execute arbitrary code with the permissions of the Samba server.
Alerts:
Fedora FEDORA-2008-10638 2008-12-02
Ubuntu USN-556-1 2007-12-18
SuSE SUSE-SA:2007:068 2007-12-12
Mandriva MDKSA-2007:244 2007-12-11
Red Hat RHSA-2007:1117-01 2007-12-10
Red Hat RHSA-2007:1114-01 2007-12-10
Slackware SSA:2007-344-01 2007-12-11
Fedora FEDORA-2007-4275 2007-12-10
Fedora FEDORA-2007-4269 2007-12-10
Gentoo 200712-10 2007-12-10
rPath rPSA-2007-0261-1 2007-12-10
Debian DSA-1427-1 2007-12-10

Comments (none posted)

samba: buffer overflow

Package(s):samba CVE #(s):CVE-2007-5398
Created:November 15, 2007 Updated:December 3, 2008
Description: Samba's mechanism for creating NetBIOS replies is vulnerable to a buffer overflow. Samba servers that are configured to run as a WINS server can be crashed by a remote unauthenticated user, execution of arbitrary code may also be possible.
Alerts:
Fedora FEDORA-2008-10638 2008-12-02
Gentoo 200711-29 2007-11-20
Mandriva MDKSA-2007:224-2 2007-11-23
Debian DSA-1409-2 2007-11-26
Debian DSA-1409-1 2007-11-22
Fedora FEDORA-2007-751 2007-11-21
Ubuntu USN-544-2 2007-11-16
Mandriva MDKSA-2007:224 2007-11-17
Fedora FEDORA-2007-3403 2007-11-16
Fedora FEDORA-2007-3402 2007-11-16
Red Hat RHSA-2007:1013-01 2007-11-15
Gentoo GLSA 200711-29:02 2007-11-20
SuSE SUSE-SA:2007:065 2007-12-05
Mandriva MDKSA-2007:224-3 2007-11-29
Debian DSA-1409-3 2007-11-29
Mandriva MDKSA-2007:224-1 2007-11-21
Slackware SSA:2007-320-01 2007-11-19
rPath rPSA-2007-0241-1 2007-11-16
Ubuntu USN-544-1 2007-11-16
Red Hat RHSA-2007:1017-01 2007-11-15
Red Hat RHSA-2007:1016-01 2007-11-15

Comments (none posted)

scponly: arbitrary command execution

Package(s):scponly CVE #(s):CVE-2007-6350 CVE-2007-6415
Created:January 22, 2008 Updated:February 18, 2008
Description: scponly 4.6 and earlier allows remote authenticated users to bypass intended restrictions and execute code by invoking dangerous subcommands including (1) unison, (2) rsync, (3) svn, and (4) svnserve, as originally demonstrated by creating a Subversion (SVN) repository with malicious hooks, then using svn to trigger execution of those hooks. (CVE-2007-6350)

In addition, it was discovered that it was possible to invoke with scp with certain options that may lead to execution of arbitrary commands. (CVE-2007-6415).

Alerts:
Gentoo 200802-06 2008-02-12
Fedora FEDORA-2008-1743 2008-02-15
Fedora FEDORA-2008-1728 2008-02-15
Debian DSA-1473 2008-01-21

Comments (none posted)

slocate: information disclosure

Package(s):slocate CVE #(s):CVE-2007-0227
Created:February 22, 2007 Updated:September 4, 2012
Description: The slocate permission checking code has a local information disclosure vulnerability. During the reporting of matching files, slocate does not respect the parent directory's read permissions, resulting in hidden filenames being viewable by other local users.
Alerts:
Foresight FLEA-2007-0005-1 2007-03-29
Ubuntu USN-425-1 2007-02-22
Slackware SSA:2012-244-05 2012-08-31

Comments (none posted)

squid: denial of service

Package(s):squid CVE #(s):CVE-2007-6239
Created:December 18, 2007 Updated:March 25, 2009
Description: A flaw was found in the way squid stored HTTP headers for cached objects in system memory. An attacker could cause squid to use additional memory, and trigger high CPU usage when processing requests for certain cached objects, possibly leading to a denial of service.
Alerts:
Gentoo 200903-38 2009-03-24
Debian DSA-1646-2 2008-10-11
Debian DSA-1646-1 2008-10-07
Mandriva MDVSA-2008:134 2007-07-04
Ubuntu USN-601-1 2008-04-14
Red Hat RHSA-2008:0214-01 2008-04-08
Debian DSA-1482-1 2008-02-05
Ubuntu USN-565-1 2008-01-09
Gentoo 200801-05 2008-01-09
SuSE SUSE-SR:2008:001 2008-01-09
Mandriva MDVSA-2008:002 2007-01-04
Fedora FEDORA-2007-4170 2007-12-15
Fedora FEDORA-2007-4161 2007-12-15
Red Hat RHSA-2007:1130-01 2007-12-18

Comments (none posted)

streamripper: buffer overflow

Package(s):streamripper CVE #(s):CVE-2007-4337
Created:September 14, 2007 Updated:December 9, 2008
Description: Chris Rohlf discovered several boundary errors in the httplib_parse_sc_header() function when processing HTTP headers.
Alerts:
Debian DSA-1683-1 2008-12-08
Gentoo 200709-03 2007-09-13

Comments (none posted)

subversion: possible information leak

Package(s):subversion CVE #(s):CVE-2007-2448
Created:October 30, 2007 Updated:February 1, 2011
Description: Subversion 1.4.3 and earlier does not properly implement the "partial access" privilege for users who have access to changed paths but not copied paths, which allows remote authenticated users to obtain sensitive information (revision properties) via svn (1) propget, (2) proplist, or (3) propedit.
Alerts:
Ubuntu USN-1053-1 2011-02-01
rPath rPSA-2007-0264-1 2007-12-12
Fedora FEDORA-2007-2635 2007-10-29

Comments (none posted)

Sun JDK/JRE: multiple vulnerabilities

Package(s):Sun JDK/JRE CVE #(s):CVE-2007-2435 CVE-2007-2788 CVE-2007-2789
Created:June 1, 2007 Updated:April 18, 2008
Description: An unspecified vulnerability involving an "incorrect use of system classes" was reported by the Fujitsu security team. Additionally, Chris Evans from the Google Security Team reported an integer overflow resulting in a buffer overflow in the ICC parser used with JPG or BMP files, and an incorrect open() call to /dev/tty when processing certain BMP files.
Alerts:
Gentoo 200804-20 2008-04-17
Red Hat RHSA-2007:1086-01 2007-12-12
Red Hat RHSA-2007:0817-01 2007-08-06
SuSE SUSE-SA:2007:045 2007-07-18
Gentoo 200706-08 2007-06-26
Gentoo 200705-23 2007-05-31

Comments (none posted)

sysstat: insecure temporary files

Package(s):sysstat CVE #(s):CVE-2007-3852
Created:August 20, 2007 Updated:September 23, 2011
Description: The init script (sysstat.in) in sysstat 5.1.2 up to 7.1.6 creates /tmp/sysstat.run insecurely, which allows local users to execute arbitrary code.
Alerts:
CentOS CESA-2011:1005 2011-09-22
Scientific Linux SL-syss-20110721 2011-07-21
Red Hat RHSA-2011:1005-01 2011-07-21
Fedora FEDORA-2007-675 2007-08-27
Fedora FEDORA-2007-1697 2007-08-20

Comments (1 posted)

t1lib: buffer overflow

Package(s):t1lib CVE #(s):CVE-2007-4033
Created:September 20, 2007 Updated:February 12, 2008
Description: T1lib, an enhanced rasterizer for X11 Type 1 fonts, does not properly perform bounds checking. An attacker can send specially crafted input to applications linked against the library in order to create a buffer overflow, resulting in a denial of service or the execution of arbitrary code.
Alerts:
Foresight FLEA-2008-0006-1 2008-02-11
rPath rPSA-2008-0007-1 2008-01-04
Mandriva MDKSA-2007:230 2007-11-20
Fedora FEDORA-2007-3308 2007-11-20
Fedora FEDORA-2007-750 2007-11-21
Fedora FEDORA-2007-3390 2007-11-20
Red Hat RHSA-2007:1027-02 2007-11-08
Debian DSA-1390-1 2007-10-18
Gentoo 200710-12 2007-10-12
Fedora FEDORA-2007-2343 2007-09-28
Mandriva MDKSA-2007:189 2007-09-27
Ubuntu USN-515-1 2007-09-19

Comments (none posted)

tar: buffer overflow

Package(s):tar CVE #(s):CVE-2007-4476
Created:October 16, 2007 Updated:March 17, 2010
Description: Buffer overflow in the safer_name_suffix function in GNU tar has unspecified attack vectors and impact, resulting in a "crashing stack."
Alerts:
CentOS CESA-2010:0141 2010-03-16
CentOS CESA-2010:0144 2010-03-16
Red Hat RHSA-2010:0144-01 2010-03-15
Red Hat RHSA-2010:0141-01 2010-03-15
Ubuntu USN-650-1 2008-10-02
Ubuntu USN-709-1 2009-01-15
Debian DSA-1566-1 2008-05-02
Debian DSA-1438-1 2007-12-28
Mandriva MDKSA-2007:233 2007-11-28
Gentoo 200711-18 2007-11-14
Fedora FEDORA-2007-2827 2007-11-06
Fedora FEDORA-2007-2800 2007-11-06
Fedora FEDORA-2007-2744 2007-11-05
Fedora FEDORA-2007-742 2007-11-05
Fedora FEDORA-2007-735 2007-11-05
Fedora FEDORA-2007-2673 2007-10-29
rPath rPSA-2007-0222-1 2007-10-23
Mandriva MDKSA-2007:197 2007-10-15

Comments (none posted)

tetex: buffer overflow

Package(s):tetex CVE #(s):CVE-2007-0650
Created:May 8, 2007 Updated:May 13, 2008
Description: A buffer overflow in the open_sty function in mkind.c for makeindex 2.14 in teTeX might allow user-assisted remote attackers to overwrite files and possibly execute arbitrary code via a long filename. NOTE: other overflows exist but might not be exploitable, such as a heap-based overflow in the check_idx function.
Alerts:
Gentoo 200805-13 2008-05-12
Gentoo 200709-17 2007-09-27
Mandriva MDKSA-2007:109 2007-05-23
rPath rPSA-2007-0092-1 2007-05-07

Comments (1 posted)

teTeX: multiple vulnerabilities

Package(s):tetex CVE #(s):CVE-2007-5937 CVE-2007-5936 CVE-2007-5935
Created:November 19, 2007 Updated:May 10, 2010
Description:

From the Gentoo advisory:

Joachim Schrod discovered several buffer overflow vulnerabilities and an insecure temporary file creation in the "dvilj" application that is used by dvips to convert DVI files to printer formats (CVE-2007-5937, CVE-2007-5936). Bastien Roucaries reported that the "dvips" application is vulnerable to two stack-based buffer overflows when processing DVI documents with long \href{} URIs (CVE-2007-5935). teTeX also includes code from Xpdf that is vulnerable to a memory corruption and two heap-based buffer overflows (GLSA 200711-22); and it contains code from T1Lib that is vulnerable to a buffer overflow when processing an overly long font filename (GLSA 200710-12).

