Our graphical interfaces, as implemented through the X Window System, are
designed around a single keyboard and a single mouse. But humans are
social creatures who want to work together and share systems; they also
tend to design their activities around the fact that we have two hands.
Moving X out of the single-device model is not a task for the faint of
heart, but Peter Hutterer is making a go of it. His LCA talk on
multi-pointer X was an
interesting update on where this work stands.
The X device model is based on the idea of a core keyboard and a core
pointer. Even in a situation where multiple input devices are present (a
second mouse plugged into a laptop, say), the application still only sees a
single, core device. There is no way to tell, using these core devices,
which physical device generated any given event. This, of course, will be
an obstacle for any application wanting to provide multi-device support.
As it happens, the XInput extension has
provided basic
multiple-device support for many years. XInput events look much like core
device events, except that (1) applications must register to receive
them separately, and (2) they include an ID number identifying the
device which generated the event. XInput does not solve the problem by
itself, though, for a couple of reasons. Beyond the fact that it does not
provide a way for users to specify how different devices should be handled,
XInput suffers from the little difficulty that approximately 100% of X
applications do not make use of it. So nobody is listening to all those
nice XInput events with associated device IDs. The one exception Peter
mentioned is the
GIMP, which uses XInput to deal with tablets.
Of course, multiple devices work on current systems; that is because the X
server also generates core events for all devices. That causes the device
ID to be lost, but, since applications do not care, this is not a problem,
for now. But it does mean that we are still stuck in a world where systems have
a single pointer and a single keyboard.
Luckily for us, says Peter, multi-pointer X is on the horizon. MPX extends
X through the creation of the concept of "master" and "slave" devices.
Master devices are those which generate events seen by MPX-aware clients;
they are virtual devices which can be created and destroyed by the user at
will. Slave devices, instead, correspond to the physical devices attached
to the system. Through the use of a modified xinput command,
users can create masters and attach specific slaves to them.
In the MPX world, one of three things will happen whenever something is
done with a physical (slave) device:
The X server will create an XInput event from the slave device and
deliver it to any applications which have asked for such events.
If that event is not delivered (because nobody was interested), a core
event from the associated
master device is created and queued for delivery.
If the event is still undelivered, the server will create an
XInput event from the master device to which the slave is attached and
attempt to deliver that.
The end result is a scheme where multiple devices still work as expected
with non-MPX-aware applications. But when an application which does take
advantage of MPX shows up, it will have access to the real information about what
the user is doing.
Peter ran a demo of some of the things he was able to do. By default,
there is still only one pointer and one keyboard. Once a new master is
created, though, and slave devices attached to it, things get more
interesting. Two mouse pointers exist on the screen, each of which can be used
independently. It's possible to be typing into two separate windows at the
same time. Or, with the right window manager, the user can move windows
simultaneously, or resize a window by grabbing two corners at the same
time. It was great fun to watch.
MPX brings with it an API which can be used with multi-device
applications. When applications use it, says Peter, the result is "eternal
happiness." That just leaves the problem of "the other 100%" of the
application base which lacks this awareness. To a certain extent, things
just work, even when independent pointers are used in the same
application. There are some exceptions, though, which have required some
workarounds in the system.
For example, applications typically respond when the pointer enters a
specific window - illuminating a button within the application, for
example. Things work fine when two pointers enter that button. But,
likely as not, once the first pointer leave the button, it will go dark and
refuse to respond to events from the other pointer. The solution is to
nest enter and leave events, so that only the first entry is reported to
the application, and only the final exit. Another problem results when a
mouse button is pushed while another button is being held down (for a drag operation,
perhaps) on a different device. Do that within Nautilus, and the
application simply locks up - not the eternal happiness Peter was hoping
for. So, when the application holds a grab on one
device (as happens when buttons are held down), no other button events will
be reported. Also problematic is what to do when the application asks
where the pointer is: which pointer should be reported? In this case, the
server simply assigns one pointer as the one to report on. All of this
makes standard applications work - almost all the time.
Some interesting problems remain, though. How, for example, should a
window manager place new windows in a multi-user, multi-device situation?
Users will want their windows in their part of the display space, but the
window manager has no real way of knowing where that is - or even which
user the window "belongs" to. In general, the
whole paradigm under which desktop applications have been developed is
unprepared to deal with a multi-device world.
Things will get worse as more types of input devices enter the picture.
Touch screens are bad enough; they have no persistent state, so things
change every time the user touches the device. But touch screens of the
future will report multiple touch points simultaneously, and each of those
will have attributes like the area of the touch, the pressure being
applied, etc. Perhaps the device will sense elevation - a third dimension
above the device itself.
All of this is going to require a massive rethinking of how our
applications work. There are going to be a lot of big problems. But that,
says Peter, is what happens when one explores new areas. One gets the
sense that he is looking forward to the challenge.
One of the mini-confs which happened ahead of linux.conf.au proper was the
"distribution summit," meant to be a place where representatives and users
of all distributions could talk about issues of interest to all. The
highlight of this event, perhaps, was Jeff Waugh's talk on
disintermediating distributions - or, as he rephrased it, "distributed
distributions." If his ideas take hold, they could be the beginning of a
new relationship between free software projects and their users.
It all started, says Jeff, some years ago, when he ran into Mark
Shuttleworth fresh from a visit to Antarctica. Mark's pitch, says Jeff,
"sounded like crack" at the time. By 2003 or so, it just didn't seem like
there was a whole lot of room for a new distribution. But Mark had some
interesting ideas, and Jeff signed on; the result, of course, was Ubuntu.
Ubuntu has clearly had some success, but, in some important ways, it has
failed to work out - at least for Jeff. He found himself distracted by Ubuntu's lack of
participation in Debian, from which it derived its product. There was
a real tension between tracking Debian and tracking upstream projects
more directly. Despite Jeff's insistence that Ubuntu should be tracking
(and pushing updates into) Debian's unstable distribution, Ubuntu often
chose to go with upstream, resulting in what is, in effect, a fork of the
Debian distribution - in terms of both the technology and the community.
What Ubuntu was doing was taking upstream packages, modifying them,
bringing in shiny new features, and generally looking for ways to
differentiate itself from the other distributors. So, for example, the
first Ubuntu release contained a great deal of Project Utopia work (aimed
at making hardware "just work" with Linux) which had been done by
developers from other distributions; Ubuntu shipped it first, though, and
got a lot of credit for it. Novell's behind-closed-doors development of
Xgl was motivated primarily by the wish to keep Ubuntu from shipping it
first. Meanwhile, Red Hat had slowly learned that trying to differentiate
itself by diverging from upstream was a path to pain. So Red Hat's
developers created AIGLX,
in an open, community oriented manner; the result is that AIGLX has proved
to be the winning technology.
Events like these led Jeff to wonder about just where the integration
of packages should be done - upstream or downstream? From Jeff's
(GNOME-based) upstream point of view, he wonders why he doesn't have a
direct relationship with his users. While most projects deliver their code
through middlemen (distributors), there is an example of a project which
has managed to maintain a much more direct relationship: Firefox. Most
Firefox users are direct clients of the project - though most of them are
Windows users. The Firefox trademark has been used to ensure that, even
when distributors are involved, the upstream developers get a say in what
is delivered to users.
So, what happens if you take out the middleman? It's instructive to look
back at what life was like before there were distributors. It was, Jeff
says, much like pigs playing in mud; perhaps they enjoyed it, but it was
messy. There are, in fact, a lot of good things that distributors have
done for us. You can get a fully integrated stack of software from one
source, and the distributor acts, in a way, as the user's advocate toward
the upstream project. We don't want to lose out on all that.
But, if one were to look at facilitating a more direct relationship between
development project and their users, one would want to take advantage of a
number of maturing technologies. These include:
OpenID. Any process of distributing distributions must look at
distributed identity, and OpenID is the way to do it.
DOAP. "Sounds terrible" but it's a useful way of describing a project
with XML. With a DOAP description, a user can find a project's
mailing lists, bug tracker, source repository, etc.
Atom. This is how projects can distribute information about what they
are doing.
XMPP. This is a Jabber-based message queueing and presence protocol.
It can be used to more active publishing of information than Atom can
do.
Distributed revision control. Lots of functionality for integration
between projects, and between upstream and downstream. Jeff sees git
as a step backward, though; some
of the other offerings, he thinks, have much better user interfaces.
Also important are the packaging efforts which are underway in a
number of places. These include Fedora, which is "becoming competitive
with Debian" as a community project. OpenSUSE has put together a build
system which can create packages for a number of distributions. Debian has
had a community build system for years; there is interest in Debian in
going the next step, though - ideas like building packages directly from a
distributed version control system. Ubuntu's Launchpad was "a spectacular
vision," though the reality is "a bit of a snore"; it didn't achieve its
goal of helping upstream and downstream work together.
Then there's Bugzilla, which is the "bug filing gauntlet" between projects
and their users. The Debian bug tracking system has done a better job of
facilitating bug reports by
allowing them to be submitted by email. But most big projects are
using Bugzilla. It would be much improved by using OpenID (so that users
would not have to register to file bugs) and some sort of Atom-based feed
which would make querying bugs easy.
If you take out the distribution, what do you replace it with? How do we
achieve consistency? We need to create standards for how we interact with
each other. And we can, in fact, be very good at consistency and standards
when the need
is clear. Good release management is a step toward that goal. GNOME once
had very bad release management, but has pulled it together. Doing
time-based releases was a hard sell, but few developers would want anything
else now. Now GNOME release management just works.
Consistency in source management is needed. Once upon a time that was done
through CVS, but CVS is no longer up to the job, and now every project is using
a different distributed version control system. But, sooner or later, one
of the competing projects will win out and "hopefully we'll have clarity
again." Autotools and pkgconfig can also go a long way toward creating
consistency between projects.
So, if we can push the available tools up into the upstream projects, those
projects can get better at producing packages for distributions themselves.
Once the tools (like bug trackers) can talk to each other, people will
start making more use of them and network effects will take over. But, at
the moment, the knowledge about integration remains at the distribution
level.
Debian, Jeff thinks, is well placed to take on a project like this
and push its integration knowledge upstream. While Debian has typically
been ten years ahead of everybody else in its packaging and integration
abilities, it currently has a "relevancy problem." Finding ways to help
upstream projects support their users more directly while maintaining
overall integration and consistency would be a perfect way for Debian to
maintain its leadership in this area. That could change the game
for everybody, bringing projects closer to their users and making us all
"happy as pigs in mud."
linux.conf.au has an interesting structure which differentiates it from
most other events. Every year, a completely new set of organizers takes
over the event, moves it to a new city, and puts its own stamp on it.
They have a great deal of freedom in how they run LCA, but there is still a
group of Linux Australia members and past organizers who keep an eye on
things and help ensure that the event does not run into problems. The
result is a conference which has a lot of fresh energy every year, but
which is also reliably interesting. Many attendees consider it to be one
of the best Linux events to be found anywhere in the world.
This year, LCA was held in Melbourne, Australia; the organizing team was
led by Donna Benjamin. The now-familiar LCA formula was followed, but with
some small changes. The tutorial day is no more, replaced by relatively
short tutorial sessions on each day. The traditional auction for charity
was also gone this year; instead, a raffle (with Greg Kroah-Hartman's 2.6.22 contributor poster as the
main prize) yielded some $1000 for a local penguin refuge. The raffle was
certainly a lower-pressure, less alcohol-fueled way of raising money, but
LCA without Rusty Russell as auctioneer just isn't quite the same. That
quibble notwithstanding, LCA 2008 was an interesting, well-organized, and
well-attended event. Ms. Benjamin and company have certainly upheld the
standards for this conference.
A number of LCA talks have been covered in separate LWN articles, and a few
more may yet follow. This article will quickly review a few other high
points, as seen from your editor's perspective. It's worth noting that
videos for almost all of the talks have been posted on the conference web
site.
Certainly one high point came on January 30, the day that LWN
celebrated its tenth anniversary. The crowd sang a rousing - if not
entirely harmonious - version of "happy birthday" after Bruce Schneier's
keynote. The following morning tea featured special LWN muffins; they
were, much to your editor's delight, of the intense chocolate variety. It
is hard to imagine a better place or time to celebrate to celebrate ten years of
LWN.
While most LCA presentations are quite technical in nature, there are
exceptions. Australian lawyer Kimberlee Weatherall's talk on legal issues
was called "Stop in the name of law"; it covered a number of topics of
interest to a global audience. Kimberlee, it's worth noting, was the
recipient of the "Rusty Wrench" award for service to the free software
community at last year's LCA in Sydney.
The Digital Millennium Copyright Act, she noted, is ten years old now. At
this point, the debate on its anti-circumvention provisions is essentially
done, and anti-circumvention has won; she is not expecting to see any major
changes in countries which have adopted such laws. The music industry may
be moving away from use of DRM, but "they were never very good at it
anyway." DRM is still going strong in other areas, such as movies and
subscription television.
Similarly, the fight to end software patents is over, and we have lost.
There are incredible numbers of software patents issued every year; every
one of those patents represents a significant investment by its owner. The
total amount of investment in these patents is huge; that amount of money
is almost impossible to displace. It is also very hard to define what a
software patent really is; there are thousands of them in Europe, which
ostensibly does not allow software patents. No matter how the rules are
written, lawyers will find a way around them.
What is happening on the patent front, instead, is a more constructive
engagement with the process. Some reform is happening in the US, as a
result of the KSR decision and various attempts to mitigate the costs
associated with patents. So the situation might improve slowly over time.
GPLv3 is out. It now has to pass two tests: the market test (will projects
use it?) and any legal tests which might be brought. Kimberlee expressed
some doubts on whether GPLv3 will really hold up in court, but did not
elaborate on them.
There is a new threat out there which we should not underestimate: the push
to force copyright enforcement duties onto ISPs. This effort takes two
forms: getting "infringers" disconnected, and requiring ISPs to filter data
passing through their networks. There are a lot of problems with either
approach, but that is not stopping the industry (and others, such as
anti-porn crusaders) from pushing hard for ISP responsibility. This is a
fight to watch.
So what should the free software community do? Not much, says Kimberlee,
except to keep coding. The production of good code brings us allies with
money, and that's what we're going to need. As long as we are successful,
people will go out of our way to protect us. Keep doing what we do, and
things should come out OK.
Anthony Baxter is the Python release manager; he was also the keynote
speaker for the third day of the conference. He is, to say the least, an
entertaining speaker, so this would be a good one to watch on video. The
talk was about coming changes in Python, and Python 3.0 in
particular. The 3.0 release, he says, is "the one where we break all of
your code." It's the first backward-incompatible update of the language
(at least, if you don't deal in C extension modules).
There are a lot of changes to the language which your editor will not
repeat here; they are well documented on the Python web sites. As noted,
many of these changes will cause existing code to break. This is being
done, says Anthony, because the Python language is now 16 years old. Like
all 16-year-olds, it has a number of annoying features. It's time to clean
out a lot of accumulated cruft and get back to the minimal, "there is one
way to do it" vision that has always driven the language.
Perhaps what's most interesting is what won't be done. The language
will not be bloated - it will stay Python. There will be no braces; white
space will still be used to mark blocks of code. The much-criticized
global interpreter lock will remain. And, importantly, this will be an
incremental (if big) update - there will be no overall rewrite of the
interpreter. The experience of certain other projects (being Perl 6
and Mozilla) shows that total rewrites tend to be much longer, more painful
affairs than anybody might envision at the outset.
There will be migration tools, of course, and warnings built into the
forthcoming 2.6 release which will point out things that may cause
migration difficulties. The 2.x series will be supported for some years
into the future. And, says Anthony, there will be no Python 4.0 release.
This is their one chance to break everything and start over, and they plan
to get it right this time.
Dave Jones is the head maintainer for the Fedora kernel. At LCA 2008 he
took a break from pointing out user-space problems and talked about "a day
in the life of a distribution kernel maintainer." The real subject of the
talk was the process that the Fedora project goes through to put together
the kernels they ship.
There are currently three developers working on the Fedora kernel (Dave,
Chuck Ebbert, and Kyle McMartin), and "several dozen" working on the
RHEL kernels. Most of the RHEL folks are doing backports of fixes,
drivers, etc. to the older kernels used by RHEL releases.
Once a kernel has been chosen for release, it's time to start adding
patches. Some interesting numbers were put up at this point. Red Hat
Linux 7 had 70 patches added to its 2.2.24 kernel. That number went
slowly up, to the point where Fedora Core 6 had 191 patches. There
are currently 63 patches added to the Fedora 8 kernel, though that may
grow over the life of this release. By comparison, RHEL 5 is shipping
a 2.6.18 kernel with 1628 patches added to it - a very different world.
There's all kinds of patches which go into a distributor kernel. These
include security technologies (ExecShield) which have not made it into the
mainline, changes to some default parameters, the silencing of certain
"scary messages" which tend to provoke lots of needless bug reports,
out-of-tree drivers, patches which help debug problems found in the field,
stuff which has been vetoed upstream, and more. Then it's a matter of
putting the package and dealing with the subsequent bug reports - lots of
them.