Alerts:
CentOS CESA-2010:0399 2010-05-08
CentOS CESA-2010:0401 2010-05-08
Red Hat RHSA-2010:0401-01 2010-05-06
Red Hat RHSA-2010:0399-01 2010-05-06
SuSE SUSE-SR:2008:011 2008-05-09
Foresight FLEA-2008-0006-1 2008-02-11
SuSE SUSE-SR:2008:001 2008-01-09
rPath rPSA-2007-0266-1 2007-12-17
Ubuntu USN-554-1 2007-12-06
Fedora FEDORA-2007-3308 2007-11-20
Fedora FEDORA-2007-3390 2007-11-20
Mandriva MDKSA-2007:230 2007-11-20
Gentoo 200711-26 2007-11-18

Comments (none posted)

Tk: buffer overflow

Package(s):tk8.3 CVE #(s):CVE-2007-5378
Created:November 28, 2007 Updated:March 17, 2009
Description: The Tk toolkit's GIF-reading code contains a buffer overflow which could be exploited via a malicious image file. Fixes may be found in versions 8.4.12 and 8.3.5.
Alerts:
Debian DSA-1743-1 2009-03-17
Red Hat RHSA-2008:0134-01 2008-02-21
Red Hat RHSA-2008:0135-02 2008-02-22
Red Hat RHSA-2008:0135-01 2008-02-21
Debian DSA-1415-1 2007-11-27
Debian DSA-1416-1 2007-11-27

Comments (none posted)

tk: denial of service

Package(s):tk8.3 tk8.4 CVE #(s):CVE-2007-5137
Created:October 12, 2007 Updated:March 17, 2009
Description: It was discovered that Tk could be made to overrun a buffer when loading certain images. If a user were tricked into opening a specially crafted GIF image, remote attackers could cause a denial of service or execute arbitrary code with user privileges.
Alerts:
Debian DSA-1743-1 2009-03-17
Red Hat RHSA-2008:0136-01 2008-02-21
Fedora FEDORA-2008-1131 2008-02-05
Fedora FEDORA-2007-728 2007-10-17
Mandriva MDKSA-2007:200 2007-10-18
Fedora FEDORA-2007-2564 2007-10-18
Ubuntu USN-529-1 2007-10-11

Comments (none posted)

tomboy: execution of arbitrary code

Package(s):tomboy CVE #(s):CVE-2005-4790
Created:November 9, 2007 Updated:February 22, 2011
Description: Jan Oravec reported that the "/usr/bin/tomboy" script sets the "LD_LIBRARY_PATH" environment variable incorrectly, which might result in the current working directory (.) to be included when searching for dynamically linked libraries of the Mono Runtime application.

Note that the tomboy vulnerability was added in 2007.

Alerts:
Fedora FEDORA-2008-11551 2008-12-21
Fedora FEDORA-2008-2682 2008-03-26
Mandriva MDVSA-2008:064 2007-03-07
Fedora FEDORA-2008-1535 2008-02-13
Gentoo 200801-14 2008-01-27
Ubuntu USN-560-1 2008-01-07
Fedora FEDORA-2007-3792 2007-11-26
Fedora FEDORA-2007-3798 2007-11-26
Fedora FEDORA-2007-3253 2007-11-13
Fedora FEDORA-2007-3011 2007-11-09
Gentoo 200711-12 2007-11-08

Comments (none posted)

tomcat: directory traversal

Package(s):tomcat CVE #(s):CVE-2007-0450
Created:May 2, 2007 Updated:February 27, 2008
Description: Versions of tomcat prior to 5.5.22 do not properly filter filename separator characters, enabling information disclosure attacks.
Alerts:
SuSE SUSE-SR:2007:015 2007-08-03
Mandriva MDKSA-2007:241 2007-12-10
Red Hat RHSA-2007:0360-01 2007-05-24
Red Hat RHSA-2007:0328-01 2007-05-24
Fedora FEDORA-2007-514 2007-05-21
Red Hat RHSA-2007:0326-01 2007-05-21
Red Hat RHSA-2007:0327-01 2007-05-14
Gentoo 200705-03 2007-05-01

Comments (none posted)

tomcat: cross-site scripting

Package(s):tomcat CVE #(s):CVE-2007-2449 CVE-2007-2450
Created:July 17, 2007 Updated:February 17, 2009
Description: Some JSPs within the 'examples' web application did not escape user provided data. If the JSP examples were accessible, this flaw could allow a remote attacker to perform cross-site scripting attacks (CVE-2007-2449).

Note: it is recommended the 'examples' web application not be installed on a production system.

The Manager and Host Manager web applications did not escape user provided data. If a user is logged in to the Manager or Host Manager web application, an attacker could perform a cross-site scripting attack (CVE-2007-2450).

Alerts:
SuSE SUSE-SR:2009:004 2009-02-17
Fedora FEDORA-2008-8130 2008-09-16
SuSE SUSE-SR:2008:007 2008-03-28
Fedora FEDORA-2008-1603 2008-02-13
Fedora FEDORA-2008-1467 2008-02-13
Debian DSA-1468-1 2008-01-20
Mandriva MDKSA-2007:241 2007-12-10
Fedora FEDORA-2007-3474 2007-11-17
Fedora FEDORA-2007-3456 2007-11-17
Red Hat RHSA-2007:0569-01 2007-07-17

Comments (1 posted)

tomcat: multiple vulnerabilities

Package(s):tomcat CVE #(s):CVE-2007-3382 CVE-2007-3385 CVE-2007-3386
Created:September 26, 2007 Updated:September 13, 2010
Description: Tomcat was found treating single quote characters -- ' -- as delimiters in cookies. This could allow remote attackers to obtain sensitive information, such as session IDs, for session hijacking attacks (CVE-2007-3382).

It was reported Tomcat did not properly handle the following character sequence in a cookie: \" (a backslash followed by a double-quote). It was possible remote attackers could use this failure to obtain sensitive information, such as session IDs, for session hijacking attacks (CVE-2007-3385).

A cross-site scripting (XSS) vulnerability existed in the Host Manager Servlet. This allowed remote attackers to inject arbitrary HTML and web script via crafted requests (CVE-2007-3386).

Alerts:
Mandriva MDVSA-2010:176 2010-09-12
SuSE SUSE-SR:2009:004 2009-02-17
Fedora FEDORA-2008-8130 2008-09-16
Red Hat RHSA-2008:0195-01 2008-04-28
SuSE SUSE-SR:2008:005 2008-03-06
Fedora FEDORA-2008-1603 2008-02-13
Fedora FEDORA-2008-1467 2008-02-13
Debian DSA-1447-1 2008-01-03
Mandriva MDKSA-2007:241 2007-12-10
Fedora FEDORA-2007-3456 2007-11-17
Fedora FEDORA-2007-3474 2007-11-17
Red Hat RHSA-2007:0950-01 2007-11-05
Red Hat RHSA-2007:0876-01 2007-10-11
Red Hat RHSA-2007:0871-01 2007-09-26

Comments (none posted)

tomcat: arbitrary file disclosure via path traversal

Package(s):tomcat5 CVE #(s):CVE-2007-5461
Created:November 19, 2007 Updated:February 17, 2009
Description:

From the CVE entry:

Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.

Alerts:
SuSE SUSE-SR:2009:004 2009-02-17
Red Hat RHSA-2008:0862-02 2008-10-02
Fedora FEDORA-2008-8130 2008-09-16
Red Hat RHSA-2008:0195-01 2008-04-28
Gentoo 200804-10 2008-04-10
Red Hat RHSA-2008:0042-01 2008-03-11
SuSE SUSE-SR:2008:005 2008-03-06
Fedora FEDORA-2008-1603 2008-02-13
Fedora FEDORA-2008-1467 2008-02-13
Debian DSA-1447-1 2008-01-03
Mandriva MDKSA-2007:241 2007-12-10
Fedora FEDORA-2007-3456 2007-11-17
Fedora FEDORA-2007-3474 2007-11-17

Comments (none posted)

tomcat: information disclosure

Package(s):tomcat5.5 CVE #(s):CVE-2008-0128
Created:January 21, 2008 Updated:March 7, 2008
Description:

From the Debian advisory:

Olaf Kock discovered that HTTPS encryption was insufficiently enforced for single-sign-on cookies, which could result in information disclosure.

Alerts:
SuSE SUSE-SR:2008:005 2008-03-06
Debian DSA-1468-1 2008-01-20

Comments (none posted)

vim: arbitrary code execution

Package(s):vim CVE #(s):CVE-2007-2953
Created:July 30, 2007 Updated:November 27, 2008
Description: vim is vulnerable to a user-assisted attack in which vim may execute arbitrary code when helptags is run on data that has been maliciously crafted.
Alerts:
CentOS CESA-2008:0580 2008-11-26
CentOS CESA-2008:0617 2008-11-25
Red Hat RHSA-2008:0617-01 2008-11-25
Red Hat RHSA-2008:0580-01 2008-11-25
Debian DSA-1364-2 2007-09-19
Debian DSA-1364-1 2007-09-01
Ubuntu USN-505-1 2007-08-28
Mandriva MDKSA-2007:168 2007-08-21
rPath rPSA-2007-0151-1 2007-07-31
Foresight FLEA-2007-0036-1 2007-07-30

Comments (none posted)

vlc: several vulnerabilities

Package(s):vlc CVE #(s):CVE-2007-3316 CVE-2007-3467 CVE-2007-3468
Created:July 10, 2007 Updated:March 10, 2008
Description: Several remote vulnerabilities have been discovered in the VideoLan multimedia player and streamer, which may lead to the execution of arbitrary code.
Alerts:
Gentoo 200803-13 2008-03-07
Gentoo 200707-12 2007-07-28
Debian DSA-1332-1 2007-07-09

Comments (none posted)

wireshark: multiple vulnerabilities

Package(s):wireshark CVE #(s):CVE-2007-3390 CVE-2007-3392 CVE-2007-3393
Created:June 28, 2007 Updated:February 27, 2008
Description: The wireshark network traffic analyzer has three vulnerabilities that can be used to create a denial of service. These include off-by-one overflows in the iSeries dissector, vulnerabilities in the MMS and SSL dissectors that can cause an infinite loop and an off-by-one overflow in the DHCP/BOOTP dissector.
Alerts:
SuSE SUSE-SR:2007:015 2007-08-03
Red Hat RHSA-2008:0059-01 2008-01-21
Red Hat RHSA-2007:0709-02 2007-11-15
Red Hat RHSA-2007:0710-04 2007-11-07
Gentoo 200708-12 2007-08-16
Fedora FEDORA-2007-628 2007-07-09
rPath rPSA-2007-0137-1 2007-07-11
Mandriva MDKSA-2007:145 2007-07-10
Fedora FEDORA-2007-0982 2007-07-09
Debian DSA-1322-1 2007-06-27

Comments (none posted)

wireshark: lots of dissector vulnerabilities

Package(s):wireshark CVE #(s):CVE-2007-6111 CVE-2007-6112 CVE-2007-6113 CVE-2007-6114 CVE-2007-6115 CVE-2007-6116 CVE-2007-6117 CVE-2007-6118 CVE-2007-6119 CVE-2007-6120 CVE-2007-6121 CVE-2007-6438 CVE-2007-6439 CVE-2007-6441 CVE-2007-6450 CVE-2007-6451
Created:December 31, 2007 Updated:February 22, 2008
Description: Wireshark has disclosed another long list of dissector vulnerabilities; see this advisory for details.
Alerts:
SuSE SUSE-SR:2008:004 2008-02-22
Red Hat RHSA-2008:0058-01 2008-01-21
Red Hat RHSA-2008:0059-01 2008-01-21
Mandriva MDVSA-2008:001-1 2007-01-08
rPath rPSA-2008-0004-1 2008-01-03
Debian DSA-1446-1 2008-01-03
Mandriva MDVSA-2008:1 2007-01-02
Gentoo 200712-23 2007-12-30

Comments (1 posted)

wireshark: denial of service

Package(s):wireshark CVE #(s):CVE-2007-3389
Created:January 21, 2008 Updated:February 27, 2008
Description:

From the NVD entry:

Wireshark before 0.99.6 allows remote attackers to cause a denial of service (crash) via a crafted chunked encoding in an HTTP response, possibly related to a zero-length payload.