The closing ceremony included the traditional introduction of the organizer
for next year's event. This event will go, for the first time ever, to
Hobart, Tasmania; see MarchSouth.org
for more information. There is some information on what this team is
planning in the bid
document [1.6MB PDF]; your editor is intrigued by the following:
"The official Speakers' Dinner will be held at a mystery location
south of Hobart following a 40 minute river cruise on a high speed luxury
catamaran." It's never too soon to get that talk proposal
together.
Finally, the last few LCA events have included the passing of the "Rusty
Wrench" award to somebody who has performed a great service to the
community. Recipients so far are Rusty Russell (after whom the award is
named), Pia Waugh, and Kimberlee Weatherall. The Rusty Wrench was not
awarded at LCA2008, though. It seems that, in the future,
the Rusty Wrench will be part of an extensive set of awards which will be
handed out at a separate "gala dinner" event held in the (Australian)
winter. The awarding of the Rusty Wrench was a nice LCA feature which will
be missed, but, then, there are advantages to having another excuse to
visit Australia.
Making the programs in a distribution more resistant to exploits—a
process known as hardening—is a fairly common way to reduce the
attack surface for the distribution. Many distributions have made
an effort in this area, with some adding in an overall security architecture, like
AppArmor for SUSE or SELinux for Red Hat and Fedora distributions.
Debian is currently looking at enabling some hardening features,
potentially throughout a large swath of packages that it distributes. The
features being considered and the concerns raised provide an interesting
look at the tradeoffs.
A posting to
debian-devel-announce regarding hardening features for Lenny started
the conversation. Those packages that are most susceptible—network services, packages that parse files from
untrusted sources, or those that have been the subject of a security
alert—should enable a set of security tools that will help deflect
attacks against them. Various attacks rely upon certain characteristics of
Linux binaries that allow them to be exploited. By altering the way the
binaries are built, those particular threats can be mitigated.
The experimental hardening-wrapper
package makes enabling the various toolchain differences as easy as setting
DEB_BUILD_HARDENING=1 in the environment. This will change
gcc, g++, and ld to use the desired flags when
building packages. Each hardening feature can also be disabled separately
by setting DEB_BUILD_HARDENING_xyzzy=0 (where xyzzy is the name of
a hardening feature) if they cause build or
performance problems for a particular package.
The specific features enabled are described in the original posting as well
as with more detail on the Debian wiki entry for
Hardening. They are:
using -Wformat to catch printf() family calls that do
not have a string literal for the format string which can lead to problems
if the argument came from an untrusted source and contains format specifiers.
using -D_FORTIFY_SOURCE_ to validate glibc calls such as
strcpy() when the buffer sizes are known at compile time, which
can help stop buffer overflow attacks.
using -fstack-protector to thwart most stack smashing attacks.
creating Position Independent Executables (PIE) which facilitates using
the Address Space Layout Randomization that is available in some kernels.
This makes it difficult for an attacker to have any knowledge of what the
addresses for the program's sections will look like.
using ld -z relro to change certain sections to be read-only
once ld has made its modifications while loading the program. This can
thwart attacks that try to overwrite the Global Offset Table (GOT).
From the Debian advisory: "r0t" discovered that gnatsweb, a web interface to GNU GNATS, did not
correctly sanitize the database parameter in the main CGI script. This
could allow the injection of arbitrary HTML, or javascript code.
GOffice is vulnerable to buffer overflows and memory corruption in PCRE.
If an attacker can convince a user to open specially crafted documents,
it may be possible to execute arbitrary code, disclose information
or cause a denial of service.
The kazehakase web browser is vulnerable to buffer overflows and
memory corruption in PCRE. If a remote attacker can convince a user to
open specially crafted bookmarks, it can lead to the
execution of arbitrary code, denial of service or
arbitrary information disclosure.
From the Red Hat advisory: A flaw was found in the way the Red Hat
Enterprise Linux 4 kernel handled page faults when a CPU used the NUMA
method for accessing memory on Itanium architectures. A local unprivileged
user could trigger this flaw and cause a denial of service (system panic).
A possible NULL pointer dereference was found in the chrp_show_cpuinfo
function when using the PowerPC architecture. This may have allowed a local
unprivileged user to cause a denial of service (crash).
From the CVE entries: Perl-Compatible Regular Expression (PCRE) library
before 6.7 allows context-dependent attackers to cause a denial of service
(error or crash) via a regular expression that involves a "malformed POSIX
character class", as demonstrated via an invalid character after a [[
sequence. Perl-Compatible Regular Expression (PCRE) library before 6.7
does not properly calculate the compiled memory allocation for regular
expressions that involve a quantified "subpattern containing a named
recursion or subroutine reference," which allows context-dependent
attackers to cause a denial of service (error or crash).
From the Fedora advisory: A potential remote exploit was found in the bdecode_recursive routine that
could trigger a stack overflow when passed malformed message data.
From the Gentoo alert:
Miroslav Lichvar discovered that the "xdg-open" and "xdg-email" shell
scripts do not properly sanitize their input before processing it.
A remote attacker could entice a user to open a specially crafted link
with a vulnerable application using Xdg-Utils (e.g. an email client),
resulting in the execution of arbitrary code with the privileges of the
user running the application.
Adobes acrobat reader has the following vulnerabilities:
The Adobe Reader Plugin has a cross site scripting vulnerability that
can be triggered by processes malformed URLs. Arbitrary JavaScript can
be served by a malicious web server, leading to a cross-site scripting
attack.
Maliciously crafted PDF files can be used to trigger two vulnerabilities,
if an attacker can trick a user into viewing the files, arbitrary code
can be executed with the user's privileges.
From the Mandriva advisory: "The recall_headers function in mod_mem_cache in Apache 2.2.4 does not
properly copy all levels of header data, which can cause Apache to
return HTTP headers containing previously-used data, which could be
used to obtain potentially sensitive information by unauthorized users."
The Apache HTTP Server did not verify that a process was an Apache child
process before sending it signals. A local attacker who has the ability to
run scripts on the Apache HTTP Server could manipulate the scoreboard and
cause arbitrary processes to be terminated, which could lead to a denial of
service. (CVE-2007-3304)
A flaw was found in the Apache HTTP Server mod_status module. Sites with
the server-status page publicly accessible and ExtendedStatus enabled were
vulnerable to a cross-site scripting attack. On Red Hat Enterprise Linux
the server-status page is not enabled by default and it is best practice to
not make this publicly available. (CVE-2006-5752)
From the Red Hat advisory: "A bug was found in Apache where an invalid Expect header sent to the server
was returned to the user in an unescaped error message. This could
allow an attacker to perform a cross-site scripting attack if a victim was
tricked into connecting to a site and sending a carefully crafted Expect
header."
A flaw was found in the mod_imap module. On sites where mod_imap was
enabled and an imagemap file was publicly available, a cross-site scripting
attack was possible. (CVE-2007-5000)
A flaw was found in the mod_status module. On sites where mod_status was
enabled and the status pages were publicly available, a cross-site
scripting attack was possible. (CVE-2007-6388)
A flaw was found in the mod_proxy_ftp module. On sites where mod_proxy_ftp
was enabled and a forward proxy was configured, a cross-site scripting
attack was possible against Web browsers which did not correctly derive the
response character set following the rules in RFC 2616. (CVE-2008-0005)
cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value.
A flaw was found in the mod_proxy module. On sites where a reverse proxy is
configured, a remote attacker could send a carefully crafted request that
would cause the Apache child process handling that request to crash. On
sites where a forward proxy is configured, an attacker could cause a
similar crash if a user could be persuaded to visit a malicious site using
the proxy. This could lead to a denial of service if using a threaded
Multi-Processing Module. (CVE-2007-3847)
A flaw was found in the mod_autoindex module. On sites where directory
listings are used, and the AddDefaultCharset directive has been removed
from the configuration, a cross-site-scripting attack may be possible
against browsers which do not correctly derive the response character set
following the rules in RFC 2616. (CVE-2007-4465)
Tilghman Lesher discovered that the logging engine of Asterisk, a free
software PBX and telephony toolkit, performs insufficient sanitizing of
call-related data, which may lead to SQL injection.
Red Hat Enterprise Linux 5 and Fedora install the Bind /etc/rndc.key file
with world-readable permissions, which allows local users to perform
unauthorized named commands, such as causing a denial of service by
stopping named.
Off-by-one error in the inet_network function in libc in FreeBSD 6.2, 6.3,
and 7.0-PRERELEASE and earlier allows context-dependent attackers to cause
a denial of service (crash) and possibly execute arbitrary code via crafted
input that triggers memory corruption.
From the Ubuntu alert:
Will Drewry and Tavis Ormandy discovered that the boost library
did not properly perform input validation on regular expressions.
An attacker could send a specially crafted regular expression to
an application linked against boost and cause a denial of service
via application crash.
A vulnerability in Cacti 0.8.6i and earlier versions allows remote
authenticated users to cause a denial of service (CPU consumption) via
large values of the graph_start, graph_end, graph_height, or graph_width
parameters.
Cairo has an integer overflow vulnerability in the PNG image processing
code. If a user processes a specially crafted PNG image with an
application that is linked against cairo, arbitrary code can be executed
with the user's privileges.
A NULL pointer dereference has been discovered in the RAR VM of Clam
Antivirus (ClamAV) which allows user-assisted remote attackers to
cause a denial of service via a specially crafted RAR archives.
Several remote vulnerabilities have been discovered in the Clam anti-virus
toolkit. The Common Vulnerabilities and Exposures project identifies the
following problems:
CVE-2007-4510:
It was discovered that the RTF and RFC2397 parsers can be tricked
into dereferencing a NULL pointer, resulting in denial of service.
CVE-2007-4560:
It was discovered clamav-milter performs insufficient input
sanitizing, resulting in the execution of arbitrary shell commands.
Richard Harms discovered that cpio did not sufficiently validate file
properties when creating archives. Files with e. g. a very large size
caused a buffer overflow. By tricking a user or an automatic backup
system into putting a specially crafted file into a cpio archive, a
local attacker could probably exploit this to execute arbitrary code
with the privileges of the target user (which is likely root in an
automatic backup system).
The Vixie cron daemon does not check the return code from setuid(); if that call can be made to fail, a local attacker may be able to execute commands as root.
Will Drewry of the Google Security Team discovered several buffer overflows
in cscope, a source browsing tool, which might lead to the execution of
arbitrary code.
A buffer overflow in Cscope 15.5, and possibly multiple overflows, allows
remote attackers to execute arbitrary code via a C file with a long
#include line that is later browsed by the target.
Previous versions of the cups package could be forced to hang via a client
"partially negotiating" an ssl connection. In this state, cups would not
allow other connections to be made, a denial of service.
Buffer overflow in CUPS in Apple Mac OS X 10.4.11 allows local admin users to execute arbitrary code via a crafted URI to the CUPS service.
From the rPath advisory:
Previous versions of the cups package contain a buffer-overflow
weakness. It is not believed that this weakness can be exploited
to execute malicious code.
The cups 1.3.5 release fixes a number of vulnerabilities in the PDF filters. Additionally, there is a buffer overflow in the SNMP code and a temporary file vulnerability.
Thomas de Grenier de Latour discovered that the checkrestart program included
in debian-goodies did not correctly handle shell meta-characters. A local
attacker could exploit this to gain the privileges of the user running
checkrestart.
The internationalization (i18n) framework in Django 0.91, 0.95, 0.95.1, and 0.96, and as used in other products such as PyLucid, when the USE_I18N option and the i18n component are enabled, allows remote attackers to cause a denial of service (memory consumption) via many HTTP requests with large Accept-Language headers.
From the rPath advisory: "Previous versions of the dovecot package are vulnerable to a
minor privilege escalation attack in which an authenticated
user may exploit an ACL plugin weakness to save message flags
without having proper permissions."
Directory traversal vulnerability in index/mbox/mbox-storage.c in Dovecot
before 1.0.rc29, when using the zlib plugin, allows remote attackers to
read arbitrary gzipped (.gz) mailboxes (mbox files) via a .. (dot dot)
sequence in the mailbox name.
Dovecot has multiple vulnerabilities including an issue involving the
confusion between LDAP-authenticated logins across users with the
same password and a denial of service involving a connecting user.
Rafal Wojtczuk of McAfee AVERT Research discovered that e2fsprogs,
ext2 file system utilities and libraries, contained multiple
integer overflows in memory allocations, based on sizes taken directly
from filesystem information. These could result in heap-based
overflows potentially allowing the execution of arbitrary code.
A stack-based buffer overflow in mod/server.mod/servrmsg.c in Eggdrop
1.6.18, and possibly earlier, allows user-assisted, malicious remote IRC
servers to execute arbitrary code via a long private message.
Arnaud Giersch discovered that elinks incorrectly attempted to load
gettext catalogs from a relative path. If a user were tricked into
running elinks from a specific directory, a local attacker could execute
code with user privileges.
The elinks text-mode browser has an arbitrary file access vulnerability
in the Elinks SMB protocol handler. If a user can be tricked into
visiting a specially crafted web page, arbitrary files may be read or
written with the user's permissions.
From the original Debian problem report: "In Debian's version of GNU Emacs 22.1+1-2, the `hack-local-variables'
function does not behave correctly when `enable-local-variables' is
set to :safe. The documentation of `enable-local-variables' states
that the value :safe means to set only safe variables, as determined
by `safe-local-variable-p' and `risky-local-variable-p' (and the data
driving them), but Emacs ignores this and instead sets all the local
variables." When this setting (which is not the default) is in effect, opening a hostile file could lead to the execution of arbitrary commands.
A format string error in the "write_html()" function in calendar/gui/
e-cal-component-memo-preview.c when displaying a memo's categories can
potentially be exploited to execute arbitrary code via a specially crafted
shared memo containing format specifiers.
The APOP protocol allows remote attackers to guess the first 3 characters
of a password via man-in-the-middle (MITM) attacks that use crafted message
IDs and MD5 collisions. NOTE: this design-level issue potentially affects
all products that use APOP, including (1) Thunderbird, (2) Evolution, (3)
mutt, and (4) fetchmail.
From the Gentoo advisory: Meder Kydyraliev (Google Security) discovered that Exif metadata is not
properly sanitized before being processed, resulting in illegal memory
access in the postprop() and other functions (CVE-2007-6354). He also
discovered integer overflow vulnerabilities in the parsetag() and other
functions (CVE-2007-6355) and an infinite recursion in the readifds()
function caused by recursive IFD references (CVE-2007-6356).
Integer overflow in exif.cpp in exiv2 library allows context-dependent attackers to execute arbitrary code via a crafted EXIF file that triggers a heap-based buffer overflow.
fetchmail before 6.3.9 allows context-dependent attackers to cause a denial of service (NULL dereference and application crash) by refusing certain warning messages that are sent over SMTP.
The Firebird DBMS has a buffer overflow vulnerability involving
the processing of connect requests with an overly large p_cnct_count
value. Remote attackers can send a specially crafted
request to the server in order to potentially execute arbitrary code with
the permissions of the Firebird user.
A flaw was discovered in handling of "about:blank" windows used by
addons. A malicious web site could exploit this to modify the contents,
or steal confidential data (such as passwords), of other web pages.
(CVE-2007-3844)
Jesper Johansson discovered that spaces and double-quotes were
not correctly handled when launching external programs. In rare
configurations, after tricking a user into opening a malicious web page,
an attacker could execute helpers with arbitrary arguments with the
user's privileges. (CVE-2007-3845)
A cross-site scripting flaw was found in the way Firefox handled the
jar: URI scheme. It was possible for a malicious website to leverage this
flaw and conduct a cross-site scripting attack against a user running
Firefox. (CVE-2007-5947)
Several flaws were found in the way Firefox processed certain malformed web
content. A webpage containing malicious content could cause Firefox to
crash, or potentially execute arbitrary code as the user running Firefox.
(CVE-2007-5959)
A race condition existed when Firefox set the "window.location" property
for a webpage. This flaw could allow a webpage to set an arbitrary Referer
header, which may lead to a Cross-site Request Forgery (CSRF) attack
against websites that rely only on the Referer header for protection.
(CVE-2007-5960)
shutdown and moz_bug_r_a4 reported two separate ways to modify an
XPCNativeWrapper such that subsequent access by the browser would result in
executing user-supplied code. (CVE-2007-3738)
Michal Zalewski reported that it was possible to bypass the same-origin
checks and read from cached (wyciwyg) documents It is possible to access
wyciwyg:// documents without proper same domain policy checks through the
use of HTTP 302 redirects. This enables the attacker to steal sensitive
data displayed on dynamically generated pages; perform cache poisoning; and
execute own code or display own content with URL bar and SSL certificate
data of the attacked page (URL spoofing++). (CVE-2007-3656)
Internet Explorer calls registered URL protocols without escaping quotes
and may be used to pass unexpected and potentially dangerous data to the
application that registers that URL Protocol. (CVE-2007-3670)
Ronald van den Heetkamp reported that a filename URL containing %00
(encoded null) can cause Firefox to interpret the file extension
differently than the underlying Windows operating system potentially
leading to unsafe actions such as running a program. This is only
accessible locally. (CVE-2007-3285)
An attacker can use an element outside of a document to call an event
handler allowing content to run arbitrary code with chrome
privileges. (CVE-2007-3737)
Ronen Zilberman and Michal Zalewski both reported that it was possible to
exploit a timing issue to inject content into about:blank frames in a
page. When opening a window from a script, it is possible to spoof the
content of the newly opened window's frames within a short time frame,
while the window is loading. (CVE-2007-3089)
Mozilla contributor moz_bug_r_a4 demonstrated that the methods
addEventListener and setTimeout could be used to inject script into another
site in violation of the browser's same-origin policy. This could be used
to access or modify private or valuable information from that other
site. (CVE-2007-3736)
As part of the Firefox 2.0.0.5 update releases Mozilla developers fixed
many bugs to improve the stability of the product. Some of these crashes
that showed evidence of memory corruption under certain circumstances and
we presume that with enough effort at least some of these could be
exploited to run arbitrary code. Note: Thunderbird shares the browser
engine with Firefox and could be vulnerable if JavaScript were to be
enabled in mail. This is not the default setting and we strongly discourage
users from running JavaScript in mail. Without further investigation we
cannot rule out the possibility that for some of these an attacker might be
able to prepare memory for exploitation through some means other than
JavaScript, such as large images. (CVE-2007-3734, CVE-2007-3735)
The Freetype font rendering library versions 2.3.4 and below
has an integer sign error. Remote attackers may be able to
create a specially crafted TrueType Font file with a negative
n_points value that will cause an integer overflow and heap-based
buffer overflow, allowing the execution of arbitrary code.
The FreeType library has several integer overflow vulnerabilities.
If a user can be tricked into installing a specially
crafted font file, arbitrary code can be executed with the privilege
of the user.
Versions of the Gallery photo management application before 2.2.4
have the following vulnerabilities: (1) an unauthorized album creation and file upload, (2) a local file inclusion vulnerability, (3) several cross site scripting vulnerabilities, (4) a web-accessibility protection problem,
(5) problems with checks for disallowed file
extensions with file uploads, (6) missing permissions checks on GR commands,
(7) several information disclosures, (8) an arbitrary URL redirection
problem and (9) a proxied request weakness.
The fastjar utility found in the GNU compiler collection does not perform adequate file path checking, allowing the creation or overwriting of files outside of the current directory tree.
The gd graphics library contains a buffer overflow which could enable a remote attacker to execute arbitrary code. Note that various other packages include code from gd and could also be vulnerable.
Integer overflow in gdImageCreateTrueColor function in the GD Graphics
Library (libgd) before 2.0.35 allows user-assisted remote attackers
to have unspecified remote attack vectors and impact. (CVE-2007-3472)
The gdImageCreateXbm function in the GD Graphics Library (libgd)
before 2.0.35 allows user-assisted remote attackers to cause a denial
of service (crash) via unspecified vectors involving a gdImageCreate
failure. (CVE-2007-3473)
Multiple unspecified vulnerabilities in the GIF reader in the
GD Graphics Library (libgd) before 2.0.35 allow user-assisted
remote attackers to have unspecified attack vectors and
impact. (CVE-2007-3474)
The GD Graphics Library (libgd) before 2.0.35 allows user-assisted
remote attackers to cause a denial of service (crash) via a GIF image
that has no global color map. (CVE-2007-3475)
Array index error in gd_gif_in.c in the GD Graphics Library (libgd)
before 2.0.35 allows user-assisted remote attackers to cause
a denial of service (crash and heap corruption) via large color
index values in crafted image data, which results in a segmentation
fault. (CVE-2007-3476)
The (a) imagearc and (b) imagefilledarc functions in GD Graphics
Library (libgd) before 2.0.35 allows attackers to cause a denial
of service (CPU consumption) via a large (1) start or (2) end angle
degree value. (CVE-2007-3477)
Race condition in gdImageStringFTEx (gdft_draw_bitmap) in gdft.c in the
GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote
attackers to cause a denial of service (crash) via unspecified vectors,
possibly involving truetype font (TTF) support. (CVE-2007-3478)
Libgd2 has a denial of service vulnerability involving the incorrect
validation of PNG callback results. If an application that is linked
against libgd2 is used to process a specially-crafted PNG file,
a denial of service involving CPU resource consumption can be
caused.
A format string vulnerability has been discovered in gedit. Calling
the program with specially crafted file names caused a buffer
overflow, which could be exploited to execute arbitrary code with the
privileges of the gedit user.
Cross-site scripting (XSS) vulnerability in search/advanced_search.php in GForge 4.5.11 allows remote attackers to inject arbitrary web script or HTML via the words parameter.
The gimp image editor has several vulnerabilities, including
a problem where it can open PSD files with excessive dimensions
and a possible stack overflow in the Sunras loader.
Jens Askengren discovered that gnome-screensaver became confused when
running under Compiz, and could lose keyboard lock focus. A local
attacker could exploit this to bypass the user's locked screen saver.
Tavis Ormandy of the Google Security Team discovered two denial of service
flaws in the way gzip expanded archive files. If a victim expanded a
specially crafted archive, it could cause the gzip executable to hang or
crash.
Tavis Ormandy of the Google Security Team discovered several code execution
flaws in the way gzip expanded archive files. If a victim expanded a
specially crafted archive, it could cause the gzip executable to crash or
execute arbitrary code.
Ulf Harnhammer discovered that the HTML filter of the Horde web
application framework performed insufficient input sanitising, which
may lead to the deletion of emails if a user is tricked into viewing
a malformed email inside the Imp client.
Kronolith contains a mistake in lib/FBView.php where a raw, unfiltered
string is used instead of a sanitized string to view local files. An
authenticated attacker could craft an HTTP GET request that uses directory
traversal techniques to execute any file on the web server as PHP code,
which could allow information disclosure or arbitrary code execution with
the rights of the user running the PHP application (usually the webserver
user).
A flaw was found in the mod_proxy_balancer module. On sites where
mod_proxy_balancer was enabled, a cross-site scripting attack against an
authorized user was possible. (CVE-2007-6421)
A flaw was found in the mod_proxy_balancer module. On sites where
mod_proxy_balancer was enabled, an authorized user could send a carefully
crafted request that would cause the Apache child process handling that
request to crash. This could lead to a denial of service if using a
threaded Multi-Processing Module. (CVE-2007-6422)
From the Red Hat advisory:
Will Drewry reported multiple flaws in the way libicu processed certain
malformed regular expressions. If an application linked against ICU, such
as OpenOffice.org, processed a carefully crafted regular expression, it may
be possible to execute arbitrary code as the user running the application.
The ImageMagick image decoders have multiple vulnerabilities.
If a user can be tricked into processing a specially crafted
DCM, DIB, XBM, XCF, or XWD image, arbitrary code may be executed with
the user's privileges.
Multiple integer overflows in ImageMagick before 6.3.3-5 allow remote
attackers to execute arbitrary code via (1) a crafted DCM image, which
results in a heap-based overflow in the ReadDCMImage function, or (2) the
(a) colors or (b) comments field in a crafted XWD image, which results in a
heap-based overflow in the ReadXWDImage function, different issues than
CVE-2007-1667.
The jpc_qcx_getcompparms function in jpc/jpc_cs.c could allow remote
user-assisted attackers to cause a denial of service (crash) and possibly
corrupt the heap via malformed image files.
java has multiple vulnerabilities, these include:
an RSA exponent padding attack vulnerability, two vulnerabilities
which allow untrusted applets to access data in other applets,
vulnerabilities that involve applets gaining privileges due to
serialization bugs in the JRE and buffer overflows in the java image
handling routines that can give attackers read/write/execute capabilities
for local files.
The Javadoc tool was able to generate HTML documentation pages that
contained cross-site scripting (XSS) vulnerabilities. A remote attacker
could use this to inject arbitrary web script or HTML. (CVE-2007-3503)
The Java Web Start URL parsing component contained a buffer overflow
vulnerability within the parsing code for JNLP files. A remote attacker
could create a malicious JNLP file that could trigger this flaw and execute
arbitrary code when opened. (CVE-2007-3655)
The JSSE component did not correctly process SSL/TLS handshake requests. A
remote attacker who is able to connect to a JSSE-based service could
trigger this flaw leading to a denial-of-service. (CVE-2007-3698)
A flaw was found in the applet class loader. An untrusted applet could use
this flaw to circumvent network access restrictions, possibly connecting to
services hosted on the machine that executed the applet. (CVE-2007-3922)
Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier,
JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier,
and SDK and JRE 1.3.1_20 and earlier, when applet caching is enabled,
allows remote attackers to violate the security model for an applet's
outbound connections via a DNS rebinding attack. (CVE-2007-5232)
Java Web Start in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0
Update 12 and earlier, and SDK and JRE 1.4.2_15 and earlier does not
properly enforce access restrictions for untrusted applications, which
allows user-assisted remote attackers to obtain sensitive information (the
Java Web Start cache location) via an untrusted application, aka "three
vulnerabilities." (CVE-2007-5238)
Java Web Start in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0
Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE
1.3.1_20 and earlier does not properly enforce access restrictions for
untrusted (1) applications and (2) applets, which allows user-assisted
remote attackers to copy or rename arbitrary files when local users perform
drag-and-drop operations from the untrusted application or applet window
onto certain types of desktop applications. (CVE-2007-5239)
Visual truncation vulnerability in the Java Runtime Environment in Sun JDK
and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK
and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier allows
remote attackers to circumvent display of the untrusted-code warning banner
by creating a window larger than the workstation screen. (CVE-2007-5240)
Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier,
JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier,
and SDK and JRE 1.3.1_20 and earlier, when an HTTP proxy server is used,
allows remote attackers to violate the security model for an applet's
outbound connections via a multi-pin DNS rebinding attack in which the
applet download relies on DNS resolution on the proxy server, but the
applet's socket operations rely on DNS resolution on the local machine, a
different issue than CVE-2007-5274. NOTE: this is similar to
CVE-2007-5232. (CVE-2007-5273)
Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier,
JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier,
and SDK and JRE 1.3.1_20 and earlier, when Firefox or Opera is used, allows
remote attackers to violate the security model for JavaScript outbound
connections via a multi-pin DNS rebinding attack dependent on the
LiveConnect API, in which JavaScript download relies on DNS resolution by
the browser, but JavaScript socket operations rely on separate DNS
resolution by a Java Virtual Machine (JVM), a different issue than
CVE-2007-5273. NOTE: this is similar to CVE-2007-5232. (CVE-2007-5274)
An integer overflow vulnerability exists in the embedded ICC profile
image parser (CVE-2007-2788), an unspecified vulnerability exists in
the font parsing implementation (CVE-2007-4381), and an error exists
when processing XSLT stylesheets contained in XSLT Transforms in XML
signatures (CVE-2007-3716), among other vulnerabilities.
The kdebase package is vulnerable to a denial of service in which a local user can render KDM unusable for logins by any user or cause KDM to exceed system resource limits.
Kate / Kwrite, as shipped with KDE 3.2.x up to including 3.4.0, creates a file backup before saving a modified file. These backup files are created with default permissions, even if the original file had more strict permissions set. See this advisory for more information.
The IA32 system call emulation functionality in Linux kernel 2.4.x and
2.6.x before 2.6.22.7, when running on the x86_64 architecture, does not
zero extend the eax register after the 32bit entry path to ptrace is used,
which might allow local users to gain privileges by triggering an
out-of-bounds access to the system call table using the %RAX register.
The snd_mem_proc_read function in sound/core/memalloc.c in the Advanced
Linux Sound Architecture (ALSA) in the Linux kernel before 2.6.22.8 does
not return the correct write size, which allows local users to obtain
sensitive information (kernel memory contents) via a small count argument,
as demonstrated by multiple reads of /proc/driver/snd-page-alloc.
Sridhar Samudrala discovered a local denial of service vulnerability
in the handling of SCTP sockets. By opening such a socket with a
special SO_LINGER value, a local attacker could exploit this to crash
the kernel. (CVE-2006-4535)
Kirill Korotaev discovered that the ELF loader on the ia64 and sparc
platforms did not sufficiently verify the memory layout. By attempting
to execute a specially crafted executable, a local user could exploit
this to crash the kernel. (CVE-2006-4538)
The netlink protocol has an infinite recursion bug that allows users to
cause a kernel crash. Also the IPv6 protocol allows remote attackers to
cause a denial of service via crafted IPv6 type 0 route headers
(IPV6_RTHDR_TYPE_0) that create network amplification between two routers.
The Minix filesystem code in Linux kernel 2.6.x up to 2.6.18, and possibly
other versions, allows local users to cause a denial of service (hang) via
a malformed minix file stream that triggers an infinite loop in the
minix_bmap function. NOTE: this issue might be due to an integer overflow
or signedness error.
Integer underflow in the ieee80211_rx function in
net/ieee80211/ieee80211_rx.c in the Linux kernel 2.6.x before 2.6.23 allows
remote attackers to cause a denial of service (crash) via a crafted SKB
length value in a runt IEEE 802.11 frame when the IEEE80211_STYPE_QOS_DATA
flag is set, aka an "off-by-two error."
From the mitre.org CVE description:
VFS in the Linux kernel before 2.6.23.14 performs tests of access mode by using the flag variable instead of the acc_mode variable, which might allow local users to bypass file permissions.
Ilja van Sprundel discovered that Bluetooth setsockopt calls could leak
kernel memory contents via an uninitialized stack buffer. A local attacker
could exploit this flaw to view sensitive kernel information.
(CVE-2007-1353)
The GEODE-AES driver did not correctly initialize its encryption key.
Any data encrypted using this type of device would be easily compromised.
(CVE-2007-2451)
The random number generator was hashing a subset of the available
entropy, leading to slightly less random numbers. Additionally, systems
without an entropy source would be seeded with the same inputs at boot
time, leading to a repeatable series of random numbers. (CVE-2007-2453)
The wait_task_stopped function in the Linux kernel before 2.6.23.8 checks a TASK_TRACED bit instead of an exit_state value, which allows local users to cause a denial of service (machine crash) via unspecified vectors.
The tcp_sacktag_write_queue function in net/ipv4/tcp_input.c in Linux kernel 2.6.21 through 2.6.23.7, and 2.6.24-rc through 2.6.24-rc2, allows remote attackers to cause a denial of service (crash) via crafted ACK responses that trigger a NULL pointer dereference.
Previous versions of the kernel package are subject to several
vulnerabilities. Certain malformed UDF filesystems can cause the system to
crash (denial of service). Malformed CDROM firmware or USB storage devices
(such as USB keys) could cause system crash (denial of service), and if
they were intentionally malformed, can cause arbitrary code to run with
elevated privileges. In addition, the SCTP protocol is subject to a remote
system crash (denial of service) attack.
A typo in Linux kernel 2.6 before 2.6.21-rc6 and 2.4 before 2.4.35 causes
RTA_MAX to be used as an array size instead of RTN_MAX, which leads to an
"out of bound access" by the (1) dn_fib_props (dn_fib.c, DECNet) and (2)
fib_props (fib_semantics.c, IPv4) functions. (CVE-2007-2172)
mm/mmap.c in the hugetlb kernel, when run on PowerPC systems, does not
prevent stack expansion from entering into reserved kernel page memory,
which allows local users to cause a denial of service (OOPS) via
unspecified vectors. (CVE-2007-3739)
The (1) aac_cfg_open and (2) aac_compat_ioctl functions in the SCSI layer
ioctl path in aacraid in the Linux kernel before 2.6.23-rc2 do not check
permissions for ioctls, which might allow local users to cause a denial of
service or gain privileges. (CVE-2007-4308)
Multiple buffer overflows in CIFS VFS in Linux kernel 2.6.23 and earlier
allows remote attackers to cause a denial of service (crash) and possibly
execute arbitrary code via long SMB responses that trigger the overflows in
the SendReceive function.
A security issue has been reported in Linux kernel due to an error in
drivers/isdn/i4l/isdn_ppp.c as the "isdn_ppp_ccp_reset_alloc_state()"
function never initializes an event timer before scheduling it with the
"add_timer()" function.
The mincore function in the kernel does not properly lock access to user
space, which has unspecified impact and attack vectors, possibly related to
a deadlock.
Another vulnerability has been reported in Linux kernel caused by a
boundary error within the handling of incoming CAPI messages in
net/bluetooth/cmtp/capi.c. This can be exploited to overwrite certain
Kernel data structures.
The drm/i915 component in the Linux kernel before 2.6.22.2, when used with
i965G and later chipsets, allows local users with access to an X11 session
and Direct Rendering Manager (DRM) to write to arbitrary memory locations
and gain privileges via a crafted batchbuffer. (CVE-2007-3851)
Linux kernel 2.4.35 and other versions allows local users to send arbitrary
signals to a child process that is running at higher privileges by causing
a setuid-root parent process to die, which delivers an attacker-controlled
parent process death signal (PR_SET_PDEATHSIG). (CVE-2007-3848)
Stack-based buffer overflow in the random number generator (RNG)
implementation in the Linux kernel before 2.6.22 might allow local root
users to cause a denial of service or gain privileges by setting the
default wakeup threshold to a value greater than the output pool size,
which triggers writing random numbers to the stack by the pool transfer
function involving "bound check ordering". NOTE: this issue might only
cross privilege boundaries in environments that have granular assignment of
privileges for root. (CVE-2007-3105)
The (1) hugetlb_vmtruncate_list and (2) hugetlb_vmtruncate functions
in fs/hugetlbfs/inode.c in the Linux kernel before 2.6.19-rc4 perform
certain prio_tree calculations using HPAGE_SIZE instead of PAGE_SIZE
units, which allows local users to cause a denial of service (panic)
via unspecified vectors.