Alerts:
SuSE SUSE-SR:2007:015 2007-08-03
Red Hat RHSA-2008:0059-01 2008-01-21

Comments (1 posted)

wireshark: denial of service

Package(s):wireshark CVE #(s):CVE-2007-3391
Created:January 21, 2008 Updated:February 27, 2008
Description:

From the NVD entry:

Wireshark 0.99.5 allows remote attackers to cause a denial of service (memory consumption) via a malformed DCP ETSI packet that triggers an infinite loop.

Alerts:
SuSE SUSE-SR:2007:015 2007-08-03
Red Hat RHSA-2008:0059-01 2008-01-21

Comments (1 posted)

xen-utils: insecure temp files

Package(s):xen-utils CVE #(s):CVE-2007-3919
Created:October 25, 2007 Updated:May 16, 2008
Description: The xen-utils collection of XEN administrative tools uses temporary files insecurely. Local users can use this to truncate arbitrary files.
Alerts:
CentOS CESA-2008:0194 2008-05-16
Red Hat RHSA-2008:0194-01 2008-05-13
Fedora FEDORA-2007-737 2007-11-05
Debian DSA-1395-1 2007-10-25

Comments (none posted)

XFree86 X.org: integer overflows

Package(s):xfree86 x.org CVE #(s):CVE-2007-1003 CVE-2007-1667 CVE-2007-1351 CVE-2007-1352
Created:April 3, 2007 Updated:August 11, 2009
Description: iDefense reported an integer overflow flaw in the XFree86 XC-MISC extension. A malicious authorized client could exploit this issue to cause a denial of service (crash) or potentially execute arbitrary code with root privileges on the XFree86 server. (CVE-2007-1003)

iDefense reported two integer overflows in the way X.org handled various font files. A malicious local user could exploit these issues to potentially execute arbitrary code with the privileges of the X.org server. (CVE-2007-1351, CVE-2007-1352)

An integer overflow flaw was found in the XFree86 XGetPixel() function. Improper use of this function could cause an application calling it to function improperly, possibly leading to a crash or arbitrary code execution. (CVE-2007-1667)

Alerts:
Debian DSA-1858-1 2009-08-10
SuSE SUSE-SR:2008:008 2008-04-04
Debian DSA-1454-1 2008-01-07
Debian DSA-1294-1 2007-05-17
Gentoo 200705-10 2007-05-08
Gentoo 200705-06 2007-05-05
Gentoo 200705-02 2007-05-01
Ubuntu USN-453-2 2007-04-26
SuSE SUSE-SA:2007:027 2007-04-20
Slackware SSA:2007-109-01 2007-04-20
Ubuntu USN-453-1 2007-04-18
Red Hat RHSA-2007:0157-01 2007-04-16
Red Hat RHSA-2007:0150-01 2007-04-16
Mandriva MDKSA-2007:079-1 2007-04-11
Mandriva MDKSA-2007:080-1 2007-04-10
Mandriva MDKSA-2007:081-1 2007-04-10
Fedora FEDORA-2007-427 2007-04-10
Fedora FEDORA-2007-426 2007-04-10
Fedora FEDORA-2007-425 2007-04-10
Fedora FEDORA-2007-424 2007-04-10
Fedora FEDORA-2007-423 2007-04-09
Fedora FEDORA-2007-422 2007-04-09
Foresight FLEA-2007-0009-1 2007-04-05
Mandriva MDKSA-2007:080 2007-04-04
Mandriva MDKSA-2007:081 2007-04-04
Mandriva MDKSA-2007:079 2007-04-04
rPath rPSA-2007-0065-1 2007-04-04
Ubuntu USN-448-1 2007-04-03
Red Hat RHSA-2007:0132-01 2007-04-03
Red Hat RHSA-2007:0127-01 2007-04-03
Red Hat RHSA-2007:0126-01 2007-04-03
Red Hat RHSA-2007:0125-01 2007-04-03

Comments (none posted)

xine-lib: arbitrary code execution

Package(s):xine-lib CVE #(s):CVE-2007-1387
Created:March 13, 2007 Updated:April 1, 2008
Description: Moritz Jodeit discovered that the DirectShow loader of Xine did not correctly validate the size of an allocated buffer. By tricking a user into opening a specially crafted media file, an attacker could execute arbitrary code with the user's privileges.
Alerts:
Debian DSA-1536-1 2008-03-31
Mandriva MDKSA-2007:062 2007-03-13
Mandriva MDKSA-2007:061 2007-03-13
Ubuntu USN-435-1 2007-03-12

Comments (none posted)

xine-lib: buffer overflow

Package(s):xine-lib CVE #(s):CVE-2008-0225
Created:January 16, 2008 Updated:August 7, 2008
Description: xine-lib contains a buffer overflow which could be exploited (via a specially-crafted stream) to execute arbitrary code; see this advisory for more information.
Alerts:
Ubuntu USN-635-1 2008-08-06
Mandriva MDVSA-2008:045 2007-02-14
Gentoo 200801-12 2008-01-27
SuSE SUSE-SR:2008:002 2008-01-25
Mandriva MDVSA-2008:020 2007-01-22
Debian DSA-1472-1 2008-01-21
Fedora FEDORA-2008-0718 2008-01-15

Comments (none posted)

xine-lib: buffer overflow

Package(s):xine-lib CVE #(s):CVE-2006-1664
Created:April 27, 2006 Updated:February 27, 2008
Description: xine-lib does an improper input data boundary check on MPEG streams. A specially crafted MPEG file can be created that can cause arbitrary code execution when the file is accessed.
Alerts:
Gentoo 200802-12 2008-02-26
Gentoo 200604-16 2006-04-26

Comments (none posted)

xine-lib: buffer overflows

Package(s):xine-lib CVE #(s):CVE-2008-0238
Created:January 23, 2008 Updated:August 7, 2008
Description: From the CVE entry: Multiple heap-based buffer overflows in the rmff_dump_cont function in input/libreal/rmff.c in xine-lib 1.1.9 allow remote attackers to execute arbitrary code via the SDP (1) Title, (2) Author, or (3) Copyright attribute, related to the rmff_dump_header function.
Alerts:
Ubuntu USN-635-1 2008-08-06
Mandriva MDVSA-2008:045 2007-02-14
Fedora FEDORA-2008-1047 2008-01-29
Fedora FEDORA-2008-1043 2008-01-29
Gentoo 200801-12 2008-01-27
Mandriva MDVSA-2008:020 2007-01-22

Comments (none posted)

xmms: BMP handling vulnerability

Package(s):xmms CVE #(s):CVE-2007-0653 CVE-2007-0654
Created:March 28, 2007 Updated:July 26, 2011
Description: xmms suffers from vulnerabilities in its handling of BMP images. Should a hostile image be included in an xmms skin, it could lead to code execution on the user's system.
Alerts:
Fedora FEDORA-2011-9421 2011-07-16
Fedora FEDORA-2011-9413 2011-07-16
Debian DSA-1277-1 2007-04-04
Mandriva MDKSA-2007:071 2007-03-29
Ubuntu USN-445-1 2007-03-27

Comments (none posted)

Xorg: multiple vulnerabilities

Package(s):Xorg CVE #(s):CVE-2007-5760 CVE-2007-5958 CVE-2007-6427 CVE-2007-6428 CVE-2007-6429 CVE-2008-0006
Created:January 17, 2008 Updated:April 4, 2008
Description: From the X.org security advisory: Several vulnerabilities have been identified in server code of the X window system caused by lack of proper input validation on user controlled data in various parts of the software, causing various kinds of overflows.
Alerts:
SuSE SUSE-SR:2008:008 2008-04-04
Gentoo GLSA 200801-09:03 2008-01-20
SuSE SUSE-SR:2008:003 2008-02-07
rPath rPSA-2008-0032-1 2008-01-30
Mandriva MDVSA-2008:025 2007-01-23
Mandriva MDVSA-2008:024 2007-01-23
Mandriva MDVSA-2008:023 2007-01-23
Mandriva MDVSA-2008:022 2008-01-23
Mandriva MDVSA-2008:021 2008-01-23
Fedora FEDORA-2008-0891 2008-01-22
Fedora FEDORA-2008-0831 2008-01-22
Fedora FEDORA-2008-0794 2008-01-22
Fedora FEDORA-2008-0760 2008-01-22
Debian DSA-1466-3 2008-01-21
Ubuntu USN-571-2 2008-01-19
Gentoo 200801-09 2008-01-20
Debian DSA-1466-2 2008-01-19
Ubuntu USN-571-1 2008-01-18
Red Hat RHSA-2008:0029-01 2008-01-18
Red Hat RHSA-2008:0064-01 2008-01-17
Red Hat RHSA-2008:0031-01 2008-01-17
Red Hat RHSA-2008:0030-01 2008-01-17
Debian DSA-1466-1 2008-01-17
SuSE SUSE-SA:2008:003 2008-01-17

Comments (none posted)

X.org: temp file vulnerability

Package(s):X.org CVE #(s):CVE-2007-3103
Created:July 12, 2007 Updated:July 2, 2009
Description: The X.Org X11 xfs font server has a temp file vulnerability in the startup script. A local user can modify the permissions of the script in order to elevate their local privileges.
Alerts:
Fedora FEDORA-2009-3651 2009-04-14
Fedora FEDORA-2009-3666 2009-04-14
Debian DSA-1342-1 2007-07-30
rPath rPSA-2007-0141-1 2007-07-17
Foresight FLEA-2007-0031-1 2007-07-12
Red Hat RHSA-2007:0520-01 2007-07-12
Red Hat RHSA-2007:0519-01 2007-07-12

Comments (none posted)

xorg-server: local privilege escalation

Package(s):xorg-server CVE #(s):CVE-2007-4730
Created:September 10, 2007 Updated:January 24, 2008
Description: Aaron Plattner discovered a buffer overflow in the Composite extension of the X.org X server, which can lead to local privilege escalation.
Alerts:
Mandriva MDVSA-2008:022 2008-01-23
Gentoo 200710-16 2007-10-14
Ubuntu USN-514-1 2007-09-18
Red Hat RHSA-2007:0898-01 2007-09-19
rPath rPSA-2007-0187-1 2007-09-14
Mandriva MDKSA-2007:178 2007-09-11
Debian DSA-1372-1 2007-09-09

Comments (none posted)

xulrunner, firefox, thunderbird: multiple vulnerabilities

Package(s):xulrunner, firefox, thunderbird CVE #(s):CVE-2007-1095 CVE-2007-2292 CVE-2007-3511 CVE-2007-5334 CVE-2007-5337 CVE-2007-5338 CVE-2007-5339 CVE-2007-5340 CVE-2006-2894
Created:October 22, 2007 Updated:May 12, 2008
Description: From the Debian advisory:

CVE-2007-1095: Michal Zalewski discovered that the unload event handler had access to the address of the next page to be loaded, which could allow information disclosure or spoofing.

CVE-2007-2292: Stefano Di Paola discovered that insufficient validation of user names used in Digest authentication on a web site allows HTTP response splitting attacks.

CVE-2007-3511: It was discovered that insecure focus handling of the file upload control can lead to information disclosure. This is a variant of CVE-2006-2894.

CVE-2007-5334: Eli Friedman discovered that web pages written in Xul markup can hide the titlebar of windows, which can lead to spoofing attacks.

CVE-2007-5337: Georgi Guninski discovered the insecure handling of smb:// and sftp:// URI schemes may lead to information disclosure. This vulnerability is only exploitable if Gnome-VFS support is present on the system.

CVE-2007-5338: "moz_bug_r_a4" discovered that the protection scheme offered by XPCNativeWrappers could be bypassed, which might allow privilege escalation.