The disconnect method in the Philips USB Webcam (pwc) driver in Linux
kernel 2.6.x before 2.6.22.6 relies on user space to close the device,
which allows user-assisted local attackers to cause a denial of service
(USB subsystem hang and CPU consumption in khubd) by not closing the
device after the disconnect is invoked. NOTE: this rarely crosses
privilege boundaries, unless the attacker can convince the victim to
unplug the affected device.
The sysfs_readdir function in the Linux kernel 2.6 allows local users to
cause a denial of service (kernel OOPS) by dereferencing a null pointer to
an inode in a dentry. (CVE-2007-3104)
The CIFS filesystem, when Unix extension support is enabled, did not honor
the umask of a process, which allowed local users to gain
privileges.(CVE-2007-3740)
The Linux kernel checked the wrong global variable for the CIFS sec mount
option, which might allow remote attackers to spoof CIFS network traffic
that the client configured for security signatures, as demonstrated by lack
of signing despite sec=ntlmv2i in a SetupAndX request. (CVE-2007-3843)
Buffer overflow in the isdn_net_setcfg function in isdn_net.c in the Linux
kernel allowed local users to have an unknown impact via a crafted argument
to the isdn_ioctl function. (CVE-2007-6063)
David Coffey discovered an uninitialized pointer free flaw in the
RPC library used by kadmind. A remote unauthenticated attacker who
could access kadmind could trigger the flaw causing kadmind to crash
or possibly execute arbitrary code (CVE-2007-2442).
David Coffey also discovered an overflow flaw in the same RPC library.
A remote unauthenticated attacker who could access kadmind could
trigger the flaw causing kadmind to crash or possibly execute arbitrary
code (CVE-2007-2443).
Finally, a stack buffer overflow vulnerability was found in kadmind
that allowed an unauthenticated user able to access kadmind the
ability to trigger the vulnerability and possibly execute arbitrary
code (CVE-2007-2798).
The kdamind daemon can, in some situations, perform operations on uninitialized pointers. This bug could conceivably open up the system to a code execution attack by an unauthenticated remote attacker, but it appears to be difficult to exploit. See this advisory for details.
Some kerberos applications fail to check the results of setuid() calls, with the result that, if that call fails, they could continue to execute as root after thinking they had switched to a nonprivileged user. A local attacker who can cause these calls to fail (through resource exhaustion, presumably) could exploit this bug to gain root privileges.
Tenable Network Security discovered a stack buffer overflow flaw in the RPC
library used by kadmind. A remote unauthenticated attacker who can access
kadmind could trigger this flaw and cause kadmind to crash.
Garrett Wollman discovered an uninitialized pointer flaw in kadmind. A
remote unauthenticated attacker who can access kadmind could trigger this
flaw and cause kadmind to crash.
A flaw was found in the username handling of the MIT krb5 telnet daemon
(telnetd). A remote attacker who can access the telnet port of a target
machine could log in as root without requiring a password. MIT krb5 Security Advisory 2007-001
Buffer overflows were found which affect the Kerberos KDC and the kadmin
server daemon. A remote attacker who can access the KDC could exploit this
bug to run arbitrary code with the privileges of the KDC or kadmin server
processes. MIT krb5 Security Advisory
2007-002
Stefan Cornelius from Secunia Research discovered that the
"parseIrcUrl()" function in file src/kvirc/kernel/kvi_ircurl.cpp does
not properly sanitize parts of the URI when building the command for
KVIrc's internal script system.
Stack-based buffer overflow in Little CMS (lmcs) before 1.15 allows remote
attackers to execute arbitrary code or cause a denial of service
(application crash) via a crafted ICC profile in a JPG file.
mirror --script in lftp before 3.5.9 does not properly quote shell
metacharacters, which might allow remote user-assisted attackers to execute
shell commands via a malicious script. NOTE: it is not clear whether this
issue crosses security boundaries, since the script already supports
commands such as "get" which could overwrite executable files.
libarchive, a library for manipulating different streaming archive
formats, has a number of pax extension header vulnerabilities.
These may be used to cause a denial of service or for the execution
of arbitrary code.
Devon Miller reported a boundary error in the "print_iso9660_recurse()"
function in files cd-info.c and iso-info.c when processing long
filenames within Joliet images.
A remote attacker could entice a user to open a specially crafted ISO
image in the cd-info and iso-info applications, resulting in the
execution of arbitrary code with the privileges of the user running the
application. Applications linking against shared libraries of libcdio
are not affected.
Integer overflow in the exif_data_load_data_entry function in exif-data.c
in libexif before 0.6.14 allows user-assisted remote attackers to cause a
denial of service (crash) or possibly execute arbitrary code via crafted
EXIF data, involving the (1) doff or (2) s variable.
From the Red Hat advisory: An integer overflow flaw was found in the way libexif parses Exif image
tags. If a victim opens a carefully crafted Exif image file, it could cause
the application linked against libexif to execute arbitrary code, or crash.
From the Red Hat advisory: An infinite recursion flaw was found in the way libexif parses Exif image
tags. If a victim opens a carefully crafted Exif image file, it could cause
the application linked against libexif to crash.
The GD library does not perform proper bounds checking when creating images; as a result, an attacker could, via crafted input, potentially execute arbitrary code.
Luigi Auriemma has reported various boundary errors in load_it.cpp and
a boundary error in the "CSoundFile::ReadSample()" function in
sndfile.cpp. A remote attacker can entice a user to read crafted modules
or ITP files, which may trigger a buffer overflow resulting in the
execution of arbitrary code with the privileges of the user running the
application.
Certain chunk handlers in libpng before 1.0.29 and 1.2.x before 1.2.21
allow remote attackers to cause a denial of service (crash) via crafted (1)
pCAL (png_handle_pCAL), (2) sCAL (png_handle_sCAL), (3) tEXt
(png_push_read_tEXt), (4) iTXt (png_handle_iTXt), and (5) ztXT
(png_handle_ztXt) chunking in PNG images, which trigger out-of-bounds read
operations. (CVE-2007-5269)
pngrtran.c in libpng before 1.0.29 and 1.2.x before 1.2.21 use (1) logical
instead of bitwise operations and (2) incorrect comparisons, which might
allow remote attackers to cause a denial of service (crash) via a crafted
PNG image. (CVE-2007-5268)
Off-by-one error in ICC profile chunk handling in the png_set_iCCP function
in pngset.c in libpng before 1.2.22 beta1 allows remote attackers to cause
a denial of service (crash) via a crafted PNG image, due to an incorrect
fix for CVE-2007-5266. (CVE-2007-5267)
Off-by-one error in ICC profile chunk handling in the png_set_iCCP function
in pngset.c in libpng before 1.0.29 beta1 and 1.2.x before 1.2.21 beta1
allows remote attackers to cause a denial of service (crash) via a crafted
PNG image that prevents a name field from being NULL terminated.
(CVE-2007-5266)
In pngrutil.c, the function png_decompress_chunk() allocates
insufficient space for an error message, potentially overwriting stack
data, leading to a buffer overflow.
A heap based buffer overflow bug was found in the way libpng strips alpha
channels from a PNG image. An attacker could create a carefully crafted PNG
image file in such a way that it could cause an application linked with
libpng to crash or execute arbitrary code when the file is opened by a
victim.
The t2p_write_pdf_string function in libtiff 3.8.2 and earlier is vulnerable
to a buffer overflow. Attackers can use a TIFF file with UTF-8 characters
in the DocumentName tag to overflow a buffer, causing a denial of service,
and possibly the execution of arbitrary code.
A denial of service flaw was found in the way libxml2 processes certain
content. If an application linked against libxml2 processes malformed XML
content, it could cause the application to stop responding.
Yuuichi Teranishi discovered a flaw in libxml2 versions prior to 2.6.6.
When fetching a remote resource via FTP or HTTP, libxml2 uses special
parsing routines. These routines can overflow a buffer if passed a very
long URL. If an attacker is able to find an application using libxml2 that
parses remote resources and allows them to influence the URL, then this
flaw could be used to execute arbitrary code.
libxml2 prior to version 2.6.14 has multiple buffer overflow
vulnerabilities, if a local user passes a specially crafted
FTP URL, arbitrary code may be executed.
The lighttpd web server has multiple vulnerabilities involving
a remote access-control setting circumvention that is performed
by the sending of malformed requests. This can be used to crash
the server and cause a denial of service.
From the Debian advisory: Bart Oldeman reported a denial of service (DoS) issue in the VFAT filesystem that allows local users to corrupt a kernel structure resulting in a system crash. This is only an issue for systems which make use of the VFAT compat ioctl interface, such as systems running an 'amd64' flavor kernel. ADLAB discovered a possible memory overrun in the ISDN subsystem that may permit a local user to overwrite kernel memory leading by issuing ioctls with unterminated data.
Blake Frantz discovered that when a core file owned by a non-root user exists, and a root-owned process dumps core over it, the core file retains its original ownership. This could be used by a local user to gain access to sensitive information. (CVE-2007-6206)
Hugh Dickins discovered an issue in the tmpfs filesystem where, under a rare circumstance, a kernel page maybe improperly cleared, leaking sensitive kernel memory to userspace or resulting in a DoS (crash). (CVE-2007-6417)
Neel Mehta and Ryan Smith discovered that the VMWare Player DHCP server
did not correctly handle certain packet structures. Remote attackers
could send specially crafted packets and gain root privileges.
(CVE-2007-0061, CVE-2007-0062, CVE-2007-0063)
Rafal Wojtczvk discovered multiple memory corruption issues in VMWare
Player. Attackers with administrative privileges in a guest operating
system could cause a denial of service or possibly execute arbitrary
code on the host operating system. (CVE-2007-4496, CVE-2007-4497)
An arbitrary command execute bug was found in the lynx "lynxcgi:" URI
handler. An attacker could create a web page redirecting to a malicious URL
which could execute arbitrary code as the user running lynx.
Cross-site scripting (XSS) vulnerability in view.php in Mantis before 1.1.0 allows remote attackers to inject arbitrary web script or HTML via a filename.
CVE-2007-4542: Multiple cross-site scripting (XSS) vulnerabilities in MapServer before 4.10.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving the (1) processLine function in maptemplate.c and the (2) writeError function in mapserv.c in the mapserv CGI program.
CVE-2007-4629: Buffer overflow in the processLine function in maptemplate.c in MapServer before 4.10.3 allows attackers to cause a denial of service and possibly execute arbitrary code via a mapfile with a long layer name, group name, or metadata entry name.
MaraDNS 1.0 before 1.0.41, 1.2 before 1.2.12.08, and 1.3 before 1.3.07.04
allows remote attackers to cause a denial of service via a crafted DNS
packet that prevents an authoritative name (CNAME) record from resolving,
aka "improper rotation of resource records."
From the Red Hat advisory: "Versions of mod_jk before 1.2.23 decoded request URLs by default inside
Apache httpd and forwarded the encoded URL to Tomcat, which itself did a
second decoding. If Tomcat was used behind mod_jk and configured to only
proxy some contexts, an attacker could construct a carefully crafted HTTP
request to work around the context restriction and potentially access
non-proxied content."
A flaw was discovered in MoinMoin's error reporting when using the
AttachFile action. By tricking a user into viewing a crafted MoinMoin
URL, an attacker could execute arbitrary JavaScript as the current
MoinMoin user, possibly exposing the user's authentication information
for the domain where MoinMoin was hosted.
A cross-site scripting (XSS) vulnerability in index.php in Moodle 1.7.1
allows remote attackers to inject arbitrary web script or HTML via a style
expression in the search parameter.
MPlayer versions up to 1.0rc1 have a buffer overflow in the
loader/dmo/DMO_VideoDecoder.c DMO_VideoDecoder_Open function.
user-assisted remote attackers can use this to create a buffer overflow
and possibly execute arbitrary code.
From the Gentoo advisory: nnp discovered multiple vulnerabilities in the XML-RPC handler in the
file webserver.c. The ws_addarg() function contains a format string
vulnerability, as it does not properly sanitize username and password
data from the "Authorization: Basic" HTTP header line (CVE-2007-5825).
The ws_decodepassword() and ws_getheaders() functions do not correctly
handle empty Authorization header lines, or header lines without a ':'
character, leading to NULL pointer dereferences (CVE-2007-5824).
The convert_search_mode_to_innobase function in ha_innodb.cc in the InnoDB engine in MySQL 5.1.23-BK and earlier allows remote authenticated users to cause a denial of service (database crash) via a certain CONTAINS operation on an indexed column, which triggers an assertion error.
MySQL subselect queries using "ORDER BY" can be used by an attacker with
access to a MySQL instance in order to create an intermittent denial
of service.
Jean-David Maillefer discovered a format string bug in the
date_format() function's error reporting. By calling the function with
invalid arguments, an authenticated user could exploit this to crash
the server.
MySQL 4.1 before 4.1.21 and 5.0 before 5.0.24 allows a local user to access
a table through a previously created MERGE table, even after the user's
privileges are revoked for the original table, which might violate intended
security policy (CVE-2006-4031).
MySQL 4.1 before 4.1.21, 5.0 before 5.0.25, and 5.1 before 5.1.12, when run
on case-sensitive filesystems, allows remote authenticated users to create
or access a database when the database name differs only in case from a
database for which they have permissions (CVE-2006-4226).
From the CVE entry: MySQL 5.0.x before 5.0.52, 5.1.x before 5.1.23, and 6.0.x before 6.0.4 does not update the DEFINER value of a view when the view is altered, which allows remote authenticated users to gain privileges via a sequence of statements including a CREATE SQL SECURITY DEFINER VIEW statement and an ALTER VIEW statement.
MySQL 5.0.18 and earlier allows local users to bypass logging mechanisms
via SQL queries that contain the NULL character, which are not properly
handled by the mysql_real_query function. NOTE: this issue was originally
reported for the mysql_query function, but the vendor states that since
mysql_query expects a null character, this is not an issue for mysql_query.
MySQL Community Server before 5.0.51, when a table relies on symlinks created through explicit DATA DIRECTORY and INDEX DIRECTORY options, allows remote authenticated users to overwrite system table information and gain privileges via a RENAME TABLE statement that changes the symlink to point to an existing file. (CVE-2007-5969)
MySQL Community Server before 5.0.45 does not require privileges such as SELECT for the source table in a CREATE TABLE LIKE statement, which allows remote authenticated users to obtain sensitive information such as the table structure. (CVE-2007-3781)
The in_decimal::set function in item_cmpfunc.cc in MySQL before 5.0.40, and
5.1 before 5.1.18-beta, allows context-dependent attackers to cause a
denial of service (crash) via a crafted IF clause that results in a
divide-by-zero error and a NULL pointer dereference. (CVE-2007-2583)
MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 does not
require the DROP privilege for RENAME TABLE statements, which allows remote
authenticated users to rename arbitrary tables. (CVE-2007-2691)
The mysql_change_db function in MySQL 5.0.x before 5.0.40 and 5.1.x before
5.1.18 does not restore THD::db_access privileges when returning from SQL
SECURITY INVOKER stored routines, which allows remote authenticated users
to gain privileges. (CVE-2007-2692)
MySQL Community Server before 5.0.45 allows remote authenticated users to
gain update privileges for a table in another database via a view that
refers to this external table. (CVE-2007-3782)
Philip Stoev discovered that the the federated engine of MySQL
did not properly handle responses with a small number of columns.
An authenticated user could use a crafted response to a SHOW
TABLE STATUS query and cause a denial of service.
From the Debian advisory: Luigi Auriemma discovered two buffer overflows in YaSSL, an SSL implementation included in the MySQL database package, which could lead to denial of service and possibly the execution of arbitrary code.
Cross-site scripting (XSS) vulnerability in Nagios 2.x before 2.10 allows remote attackers to inject arbitrary web script or HTML via unknown vectors to unspecified CGI scripts.
Buffer overflow in the redir function in check_http.c in Nagios Plugins
before 1.4.10 allows remote web servers to execute arbitrary code via long
Location header responses (redirects).
Buffer overflow in the check_snmp function in Nagios Plugins (nagios-plugins) 1.4.10 allows remote attackers to cause a denial of service (crash) via crafted snmpget replies.
Kurt Fitzner discovered that the NBD (network block device) server did not
correctly verify the maximum size of request packets. By sending specially
crafted large request packets, a remote attacker who is allowed to access
the server could exploit this to execute arbitrary code with root
privileges.
A flaw was discovered in the way net-snmp handled certain requests. A
remote attacker who can connect to the snmpd UDP port (161 by default)
could send a malicious packet causing snmpd to crash, resulting in a
denial of service.
Nginx [engine x] is an HTTP(S) server, HTTP(S) reverse proxy and IMAP/POP3
proxy server written by Igor Sysoev. The "msie_refresh" directive could
allow cross site scripting.
ngIRCd 0.10.x before 0.10.4 and 0.11.0 before 0.11.0-pre2 allows remote attackers to cause a denial of service (crash) via crafted IRC PART message, which triggers an invalid dereference.