CVE-2007-5339: L. David Baron, Boris Zbarsky, Georgi Guninski, Paul Nickerson, Olli Pettay, Jesse Ruderman, Vladimir Sukhoy, Daniel Veditz, and Martijn Wargers discovered crashes in the layout engine, which might allow the execution of arbitrary code.

CVE-2007-5340: Igor Bukanov, Eli Friedman, and Jesse Ruderman discovered crashes in the Javascript engine, which might allow the execution of arbitrary code.

Alerts:
Debian DSA-1574-1 2008-05-12
Debian DSA-1534-2 2008-04-24
Debian DSA-1535-1 2008-03-30
Debian DSA-1534-1 2008-03-28
Debian DSA-1532-1 2008-03-27
Mandriva MDVSA-2007:047 2007-02-19
SuSE SUSE-SR:2008:002 2008-01-25
Slackware SSA:2007-324-01 2007-11-21
Fedora FEDORA-2007-3414 2007-11-16
Fedora FEDORA-2007-3431 2007-11-16
Gentoo 200711-24 2007-11-18
Fedora FEDORA-2007-3256 2007-11-13
Fedora FEDORA-2007-3184 2007-11-12
Gentoo 200711-14 2007-11-12
Fedora FEDORA-2007-2795 2007-11-06
Debian DSA-1401-1 2007-11-05
rPath rPSA-2007-0225-2 2007-10-26
Fedora FEDORA-2007-2679 2007-10-29
Fedora FEDORA-2007-2697 2007-10-29
Fedora FEDORA-2007-2697 2007-10-29
Fedora FEDORA-2007-2686 2007-10-29
rPath rPSA-2007-0225-1 2007-10-26
Foresight FLEA-2007-0062-1 2007-10-28
Debian DSA-1396-1 2007-10-27
Slackware SSA:2007-297-01 2007-10-26
SuSE SUSE-SA:2007:057 2007-10-25
Ubuntu USN-536-1 2007-10-23
Mandriva MDKSA-2007:202 2007-10-23
Fedora FEDORA-2007-2664 2007-10-24
Fedora FEDORA-2007-2601 2007-10-24
Ubuntu USN-535-1 2007-10-23
Debian DSA-1392-1 2007-10-20

Comments (1 posted)

Page editor: Jake Edge

Kernel development

Brief items

Kernel release status

The current stable 2.6 kernel is 2.6.24, released by Linus on January 24. Highlights of this release include control groups (formerly process containers), the i386/x86_64 architecture merger, group scheduling in the CFS scheduler, network and PID namespaces, kernel markers, the removal of the modular security interface, and much more. See LWN's list of merged patches for more detail, or the always-amazing KernelNewbies Linux Changes page for much more detail.

The 2.6.25 merge window is open, but the process of picking up patches is going relatively slowly due to the distractions of linux.conf.au. See the article below for a summary of what has been merged to date.

For older kernels: 2.6.16.60 was released on January 27 with about a dozen fixes.

Comments (none posted)

Kernel development news

Quotes of the week

I skipped a lot of these patches because I just got bored of fixing rejects. Now is a very optimistic time to be raising patches against mainline.

I'm going to work on getting a unified devel tree operating: one which contains everyone's latest stuff and is updated daily. Basically it'll be -mm without a couple of the quilt trees. People can then prepare patches against that, as it seems that most can't be bothered patching against -mm, let alone building and testing it. More later.

-- Andrew Morton

Even Anton Blanchard's phone calls have a signed-off-by line.
-- AntonBlanchardFacts.com

Comments (none posted)

What got into 2.6.25

By Jonathan Corbet
January 30, 2008
As of this writing, some 3800 patches have been merged into the mainline git repository since the release of 2.6.24. That is fewer than one might have expected, but Linus's travel to linux.conf.au is slowing the process somewhat. Expect more than the usual amount of interesting stuff to be merged relatively late in the merge window period.

User-visible changes include:

  • New drivers have been added for Globe Trotter HSDPA wireless cards, HIFN 795x crypto accelerator chips, Xceive xc2028 and xc5000 tuners, Cirrus Logic CS5345 analog-to-digital converters, several Beholder TV tuners, Syntek DC1125 cameras, Silicon Labs Si470x FM radio receivers, Atmel AT91CAP9 processors, Qualcomm MSM7X00A processors, Marvell Orion system-on-a-chip devices, Marvell Feroceon processors, SuperH 7203 and 7263 processors, SGI IP28 systems, R6040 Ethernet adapters, Broadcom NetXtremeII 10Gb network adapters, RTL8180 and 8185-based wireless network cards, Microchip EN28J60 Ethernet chips, and, finally, Atheros-based wireless network adapters.

  • The Seagate ST-02/Future Domain TMC-8xx and PSI240i SCSI drivers have been removed due to lack of interest and maintenance.

  • Salsa20 stream cipher support has been added to the crypto layer (at least for the x86 architecture - it's an assembly implementation).

  • Some realtime work has gone into the scheduler; in particular, the kernel will be more aggressive about moving tasks between processors when multiple realtime tasks are contending for the same CPU. The implementation of cpusets has been made to work more with the scheduler domains mechanism. The option to make the big kernel lock preemptible has been made the default; eventually the non-preemptible version will go away altogether. High-resolution timers can be used for preemption, making fair scheduling more accurate. The group scheduling feature has been enhanced with realtime support.

  • The Preemptible read-copy-update patches have been merged.

  • Support for the LatencyTop utility has been merged.

  • Kprobes support for the ARM architecture has been added.

  • The new CLONE_IO flag to clone() causes I/O contexts (used in the CFQ block I/O scheduler) to be shared with the new child process.

  • The idle class for I/O scheduling has been changed to not be 100% idle when the device is busy; as a result, it is far less likely to cause priority inversion problems and is no longer limited to privileged processes.

  • A long list of new ext4 features, including large file support, (very) large filesystem support, journal checksumming, multi-block allocation, and more, has been added in.

  • The splice() system call now supports TCP receive streams.

  • Controller area network protocol support has been merged.

  • The network traffic shaper, long obsolete and scheduled for removal, is gone.

  • Quite a bit of work has been done on the network namespace code which was first merged in 2.6.24. Extending namespace awareness through the entire networking subsystem is a big job which is, at this point, mostly complete.

Changes visible to kernel developers include:

  • Chinese translations of a number of core kernel development documents have been added to the tree.

  • There have been a great many changes to the low-level device model APIs dealing with kobjects and ksets. These changes have, in turn, forced a large number of adjustments throughout the tree. See Documentation/kobject.txt for an overview of the new API.

  • There is a new set of security module functions for dealing with filesystem mount and unmount operations.

  • The chained scatterlist API has been augmented with the sg_table patches.

  • There have been some changes to the block request completion API. See this article for a description of the new way of doing things.

As of this writing, the merging process has just begun, so expect a long list again next week. Among other things, the x86 tree update, with 908 changesets, is waiting on the wings. There is quite a bit of code yet to be merged for this development cycle.

Comments (2 posted)

Avoiding the OOM killer with mem_notify

By Jake Edge
January 30, 2008

Having applications that use up all the available memory can be a fairly painful experience. For Linux systems, it generally means a visit from the out-of-memory (OOM) killer, which will try to find processes to kill. As one would guess, coming up with rules governing which process to kill is challenging—someone, somewhere, will always be unhappy with a choice the OOM killer makes. Avoiding it altogether is the goal of the mem_notify patch.

When memory gets tight, it is quite possible that applications have memory allocated—often caches for better performance—that they could free. After all, it is generally better to lose some performance than to face the consequences of being chosen by the OOM killer. But, currently, there is no way for a process to know that the kernel is feeling memory pressure. The patch provides a way for interested programs to monitor the /dev/mem_notify file to be notified if memory starts to run low.

/dev/mem_notify is a character device that signals memory pressure by becoming readable. Interested programs can open the file and then use poll() or select() to monitor the file descriptor. Alternatively, signal-driven I/O can be enabled via the FASYNC flag and the system will deliver a SIGIO signal to the process when the device becomes readable. If it becomes readable, the process should free any memory that it can afford to give up. If enough memory is freed this way, the kernel will have no need to call in the OOM killer.

The crux of the patch is how to decide that memory pressure is occurring. mem_notify modifies shrink_active_list() to look for movement of an anonymous page to the inactive list, which is an indication that some will likely be swapped out soon. When that occurs, memory_pressure_notify() (with the pressure flag set to 1) will be called for that zone. When the number of free pages for the zone increase above a threshold—based on pages_high and lowmem_reserve for the zone—memory_pressure_notify() is called again, but with the pressure flag set to 0, effectively ending the memory pressure event for that zone.

If there are numerous processes waiting for a memory pressure notification, it could be counterproductive to wake them all at once—the "thundering herd" problem. To combat this, the patch set adds the ability to wake fewer processes than are waiting on the poll event, by adding the poll_wait_exclusive() function. poll_wait_exclusive() will in turn call add_wait_queue_exclusive() so that a member of the wake_up() family can be used that will limit the number of processes woken up. Previously, only poll_wait() was available, it uses add_wait_queue(), which does not provide this ability. Also, to reduce the frequency of processes waking up to reclaim memory, memory_pressure_notify() will only do that once every five seconds.

The /proc/zoneinfo output has been changed to include the mem_notify status. This can be used by a human for diagnostic purposes or by a program to check the current status of zones for memory pressure.

The embedded community has a lot of interest in seeing this feature get added to the kernel. Devices like phones and PDAs are often running close to their memory limits and the OOM killer is currently unavoidable when the user opens yet another application. With this patch in place, programs that use a lot of memory, but could get by with less, can be changed to free up their caches and the like when memory gets tight. As memory hungry programs get changed, other users will benefit as well.

The patch, submitted by Kosaki Motohiro, has been through several iterations on linux-kernel. The work was originally started by Marcelo Tosatti, with the fifth version recently posted by Kosaki. Previous versions have been well received and with relatively few comments on this iteration, it would seem to be getting close to being merged.

Comments (41 posted)

A new block request completion API

By Jonathan Corbet
January 29, 2008
The 2.6 block layer has traditionally provided a pair of functions by which a driver could indicate that an I/O request had been completed. A call to end_that_request_first() signaled the transfer of a certain amount of data and would return a value indicating whether the request as a whole was complete. Once all sectors in a request had been transferred, it was up to the driver to pass the request to end_that_request_last() for final cleanup. There was also a function called simply end_request() which might or might not end the entire request, depending on how much data had been transferred. This API has worked for a long time, but it has occasionally proved confusing for driver developers. It was also hard for drivers to communicate useful error information with this interface. So, as of 2.6.25, there will be a new way for drivers to indicate request completion.

After a block driver has transferred one or more sectors (or failed in the attempt), it should now make a call to: 

    int blk_end_request(struct request *rq, int error, int nr_bytes);

Where rq is the I/O request, error is zero or a negative error code, and nr_bytes is the number of bytes successfully transferred. If blk_end_request() returns zero, the request is fully processed and the driver can forget about it. Otherwise there are still sectors to be transferred and the driver should continue with the same request.

blk_end_request() must acquire the queue lock to do its job. If the driver already holds that lock, it should call __blk_end_request() instead.

Block drivers traditionally did a number of housekeeping tasks between calls to end_that_request_first() and end_that_request_last(). These include calling add_disk_randomness() to contribute to the entropy pool, returning any tags used with the request, and removing the request from the queue. All of that stuff is now done within blk_end_request(), so drivers can forget about it. The occasional driver had to carry out other tasks between the completion of the request and its removal from the queue. For drivers with this kind of special need, there is a separate function to call: 

    int blk_end_request_callback(struct request *rq, 
                                 int error, 
				 int nr_bytes,
			         int (drv_callback)(struct request *));

In this version, drv_callback() will be called (without the queue lock held) between the completion of the request and its final cleanup. If the callback returns a non-zero value, that final cleanup will not be done. This function will always acquire the queue lock - there is no version for drivers which have already taken that lock. In general, though, the use of the callback functionality is likely to be a sign that the driver is being tricker than it really needs to be.

This change was accompanied by a fair number of patches converting all in-tree drivers to the new interface. The old completion functions have been removed, so out-of-tree drivers will need updating before they will work with 2.6.25.

Comments (none posted)

Patches and updates

Kernel trees

Core kernel code

Development tools

Device drivers

Filesystems and block I/O

Janitorial

Memory management

Architecture-specific

Security-related

Virtualization and containers

Benchmarks and bugs

Page editor: Jake Edge

Distributions

News and Editorials

LCA: The state of Debian

By Jonathan Corbet
January 28, 2008
The Debian miniconf is one of the oldest of linux.conf.au traditions. This year, Martin Krafft was the person who - with short notice - got to lead off this gathering with the "state of Debian" talk. Debian, as always, is an active project, and it seems that much is going well.

The Debian security team has grown over the last year. Martin noted that Debian, for all practical purposes, had no security support for a period after the Etch Sarge release. Those days are over, though, and Debian's security support is, once again, solid. There is now good security support for the testing distribution as well; in fact, testing updates often come out before those for the stable distribution. That result comes from the fact that testing updates do not need to support all architectures and there are fewer embargo issues.

[Martin Krafft] The upcoming Lenny release, it was noted, will have implemented most of the features called for in the security-hardening specification.

The state of translations is good; Debian supports 58 languages now, and may support 77 by the Lenny release. The Smith Review Project has been working through the package base, ensuring that package descriptions are, well, descriptive, in proper English, and easily translatable.

On the ports side, the Sparc32 port has been officially retired; to the dismay of relatively few users. The Lenny release will include a new port: Debian GNU/kFreeBSD, which is based on the FreeBSD kernel. Martin thought this port would appeal to those Debian users who have been complaining about the increasing "multimedia orientation" of the Linux-based distribution.

Much work is going into making the package repository more searchable. The debtags project, which is putting a set of standardized tags onto packages, is relatively advanced. This effort will address a number of longstanding problems, like the fact that a search for "image editor" does not turn up GIMP, which is an "image manipulation program." Debtags will also make it possible to search for packages which are related to other packages. There is also the apt-xapian-index project, which is working toward indexing all package metadata and providing a fast search capability.

Other bits of current status:

  • The debian-med project - building a version of Debian aimed at the medical industry - is headed toward a 1.0 release.

  • The Debian mirror network is growing. There are six new primary mirrors, and around 100 new secondary mirrors.

  • Lenny will use UTF-8 nearly exclusively. Developers are working on fixing the remaining packages which do not yet support UTF-8.

  • The venerable dselect is almost retired. There are still dselect users out there; Martin suggests that all of those folks move to aptitude.

  • There are a lot of new games coming into the distribution.

  • The Etch-and-a-half release will be happening soon. This is a version of Etch which offers a 2.6.24 kernel - needed to make Etch work on newer hardware. The original 2.6.18 kernel will remain an option for Etch users.

Looking forward to 2008, Martin noted that the Lenny release is currently planned for December. Lots of emphasis on "planned" - given Debian's history in this regard, few people actually expect the release to happen on time. Martin did say that things have been getting better in this regard, with Etch being "only" four months behind schedule. A Lenny release which is only a couple months late seems feasible.

Something which is just coming into play is the new "Debian maintainer" status. Unlike full developers, maintainers cannot vote, have no access to the debian-private list, and do not have much access to the wider Debian infrastructure. About all they really can do is upload a specific set of packages. So the "maintainer" designation is good for those who want to maintain a small set of packages, but who are not looking to be an active participant in Debian as a whole, and who do not want to run the "new maintainer" gauntlet.

Martin was asked whether there was any thought of downgrading any existing developers to maintainers. He said that there was some interest in doing that. There are currently just over 1000 developers, all of whom have full access to the repository. Some 400 of those are inactive, but they still possess a key which lets them make changes to the system; this is a clear security issue. The MIA project is looking to identify these people and, eventually, move them to inactive status. On the issue of whether the project would be forcibly downgrading active developers who, for whatever reason, are not entirely welcome in the community, Martin says that will not be happening. There is just no way to do it without bringing massive disruption and flame wars, and nobody wants that.

There was also a question on the role of the debian-private list. The biggest use of debian-private, according to Martin, is vacation announcements; developers need to let the project know that they will not be around, but they do not wish to announce their absence to the wider world. There are some other discussions there too, of course. Current policy says that debian-private discussions will be disclosed after three years in the absence of a request to the contrary. There's an effort afoot to disclose older traffic from before the adoption of that policy, but that requires the assent of all of the participants.

The debian-women project, unfortunately, is currently stalled; the main participants have not had the time to push things forward. The #debian-women channel remains active, though, and is generally a nice and supportive place to be. There are currently about twelve active female contributors to Debian. Martin thinks that women are becoming more present in general, though, and he stated that "the Debian cowboy days are done."

On the packaging front: the packages.qa.debian.org site has been redone in "beautiful CSS." There are now RSS feeds for those who want to follow the status of specific packages. A new "LowThresholdNMU" flag has been added; this is essentially a statement on the part of the maintainer that he will not get offended if others upload fixes to the package. Packages can now use bzip2 compression. There has also been a major rework of the shared library infrastructure, which now looks at actual symbol use when determining shared library dependencies. This change should make it possible to install individual packages from testing into a stable system without having to update all of the libraries that package uses.

There is a growing trend toward team maintenance, especially for the larger package sets. This approach increases the robustness of the system and minimizes problems with MIA maintainers.

Version control systems are working their way into the Debian infrastructure. Packages can now have a set of Vcs-* headers which point to the upstream source repository; these can be used, for example, with the debcheckout command to clone the source repository without having to know anything about the source management system used. Version control systems also offer a solution to the current problem of "hackish packaging tools" being used by many developers. In the future, source packages might just include a shallow repository which can be fed straight to git (or some other system). This project is stalled at the moment, but Martin thinks it will go somewhere; it would be nice if the distributors could come up with a common scheme that they can all use.

The final topic in this session was a question from the audience on whether Debian might ever go to a shorter release cycle. The projected 18 months for Lenny seems like a step in that direction, but 18 months is still quite a bit longer than the cycles used by many other free distributions. Martin thinks that going shorter is unlikely. The fact of the matter is that distribution upgrades are a hassle, requiring a fair amount of administrative attention. Ubuntu may have made some progress with its use of upgrade scripts, but the basic problem remains. On top of that, shorter release cycles would necessarily lead to a shortening of the time for which security updates are available for any specific release. And that, in turn, would force users into more frequent updates whether they want to do that or not. So one should not expect six-month release cycles from Debian anytime soon.

Comments (38 posted)

New Releases

Mandriva Linux 2008 Spring Beta 1 "Ophrys" released

The first beta of Mandriva Linux 2008.1 has been released. "The third pre-release of Mandriva Linux 2008 Spring is here. This pre-release brings available KDE 4.0.0 final (in the repositories, not on the discs), a new XML-based package metainformation system, out-of-the-box support for multimedia keys on many common keyboards, new NVIDIA and ATI drivers, kernel 2.6.24 RC8 (with ALSA 1.0.16 RC1), and more."

Full Story (comments: none)

Fedora Unity releases updated Fedora 7 Re-Spins

The Fedora Unity Project has announced the release of new ISO Re-Spins (DVD and CD Sets) of Fedora 7. These Re-Spin ISOs are based on Fedora 7 and all updates released as of January 18th, 2008. The ISO images are available for i386, x86_64 and PPC architectures via jigdo. CD Image sets have been made available for those in the Fedora community that do not have DVD drives or burners available.

Full Story (comments: none)

Distribution News

Debian GNU/Linux

preparing sid/lenny to build with GCC-4.3

Matthias Klose reports that GCC-4.3 will be the default compiler for the Lenny release. "Other distributions (Fedora and Novell) are currently preparing their next releases based on the GCC-4.3 compilers, and are heavily involved in upstream development. Test rebuilds for Ubuntu gutsy and hardy were made for amd64, i386, and sparc. On Debian one or more test rebuilds were made for alpha, hppa, i386, ia64, amd64, sparc. In short, 4.3 will become a good release."

Full Story (comments: 1)

Introducing security hardening features for Lenny

Moritz Muehlenhof introduces the security hardening measures that are going into all the packages in Lenny (currently testing).

Full Story (comments: none)

Fedora

The Red Hat Community Architecture team

Outgoing Fedora leader Max Spevack has sent out a somewhat indirect announcement for the creation of the Red Hat Community Architecture Team, which is intended to help strengthen Red Hat's position within the community. "The Community Architecture team is responsible for all of Red Hat's community efforts, and to achieve its goals by encouraging and developing new leadership within the Fedora community. By its nature, most of this work will take place directly in Fedora, and therefore we 'report' to the Fedora Board, but we will also be responsible for community related activities that are within Red Hat's scope, but outside of Fedora's."

Full Story (comments: none)

FUDCon video: New face of Fedora

Red Hat Magazine has made a video available for download. The video shows outgoing Fedora Project leader Max Spevack talking with new Fedora Project leader Paul Frields at FUDCon.

Comments (none posted)

And the F9 codename winner is...

The codename for Fedora 9 is Sulphur. Click below to see the full election results.

Full Story (comments: 1)

Fedora Education Spin

There is a kickstart file available to create Fedora live CD with educational applications. So far, this is an unofficial spin and the package list is still in flux.

Full Story (comments: none)

Gentoo Linux

Gentoo plans public beta release for 2008.0 release cycle

The Gentoo Project is planning a public beta for the 2008.0 release cycle. "Public beta releases play a major role in the Release Engineering team's revamped plans for 2008.0. Releng lead Chris Gianelloni said he hoped beta releases would increase community participation as well as the quality of the final release. These feature-complete public betas will require the earlier development of release materials, another component of the 2008.0 changes. To ensure sufficient time for beta testing, a mandatory 2-week testing period will follow the beta release." The 2.6.24 kernel is targeted for the 2008.0 release.

Comments (none posted)

SUSE Linux and openSUSE

openSUSE 10.3 PromoDVDs

Promotional DVDs of openSUSE 10.3 are available. "The DVD is made to promote openSUSE, especially on exhibitions and other events, local usergroups, schools, universities and so on." Click below to find out how to get some.

Full Story (comments: none)

Other distributions

CentOS Projects (Planet CentOS)

Daniël de Kok takes a look at some CentOS subprojects. These include the CentOS Live CD, Project Cranberry (a sysadmin toolkit), Dasha (bringing in more drivers), and Pandora (a package browser for CentOS repositories).

Comments (none posted)

CentOS Artwork SIG created

The CentOS team has created the Artwork Special Interest Group (SIG). This SIG will create artwork for each CentOS major release and create and maintain consistent artwork for the official CentOS websites.

Full Story (comments: none)

New Distributions

EeeDora

EeeDora provides a Fedora 8 spin for the Asus Eee 701 PC. From the project's Google Code page: "This project includes the files necessary to build a custom spin of Fedora (using their excellent tools), put it onto a CD (or USB key) as a Live version to test it out, and then install it as a replacement for the Asus default."

Comments (none posted)

Distribution Newsletters

Fedora Weekly News Issue 117

The most recent issue of Fedora Weekly News is available. Coverage includes the Fedora 9 codename winner (Sulphur for the impatient), a FUDcon survey (both for those who attended and those who didn't), coding project ideas for various Summer of Code style initiatives, Tom "spot" Callaway's new role, and more. Click below for the full issue.