Josh Burley reported that nss_ldap does not properly handle the LDAP
connections due to a race condition that can be triggered by
multi-threaded applications using nss_ldap, which might lead to
requested data being returned to a wrong process.
The OpenLDAP Lightweight Directory Access Protocol suite has a problem
with handling of malformed objectClasses LDAP attributes by the slapd
daemon. Both local and remote attackers can use this to crash slapd,
causing a denial of service.
slapo-pcache (overlays/pcache.c) in slapd in OpenLDAP before 2.3.39, when
running as a proxy-caching server, allocates memory using a malloc variant
instead of calloc, which prevents an array from being initialized properly
and might allow attackers to cause a denial of service (segmentation fault)
via unknown vectors that prevent the array from being null terminated.
A heap overflow vulnerability has been discovered in the TIFF parsing
code of the OpenOffice.org suite. The parser uses untrusted values
from the TIFF file to calculate the number of bytes of memory to
allocate. A specially crafted TIFF image could trigger an integer
overflow and subsequently a buffer overflow that could cause the
execution of arbitrary code.
A security vulnerability in HSQLDB, the default database engine shipped with OpenOffice.org 2 (all versions), may allow attackers to execute arbitrary static Java code, by manipulating database documents to be opened by a user.
Openssh 4.4 fixes some
security issues, including a pre-authentication denial of service, an
unsafe signal hander and on portable OpenSSH a GSSAPI authentication abort
could be used to determine the validity of usernames on some platforms.
Off-by-one error in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8f
and 0.9.7 allows remote attackers to execute arbitrary code via unspecified
vectors.
From the Debian advisory: An off-by-one error has been identified in the SSL_get_shared_ciphers()
routine in the libssl library from OpenSSL, an implementation of Secure
Socket Layer cryptographic libraries and utilities. This error could
allow an attacker to crash an application making use of OpenSSL's libssl
library, or potentially execute arbitrary code in the security context
of the user running such an application.
The Opera browser has multiple vulnerabilities.
The JavaScript engine is vulnerable to a virtual function call on an invalid pointer that can be triggered by specially crafted JavaScript.
A freed pointer in the BitTorrent support may be
accessed, this can be used for malicious code execution.
The browser is vulnerable to several memory read protection
errors. There are URI display errors that can be used to trick
users into visiting arbitrary web sites.
PCRE has flaws in the way it handles malformed regular
expressions.
If an application linked against PCRE, such as Konqueror,
encounters a maliciously created regular expression, it may be possible
to run arbitrary code. Vulnerabilities CVE-2005-4872 and CVE-2006-7227
have been combined into CVE-2006-7224.
Multiple flaws were found in the way pcre handles certain malformed regular
expressions. If an application linked against pcre, such as Konqueror,
parses a malicious regular expression, it may be possible to run arbitrary
code as the user running the application. (CVE-2007-1659, CVE-2007-1660)
Specially crafted regular expressions could lead to buffer overflows in the pcre library. Applications using pcre to process regular expressions from untrusted sources could therefore potentially be exploited by attackers to execute arbitrary code as the user running the application.
Perl-Compatible Regular Expression (PCRE) library before 7.3 reads past the
end of the string when searching for unmatched brackets and parentheses,
which allows context-dependent attackers to cause a denial of service
(crash), possibly involving forward references. (CVE-2007-1662)
Heap-based buffer overflow in Perl-Compatible Regular Expression (PCRE)
library before 7.3 allows context-dependent attackers to execute arbitrary
code via a singleton Unicode sequence in a character class in a regex
pattern, which is incorrectly optimized. (CVE-2007-4768)
A heap-based buffer overflow in the handshakeHTTP function in servhs.cpp in PeerCast 0.1217 and earlier, and SVN 344 and earlier, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long SOURCE request.
The file_exists and imap_reopen functions in PHP before 5.1.5 do not check
for the safe_mode and open_basedir settings, which allows local users to
bypass the settings (CVE-2006-4481).
A buffer overflow in the LWZReadByte function in ext/gd/libgd/gd_gif_in.c
in the GD extension in PHP before 5.1.5 allows remote attackers to have an
unknown impact via a GIF file with input_code_size greater than
MAX_LWZ_BITS, which triggers an overflow when initializing the table array
(CVE-2006-4484).
The stripos function in PHP before 5.1.5 has unknown impact and attack
vectors related to an out-of-bounds read (CVE-2006-4485).
Various integer overflow flaws were found in the PHP gd extension. A
script that could be forced to resize images from an untrusted source could
possibly allow a remote attacker to execute arbitrary code as the apache
user. (CVE-2007-3996)
A previous security update introduced a bug into PHP session cookie
handling. This could allow an attacker to stop a victim from viewing a
vulnerable web site if the victim has first visited a malicious web page
under the control of the attacker, and that page can set a cookie for the
vulnerable web site. (CVE-2007-4670)
A flaw was found in the PHP money_format function. If a remote attacker
was able to pass arbitrary data to the money_format function this could
possibly result in an information leak or denial of service. Note that is
is unusual for a PHP script to pass user-supplied data to the money_format
function. (CVE-2007-4658)
A flaw was found in the PHP wordwrap function. If a remote attacker was
able to pass arbitrary data to the wordwrap function this could possibly
result in a denial of service. (CVE-2007-3998)
A bug was found in PHP session cookie handling. This could allow an
attacker to create a cross-site cookie insertion attack if a victim follows
an untrusted carefully-crafted URL. (CVE-2007-3799)
A flaw was found in handling of dynamic changes to global variables. A
script which used certain functions which change global variables could
be forced to enable the register_globals configuration option, possibly
resulting in global variable injection. (CVE-2007-4659)
An integer overflow flaw was found in the PHP chunk_split function. If a
remote attacker was able to pass arbitrary data to the third argument of
chunk_split they could possibly execute arbitrary code as the apache user.
Note that it is unusual for a PHP script to use the chunk_split function
with a user-supplied third argument. (CVE-2007-4661)
The Hardened-PHP Project discovered buffer overflows in
htmlentities/htmlspecialchars internal routines to the PHP Project. Of
course the whole purpose of these functions is to be filled with user
input. (The overflow can only be when UTF-8 is used)
Multiple integer overflows in PHP 4 before 4.4.8, and PHP 5 before 5.2.4,
allow remote attackers to obtain sensitive information (memory contents) or
cause a denial of service (thread crash) via a large len value to the (1)
strspn or (2) strcspn function, which triggers an out-of-bounds read. NOTE:
this affects different product versions than CVE-2007-3996.
(CVE-2007-4657)
Unspecified vulnerability in the chunk_split function in PHP before 5.2.4
has unknown impact and attack vectors, related to an incorrect size
calculation. (CVE-2007-4660)
Buffer overflow in the php_openssl_make_REQ function in PHP before 5.2.4
has unknown impact and attack vectors. (CVE-2007-4662)
The php5 package contains multiple vulnerabilities, the most serious of which involve several Denial of Service attacks (application crashes and temporary application hangs). It is not currently known that these vulnerabilities can be exploited to execute malicious code.
It was discovered that phpbb2, a web based bulletin board, insufficiently
sanitizes values passed to the "Font Color 3" setting, which might lead to
the execution of injected code by admin users.
The phpbb2 web forum has a number of vulnerabilities including:
a web script injection problem, a protection mechanism bypass, a
security check bypass, a remote global variable bypass, cross site
scripting vulnerabilities, an SQL injection vulnerability,
a remote regular expression modification problem, missing input
sanitizing, and a missing request validation problem.
Several remote vulnerabilities have been discovered in phpMyAdmin, a
program to administrate MySQL over the web. The Common Vulnerabilities
and Exposures project identifies the following problems:
CVE-2007-1325:
The PMA_ArrayWalkRecursive function in libraries/common.lib.php
does not limit recursion on arrays provided by users, which allows
context-dependent attackers to cause a denial of service (web
server crash) via an array with many dimensions.
CVE-2007-1395:
Incomplete blacklist vulnerability in index.php allows remote
attackers to conduct cross-site scripting (XSS) attacks by
injecting arbitrary JavaScript or HTML in a (1) db or (2) table
parameter value followed by an uppercase </SCRIPT> end tag,
which bypasses the protection against lowercase </script>.
CVE-2007-2245:
Multiple cross-site scripting (XSS) vulnerabilities allow remote
attackers to inject arbitrary web script or HTML via (1) the
fieldkey parameter to browse_foreigners.php or (2) certain input
to the PMA_sanitize function.
CVE-2006-6942:
Multiple cross-site scripting (XSS) vulnerabilities allow remote
attackers to inject arbitrary HTML or web script via (1) a comment
for a table name, as exploited through (a) db_operations.php,
(2) the db parameter to (b) db_create.php, (3) the newname parameter
to db_operations.php, the (4) query_history_latest,
(5) query_history_latest_db, and (6) querydisplay_tab parameters to
(c) querywindow.php, and (7) the pos parameter to (d) sql.php.
CVE-2006-6944:
phpMyAdmin allows remote attackers to bypass Allow/Deny access rules
that use IP addresses via false headers.
Cross-site scripting (XSS) vulnerability in scripts/setup.php in phpMyAdmin
2.11.1, when accessed by a browser that does not URL-encode requests,
allows remote attackers to inject arbitrary web script or HTML via the
query string.
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before
2.11.1.2 allow remote attackers to inject arbitrary web script or HTML via
certain input available in (1) PHP_SELF in (a) server_status.php, and (b)
grab_globals.lib.php, (c) display_change_password.lib.php, and (d)
common.lib.php in libraries/; and certain input available in PHP_SELF and
(2) PATH_INFO in libraries/common.inc.php. NOTE: there might also be other
vectors related to (3) REQUEST_URI.
phpMyAdmin 2.9.1.1 allows remote attackers to obtain sensitive information
via a direct request for themes/darkblue_orange/layout.inc.php, which
reveals the path in an error message.
phpMyAdmin prior to version 2.11.2.1 has an SQL injection vulnerability
in db_create.php. Remote authenticated users with CREATE DATABASE privileges can use this to execute arbitrary SQL commands via the db parameter.
db_create.php also has a related cross-site scripting vulnerability.
Remote authenticated users can inject arbitrary web scripts or HTML
using a hex-encoded IMG element in the db parameter in a POST request.
A cross-site scripting (XSS) vulnerability in sqledit.php in phpPgAdmin
4.1.1 allows remote attackers to inject arbitrary web script or HTML via
the server parameter.
The xpdf and poppler PDF libraries contain several vulnerabilities which can lead to arbitrary command execution via hostile PDF files. Numerous other applications which use these libraries (PDF viewers, CUPS, etc.) will be affected by the vulnerabilities as well.
PostgreSQL 8.1 and probably later and earlier versions, when local trust
authentication is enabled and the Database Link library (dblink) is
installed, allows remote attackers to access arbitrary accounts and execute
arbitrary SQL queries via a dblink host parameter that proxies the
connection from 127.0.0.1. (CVE-2007-3278)
PostgreSQL 8.1 and probably later and earlier versions, when the PL/pgSQL
(plpgsql) language has been created, grants certain plpgsql privileges to
the PUBLIC domain, which allows remote attackers to create and execute
functions, as demonstrated by functions that perform local brute-force
password guessing attacks, which may evade intrusion
detection. (CVE-2007-3279)
The Database Link library (dblink) in PostgreSQL 8.1 implements functions
via CREATE statements that map to arbitrary libraries based on the C
programming language, which allows remote authenticated superusers to map
and execute a function from any library, as demonstrated by using the
system function in libc.so.6 to gain shell access. (CVE-2007-3280)
Several vulnerabilities have been found in the PostgreSQL database manager. The developers call the fixes "critical," but also note that, as of the time of the update, none of them were known to be exploited; see this advisory for more information.
Multiple integer overflows in the imageop module in Python 2.5.1 and
earlier allow context-dependent attackers to cause a denial of service
(application crash) and possibly obtain sensitive information (memory
contents) via crafted arguments to (1) the tovideo method, and unspecified
other vectors related to (2) imageop.c, (3) rbgimgmodule.c, and other
files, which trigger heap-based buffer overflows.
Trolltech Qt has a privilege escalation vulnerability.
An error can be triggered in QSslSocket when verifying SSL certificates,
attackers can use this to bypass the SSL certificate verification
and acquire unauthorized access to a vulnerable application.
The bgpd daemon in Quagga prior to 0.99.9 allowed remote BGP peers to cause
a denial of service crash via a malformed OPEN message or COMMUNITY
attribute.
rsync before 3.0.0pre6, when running a writable rsync daemon that is not using chroot, allows remote attackers to access restricted files via unknown vectors that cause rsync to create a symlink that points outside of the module's hierarchy.
The connect method in lib/net/http.rb in the (1) Net::HTTP and (2) Net::HTTPS libraries in Ruby 1.8.5 and 1.8.6 does not verify that the commonName (CN) field in a server certificate matches the domain name in an HTTPS request, which makes it easier for remote attackers to intercept SSL transmissions via a man-in-the-middle attack or spoofed web site.
A format string vulnerability in the mdiag_initialize function in gtk/src/rbgtkmessagedialog.c in Ruby-GNOME 2 (aka Ruby/Gnome2) 0.16.0, and SVN versions before 20071127, allows context-dependent attackers to execute arbitrary code via format string specifiers in the message parameter.
The Samba user authentication is vulnerable to a heap-based buffer overflow.
Remote unauthenticated users can use this to crash the Samba server
and cause a denial of service.
A stack buffer overflow flaw was found in the way Samba authenticates
remote users. A remote unauthenticated user could trigger this flaw to
cause the Samba server to crash, or execute arbitrary code with the
permissions of the Samba server.
Samba's mechanism for creating NetBIOS replies is vulnerable to a
buffer overflow. Samba servers that are configured to run as a
WINS server can be crashed by a remote unauthenticated user,
execution of arbitrary code may also be possible.
scponly 4.6 and earlier allows remote authenticated users to bypass
intended restrictions and execute code by invoking dangerous subcommands
including (1) unison, (2) rsync, (3) svn, and (4) svnserve, as originally
demonstrated by creating a Subversion (SVN) repository with malicious
hooks, then using svn to trigger execution of those hooks. (CVE-2007-6350)
In addition, it was discovered that it was possible to invoke with scp
with certain options that may lead to execution of arbitrary commands.
(CVE-2007-6415).
A flaw was found in the way squid stored HTTP headers for cached objects
in system memory. An attacker could cause squid to use additional memory,
and trigger high CPU usage when processing requests for certain cached
objects, possibly leading to a denial of service.
Subversion 1.4.3 and earlier does not properly implement the "partial
access" privilege for users who have access to changed paths but not copied
paths, which allows remote authenticated users to obtain sensitive
information (revision properties) via svn (1) propget, (2) proplist, or (3)
propedit.
An unspecified vulnerability involving an "incorrect use of system
classes" was reported by the Fujitsu security team. Additionally, Chris
Evans from the Google Security Team reported an integer overflow
resulting in a buffer overflow in the ICC parser used with JPG or BMP
files, and an incorrect open() call to /dev/tty when processing certain
BMP files.
T1lib, an enhanced rasterizer for X11 Type 1 fonts, does
not properly perform bounds checking. An attacker can send
specially crafted input to applications linked against the library in
order to create a buffer overflow, resulting in a denial of service
or the execution of arbitrary code.
A buffer overflow in the open_sty function in mkind.c for makeindex 2.14 in
teTeX might allow user-assisted remote attackers to overwrite files and
possibly execute arbitrary code via a long filename. NOTE: other overflows
exist but might not be exploitable, such as a heap-based overflow in the
check_idx function.
Joachim Schrod discovered several buffer overflow vulnerabilities and
an insecure temporary file creation in the "dvilj" application that is
used by dvips to convert DVI files to printer formats (CVE-2007-5937,
CVE-2007-5936). Bastien Roucaries reported that the "dvips" application
is vulnerable to two stack-based buffer overflows when processing DVI
documents with long \href{} URIs (CVE-2007-5935). teTeX also includes
code from Xpdf that is vulnerable to a memory corruption and two
heap-based buffer overflows (GLSA 200711-22); and it contains code from
T1Lib that is vulnerable to a buffer overflow when processing an overly
long font filename (GLSA 200710-12).
Jesus Olmos Gonzalez from isecauditors reported insufficient
sanitization of the "movies" parameter in file tiki-listmovies.php
(CVE-2007-6528).
Mesut Timur from H-Labs discovered that the input passed to the
"area_name" parameter in file tiki-special_chars.php is not properly
sanitised before being returned to the user (CVE-2007-6526).
redflo reported multiple unspecified vulnerabilities in files
tiki-edit_css.php, tiki-list_games.php, and
tiki-g-admin_shared_source.php (CVE-2007-6529).
The Tk toolkit's GIF-reading code contains a buffer overflow which could be exploited via a malicious image file. Fixes may be found in versions 8.4.12 and 8.3.5.
It was discovered that Tk could be made to overrun a buffer when loading
certain images. If a user were tricked into opening a specially crafted GIF
image, remote attackers could cause a denial of service or execute
arbitrary code with user privileges.
Jan Oravec reported that the "/usr/bin/tomboy" script sets the
"LD_LIBRARY_PATH" environment variable incorrectly, which might result
in the current working directory (.) to be included when searching for
dynamically linked libraries of the Mono Runtime application.
Note that the tomboy vulnerability was added in 2007.
Some JSPs within the 'examples' web application did not escape user
provided data. If the JSP examples were accessible, this flaw could allow a
remote attacker to perform cross-site scripting attacks (CVE-2007-2449).
Note: it is recommended the 'examples' web application not be installed on
a production system.
The Manager and Host Manager web applications did not escape user provided
data. If a user is logged in to the Manager or Host Manager web
application, an attacker could perform a cross-site scripting attack
(CVE-2007-2450).
Tomcat was found treating single quote characters -- ' -- as delimiters in
cookies. This could allow remote attackers to obtain sensitive information,
such as session IDs, for session hijacking attacks (CVE-2007-3382).
It was reported Tomcat did not properly handle the following character
sequence in a cookie: \" (a backslash followed by a double-quote). It was
possible remote attackers could use this failure to obtain sensitive
information, such as session IDs, for session hijacking attacks
(CVE-2007-3385).
A cross-site scripting (XSS) vulnerability existed in the Host Manager
Servlet. This allowed remote attackers to inject arbitrary HTML and web
script via crafted requests (CVE-2007-3386).
Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.
The wireshark network traffic analyzer has three vulnerabilities
that can be used to create a denial of service. These include
off-by-one overflows in the iSeries dissector, vulnerabilities in
the MMS and SSL dissectors that can cause an infinite loop and
an off-by-one overflow in the DHCP/BOOTP dissector.
Wireshark before 0.99.6 allows remote attackers to cause a denial of service (crash) via a crafted chunked encoding in an HTTP response, possibly related to a zero-length payload.
Wireshark 0.99.5 allows remote attackers to cause a denial of service (memory consumption) via a malformed DCP ETSI packet that triggers an infinite loop.
iDefense reported an integer overflow flaw in the XFree86 XC-MISC
extension. A malicious authorized client could exploit this issue to cause
a denial of service (crash) or potentially execute arbitrary code with root
privileges on the XFree86 server. (CVE-2007-1003)
iDefense reported two integer overflows in the way X.org handled various
font files. A malicious local user could exploit these issues to
potentially execute arbitrary code with the privileges of the X.org server.
(CVE-2007-1351, CVE-2007-1352)
An integer overflow flaw was found in the XFree86 XGetPixel() function.
Improper use of this function could cause an application calling it to
function improperly, possibly leading to a crash or arbitrary code
execution. (CVE-2007-1667)
Moritz Jodeit discovered that the DirectShow loader of Xine did not
correctly validate the size of an allocated buffer. By tricking a user
into opening a specially crafted media file, an attacker could execute
arbitrary code with the user's privileges.
xine-lib contains a buffer overflow which could be exploited (via a specially-crafted stream) to execute arbitrary code; see this advisory for more information.
xine-lib does an improper input data boundary check on
MPEG streams. A specially crafted MPEG file can be
created that can cause arbitrary code execution when the
file is accessed.
From the CVE entry: Multiple heap-based buffer overflows in the rmff_dump_cont function in input/libreal/rmff.c in xine-lib 1.1.9 allow remote attackers to execute arbitrary code via the SDP (1) Title, (2) Author, or (3) Copyright attribute, related to the rmff_dump_header function.
xmms suffers from vulnerabilities in its handling of BMP images. Should a hostile image be included in an xmms skin, it could lead to code execution on the user's system.
From the X.org security advisory:
Several vulnerabilities have been identified in server code of the X
window system caused by lack of proper input validation on user
controlled data in various parts of the software, causing various
kinds of overflows.
The X.Org X11 xfs font server has a temp file vulnerability in the
startup script. A local user can modify the permissions of the script
in order to elevate their local privileges.
CVE-2007-1095:
Michal Zalewski discovered that the unload event handler had access to
the address of the next page to be loaded, which could allow information
disclosure or spoofing.
CVE-2007-2292:
Stefano Di Paola discovered that insufficient validation of user names
used in Digest authentication on a web site allows HTTP response splitting
attacks.
CVE-2007-3511:
It was discovered that insecure focus handling of the file upload
control can lead to information disclosure. This is a variant of
CVE-2006-2894.
CVE-2007-5334:
Eli Friedman discovered that web pages written in Xul markup can hide the
titlebar of windows, which can lead to spoofing attacks.
CVE-2007-5337:
Georgi Guninski discovered the insecure handling of smb:// and sftp:// URI
schemes may lead to information disclosure. This vulnerability is only
exploitable if Gnome-VFS support is present on the system.
CVE-2007-5338:
"moz_bug_r_a4" discovered that the protection scheme offered by XPCNativeWrappers
could be bypassed, which might allow privilege escalation.
CVE-2007-5339:
L. David Baron, Boris Zbarsky, Georgi Guninski, Paul Nickerson, Olli Pettay,
Jesse Ruderman, Vladimir Sukhoy, Daniel Veditz, and Martijn Wargers discovered
crashes in the layout engine, which might allow the execution of arbitrary code.
CVE-2007-5340:
Igor Bukanov, Eli Friedman, and Jesse Ruderman discovered crashes in the
Javascript engine, which might allow the execution of arbitrary code.
GUI.pm in yarssr 0.2.2, when Gnome default URL handling is disabled, allows remote attackers to execute arbitrary commands via shell metacharacters in a link element in a feed.
The 2.6.25 merge window is still open, so there have not yet been
any prepatches for this development cycle. Patches continue to flow into
the mainline repository, with some 7500 changesets merged (as of this
writing) for 2.6.25.
The current -mm tree is 2.6.24-mm1. Recent changes
to -mm include the dropping of a number of subsystem trees due to patch
conflicts and the movement of vast numbers of patches into the mainline.
For older kernels: 2.6.22.17, released on
February 6, contains a significant number of fixes. It is likely to
be the last release in the 2.6.22.x series.
I don't think that "developer-centric" debugging is really even
remotely our problem, and that I'm personally a lot more interested
in infrastructure that helps normal users give better
bug-reports. And kgdb isn't even _remotely_ it.
I used kgdb continuously for 4-5 years until it broke. I don't
think I ever used it much for "debugging" as such. I used it more
for general observation of what's going on in the kernel.
Since last week's
installment, some 3800 changesets have been merged into the mainline
git repository. Some of the more interesting user-visible changes found in
that patch stream include:
Support for new hardware, including RDC R-321x system-on-chip
processors, Onkyo SE-90PCI and SE-200PCI sound devices, Xilinx ML403
AC97 controllers, TI TLV320AIC3X audio codecs, Realtek
ALC889/ALC267/ALC269 codecs, VIA VT1708B HD audio codecs, SiS 7019
Audio Accelerator devices, C-Media 8788 (Oxygen) audio chipsets, Asus
AV200-based sound cards, Freescale MPC8610 audio devices, Audiotrak
Prodigy 7.1 HiFi audio devices, Conexant 5051 audio codecs,
MediaTek/TempoTec HiFier Fantasia sound cards, wireless RNDIS devices
(and Broadcom 4320-based devices in particular), USB printer gadgets
(intended for use in printer firmware),
and NetEffect 1/10Gb ethernet adapters.
The nearly-unused ALSA sequencer instrument layer has been removed.
SELinux has a new set of checks which allow the creation of policies
which control the flow of packets into and out of the system.
Netfilter has a more flexible "hashlimit" mechanism for limiting the
number of packets to/from a given source over time.
There is a new "flow" classifier for the network fair queueing code
which allows the more flexible creation of traffic policies.
The futex mechanism has a new "bitset wait" mechanism which allows for
more targeted wakeups. This feature will be used by glibc to
implement optimized reader-writer locks.
PCI hotplug is no longer an experimental feature.
Support for PCI Express ASPM, a power management protocol, has been
added.
The virtio "balloon" driver (which can be used to change the amount of
memory used by a KVM guest) and PCI driver have been added.
The CLONE_STOPPED bit (for the clone() system call)
is said to be unused and is planned for removal. For 2.6.25, a
warning will be printed.
The page map patches,
which enable much better accounting of memory use by processes, have
been merged.
The "PM QOS" infrastructure allows both kernel and user-space code to
register quality-of-service requirements (in the form of CPU DMA
latency, network latency, and network throughput). These requirements
will be taken into account when the kernel considers putting the
system into a lower-power state.
Per-process capability bounding sets (which permanently remove
potential capabilities from a process) are now supported. 64-bit
capability mask support has also been merged.
The smbfs filesystem has (finally) been deprecated in favor of CIFS.
It is now scheduled for removal in 2.6.27.
There is a new RPC transport module allowing (client) NFS mounts using
RDMA.
Changes visible to kernel developers include:
A large number of SUNRPC symbols (rpc_* and
rpcauth_*) have been changed to GPL-only exports.
The x86 architecture merger continues, with quite a few files being
coalesced.
The "flatmem" and "discontigmem" memory models have been removed on
the 64-bit x86 architecture; "sparsemem" is now used for all builds.
The x86 spinlock implementation has been replaced with a "ticket
spinlock" mechanism which provides fair FIFO behavior.
The fastcall function attribute didn't do anything on the x86
architecture, so it has been removed.
x86 has a new set of functions for easily manipulating page
attributes. They are:
set_memory_uc(unsigned long addr, int numpages); /* Uncached */
set_memory_wb(unsigned long addr, int numpages); /* Cached */
set_memory_x(unsigned long addr, int numpages); /* Executable */
set_memory_nx(unsigned long addr, int numpages); /* Non-executable */
set_memory_ro(unsigned long addr, int numpages); /* Read-only */
set_memory_rw(unsigned long addr, int numpages); /* Read-write */
There is also a set of set_pages_* functions which take a
struct page pointer rather than a beginning address.
Early-boot debugging of x86 systems via the FireWire port is now
supported.
Bidirectional command support has been added to the SCSI layer.
There is a new process state called TASK_KILLABLE. It is a
blocked state similar to TASK_UNINTERRUPTIBLE, with the
difference that a wakeup will happen upon delivery of a fatal signal.
The idea is to allow (almost) uninterruptible sleeps, but to still
allow the process to be killed outright - thus ending the problem of
unkillable processes stuck in the "D" state. There is a new set of
functions for using this state: wait_event_killable(),
schedule_timeout_killable(), mutex_lock_killable(),
etc.
add_disk_randomness() has been unexported as there are no
more in-tree users.
pci_enable_device_bars() has been replaced by two
more-specific functions: pci_enable_device_io() and
pci_enable_device_mem().
The high-resolution timer API has been augmented with:
unsigned long hrtimer_forward_now(struct hrtimer *timer,
ktime_t interval);
It will move the given timer's expiration forward past the current
time as determined by the associated clock.
The device structure now holds a pointer to a
device_dma_parameters structure:
struct device_dma_parameters {
unsigned int max_segment_size;
unsigned long segment_boundary_mask;
};
These parameters are used by the DMA mapping layer (and the IOMMU
mapping code in particular) to ensure that I/O operations are set up
within the device's constraints. The PCI layer supports this feature
with two new functions:
int pci_set_dma_max_seg_size(struct pci_dev *dev, unsigned int size);
int pci_set_dma_seg_boundary(struct pci_dev *dev, unsigned long mask);
Drivers for devices with unusually strict DMA limitations should
probably use these functions to ensure that those restrictions are
respected.
One thing which has not made it into 2.6.25 is the KGDB debugger for
the x86 architecture. Amusingly, a linux.conf.au kernel mini-conf
discussion of "sneaking" KGDB past Linus proceeded for some time before the
participants noticed him standing in the back of the room listening to the
whole thing. His current position is that
he won't pull it as part of
the x86 tree, and he's still not much interested in the idea in general.
As of this writing, the merge window is still open and could stay that way
for as much as a week. So more interesting code could still find its way
in through this merge window; stay tuned.
Performance, or lack thereof, has often been a knock against the
venerable Network File System (NFS), but no real competition has emerged.
NFS also has some serious flaws for programmers and users, with behavior
that is markedly different from that of local filesystems. Both of these
problems are spurring the creation of new network filesystems; two of
which were announced in the last week.
The Coherent Remote File System (CRFS) was introduced last week at
linux.conf.au by Zach Brown of Oracle. It uses BTRFS—pronounced
"butter-f-s"—as its storage on the server, rather than layering atop
any POSIX filesystem as NFS does. According to Brown, BTRFS has a number
of important features that outweigh the inconvenience for users of getting
their data into a BTRFS volume. The biggest is the ability to do compound
operations (creating or unlinking a file for example) in an atomic and
idempotent manner.
CRFS has a userspace daemon (crfsd) that talks to the BTRFS volume as well
as multiple clients. The clients use the kernel VFS caching infrastructure
extensively, thus are implemented as kernel modules. A user wishing
to access the underlying BTRFS volume on the server, must mount it as a
CRFS volume; crfsd must have exclusive access to the BTRFS. This is also
different from NFS which will cooperate with local mounts of the underlying
filesystem.
The basic idea behind CRFS is to have clients cache as much of the
filesystem data as they can while using cache coherency protocols to reduce
the amount of network traffic that gets generated. Clients
keep track of the cache state for each object they have stored, while the
server tracks the cache state of all objects that any client has. The
messages between server and client consist of cache state transitions and
the data being transferred.
Data transfer in both directions is done using CRFS "item ranges". CRFS
objects use the BTRFS key scheme to represent objects (file data, directories,
directory entries, inodes, etc.) in the filesystem.
An item range is a contiguous section of the key space, specified by a
minimum and maximum key value as part of the message. When the client is
filling its cache, it can request a particular key but also offer to take
other surrounding keys as part of the response; if the server sees those
keys in the BTRFS leaf node, it can send them along as well.
Something on the order of a 3x speedup over asynchronous NFS mounts is
the current performance of CRFS for a simple untar. Comparing to
synchronous NFS mounts (where each write has to actually hit the remote
disk) is not a sensible comparison; there is a roughly 10x speed difference
between the two types of NFS mounts. Brown has been working on CRFS for
"about a year" and is planning to release the code eventually. Until that
happens, the slides
[PDF] and video
[Theora] from his talk—as well as a few postings to his weblog—are the only
sources of information about CRFS.
Another filesystem, that aims to have a broader reach than
CRFS, is the Parallel Optimized Host Message Exchange
Layered File System (POHMELFS), announced in linux-kernel posting by
Evgeniy Polyakov. POHMELFS is meant to be a building block for a
distributed filesystem that would offer a multi-server architecture and
allow for disconnected filesystem operations. Polyakov has only been
working on it for a month, so it is, at best, the start of a proof of concept.
The POHMELFS vision is in some ways similar to CRFS in that the clients
will handle as much as possible locally, with minimal server interaction.
Like CRFS, client kernel modules talk to a server userspace daemon, using
cache coherency protocols to keep the data and metadata in sync. For CRFS,
the coherency is not yet implemented, but is fleshed out to some
extent,
while POHMELFS has quite a bit of fleshing out to do. Unlike CRFS,
POHMELFS supports POSIX filesystems on the server side and the code is
available now.
There are some rather large hurdles to overcome in the POHMELFS vision, not
least of which is handling file IDs in separate client-side filesystems such
that they can be synchronized with the server. The current code implements
a write-through cache version that creates objects on the server before
they are
used in the client side cache. There is also an additional patch that
implements a hack to disable the
writeback cache and use only the client side caching. The latter is, not
surprisingly, very fast, but not terribly usable for multiple mounts of the
filesystem. Essentially Polyakov is showing the benefits of client-side
caching, but in the context of a broader scheme.
It will be a long time, if ever, that we see some descendant of either of
these filesystems in the kernel. There is much work to be done, but they
are worth looking at to see where networking and distributed filesystems may be
headed. For them to be useful outside of just
the Linux world—like the ubiquity of NFS—there would have to be some kind of standardization
followed by adoption by the major players. That will take a very long time.
Spinlocks are the lowest-level mutual exclusion mechanism in the Linux
kernel. As such, they have a great deal of influence over the safety and
performance of the kernel, so it is not surprising that a great deal of
optimization effort has gone into the various (architecture-specific)
spinlock implementations. That does not mean that all of the work has been
done, though; a patch merged for 2.6.25 shows that there is always more
which can be done.
On the x86 architecture, in the 2.6.24 kernel, a spinlock is represented by
an integer value. A value of one indicates that the lock is available.
The spin_lock() code works by decrementing the value (in a
system-wide atomic manner), then looking to see whether the result is
zero; if so, the lock has been successfully obtained. Should, instead, the
result of the decrement option be negative, the spin_lock() code
knows that the lock is owned by somebody else. So it busy-waits ("spins")
in a tight loop until the value of the lock becomes positive; then it goes
back to the beginning and tries again.
Once the critical section has been executed, the owner of the lock releases
it by setting it to 1.
This implementation is very fast, especially in the uncontended case (which
is how things should be most of the time). It also makes it easy to see
how bad the contention for a lock is - the more negative the value of the
lock gets, the more processors are trying to acquire it. But there is one
shortcoming with this approach: it is unfair. Once the lock is released,
the first processor which is able to decrement it will be the new owner.
There is no way to ensure that the processor which has been waiting the
longest gets the lock first; in fact, the processor which just released the
lock may, by virtue of owning that cache line, have an advantage should it
decide to reacquire the lock quickly.