Full Story (comments: none)

Ubuntu Weekly Newsletter #75

The Ubuntu Weekly Newsletter for the weeks January 20th - January 26th, 2008 covers the upcoming Alpha 4 freeze, the release of 6.06.2 LTS, MOTU Council elections, an Ubuntu Demo Day in Swindon, UK, upcoming Hug Day, Full Circle Magazine #9, the Launchpad logo competition, and much more.

Full Story (comments: none)

DistroWatch Weekly, Issue 237

The DistroWatch Weekly for January 28, 2008 is out. "Mobile workers no longer have to carry bulky laptops in order to do their work; with the emergence of free software and live operating systems, a bootable USB Flash drive with Linux is often all that's needed to complete one's task while on the road. In this week's issue we'll take a quick look at Mandriva Flash 2008, a useful "pocket" OS with thousands of applications and several gigabytes of free space for storing your data. In the news section, Gentoo Linux works hard to improve the interaction between the developers and its users, Debian embarks on a major switch to GCC 4.3 as the default compiler, Fedora announces more changes to the project leadership prior to the upcoming release of Fedora 9, and ISP-Planet talks to m0n0wall's Manual Kasper about the importance of small, configurable firewalls. Finally, don't miss the usual bunch of new Linux distributions submitted to DistroWatch, including the promising openmamba GNU/Linux."

Comments (none posted)

Newsletters and articles of interest

Tweaking Hidden Ubuntu Settings With Ubuntu Tweak (HowtoForge)

HowtoForge looks at the Ubuntu Tweak package. "Ubuntu Tweak is a tool that lets you change hidden Ubuntu settings, for example: hide or change the splash screen, show or hide the Computer, Home, Trash, and Network icons, change Metacity, Nautilus, power management, and security settings, etc. Currently Ubuntu Tweak is available only for the Ubuntu GNOME desktop, i.e., it will not work on Kubuntu or Xubuntu. This short guide shows how to install and use Ubuntu Tweak."

Comments (none posted)

Interviews

Interview with RPM Fusion developers

Over at the Fedora wiki, Jonathan Roberts interviews the developers of the RPM Fusion repository. "Hans de Goede: We want to be a one stop place for Fedora add-on packages which cannot be in Fedora proper due to various issues. Currently we are a merger of the dribble, freshrpms and livna repositories, and we invite other repositories to join us."

Comments (2 posted)

Page editor: Rebecca Sobol

Development

Gerbv reaches the 2.0 release milestone

By Forrest Cook
January 29, 2008

Gerbv (Gerber Viewer) is a utility for displaying CAD files that are used in the manufacture of electronic printed circuit boards:

[gerbv logo]

Gerbv is a viewer for Gerber (RS-274X) files. It is one of the utilities affiliated with the gEDA project. Gerber files are generated from PCB CAD systems and sent to PCB manufacturers as the basis for the manufacturing process. The standard supported by gerbv is RS-274X.

In the 1980s, computer generated Gerber files were used to drive photo-plotter machines made by by the Gerber Systems Corporation. The photo plotters used a mechanically stepped light source and rotating image wheels to optically imprint a image of a circuit board onto a large piece of film. The film was then used to manufacture the printed circuit board. Additionally, PCB manufacturing requires information for defining the size and placement of drill holes (drill files).

The photo plotting machines are now obsolete, but the Gerber standard remains as a standard in the PCB manufacturing business. The output from Gerber file plots can look considerably different than the original CAD drawings, making a visualization tool like Gerbv important.

Gerbv can be used for examining the CAD files generated by such software as CadSoft Eagle, a popular commercial application with a freely downloadable hobby version. Another Linux-compatible printed circuit CAD application is PCB. PCB is less powerful than Eagle, but is open-source software. LWN examined PCB a long time ago.

Version 2.0.0 of Gerbv was recently announced: "Gerbv release 2.0.0 represents a a whole new look for gerbv. Most importantly, the layer control GUI has been made much more powerful through the outstanding work of Julian Lamb. Julian has also re-worked the GUI's button and menus to make them more convenient to use. We are certain that you will find gerbv-2.0.0 even easier to use than before because of Julian's amazing work!"

The feature list for Gerbv 2.0.0 now includes:

  • Display of RS-274x Gerber files.
  • The complete implementation of the current Gerber spec.
  • Display of Excellon drill files.
  • Display of XYRS pick-place files for surface mount technology.
  • A completely redesigned GUI.
  • Controls for zoom/pan and fit to screen.
  • A measure tool for making mouse-controlled distance calculations.
  • User selected display of the various layers.
  • Support for transparency so that multiple layers can be viewed.
  • Report windows showing Gerber and drill code stats and errors.
  • A built-in print button.
  • Use of the Cairo graphics library, enabling export of PDF, PS, SVG, and PNG files.
  • Incorporation of a new unit test suite in the code.
  • Improved file-type autodetection.
  • Expanded configuration options for the build system.
The project's SourceForge screenshot page gives several examples of Gerbv 2.0.0 in use.

[miniature gerbv image]

Installation of Gerbv 2.0.0 was straightforward. The source code was downloaded, uncompressed and untared. The standard Unix configure/make/make install steps were performed on a Ubuntu Feisty Fawn system, no problems were encountered.

Gerbv 2.0.0 was tested on some Eagle CAD files that your author had worked on in the past. Startup was easy, running the command gerbv slc1.* had the desired effect of pulling in all of the various layers for the test project. Moving and zooming around the layers showed the CAD graphics in detail, as expected. The analyze tools produced a lot of useful status information for the various files.

Details in the copper layers that did not show up in Eagle (version 4.16) were easily seen with Gerbv. In the past, your author has encountered problems with Eagle incorrectly displaying the placement and scaling of text on the silk screen layer. This showed up when CAD files were taken to a board manufacturer. Gerbv displayed the text as it appears on the manufacturer's system, which is the desired behavior.

The export functions were experimented with. Export to a png file worked as expected. Export to a PostScript file caused Gerbv to hang up. Export to a PDF file took a very long time to complete, and gpdf took a long time to load the file. When gpdf finished rendering, it only displayed large polygons that were barely visible due to their almost identical colors. Export to svg produced a file that caused the mirage image viewer to hang when reading. An attempt to convert the svg file to a jpg file with convert resulted in this error: 

convert: unable to open image `pattern0': No such file or directory.
convert: Non-conforming drawing primitive definition `fill'.
Clearly, this is still a .0.0 release with some bugs. Despite these problems, Gerbv 2.0.0 is a tool that is useful, if not critical, for performing Linux-based printed circuit board design.

Comments (3 posted)

System Applications

Clusters and Grids

Release of rsplib 2.4.0beta1

Version 2.4.0 beta 1 of rsplib has been announced. "rsplib is the Open Source implementation (GPLv3) of the IETF's upcoming standard for Reliable Server Pooling (RSerPool). It provides protocols and functionalities for the management of server pools and sessions between users and pools. In particular, RSerPool takes care for server selection and session failover support among servers of a pool."

Full Story (comments: none)

Database Software

Firebird 2.1 RC 1 is available

Release Candidate 1 of Firebird Version 2.1 has been announced. "This is the first release candidate of the Firebird version 2.1 series. Its purpose is for FIELD TESTING. Deployment into production systems is not recommended. Cumulative release notes covering both V.2.0.3 and this build of V.2.1 are available both in the build kits and online. Installation notes (updated for Windows) and cumulative bug-fixes for both versions are released in separate documents this time."

Comments (1 posted)

MySQL 5.0.51a has been released

Version 5.0.51a of the MySQL DBMS has been announced. "MySQL 5.0.51a is a security hotfix release. We recommend all users of any previous release in the MySQL 5.0 Community Server branch to upgrade to 5.0.51a as soon as possible. Please see below for details."

Full Story (comments: none)

Postgres Weekly News

The January 27, 2008 edition of the Postgres Weekly News is online with the latest PostgreSQL DBMS articles and resources.

Full Story (comments: none)

Security

Havp: 0.87 released (SourceForge)

Version 0.87 of Havp has been announced. "HAVP (HTTP Anti-Virus Proxy) is a proxy with a clamav antivirus scanner. The main aims are continuous, non-blocking downloads and smooth scanning of dynamic and password protected homepages. It can be used with squid or standalone."

Comments (none posted)

Metasploit Framework 3.1 released

Version 3.1 of the Metasploit Framework, a development platform for creating security tools and exploits, is available. "The Metasploit Project announced today the free, world-wide availability of version 3.1 of their exploit development and attack framework. The latest version features a graphical user interface, full support for the Windows platform, and over 450 modules, including 265 remote exploits."

Full Story (comments: none)

Telecom

Activa for Asterisk: New release 1.4.4 (SourceForge)

Version 1.4.4 of Activa for Asterisk has been announced. "Activa brings the Asterisk IP PBX to the call center. Built on top of Asterisk, Activa components enable successful call center implementations adding value in areas such as computer telephony, screenpop & click2dial, agent control, automatic dialing... This is a maintenance release".

Comments (none posted)

Miscellaneous

ALE Server 1.1.2 Released (SourceForge)

Version 1.1.2 of ALE Server has been announced. "logicAlloy ALE is RFID-EPC compliant RFID middleware. ALE collects and processes RFID tag data from RFID readers, then pushes RFID data to ERP apps."

Comments (none posted)

Desktop Applications

Audio Applications

aTunes: Jukebox Power Pack announced (SourceForge)

The first release of the Jukebox Power Pack has been announced. "aTunes is a powerful, full-featured, cross-platform player and manager, with audio cd rip front-end. Currently supported formats are mp3, ogg, wav, wma, flac, mp4, ape, mpc, mac, radio streaming and podcasts. The aTunes, Jajuk and Jukes audio player projects are pleased to announce the start of close collaboration on shared ressources. The three projects aim at providing full-featured cross-platform jukeboxes for advanced users. As a first result, the Jukebox Power Pack has been released. It contains the three applications bundled together."

Comments (none posted)

Desktop Environments

GNOME Software Announcements

The following new GNOME software has been announced this week: You can find more new GNOME software releases at gnomefiles.org.

Comments (none posted)

KDE Software Announcements

The following new KDE software has been announced this week: You can find more new KDE software releases at kde-apps.org.

Comments (none posted)

Xorg Software Announcements

The following new Xorg software has been announced this week: More information can be found on the X.Org Foundation wiki.

Comments (none posted)

Educational Software

iTALC: 1.0.5 released (SourceForge)

Version 1.0.5 of iTALC has been announced. "iTALC aims to be an alternative to commercial software for working with computers in school. Features: monitoring student's activities, help students (remote control), show demo, locking student's screens and much more.."

Comments (none posted)

Interoperability

Wine-doors 0.1.2 released (GnomeDesktop)

Version 0.1.2 of Wine-doors, a Windows application management utility for GNOME, has been announced. "Wine-doors 0.1.2 has been released, this release sees vastly improved exception handling thanks to Andrew Stormont who joined the project after 0.1.1, along with some new features tweaks and various other fixes. We’re also syncing the repos from SVN nightly, this means that we can release apps faster between now and the finalisation of the new application database which is currently being worked on by Sam Taylor."

Comments (none posted)

Mail Clients

The beginning of Thunderbird 3 planning

Thunderbird users may be interested in this message from David Ascher, who is heading up the newly spun-off "MailCo" company. He wants to get a public "milestone" build of Thunderbird 3 in 2008, with calendaring support, better search, better extensions, and more. "Thunderbird's impact is proportional to its user count. Thus driving adoption is my primary concern. Our current user base is very significant (many millions of mostly quite satisfied users), but the number of possible users of Thunderbird is orders of magnitude greater than our current reach."