One would hope that spinlock unfairness would not be a problem; usually, if
there is serious contention for locks, that contention is a performance
issue even before fairness is taken into account. Nick Piggin recently
revisited this issue, though, after noticing:
On an 8 core (2 socket) Opteron, spinlock unfairness is extremely
noticable, with a userspace test having a difference of up to 2x
runtime per thread, and some threads are starved or "unfairly"
granted the lock up to 1 000 000 (!) times.
This sort of runtime difference is certainly undesirable. But lock
unfairness can also create latency issues; it is hard to give latency
guarantees when the wait time for a spinlock can be arbitrarily long.
Nick's response
was a new spinlock implementation which he calls "ticket
spinlocks." Under the initial version of this patch, a spinlock became a
16-bit quantity, split into two bytes:
Each byte can be thought of as a ticket number. If you have ever been to a
store where customers take paper tickets to ensure that they are served in
the order of arrival, you can think of the "next" field as being the number
on the next ticket in the dispenser, while "owner" is the number appearing
in the "now serving" display over the counter.
So, in the new scheme, the value of a lock is initialized (both fields) to
zero. spin_lock() starts by noting the value of the lock, then
incrementing the "next" field - all in a single, atomic operation. If the
value of "next" (before the increment) is equal to "owner," the lock has
been obtained and work can continue. Otherwise the processor will spin,
waiting until "owner" is incremented to the right value. In this scheme,
releasing a lock is a simple matter of incrementing "owner."
The implementation described above does have one small disadvantage in that
it limits the number of processors to 256 - any more than that, and a
heavily-contended lock could lead to multiple processors thinking they had
the same ticket number. Needless to say, the resulting potential for
mayhem is not something which can be tolerated. But the 256-processor
limit is an unwelcome constraint for those working on large systems, which
already have rather more processors than that. So the add-on "big
ticket" patch - also merged for 2.6.25 - uses 16-bit values when the
configured maximum number of processors exceeds 256. That raises the
maximum system size to 65536 processors - who could ever want more than
that?
With the older spinlock implementation, all processors contending for a
lock fought to see who could grab it first. Now they wait nicely in line
and grab the lock in the order of arrival. Multi-thread run times even
out, and maximum latencies are reduced (and, more to the point, made
deterministic). There is a slight cost to the new implementation, says
Nick, but that gets very small on contemporary processors and is
essentially zero relative to the cost of a cache miss - which is a common
event when dealing with contended locks. The x86 maintainers clearly
thought that the benefits of eliminating the unseemly scramble for
spinlocks exceeded this small cost; it seems unlikely that others will disagree.
Joe 'Zonker' Brockmeier has joined the openSUSE
project as the openSUSE community manager. We were pleased to have the
opportunity to ask Zonker a few questions about his new job.
Many LWN readers will remember that you were a regular contributor to LWN.
Any comments on what you have been up to between there and here?
Sure -- I stopped contributing to LWN when I took a full-time job with
OSTG/Linux.com (now the company known as SourceForge), and had to stop
freelancing. I was editorial director there for two years, and then
joined Linux Magazine as Editor-in-Chief. I've missed contributing to
LWN, but I still read LWN religiously.
As community manager will you be employed by Novell?
Yes.
Will you report to the openSUSE board?
I will be working with the board, but I report to Justin Steinman at
Novell. It's an unusual position, though, because my job is in large
part to be an advocate/ombudsman for the community.
openSUSE has adopted a Code of Conduct for
mailing lists and IRC. As community manager, will policing this traffic be
a part of your job?
No -- we don't plan to have anyone actively policing the lists looking
for violations. Instead, the board is working on a policy to allow
community members to bring violations of the Code to the board to
decide whether disciplinary action should be needed. I hope that it's
something that won't be needed often, or at all -- and I don't think
it will be needed often.
How much control does Novell hold over openSUSE development? Should there
be more or less control? Is Novell allowing the community to make its own
decisions?
Right now, I'd say Novell is still guiding development pretty closely,
but would like the community to have a more prominent voice in the
direction of the development of openSUSE. I think the Fedora Project
is a pretty good model here, and I really think Max Spevack did a
great job in terms of helping Fedora come into its own.
The openSUSE Board appointed
last November is a step towards giving the community more control over
governance of the project.
This is a new position. How much latitude will you have to define what the
community manager is/does?
Well, certain aspects of the job are already well-defined. For
example, a big part of the job will be traveling to conferences to
speak about openSUSE and also to organize an openSUSE conference. But
there's definitely some room to define the role as well.
OpenSUSE has a weekly news letter which has come out almost weekly since
its inception last November. Do you have any plans to get involved with
that? Is it useful?
Yes, I do plan to contribute and help out with that where needed. I
think it's very useful -- communication is vital to the health of a
project like openSUSE. There are a lot of people contributing to
openSUSE, and without something like the weekly news, it would be easy
for contributors to lose track of what their colleagues are doing.
It's also important to spreading the news outside of the openSUSE
community so that other open source projects know what we're up to and
possibly find ways to collaborate and help reduce duplication of
effort between projects. Finally, I think it's a good way to show what
various contributors are doing and help recognize the contributors
that are having an impact on openSUSE.
What are your plans for the openSUSE community?
Over the long term, I'd like to help foster increased adoption of
openSUSE by a significant amount -- which means doing a better job of
promoting the distro, as well as communicating with potential users
and finding out what it is they need/want from openSUSE and working on
delivering that. (I'd encourage LWN readers to check out the alpha
builds for openSUSE 11.0 and give us feedback as we're working on the
final 11.0 release that should be done in July.)
I also want to work on developing a recognition system so that
contributors are acknowledged for their work, which we're doing more
on already -- we just announced our membership program for
contributors to be recognized. I also want to make sure we're providing a
"roadmap" so that potential contributors have a clear path into the project
and know where to get started -- whether that's development, artwork,
documentation, quality assurance, advocating openSUSE, or supporting other
users.
Also, organize the first openSUSE conference, make sure openSUSE is
better represented at other conferences, and help provide potential
contributors with a roadmap to becoming contributors. I'd like to make
it as easy as possible for people to participate.
Finally, but not least -- I want to do what I can to help coordinate
increased cooperation between Linux distros and reduce duplication of
effort. While a lot of folks might like to portray the situation as
openSUSE vs. Fedora, Ubuntu, or any other distro, I don't see it that
way -- if someone is already happily using another distro, then I
consider that a win. I want to focus on attracting people who aren't
running Linux at all yet. There's plenty of work left to do, and I
hope we can do a better job of pooling our resources to attract those
people.
Is there anything you would like to add?
Just that I'd like to encourage LWN readers to visit
zonker.opensuse.org and news.opensuse.org for updates on the openSUSE
project, and to feel free to contact me (zonker@opensuse.org) with any
questions, suggestions, and comments related to openSUSE.
Thank you for taking the time to answer our questions.
Terra Soft has released Yellow Dog Linux v6.0 for Sony PS3, Apple G4/G5,
and IBM System p. YDL v6.0 is built on CentOS and includes select Fedora 7
components and the E17 desktop.
The first alpha release of Fedora 9 is available for testing. "The
Alpha release provides the first opportunity for the wider community to
become involved with the testing of Rawhide: representing a sanitised
snapshot of Fedora's development branch, which sees rapid changes and will
become the next major release, it should boot on the majority of systems,
providing both an opportunity to get a look at what new features will be
included in the next release and also an opportunity to provide feedback
and bug reports to help ensure that the next release is as good as
possible."
The fourth alpha of the Hardy Heron, which will become Ubuntu 8.04, is
available for testing. In addition to the Ubuntu flavor this alpha is also
available in the form of Kubuntu, Edubuntu, Ubuntu JeOS, Gobuntu and
UbuntuStudio.
The Debian release team has sent out an update with quite a bit of
information about the upcoming "Lenny" release. Said release is planned
for this September. "As we are progressing in our release preparations; we have reviewed
the original schedule for lenny to check for any imminent problems, and
at the moment are quite content with the current state. We are, as always,
concerned about the large number of release critical issues still unfixed
in testing, so please help do something about it."
The January 30, 2008 Slackware current changelog entry has a thank you
"to the KDE team, not only for their tremendous accomplishments over
the years, but for the gracious reception they gave to the members of the
Slackware team who traveled to the release event." The next
Slackware release will contain KDE 3.5.9, but KDE 4.1.x is targeted for the
one after that.
The openSUSE project has announced the adoption of a new code of conduct. "The idea is to follow some common-sense rules of politeness when
communicating in the various openSUSE forums: mailing lists, IRC
channels, web forums, Bugzilla, etc. These places have seen very rude
behavior in the past; what we want to do is to make openSUSE actually a
nice project in which to participate."
Raphael Hertzog has put together some Debian developer news with a look at
Debian Enhancement Proposals, the packages that need some work,
debcheckout, Bits from DEHS (Debian External Health Status), and several
other topics.
The Fedora Weekly News for January 28, 2008 looks at Planet Fedora articles
"Updates to anaconda", "linux.conf.au day 1", "Fedora win32
livecd-iso-to-usb tool" and "Video: Simple layer blending in Gimp"; Fedora
Marketing articles "Tasks set by Marketing Meeting on IRC", "RPM Fusion
interview", "2008 Readers' Choice Survey" and "FUDCon Video Torrent"; and
more.
The openSUSE Weekly
News for January 31, 2008 covers openSUSE Build Service Expands Support
to Red Hat and CentOS, Sax2 ported to Qt4, Open Source Meets Business, with
openSUSE attendees, kicks off, openSUSE 10.3 PromoDVDs Now Available for
Order, and several other topics.
The OpenSUSE Weekly
News for the week starting the January 28, 2008 looks at KDE 4.0.1,
openSUSE Live CD, New KDE Repo Layout, openSUSE Welcomes Zonker,
Applications for openSUSE Membership Now Open, Alpha 2 Released this Week,
and several other topics.
The Ubuntu Weekly Newsletter for February 2, 2008 covers the release of
Hardy Alpha 4, Server Team focuses on KVM, new Ubuntu banners for your
website or blog, new MOTU and Council elections results, Hug Day 5 February
2008, a new Ubuntu based distro, and much more.
The DistroWatch
Weekly for February 4, 2008 is out. "It's tough to be a
developer of a desktop operating system these days. Not only are we seeing
increasing usability and user-friendliness from the major Linux
distributions, the BSD world now also wants its share of the market, while
there are those who believe that even Solaris can be a viable desktop
alternative to the more established operating systems. But how far has Sun
Microsystems' flagship product progressed since the opening up of the
source code in the form of OpenSolaris? Our featured story looks at
Nexenta, Indiana, BeleniX and other OpenSolaris-based distribution and asks
whether they can compete on the desktop. In the news section, Debian edges
closer to "Lenny", Slackware announces plans to move to KDE 4, François
Bancilhon defends the code-sharing agreement with Turbolinux, and Ars
Technica investigates the latest release of NetBSD. Finally, we are proud
to announce that the recipient of the DistroWatch January 2008 donation is
the VideoLAN VLC project. Enjoy the read and happy Chinese New Year to all
our readers!"
DebConf8 is open for registration. Proposals for papers, presentations,
discussion sessions and tutorials will be accepted until March 31, 2008.
DebConf8 will take place in Mar del Plata, Argentina from August 10 to
August 16, 2008. As usual the conference will be preceded by DebCamp.
Phoronix has a review of
Indiana Preview 2. "A week ago we reported that a second preview
release of Project Indiana, Sun's attempt at creating an operating system
for the desktop based upon OpenSolaris and led by Ian Murdock, was on track
to be released in the near future. Thursday afternoon that became true with
the test image surfacing for Developer Preview 2 of Project Indiana, or
what will formally be called OpenSolaris. Officially, this new release is
known as the OpenSolaris Developer Preview 1/08 edition. The general
availability release of Project Indiana is expected in March, but today we
have up a tour of this new Indiana release."
Version 8.3 of the
PostgreSQL DBMS was
announced on February 4, 2008:
"Today the PostgreSQL Global Development Group releases the long-awaited
version 8.3 of the most advanced open source database, which cements our
place as the best performing open source database."
Version 8.3 brings many new
features.
First on the list is the cleaning up of data type conversions.
This improvement may impact backwards compatibility issues with older
applications, but will insure better data integrity in the future.
There are four new capabilities that aim to improve the consistency of
response times, these include Heap Only Tuple for speeding up access to
frequently updated data, asynchronous commits,
spread checkpoint autotuning and a just-in-time background writing strategy.
There have been numerous speed improvements including better recovery time
for the write ahead log, faster small-merge joins, faster LIKE/ILIKE
comparisons, improvements to searches using LIMIT, lazy XID assignment for
improving read-mostly database speed and function costing for faster query
planning.
Large database support improvements include synchronized scans for
multiple users, level 2 cache scan protection to prevent CPU thrashing
and reductions in the size of headers for variable size fields.
Windows users will benefit from new Visual C++ support and some code rewrites.
Administration improvements include output of logs to database-loadable
files, SSPI and GSSAPI support for Kerberos authentication, embeddable
GUC settings at function creation time, parallel autovacuum workers,
the pg_standby tool for configuring warm standby servers and a new ability
to specify the position of NULLs at the beginning or end of results.
Development improvements include API improvements to the full text search tool,
plan invalidation for clearing cached plans and automatically dropping
plans when tables are updated, and updatable cursors.
Data type enhancements include full support for the ANSI SQL:2003 XML spec,
support for 128 bit UUIDs, support for arrays of compound types and
support for ENUM columns with a defined ordered list of alternatives.
The ENUM enhancement allows applications to be migrated from the
MySQL DBMS.
The PostgreSQL stored procedure language has a simplified syntax for row-returning functions and new support for scrollable cursors, which
allows procedures to perform complex row manipulations.
A number of new accessory tools are being released with PostgreSQL 8.3
including a multi-threaded connection pooler, a distributed, horizontally scaled table interface, an SNMP interface, a SELinux-based security extension,
a new GUI with debugging and step-through execution capabilities, a
new replicated query agent, a multi-master asynchronous replication system,
an integrated clustering tools project and an improved replication system.
For more information on the new features in PostgreSQL 8.3, see the
release notes.
The
feature matrix
gives a tabular view of features added versus the version number.
In order to speed the next release up, the PostgreSQL team plans to
implement a new
development plan
for version 8.4:
In the 8.4 development cycle we would like to try a new style of
development, designed to keep the patch queue to a limited size and to
provide timely feedback to developers on the work they submit. To do
this we will replace the traditional 'feature freeze' with a series of
'commit fests' throughout the development cycle. The idea of commit
fests was discussed last October in -hackers, and it seemed to meet
with general approval. Whenever a commit fest is in progress, the
focus will shift from development to review, feedback and commit of
patches. Each fest will continue until all patches in the queue have
either been committed to the CVS repository, returned to the author
for additional work, or rejected outright, and until that has
happened, no new patches will be considered.
Version 8.3 represents a major step forward for PostgreSQL,
if the new development style bears fruit, the next major version
will come about more quickly.
Version 2.0.1 of Open1X
has been announced.
"Open1X is an open source implementation of the IEEE 802.1X protocol. This project includes support for the authenticator and supplicant, while other projects (e.g., FreeRADIUS) provide support for the authentication server. XSupplicant version 2.0.1 has been released. This release fixes bugs that have been found since the 2.0.0 release. It does not contain any new features."
Apache Software Foundation has
announced the promotion of Apache Synapse to an independent
Top-Level Project.
"Apache Synapse v1.1.1 alleviates the traditionally cumbersome
development and integration process; enterprises can reliably employ Open
Source through Synapse's support for numerous open standards such as HTTP,
SOAP, FTP, SMTP, XML, XSLT, XPath, JMS, Web Services Security (WSS), Web
Services Reliable Messaging (WS-RM), and more. In addition, Synapse
supports a number of useful functions out-of-the-box without programming,
and can be extended using popular programming languages such as Java,
JavaScript, Ruby, and Groovy."
Version of has been
announced.
"ZK is Ajax framework enriching Web apps with little programming. With event-driven and markup languages, development is as simple as programming desktops and authoring HTML/XUL pages. ZK supports scripting lang including Java, JavaScript, Ruby, Groovy...
Over 8 new features and 22 bugs fixed, ZK 3.0.3 focuses mainly on fixing bugs and improving performance. More languages are supported for messages, and more formats are supported to JasperReports."
Version 1.1.3 of logicAlloy ALE, an RFID-EPC compliant RFID middleware
platform, has been has been
announced.
"This new version has minor updates addressing bugs."
Version 0.6 of Zumastor
has been announced.
"For those just tuning in, Zumastor is free software that
adds enterprise storage features (primarily improved
snapshots and remote replication) to Linux.
Zumastor's snapshots share space more effectively than
LVM snapshots, and it makes snapshots easily accessible
by users (e.g. via Samba's "Previous Versions" feature)."
GNOME Development Release 2.21.90 is available for testing.
"This is our sixth development release on our road towards GNOME
2.22.0, which will be released in March 2008. Your mission is simple:
Go download it. Go compile it. Go test it. And go hack on it,
document it, translate it, fix it."
Version 2.21.90 of GARNOME, the GNOME testing distribution,
has been announced.
"We are pleased to announce the release of GARNOME 2.21.90 Desktop and
Developer Platform. This is the ninetieth, err... sixth development
release on our road towards GNOME 2.22.0, which will be released in
March 2008.
This release comes with more features, more fixes, and yet more madness.
Yes, *fixes*! :) It is for anyone who wants to get his hands dirty on
the development branch, or who'd like to get a peek at future features."
KDE 4.0 users are likely to be interested in the recently-announced 4.0.1
release, which contains a pile of important fixes. "Improvements in this release include, but are not limited to:
Konqueror, KDE's webbrowser has seen numerous stability and performance fixes
in its HTML rendering engine KHTML, in its Flash plugin loader and in KJS,
the JavaScript engine.
Stability problems have been addressed in components that are used all over
the KDE codebase."
KDE.News reports
that Sun and Frontline have donated a new server to KDE.
"During a tutorial today on-stage at linux.conf.au, Sun Microsystems and Frontline donated a server to the KDE project, available for shipment within hours. Aaron Seigo, Plasma developer and KDE e.V President, accepted a certificate from Ross Cunningham of Sun Microsystems and David Purdue of Frontline on behalf of the KDE project."
The January 27, 2008 edition of the
KDE Commit-Digest has been
announced.
The content summary says:
"Heavy refactoring and work on merging translation branches in Lokalize (which is renamed from "Kaider", and moved from playground to kdesdk). Work on a question editor in KEduca. Work on real-time cloud imagery in Marble. An initial implementation of a new undo stack in KWordQuiz. The start of a KAlgebra, Rot13, KWorldClock, and Pastebin Plasma applet, with the inclusion of more functionality from KDE 3.5 (such as the multi-row taskbar panel) in Plasma..."
Version of ij-plugins Toolkit has been
announced, it features bug fixes and other improvements.
"The 'ImageJ Plugins' project is a source of custom plugins for the Image/J software. Image/J is a public domain image processing and analysis program developed in Java".
Version 1.3 of osslsigncode has been
announced.
"Platform-independent tool for Authenticode signing of EXE/CAB files - uses OpenSSL and libcurl. It also supports timestamping.
Includes padding fix and support for signing of already signed files."
Version 1.0 of WorldVistA EHR VOE has been
announced.
"WorldVistA announces the release and availability of WorldVistA EHR VOE/ 1.0, the only open source EHR that meets Certification Commission for Healthcare Information Technology (CCHITSM) ambulatory electronic health record (EHR) criteria for 2006. WorldVistA EHR VOE/ 1.0 is based on and compatible with the U.S. Department of Veterans Affairs (VA) world renowned EHR, VistA®.
After completion of the VOE project, WorldVistA made additional enhancements and successfully submitted WorldVistA EHR for certification by CCHIT."
Version 1.26.2 of WCNT, a modular synthesis sampling sequencing audio
wav file generator, is out with lots of new capabilities and bug fixes.
"Second release of wcnt-1.26 after the pre releases..."
Version 0.7.5.8 of MediaInfo has been
announced.
"MediaInfo supplies technical and tag information about video or audio files (MKV/AVI/MOV/MPEG1, 2, 4/M4A/M4V/MP3/AAC/RM/...)
There are several versions: Graphical interface, Command line, or DLL for third-party software developers (like emule). GUI is multi-language.
In this release: Full parsing of DivX/XviD/H264/AVC settings (profile...) for Matroska and AVI, Better handling of OpenDML files, Musepack SV8 support, 2GiB+ files parsing under Linux and MacOS and some bug patches."
Version 2.2 of Transform SWF has been
announced.
"The Transform SWF framework parses and encodes Flash (.swf) files. Classes for each of the tags and data structures in the Flash (SWF) File Format Specification are provided along with utility classes for a high level API for generating Flash files.
This release contains new convenience classes to simplify handling and generating flash files. FSHeader for getting information on files without decoding them completely; FSFrame for grouping together all the objects associated with a frame in a move and FSLayer for creating separate time-lines when displaying objects."
The January 31, 2008 edition of the Mozilla Links Newsletter
is online, take a look for the latest news about the Mozilla browser
and related projects.
Version 4.2.3 of the Gnu Compiler Collection (GCC) has been released.
"GCC 4.2.3 is a bug-fix release, containing fixes for regressions
in GCC 4.2.2 relative to previous GCC releases"
Version 2.44 of GNU CLISP has been announced.
"This version speeds up
list and sequence functions, splits off the libffcall library, and
fixes many bugs."
Version 0.7 of image4j has been
announced.
"Read and Write ICO,BMP formats in 100% pure Java
Been a long time in the making, but I've finally gotten round to the final release for 0.7
The library appears to be stable, hence my decision to finalize the current release."
Version 1.5.4 of GIT, a distributed version control system,
has been announced.
"Changes since v1.5.3: 1595 non-merge commits
165 contributors
684 files changed, 70435 insertions, 28984 deletions"
ComputerWorld.com.au talks
with Aaron Seigo at LCA. "What do you think of the support
KDE has received from the Linux distributors, many of which have chosen
GNOME as their default desktop environment? We need to get better at
collaborating on the commonalities. In China, Linux has something like 15
percent of the desktop and most of that is KDE. We see people in the market
making this choice. People choose KDE - look at the Asus Eee PC. They are
on target for about 5 million sales by mid year. I look at that and say
could it have been better. We have a lot of success to point at. What I
find unfortunate is that some companies dig into technologies. Canonical
did not communicate well about long-term support and therefore neglected 35
percent of their user base. A user base they routinely neglect, but at KDE
we ignore a lot of this."
The Linux Foundation has posted the second part of its interview with Linus Torvalds; this installment covers software patents, maintainership, desktop Linux, and more. It's available in MP3 and Ogg formats; there is also a transcript. "So, I actually enjoy seeing all these other kernel trees happening. All the vendors have their own. If a vendor has drivers that I dont have, I get really upset with the developers who decided those drivers are not good enough to send to Linus. Im like, Why is my kernel tree worse than a vendor kernel tree?"
apc
covers an LCA talk by LWN's Jonathan Corbet.
"Kernel release 2.6.24 came out on January 24, just before linux.conf.au began. Corbet estimates 2.6.25 will be finalised sometime around April.
That rapid cycle represents an astonishing volume of new code. "We are adding about 2000 lines of code to the kernel every single day of the year, without exception," Corbet said. "Nobody can really keep up with this [on their own] any more. It's an amazing process, and it seems to be working."
The project which those numbers immediately bring to mind is Wikipedia, which uses similar open source principles, along with an "anyone can contribute" ethos."
ars technica covers Asus's announcement of new Linux-based products. A desktop, monitor all-in-one system, and TV product are planned. "Lastly, there's the E-TV. As the name suggests, Asus is merging some aspect of the Eee into its 42" LCD displays. Exactly what functionality the company is referring to is unknown. Asus could theoretically embed an Eee directly into the television and ship the device with a keyboard+mouse, but the whole 'use your TV as your web browser/computer' concept has never caught on well."
X-bit labs
reports on the Asus Eee line.
"Asustek Computer, a leading maker of personal computers and computer parts, announced on Wednesday a lineup of various devices that will be marketed under Eee trademark. The family will include a desktop, an HDTV and a monitor with build-in PC. The new products will allow Asus to enter the new markets, though, the success is hardly inevitable."
InfoWorld
reports on Azingo's entering the Linux-based mobile phone market.
"Formerly called Celunite, Azingo aims to differentiate itself from the crowd by offering phone makers an entire package, including kernel, middleware, applications, development tools, and integration services.
"Mobile Linux has failed because there's a big integration problem," said Michael Mclaughlin, marketing director at Azingo. "People come with piece parts.""
Linux Tech Daily interviews KDE developer Sebastian Kuegler. "On the other hand, we seem to have lost a bit of our traction with larger Linux distributions. We hope we can address parts of that with being more predictable. I dont think that merely a release cycle is to be blamed for that, but really, we are putting the pieces together to make living with KDE easier for our commercial partners. We have emphasised focus in UI aspects such as usability and artwork, but were also more actively working together with distributions and try to engage them more in our development process."
ZDNet
talks to Linus Torvalds about Linux power management issues.
"The infrastructure and tools required to make Linux a green operating system are now in place, according to Linus Torvalds, who was in Melbourne this week attending Australia's largest Linux conference.
In an interview at the linux.conf.au conference, Torvalds admitted that Linux was lagging behind on power-management and energy-diagnosis tools.
"It is an area we were pretty weak in a few years ago and just building up the infrastructure took a long time, but now we are at a point where we have most of it done," said Torvalds."
Groklaw takes a
look at the Zimbra project. "I'm worrying about Zimbra, a
project I had high hopes for. You'll find it interesting how the Zimbra
forum is anguishing over a proposed Microsoft hostile takeover of Yahoo!
since it's obvious it won't wish to help Zimbra, a competitor to a
Microsoft product, Exchange. Note how one forum member writes that the
only way to protect it is if it is GPLd." Some of Zimbra's source
code is currently available under a Yahoo Public License.
LinuxWatch
investigates Debian's difficulties with corporate support.
"Debian, either directly or through related Linux distributions such as Xandros, is used both by Linux enthusiasts and Fortune 500 companies.
Of course, you couldn't prove that by the vast majority of Debian developers who never see a thin dime from their Debian work. Or, I should add, get access to new hardware, travel expenses to Debian developer conferences and so on.
The reason for this is twofold. First, Debian, as a developer community, has never wanted any kind of "business" organization or corporate partnerships or sponsorships. It is purely a volunteer operation and woe unto any would-be developer who tries to change Debian's ways."
The Electronic Frontier Foundation is challenging a patent regarding
online gaming.
"The Electronic Frontier Foundation (EFF) is
challenging a bogus online gaming patent threatening small
businesses and innovators of multi-player Internet games.
Sheldon F. Goldberg was awarded the illegitimate patent for
the "method and system of playing games on a network," and
claims to own rights in all online gaming systems that use
tournament-style play, advertising, and have real-time
updates of ladder-rankings in multi-player games. Goldberg
has used this bogus patent to coerce licensing fees from
numerous small businesses, demanding payments that are
excessive yet less than potential litigation."
ODBMS.ORG has announced that it will host the resources of the
former ODMG.ORG consortium.
"This merger gives researchers and students, as well as any software developer with interest in
object oriented programming and persistence, a one-stop experience to find nearly 1,000 resources
aggregated and selected by a team of more than 100 internationally renown experts on object
database technology including names such as Alan Kay, Suad Alagic, Scott Ambler, Philippe Kahn,
Michael Blaha, William Cook, and Carl Rosenberger."
Big Box Linux
has announced its existence.
"Announcing the grand opening of Big Box Linux,
the Canadian Linux hardware store. All the parts we carry are guaranteed
Linux-compatible. No longer do Linux users have to spend hours
researching websites and newsgroups in order to find parts that work on
Linux. Everything for sale at Big Box Linux is known to work, and we
even include Linux installation instructions for the components that
require it."
The LiMo Foundation has
announced a new Linux-based mobile phone software platform.
"LiMo Foundation, a global
consortium of mobile leaders delivering an open handset platform for the
whole industry, today announced the on-schedule availability in March 2008
of the first release of the LiMo Platform-the first globally competitive,
Linux-based software platform for mobile handsets-together with the
immediate public availability of the application programming interface
(API) specifications."
LinuxForce has made the following announcement:
"LinuxForce announced today that
it has released a complete array of monitoring services and software
to provide round the clock protection for businesses. The collection of
software, consulting and other monitoring services is called "LinuxForce
Monitoring(SM)"."
Logicworks, a provider of high-availability hosting solutions, has
announced it has joined the MySQL Authorized Hosting Partner Program, at
the Platinum Level. As the first authorized partner of the program in U.S.,
Logicworks will offer customers a managed MySQL Enterprise database for the
delivery of mission-critical applications.
Larry Augustin and Matt Asay have joined the MindTouch board of advisors.
"MindTouch, the open source wiki platform company and developer of Deki
Wiki, announced that open-source leaders Larry Augustin and Matt Asay have joined its Board of
Advisors. Augustin invests and advises early stage technology companies, and was CEO and founder of
VA Linux (now SourceForge, NASDAQ:LNUX). Asay is general manager, Americas, and VP of Business
Development for Alfresco."
NXP and Purple Labs have
announced an inexpensive Linux mobile phone.
"NXP Semiconductors, the independent semiconductor company founded by Philips, and Purple Labs, a leading supplier of embedded Linux solutions for mobile phones, jointly announced today the release of a 3G Linux reference feature phone offering video telephony, music playback, high-speed Internet browsing and video streaming at a transfer price below US$100. The new Purple Magic phone serves as a reference design for phone manufacturers creating entry-level 3G handsets, including those targeting mobile markets such as Southeast Asia, Eastern Europe and Latin America."
OpenLink Software Inc. has
announced a new version of its Virtuoso product.
"OpenLink Software Inc.
announces the immediate availability of the latest edition of OpenLink
Virtuoso, its industry-acclaimed hybrid data-server and integration
platform for SQL, XML, RDF, and Web Services. This release introduces a new
approach to enterprise information and data-integration, leveraging recent
advances in Semantic Web technology such as SPARQL and the best practices
of HTTP-based Linked Data across heterogeneous data sources. The new
release provides a platform for declaratively developing and deploying
conceptual views of disparate enterprise data sources such as SQL
databases, XML and RDF data sources, and SOA based Web services."
Intel has been following a policy of releasing free drivers for its
hardware for some years now, but the company has been a little less
forthcoming with its documentation. That changed at linux.conf.au, where
Intel announced
the release of the manuals for
its 965 Express and G35 Express chipsets. "Containing over 1600
pages of text and figures, the Programmers Reference Manual includes
everything from low level register definitions and discussions on how each
functional hardware block works through descriptions about the hardware
architecture. Each documented feature includes a discussion on how the
hardware works and how the hardware designers expected the software to
operate." The manuals are available under a Creative Commons license.
Tides Foundation has announced
that Barry Warsaw has been recognized for his work as the lead developer of
GNU Mailman, and has been awarded the Antonio Pizzigati Prize for Software
in the Public Interest.
Abhisam Software is running a free online RFID technology course.
"This course is made up of
text, rich graphics, Flash animations and interactive exercises that
make learning about RFID fun and easy. It introduces the learner to
the basics of RFID technology without either being boring or over the
top. The learner gets a balanced knowledge related to tags,
frequencies, application areas and even issues such as privacy."
CMP has
announced Interop 2008.
"Interop(R), the leading business
technology event, produced by CMP, today announced a collocated lineup for
the 2008 Las Vegas event that will create the richest variety and widest
cross-section of business technology communities in one place. Computer
Security Institute Security Exchange (CSISX) and the Software 2008
Conference will join forces with Interop at the Mandalay Bay Convention
Center in Las Vegas, April 28-May 2, 2008."
Pulvermedia has
announced the VON.x Europe Spring conference.
The event will take place on June 2-5, 2008 in Amsterdam.
""VON.x in Amsterdam will discuss how today's diverse networks will soon
transition to IP, to create a single, unified infrastructure that produces
next-generation communications services, and enables intelligent handheld
devices to take over many of the tasks performed today by PCs," said Bob
Emmerson, European Editor for VON Magazine, and one of the content creators
for VON.x Europe, based in Amsterdam. "VON.x Europe will focus on wireless
technologies, and unified communications more than any previous VON event
has, and it's sure to be one of the most leading-edge events of the year.""
O'Reilly Media has announced the launch of
insideRIA.com.
"Rich Internet applications (RIAs) are shaping the Web
today. Love them or hate them, if you're working on the Web, you'll want
to understand them. And a new online website announced this week,
InsideRIA.com, is the premiere community site for all things RIA, created
specifically for web developers, architects, programmers, designers, or
anyone else who makes the Web their business.
"Our goal is to create an invaluable resource for information on the
ever-changing state of design and development of rich Internet
applications (RIAs)." explained Steve Weiss, executive editor at O'Reilly
Media. "We've started with general topic areas on Design, Development, and
Standards, which will feature blog posts and multimedia content.""
For those who were unable to attend linux.conf.au - or who were there but
missed an interesting talk - the conference organizers have populated the presentations
page with videos (in Theora format) for most of the talks. There is a
lot of interesting stuff there; best not to check it out until you have a
sizeable block of spare time.
![[PostgreSQL]](/images/ns/postgresql.png)
![[Peter Hutterer]](/images/conf/lca2008/Hutterer-sm.jpg)
![[Jeff
Waugh]](/images/conf/lca2008/JeffWaugh-sm.jpg)
![[Donna Benjamin]](/images/conf/lca2008/DonnaBenjamin-sm.jpg)
![[Muffins]](/images/conf/lca2008/muffins-sm.jpg)
![[Kimberlee Weatherall]](/images/conf/lca2008/KimberleeWeatherall-sm.jpg)
![[Anthony Baxter]](/images/conf/lca2008/AnthonyBaxter-sm.jpg)
![[Dave Jones]](/images/conf/lca2008/DaveJones-sm.jpg)
![[mascot]](/images/conf/lca2008/tuz.png)
![[ticket spinlock]](/images/ns/kernel/ticket-spinlock.png){kind=small}