Full Story (comments: 27)

Video Applications

Dirac 0.9.1 released

Version 0.9.1 of the Dirac video codec has been announced. "This is a minor release complying with Dirac Bytestream Specification 2.1.0."

Full Story (comments: none)

On the road to a Dirac standard (Son of Id)

Thomas Davies reports that the Dirac video codec is on its way to becoming an international standard. "First, Dirac (or part of it) is going to be an international standard. Yay! We made a cut-down version doing intra coding only and this has only just been submitted to the SMPTE. If it goes through it will become VC-2 (Windows Media 9 became VC-1 when they standardised it). After a lot of hard work fighting SMPTE's preferred Word format (yuk) it went in just before Christmas and is being voted on as a Committee Draft as I write this." (Thanks to erwbgy)

Comments (8 posted)

Announcing Miro 1.1: dramatically faster BitTorrent

Version 1.1 of Miro, a video download/watcher application, has been announced. "First, we have dramatically improved performance for torrent downloading and we offer more settings and control (thanks to libtorrent). With this update, Miro is truly a powerhouse for torrent feeds, if I do say so myself. Torrents are still a difficult and mysterious technology for many users, despite the huge bandwidth savings they provide to publishers. We aim to make your torrent experience seamless at worst and invisible at best." The other major change involves getting results from all five search engines at once.

Comments (none posted)

Web Browsers

Mozilla Links Newsletter

The January 17, 2008 edition of the Mozilla Links Newsletter is online, take a look for the latest news about the Mozilla browser and related projects.

Full Story (comments: none)

Mozilla Links Newsletter

The January 27, 2008 edition of the Mozilla Links Newsletter is online, take a look for the latest news about the Mozilla browser and related projects.

Full Story (comments: none)

Languages and Tools

C

GCC 4.3.0 Status Report

The January 28, 2008 edition of the GCC 4.3.0 Status Report has been published. "We are in Stage 3 and the trunk is open for regression and documentation fixes only. When we reach zero open P1 regressions, we will create a release candidate for 4.3.0, branch and announce the opening of Stage 1 for 4.4."

Full Story (comments: none)

Caml

Caml Weekly News

The January 29, 2008 edition of the Caml Weekly News is out with new articles about the Caml language.

Full Story (comments: none)

Lisp

SBCL 1.0.14 has been released

Version 1.0.14 of SBCL has been announced. "Steel Bank Common Lisp 1.0.14 has been released on 28 January 2007. This version revives OpenBSD support, adds a process exit hook, and fixes many bugs."

Full Story (comments: none)

Perl

This Week on perl5-porters (use Perl)

The January 13-19, 2008 edition of This Week on perl5-porters is out with the latest Perl 5 news.

Comments (none posted)

Perl 6 Design Meeting Minutes (use Perl)

The minutes from the January 23, 2008 Perl 6 Design Meeting have been published. "The Perl 6 design team met by phone on 23 January 2008. Larry, Allison, Patrick, Jerry, Will, Jesse, Nicholas, and chromatic attended."

Comments (none posted)

Python

Python-URL! - weekly Python news and links

The January 28, 2008 edition of the Python-URL! is online with a new collection of Python article links.

Full Story (comments: none)

Tcl/Tk

Tcl-URL! - weekly Tcl news and links

The January 24, 2008 edition of the Tcl-URL! is online with new Tcl/Tk articles and resources.

Full Story (comments: none)

Editors

ZEmacs: Version 5.0 (SourceForge)

Version 5.0 of ZEmacs has been announced. ZEmacs is: "A bundle of lisp extensions, largely original, for GNU Emacs with the goal to obtain a more user friendly and powerful interface. The new features include contextual tool bars, new TeX interface and much more. I am happy to announce the new version 5.0 of ZEmacs. The new release contains a huge number of bugfixes, improvements, and new packages."

Comments (none posted)

Libraries

iText: 2.0.8 released (SourceForge)

Version 2.0.8 of iText has been announced. "This library contains classes that generate documents in the Portable Document Format (PDF) and/or HTML. Whenever people think of PDF and Java, they think of iText. That's great, but it also involves a lot of responsibility: we have to keep on working on the product; fixing bugs, adding new functionality, making it a better product. The first thing that jumps in the eye with this new release, is the reorganization of the source code."

Comments (none posted)

Page editor: Forrest Cook

Linux in the news

Recommended Reading

The Non-Revocable GPL (Groklaw)

Groklaw has the scoop on the revocability of the GPL. Someone out there has been claiming that they are revoking the GPL for code that has already been released. "If you change your mind and don't want to use the GPL any more, you can stop and use something else on new code going forward, and you can dual license your own code, but you can't redo the past and pull back GPL'd code. That's one of the beauties of the GPL, actually, that even if some individual gets a bug up his nose, or dies and his copyright is inherited by his wife who doesn't care about the GPL and wants to take it proprietary, or just to imagine for a moment, a Megacorp were to buy off a GPL programmer and get him to pretend to revoke the GPL with threats, and even if it were to initiate a SCO-like bogo-lawsuit, it doesn't matter ultimately as to what you can and can't do with the GPL."

Comments (109 posted)

Companies

Barracuda turns to open source users for patent research (LinuxWorld)

LinuxWorld takes a look at Barracuda Networks, and its patent concerns. "Barracuda Networks CEO Dean Drako says his company won't license a virus scanning patent from Trend Micro, and he's going to users to help build Barracuda's case file of prior art—previous software products and documentation that could help invalidate the patent in court. Barracuda is launching a new section of its web site, "Legal Defense of Free and Open Source Software", to document the patent case and the company's prior art research."

Comments (3 posted)

The Complex Crux Of Wireless Warfare (washingtonpost.com)

The Washington Post reports on Boeing's development of a Linux-based combat system. "Future Combat Systems, or FCS, is a roughly $200 billion weapons program that military officials consider the most thorough modernization of the Army since World War II. It all depends on the software, under development by the Army's battalion of contractors, led by Boeing. The software is intended to do what military commanders have until now only dreamed about: give soldiers the power to communicate through a wireless network in near real time with hovering drones; remotely control robots to defuse bombs; fire laser-guided missiles at enemies on the move; and conduct a video teleconference in a tank rumbling about 40 mph in the haze of battle." (Thanks to Philip Webb).

Comments (17 posted)

More Linux-based laptops from Dell (vnunet)

Vnunet reports that Dell is extending sales of computers with Ubuntu preloaded. "Customers in the UK, Germany, France and Spain can purchase pre-loaded versions of Ubuntu Linux 7.10 with built-in DVD playback on the Dell XPS 1330n, in addition to the previously-released Inspiron 530n desktop system, according to an official Dell blog."

Comments (14 posted)

Linux Adoption

23,000 Linux PCs forge education revolution in Philippines (ComputerWorld)

ComputerWorld reports on Linux PCs for high-school students in the Philippines. "Providing high school students with PCs is seen as a first step to preparing them for a technology-literate future, but in the Philippines many schools cannot afford to provide computing facilities so after a successful deployment of 13,000 Fedora Linux systems from a government grant, plans are underway to roll out another 10,000 based on Ubuntu."

Comments (none posted)

Five reasons not to fear a $200 Linux PC (News.com)

News.com covers the recent availability of $200 Linux PCs. "Linux is not just for computer whizzes. In fact, buying Linux and learning how to use it are easier than ever, thanks to the open-source operating system's expanding presence in affordable computers and mainstream retail outlets. In quick succession, the number of mass-market, sub-$200 desktops has tripled--from one to three--in less than three months. At the Consumer Electronics Show in Las Vegas earlier this month, small form-factor PC maker Shuttle debuted its $199 KPC. The catch? It's not preloaded with Windows, but an operating system based on Linux."

Comments (12 posted)

Interviews

Beating Colossus: an interview with Joachim Schueth

The NetBSD Project has an interview with Joachim Schueth. "Joachim Schueth has beaten a reconstruction of the famous Colossus Mark II code breaking machine in November 2007. The Colossus computers were used in World War II to break the German encrypted messages. Equipped with a NetBSD-powered laptop and profound knowledge of cryptography and the Ada programming language, Schueth has won the code-cracking challenge. We talked with him about the historical and technical backgrounds of the Cipher Event and the tools he has used."

Comments (10 posted)

Reviews

openSUSE Build Service now supports Red Hat and CentOS (Linux-Watch)

Linux-Watch looks at the openSUSE build service. "The build service enables developers to build programs for different hardware platforms without a "compiler farm" of different hardware. It also provides automatic resolving of dependencies to other packages. If a program depends on another package, say a KDE application on a Trolltech Qt library, the KDE application will be rebuilt automatically if its Qt library is changed and rebuilt. This, in turn, takes much of the donkey work out of building applications for Linux."

Comments (none posted)

Toybox: Light-weight Linux box very useful (Computerworld NZ)

Computerworld NZ reviews the Asus EEE 701 PC. "I really like this little Linux-based machine, and I would find it very useful in my everyday life for checking email, updating Computerworld’s website and subediting stories from home, and writing quick stories from out in the field. But, sure, the keyboard is not designed for longer stints of typing. Weighing less than a kilogram, the Eee 701 is so small and light it fits in my small-to-medium-sized handbag, and that is a definitive plus. The machine features a 4GB solid-state drive, 512MB of memory and an Intel mobile processor. Storage can be expanded by using the SD card slot."

Comments (6 posted)

Page editor: Forrest Cook

Announcements

Non-Commercial announcements

CentOS Artwork SIG created

CentOS has announced the creation of the Artwork Special Interest Group. "The CentOS team is pleased to make computers more useful through the creation of the Artwork Special Interest Group (SIG). A SIG is a smaller group within the CentOS project that focuses on a small set of issues, in order to either create awareness or to focus development along a specific topic."

Full Story (comments: none)

OSA announces chapter in Europe

The Open Solutions Alliance (OSA) has announced plans to expand the organization's global footprint. The OSA will function under a chapter structure with its first new regional chapter planned to address the European open solutions market.

Full Story (comments: none)

Terra Soft Sponsors Inaugural International Short Film Festival

Terra Soft has announced their sponsorship of a short film festival. "Terra Soft is proud to sponsor the inaugural A3F International Short Film Festival, an exciting addition to the fourth year of the Almost Famous Film Festival 48 Hour Challenges. In Phoenix, Arizona, February 13-14, 2008, 17 independent films will be screened, including the World Premier of "Sympathetic Details," a film by Benjamin Busch from HBO's critically acclaimed series "The Wire.""

Full Story (comments: none)

Terra Soft requests funds for Kenyan orphanage

Terra Soft is sponsoring children at a Kenyan orphanage. "Following the controversial Presidential elections in December, Kenya is experiencing violence that has left an estimated quarter million people uprooted or homeless and several hundred dead. This week the Pistis Academy & Orphanage has received 30 new children whose parents have been killed or homes destroyed. While the Red Cross is working to sustain an estimated 2,000 people now given shelter in a ball park in Nakuru center, no additional funding has been offered by the Kenyan government to help support those new children at Pistis."

Full Story (comments: none)

Commercial announcements

Enea LINX Provides TIPC Alternative/Gains Backward-Forward Compatibility

Enea has announced the release of Enea LINX for Linux 2.0, which includes protocol and feature negotiation to enable seamless upgrades of system subsets with newer versions of the protocol. "This addition to the protocol ensures forward and backward compatibility with all future versions of LINX for Linux."

Full Story (comments: none)

Concurrent announces NightStar LX Tools for Ubuntu

Concurrent has announced a new generation of the NightStar LX debugging and analysis tools for the Ubuntu distribution. "NightStar is a powerful, integrated GUI tool set for developing and tuning time-critical applications on x86-based platforms. NightStar's advanced debugging features enable system builders to solve difficult problems quickly. The NightStar LX suite includes four tools -- the NightView(tm) source-level debugger, the NightTrace(tm) event analyzer, the NightProbe(tm) data monitor, and the NightTune(tm) system and application tuner."

Full Story (comments: none)

Nokia to acquire Trolltech

Nokia has announced the signing of an agreement to acquire Trolltech. "The acquisition of Trolltech will help Nokia accelerate its cross-platform software strategy for mobile devices and desktop applications, and develop its Internet services business. With Trolltech, Nokia and third party developers can develop applications that work in the Internet, across Nokia's device portfolio and on computers." More information is available on Trolltech's web site.

Comments (37 posted)

openSUSE Build Service expands support to Red Hat and CentOS

Novell, Inc. has announced an expansion of the openSUSE Build Service. "The openSUSE(R) Build Service, an innovative framework that provides an infrastructure for software developers to easily create and compile packages for multiple Linux* distributions, has extended its support to now build packages for CentOS and Red Hat* Enterprise Linux. The openSUSE Build Service already supports several Linux distributions including openSUSE, Ubuntu, SUSE(R) Linux Enterprise, Debian and others."

Comments (4 posted)

New Books

The Art and Science of JavaScript -- New from SitePoint

SitePoint has published the book The Art & Science of JavaScript by Michael Mahemoff, Cameron Adams, James Edwards, Dan Webb, Simon Willison, Ara Pehlivanian and Christian Heilmann.

Full Story (comments: none)

The Ruby Programming Language -- New from O'Reilly Media

O'Reilly has published the book The Ruby Programming Language by David Flanagan and Yukihiro Matsumoto.

Full Story (comments: none)

The Book of Wireless -- New from No Starch Press

No Starch Press has published the book The Book of Wireless, 2nd Edition by John Ross.

Full Story (comments: none)

Resources

TIOBE declares Python as programming language of 2007

The TIOBE Programming Community Index report lists Python as the language of the year for 2007. "Python has been declared as programming language of 2007. It was a close finish, but in the end Python appeared to have the largest increase in ratings in one year time (2.04%). There is no clear reason why Python made this huge jump in 2007. Last month Python surpassed Perl for the first time in history, which is an indication that Python has become the "de facto" glue language at system level. It is especially beloved by system administrators and build managers. Chances are high that Python's star will rise further in 2008, thanks to the upcoming release of Python 3."

Comments (3 posted)

Contests and Awards

Sun launches OpenOffice.org Community Innovation Program

Sun Microsystems Inc has announced the launch of the OpenOffice.org Community Innovation Program. "On 7 December 2007, Sun Microsystems Inc. announced a new million- dollar fund to foster innovation in six of the open-source projects it sponsors and contributes to. We are pleased to report that OpenOffice.org was included. The contest, which we have titled the OpenOffice.org Community Innovation Program, commences tomorrow, 30 January, and we invite OpenOffice.org Community members to participate."

Full Story (comments: none)

Surveys

FUDCon F9 Survey available

A FUDCon F9 survey is open until February 7. "The Fedora marketing team has posted a survey regarding FUDCon F9, held January 11-13, 2008 in Raleigh, NC. All community members are invited to participate, whether you attended or not. We expect to use these surveys in the future for additional FUDCon events, to make sure that the events are delivering as much value as possible to attendees and observers."

Full Story (comments: none)

Meeting Minutes

GNOME Board meeting minutes

The January 2, 2008 GNOME Board meeting minutes have been published.

Full Story (comments: none)

GNOME Board meeting minutes

The January 16, 2008 GNOME Board meeting minutes have been published.

Full Story (comments: none)

Calls for Presentations

Libre Software Meeting cfp

A call for contributions has gone out for the 2008 Libre Software Meeting. "The LSM (Libre Software Meeting) are an opportunity for all sort of public to come together around the free software. Over 5 days, conferences and workshops welcome everyone. This event is organized each year and for the 9th edition is hosted in the town of Mont de Marsan, from 1 to 5 July 2008." The submission deadline is February 8.

Full Story (comments: none)

Open for RailsConf Europe 2008 CFP

A call for participation has gone out for the Open for RailsConf Europe 2008, which will be held in Berlin, Germany. "RailsConf Europe taps into the dynamic energy of the growing Rails ecosystem. Co-produced by Ruby Central, Inc. and O'Reilly Media, Inc., the conference takes place September 2-4, 2008. True to the spirit of this community, RailsConf Europe is dedicated to everything Ruby on Rails. In attendance will be over 800 Ruby on Rails enthusiasts, web developers and programmers, IT managers tracking emerging technologies, open source developers and hackers, Tech-savvy entrepreneurs, users at every level (new, power, intermediate, advanced, expert) and others interested in web technologies and strategic implementation. The Call for Participation is open; speaking proposals must be received by March 18, 2008."

Full Story (comments: none)

OSDC.tw call for papers

A call for papers has gone out for the Open Source Developers' Conference, Taiwan. "The OSDC.tw 2008 will be on 12th-13th, April. The subject is "Innovation and Implementation" in this year. Please submit your papers with subject, extract and user profile." The submission deadline is February 15.

Comments (none posted)

Upcoming Events

Florida Linux Show in Jacksonville

The Florida Linux Show will be held in Jacksonville, Florida on February 11, 2008. "Reminder: Speakers, Exhibitors & Support still needed... time is getting short! They are looking for more Vendors, EDUs & Organizations that would like to setup a Booth. If you know folks in the area that would be interested in speaking or sponsoring an exhibit, please let us know asap. Perhaps a presentation or two could be recycled from FUDcon? There will be Gentoo & Ubuntu exhibits, it would be nice if someone could help represent Fedora, my favorite Laptop distro."

Full Story (comments: none)

Linux Audio Conference 2008: Registration now open

Registration has opened for the Linux Audio Conference 2008. "The Linux Audio Conference 2008 in Cologne (Feb 28th - Mar 2nd 2008) is just one month away now. The programme is shaping up, concerts are being organized and coffee is about to be ordered. To help us with planning the LAC2008 we kindly ask you to register now at the conference website."

Full Story (comments: none)

O'Reilly announces the Money:Tech Conference

O'Reilly has announced the Money:Tech Conference "O'Reilly Money:Tech takes place February 6-7, 2008 at the Waldorf-Astoria in New York, NY. The event brings together some of the most pioneering minds in the financial and computing community to frame the future of investing in challenging times." Read further for some news announcements that are planned for the event.

Full Story (comments: none)

OOoCon 2008 Call for Location - deadline extended

The call for location deadline for the 2008 OOoCon has been extended to February 10. "In response to a number of requests from organising teams, we have agreed to put back the deadline to midnight UTC February 10th. We will aim to open the community voting process a few days later, and announce the winning bid on March 1st."

Full Story (comments: none)

SCALE weighs in

The final preparations are being made for the Southern California Linux Expo, which begins on February 8. "The SCALE staff continue to put the final touches on SCALE 6x. There are a few places left in the SCALE U classes on Friday, February 8th. The tutorials are: "Open-Source Email Systems: One Approach to Spam Fighting" and "Introduction to Virtualization on Linux with Xen". Register for the tutorials via the regular SCALE registration process, and a SCALE Full Access pass will be included."

Full Story (comments: none)

Spring VON Conference - San Jose, CA

Pulvermedia has announced The Twelfth annual Spring VON.x Conference & Expo. The event will take place on March 17-20 in San Jose, CA. "The Industry's largest, longest-running, and most respected Internet communications event now adopts the VON.x brand, which signifies the inclusion of technologies such as IP-voice, IP-video, wireless, presence, instant messaging, social media, and many others that have enhanced and evolved the Internet communications industry."

Comments (none posted)

Events: February 7, 2008 to April 7, 2008

The following event listing is taken from the LWN.net Calendar.

Date(s)EventLocation
February 6
February 10		 O'Reilly Money:Tech Conference New York, NY, USA
February 7 Frozen Perl 2009 Minneapolis, United States
February 8
February 10		 Southern California Linux Expo Los Angeles, USA
February 10
February 13		 NDSS Symposium 2008 San Diego, CA, USA
February 11 Florida Linux Show 2008 Jacksonville, Florida, USA
February 11 Open Source Software (OSS) and the U.S. Department of Defense (DoD) Alexandria, VA, USA
February 13
February 15		 German Perl-Workshop Regionales Rechenzentrum Erlangen, Germany
February 16 Frozen Perl 2008 Workshop Minneapolis, USA
February 19
February 20		 Linux Developer Symposium Beijing, China
February 19
February 20		 Files and Backup London, UK
February 22
February 24		 freed.in/2008 Delhi, India
February 23
February 24		 Free/Open Source Developers' European Meeting 2008 Brussels, Belgium
February 23
February 26		 Linux World Mexico Mexico City, Mexico
February 25
February 26		 2008 Linux Storage and Filesystem Workshop San Jose, CA, USA
February 25
February 29		 NEW PHP 5 and PostgreSQL Bootcamp with Mark Fenoglio Atlanta, Georgia, USA
February 25
February 27		 German Perl Workshop Frankfurt, Germany
February 28
March 1		 Linux Audio Conference Cologne, Germany
March 1
March 2		 Chemnitzer Linux-Tage 2008 Chemnitz, Germany
March 3
March 6		 O'Reilly Emerging Technology Conference San Diego, CA, USA
March 3
March 6		 Drupalcon Boston 2008 Boston, MA, USA
March 4
March 9		 CeBIT Germany Hannover, Germany
March 8
March 14		 Asia OSS Conference & Showcase 2008 Guangzhou, China
March 11
March 12		 4th AustralAsian Cleantech Forum Melbourne, Australia
March 14
March 16		 PyCon 2008 Chicago, IL, USA
March 15 FSF Associate Members Meeting Cambridge, MA, USA
March 16
March 19		 BossaConference 2008 - International Conference on Open Source Software for Mobile Embedded Platforms Pernambuco, Brazil
March 16
March 21		 Novell BrainShare 2008 Salt Lake City, UT, USA
March 16
March 20		 Free Software and Open Source Foundation for Africa Dakar, Senegal
March 17
March 20		 Eclipse Community Conference Santa Clara, CA, USA
March 17
March 20		 Spring VON.x Conference San Jose, CA, USA
March 19
March 20		 LinuxWorld Expo 2008 Brussels Brussels, Belgium
March 24 SDForum Global Open Source Conference San Francisco, CA, USA
March 26
March 28		 CanSecWest 2008 Vancouver, BC, Canada
March 26 Document Freedom Day Everywhere, Worldwide
March 29
March 30		 PostgreSQL Conference East 2008 College Park, MD, USA
March 31
April 2		 UKUUG Spring 2008 Conference - Dynamic Languages Birmingham, England
March 31 2008 European Workshop on System Security Glasgow, Scotland
March 31
April 2		 UKUUG Spring 2008 Conference Birmingham, England
March 31
April 2		 Sharkfest Wireshark Network Analysis Summit Los Altos Hills, CA, USA
April 2 First meeting UKUUG PostgreSQL SIG Birmingham, England
April 3
April 4		 E-Mail Systems Conference 2008 (Exim and other mail systems) Birmingham, England
April 4
April 5		 openSUSE Packaging Days II IRC, Everywhere

If your event does not appear here, please tell us about it.

Audio and Video programs

SCALE on the Radio!

Gareth Greenaway, SCALE Operations Chair, and Orv Beach, SCALE Publicity Chair, will be on the Digital Village radio show. Digital Village is carried on KPFK (90.7 FM in the Los Angeles area), and streaming audio at www.kpfk.org. Tune in if you've got a moment!

Full Story (comments: 3)

Page editor: Forrest Cook

Copyright © 2008, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds