|
|
| |
|
| |
LWN.net Weekly Edition for February 28, 2008
By Jonathan Corbet
February 27, 2008
China would seem like an ideal environment for free software. The Chinese
have a need for vast amounts of software as their country rapidly
industrializes, they have reasons to prefer software which is not controlled by
American corporations, and they have been coming under some pressure from
those same corporations to do something about their little habit of copying
proprietary software without much regard for details like license
agreements. Free software offers them the ability to take control of their
own software, make sure it lacks unwelcome surprises, and copy it as much
as they like. And China has been making a lot of use of Linux and free
software, but, as is the case with many Asian countries, China's presence in the
development community is relatively small.
Encouraging participation from Asian countries has been a goal of the Linux
Foundation for some time; one result of that is the series of symposiums
held in Japan over the last few years. Now, for the first time, the
Foundation has extended this series to China. On February 19
and 20, the first Linux Developer Symposium China was held in
Beijing. This event was organized in cooperation with the China Open Source Promotion Union
(COPU). Your editor had the privilege of speaking at this meeting.
This was not the kind of developer-oriented gathering that one might expect
to find in many other parts of the world. Far too many suits and ties, for
example. Often the focus of the event appeared to be the creation of photo
opportunities while people (who were not developers) gave speeches. In
general, it was organized in a mode of talking to the participants,
rather than talking with them. The agenda
makes this clear: 17 speakers on the first day, with only one break (for
lunch). The talks were well received by a sellout crowd, but there was not
a lot of opportunity for people to talk.
The second day featured a round table discussion and a set of BOF
sessions. The round table was interesting, though it focused on issues
which are not necessarily development oriented: Linux adoption in mobile
devices, competing with pirated copies of Windows, etc. The BOF was, in
many ways, the most interesting part of the whole event; this was where
participants could find people with similar interests and simply ask
questions. Your editor fielded questions on security modules, the kevent
interface, community participation in Asia, language issues, and more.
Chinese developers, like their Japanese counterparts, seem to be reluctant
to ask questions in front of a large group. But, in a closer situation,
the floodgates open and all kinds of questions come out.
Unfortunately, the second day was open only to a small subset of the
conference attendees, and that subset was heavy on the managerial side. So
a lot of people who could have benefited most from the BOF session were
not there.
One topic which never came up - until your editor raised it briefly at the
round table session - was license compliance. For the most part, it does
not seem to be on the radar there. Your editor was told that GPL
violations are common with products which are sold in the Chinese market
but not exported elsewhere; the
people involved can assume, with seemingly good reason, that nobody will
take them to court. There is also a fair amount of driver work being done
for companies in other countries; once the code is shipped the original
developers forget about it and move on to the next project. Quite a bit of
that code never makes it into the mainline.
This sort of activity fails to give back to the community which provided
Linux in the first place. But it also hurts the developers involved. They
do not become part of the community, do not get recognition for their work,
and miss the opportunity to learn from others. During the press conference
on the first day, it was noted that Chinese companies are having a hard
time hiring Linux developers, and that more training opportunities would be
a good thing. Your editor felt the need to point out that, of all the
people working in free software projects, very few of them are specifically
trained to do so. It's more a matter of individual initiative. Training
is good, but the training received in Chinese universities should be more
than adequate for those looking to get involved with free software.
Andrew Morton took that theme further by pointing out that, rather than
complaining about difficulties in hiring, these companies
would be better off encouraging community participation and skills
development within their existing staff. That would be more productive
than chasing the same small set of
developers that everybody else is trying to hire. On the second day, Dave
Neary made the crucial point that community participation is something that
individuals - not companies - do. There are a lot of companies worldwide
which have a hard time understanding how free software development works,
and China is no exception.
One last note on hiring free software hackers. Your editor ran across this
article, which states:
In China, 43 per cent of IT graduates are unemployed, and hacker
"training" web sites are creating a pool of effective malware
authors and paying them like a legitimate business.
In such a situation (assuming the claim is true - something your editor
cannot vouch for), finding developers who
are able and willing to learn how to hack on free software should not be
that hard.
Meanwhile, your editor was struck by the energy and initiative shown by the
Beijing Linux Users
Group, which helped with many aspects of the event. BLUG is busily
organizing gatherings and creating a local community out of Beijing's
hackers. A real spark is glowing there; it will be interesting to see how
that group develops in the near future.
![[Tourists on the great wall]](/images/conf/china2008/GreatWall-sm.jpg)
All told, the event was a clear success. It was a proper media event which
raised the profile of Linux in China and showed that Linux developers care
enough about the country to pay a visit. A mixture of local and imported
developers were able to present their work to an attentive and interested
audience. The discussions brought developers closer and, hopefully, sent
them away with interesting things on their "to do" lists. And,
importantly, the visiting developers learned something about China that
goes beyond the proper technique for eating Peking Duck or the effort
required to climb the Great Wall (or to circumvent the rather obnoxious great
firewall). With luck, we have a better understanding of what developers
are up to in that part of the world and how we can help them to participate
fully in our projects. And that can only be a good thing.
(Some
pictures from the event have been posted. Unbelievable numbers of
photos were taken, so more can be expected to surface at some point. But,
under no circumstances should anyone look at the scurrilous photo posted by
Andrew Morton.)
Comments (18 posted)
By Jonathan Corbet
February 27, 2008
Part 5 of this increasingly
long series stopped in March, 2004, when BitMover loudly proclaimed that
the use of BitKeeper had doubled the pace of kernel development. This
installment picks up from there, looking at a year when BitKeeper remained
in the news, the SCO case was in progress, software patents became more
threatening, and more.
- April 8, 2004: The first
X.org release. SELinux shows up in a Fedora Core 2 test
release. Red Hat v. SCO is put on indefinite hold (where it remains
to this day). Anti-software-patent demonstrations are held in
Europe.
This week featured some important news. The launch of X.org signaled the
resurrection of Linux desktop work and the beginning of a much more
interesting and promising era. Meanwhile, Fedora took the lead in pushing
SELinux-based mandatory access control technology into a general-purpose
system. That work is still very much in progress nearly four years later,
but, like it or not, SELinux has become an important part of our defensive
arsenal.
- April 15, 2004: The 2.6.6
kernel gains POSIX message queues, filesystem speedups, internal API
changes, laptop mode, 4K stacks, auditing, the CFQ I/O scheduler,
and more. Sun and Microsoft
make a $2 billion deal. Lindows becomes Linspire.
- April 22, 2004: Linspire
files to go public. BayStar tells SCO it wants its money back.
- April 29, 2004: Gentoo
founder Daniel Robbins leaves the project.
Something else which was going on during this time was a rising level of
discontent over the management of the Fedora project, which was not turning
out to be the open community that many had hoped for. Pause for a moment
and revisit this classic
dialog posted by Konstantin Ryabitsev, which so clearly documented how
the situation was seen by the community at that time. Fedora has come a
long way since then.
- May 20, 2004: The
European Council approves the software patent directive, sending it
back to the Parliament for final passage.
Remember: the directive approved by the Council was the original
version which legitimized software patents, not the version amended by the
Parliament which did not. Thus started the final (so far) round in the
fight against European software patents - a round which we eventually won.
- May 27, 2004: The kernel
adopts the Signed-off-by: convention. The 2.6.7 kernel gains
scheduling domains, the object-based reverse mapping VM, filtered
wakeups, and more.
The thing to remember here is that 2.6 was alleged to be a stable kernel
series, and everybody was still waiting for 2.7 to start. Linus defended
the massive VM changes with the claim that they were, in fact, an
"implementation detail." The realization that the kernel development
process had, in fact, already changed did not come through until...
This kernel summit decision - which, among other things, said that there
would be no 2.7 kernel - surprised almost everybody. Certainly there have
been some issues since then, but nobody really wants to go back to the old,
pre-2.6 days.
- August 5, 2004: Open
Source Risk Management funds a study showing that the kernel infringes
on 283 patents, offers patent suit insurance. SCO Forum is held,
featuring a keynote by Rob Enderle; the rest of the world looks on
incredulously. The Munich Linux deployment is put on hold as a result
of software patent fears.
- August 19, 2004: Lindows
gives up on its IPO. The 2.6.8.1 kernel is released.
There were interesting cross-currents happening at this time. On the one
hand, companies like Open Source Risk Management were trying to use SCO as
a way to scare companies (and individual developers) into buying its
insurance offerings. On the other, there was a hallucinogenic aspect to
the SCO Forum discussions that escaped nobody; SCO's time of being taken
seriously by the wider world was already done.
It's worth noting that OSRM still exists, but its insurance offering now
is for companies worried about GPL-infringement suits.
Meanwhile, 2.6.8.1 was the first three-dot kernel release ever; it was
rushed out in response to an unpleasant, last-minute bug in 2.6.8.
- August 26, 2004: IBM
brings GPL-infringement charges against SCO. LWN fails to reproduce
the posted reiser4 filesystem benchmarks, gets in trouble with
Namesys.
- September 16, 2004: Sun
announces plans to open-source Solaris. OSDL and the Free Standards
Group announce a plan for cooperation on the Linux Standard Base.
OSDL and the FSG were, at this point, separate groups which, at times,
almost seemed to be in competition with each other. Those days, of course,
are no more: the two have since merged and become the Linux Foundation.
Who would have thought that one could create a major new distribution in
2004? One might well wonder whether the situation is any less open now.
- October 7, 2004: the
bnetd developers lose their DMCA case. Concerns about kernel quality
are expressed. Microsoft's FAT patent is overturned.
- October 14, 2004: Novell
says it will use its patents "as appropriate" to defend free software
projects against patent attacks. Jeff Merkey offers $50,000 for the
right to take the kernel proprietary. The realtime preemption patch
set gets started.
- October 21, 2004: the
first Ubuntu release (4.10) comes out. Busybox 1.0 is released at
last. Mozilla begins fund raising to advertise Firefox in the New
York Times.
- November 11, 2004:
Firefox 1.0 is released. Novell gets $500 million in anti-trust cash
from Microsoft.
The Firefox 1.0 release was, in a very real sense, the much-delayed
culmination of the process which began back in 1998, when Netscape
announced that it would be releasing its code. Firefox was almost seven
years in the making, but, sometimes, late really is better than never.
Even those of us who use a different browser should be thankful for the
effect Firefox has had toward the creation of a standard-compliant web and
a competitive environment for web browsers.
Whether it's called United Linux, the Linux Core Consortium, or Manbo-Labs,
this is an idea which returns on occasion: pool effort on the creation of a
base distribution so that each player can concentrate their differentiation
efforts on the higher levels. It often seems not to work, though. It is
hard to compete with more community-based distributions through the
establishment of a base platform by corporate fiat. It seems that the true
"base" distributions have names like Debian or Fedora.
- January 13, 2005: Debian
runs afoul of the Mozilla trademark policy. The European Parliament
attempts to restart the software patent discussion from the
beginning.
- January 27, 2005: Sun
starts releasing Solaris code under the CDDL.
- February 3, 2005: The
Software Freedom Law Center is founded. Eben Moglen starts talking
about GPLv3. Russ Nelson becomes the president of the Open Source
Initiative - briefly.
- February 10, 2005: IBM's
requests for summary judgment in the SCO case are dismissed -
temporarily - by Judge Kimball. BitKeeper flame wars return, this
time about the locking-up of history metadata and license-based
prohibitions on its extraction.
The locking-up of metadata within BitKeeper was a sore point even for
developers who had accepted BitKeeper in general. Larry McVoy was unsympathetic, though, stating
that he was operating within his rights. This episode was the beginning of
the end for BitKeeper and the kernel.
- March 3, 2005:
MandrakeSoft acquires Conectiva. The European Commission ignores the
European Parliament's request to restart the software patent directive
process.
- March 10, 2005: Kernel
quality concerns lead to the creation of the -stable tree.
Those quality concerns are not gone now, though they have diminished
somewhat. The -stable tree seemed like an experiment at the time, but it
has proved successful and is still being produced almost three years
later.
- April 7, 2005: The
BitKeeper era comes to an abrupt end when the free-beer license for
the software is terminated by BitMover. (Unfounded) rumors about a
merger between UserLinux and Ubuntu circulate.
- April 14, 2005: Linus
posts the first version of git. MandrakeSoft becomes Mandriva.
The termination of free-beer BitKeeper was probably inevitable from the
very beginning of its existence; trying to maintain a closed system with
proprietary data formats in the middle of a highly open process was always
a losing proposition. For some time, many of us had feared that it could
end in a much uglier way than it actually played out. We, the community,
had danced on some thin ice for a while, but, when it broke, the water was
only ankle-deep. We got lucky.
As your editor has said before, BitKeeper did us a lot of good by bringing
order to the kernel development process when things had been working very
poorly, and by showing the world what distributed revision control could
do. It set the stage for what came after. Git was not the first free
distributed revision control system, but it was the first to be employed on
such a massive scale. In a real sense, git launched a new era of free
software development.
On that note, this article will end - and, probably, the retrospective
series ends as well. As events become more recent, the difficulty of putting
them into historical perspective gets greater. A retrospective covering
the remaining 2+ years risks becoming a repeat of the annual timelines and
adding little of value. That period is best left for the 20-year
retrospective.
So, the entire LWN staff would like to say
"thanks!" one last time to our readers, who have treated us so well for the
last ten years. It has been an incredible ride.
Comments (32 posted)
By Jake Edge
February 27, 2008
Last week, with much fanfare, Microsoft announced
a change in its practices in order to "expand interoperability". It is a
rather sizable shift away from some of its previous inflammatory statements about free
software—though it scrupulously avoids that term—but whether it is the harbinger of a more open Microsoft, or yet another
empty pronouncement, is still unclear. It does contain things of interest to the
community, in particular the patent enumeration, but there are
pitfalls as well.
The largest chunk of what Microsoft promises is documentation for APIs and
protocols used by some of their most popular products. They immediately
released some 30,000 pages of Windows protocol specifications, much of
which the
Samba project
had to pay to access last December. In addition, they will be
releasing documentation suitable for developers wishing to interoperate
with "Windows Vista (including
the .NET Framework), Windows Server 2008, SQL Server 2008, Office 2007,
Exchange Server 2007, and Office SharePoint Server 2007, and future
versions of all these products."
Microsoft has also promised to list which of the documented protocols are
covered by one of its patents or patent applications. We may finally start
to get a handle on the infamous "235 patents" that Linux and free software
supposedly infringe. These patents will be available for license on the
standard
"reasonable and non-discriminatory" (RAND) terms, with an interesting
addition: "low royalty rates". The patent list is not yet available, but
may be of use in ways that Microsoft does not intend; invalidating some of
the patents
with prior art for example.
As Microsoft is well aware, RAND terms are a non-starter for free
software because they restrict redistribution of the code.
The company has tried to soften that blow, perhaps, by rehashing its
"covenant not to sue" developers that originated as part of the Novell
interoperability agreement. The covenant may be a great public relations
ploy, but does little to alleviate concerns that free software developers
will have in implementing patented protocols. It is the rare developer who
finds an itch to develop code to talk to Microsoft servers and who has no thought
of using or distributing it commercially.
There are also provisions in the announcement for documentation of
Microsoft implementations of industry standards. A cynic might wonder why
additional information is needed, they are, after all, supposed to be
standards. The unfortunate reality is that Microsoft does extend
such standards for its own purposes in incompatible ways; having that
kind of information can only help web browsers, directory services, and
other multi-platform tools.
For a company as adamantly opposed to Open Document Format (ODF) as it
claims to be, it is a bit surprising to see that they plan changes to
Microsoft Office to "promote user choice among document formats". APIs for
document format plug-ins along with the ability for users to make their own
choice about the default save format will be added. How reasonable those
APIs are and how faithfully they can encapsulate Office documents will be
an interesting test of both Microsoft's sincerity and ODF's capabilities.
It is also a pretty clear attempt to at least appear to be playing nicely with ODF
while its competing OOXML format is being considered for an ISO standard.
There are also various platitudes about "opening dialogs" and "expanding
outreach" with the community included in the announcement. It will be interesting to see how
that actually plays out. It is, however, hard to imagine even a year ago
seeing a posting on a Microsoft-sponsored site entitled "How
open source has influenced Windows Server 2008". In less than seven years, we
have moved from a "cancer" to influencing its flagship products.
One obvious conclusion that can be drawn from this and other Microsoft
initiatives is that it is feeling a fair amount of pressure from
customers, the European Union, standards groups, and free software. These kinds of
changes, even if they don't go as far as the rhetoric would lead one to
believe, are a pretty substantial shift in Microsoft culture and thinking.
Unfortunately, they do also seem to be angling for the long-sought "Linux
tax"—a payment, even just a small one, for each and every Linux deployment.
So far, Microsoft doesn't seem to have caught on to the idea that most Linux
installations are free in both senses of the term. There is no
per-installation, per-processor, per-core licensing stream to tap into.
One of the headaches that free software users avoid is keeping track of all
those licenses, enforced by the ever-present threat of a Business Software
Alliance audit. It has, to a limited extent, already tapped into—and
likely tapped out—that
revenue from the deals with Novell and other distributors.
Overall, this seems like a positive step. It clearly acknowledges the role
that free software (or open source if you prefer) is playing in both the
commercial marketplace and the marketplace of ideas. The actual
effects of this announcement for our community may be small, but it may
also be indicative of Microsoft moving in a more cooperative direction. That
would be a rather nice thing to see.
Comments (none posted)
Page editor: Jonathan Corbet
Security
By Jake Edge
February 27, 2008
When following the distributions' security updates on a daily basis, as we
do at LWN, certain days are more work than others. Two weeks ago we had a
rather full update with no
less than 28 packages updated for Fedora (most of those for both F7 and
F8), along with a handful of updates from other distributions. It turns
out that the majority of the Fedora updates had a single cause: a set
of serious vulnerabilities in Mozilla Firefox.
How does a single update to an application ripple so far that more than a
dozen packages have to be rebuilt? One would think there would be shared
libraries that would get updated, with applications picking up those
changes the next time they are run. That is, in theory, how things are
supposed to work, but in this case, the underlying libraries have no fixed application
binary interface (ABI). So, changes to those libraries require any
applications that use them to be rebuilt and retested.
Gecko is the rendering engine used by Mozilla in their products to display
HTML. Various other packages have started using it as well because of its
speed and standards compliance. Because Mozilla sometimes breaks
the ABI between releases, even minor releases, distributions may be stuck
rebuilding those applications when a new version of the library is
released. Normally, that only happens when packaging a new version of the
distribution—or when serious security flaws are found.
Mozilla's solution for this problem is XULRunner which
will provide a stable ABI for applications. As XULRunner and its companion
libxul become more widely available, the applications that
currently link to the Gecko libraries will presumably switch to avoid these
kinds of problems in the future. It is highly unlikely that we have seen
the last security problem in the Gecko engine, so reducing the cascade that
results from finding one would be welcome.
Because of problems with the ABI changing in the past, Fedora chooses to
make the applications' library version number exactly track the Mozilla release number.
Some other distributions do not do that, so unless the ABI does change, they do
not need to update each package that uses the libraries. This has some
advantages, but could lead to broken applications if an ABI change goes
unnoticed.
We have also seen similar cascades of updates, most notably from the xpdf PDF viewer. Unlike
Gecko, there is no library for xpdf, leading multiple applications to
include its source into their own. When a flaw is found, several different
applications (cups, gpdf, etc.) across all distributions need to
be updated immediately, leading to a similar effect as was seen with the
Gecko vulnerabilities. Hopefully, over time, the development of the poppler library will mitigate
this problem somewhat.
There are lots of good reasons to separate code into components where
possible, but security is an important one. Creating and maintaining an ABI
is sometimes difficult, but generally worth the trouble. Imagine the chaos
that could result from a security vulnerability requiring an ABI change in
glibc.
Comments (9 posted)
Brief items
Ed Felten's Freedom to Tinker weblog has a report on research he and his colleagues have done on subverting whole disk encryption by reading the keys from RAM after the machine has been power-cycled. " The root of the problem lies in an unexpected property of todays DRAM memories. DRAMs are the main memory chips used to store data while the system is running. Virtually everybody, including experts, will tell you that DRAM contents are lost when you turn off the power. But this isn't so. Our research shows that data in DRAM actually fades out gradually over a period of seconds to minutes, enabling an attacker to read the full contents of memory by cutting power and then rebooting into a malicious operating system."
Comments (38 posted)
Security reports
Red Hat has published an updated version of its risk report for RHEL4, summarizing the security vulnerabilities in that distribution for the last three years and how Red Hat responded to them. " Fixes for 81% of critical flaws were available from Red Hat Network at latest one calendar day after public disclosure of the flaw. 63% of the critical flaws were fixed on the very same day. This fast response time is a deliberate goal of the Red Hat Security Response Team and forms an
essential part of reducing customer risk from critical flaws." It would be nice if all distributors would produce an occasional report like this.
Comments (18 posted)
New vulnerabilities
acroread: multiple vulnerabilities
| Package(s): | acroread |
CVE #(s): | CVE-2007-5659
CVE-2007-5663
CVE-2007-5666
CVE-2007-0044
|
| Created: | February 22, 2008 |
Updated: | March 3, 2008 |
| Description: |
Several flaws were found in the way Adobe Reader processed malformed PDF
files. An attacker could create a malicious PDF file which could execute
arbitrary code if opened by a victim. A flaw was found in the way the Adobe Reader browser plug-in honored certain requests. A malicious PDF file could cause the browser to request an unauthorized URL, allowing for a cross-site request forgery attack.
|
| Alerts: |
|
Comments (none posted)
asterisk: multiple vulnerabilities
| Package(s): | asterisk |
CVE #(s): | CVE-2007-3762
CVE-2007-3763
CVE-2007-3764
CVE-2007-4103
|
| Created: | February 27, 2008 |
Updated: | February 27, 2008 |
| Description: |
Asterisk suffers from a protocol handling error, a buffer overflow, and a NULL pointer dereferencing bug in the IAX2 channel driver, and a memory overflow in the Skinny channel driver. |
| Alerts: |
|
Comments (none posted)
clamav: heap corruption
| Package(s): | clamav |
CVE #(s): | CVE-2008-0728
|
| Created: | February 22, 2008 |
Updated: | April 18, 2008 |
| Description: |
From the CVE entry: libclamav/mew.c in libclamav in ClamAV before 0.92.1 has unknown impact and attack vectors that trigger "heap corruption." |
| Alerts: |
|
Comments (none posted)
cups: denial of service
| Package(s): | cups |
CVE #(s): | CVE-2008-0886
|
| Created: | February 27, 2008 |
Updated: | February 27, 2008 |
| Description: |
From the Mandriva advisory: A flaw was found in how CUPS handled the addition and removal of
remote printers via IPP that could allow a remote attacker to send
a malicious IPP packet to the UDP port causing CUPS to crash.
|
| Alerts: |
|
Comments (none posted)
cups: denial of service
| Package(s): | cups |
CVE #(s): | CVE-2008-0882
|
| Created: | February 22, 2008 |
Updated: | April 3, 2008 |
| Description: |
From the Red Hat advisory: A flaw was found in the way CUPS handles the addition and removal of remote shared printers via IPP. A remote attacker could send malicious UDP IPP packets causing the CUPS daemon to crash. |
| Alerts: |
|
Comments (none posted)
cups: multiple vulnerabilities
| Package(s): | cups |
CVE #(s): | CVE-2008-0596
CVE-2008-0597
|
| Created: | February 25, 2008 |
Updated: | March 6, 2008 |
| Description: |
From the Red Hat advisory:
A flaw was found in the way CUPS handled the addition and removal of remote
shared printers via IPP. A remote attacker could send malicious UDP IPP
packets causing the CUPS daemon to attempt to dereference already freed
memory and crash. (CVE-2008-0597)
A memory management flaw was found in the way CUPS handled the addition and
removal of remote shared printers via IPP. When shared printer was
removed, allocated memory was not properly freed, leading to a memory leak
possibly causing CUPS daemon crash after exhausting available memory.
(CVE-2008-0596)
These issues were found during the investigation of CVE-2008-0882. |
| Alerts: |
|
Comments (none posted)
diatheke: insufficient input sanitizing
| Package(s): | diatheke |
CVE #(s): | CVE-2008-0932
|
| Created: | February 26, 2008 |
Updated: | March 4, 2008 |
| Description: |
From the Debian advisory: Dan Dennison discovered that Diatheke, a CGI program to make a bible website, performs insufficient sanitizing of a parameter, allowing a remote attacker to execute arbitrary shell commands as the web server user. |
| Alerts: |
|
Comments (none posted)
dnssec-tools: insufficient validation
| Package(s): | dnssec-tools |
CVE #(s): | |
| Created: | February 26, 2008 |
Updated: | February 27, 2008 |
| Description: |
DNSSEC-Tools 1.3.2 contains
several fixes, including a patch to the libval DNSSEC validation library to
ensure that the signature that validates it is a signature of the trust anchor
itself. |
| Alerts: |
|
Comments (none posted)
dspam: insecure password
| Package(s): | dspam |
CVE #(s): | CVE-2007-6418
|
| Created: | February 22, 2008 |
Updated: | February 27, 2008 |
| Description: |
From the Debian advisory: Tobias Gruetzmacher discovered that a Debian-provided CRON script in dspam, a statistical spam filter, included a database password on the command line when using the MySQL backend. This allowed a local attacker to read the contents of the dspam database, such as emails. |
| Alerts: |
|
Comments (none posted)
ghostscript: buffer overflow
| Package(s): | ghostscript gs |
CVE #(s): | CVE-2008-0411
|
| Created: | February 27, 2008 |
Updated: | April 10, 2008 |
| Description: |
The Ghostscript color-space handling code suffers from a buffer overflow which may be exploitable by way of a specially-crafted postscript file. |
| Alerts: |
|
Comments (none posted)
kernel: arbitrary code execution
| Package(s): | kernel-source-2.4.27 |
CVE #(s): | CVE-2004-2731
|
| Created: | February 25, 2008 |
Updated: | March 6, 2008 |
| Description: |
From the Debian advisory:
CVE-2004-2731:
infamous41md reported multiple integer overflows in the Sbus PROM
driver that would allow for a DoS (Denial of Service) attack by a
local user, and possibly the execution of arbitrary code.
|
| Alerts: |
|
Comments (none posted)
kernel: memory corruption
| Package(s): | kernel-source-2.4.27 |
CVE #(s): | CVE-2006-5753
|
| Created: | February 25, 2008 |
Updated: | March 6, 2008 |
| Description: |
From the Debian advisory:
CVE-2006-5753:
Eric Sandeen provided a fix for a local memory corruption vulnerability
resulting from a misinterpretation of return values when operating on
inodes which have been marked bad.
|
| Alerts: |
|
Comments (none posted)
kernel: denial of service
| Package(s): | kernel-source-2.4.27 |
CVE #(s): | CVE-2006-6053
|
| Created: | February 25, 2008 |
Updated: | March 6, 2008 |
| Description: |
From the Debian advisory:
CVE-2006-6053:
LMH reported a potential local DoS which could be exploited by a malicious
user with the privileges to mount and read a corrupted ext3 filesystem.
|
| Alerts: |
|
Comments (none posted)
kernel: denial of service
| Package(s): | kernel-source-2.4.27 |
CVE #(s): | CVE-2007-2525
|
| Created: | February 25, 2008 |
Updated: | March 6, 2008 |
| Description: |
From the Debian advisory:
CVE-2007-2525:
Florian Zumbiehl discovered a memory leak in the PPPOE subsystem caused
by releasing a socket before PPPIOCGCHAN is called upon it. This could
be used by a local user to DoS a system by consuming all available memory.
|
| Alerts: |
|
Comments (none posted)
kernel: reduction in random entropy
| Package(s): | kernel-source-2.4.27 |
CVE #(s): | CVE-2007-4311
|
| Created: | February 25, 2008 |
Updated: | March 6, 2008 |
| Description: |
From the Debian advisory:
CVE-2007-4311:
PaX team discovered an issue in the random driver where a defect in the
reseeding code leads to a reduction in entropy.
|
| Alerts: |
|
Comments (none posted)
kernel: denial of service
| Package(s): | kernel-source-2.6.8 |
CVE #(s): | CVE-2006-7203
|
| Created: | February 25, 2008 |
Updated: | February 27, 2008 |
| Description: |
From the Debian advisory:
CVE-2006-7203:
OpenVZ Linux kernel team reported an issue in the smbfs filesystem which
can be exploited by local users to cause a DoS (oops) during mount. |
| Alerts: |
|
Comments (none posted)
moin: multiple XSS vulnerabilities
| Package(s): | moin |
CVE #(s): | CVE-2008-0780
CVE-2008-0781
|
| Created: | February 21, 2008 |
Updated: | June 18, 2009 |
| Description: |
moin has cross site scripting vulnerabilities in the login action
and the AttachFile action. |
| Alerts: |
|
Comments (none posted)
qemu: unchecked block read/write
| Package(s): | qemu kvm |
CVE #(s): | |
| Created: | February 26, 2008 |
Updated: | February 27, 2008 |
| Description: |
From this post
to the Debian security list: "I think I have discovered a
vulnerability in qemu. It is related to the block device drivers: that is,
the backends which implement the functionality offered to a guest via
emulated block devices such as the emulated IDE controller." |
| Alerts: |
|
Comments (none posted)
splitvt: privilege escalation
| Package(s): | splitvt |
CVE #(s): | CVE-2008-0162
|
| Created: | February 22, 2008 |
Updated: | March 4, 2008 |
| Description: |
From the Debian advisory: Mike Ashton discovered that splitvt, a utility to run two programs in a split screen, did not drop group privileges prior to executing 'xprop'. This could allow any local user to gain the privileges of group utmp. |
| Alerts: |
|
Comments (none posted)
turba2: access violation
| Package(s): | turba2 |
CVE #(s): | CVE-2008-0807
|
| Created: | February 25, 2008 |
Updated: | February 29, 2008 |
| Description: |
From the Debian advisory:
Peter Paul Elfferich discovered that turba2, a contact management component
for horde framework did not correctly check access rights before allowing
users to edit addresses. This could result in valid users being able to
alter private address records. |
| Alerts: |
|
Comments (none posted)
wordpress: multiple vulnerabilities
| Package(s): | wordpress |
CVE #(s): | CVE-2007-3238
CVE-2007-2821
CVE-2008-0193
CVE-2008-0194
|
| Created: | February 22, 2008 |
Updated: | February 27, 2008 |
| Description: |
From the Debian advisory:
Cross-site scripting (XSS) vulnerability in functions.php in the default theme in WordPress allows remote authenticated administrators to inject arbitrary web script or HTML via the PATH_INFO (REQUEST_URI) to wp-admin/themes.php. (CVE-2007-3238)
SQL injection vulnerability in wp-admin/admin-ajax.php in WordPress before 2.2 allows remote attackers to execute arbitrary SQL commands via the cookie parameter. (CVE-2007-2821)
Cross-site scripting (XSS) vulnerability in wp-db-backup.php in WordPress
2.0.11 and earlier allows remote attackers to inject arbitrary web script or HTML via the backup parameter in a wp-db-backup.php action to
wp-admin/edit.php. (CVE-2008-0193)
Directory traversal vulnerability in wp-db-backup.php in WordPress 2.0.3 and earlier allows remote attackers to read arbitrary files, delete arbitrary files, and cause a denial of service via a .. (dot dot) in the backup parameter in a wp-db-backup.php action to wp-admin/edit.php. (CVE-2008-0194) |
| Alerts: |
|
Comments (none posted)
wyrd: insecure temporary file
| Package(s): | wyrd |
CVE #(s): | CVE-2008-0806
|
| Created: | February 26, 2008 |
Updated: | February 27, 2008 |
| Description: |
wyrd 1.4.3b allows local users to overwrite arbitrary files via a symlink attack on the wyrd-tmp.[USERID] temporary file. |
| Alerts: |
|
Comments (none posted)
Updated vulnerabilities
acroread: multiple vulnerabilities
| Package(s): | acroread |
CVE #(s): | CVE-2006-5857
CVE-2007-0045
CVE-2007-0046
|
| Created: | January 11, 2007 |
Updated: | October 26, 2009 |
| Description: |
Adobes acrobat reader has the following vulnerabilities:
The Adobe Reader Plugin has a cross site scripting vulnerability that
can be triggered by processes malformed URLs. Arbitrary JavaScript can
be served by a malicious web server, leading to a cross-site scripting
attack.
Maliciously crafted PDF files can be used to trigger two vulnerabilities,
if an attacker can trick a user into viewing the files, arbitrary code
can be executed with the user's privileges. |
| Alerts: |
|
Comments (1 posted)
acroread: multiple vulnerabilities
| Package(s): | acroread |
CVE #(s): | CVE-2008-0655
CVE-2008-0667
CVE-2008-0726
|
| Created: | February 18, 2008 |
Updated: | March 3, 2008 |
| Description: |
From the SUSE advisory:
CVE-2008-0655: Multiple unspecified vulnerabilities in Adobe Reader
and Acrobat before 8.1.2 have unknown impact and
attack vectors.
CVE-2008-0667: The DOC.print function in the Adobe JavaScript API,
as used by Adobe Acrobat and Reader before 8.1.2, allows
remote attackers to configure silent non-interactive
printing, and trigger the printing of an arbitrary
number of copies of a document.
CVE-2008-0726: Integer overflow in Adobe Reader and Acrobat 8.1.1 and
earlier allows remote attackers to execute arbitrary
code via crafted arguments to the printSepsWithParams,
which triggers memory corruption.
|
| Alerts: |
|
Comments (none posted)
apache: cross-site scripting
| Package(s): | apache |
CVE #(s): | CVE-2006-3918
|
| Created: | August 9, 2006 |
Updated: | April 4, 2008 |
| Description: |
From the Red Hat advisory: "A bug was found in Apache where an invalid Expect header sent to the server
was returned to the user in an unescaped error message. This could
allow an attacker to perform a cross-site scripting attack if a victim was
tricked into connecting to a site and sending a carefully crafted Expect
header." |
| Alerts: |
|
Comments (none posted)
apache: several vulnerabilities
| Package(s): | apache |
CVE #(s): | CVE-2007-5000
CVE-2007-6388
CVE-2008-0005
|
| Created: | January 15, 2008 |
Updated: | July 29, 2008 |
| Description: |
A flaw was found in the mod_imap module. On sites where mod_imap was
enabled and an imagemap file was publicly available, a cross-site scripting
attack was possible. (CVE-2007-5000)
A flaw was found in the mod_status module. On sites where mod_status was
enabled and the status pages were publicly available, a cross-site
scripting attack was possible. (CVE-2007-6388)
A flaw was found in the mod_proxy_ftp module. On sites where mod_proxy_ftp
was enabled and a forward proxy was configured, a cross-site scripting
attack was possible against Web browsers which did not correctly derive the
response character set following the rules in RFC 2616. (CVE-2008-0005) |
| Alerts: |
|
Comments (1 posted)
asterisk: possible SQL injection
| Package(s): | asterisk |
CVE #(s): | CVE-2007-6170
|
| Created: | December 3, 2007 |
Updated: | April 15, 2008 |
| Description: |
Tilghman Lesher discovered that the logging engine of Asterisk, a free
software PBX and telephony toolkit, performs insufficient sanitizing of
call-related data, which may lead to SQL injection. |
| Alerts: |
|
Comments (none posted)
avahi: denial of service
| Package(s): | avahi |
CVE #(s): | CVE-2007-3372
|
| Created: | June 28, 2007 |
Updated: | December 23, 2008 |
| Description: |
Avahi is vulnerable to a local denial of service that can be caused by
making an erroneous call to the assert() function. |
| Alerts: |
|
Comments (none posted)
bind: insecure permissions
| Package(s): | bind |
CVE #(s): | CVE-2007-6283
|
| Created: | December 21, 2007 |
Updated: | July 10, 2008 |
| Description: |
Red Hat Enterprise Linux 5 and Fedora install the Bind /etc/rndc.key file
with world-readable permissions, which allows local users to perform
unauthorized named commands, such as causing a denial of service by
stopping named. |
| Alerts: |
|
Comments (1 posted)
bind: off-by-one error
| Package(s): | bind |
CVE #(s): | CVE-2008-0122
|
| Created: | January 22, 2008 |
Updated: | July 10, 2008 |
| Description: |
Off-by-one error in the inet_network function in libc in FreeBSD 6.2, 6.3,
and 7.0-PRERELEASE and earlier allows context-dependent attackers to cause
a denial of service (crash) and possibly execute arbitrary code via crafted
input that triggers memory corruption. |
| Alerts: |
|
Comments (none posted)
boost: denial of service
| Package(s): | boost |
CVE #(s): | CVE-2008-0171
CVE-2008-0172
|
| Created: | January 17, 2008 |
Updated: | March 22, 2012 |
| Description: |
From the Ubuntu alert:
Will Drewry and Tavis Ormandy discovered that the boost library
did not properly perform input validation on regular expressions.
An attacker could send a specially crafted regular expression to
an application linked against boost and cause a denial of service
via application crash. |
| Alerts: |
|
Comments (none posted)
cacti: denial of service
| Package(s): | cacti |
CVE #(s): | CVE-2007-3112
CVE-2007-3113
|
| Created: | September 18, 2007 |
Updated: | December 16, 2009 |
| Description: |
A vulnerability in Cacti 0.8.6i and earlier versions allows remote
authenticated users to cause a denial of service (CPU consumption) via
large values of the graph_start, graph_end, graph_height, or graph_width
parameters. |
| Alerts: |
|
Comments (none posted)
cairo: integer overflow
| Package(s): | Cairo |
CVE #(s): | CVE-2007-5503
|
| Created: | November 29, 2007 |
Updated: | April 10, 2008 |
| Description: |
Cairo has an integer overflow vulnerability in the PNG image processing
code. If a user processes a specially crafted PNG image with an
application that is linked against cairo, arbitrary code can be executed
with the user's privileges. |
| Alerts: |
|
Comments (none posted)
clamav: arbitrary code execution
| Package(s): | clamav |
CVE #(s): | CVE-2008-0318
|
| Created: | February 13, 2008 |
Updated: | April 18, 2008 |
| Description: |
From the CVE:
Integer overflow in libclamav in ClamAV before 0.92.1, as used in clamd, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Petite packed PE file, which triggers a heap-based buffer overflow. |
| Alerts: |
|
Comments (1 posted)
clamav: denial of service
| Package(s): | clamav |
CVE #(s): | CVE-2007-3725
|
| Created: | July 24, 2007 |
Updated: | February 27, 2008 |
| Description: |
A NULL pointer dereference has been discovered in the RAR VM of Clam
Antivirus (ClamAV) which allows user-assisted remote attackers to
cause a denial of service via a specially crafted RAR archives. |
| Alerts: |
|
Comments (none posted)
clamav: arbitrary file overwrite
| Package(s): | clamav |
CVE #(s): | CVE-2007-6595
|
| Created: | February 18, 2008 |
Updated: | August 8, 2008 |
| Description: |
From the CVE entry:
ClamAV 0.92 allows local users to overwrite arbitrary files via a symlink attack on (1) temporary files in the cli_gentempfd function in libclamav/others.c or on (2) .ascii files in sigtool, when utf16-decode is enabled. |
| Alerts: |
|
Comments (4 posted)
clamav: integer overflow and off-by-one
| Package(s): | clamav |
CVE #(s): | CVE-2007-6335
CVE-2007-6336
|
| Created: | December 19, 2007 |
Updated: | July 17, 2008 |
| Description: |
ClamAV contains integer overflow and off-by-one errors which could be exploited (via specially-crafted email) to execute arbitrary code. |
| Alerts: |
|
Comments (none posted)
cpio: arbitrary code execution
| Package(s): | cpio |
CVE #(s): | CVE-2005-4268
|
| Created: | January 2, 2006 |
Updated: | March 17, 2010 |
| Description: |
Richard Harms discovered that cpio did not sufficiently validate file
properties when creating archives. Files with e. g. a very large size
caused a buffer overflow. By tricking a user or an automatic backup
system into putting a specially crafted file into a cpio archive, a
local attacker could probably exploit this to execute arbitrary code
with the privileges of the target user (which is likely root in an
automatic backup system). |
| Alerts: |
|
Comments (none posted)
vixie-cron: privilege escalation
| Package(s): | cron |
CVE #(s): | CVE-2006-2607
|
| Created: | May 31, 2006 |
Updated: | June 1, 2009 |
| Description: |
The Vixie cron daemon does not check the return code from setuid(); if that call can be made to fail, a local attacker may be able to execute commands as root. |
| Alerts: |
|
Comments (1 posted)
cscope: buffer overflows
| Package(s): | cscope |
CVE #(s): | CVE-2006-4262
|
| Created: | October 2, 2006 |
Updated: | June 16, 2009 |
| Description: |
Will Drewry of the Google Security Team discovered several buffer overflows
in cscope, a source browsing tool, which might lead to the execution of
arbitrary code. |
| Alerts: |
|
Comments (none posted)
cscope: buffer overflows
| Package(s): | cscope |
CVE #(s): | CVE-2004-2541
|
| Created: | May 22, 2006 |
Updated: | June 19, 2009 |
| Description: |
A buffer overflow in Cscope 15.5, and possibly multiple overflows, allows
remote attackers to execute arbitrary code via a C file with a long
#include line that is later browsed by the target. |
| Alerts: |
|
Comments (1 posted)
cups: buffer overflow
| Package(s): | cups |
CVE #(s): | CVE-2007-5848
|
| Created: | January 7, 2008 |
Updated: | February 27, 2008 |
| Description: |
From the CVE entry:
Buffer overflow in CUPS in Apple Mac OS X 10.4.11 allows local admin users to execute arbitrary code via a crafted URI to the CUPS service.
From the rPath advisory:
Previous versions of the cups package contain a buffer-overflow
weakness. It is not believed that this weakness can be exploited
to execute malicious code. |
| Alerts: |
|
Comments (1 posted)
cups: multiple vulnerabilities
Comments (none posted)
debian-goodies: privilege escalation
| Package(s): | debian-goodies |
CVE #(s): | CVE-2007-3912
|
| Created: | October 5, 2007 |
Updated: | March 24, 2008 |
| Description: |
Thomas de Grenier de Latour discovered that the checkrestart program included
in debian-goodies did not correctly handle shell meta-characters. A local
attacker could exploit this to gain the privileges of the user running
checkrestart. |
| Alerts: |
|
Comments (none posted)
Django: denial of service
| Package(s): | Django |
CVE #(s): | CVE-2007-5712
|
| Created: | November 12, 2007 |
Updated: | September 22, 2008 |
| Description: |
From the CVE notice:
The internationalization (i18n) framework in Django 0.91, 0.95, 0.95.1, and 0.96, and as used in other products such as PyLucid, when the USE_I18N option and the i18n component are enabled, allows remote attackers to cause a denial of service (memory consumption) via many HTTP requests with large Accept-Language headers. |
| Alerts: |
|
Comments (none posted)
dovecot: privilege escalation
| Package(s): | dovecot |
CVE #(s): | CVE-2007-4211
|
| Created: | August 15, 2007 |
Updated: | May 21, 2008 |
| Description: |
From the rPath advisory: "Previous versions of the dovecot package are vulnerable to a
minor privilege escalation attack in which an authenticated
user may exploit an ACL plugin weakness to save message flags
without having proper permissions." |
| Alerts: |
|
Comments (none posted)
dovecot: directory traversal
| Package(s): | dovecot |
CVE #(s): | CVE-2007-2231
|
| Created: | May 8, 2007 |
Updated: | May 21, 2008 |
| Description: |
Directory traversal vulnerability in index/mbox/mbox-storage.c in Dovecot
before 1.0.rc29, when using the zlib plugin, allows remote attackers to
read arbitrary gzipped (.gz) mailboxes (mbox files) via a .. (dot dot)
sequence in the mailbox name. |
| Alerts: |
|
Comments (none posted)
dovecot: multiple vulnerabilities
| Package(s): | dovecot |
CVE #(s): | CVE-2007-6598
|
| Created: | January 3, 2008 |
Updated: | October 7, 2008 |
| Description: |
Dovecot has multiple vulnerabilities including an issue involving the
confusion between LDAP-authenticated logins across users with the
same password and a denial of service involving a connecting user. |
| Alerts: |
|
Comments (none posted)
eggdrop: stack-based buffer overflow
| Package(s): | eggdrop |
CVE #(s): | CVE-2007-2807
|
| Created: | September 7, 2007 |
Updated: | December 8, 2009 |
| Description: |
A stack-based buffer overflow in mod/server.mod/servrmsg.c in Eggdrop
1.6.18, and possibly earlier, allows user-assisted, malicious remote IRC
servers to execute arbitrary code via a long private message. |
| Alerts: |
|
Comments (none posted)
elinks: code execution
| Package(s): | elinks |
CVE #(s): | CVE-2007-2027
|
| Created: | May 7, 2007 |
Updated: | October 30, 2009 |
| Description: |
Arnaud Giersch discovered that elinks incorrectly attempted to load
gettext catalogs from a relative path. If a user were tricked into
running elinks from a specific directory, a local attacker could execute
code with user privileges. |
| Alerts: |
|
Comments (none posted)
elinks: arbitrary file access
| Package(s): | elinks |
CVE #(s): | CVE-2006-5925
|
| Created: | November 16, 2006 |
Updated: | October 22, 2009 |
| Description: |
The elinks text-mode browser has an arbitrary file access vulnerability
in the Elinks SMB protocol handler. If a user can be tricked into
visiting a specially crafted web page, arbitrary files may be read or
written with the user's permissions. |
| Alerts: |
|
Comments (none posted)
emacs: buffer overflow
| Package(s): | emacs |
CVE #(s): | CVE-2007-6109
|
| Created: | December 10, 2007 |
Updated: | May 6, 2008 |
| Description: |
From the National Vulnerability Database:
Buffer overflow in emacs allows attackers to have an unknown impact, as demonstrated via a vector involving the command line. |
| Alerts: |
|
Comments (none posted)
evolution: format string error
| Package(s): | evolution |
CVE #(s): | CVE-2007-1002
|
| Created: | March 27, 2007 |
Updated: | February 27, 2008 |
| Description: |
A format string error in the "write_html()" function in calendar/gui/
e-cal-component-memo-preview.c when displaying a memo's categories can
potentially be exploited to execute arbitrary code via a specially crafted
shared memo containing format specifiers. |
| Alerts: |
|
Comments (1 posted)
pop mail man-in-the-middle attacks
| Package(s): | evolution thunderbird mutt fetchmail |
CVE #(s): | CVE-2007-1558
|
| Created: | May 8, 2007 |
Updated: | July 3, 2009 |
| Description: |
The APOP protocol allows remote attackers to guess the first 3 characters
of a password via man-in-the-middle (MITM) attacks that use crafted message
IDs and MD5 collisions. NOTE: this design-level issue potentially affects
all products that use APOP, including (1) Thunderbird, (2) Evolution, (3)
mutt, and (4) fetchmail. |
| Alerts: |
|
Comments (none posted)
exiftags: multiple vulnerabilities
| Package(s): | exiftags |
CVE #(s): | CVE-2007-6354
CVE-2007-6355
CVE-2007-6356
|
| Created: | December 31, 2007 |
Updated: | April 1, 2008 |
| Description: |
From the Gentoo advisory: Meder Kydyraliev (Google Security) discovered that Exif metadata is not
properly sanitized before being processed, resulting in illegal memory
access in the postprop() and other functions (CVE-2007-6354). He also
discovered integer overflow vulnerabilities in the parsetag() and other
functions (CVE-2007-6355) and an infinite recursion in the readifds()
function caused by recursive IFD references (CVE-2007-6356). |
| Alerts: |
|
Comments (none posted)
exiv2: integer overflow
| Package(s): | exiv2 |
CVE #(s): | CVE-2007-6353
|
| Created: | December 21, 2007 |
Updated: | October 15, 2008 |
| Description: |
Integer overflow in exif.cpp in exiv2 library allows context-dependent attackers to execute arbitrary code via a crafted EXIF file that triggers a heap-based buffer overflow. |
| Alerts: |
|
Comments (none posted)
fetchmail: denial of service
| Package(s): | fetchmail |
CVE #(s): | CVE-2007-4565
|
| Created: | September 5, 2007 |
Updated: | October 30, 2009 |
| Description: |
fetchmail before 6.3.9 allows context-dependent attackers to cause a denial of service (NULL dereference and application crash) by refusing certain warning messages that are sent over SMTP. |
| Alerts: |
|
Comments (none posted)
firebird: buffer overflow
| Package(s): | firebird |
CVE #(s): | CVE-2007-3181
|
| Created: | July 2, 2007 |
Updated: | March 27, 2008 |
| Description: |
The Firebird DBMS has a buffer overflow vulnerability involving
the processing of connect requests with an overly large p_cnct_count
value. Remote attackers can send a specially crafted
request to the server in order to potentially execute arbitrary code with
the permissions of the Firebird user. |
| Alerts: |
|
Comments (none posted)
firefox: multiple vulnerabilities
| Package(s): | firefox |
CVE #(s): | CVE-2008-0414
CVE-2008-0416
CVE-2008-0420
CVE-2008-0594
|
| Created: | February 8, 2008 |
Updated: | May 21, 2008 |
| Description: |
From the Ubuntu advisory:
Flaws were discovered in the file upload form control. A malicious
website could force arbitrary files from the user's computer to be
uploaded without consent. (CVE-2008-0414)
Various flaws were discovered in character encoding handling. If a
user were ticked into opening a malicious web page, an attacker
could perform cross-site scripting attacks. (CVE-2008-0416)
Flaws were discovered in the BMP decoder. By tricking a user into
opening a specially crafted BMP file, an attacker could obtain
sensitive information. (CVE-2008-0420)
Emil Ljungdahl and Lars-Olof Moilanen discovered that a web forgery
warning dialog wasn't displayed under certain circumstances. A
malicious website could exploit this to conduct phishing attacks
against the user. (CVE-2008-0594)
|
| Alerts: |
|
Comments (none posted)
firefox: multiple vulnerabilities
| Package(s): | firefox |
CVE #(s): | CVE-2007-3844
CVE-2007-3845
|
| Created: | August 1, 2007 |
Updated: | February 20, 2008 |
| Description: |
A flaw was discovered in handling of "about:blank" windows used by
addons. A malicious web site could exploit this to modify the contents,
or steal confidential data (such as passwords), of other web pages.
(CVE-2007-3844)
Jesper Johansson discovered that spaces and double-quotes were
not correctly handled when launching external programs. In rare
configurations, after tricking a user into opening a malicious web page,
an attacker could execute helpers with arbitrary arguments with the
user's privileges. (CVE-2007-3845) |
| Alerts: |
|
Comments (none posted)
firefox: multiple vulnerabilities
| Package(s): | firefox seamonkey |
CVE #(s): | CVE-2007-5947
CVE-2007-5959
CVE-2007-5960
|
| Created: | November 27, 2007 |
Updated: | March 3, 2008 |
| Description: |
A cross-site scripting flaw was found in the way Firefox handled the
jar: URI scheme. It was possible for a malicious website to leverage this
flaw and conduct a cross-site scripting attack against a user running
Firefox. (CVE-2007-5947)
Several flaws were found in the way Firefox processed certain malformed web
content. A webpage containing malicious content could cause Firefox to
crash, or potentially execute arbitrary code as the user running Firefox.
(CVE-2007-5959)
A race condition existed when Firefox set the "window.location" property
for a webpage. This flaw could allow a webpage to set an arbitrary Referer
header, which may lead to a Cross-site Request Forgery (CSRF) attack
against websites that rely only on the Referer header for protection.
(CVE-2007-5960)
|
| Alerts: |
|
Comments (1 posted)
firefox: multiple vulnerabilities
| Package(s): | firefox seamonkey thunderbird |
CVE #(s): | CVE-2008-0412
CVE-2008-0413
CVE-2008-0415
CVE-2008-0417
CVE-2008-0418
CVE-2008-0419
CVE-2008-0591
CVE-2008-0592
CVE-2008-0593
|
| Created: | February 8, 2008 |
Updated: | May 21, 2008 |
| Description: |
From the Red Hat advisory:
Several flaws were found in the way Firefox processed certain malformed web
content. A webpage containing malicious content could cause Firefox to
crash, or potentially execute arbitrary code as the user running Firefox.
(CVE-2008-0412, CVE-2008-0413, CVE-2008-0415, CVE-2008-0419)
Several flaws were found in the way Firefox displayed malformed web
content. A webpage containing specially-crafted content could trick a user
into surrendering sensitive information. (CVE-2008-0591, CVE-2008-0593)
A flaw was found in the way Firefox stored password data. If a user saves
login information for a malicious website, it could be possible to corrupt
the password database, preventing the user from properly accessing saved
password data. (CVE-2008-0417)
A flaw was found in the way Firefox handles certain chrome URLs. If a user
has certain extensions installed, it could allow a malicious website to
steal sensitive session data. Note: this flaw does not affect a default
installation of Firefox. (CVE-2008-0418)
A flaw was found in the way Firefox saves certain text files. If a
website offers a file of type "plain/text", rather than "text/plain",
Firefox will not show future "text/plain" content to the user in the
browser, forcing them to save those files locally to view the content.
(CVE-2008-0592)
|
| Alerts: |
|
Comments (2 posted)
firefox, thunderbird, seamonkey: multiple vulnerabilities
| Package(s): | firefox, thunderbird, seamonkey |
CVE #(s): | CVE-2007-3738
CVE-2007-3656
CVE-2007-3670
CVE-2007-3285
CVE-2007-3737
CVE-2007-3089
CVE-2007-3736
CVE-2007-3734
CVE-2007-3735
|
| Created: | July 18, 2007 |
Updated: | May 12, 2008 |
| Description: |
shutdown and moz_bug_r_a4 reported two separate ways to modify an
XPCNativeWrapper such that subsequent access by the browser would result in
executing user-supplied code. (CVE-2007-3738)
Michal Zalewski reported that it was possible to bypass the same-origin
checks and read from cached (wyciwyg) documents It is possible to access
wyciwyg:// documents without proper same domain policy checks through the
use of HTTP 302 redirects. This enables the attacker to steal sensitive
data displayed on dynamically generated pages; perform cache poisoning; and
execute own code or display own content with URL bar and SSL certificate
data of the attacked page (URL spoofing++). (CVE-2007-3656)
Internet Explorer calls registered URL protocols without escaping quotes
and may be used to pass unexpected and potentially dangerous data to the
application that registers that URL Protocol. (CVE-2007-3670)
Ronald van den Heetkamp reported that a filename URL containing %00
(encoded null) can cause Firefox to interpret the file extension
differently than the underlying Windows operating system potentially
leading to unsafe actions such as running a program. This is only
accessible locally. (CVE-2007-3285)
An attacker can use an element outside of a document to call an event
handler allowing content to run arbitrary code with chrome
privileges. (CVE-2007-3737)
Ronen Zilberman and Michal Zalewski both reported that it was possible to
exploit a timing issue to inject content into about:blank frames in a
page. When opening a window from a script, it is possible to spoof the
content of the newly opened window's frames within a short time frame,
while the window is loading. (CVE-2007-3089)
Mozilla contributor moz_bug_r_a4 demonstrated that the methods
addEventListener and setTimeout could be used to inject script into another
site in violation of the browser's same-origin policy. This could be used
to access or modify private or valuable information from that other
site. (CVE-2007-3736)
As part of the Firefox 2.0.0.5 update releases Mozilla developers fixed
many bugs to improve the stability of the product. Some of these crashes
that showed evidence of memory corruption under certain circumstances and
we presume that with enough effort at least some of these could be
exploited to run arbitrary code. Note: Thunderbird shares the browser
engine with Firefox and could be vulnerable if JavaScript were to be
enabled in mail. This is not the default setting and we strongly discourage
users from running JavaScript in mail. Without further investigation we
cannot rule out the possibility that for some of these an attacker might be
able to prepare memory for exploitation through some means other than
JavaScript, such as large images. (CVE-2007-3734, CVE-2007-3735) |
| Alerts: |
|
Comments (none posted)
flash-plugin: lots of problems
Comments (3 posted)
freetype: arbitrary code execution
| Package(s): | freetype |
CVE #(s): | CVE-2007-2754
|
| Created: | May 24, 2007 |
Updated: | June 1, 2010 |
| Description: |
The Freetype font rendering library versions 2.3.4 and below
has an integer sign error. Remote attackers may be able to
create a specially crafted TrueType Font file with a negative
n_points value that will cause an integer overflow and heap-based
buffer overflow, allowing the execution of arbitrary code. |
| Alerts: |
|
Comments (none posted)
freetype: integer overflows
| Package(s): | freetype |
CVE #(s): | CVE-2006-0747
CVE-2006-1861
CVE-2006-2493
CVE-2006-2661
CVE-2006-3467
|
| Created: | June 8, 2006 |
Updated: | June 1, 2010 |
| Description: |
The FreeType library has several integer overflow vulnerabilities.
If a user can be tricked into installing a specially
crafted font file, arbitrary code can be executed with the privilege
of the user. |
| Alerts: |
|
Comments (none posted)
gcc: file overwrite vulnerability
| Package(s): | gcc |
CVE #(s): | CVE-2006-3619
|
| Created: | September 6, 2006 |
Updated: | March 14, 2008 |
| Description: |
The fastjar utility found in the GNU compiler collection does not perform adequate file path checking, allowing the creation or overwriting of files outside of the current directory tree. |
| Alerts: |
|
Comments (none posted)
gd: buffer overflow
| Package(s): | gd |
CVE #(s): | CVE-2007-0455
|
| Created: | February 7, 2007 |
Updated: | November 18, 2009 |
| Description: |
The gd graphics library contains a buffer overflow which could enable a remote attacker to execute arbitrary code. Note that various other packages include code from gd and could also be vulnerable. |
| Alerts: |
|
Comments (2 posted)
gd: multiple vulnerabilities
| Package(s): | gd |
CVE #(s): | CVE-2007-3472
CVE-2007-3473
CVE-2007-3474
CVE-2007-3475
CVE-2007-3476
CVE-2007-3477
CVE-2007-3478
|
| Created: | August 6, 2007 |
Updated: | November 6, 2009 |
| Description: |
Integer overflow in gdImageCreateTrueColor function in the GD Graphics
Library (libgd) before 2.0.35 allows user-assisted remote attackers
to have unspecified remote attack vectors and impact. (CVE-2007-3472)
The gdImageCreateXbm function in the GD Graphics Library (libgd)
before 2.0.35 allows user-assisted remote attackers to cause a denial
of service (crash) via unspecified vectors involving a gdImageCreate
failure. (CVE-2007-3473)
Multiple unspecified vulnerabilities in the GIF reader in the
GD Graphics Library (libgd) before 2.0.35 allow user-assisted
remote attackers to have unspecified attack vectors and
impact. (CVE-2007-3474)
The GD Graphics Library (libgd) before 2.0.35 allows user-assisted
remote attackers to cause a denial of service (crash) via a GIF image
that has no global color map. (CVE-2007-3475)
Array index error in gd_gif_in.c in the GD Graphics Library (libgd)
before 2.0.35 allows user-assisted remote attackers to cause
a denial of service (crash and heap corruption) via large color
index values in crafted image data, which results in a segmentation
fault. (CVE-2007-3476)
The (a) imagearc and (b) imagefilledarc functions in GD Graphics
Library (libgd) before 2.0.35 allows attackers to cause a denial
of service (CPU consumption) via a large (1) start or (2) end angle
degree value. (CVE-2007-3477)
Race condition in gdImageStringFTEx (gdft_draw_bitmap) in gdft.c in the
GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote
attackers to cause a denial of service (crash) via unspecified vectors,
possibly involving truetype font (TTF) support. (CVE-2007-3478) |
| Alerts: |
|
Comments (none posted)
gd: denial of service
| Package(s): | gd |
CVE #(s): | CVE-2007-2756
|
| Created: | June 14, 2007 |
Updated: | February 28, 2008 |
| Description: |
Libgd2 has a denial of service vulnerability involving the incorrect
validation of PNG callback results. If an application that is linked
against libgd2 is used to process a specially-crafted PNG file,
a denial of service involving CPU resource consumption can be
caused. |
| Alerts: |
|
Comments (none posted)
gedit: format string vulnerability
| Package(s): | gedit |
CVE #(s): | CAN-2005-1686
|
| Created: | June 9, 2005 |
Updated: | February 5, 2009 |
| Description: |
A format string vulnerability has been discovered in gedit. Calling
the program with specially crafted file names caused a buffer
overflow, which could be exploited to execute arbitrary code with the
privileges of the gedit user. |
| Alerts: |
|
Comments (1 posted)
gimp: multiple vulnerabilities
| Package(s): | gimp |
CVE #(s): | CVE-2007-2949
|
| Created: | June 28, 2007 |
Updated: | February 27, 2008 |
| Description: |
The gimp image editor has several vulnerabilities, including
a problem where it can open PSD files with excessive dimensions
and a possible stack overflow in the Sunras loader. |
| Alerts: |
|
Comments (none posted)
gnome-screensaver: keyboard lock bypass
| Package(s): | gnome-screensaver |
CVE #(s): | CVE-2007-3920
|
| Created: | October 24, 2007 |
Updated: | October 15, 2009 |
| Description: |
From the Ubuntu advisory:
Jens Askengren discovered that gnome-screensaver became confused when
running under Compiz, and could lose keyboard lock focus. A local
attacker could exploit this to bypass the user's locked screen saver. |
| Alerts: |
|
Comments (none posted)
openssh: inappropriate use of trusted cookies
| Package(s): | gnome-ssh-askpass openssh |
CVE #(s): | CVE-2007-4752
|
| Created: | September 11, 2007 |
Updated: | August 25, 2008 |
| Description: |
OpenSSH in versions prior
4.7 could use a trusted X11 cookie if the creation of an untrusted
cookie failed. |
| Alerts: |
|
Comments (none posted)
gnumeric: arbitrary code execution
| Package(s): | gnumeric |
CVE #(s): | CVE-2008-0668
|
| Created: | February 13, 2008 |
Updated: | August 8, 2008 |
| Description: |
From the CVE:
The excel_read_HLINK function in plugins/excel/ms-excel-read.c in Gnome Office Gnumeric before 1.8.1 allows user-assisted remote attackers to execute arbitrary code via a crafted XLS file containing XLS HLINK opcodes, possibly because of an integer signedness error that leads to an integer overflow. NOTE: some of these details are obtained from third party information. |
| Alerts: |
|
Comments (none posted)
grip: buffer overflow
| Package(s): | grip |
CVE #(s): | CAN-2005-0706
|
| Created: | March 10, 2005 |
Updated: | November 19, 2008 |
| Description: |
Grip, a CD ripper, has a buffer overflow vulnerability that can
occur when the CDDB server returns more than 16 matches. |
| Alerts: |
|
Comments (none posted)
gzip: multiple vulnerabilities
| Package(s): | gzip |
CVE #(s): | CVE-2006-4334
CVE-2006-4335
CVE-2006-4336
CVE-2006-4337
CVE-2006-4338
|
| Created: | September 19, 2006 |
Updated: | January 20, 2010 |
| Description: |
Tavis Ormandy of the Google Security Team discovered two denial of service
flaws in the way gzip expanded archive files. If a victim expanded a
specially crafted archive, it could cause the gzip executable to hang or
crash.
Tavis Ormandy of the Google Security Team discovered several code execution
flaws in the way gzip expanded archive files. If a victim expanded a
specially crafted archive, it could cause the gzip executable to crash or
execute arbitrary code. |
| Alerts: |
|
Comments (1 posted)
horde3: remote email deletion
| Package(s): | horde3 |
CVE #(s): | CVE-2007-6018
|
| Created: | January 21, 2008 |
Updated: | March 24, 2009 |
| Description: |
From the Debian advisory:
Ulf Harnhammer discovered that the HTML filter of the Horde web
application framework performed insufficient input sanitising, which
may lead to the deletion of emails if a user is tricked into viewing
a malformed email inside the Imp client. |
| Alerts: |
|
Comments (none posted)
horde-kronolith: local file inclusion
| Package(s): | horde-kronolith |
CVE #(s): | CVE-2006-6175
|
| Created: | January 17, 2007 |
Updated: | March 7, 2008 |
| Description: |
Kronolith contains a mistake in lib/FBView.php where a raw, unfiltered
string is used instead of a sanitized string to view local files. An
authenticated attacker could craft an HTTP GET request that uses directory
traversal techniques to execute any file on the web server as PHP code,
which could allow information disclosure or arbitrary code execution with
the rights of the user running the PHP application (usually the webserver
user). |
| Alerts: |
|
Comments (none posted)
httpd: cross-site scripting, denial of service
| Package(s): | httpd |
CVE #(s): | CVE-2007-6421
CVE-2007-6422
|
| Created: | January 15, 2008 |
Updated: | April 4, 2008 |
| Description: |
A flaw was found in the mod_proxy_balancer module. On sites where
mod_proxy_balancer was enabled, a cross-site scripting attack against an
authorized user was possible. (CVE-2007-6421)
A flaw was found in the mod_proxy_balancer module. On sites where
mod_proxy_balancer was enabled, an authorized user could send a carefully
crafted request that would cause the Apache child process handling that
request to crash. This could lead to a denial of service if using a
threaded Multi-Processing Module. (CVE-2007-6422) |
| Alerts: |
|
Comments (1 posted)
icu: arbitrary code execution
| Package(s): | icu |
CVE #(s): | CVE-2007-4770
CVE-2007-4771
|
| Created: | January 25, 2008 |
Updated: | May 15, 2008 |
| Description: |
From the Red Hat advisory:
Will Drewry reported multiple flaws in the way libicu processed certain
malformed regular expressions. If an application linked against ICU, such
as OpenOffice.org, processed a carefully crafted regular expression, it may
be possible to execute arbitrary code as the user running the application.
|
| Alerts: |
|
Comments (none posted)
imagemagick: multiple vulnerabilities
| Package(s): | imagemagick |
CVE #(s): | CVE-2007-4985
CVE-2007-4986
CVE-2007-4987
CVE-2007-4988
|
| Created: | October 4, 2007 |
Updated: | August 11, 2009 |
| Description: |
The ImageMagick image decoders have multiple vulnerabilities.
If a user can be tricked into processing a specially crafted
DCM, DIB, XBM, XCF, or XWD image, arbitrary code may be executed with
the user's privileges. |
| Alerts: |
|
Comments (none posted)
ImageMagick: integer overflows
| Package(s): | imagemagick |
CVE #(s): | CVE-2007-1797
|
| Created: | April 4, 2007 |
Updated: | August 11, 2009 |
| Description: |
Multiple integer overflows in ImageMagick before 6.3.3-5 allow remote
attackers to execute arbitrary code via (1) a crafted DCM image, which
results in a heap-based overflow in the ReadDCMImage function, or (2) the
(a) colors or (b) comments field in a crafted XWD image, which results in a
heap-based overflow in the ReadXWDImage function, different issues than
CVE-2007-1667. |
| Alerts: |
|
Comments (none posted)
jasper: denial of service
| Package(s): | jasper |
CVE #(s): | CVE-2007-2721
|
| Created: | June 1, 2007 |
Updated: | April 19, 2010 |
| Description: |
The jpc_qcx_getcompparms function in jpc/jpc_cs.c could allow remote
user-assisted attackers to cause a denial of service (crash) and possibly
corrupt the heap via malformed image files. |
| Alerts: |
|
Comments (none posted)
java: multiple vulnerabilities
| Package(s): | java |
CVE #(s): | CVE-2006-4339
CVE-2006-4790
CVE-2006-6731
CVE-2006-6736
CVE-2006-6737
CVE-2006-6745
|
| Created: | January 18, 2007 |
Updated: | June 4, 2010 |
| Description: |
java has multiple vulnerabilities, these include:
an RSA exponent padding attack vulnerability, two vulnerabilities
which allow untrusted applets to access data in other applets,
vulnerabilities that involve applets gaining privileges due to
serialization bugs in the JRE and buffer overflows in the java image
handling routines that can give attackers read/write/execute capabilities
for local files. |
| Alerts: |
|
Comments (1 posted)
java-1.5.0-sun: multiple vulnerabilities
| Package(s): | java-1.5.0-sun |
CVE #(s): | CVE-2007-3503
CVE-2007-3655
CVE-2007-3698
CVE-2007-3922
|
| Created: | August 6, 2007 |
Updated: | June 24, 2008 |
| Description: |
The Javadoc tool was able to generate HTML documentation pages that
contained cross-site scripting (XSS) vulnerabilities. A remote attacker
could use this to inject arbitrary web script or HTML. (CVE-2007-3503)
The Java Web Start URL parsing component contained a buffer overflow
vulnerability within the parsing code for JNLP files. A remote attacker
could create a malicious JNLP file that could trigger this flaw and execute
arbitrary code when opened. (CVE-2007-3655)
The JSSE component did not correctly process SSL/TLS handshake requests. A
remote attacker who is able to connect to a JSSE-based service could
trigger this flaw leading to a denial-of-service. (CVE-2007-3698)
A flaw was found in the applet class loader. An untrusted applet could use
this flaw to circumvent network access restrictions, possibly connecting to
services hosted on the machine that executed the applet. (CVE-2007-3922)
|
| Alerts: |
|
Comments (none posted)
java: multiple vulnerabilities
| Package(s): | java-1.5.0-sun |
CVE #(s): | CVE-2008-0657
|
| Created: | February 12, 2008 |
Updated: | April 25, 2008 |
| Description: |
Multiple unspecified vulnerabilities in the Java Runtime Environment in Sun JDK and JRE 6 Update 1 and earlier, and 5.0 Update 13 and earlier, allow context-dependent attackers to gain privileges via an untrusted (1) application or (2) applet, as demonstrated by an application or applet that grants itself privileges to (a) read local files, (b) write to local files, or (c) execute local programs. |
| Alerts: |
|
Comments (none posted)
java-1.5.0-sun: multiple vulnerabilities
| Package(s): | java-1.5.0-sun |
CVE #(s): | CVE-2007-5232
CVE-2007-5238
CVE-2007-5239
CVE-2007-5240
CVE-2007-5273
CVE-2007-5274
|
| Created: | October 12, 2007 |
Updated: | April 25, 2008 |
| Description: |
Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier,
JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier,
and SDK and JRE 1.3.1_20 and earlier, when applet caching is enabled,
allows remote attackers to violate the security model for an applet's
outbound connections via a DNS rebinding attack. (CVE-2007-5232)
Java Web Start in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0
Update 12 and earlier, and SDK and JRE 1.4.2_15 and earlier does not
properly enforce access restrictions for untrusted applications, which
allows user-assisted remote attackers to obtain sensitive information (the
Java Web Start cache location) via an untrusted application, aka "three
vulnerabilities." (CVE-2007-5238)
Java Web Start in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0
Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE
1.3.1_20 and earlier does not properly enforce access restrictions for
untrusted (1) applications and (2) applets, which allows user-assisted
remote attackers to copy or rename arbitrary files when local users perform
drag-and-drop operations from the untrusted application or applet window
onto certain types of desktop applications. (CVE-2007-5239)
Visual truncation vulnerability in the Java Runtime Environment in Sun JDK
and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK
and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier allows
remote attackers to circumvent display of the untrusted-code warning banner
by creating a window larger than the workstation screen. (CVE-2007-5240)
Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier,
JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier,
and SDK and JRE 1.3.1_20 and earlier, when an HTTP proxy server is used,
allows remote attackers to violate the security model for an applet's
outbound connections via a multi-pin DNS rebinding attack in which the
applet download relies on DNS resolution on the proxy server, but the
applet's socket operations rely on DNS resolution on the local machine, a
different issue than CVE-2007-5274. NOTE: this is similar to
CVE-2007-5232. (CVE-2007-5273)
Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier,
JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier,
and SDK and JRE 1.3.1_20 and earlier, when Firefox or Opera is used, allows
remote attackers to violate the security model for JavaScript outbound
connections via a multi-pin DNS rebinding attack dependent on the
LiveConnect API, in which JavaScript download relies on DNS resolution by
the browser, but JavaScript socket operations rely on separate DNS
resolution by a Java Virtual Machine (JVM), a different issue than
CVE-2007-5273. NOTE: this is similar to CVE-2007-5232. (CVE-2007-5274) |
| Alerts: |
|
Comments (1 posted)
JRockit: multiple vulnerabilities
Comments (none posted)
kazehakase: multiple vulnerabilities
| Package(s): | kazehakase |
CVE #(s): | |
| Created: | January 31, 2008 |
Updated: | April 23, 2008 |
| Description: |
The kazehakase web browser is vulnerable to buffer overflows and
memory corruption in PCRE. If a remote attacker can convince a user to
open specially crafted bookmarks, it can lead to the
execution of arbitrary code, denial of service or
arbitrary information disclosure. |
| Alerts: |
|
Comments (none posted)
kdebase: denial of service
| Package(s): | kdebase |
CVE #(s): | CVE-2007-5963
|
| Created: | December 18, 2007 |
Updated: | January 19, 2009 |
| Description: |
The kdebase package is vulnerable to a denial of service in which a local user can render KDM unusable for logins by any user or cause KDM to exceed system resource limits. |
| Alerts: |
|
Comments (none posted)
kdelibs: kate backup file permission leak
| Package(s): | kdelibs kate kwrite |
CVE #(s): | CAN-2005-1920
|
| Created: | July 19, 2005 |
Updated: | September 21, 2010 |
| Description: |
Kate / Kwrite, as shipped with KDE 3.2.x up to including 3.4.0, creates a file backup before saving a modified file. These backup files are created with default permissions, even if the original file had more strict permissions set. See this advisory for more information. |
| Alerts: |
|
Comments (1 posted)
kernel: out-of-bounds access
| Package(s): | kernel |
CVE #(s): | CVE-2007-4573
|
| Created: | September 25, 2007 |
Updated: | December 6, 2010 |
| Description: |
The IA32 system call emulation functionality in Linux kernel 2.4.x and
2.6.x before 2.6.22.7, when running on the x86_64 architecture, does not
zero extend the eax register after the 32bit entry path to ptrace is used,
which might allow local users to gain privileges by triggering an
out-of-bounds access to the system call table using the %RAX register. |
| Alerts: |
|
Comments (none posted)
kernel: denial of service
| Package(s): | kernel |
CVE #(s): | CVE-2007-4130
CVE-2007-6694
|
| Created: | February 1, 2008 |
Updated: | June 20, 2008 |
| Description: |
From the Red Hat advisory: A flaw was found in the way the Red Hat
Enterprise Linux 4 kernel handled page faults when a CPU used the NUMA
method for accessing memory on Itanium architectures. A local unprivileged
user could trigger this flaw and cause a denial of service (system panic).
A possible NULL pointer dereference was found in the chrp_show_cpuinfo
function when using the PowerPC architecture. This may have allowed a local
unprivileged user to cause a denial of service (crash). |
| Alerts: |
|
Comments (none posted)
kernel: ALSA returns incorrect write size
| Package(s): | kernel |
CVE #(s): | CVE-2007-4571
|
| Created: | September 28, 2007 |
Updated: | June 20, 2008 |
| Description: |
The snd_mem_proc_read function in sound/core/memalloc.c in the Advanced
Linux Sound Architecture (ALSA) in the Linux kernel before 2.6.22.8 does
not return the correct write size, which allows local users to obtain
sensitive information (kernel memory contents) via a small count argument,
as demonstrated by multiple reads of /proc/driver/snd-page-alloc. |
| Alerts: |
|
Comments (none posted)
kernel: insufficient range checks
| Package(s): | kernel |
CVE #(s): | CVE-2008-0007
|
| Created: | February 8, 2008 |
Updated: | January 8, 2009 |
| Description: |
From the SUSE advisory: Insufficient range checks in certain fault handlers could be used by local attackers to potentially read or write kernel memory. |
| Alerts: |
|
Comments (none posted)
kernel: denial of service
| Package(s): | kernel |
CVE #(s): | CVE-2006-4535
CVE-2006-4538
|
| Created: | September 18, 2006 |
Updated: | January 5, 2009 |
| Description: |
Sridhar Samudrala discovered a local denial of service vulnerability
in the handling of SCTP sockets. By opening such a socket with a
special SO_LINGER value, a local attacker could exploit this to crash
the kernel. (CVE-2006-4535)
Kirill Korotaev discovered that the ELF loader on the ia64 and sparc
platforms did not sufficiently verify the memory layout. By attempting
to execute a specially crafted executable, a local user could exploit
this to crash the kernel. (CVE-2006-4538) |
| Alerts: |
|
Comments (none posted)
kernel: remote denial of service
| Package(s): | kernel |
CVE #(s): | CVE-2006-6058
CVE-2007-4997
|
| Created: | November 9, 2007 |
Updated: | June 13, 2008 |
| Description: |
The Minix filesystem code in Linux kernel 2.6.x up to 2.6.18, and possibly
other versions, allows local users to cause a denial of service (hang) via
a malformed minix file stream that triggers an infinite loop in the
minix_bmap function. NOTE: this issue might be due to an integer overflow
or signedness error.
Integer underflow in the ieee80211_rx function in
net/ieee80211/ieee80211_rx.c in the Linux kernel 2.6.x before 2.6.23 allows
remote attackers to cause a denial of service (crash) via a crafted SKB
length value in a runt IEEE 802.11 frame when the IEEE80211_STYPE_QOS_DATA
flag is set, aka an "off-by-two error." |
| Alerts: |
|
Comments (1 posted)
kernel: local filesystem corruption
| Package(s): | kernel |
CVE #(s): | CVE-2008-0001
|
| Created: | January 17, 2008 |
Updated: | June 13, 2008 |
| Description: |
From the mitre.org CVE description:
VFS in the Linux kernel before 2.6.23.14 performs tests of access mode by using the flag variable instead of the acc_mode variable, which might allow local users to bypass file permissions. |
| Alerts: |
|
Comments (none posted)
kernel: several vulnerabilities
| Package(s): | kernel |
CVE #(s): | CVE-2007-1353
CVE-2007-2451
CVE-2007-2453
|
| Created: | June 11, 2007 |
Updated: | March 6, 2008 |
| Description: |
Ilja van Sprundel discovered that Bluetooth setsockopt calls could leak
kernel memory contents via an uninitialized stack buffer. A local attacker
could exploit this flaw to view sensitive kernel information.
(CVE-2007-1353)
The GEODE-AES driver did not correctly initialize its encryption key.
Any data encrypted using this type of device would be easily compromised.
(CVE-2007-2451)
The random number generator was hashing a subset of the available
entropy, leading to slightly less random numbers. Additionally, systems
without an entropy source would be seeded with the same inputs at boot
time, leading to a repeatable series of random numbers. (CVE-2007-2453) |
| Alerts: |
|
Comments (none posted)
kernel: several vulnerabilities
| Package(s): | kernel |
CVE #(s): | CVE-2006-5823
CVE-2006-6054
CVE-2007-1592
|
| Created: | June 12, 2007 |
Updated: | March 21, 2011 |
| Description: |
A flaw in the cramfs file system allows invalid compressed data to cause
memory corruption (CVE-2006-5823)
A flaw in the ext2 file system allows an invalid inode size to cause a
denial of service (system hang) (CVE-2006-6054)
A flaw in IPV6 flow label handling allows a local user to cause a denial of
service (crash) (CVE-2007-1592) |
| Alerts: |
|
Comments (none posted)
kernel: denial of service
| Package(s): | kernel |
CVE #(s): | CVE-2007-5500
|
| Created: | November 28, 2007 |
Updated: | July 8, 2008 |
| Description: |
The wait_task_stopped function in the Linux kernel before 2.6.23.8 checks a TASK_TRACED bit instead of an exit_state value, which allows local users to cause a denial of service (machine crash) via unspecified vectors. |
| Alerts: |
|
Comments (none posted)
kernel: denial of service
| Package(s): | kernel |
CVE #(s): | CVE-2007-5501
|
| Created: | November 28, 2007 |
Updated: | March 7, 2008 |
| Description: |
The tcp_sacktag_write_queue function in net/ipv4/tcp_input.c in Linux kernel 2.6.21 through 2.6.23.7, and 2.6.24-rc through 2.6.24-rc2, allows remote attackers to cause a denial of service (crash) via crafted ACK responses that trigger a NULL pointer dereference. |
| Alerts: |
|
Comments (none posted)
kernel: denial of service
| Package(s): | kernel |
CVE #(s): | CVE-2006-2935
CVE-2006-4145
CVE-2006-3745
|
| Created: | September 1, 2006 |
Updated: | July 30, 2008 |
| Description: |
Previous versions of the kernel package are subject to several
vulnerabilities. Certain malformed UDF filesystems can cause the system to
crash (denial of service). Malformed CDROM firmware or USB storage devices
(such as USB keys) could cause system crash (denial of service), and if
they were intentionally malformed, can cause arbitrary code to run with
elevated privileges. In addition, the SCTP protocol is subject to a remote
system crash (denial of service) attack. |
| Alerts: |
|
Comments (none posted)
kernel: several vulnerabilities
| Package(s): | kernel |
CVE #(s): | CVE-2007-2172
CVE-2007-3739
CVE-2007-4308
|
| Created: | December 3, 2007 |
Updated: | January 8, 2009 |
| Description: |
A typo in Linux kernel 2.6 before 2.6.21-rc6 and 2.4 before 2.4.35 causes
RTA_MAX to be used as an array size instead of RTN_MAX, which leads to an
"out of bound access" by the (1) dn_fib_props (dn_fib.c, DECNet) and (2)
fib_props (fib_semantics.c, IPv4) functions. (CVE-2007-2172)
mm/mmap.c in the hugetlb kernel, when run on PowerPC systems, does not
prevent stack expansion from entering into reserved kernel page memory,
which allows local users to cause a denial of service (OOPS) via
unspecified vectors. (CVE-2007-3739)
The (1) aac_cfg_open and (2) aac_compat_ioctl functions in the SCSI layer
ioctl path in aacraid in the Linux kernel before 2.6.23-rc2 do not check
permissions for ioctls, which might allow local users to cause a denial of
service or gain privileges. (CVE-2007-4308) |
| Alerts: |
|
Comments (none posted)
kernel: buffer overflows
| Package(s): | kernel |
CVE #(s): | CVE-2007-5904
|
| Created: | December 3, 2007 |
Updated: | June 20, 2008 |
| Description: |
Multiple buffer overflows in CIFS VFS in Linux kernel 2.6.23 and earlier
allows remote attackers to cause a denial of service (crash) and possibly
execute arbitrary code via long SMB responses that trigger the overflows in
the SendReceive function. |
| Alerts: |
|
Comments (none posted)
kernel: multiple vulnerabilities
| Package(s): | kernel |
CVE #(s): | CVE-2006-5749
CVE-2006-4814
CVE-2006-6106
|
| Created: | January 5, 2007 |
Updated: | January 8, 2009 |
| Description: |
A security issue has been reported in Linux kernel due to an error in
drivers/isdn/i4l/isdn_ppp.c as the "isdn_ppp_ccp_reset_alloc_state()"
function never initializes an event timer before scheduling it with the
"add_timer()" function.
The mincore function in the kernel does not properly lock access to user
space, which has unspecified impact and attack vectors, possibly related to
a deadlock.
Another vulnerability has been reported in Linux kernel caused by a
boundary error within the handling of incoming CAPI messages in
net/bluetooth/cmtp/capi.c. This can be exploited to overwrite certain
Kernel data structures. |
| Alerts: |
|
Comments (none posted)
kernel: several vulnerabilities
| Package(s): | kernel |
CVE #(s): | CVE-2007-3851
CVE-2007-3848
CVE-2007-3105
|
| Created: | August 17, 2007 |
Updated: | January 8, 2009 |
| Description: |
The drm/i915 component in the Linux kernel before 2.6.22.2, when used with
i965G and later chipsets, allows local users with access to an X11 session
and Direct Rendering Manager (DRM) to write to arbitrary memory locations
and gain privileges via a crafted batchbuffer. (CVE-2007-3851)
Linux kernel 2.4.35 and other versions allows local users to send arbitrary
signals to a child process that is running at higher privileges by causing
a setuid-root parent process to die, which delivers an attacker-controlled
parent process death signal (PR_SET_PDEATHSIG). (CVE-2007-3848)
Stack-based buffer overflow in the random number generator (RNG)
implementation in the Linux kernel before 2.6.22 might allow local root
users to cause a denial of service or gain privileges by setting the
default wakeup threshold to a value greater than the output pool size,
which triggers writing random numbers to the stack by the pool transfer
function involving "bound check ordering". NOTE: this issue might only
cross privilege boundaries in environments that have granular assignment of
privileges for root. (CVE-2007-3105) |
| Alerts: |
|
Comments (1 posted)
kernel: denial of service vulnerabilities
| Package(s): | kernel |
CVE #(s): | CVE-2007-4133
CVE-2007-5093
|
| Created: | January 12, 2008 |
Updated: | November 20, 2008 |
| Description: |
The (1) hugetlb_vmtruncate_list and (2) hugetlb_vmtruncate functions
in fs/hugetlbfs/inode.c in the Linux kernel before 2.6.19-rc4 perform
certain prio_tree calculations using HPAGE_SIZE instead of PAGE_SIZE
units, which allows local users to cause a denial of service (panic)
via unspecified vectors.
The disconnect method in the Philips USB Webcam (pwc) driver in Linux
kernel 2.6.x before 2.6.22.6 relies on user space to close the device,
which allows user-assisted local attackers to cause a denial of service
(USB subsystem hang and CPU consumption in khubd) by not closing the
device after the disconnect is invoked. NOTE: this rarely crosses
privilege boundaries, unless the attacker can convince the victim to
unplug the affected device. |
| Alerts: |
|
Comments (none posted)
kernel: multiple vulnerabilities
| Package(s): | kernel |
CVE #(s): | CVE-2007-3104
CVE-2007-3740
CVE-2007-3843
CVE-2007-6063
|
| Created: | December 4, 2007 |
Updated: | January 8, 2009 |
| Description: |
The sysfs_readdir function in the Linux kernel 2.6 allows local users to
cause a denial of service (kernel OOPS) by dereferencing a null pointer to
an inode in a dentry. (CVE-2007-3104)
The CIFS filesystem, when Unix extension support is enabled, did not honor
the umask of a process, which allowed local users to gain
privileges.(CVE-2007-3740)
The Linux kernel checked the wrong global variable for the CIFS sec mount
option, which might allow remote attackers to spoof CIFS network traffic
that the client configured for security signatures, as demonstrated by lack
of signing despite sec=ntlmv2i in a SetupAndX request. (CVE-2007-3843)
Buffer overflow in the isdn_net_setcfg function in isdn_net.c in the Linux
kernel allowed local users to have an unknown impact via a crafted argument
to the isdn_ioctl function. (CVE-2007-6063) |
| Alerts: |
|
Comments (none posted)
kernel: denial of service
| Package(s): | kernel |
CVE #(s): | CVE-2007-5966
|
| Created: | December 19, 2007 |
Updated: | February 3, 2010 |
| Description: |
A bug in high-resolution timers (prior to kernel 2.6.22.15) can cause very long sleeps when large timeout values are used. |
| Alerts: |
|
Comments (none posted)
krb5: multiple vulnerabilities
| Package(s): | krb5 |
CVE #(s): | CVE-2007-2442
CVE-2007-2443
CVE-2007-2798
|
| Created: | June 27, 2007 |
Updated: | March 24, 2008 |
| Description: |
David Coffey discovered an uninitialized pointer free flaw in the
RPC library used by kadmind. A remote unauthenticated attacker who
could access kadmind could trigger the flaw causing kadmind to crash
or possibly execute arbitrary code (CVE-2007-2442).
David Coffey also discovered an overflow flaw in the same RPC library.
A remote unauthenticated attacker who could access kadmind could
trigger the flaw causing kadmind to crash or possibly execute arbitrary
code (CVE-2007-2443).
Finally, a stack buffer overflow vulnerability was found in kadmind
that allowed an unauthenticated user able to access kadmind the
ability to trigger the vulnerability and possibly execute arbitrary
code (CVE-2007-2798). |
| Alerts: |
|
Comments (none posted)
krb5: uninitialized pointers
| Package(s): | krb5 |
CVE #(s): | CVE-2006-6143
CVE-2006-3084
|
| Created: | January 10, 2007 |
Updated: | July 7, 2010 |
| Description: |
The kdamind daemon can, in some situations, perform operations on uninitialized pointers. This bug could conceivably open up the system to a code execution attack by an unauthenticated remote attacker, but it appears to be difficult to exploit. See this advisory for details. |
| Alerts: |
|
Comments (1 posted)
krb5: local privilege escalation
| Package(s): | krb5 |
CVE #(s): | CVE-2006-3083
|
| Created: | August 9, 2006 |
Updated: | July 7, 2010 |
| Description: |
Some kerberos applications fail to check the results of setuid() calls, with the result that, if that call fails, they could continue to execute as root after thinking they had switched to a nonprivileged user. A local attacker who can cause these calls to fail (through resource exhaustion, presumably) could exploit this bug to gain root privileges. |
| Alerts: |
|
Comments (none posted)
krb5: buffer overflow, uninitialized pointer
| Package(s): | krb5 |
CVE #(s): | CVE-2007-3999
CVE-2007-4000
|
| Created: | September 4, 2007 |
Updated: | March 24, 2008 |
| Description: |
Tenable Network Security discovered a stack buffer overflow flaw in the RPC
library used by kadmind. A remote unauthenticated attacker who can access
kadmind could trigger this flaw and cause kadmind to crash.
Garrett Wollman discovered an uninitialized pointer flaw in kadmind. A
remote unauthenticated attacker who can access kadmind could trigger this
flaw and cause kadmind to crash. |
| Alerts: |
|
Comments (none posted)
krb5: multiple vulnerabilities
| Package(s): | krb5 |
CVE #(s): | CVE-2007-0956
CVE-2007-0957
CVE-2007-1216
|
| Created: | April 3, 2007 |
Updated: | March 24, 2008 |
| Description: |
A flaw was found in the username handling of the MIT krb5 telnet daemon
(telnetd). A remote attacker who can access the telnet port of a target
machine could log in as root without requiring a password. MIT krb5 Security Advisory 2007-001
Buffer overflows were found which affect the Kerberos KDC and the kadmin
server daemon. A remote attacker who can access the KDC could exploit this
bug to run arbitrary code with the privileges of the KDC or kadmin server
processes. MIT krb5 Security Advisory
2007-002
A double-free flaw was found in the GSSAPI library used by the kadmin
server daemon. MIT krb5 Security Advisory
2007-003 |
| Alerts: |
|
Comments (none posted)
kvirc: remote arbitrary code execution
| Package(s): | kvirc |
CVE #(s): | CVE-2007-2951
|
| Created: | September 14, 2007 |
Updated: | February 27, 2008 |
| Description: |
Stefan Cornelius from Secunia Research discovered that the
"parseIrcUrl()" function in file src/kvirc/kernel/kvi_ircurl.cpp does
not properly sanitize parts of the URI when building the command for
KVIrc's internal script system. |
| Alerts: |
|
Comments (none posted)
lcms: stack-based buffer overflow
| Package(s): | lcms |
CVE #(s): | CVE-2007-2741
|
| Created: | November 23, 2007 |
Updated: | October 14, 2008 |
| Description: |
Stack-based buffer overflow in Little CMS (lmcs) before 1.15 allows remote
attackers to execute arbitrary code or cause a denial of service
(application crash) via a crafted ICC profile in a JPG file. |
| Alerts: |
|
Comments (none posted)
lftp: shell command execution
| Package(s): | lftp |
CVE #(s): | CVE-2007-2348
|
| Created: | May 4, 2007 |
Updated: | September 16, 2009 |
| Description: |
mirror --script in lftp before 3.5.9 does not properly quote shell
metacharacters, which might allow remote user-assisted attackers to execute
shell commands via a malicious script. NOTE: it is not clear whether this
issue crosses security boundaries, since the script already supports
commands such as "get" which could overwrite executable files. |
| Alerts: |
|
Comments (none posted)
libarchive: pax extension header vulnerabilities
| Package(s): | libarchive |
CVE #(s): | CVE-2007-3641
CVE-2007-3644
CVE-2007-3645
|
| Created: | August 9, 2007 |
Updated: | February 27, 2008 |
| Description: |
libarchive, a library for manipulating different streaming archive
formats, has a number of pax extension header vulnerabilities.
These may be used to cause a denial of service or for the execution
of arbitrary code. |
| Alerts: |
|
Comments (none posted)
libcdio: arbitrary code execution
| Package(s): | libcdio |
CVE #(s): | CVE-2007-6613
|
| Created: | January 21, 2008 |
Updated: | March 7, 2008 |
| Description: |
From the Gentoo advisory:
Devon Miller reported a boundary error in the "print_iso9660_recurse()"
function in files cd-info.c and iso-info.c when processing long
filenames within Joliet images.
A remote attacker could entice a user to open a specially crafted ISO
image in the cd-info and iso-info applications, resulting in the
execution of arbitrary code with the privileges of the user running the
application. Applications linking against shared libraries of libcdio
are not affected. |
| Alerts: |
|
Comments (1 posted)
libexif: integer overflow
| Package(s): | libexif |
CVE #(s): | CVE-2007-6352
|
| Created: | December 19, 2007 |
Updated: | October 15, 2008 |
| Description: |
From the Red Hat advisory: An integer overflow flaw was found in the way libexif parses Exif image
tags. If a victim opens a carefully crafted Exif image file, it could cause
the application linked against libexif to execute arbitrary code, or crash. |
| Alerts: |
|
Comments (none posted)
libexif: denial of service
| Package(s): | libexif |
CVE #(s): | CVE-2007-6351
|
| Created: | December 19, 2007 |
Updated: | October 15, 2008 |
| Description: |
From the Red Hat advisory: An infinite recursion flaw was found in the way libexif parses Exif image
tags. If a victim opens a carefully crafted Exif image file, it could cause
the application linked against libexif to crash. |
| Alerts: |
|
Comments (none posted)
libgd2: buffer overflow
| Package(s): | libgd2 |
CVE #(s): | CVE-2007-3996
|
| Created: | December 19, 2007 |
Updated: | October 13, 2009 |
| Description: |
The GD library does not perform proper bounds checking when creating images; as a result, an attacker could, via crafted input, potentially execute arbitrary code. |
| Alerts: |
|
Comments (none posted)
libimager-perl: buffer overflow
| Package(s): | libimager-perl |
CVE #(s): | CVE-2007-2459
|
| Created: | February 20, 2008 |
Updated: | February 20, 2008 |
| Description: |
A buffer overflow in the read_4bit_bmp function in bmp.c in Imager 0.56 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via 4-bit/pixel BMP files. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| Alerts: |
|
Comments (none posted)
libmodplug: boundary errors
| Package(s): | libmodplug |
CVE #(s): | CVE-2006-4192
|
| Created: | December 11, 2006 |
Updated: | May 4, 2011 |
| Description: |
Luigi Auriemma has reported various boundary errors in load_it.cpp and
a boundary error in the "CSoundFile::ReadSample()" function in
sndfile.cpp. A remote attacker can entice a user to read crafted modules
or ITP files, which may trigger a buffer overflow resulting in the
execution of arbitrary code with the privileges of the user running the
application. |
| Alerts: |
|
Comments (none posted)
libphp-phpmailer: command execution
| Package(s): | libphp-phpmailer |
CVE #(s): | CVE-2007-3215
|
| Created: | June 20, 2007 |
Updated: | June 25, 2009 |
| Description: |
libphp-phpmailer does not do sufficient input validation, enabling shell command injection attacks. |
| Alerts: |
|
Comments (none posted)
libpng: several vulnerabilities
| Package(s): | libpng |
CVE #(s): | CVE-2007-5266
CVE-2007-5267
CVE-2007-5268
CVE-2007-5269
|
| Created: | October 19, 2007 |
Updated: | March 23, 2009 |
| Description: |
Certain chunk handlers in libpng before 1.0.29 and 1.2.x before 1.2.21
allow remote attackers to cause a denial of service (crash) via crafted (1)
pCAL (png_handle_pCAL), (2) sCAL (png_handle_sCAL), (3) tEXt
(png_push_read_tEXt), (4) iTXt (png_handle_iTXt), and (5) ztXT
(png_handle_ztXt) chunking in PNG images, which trigger out-of-bounds read
operations. (CVE-2007-5269)
pngrtran.c in libpng before 1.0.29 and 1.2.x before 1.2.21 use (1) logical
instead of bitwise operations and (2) incorrect comparisons, which might
allow remote attackers to cause a denial of service (crash) via a crafted
PNG image. (CVE-2007-5268)
Off-by-one error in ICC profile chunk handling in the png_set_iCCP function
in pngset.c in libpng before 1.2.22 beta1 allows remote attackers to cause
a denial of service (crash) via a crafted PNG image, due to an incorrect
fix for CVE-2007-5266. (CVE-2007-5267)
Off-by-one error in ICC profile chunk handling in the png_set_iCCP function
in pngset.c in libpng before 1.0.29 beta1 and 1.2.x before 1.2.21 beta1
allows remote attackers to cause a denial of service (crash) via a crafted
PNG image that prevents a name field from being NULL terminated.
(CVE-2007-5266) |
| Alerts: |
|
Comments (none posted)
libpng: denial of service
| Package(s): | libpng |
CVE #(s): | CVE-2007-2445
|
| Created: | May 17, 2007 |
Updated: | March 23, 2009 |
| Description: |
Libpng can be crashed when processing malformed PNG files.
It may also be possible to exploit this vulnerability to execute arbitrary
code. |
| Alerts: |
|
Comments (none posted)
libpng: buffer overflow
| Package(s): | libpng |
CVE #(s): | CVE-2006-3334
|
| Created: | July 19, 2006 |
Updated: | December 15, 2008 |
| Description: |
In pngrutil.c, the function png_decompress_chunk() allocates
insufficient space for an error message, potentially overwriting stack
data, leading to a buffer overflow. |
| Alerts: |
|
Comments (none posted)
libpng: heap based buffer overflow
| Package(s): | libpng |
CVE #(s): | CVE-2006-0481
|
| Created: | February 13, 2006 |
Updated: | December 15, 2008 |
| Description: |
A heap based buffer overflow bug was found in the way libpng strips alpha
channels from a PNG image. An attacker could create a carefully crafted PNG
image file in such a way that it could cause an application linked with
libpng to crash or execute arbitrary code when the file is opened by a
victim. |
| Alerts: |
|
Comments (1 posted)
libtiff: buffer overflow
| Package(s): | libtiff |
CVE #(s): | CVE-2006-2193
|
| Created: | June 15, 2006 |
Updated: | September 1, 2008 |
| Description: |
The t2p_write_pdf_string function in libtiff 3.8.2 and earlier is vulnerable
to a buffer overflow. Attackers can use a TIFF file with UTF-8 characters
in the DocumentName tag to overflow a buffer, causing a denial of service,
and possibly the execution of arbitrary code. |
| Alerts: |
|
Comments (none posted)
libxml2 - arbitrary code execution
| Package(s): | libxml2 |
CVE #(s): | CAN-2004-0110
|
| Created: | February 26, 2004 |
Updated: | August 19, 2009 |
| Description: |
Yuuichi Teranishi discovered a flaw in libxml2 versions prior to 2.6.6.
When fetching a remote resource via FTP or HTTP, libxml2 uses special
parsing routines. These routines can overflow a buffer if passed a very
long URL. If an attacker is able to find an application using libxml2 that
parses remote resources and allows them to influence the URL, then this
flaw could be used to execute arbitrary code. |
| Alerts: |
|
Comments (none posted)
libxml2: multiple buffer overflows
| Package(s): | libxml2 |
CVE #(s): | CAN-2004-0989
|
| Created: | October 28, 2004 |
Updated: | August 19, 2009 |
| Description: |
libxml2 prior to version 2.6.14 has multiple buffer overflow
vulnerabilities, if a local user passes a specially crafted
FTP URL, arbitrary code may be executed. |
| Alerts: |
|
Comments (none posted)
liferea: weak permissions
| Package(s): | liferea |
CVE #(s): | CVE-2007-5751
|
| Created: | November 2, 2007 |
Updated: | December 22, 2008 |
| Description: |
Liferea before 1.4.6 uses weak permissions (0644) for the feedlist.opml backup file, which allows local users to obtain credentials. |
| Alerts: |
|
Comments (1 posted)
lighttpd: denial of service
| Package(s): | lighttpd |
CVE #(s): | CVE-2007-3946
CVE-2007-3947
CVE-2007-3948
CVE-2007-3949
CVE-2007-3950
|
| Created: | July 19, 2007 |
Updated: | July 15, 2008 |
| Description: |
The lighttpd web server has multiple vulnerabilities involving
a remote access-control setting circumvention that is performed
by the sending of malformed requests. This can be used to crash
the server and cause a denial of service. |
| Alerts: |
|
Comments (none posted)
kernel: several vulnerabilities
| Package(s): | linux-2.6 |
CVE #(s): | CVE-2007-2878
CVE-2007-6151
|
| Created: | January 29, 2008 |
Updated: | January 8, 2009 |
| Description: |
From the Debian advisory: Bart Oldeman reported a denial of service (DoS) issue in the VFAT filesystem that allows local users to corrupt a kernel structure resulting in a system crash. This is only an issue for systems which make use of the VFAT compat ioctl interface, such as systems running an 'amd64' flavor kernel. ADLAB discovered a possible memory overrun in the ISDN subsystem that may permit a local user to overwrite kernel memory leading by issuing ioctls with unterminated data.
|
| Alerts: |
|
Comments (none posted)
kernel: local root privilege escalation
| Package(s): | linux-2.6 |
CVE #(s): | CVE-2008-0010
CVE-2008-0600
|
| Created: | February 11, 2008 |
Updated: | June 23, 2008 |
| Description: |
From the Debian advisory:
The vmsplice system call did not properly verify address arguments
passed by user space processes, which allowed local attackers to
overwrite arbitrary kernel memory, gaining root privileges
(CVE-2008-0010, CVE-2008-0600).
|
| Alerts: |
|
Comments (1 posted)
kernel: information leak, denial of service
| Package(s): | linux-2.6 |
CVE #(s): | CVE-2007-6206
CVE-2007-6417
|
| Created: | December 21, 2007 |
Updated: | September 1, 2010 |
| Description: |
Blake Frantz discovered that when a core file owned by a non-root user exists, and a root-owned process dumps core over it, the core file retains its original ownership. This could be used by a local user to gain access to sensitive information. (CVE-2007-6206)
Hugh Dickins discovered an issue in the tmpfs filesystem where, under a rare circumstance, a kernel page maybe improperly cleared, leaking sensitive kernel memory to userspace or resulting in a DoS (crash). (CVE-2007-6417) |
| Alerts: |
|
Comments (none posted)
vmware-player-kernel: several vulnerabilities
| Package(s): | linux-restricted-modules-2.6.17/20, vmware-player-kernel-2.6.15 |
CVE #(s): | CVE-2007-0061
CVE-2007-0062
CVE-2007-0063
CVE-2007-4496
CVE-2007-4497
|
| Created: | November 16, 2007 |
Updated: | March 13, 2009 |
| Description: |
Neel Mehta and Ryan Smith discovered that the VMWare Player DHCP server
did not correctly handle certain packet structures. Remote attackers
could send specially crafted packets and gain root privileges.
(CVE-2007-0061, CVE-2007-0062, CVE-2007-0063)
Rafal Wojtczvk discovered multiple memory corruption issues in VMWare
Player. Attackers with administrative privileges in a guest operating
system could cause a denial of service or possibly execute arbitrary
code on the host operating system. (CVE-2007-4496, CVE-2007-4497)
|
| Alerts: |
|
Comments (none posted)
lynx: arbitrary command execution
| Package(s): | lynx |
CVE #(s): | CVE-2005-2929
|
| Created: | November 14, 2005 |
Updated: | September 14, 2009 |
| Description: |
An arbitrary command execute bug was found in the lynx "lynxcgi:" URI
handler. An attacker could create a web page redirecting to a malicious URL
which could execute arbitrary code as the user running lynx. |
| Alerts: |
|
Comments (none posted)
mailman: cross-site scripting
| Package(s): | mailman |
CVE #(s): | CVE-2008-0564
|
| Created: | February 13, 2008 |
Updated: | April 15, 2011 |
| Description: |
From the Red Hat bugzilla entry:
Multiple cross-site scripting (XSS) vulnerabilities in Mailman before
2.1.10b1 allow remote attackers to inject arbitrary web script or HTML
via unspecified vectors related to (1) editing templates and (2) the
list's "info attribute" in the web administrator interface, a
different vulnerability than CVE-2006-3636.
|
| Alerts: |
|
Comments (none posted)
mantis: cross-site scripting
| Package(s): | mantis |
CVE #(s): | CVE-2007-6611
|
| Created: | January 7, 2008 |
Updated: | March 4, 2008 |
| Description: |
From the CVE entry:
Cross-site scripting (XSS) vulnerability in view.php in Mantis before 1.1.0 allows remote attackers to inject arbitrary web script or HTML via a filename. |
| Alerts: |
|
Comments (none posted)
mapserver: multiple cross-site scripting vulnerabilities
| Package(s): | mapserver |
CVE #(s): | CVE-2007-4542
CVE-2007-4629
|
| Created: | September 5, 2007 |
Updated: | April 7, 2008 |
| Description: |
CVE-2007-4542: Multiple cross-site scripting (XSS) vulnerabilities in MapServer before 4.10.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving the (1) processLine function in maptemplate.c and the (2) writeError function in mapserv.c in the mapserv CGI program.
CVE-2007-4629: Buffer overflow in the processLine function in maptemplate.c in MapServer before 4.10.3 allows attackers to cause a denial of service and possibly execute arbitrary code via a mapfile with a long layer name, group name, or metadata entry name. |
| Alerts: |
|
Comments (none posted)
mod_jk: proxy bypass
| Package(s): | mod_jk |
CVE #(s): | CVE-2007-1860
|
| Created: | May 30, 2007 |
Updated: | March 7, 2008 |
| Description: |
From the Red Hat advisory: "Versions of mod_jk before 1.2.23 decoded request URLs by default inside
Apache httpd and forwarded the encoded URL to Tomcat, which itself did a
second decoding. If Tomcat was used behind mod_jk and configured to only
proxy some contexts, an attacker could construct a carefully crafted HTTP
request to work around the context restriction and potentially access
non-proxied content." |
| Alerts: |
|
Comments (none posted)
moin: arbitrary JavaScript execution
| Package(s): | moin |
CVE #(s): | CVE-2007-2423
|
| Created: | May 8, 2007 |
Updated: | March 10, 2008 |
| Description: |
A flaw was discovered in MoinMoin's error reporting when using the
AttachFile action. By tricking a user into viewing a crafted MoinMoin
URL, an attacker could execute arbitrary JavaScript as the current
MoinMoin user, possibly exposing the user's authentication information
for the domain where MoinMoin was hosted. |
| Alerts: |
|
Comments (none posted)
mono: arbitrary code execution via integer overflow
| Package(s): | mono |
CVE #(s): | CVE-2007-5197
|
| Created: | November 6, 2007 |
Updated: | December 7, 2009 |
| Description: |
From the Debian advisory: An integer overflow in the BigInteger data type implementation has been
discovered in the free .NET runtime Mono.
|
| Alerts: |
|
Comments (none posted)
moodle: cross-site scripting
| Package(s): | moodle |
CVE #(s): | CVE-2008-0123
|
| Created: | January 16, 2008 |
Updated: | November 12, 2008 |
| Description: |
Moodle suffers from a cross-site scripting vulnerability which is only open during the install process. |
| Alerts: |
|
Comments (none posted)
moodle: cross-site scripting
| Package(s): | moodle |
CVE #(s): | CVE-2007-3555
|
| Created: | August 7, 2007 |
Updated: | December 22, 2008 |
| Description: |
A cross-site scripting (XSS) vulnerability in index.php in Moodle 1.7.1
allows remote attackers to inject arbitrary web script or HTML via a style
expression in the search parameter. |
| Alerts: |
|
Comments (none posted)
mozilla: multiple vulnerabilities
| Package(s): | mozilla |
CVE #(s): | |
| Created: | February 13, 2008 |
Updated: | July 29, 2008 |
| Description: |
Here are the details from the Slackware 12.0 ChangeLog:
+--------------------------+
patches/packages/mozilla-firefox-2.0.0.12-i686-1.tgz:
Upgraded to firefox-2.0.0.12.
This upgrade fixes some more security bugs.
For more information, see:
http://www.mozilla.org/projects/security/known-vulnerabil...
(* Security fix *)
patches/packages/seamonkey-1.1.8-i486-1_slack12.0.tgz:
Upgraded to seamonkey-1.1.8.
This upgrade fixes some more security bugs.
For more information, see:
http://www.mozilla.org/projects/security/known-vulnerabil...
(* Security fix *)
+--------------------------+
|
| Alerts: |
|
Comments (none posted)
mplayer: buffer overflow
| Package(s): | mplayer |
CVE #(s): | CVE-2007-1246
|
| Created: | March 8, 2007 |
Updated: | April 1, 2008 |
| Description: |
MPlayer versions up to 1.0rc1 have a buffer overflow in the
loader/dmo/DMO_VideoDecoder.c DMO_VideoDecoder_Open function.
user-assisted remote attackers can use this to create a buffer overflow
and possibly execute arbitrary code. |
| Alerts: |
|
Comments (none posted)
mplayer: multiple vulnerabilities
| Package(s): | mplayer |
CVE #(s): | CVE-2008-0485
CVE-2008-0486
CVE-2008-0629
CVE-2008-0630
|
| Created: | February 13, 2008 |
Updated: | August 7, 2008 |
| Description: |
From the Debian advisory:
Several buffer overflows have been discovered in the MPlayer movie player,
which might lead to the execution of arbitrary code. The Common
Vulnerabilities and Exposures project identifies the following problems:
CVE-2008-0485:
Felipe Manzano and Anibal Sacco discovered a buffer overflow in
the demuxer for MOV files.
CVE-2008-0486:
Reimar Doeffinger discovered a buffer overflow in the FLAC header
parsing.
CVE-2008-0629:
Adam Bozanich discovered a buffer overflow in the CDDB access code.
CVE-2008-0630:
Adam Bozanich discovered a buffer overflow in URL parsing.
|
| Alerts: |
|
Comments (none posted)
mt-daapd: multiple vulnerabilities
| Package(s): | mt-daapd |
CVE #(s): | CVE-2007-5825
CVE-2007-5824
|
| Created: | December 31, 2007 |
Updated: | September 1, 2008 |
| Description: |
From the Gentoo advisory: nnp discovered multiple vulnerabilities in the XML-RPC handler in the
file webserver.c. The ws_addarg() function contains a format string
vulnerability, as it does not properly sanitize username and password
data from the "Authorization: Basic" HTTP header line (CVE-2007-5825).
The ws_decodepassword() and ws_getheaders() functions do not correctly
handle empty Authorization header lines, or header lines without a ':'
character, leading to NULL pointer dereferences (CVE-2007-5824). |
| Alerts: |
|
Comments (none posted)
mysql: denial of service
| Package(s): | mysql |
CVE #(s): | CVE-2007-1420
|
| Created: | March 22, 2007 |
Updated: | May 21, 2008 |
| Description: |
MySQL subselect queries using "ORDER BY" can be used by an attacker with
access to a MySQL instance in order to create an intermittent denial
of service. |
| Alerts: |
|
Comments (none posted)
mysql: format string bug
| Package(s): | mysql |
CVE #(s): | CVE-2006-3469
|
| Created: | July 21, 2006 |
Updated: | July 30, 2008 |
| Description: |
Jean-David Maillefer discovered a format string bug in the
date_format() function's error reporting. By calling the function with
invalid arguments, an authenticated user could exploit this to crash
the server. |
| Alerts: |
|
Comments (none posted)
MySQL: privilege violations
| Package(s): | mysql |
CVE #(s): | CVE-2006-4031
CVE-2006-4226
|
| Created: | August 25, 2006 |
Updated: | July 30, 2008 |
| Description: |
MySQL 4.1 before 4.1.21 and 5.0 before 5.0.24 allows a local user to access
a table through a previously created MERGE table, even after the user's
privileges are revoked for the original table, which might violate intended
security policy (CVE-2006-4031).
MySQL 4.1 before 4.1.21, 5.0 before 5.0.25, and 5.1 before 5.1.12, when run
on case-sensitive filesystems, allows remote authenticated users to create
or access a database when the database name differs only in case from a
database for which they have permissions (CVE-2006-4226). |
| Alerts: |
|
Comments (none posted)
mysql: privilege escalation
| Package(s): | mysql |
CVE #(s): | CVE-2007-6303
|
| Created: | December 19, 2007 |
Updated: | April 7, 2008 |
| Description: |
From the CVE entry: MySQL 5.0.x before 5.0.52, 5.1.x before 5.1.23, and 6.0.x before 6.0.4 does not update the DEFINER value of a view when the view is altered, which allows remote authenticated users to gain privileges via a sequence of statements including a CREATE SQL SECURITY DEFINER VIEW statement and an ALTER VIEW statement. |
| Alerts: |
|
Comments (none posted)
MySQL: logging bypass
| Package(s): | mysql |
CVE #(s): | CVE-2006-0903
|
| Created: | April 4, 2006 |
Updated: | May 21, 2008 |
| Description: |
MySQL 5.0.18 and earlier allows local users to bypass logging mechanisms
via SQL queries that contain the NULL character, which are not properly
handled by the mysql_real_query function. NOTE: this issue was originally
reported for the mysql_query function, but the vendor states that since
mysql_query expects a null character, this is not an issue for mysql_query. |
| Alerts: |
|
Comments (2 posted)
MySQL: privilege escalation
| Package(s): | MySQL |
CVE #(s): | CVE-2007-3781
CVE-2007-5969
|
| Created: | December 11, 2007 |
Updated: | May 21, 2008 |
| Description: |
MySQL Community Server before 5.0.51, when a table relies on symlinks created through explicit DATA DIRECTORY and INDEX DIRECTORY options, allows remote authenticated users to overwrite system table information and gain privileges via a RENAME TABLE statement that changes the symlink to point to an existing file. (CVE-2007-5969)
MySQL Community Server before 5.0.45 does not require privileges such as SELECT for the source table in a CREATE TABLE LIKE statement, which allows remote authenticated users to obtain sensitive information such as the table structure. (CVE-2007-3781) |
| Alerts: |
|
Comments (none posted)
mysql-dfsg: multiple vulnerabilities
| Package(s): | mysql-dfsg |
CVE #(s): | CVE-2007-2583
CVE-2007-2691
CVE-2007-2692
CVE-2007-3782
|
| Created: | November 27, 2007 |
Updated: | July 30, 2008 |
| Description: |
The in_decimal::set function in item_cmpfunc.cc in MySQL before 5.0.40, and
5.1 before 5.1.18-beta, allows context-dependent attackers to cause a
denial of service (crash) via a crafted IF clause that results in a
divide-by-zero error and a NULL pointer dereference. (CVE-2007-2583)
MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 does not
require the DROP privilege for RENAME TABLE statements, which allows remote
authenticated users to rename arbitrary tables. (CVE-2007-2691)
The mysql_change_db function in MySQL 5.0.x before 5.0.40 and 5.1.x before
5.1.18 does not restore THD::db_access privileges when returning from SQL
SECURITY INVOKER stored routines, which allows remote authenticated users
to gain privileges. (CVE-2007-2692)
MySQL Community Server before 5.0.45 allows remote authenticated users to
gain update privileges for a table in another database via a view that
refers to this external table. (CVE-2007-3782) |
| Alerts: |
|
Comments (none posted)
mysql: denial of service
| Package(s): | mysql-dfsg-5.0 |
CVE #(s): | CVE-2007-6304
|
| Created: | December 21, 2007 |
Updated: | April 7, 2008 |
| Description: |
Philip Stoev discovered that the the federated engine of MySQL
did not properly handle responses with a small number of columns.
An authenticated user could use a crafted response to a SHOW
TABLE STATUS query and cause a denial of service. |
| Alerts: |
|
Comments (none posted)
mysql: buffer overflows
| Package(s): | mysql-dfsg-5.0 |
CVE #(s): | CVE-2008-0226
CVE-2008-0227
|
| Created: | January 29, 2008 |
Updated: | July 21, 2008 |
| Description: |
From the Debian advisory: Luigi Auriemma discovered two buffer overflows in YaSSL, an SSL implementation included in the MySQL database package, which could lead to denial of service and possibly the execution of arbitrary code. |
| Alerts: |
|
Comments (none posted)
nagios: cross-site scripting
| Package(s): | nagios |
CVE #(s): | CVE-2007-5624
|
| Created: | December 7, 2007 |
Updated: | September 14, 2009 |
| Description: |
Cross-site scripting (XSS) vulnerability in Nagios 2.x before 2.10 allows remote attackers to inject arbitrary web script or HTML via unknown vectors to unspecified CGI scripts. |
| Alerts: |
|
Comments (none posted)
nagios-plugins: buffer overflow
| Package(s): | nagios-plugins |
CVE #(s): | CVE-2007-5198
|
| Created: | October 23, 2007 |
Updated: | April 17, 2008 |
| Description: |
Buffer overflow in the redir function in check_http.c in Nagios Plugins
before 1.4.10 allows remote web servers to execute arbitrary code via long
Location header responses (redirects). |
| Alerts: |
|
Comments (none posted)
nagios-plugins: check_snmp buffer overflow
| Package(s): | nagios-plugins |
CVE #(s): | CVE-2007-5623
|
| Created: | November 2, 2007 |
Updated: | April 17, 2008 |
| Description: |
Buffer overflow in the check_snmp function in Nagios Plugins (nagios-plugins) 1.4.10 allows remote attackers to cause a denial of service (crash) via crafted snmpget replies. |
| Alerts: |
|
Comments (none posted)
nbd: arbitrary code execution
| Package(s): | nbd |
CVE #(s): | CVE-2005-3534
|
| Created: | January 6, 2006 |
Updated: | March 7, 2011 |
| Description: |
Kurt Fitzner discovered that the NBD (network block device) server did not
correctly verify the maximum size of request packets. By sending specially
crafted large request packets, a remote attacker who is allowed to access
the server could exploit this to execute arbitrary code with root
privileges. |
| Alerts: |
|
Comments (none posted)
ncompress: buffer underflow
| Package(s): | ncompress |
CVE #(s): | CVE-2006-1168
|
| Created: | August 10, 2006 |
Updated: | February 21, 2012 |
| Description: |
The ncompress compression utility has a missing boundary check.
A local user can use a maliciously created file to cause a
a .bss buffer underflow. |
| Alerts: |
|
Comments (none posted)
netpbm: buffer overflow
| Package(s): | netpbm |
CVE #(s): | CVE-2008-0554
|
| Created: | February 8, 2008 |
Updated: | November 7, 2008 |
| Description: |
From the Mandriva advisory: A buffer overflow in the giftopnm utility in netpbm prior to version 10.27 could allow attackers to have an unknown impact via a specially crafted GIF file. |
| Alerts: |
|
Comments (none posted)
nginx: cross site scripting
| Package(s): | nginx |
CVE #(s): | |
| Created: | July 20, 2007 |
Updated: | September 14, 2009 |
| Description: |
Nginx [engine x] is an HTTP(S) server, HTTP(S) reverse proxy and IMAP/POP3
proxy server written by Igor Sysoev. The "msie_refresh" directive could
allow cross site scripting. |
| Alerts: |
|
Comments (none posted)
nss_ldap: credential or other information disclosure
| Package(s): | nss_ldap |
CVE #(s): | CVE-2007-5794
|
| Created: | November 26, 2007 |
Updated: | July 30, 2008 |
| Description: |
From the Gentoo advisory:
Josh Burley reported that nss_ldap does not properly handle the LDAP
connections due to a race condition that can be triggered by
multi-threaded applications using nss_ldap, which might lead to
requested data being returned to a wrong process.
|
| Alerts: |
|
Comments (none posted)
openldap: denial of service
| Package(s): | openldap |
CVE #(s): | CVE-2008-0658
|
| Created: | February 13, 2008 |
Updated: | July 3, 2008 |
| Description: |
From the rPath advisory:
Previous versions of the openldap package are vulnerable to a Denial of
Service attack in which authenticated users can crash the slapd server.
|
| Alerts: |
|
Comments (none posted)
openldap: denial of service
| Package(s): | openldap |
CVE #(s): | CVE-2007-6698
|
| Created: | February 8, 2008 |
Updated: | April 25, 2008 |
| Description: |
From the CVE entry: The BDB backend for slapd in OpenLDAP before 2.3.36,
allows remote authenticated users to cause a denial of service (crash) via
a potentially-successful modify operation with the NOOP control set to
critical, possibly due to a double free vulnerability. |
| Alerts: |
|
Comments (none posted)
openldap: denial of service
| Package(s): | openldap |
CVE #(s): | CVE-2007-5707
|
| Created: | November 8, 2007 |
Updated: | April 9, 2008 |
| Description: |
The OpenLDAP Lightweight Directory Access Protocol suite has a problem
with handling of malformed objectClasses LDAP attributes by the slapd
daemon. Both local and remote attackers can use this to crash slapd,
causing a denial of service. |
| Alerts: |
|
Comments (none posted)
openldap: denial of service
| Package(s): | openldap |
CVE #(s): | CVE-2007-5708
|
| Created: | November 23, 2007 |
Updated: | April 9, 2008 |
| Description: |
slapo-pcache (overlays/pcache.c) in slapd in OpenLDAP before 2.3.39, when
running as a proxy-caching server, allocates memory using a malloc variant
instead of calloc, which prevents an array from being initialized properly
and might allow attackers to cause a denial of service (segmentation fault)
via unknown vectors that prevent the array from being null terminated. |
| Alerts: |
|
Comments (none posted)
OpenOffice.org: arbitrary code execution
| Package(s): | openoffice.org |
CVE #(s): | CVE-2007-0245
|
| Created: | June 13, 2007 |
Updated: | June 12, 2008 |
| Description: |
A specially crafted RTF file could cause the
filter to overwrite data on the heap, which may lead to the execution
of arbitrary code. |
| Alerts: |
|
Comments (none posted)
openoffice.org: arbitrary code execution via TIFF images
| Package(s): | openoffice.org |
CVE #(s): | CVE-2007-2834
|
| Created: | September 17, 2007 |
Updated: | June 12, 2008 |
| Description: |
A heap overflow vulnerability has been discovered in the TIFF parsing
code of the OpenOffice.org suite. The parser uses untrusted values
from the TIFF file to calculate the number of bytes of memory to
allocate. A specially crafted TIFF image could trigger an integer
overflow and subsequently a buffer overflow that could cause the
execution of arbitrary code. |
| Alerts: |
|
Comments (none posted)
openoffice.org: arbitrary code execution
| Package(s): | openoffice.org |
CVE #(s): | CVE-2007-4575
|
| Created: | December 5, 2007 |
Updated: | September 10, 2008 |
| Description: |
From the OpenOffice advisory:
A security vulnerability in HSQLDB, the default database engine shipped with OpenOffice.org 2 (all versions), may allow attackers to execute arbitrary static Java code, by manipulating database documents to be opened by a user. |
| Alerts: |
|
Comments (none posted)
openssh: remote denial of service
| Package(s): | openssh |
CVE #(s): | CVE-2006-4924
CVE-2006-5051
|
| Created: | September 27, 2006 |
Updated: | September 17, 2008 |
| Description: |
Openssh 4.4 fixes some
security issues, including a pre-authentication denial of service, an
unsafe signal hander and on portable OpenSSH a GSSAPI authentication abort
could be used to determine the validity of usernames on some platforms. |
| Alerts: |
|
Comments (none posted)
openssl: off-by-one error
| Package(s): | openssl |
CVE #(s): | CVE-2007-4995
|
| Created: | October 23, 2007 |
Updated: | May 13, 2008 |
| Description: |
Off-by-one error in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8f
and 0.9.7 allows remote attackers to execute arbitrary code via unspecified
vectors. |
| Alerts: |
|
Comments (none posted)
openssl: off-by-one error
| Package(s): | openssl |
CVE #(s): | CVE-2007-5135
|
| Created: | October 3, 2007 |
Updated: | July 31, 2008 |
| Description: |
From the Debian advisory: An off-by-one error has been identified in the SSL_get_shared_ciphers()
routine in the libssl library from OpenSSL, an implementation of Secure
Socket Layer cryptographic libraries and utilities. This error could
allow an attacker to crash an application making use of OpenSSL's libssl
library, or potentially execute arbitrary code in the security context
of the user running such an application. |
| Alerts: |
|
Comments (none posted)
openssl: private key attack
| Package(s): | openssl |
CVE #(s): | CVE-2007-3108
|
| Created: | August 7, 2007 |
Updated: | May 13, 2008 |
| Description: |
OpenSSL could allow a local user in certain circumstances to divulge
information about private keys being used. |
| Alerts: |
|
Comments (none posted)
opera: multiple vulnerabilities
| Package(s): | opera |
CVE #(s): | CVE-2007-4367
CVE-2007-3929
CVE-2007-3142
CVE-2007-3819
|
| Created: | August 23, 2007 |
Updated: | February 27, 2008 |
| Description: |
The Opera browser has multiple vulnerabilities.
The JavaScript engine is vulnerable to a virtual function call on an invalid pointer that can be triggered by specially crafted JavaScript.
A freed pointer in the BitTorrent support may be
accessed, this can be used for malicious code execution.
The browser is vulnerable to several memory read protection
errors. There are URI display errors that can be used to trick
users into visiting arbitrary web sites. |
| Alerts: |
|
Comments (none posted)
paramiko: insecure random pool usage
| Package(s): | paramiko |
CVE #(s): | CVE-2008-0299
|
| Created: | January 16, 2008 |
Updated: | March 4, 2008 |
| Description: |
Programs which keep more than one paramiko connection open may leak random pool information. |
| Alerts: |
|
Comments (none posted)
pcre: CVE consolidation
| Package(s): | pcre |
CVE #(s): | CVE-2005-4872
CVE-2006-7227
CVE-2006-7224
|
| Created: | November 15, 2007 |
Updated: | May 13, 2008 |
| Description: |
PCRE has flaws in the way it handles malformed regular
expressions.
If an application linked against PCRE, such as Konqueror,
encounters a maliciously created regular expression, it may be possible
to run arbitrary code. Vulnerabilities CVE-2005-4872 and CVE-2006-7227
have been combined into CVE-2006-7224. |
| Alerts: |
|
Comments (5 posted)
pcre: two arbitrary code execution vulnerabilities
| Package(s): | pcre |
CVE #(s): | CVE-2007-1659
CVE-2007-1660
|
| Created: | November 6, 2007 |
Updated: | July 16, 2008 |
| Description: |
Multiple flaws were found in the way pcre handles certain malformed regular
expressions. If an application linked against pcre, such as Konqueror,
parses a malicious regular expression, it may be possible to run arbitrary
code as the user running the application. (CVE-2007-1659, CVE-2007-1660) |
| Alerts: |
|
Comments (none posted)
pcre: buffer overflows in library
| Package(s): | pcre |
CVE #(s): | CVE-2006-7228
CVE-2006-7230
CVE-2007-1661
CVE-2007-4766
CVE-2007-4767
|
| Created: | November 23, 2007 |
Updated: | July 16, 2008 |
| Description: |
Specially crafted regular expressions could lead to buffer overflows in the pcre library. Applications using pcre to process regular expressions from untrusted sources could therefore potentially be exploited by attackers to execute arbitrary code as the user running the application. |
| Alerts: |
|
Comments (1 posted)
pcre: buffer overflow
| Package(s): | pcre |
CVE #(s): | CVE-2008-0674
|
| Created: | February 19, 2008 |
Updated: | November 17, 2008 |
| Description: |
A buffer overflow caused by a character class containing a
very large number of characters with codepoints greater than 255 (in UTF-8 mode) may affect usages of pcre, when regular expressions from untrusted sources are compiled. |
| Alerts: |
|
Comments (none posted)
pcre: buffer overflows
| Package(s): | pcre3 |
CVE #(s): | CVE-2007-1662
CVE-2007-4768
|
| Created: | November 27, 2007 |
Updated: | May 7, 2008 |
| Description: |
Perl-Compatible Regular Expression (PCRE) library before 7.3 reads past the
end of the string when searching for unmatched brackets and parentheses,
which allows context-dependent attackers to cause a denial of service
(crash), possibly involving forward references. (CVE-2007-1662)
Heap-based buffer overflow in Perl-Compatible Regular Expression (PCRE)
library before 7.3 allows context-dependent attackers to execute arbitrary
code via a singleton Unicode sequence in a character class in a regex
pattern, which is incorrectly optimized. (CVE-2007-4768) |
| Alerts: |
|
Comments (none posted)
peercast: buffer overflow
| Package(s): | peercast |
CVE #(s): | CVE-2007-6454
|
| Created: | December 28, 2007 |
Updated: | May 21, 2008 |
| Description: |
A heap-based buffer overflow in the handshakeHTTP function in servhs.cpp in PeerCast 0.1217 and earlier, and SVN 344 and earlier, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long SOURCE request. |
| Alerts: |
|
Comments (none posted)
perl-Net-DNS: predictable id sequence
| Package(s): | perl-Net-DNS |
CVE #(s): | CVE-2007-3377
|
| Created: | June 26, 2007 |
Updated: | March 12, 2008 |
| Description: |
Net::DNS before 0.60 uses an id sequence that is predictable and the same
in all child processes. |
| Alerts: |
|
Comments (none posted)
php: several vulnerabilities
| Package(s): | php |
CVE #(s): | CVE-2006-4481
CVE-2006-4484
CVE-2006-4485
|
| Created: | September 8, 2006 |
Updated: | June 13, 2008 |
| Description: |
The file_exists and imap_reopen functions in PHP before 5.1.5 do not check
for the safe_mode and open_basedir settings, which allows local users to
bypass the settings (CVE-2006-4481).
A buffer overflow in the LWZReadByte function in ext/gd/libgd/gd_gif_in.c
in the GD extension in PHP before 5.1.5 allows remote attackers to have an
unknown impact via a GIF file with input_code_size greater than
MAX_LWZ_BITS, which triggers an overflow when initializing the table array
(CVE-2006-4484).
The stripos function in PHP before 5.1.5 has unknown impact and attack
vectors related to an out-of-bounds read (CVE-2006-4485). |
| Alerts: |
|
Comments (1 posted)
php: multiple vulnerabilities
| Package(s): | php |
CVE #(s): | CVE-2007-3799
CVE-2007-3998
CVE-2007-4659
CVE-2007-4658
CVE-2007-4670
CVE-2007-4661
|
| Created: | October 23, 2007 |
Updated: | May 19, 2008 |
| Description: |
From the Red Hat advisory:
Various integer overflow flaws were found in the PHP gd extension. A
script that could be forced to resize images from an untrusted source could
possibly allow a remote attacker to execute arbitrary code as the apache
user. (CVE-2007-3996)
A previous security update introduced a bug into PHP session cookie
handling. This could allow an attacker to stop a victim from viewing a
vulnerable web site if the victim has first visited a malicious web page
under the control of the attacker, and that page can set a cookie for the
vulnerable web site. (CVE-2007-4670)
A flaw was found in the PHP money_format function. If a remote attacker
was able to pass arbitrary data to the money_format function this could
possibly result in an information leak or denial of service. Note that is
is unusual for a PHP script to pass user-supplied data to the money_format
function. (CVE-2007-4658)
A flaw was found in the PHP wordwrap function. If a remote attacker was
able to pass arbitrary data to the wordwrap function this could possibly
result in a denial of service. (CVE-2007-3998)
A bug was found in PHP session cookie handling. This could allow an
attacker to create a cross-site cookie insertion attack if a victim follows
an untrusted carefully-crafted URL. (CVE-2007-3799)
A flaw was found in handling of dynamic changes to global variables. A
script which used certain functions which change global variables could
be forced to enable the register_globals configuration option, possibly
resulting in global variable injection. (CVE-2007-4659)
An integer overflow flaw was found in the PHP chunk_split function. If a
remote attacker was able to pass arbitrary data to the third argument of
chunk_split they could possibly execute arbitrary code as the apache user.
Note that it is unusual for a PHP script to use the chunk_split function
with a user-supplied third argument. (CVE-2007-4661) |
| Alerts: |
|
Comments (none posted)
php: buffer overflows
| Package(s): | php |
CVE #(s): | CVE-2006-5465
|
| Created: | November 3, 2006 |
Updated: | January 18, 2010 |
| Description: |
The Hardened-PHP Project discovered buffer overflows in
htmlentities/htmlspecialchars internal routines to the PHP Project. Of
course the whole purpose of these functions is to be filled with user
input. (The overflow can only be when UTF-8 is used) |
| Alerts: |
|
Comments (none posted)
php: regression in PHP 4.4.7
| Package(s): | php |
CVE #(s): | |
| Created: | February 20, 2008 |
Updated: | February 20, 2008 |
| Description: |
PHP 4 has a GD related
bug in version 4.4.7. This has been fixed in PHP5 and is fixed in PHP
4.4.8. |
| Alerts: |
|
Comments (none posted)
php5: multiple vulnerabilities
| Package(s): | php5 |
CVE #(s): | CVE-2007-4657
CVE-2007-4660
CVE-2007-4662
|
| Created: | November 30, 2007 |
Updated: | July 4, 2008 |
| Description: |
Multiple integer overflows in PHP 4 before 4.4.8, and PHP 5 before 5.2.4,
allow remote attackers to obtain sensitive information (memory contents) or
cause a denial of service (thread crash) via a large len value to the (1)
strspn or (2) strcspn function, which triggers an out-of-bounds read. NOTE:
this affects different product versions than CVE-2007-3996.
(CVE-2007-4657)
Unspecified vulnerability in the chunk_split function in PHP before 5.2.4
has unknown impact and attack vectors, related to an incorrect size
calculation. (CVE-2007-4660)
Buffer overflow in the php_openssl_make_REQ function in PHP before 5.2.4
has unknown impact and attack vectors. (CVE-2007-4662) |
| Alerts: |
|
Comments (none posted)
php5: multiple vulnerabilities
| Package(s): | php5 |
CVE #(s): | CVE-2007-4783
CVE-2007-4840
CVE-2007-5898
CVE-2007-5899
CVE-2007-5900
|
| Created: | November 20, 2007 |
Updated: | January 18, 2010 |
| Description: |
The php5 package contains multiple vulnerabilities, the most serious of which involve several Denial of Service attacks (application crashes and temporary application hangs). It is not currently known that these vulnerabilities can be exploited to execute malicious code. |
| Alerts: |
|
Comments (none posted)
phpmyadmin: multiple vulnerabilities
| Package(s): | phpmyadmin |
CVE #(s): | CVE-2006-6942
CVE-2006-6944
CVE-2007-1325
CVE-2007-1395
CVE-2007-2245
|
| Created: | September 10, 2007 |
Updated: | March 19, 2009 |
| Description: |
Several remote vulnerabilities have been discovered in phpMyAdmin, a
program to administrate MySQL over the web. The Common Vulnerabilities
and Exposures project identifies the following problems:
CVE-2007-1325:
The PMA_ArrayWalkRecursive function in libraries/common.lib.php
does not limit recursion on arrays provided by users, which allows
context-dependent attackers to cause a denial of service (web
server crash) via an array with many dimensions.
CVE-2007-1395:
Incomplete blacklist vulnerability in index.php allows remote
attackers to conduct cross-site scripting (XSS) attacks by
injecting arbitrary JavaScript or HTML in a (1) db or (2) table
parameter value followed by an uppercase </SCRIPT> end tag,
which bypasses the protection against lowercase </script>.
CVE-2007-2245:
Multiple cross-site scripting (XSS) vulnerabilities allow remote
attackers to inject arbitrary web script or HTML via (1) the
fieldkey parameter to browse_foreigners.php or (2) certain input
to the PMA_sanitize function.
CVE-2006-6942:
Multiple cross-site scripting (XSS) vulnerabilities allow remote
attackers to inject arbitrary HTML or web script via (1) a comment
for a table name, as exploited through (a) db_operations.php,
(2) the db parameter to (b) db_create.php, (3) the newname parameter
to db_operations.php, the (4) query_history_latest,
(5) query_history_latest_db, and (6) querydisplay_tab parameters to
(c) querywindow.php, and (7) the pos parameter to (d) sql.php.
CVE-2006-6944:
phpMyAdmin allows remote attackers to bypass Allow/Deny access rules
that use IP addresses via false headers.
|
| Alerts: |
|
Comments (none posted)
phpMyAdmin: cross-site scripting vulnerabilities
| Package(s): | phpMyAdmin |
CVE #(s): | CVE-2007-5386
CVE-2007-5589
|
| Created: | November 2, 2007 |
Updated: | March 14, 2008 |
| Description: |
Cross-site scripting (XSS) vulnerability in scripts/setup.php in phpMyAdmin
2.11.1, when accessed by a browser that does not URL-encode requests,
allows remote attackers to inject arbitrary web script or HTML via the
query string.
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before
2.11.1.2 allow remote attackers to inject arbitrary web script or HTML via
certain input available in (1) PHP_SELF in (a) server_status.php, and (b)
grab_globals.lib.php, (c) display_change_password.lib.php, and (d)
common.lib.php in libraries/; and certain input available in PHP_SELF and
(2) PATH_INFO in libraries/common.inc.php. NOTE: there might also be other
vectors related to (3) REQUEST_URI. |
| Alerts: |
|
Comments (none posted)
phpMyAdmin: information disclosure
| Package(s): | phpMyAdmin |
CVE #(s): | CVE-2007-0095
|
| Created: | December 11, 2007 |
Updated: | September 25, 2008 |
| Description: |
phpMyAdmin 2.9.1.1 allows remote attackers to obtain sensitive information
via a direct request for themes/darkblue_orange/layout.inc.php, which
reveals the path in an error message. |
| Alerts: |
|
Comments (none posted)
phpMyAdmin: SQL injection
| Package(s): | phpMyAdmin |
CVE #(s): | CVE-2007-5976
CVE-2007-5977
|
| Created: | November 22, 2007 |
Updated: | March 19, 2009 |
| Description: |
phpMyAdmin prior to version 2.11.2.1 has an SQL injection vulnerability
in db_create.php. Remote authenticated users with CREATE DATABASE privileges can use this to execute arbitrary SQL commands via the db parameter.
db_create.php also has a related cross-site scripting vulnerability.
Remote authenticated users can inject arbitrary web scripts or HTML
using a hex-encoded IMG element in the db parameter in a POST request. |
| Alerts: |
|
Comments (none posted)
phpPgAdmin: cross-site scripting
| Package(s): | phppgadmin |
CVE #(s): | CVE-2007-2865
CVE-2007-5728
|
| Created: | June 18, 2007 |
Updated: | January 21, 2009 |
| Description: |
A cross-site scripting (XSS) vulnerability in sqledit.php in phpPgAdmin
4.1.1 allows remote attackers to inject arbitrary web script or HTML via
the server parameter. |
| Alerts: |
|
Comments (none posted)
poppler and xpdf: multiple vulnerabilities
| Package(s): | poppler xpdf |
CVE #(s): | CVE-2007-4352
CVE-2007-5392
CVE-2007-5393
|
| Created: | November 8, 2007 |
Updated: | February 26, 2008 |
| Description: |
The xpdf and poppler PDF libraries contain several vulnerabilities which can lead to arbitrary command execution via hostile PDF files. Numerous other applications which use these libraries (PDF viewers, CUPS, etc.) will be affected by the vulnerabilities as well. |
| Alerts: |
|
Comments (none posted)
PostgreSQL: multiple vulnerabilities
| Package(s): | postgresql |
CVE #(s): | CVE-2007-6600
CVE-2007-4772
CVE-2007-6067
CVE-2007-4769
CVE-2007-6601
|
| Created: | January 9, 2008 |
Updated: | January 17, 2013 |
| Description: |
Several vulnerabilities have been found in the PostgreSQL database manager. The developers call the fixes "critical," but also note that, as of the time of the update, none of them were known to be exploited; see this advisory for more information. |
| Alerts: |
|
Comments (none posted)
pulseaudio: denial of service
| Package(s): | pulseaudio |
CVE #(s): | CVE-2007-1804
|
| Created: | May 30, 2007 |
Updated: | March 10, 2008 |
| Description: |
The pulseaudio network code suffers from a denial of service vulnerability exploitable by an unauthenticated attacker. |
| Alerts: |
|
Comments (none posted)
python: information disclosure
| Package(s): | python |
CVE #(s): | CVE-2007-2052
|
| Created: | May 9, 2007 |
Updated: | July 30, 2009 |
| Description: |
Python 2.4 and 2.5 contain a bug in PyLocale_strxfrm() which could enable an attacker to read portions of unrelated memory. |
| Alerts: |
|
Comments (none posted)
python: integer overflows
| Package(s): | python |
CVE #(s): | CVE-2007-4965
|
| Created: | October 30, 2007 |
Updated: | July 30, 2009 |
| Description: |
Multiple integer overflows in the imageop module in Python 2.5.1 and
earlier allow context-dependent attackers to cause a denial of service
(application crash) and possibly obtain sensitive information (memory
contents) via crafted arguments to (1) the tovideo method, and unspecified
other vectors related to (2) imageop.c, (3) rbgimgmodule.c, and other
files, which trigger heap-based buffer overflows. |
| Alerts: |
|
Comments (none posted)
qemu: multiple vulnerabilities
Comments (none posted)
qt4: security restriction bypass
| Package(s): | qt4 |
CVE #(s): | CVE-2007-5965
|
| Created: | January 3, 2008 |
Updated: | February 21, 2008 |
| Description: |
Trolltech Qt has a privilege escalation vulnerability.
An error can be triggered in QSslSocket when verifying SSL certificates,
attackers can use this to bypass the SSL certificate verification
and acquire unauthorized access to a vulnerable application. |
| Alerts: |
|
Comments (1 posted)
quagga: denial of service
| Package(s): | quagga |
CVE #(s): | CVE-2007-4826
|
| Created: | September 14, 2007 |
Updated: | October 25, 2010 |
| Description: |
The bgpd daemon in Quagga prior to 0.99.9 allowed remote BGP peers to cause
a denial of service crash via a malformed OPEN message or COMMUNITY
attribute. |
| Alerts: |
|
Comments (none posted)
quake: buffer overflow
| Package(s): | quake3-bin |
CVE #(s): | CVE-2006-2236
|
| Created: | May 10, 2006 |
Updated: | January 12, 2009 |
| Description: |
Games based on the Quake 3 engine are vulnerable to a buffer overflow exploitable by a hostile game server. |
| Alerts: |
|
Comments (none posted)
rails: multiple vulnerabilities
| Package(s): | rails |
CVE #(s): | CVE-2007-5380
CVE-2007-3227
CVE-2007-5379
|
| Created: | November 15, 2007 |
Updated: | December 21, 2009 |
| Description: |
Ruby on Rails has the following vulnerabilities:
ActiveResource does not properly sanitize filenames in the Hash.from_xml() function.
The session_id can be set from the URL from the session management.
The to_json() function does not properly sanitize input before it is
returned to the user. |
| Alerts: |
|
Comments (none posted)
rsync: restricted file access
| Package(s): | rsync |
CVE #(s): | CVE-2007-6199
CVE-2007-6200
|
| Created: | December 5, 2007 |
Updated: | September 23, 2011 |
| Description: |
From the CVE entry:
rsync before 3.0.0pre6, when running a writable rsync daemon that is not using chroot, allows remote attackers to access restricted files via unknown vectors that cause rsync to create a symlink that points outside of the module's hierarchy. |
| Alerts: |
|
Comments (none posted)
ruby: insufficient SSL certificate validation
| Package(s): | ruby |
CVE #(s): | CVE-2007-5162
CVE-2007-5770
|
| Created: | October 8, 2007 |
Updated: | October 10, 2008 |
| Description: |
The connect method in lib/net/http.rb in the (1) Net::HTTP and (2) Net::HTTPS libraries in Ruby 1.8.5 and 1.8.6 does not verify that the commonName (CN) field in a server certificate matches the domain name in an HTTPS request, which makes it easier for remote attackers to intercept SSL transmissions via a man-in-the-middle attack or spoofed web site. |
| Alerts: |
|
Comments (none posted)
ruby-gnome2: format string vulnerability
| Package(s): | ruby-gnome2 |
CVE #(s): | CVE-2007-6183
|
| Created: | December 7, 2007 |
Updated: | December 22, 2008 |
| Description: |
A format string vulnerability in the mdiag_initialize function in gtk/src/rbgtkmessagedialog.c in Ruby-GNOME 2 (aka Ruby/Gnome2) 0.16.0, and SVN versions before 20071127, allows context-dependent attackers to execute arbitrary code via format string specifiers in the message parameter. |
| Alerts: |
|
Comments (none posted)
samba: buffer overflow
| Package(s): | samba |
CVE #(s): | CVE-2007-4572
|
| Created: | November 15, 2007 |
Updated: | December 3, 2008 |
| Description: |
The Samba user authentication is vulnerable to a heap-based buffer overflow.
Remote unauthenticated users can use this to crash the Samba server
and cause a denial of service. |
| Alerts: |
|
Comments (none posted)
samba: stack-based buffer overflow
| Package(s): | samba |
CVE #(s): | CVE-2007-6015
|
| Created: | December 11, 2007 |
Updated: | December 3, 2008 |
| Description: |
A stack buffer overflow flaw was found in the way Samba authenticates
remote users. A remote unauthenticated user could trigger this flaw to
cause the Samba server to crash, or execute arbitrary code with the
permissions of the Samba server. |
| Alerts: |
|
Comments (none posted)
samba: buffer overflow
| Package(s): | samba |
CVE #(s): | CVE-2007-5398
|
| Created: | November 15, 2007 |
Updated: | December 3, 2008 |
| Description: |
Samba's mechanism for creating NetBIOS replies is vulnerable to a
buffer overflow. Samba servers that are configured to run as a
WINS server can be crashed by a remote unauthenticated user,
execution of arbitrary code may also be possible. |
| Alerts: |
|
Comments (none posted)
SDL_image: buffer overflows
| Package(s): | SDL_image |
CVE #(s): | CVE-2007-6697
CVE-2008-0544
|
| Created: | February 8, 2008 |
Updated: | March 27, 2008 |
| Description: |
From the Mandriva advisory: The LWZReadByte() and IMG_LoadLBM_RW() functions in SDL_image contain a boundary error that could be triggered to cause a static buffer overflow and a heap-based buffer overflow. If a user using an application linked against the SDL_image library were to open a carefully crafted GIF or IFF ILBM file, the application could crash or possibly allow for the execution of arbitrary code. |
| Alerts: |
|
Comments (none posted)
slocate: information disclosure
| Package(s): | slocate |
CVE #(s): | CVE-2007-0227
|
| Created: | February 22, 2007 |
Updated: | September 4, 2012 |
| Description: |
The slocate permission checking code has a local information disclosure
vulnerability. During the reporting of matching files, slocate does not
respect the parent directory's read permissions, resulting in hidden
filenames being viewable by other local users. |
| Alerts: |
|
Comments (none posted)
squid: denial of service
| Package(s): | squid |
CVE #(s): | CVE-2007-6239
|
| Created: | December 18, 2007 |
Updated: | March 25, 2009 |
| Description: |
A flaw was found in the way squid stored HTTP headers for cached objects
in system memory. An attacker could cause squid to use additional memory,
and trigger high CPU usage when processing requests for certain cached
objects, possibly leading to a denial of service. |
| Alerts: |
|
Comments (none posted)
streamripper: buffer overflow
| Package(s): | streamripper |
CVE #(s): | CVE-2007-4337
|
| Created: | September 14, 2007 |
Updated: | December 9, 2008 |
| Description: |
Chris Rohlf discovered several boundary errors in the
httplib_parse_sc_header() function when processing HTTP headers. |
| Alerts: |
|
Comments (none posted)
subversion: possible information leak
| Package(s): | subversion |
CVE #(s): | CVE-2007-2448
|
| Created: | October 30, 2007 |
Updated: | February 1, 2011 |
| Description: |
Subversion 1.4.3 and earlier does not properly implement the "partial
access" privilege for users who have access to changed paths but not copied
paths, which allows remote authenticated users to obtain sensitive
information (revision properties) via svn (1) propget, (2) proplist, or (3)
propedit. |
| Alerts: |
|
Comments (none posted)
Sun JDK/JRE: multiple vulnerabilities
| Package(s): | Sun JDK/JRE |
CVE #(s): | CVE-2007-2435
CVE-2007-2788
CVE-2007-2789
|
| Created: | June 1, 2007 |
Updated: | April 18, 2008 |
| Description: |
An unspecified vulnerability involving an "incorrect use of system
classes" was reported by the Fujitsu security team. Additionally, Chris
Evans from the Google Security Team reported an integer overflow
resulting in a buffer overflow in the ICC parser used with JPG or BMP
files, and an incorrect open() call to /dev/tty when processing certain
BMP files. |
| Alerts: |
|
Comments (none posted)
sysstat: insecure temporary files
| Package(s): | sysstat |
CVE #(s): | CVE-2007-3852
|
| Created: | August 20, 2007 |
Updated: | September 23, 2011 |
| Description: |
The init script (sysstat.in) in sysstat 5.1.2 up to 7.1.6 creates
/tmp/sysstat.run insecurely, which allows local users to execute arbitrary
code. |
| Alerts: |
|
Comments (1 posted)
tar: buffer overflow
| Package(s): | tar |
CVE #(s): | CVE-2007-4476
|
| Created: | October 16, 2007 |
Updated: | March 17, 2010 |
| Description: |
Buffer overflow in the safer_name_suffix function in GNU tar has unspecified attack vectors and impact, resulting in a "crashing stack." |
| Alerts: |
|
Comments (none posted)
tetex: buffer overflow
| Package(s): | tetex |
CVE #(s): | CVE-2007-0650
|
| Created: | May 8, 2007 |
Updated: | May 13, 2008 |
| Description: |
A buffer overflow in the open_sty function in mkind.c for makeindex 2.14 in
teTeX might allow user-assisted remote attackers to overwrite files and
possibly execute arbitrary code via a long filename. NOTE: other overflows
exist but might not be exploitable, such as a heap-based overflow in the
check_idx function. |
| Alerts: |
|
Comments (1 posted)
teTeX: multiple vulnerabilities
| Package(s): | tetex |
CVE #(s): | CVE-2007-5937
CVE-2007-5936
CVE-2007-5935
|
| Created: | November 19, 2007 |
Updated: | May 10, 2010 |
| Description: |
From the Gentoo advisory:
Joachim Schrod discovered several buffer overflow vulnerabilities and
an insecure temporary file creation in the "dvilj" application that is
used by dvips to convert DVI files to printer formats (CVE-2007-5937,
CVE-2007-5936). Bastien Roucaries reported that the "dvips" application
is vulnerable to two stack-based buffer overflows when processing DVI
documents with long \href{} URIs (CVE-2007-5935). teTeX also includes
code from Xpdf that is vulnerable to a memory corruption and two
heap-based buffer overflows (GLSA 200711-22); and it contains code from
T1Lib that is vulnerable to a buffer overflow when processing an overly
long font filename (GLSA 200710-12). |
| Alerts: |
|
Comments (none posted)
tk: buffer overflow
| Package(s): | tk |
CVE #(s): | CVE-2008-0553
|
| Created: | February 8, 2008 |
Updated: | November 6, 2008 |
| Description: |
From the Mandriva advisory: The ReadImage() function in Tk did not check CodeSize read from GIF images prior to initializing the append array, which could lead to a buffer overflow with unknown impact. |
| Alerts: |
|
Comments (none posted)
Tk: buffer overflow
| Package(s): | tk8.3 |
CVE #(s): | CVE-2007-5378
|
| Created: | November 28, 2007 |
Updated: | March 17, 2009 |
| Description: |
The Tk toolkit's GIF-reading code contains a buffer overflow which could be exploited via a malicious image file. Fixes may be found in versions 8.4.12 and 8.3.5. |
| Alerts: |
|
Comments (none posted)
tk: denial of service
| Package(s): | tk8.3 tk8.4 |
CVE #(s): | CVE-2007-5137
|
| Created: | October 12, 2007 |
Updated: | March 17, 2009 |
| Description: |
It was discovered that Tk could be made to overrun a buffer when loading
certain images. If a user were tricked into opening a specially crafted GIF
image, remote attackers could cause a denial of service or execute
arbitrary code with user privileges. |
| Alerts: |
|
Comments (none posted)
tomboy: execution of arbitrary code
| Package(s): | tomboy |
CVE #(s): | CVE-2005-4790
|
| Created: | November 9, 2007 |
Updated: | February 22, 2011 |
| Description: |
Jan Oravec reported that the "/usr/bin/tomboy" script sets the
"LD_LIBRARY_PATH" environment variable incorrectly, which might result
in the current working directory (.) to be included when searching for
dynamically linked libraries of the Mono Runtime application.
Note that the tomboy vulnerability was added in 2007. |
| Alerts: |
|
Comments (none posted)
tomcat: directory traversal
| Package(s): | tomcat |
CVE #(s): | CVE-2007-0450
|
| Created: | May 2, 2007 |
Updated: | February 27, 2008 |
| Description: |
Versions of tomcat prior to 5.5.22 do not properly filter filename separator characters, enabling information disclosure attacks. |
| Alerts: |
|
Comments (none posted)
tomcat: cross-site scripting
| Package(s): | tomcat |
CVE #(s): | CVE-2007-2449
CVE-2007-2450
|
| Created: | July 17, 2007 |
Updated: | February 17, 2009 |
| Description: |
Some JSPs within the 'examples' web application did not escape user
provided data. If the JSP examples were accessible, this flaw could allow a
remote attacker to perform cross-site scripting attacks (CVE-2007-2449).
Note: it is recommended the 'examples' web application not be installed on
a production system.
The Manager and Host Manager web applications did not escape user provided
data. If a user is logged in to the Manager or Host Manager web
application, an attacker could perform a cross-site scripting attack
(CVE-2007-2450). |
| Alerts: |
|
Comments (1 posted)
tomcat: multiple vulnerabilities
| Package(s): | tomcat |
CVE #(s): | CVE-2007-3382
CVE-2007-3385
CVE-2007-3386
|
| Created: | September 26, 2007 |
Updated: | September 13, 2010 |
| Description: |
Tomcat was found treating single quote characters -- ' -- as delimiters in
cookies. This could allow remote attackers to obtain sensitive information,
such as session IDs, for session hijacking attacks (CVE-2007-3382).
It was reported Tomcat did not properly handle the following character
sequence in a cookie: \" (a backslash followed by a double-quote). It was
possible remote attackers could use this failure to obtain sensitive
information, such as session IDs, for session hijacking attacks
(CVE-2007-3385).
A cross-site scripting (XSS) vulnerability existed in the Host Manager
Servlet. This allowed remote attackers to inject arbitrary HTML and web
script via crafted requests (CVE-2007-3386). |
| Alerts: |
|
Comments (none posted)
tomcat: arbitrary file disclosure via path traversal
| Package(s): | tomcat5 |
CVE #(s): | CVE-2007-5461
|
| Created: | November 19, 2007 |
Updated: | February 17, 2009 |
| Description: |
From the CVE entry:
Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag. |
| Alerts: |
|
Comments (none posted)
tomcat: multiple vulnerabilities
Comments (none posted)
tomcat: information disclosure
| Package(s): | tomcat5.5 |
CVE #(s): | CVE-2008-0128
|
| Created: | January 21, 2008 |
Updated: | March 7, 2008 |
| Description: |
From the Debian advisory:
Olaf Kock discovered that HTTPS encryption was insufficiently
enforced for single-sign-on cookies, which could result in
information disclosure.
|
| Alerts: |
|
Comments (none posted)
vim: arbitrary code execution
| Package(s): | vim |
CVE #(s): | CVE-2007-2953
|
| Created: | July 30, 2007 |
Updated: | November 27, 2008 |
| Description: |
vim is vulnerable to a user-assisted attack in which vim may execute arbitrary code when helptags is run on data that has been maliciously crafted. |
| Alerts: |
|
Comments (none posted)
vlc: several vulnerabilities
| Package(s): | vlc |
CVE #(s): | CVE-2007-3316
CVE-2007-3467
CVE-2007-3468
|
| Created: | July 10, 2007 |
Updated: | March 10, 2008 |
| Description: |
Several remote vulnerabilities have been discovered in the VideoLan
multimedia player and streamer, which may lead to the execution of
arbitrary code. |
| Alerts: |
|
Comments (none posted)
wireshark: multiple vulnerabilities
| Package(s): | wireshark |
CVE #(s): | CVE-2007-3390
CVE-2007-3392
CVE-2007-3393
|
| Created: | June 28, 2007 |
Updated: | February 27, 2008 |
| Description: |
The wireshark network traffic analyzer has three vulnerabilities
that can be used to create a denial of service. These include
off-by-one overflows in the iSeries dissector, vulnerabilities in
the MMS and SSL dissectors that can cause an infinite loop and
an off-by-one overflow in the DHCP/BOOTP dissector. |
| Alerts: |
|
Comments (none posted)
wireshark: lots of dissector vulnerabilities
Comments (1 posted)
wireshark: denial of service
| Package(s): | wireshark |
CVE #(s): | CVE-2007-3389
|
| Created: | January 21, 2008 |
Updated: | February 27, 2008 |
| Description: |
From the NVD entry:
Wireshark before 0.99.6 allows remote attackers to cause a denial of service (crash) via a crafted chunked encoding in an HTTP response, possibly related to a zero-length payload. |
| Alerts: |
|
Comments (1 posted)
wireshark: denial of service
| Package(s): | wireshark |
CVE #(s): | CVE-2007-3391
|
| Created: | January 21, 2008 |
Updated: | February 27, 2008 |
| Description: |
From the NVD entry:
Wireshark 0.99.5 allows remote attackers to cause a denial of service (memory consumption) via a malformed DCP ETSI packet that triggers an infinite loop. |
| Alerts: |
|
Comments (1 posted)
wml: multiple file overwrite vulnerabilities
| Package(s): | wml |
CVE #(s): | CVE-2008-0665
CVE-2008-0666
|
| Created: | February 11, 2008 |
Updated: | April 28, 2008 |
| Description: |
From the Debian advisory:
Frank Lichtenheld and Nico Golde discovered that WML, an off-line HTML
generation toolkit, creates insecure temporary files in the eperl and
ipp backends and in the wmg.cgi script, which could lead to local denial
of service by overwriting files.
|
| Alerts: |
|
Comments (none posted)
wordpress: remote editing via unknown vectors
| Package(s): | wordpress |
CVE #(s): | CVE-2008-0664
|
| Created: | February 13, 2008 |
Updated: | July 4, 2008 |
| Description: |
From the CVE:
The XML-RPC implementation (xmlrpc.php) in WordPress before 2.3.3, when registration is enabled, allows remote attackers to edit posts of other blog users via unknown vectors. |
| Alerts: |
|
Comments (none posted)
xdg-utils: arbitrary command execution
| Package(s): | xdg-utils |
CVE #(s): | CVE-2008-0386
|
| Created: | January 31, 2008 |
Updated: | February 3, 2009 |
| Description: |
From the Gentoo alert:
Miroslav Lichvar discovered that the "xdg-open" and "xdg-email" shell
scripts do not properly sanitize their input before processing it.
A remote attacker could entice a user to open a specially crafted link
with a vulnerable application using Xdg-Utils (e.g. an email client),
resulting in the execution of arbitrary code with the privileges of the
user running the application. |
| Alerts: |
|
Comments (1 posted)
xen-utils: insecure temp files
| Package(s): | xen-utils |
CVE #(s): | CVE-2007-3919
|
| Created: | October 25, 2007 |
Updated: | May 16, 2008 |
| Description: |
The xen-utils collection of XEN administrative tools uses temporary files
insecurely. Local users can use this to truncate arbitrary files. |
| Alerts: |
|
Comments (none posted)
XFree86 X.org: integer overflows
| Package(s): | xfree86 x.org |
CVE #(s): | CVE-2007-1003
CVE-2007-1667
CVE-2007-1351
CVE-2007-1352
|
| Created: | April 3, 2007 |
Updated: | August 11, 2009 |
| Description: |
iDefense reported an integer overflow flaw in the XFree86 XC-MISC
extension. A malicious authorized client could exploit this issue to cause
a denial of service (crash) or potentially execute arbitrary code with root
privileges on the XFree86 server. (CVE-2007-1003)
iDefense reported two integer overflows in the way X.org handled various
font files. A malicious local user could exploit these issues to
potentially execute arbitrary code with the privileges of the X.org server.
(CVE-2007-1351, CVE-2007-1352)
An integer overflow flaw was found in the XFree86 XGetPixel() function.
Improper use of this function could cause an application calling it to
function improperly, possibly leading to a crash or arbitrary code
execution. (CVE-2007-1667) |
| Alerts: |
|
Comments (none posted)
xine-lib: arbitrary code execution
| Package(s): | xine-lib |
CVE #(s): | CVE-2007-1387
|
| Created: | March 13, 2007 |
Updated: | April 1, 2008 |
| Description: |
Moritz Jodeit discovered that the DirectShow loader of Xine did not
correctly validate the size of an allocated buffer. By tricking a user
into opening a specially crafted media file, an attacker could execute
arbitrary code with the user's privileges. |
| Alerts: |
|
Comments (none posted)
xine-lib: buffer overflow
| Package(s): | xine-lib |
CVE #(s): | CVE-2008-0225
|
| Created: | January 16, 2008 |
Updated: | August 7, 2008 |
| Description: |
xine-lib contains a buffer overflow which could be exploited (via a specially-crafted stream) to execute arbitrary code; see this advisory for more information. |
| Alerts: |
|
Comments (none posted)
xine-lib: buffer overflow
| Package(s): | xine-lib |
CVE #(s): | CVE-2006-1664
|
| Created: | April 27, 2006 |
Updated: | February 27, 2008 |
| Description: |
xine-lib does an improper input data boundary check on
MPEG streams. A specially crafted MPEG file can be
created that can cause arbitrary code execution when the
file is accessed. |
| Alerts: |
|
Comments (none posted)
xine-lib: buffer overflows
| Package(s): | xine-lib |
CVE #(s): | CVE-2008-0238
|
| Created: | January 23, 2008 |
Updated: | August 7, 2008 |
| Description: |
From the CVE entry: Multiple heap-based buffer overflows in the rmff_dump_cont function in input/libreal/rmff.c in xine-lib 1.1.9 allow remote attackers to execute arbitrary code via the SDP (1) Title, (2) Author, or (3) Copyright attribute, related to the rmff_dump_header function. |
| Alerts: |
|
Comments (none posted)
xmms: BMP handling vulnerability
| Package(s): | xmms |
CVE #(s): | CVE-2007-0653
CVE-2007-0654
|
| Created: | March 28, 2007 |
Updated: | July 26, 2011 |
| Description: |
xmms suffers from vulnerabilities in its handling of BMP images. Should a hostile image be included in an xmms skin, it could lead to code execution on the user's system. |
| Alerts: |
|
Comments (none posted)
Xorg: multiple vulnerabilities
Comments (none posted)
X.org: temp file vulnerability
| Package(s): | X.org |
CVE #(s): | CVE-2007-3103
|
| Created: | July 12, 2007 |
Updated: | July 2, 2009 |
| Description: |
The X.Org X11 xfs font server has a temp file vulnerability in the
startup script. A local user can modify the permissions of the script
in order to elevate their local privileges. |
| Alerts: |
|
Comments (none posted)
xulrunner, firefox, thunderbird: multiple vulnerabilities
| Package(s): | xulrunner, firefox, thunderbird |
CVE #(s): | CVE-2007-1095
CVE-2007-2292
CVE-2007-3511
CVE-2007-5334
CVE-2007-5337
CVE-2007-5338
CVE-2007-5339
CVE-2007-5340
CVE-2006-2894
|
| Created: | October 22, 2007 |
Updated: | May 12, 2008 |
| Description: |
From the Debian advisory:
CVE-2007-1095:
Michal Zalewski discovered that the unload event handler had access to
the address of the next page to be loaded, which could allow information
disclosure or spoofing.
CVE-2007-2292:
Stefano Di Paola discovered that insufficient validation of user names
used in Digest authentication on a web site allows HTTP response splitting
attacks.
CVE-2007-3511:
It was discovered that insecure focus handling of the file upload
control can lead to information disclosure. This is a variant of
CVE-2006-2894.
CVE-2007-5334:
Eli Friedman discovered that web pages written in Xul markup can hide the
titlebar of windows, which can lead to spoofing attacks.
CVE-2007-5337:
Georgi Guninski discovered the insecure handling of smb:// and sftp:// URI
schemes may lead to information disclosure. This vulnerability is only
exploitable if Gnome-VFS support is present on the system.
CVE-2007-5338:
"moz_bug_r_a4" discovered that the protection scheme offered by XPCNativeWrappers
could be bypassed, which might allow privilege escalation.
CVE-2007-5339:
L. David Baron, Boris Zbarsky, Georgi Guninski, Paul Nickerson, Olli Pettay,
Jesse Ruderman, Vladimir Sukhoy, Daniel Veditz, and Martijn Wargers discovered
crashes in the layout engine, which might allow the execution of arbitrary code.
CVE-2007-5340:
Igor Bukanov, Eli Friedman, and Jesse Ruderman discovered crashes in the
Javascript engine, which might allow the execution of arbitrary code.
|
| Alerts: |
|
Comments (1 posted)
Page editor: Jake Edge
Kernel development
Brief items
The current 2.6 development kernel is 2.6.25-rc3, released by Linus on
February 24. The patches applied this time are mostly fixes, but there is
also a new libata.force module parameter, a driver for ADT7473
hardware monitoring chips, a new PM_EVENT_HIBERNATE power
management state, a driver for Marvell 88SE6440 SAS/SATA controllers, and
file capabilities support for the SMACK security module. See the short-form changelog for details, or the
long-form changelog for lots of details.
A slow stream of fixes has been trickling into the mainline git repository
since the -rc3 release.
The current stable 2.6 kernel is 2.6.24.3, released on February 25
with a fair number of fixes. The 2.6.23.17 and 2.6.22.19 stable updates were
released at the same time with smaller number of fixes; they are probably
the last updates in the 2.6.22 and 2.6.23 series.
For older kernels: 2.4.36.2 was released on
February 24; it fixes a bug introduced in 2.4.36.1 and adds a fix for
a relatively obscure security problem.
Comments (none posted)
Kernel development news
Machine-generated warnings are a great way of
quickly locating a large amount of questionable code in an otherwise
overwhelming haystack. It doesn't even matter much, which warnings you
look for. Almost all code checkers find the same hotspots.
But there is a catch. If you have an over-eager warning police that
"fixes all the warnings", the warnings may be gone, but the very real
problems in near vicinity are not. Not to mention new problems
introduced by those claimed "fixes". [...]
Note one scary consequence: code checkers in the wrong hands are
actively harmful.
-- Jörn Engel
Comments (7 posted)
By Jake Edge
February 27, 2008
Drivers tend to be a world unto themselves, with bugs only affecting a
subset—often a tiny subset—of kernel users. Until a driver
gets merged into the kernel though, anyone wishing to test it, or help clean it
up, has to jump through some hoops. To try and help reduce those barriers,
Linus Torvalds and others have been advocating early merging of drivers;
getting them into the kernel and incrementally improving them from there.
This policy of early merging of drivers is not universally embraced, with a
recent remote DMA (RDMA) ethernet driver, which lives in the infiniband
tree, getting singled
out. Based on the problems he observed in the driver, Adrian Bunk asked: "Is it really intended to merge
drivers without _any_ kind of review?" This was, perhaps, an overly
dramatic question as the driver has undergone review, but not all of the
changes have been reflected in the mainline version. There is
still work to do, as Infiniband maintainer Roland Dreier points out:
Just to be clear, this driver was reviewed. Many issues were found,
and many were fixed while others are being worked on.
It's a judgment call when to merge things, but in this case given the
good engagement from the vendor, I didn't see anything to be gained by
delaying the merge.
It is a sentiment shared by other kernel hackers as well. When there is a
developer who is responding to the feedback along with a working driver,
getting it into the mainline kernel—where more eyes can scrutinize
it—is seen as a positive step. Torvalds is very interested in seeing
drivers earlier so that more collaboration can happen:
I'd really rather have the driver merged, and then *other* people can send
patches!
The thing is, that's what merging really means - people can work on it
sanely together. Before it's merged, it's a lot harder for people to work
on it unless they are really serious about that driver, so before
merging, the janitorial kind of things seldom happen.
Other maintainers explained their criteria for accepting drivers that are
not quite up to usual kernel standards. The consensus seems to be that
drivers with the following characteristics are acceptable:
- compiles and seems to work
- has no obvious security holes
- has an active maintainer
- does not affect people who don't have the hardware
- does not introduce unnecessary or not fully thought out user space interfaces
There is little in the way of a downside to making drivers available
earlier. Since they are self-contained, they generally don't cause problems
elsewhere in the kernel. As long as reviewers are keeping an eye out for
security problems, which could lead to an unsuspecting user's box being
compromised, there are not many ways for a driver to negatively impact the
kernel as a whole.
User space interfaces via ioctl(), sysfs, or other means also need
to be closely examined as they will have to be maintained as part of
the kernel interface.
Along the way, much grumbling was heard about checkpatch, the perl
script that complains about various stylistic problems with a patch.
Notably absent from the list above is any kind of requirement that
checkpatch errors or warnings be handled.
The
main complaint against checkpatch is its checks for line length; the resulting
"fixes" to kernel source sometimes leave much to be desired. While it is generally agreed that too many
overly long lines can result in code that is difficult to read, exactly
what constitutes such a line tends to be an aesthetic judgment.
Slavish adherence to a fixed number of characters on a line in order to appease
checkpatch is clearly seen as a problem.
To some, this makes checkpatch less than useful, bordering on dangerous to
readability. Torvalds stated that he has considered removing it from
the kernel tree on more than one occasion. Human judgment is required to
interpret the warnings from checkpatch and sometimes it is not
being applied. On the other hand, Ingo Molnar gives an impassioned defense of the tool:
Based on this first hand experience, my opinion about checkpatch has
changed, rather radically: i now believe that checkpatch is almost as
important to the long term health of our kernel development process as
BitKeeper/Git turned out to be. If i had to stop using it today, it
would be almost as bad of a step backwards to me as if we had to migrate
the kernel source code control to CVS.
Molnar goes on to outline the pros and cons of checkpatch, all of which
stands in stark contrast to some of his earlier
complaints about the tool.
For most drivers, the path into the
kernel has been made a lot easier. This will have the effect of
getting working, or mostly working, drivers into the hands of users more
quickly. More importantly, it will also get the code into the hands of the Linux kernel
community faster. The likely result is a fully working, cleanly
coded driver sooner than it might have happened in the past. An already
quick turnaround for hardware support in Linux may have just gotten faster.
Comments (7 posted)
By Jonathan Corbet
February 26, 2008
Device drivers, in the end, usually do one thing: they communicate with the
hardware by way of a set of memory-mapped I/O (MMIO) registers. So when
one is trying to figure out what a driver is doing - for debugging
purposes, perhaps - it is often interesting to look at the sequence of MMIO
operations the driver performs. If one is trying to reverse-engineer a
driver which is available only in binary form, watching what is done with
MMIO registers may be the only way to figure out how the hardware works.
To this end, the developers behind the Nouveau project developed a tool
called "mmiotrace" which helps them to watch which is going on with
memory-mapped I/O. Now that tool is being fixed up and pushed toward the
mainline.
Drivers gain access to MMIO regions with ioremap() (or one of the
higher-level functions like pci_iomap()), so that is the logical
place to hook in a tracing infrastructure. So the current mmiotrace patch adds
some new variants of ioremap():
void __iomem *ioremap_cache_trace(unsigned long offset, unsigned long size);
void __iomem *ioremap_nocache_trace(unsigned long offset, unsigned long size);
void iounmap_trace(volatile void __iomem *addr);
These functions perform like ioremap() and
ioremap_nocache(), in that they return a I/O memory pointer which
can be used by the driver to get at MMIO space. What goes on internally,
though, is quite different.
On the x86 architecture (as with most others), I/O memory space is accessed
with memory operations through the page tables in the usual way, so ioremap() just
returns an address which maps onto the desired physical space. The tracing
versions, though, take the extra step of marking the pages within the I/O
region as not being present in the system; as a result, whenever code
attempts to access that space, a page fault will be generated.
Normally, page faults incurred when running in kernel mode will cause a kernel
oops. There are exceptions, though; the functions which copy data between
user and kernel space are one example. The mmiotrace patch adds another
exception which tests faulting addresses against the MMIO region(s) being
traced. Should the address indicate that an MMIO access is being
attempted, the mmiotrace code will:
- Mark the relevant page as being present in memory.
- Set the TF (trace) bit in the faulting thread's processor state mask.
- Invoke a "pre" handler provided by higher-level tracing code.
- Indicate that the fault has been handled and return to the faulting
code.
Once all this has happened, the instruction which originally caused the
page fault will be rerun, successfully this time. But the setting of the
trace bit will cause a new processor trap after that instruction has been
executed. At that point, the page is marked unavailable once again,
the trace bit is reset (assuming it wasn't set elsewhere), the tracing
layer's "post" handler is called, and life continues as normal until the
next fault happens.
The tracing layer really only has one task: figure out what the code was
trying to do in MMIO space and log the action by way of the relay
interface. Figuring things out means learning enough about the instruction
which caused the page fault to determine which address was being accessed,
whether a read or write was being performed, the size of the data being
transferred, and the actual value read or written. So there is a certain
amount of architecture-specific instruction grubbing code involved, which,
for the current patch, is only provided for x86 machines.
Since tracing is enabled by calling a special version of
ioremap(), it is not possible to trace a driver module without
making changes to its source and rebuilding it. That might seem like a strange requirement
for a tool meant to help with reverse engineering (among other things).
The driver being studied by the Nouveau project uses a GPL-licensed shim to
link into the kernel, so making modifications in that case was not a hard
thing to do. A more general solution may eventually need to be found,
though, for situations where that sort of glue layer is not present.
Beyond that, this patch is likely to go through a number of changes before
it finds its way into the mainline. Reviewers have found a number of
things which need fixing, and there's a few too many places in the code
where the comments say (literally) "if this happens, all hell breaks loose." It also
seems likely that mmiotrace will be merged with the recently-posted ftrace tracing mechanism. There is time to
get this work done before the 2.6.26 merge window opens, but the mmiotrace
hackers will need to keep the work moving forward.
Comments (none posted)
February 26, 2008
This article was contributed by B. Rathmann (KoalaBR)
[ Editor's note: this is the second in a two-part series on the state of
the Nouveau driver for NVIDIA hardware. The first installment is recommended
reading for those who have not yet seen it.]
Sources of information, and reverse engineering tools
As very little information is available on NVidia's hardware design and
implementation, the Nouveau project has developed a number of tools to gain
a better understanding of card architecture and programming model. These
tools, along with some previously available information, are what are used
to create the driver.
The Haiku/BeOS projects have a driver that came from a software development
kit NVidia released
for NV03/04 cards, and also gathered some information from an unobfuscated
nv driver that appeared briefly in XFree86. This driver has improved
mode-setting code compared to nv, and a basic 3D driver using hard-coded
objects running in a single context.
More information was available in the nvclock utility, which allows
overclocking NVidia GPUs on Linux. Its lead developer Roderick Colenbrander
(Thunderbird) has helped out Nouveau in the clock setup, i2c and tv-out
areas.
renouveau
The first utility developed was called renouveau. renouveau is mainly
concerned with reverse engineering the NVidia binary driver by black-boxing
it, feeding it certain inputs and watching what it writes to the
hardware. It runs a large batch of OpenGL tests which exercise most of the
GPU's capabilities and generates a set of dump files which are sent to the
Nouveau developers.
The tool works by mapping the card registers and the FIFO assigned to the
current application. It then records the current state of both FIFO and
registers, executes small OpenGL tests, and compares the final state
against the initial saved state. It then dumps this info, which can be
parsed into a human readable form using an XML register/command
database. (Some developers would argue the hex is readable to them).
The tool has advantages in that it can be run very simply by end users, on
various card architectures, without requiring root privileges. It doesn't
tamper with the binary driver, and does not require much technical
knowledge.
MMioTrace
MMioTrace is a tool for tracing memory-mapped I/O (MMIO) access within the kernel. The NVidia
driver contains a kernel module which is responsible for a lot of card
initialization and mode setting. This activity cannot easily be traced by user-space
tools such as renouveau. MMioTrace uses relayfs and debugfs to relay the
tracing data to userspace.
MMioTrace works by replacing calls to the kernel's ioremap(),
ioremap_nocache(),
and iounmap() calls from the driver that is to be probed with wrappers that call into
MMioTrace. When the driver module in question calls ioremap() to access the
MMIO registers, the pages are mapped as not-present in the kernel address
space instead. It can be set up to only trace address ranges which are
likely to be touched by the driver you are interested in, thus reducing the
amount of useless MMIO accesses.
When the module then tries to access the register space, a page fault will
occur. In the page fault handler the address is detected and the attempted
action recorded. The page is then marked present and the page-faulting
code is single-stepped to execute the instruction doing MMIO. After that
the page is set to "not present" again so that the cycle can be restarted
for the next access to the page.
MMioTrace has some restrictions on tracing into the legacy ISA address
range, as marking those pages not present crashes the kernel. A solution to
this may be forthcoming but would require patching the kernel.
MMioTrace is usable for all types of drivers running in the kernel, not
just graphics drivers. It is not shipped with the kernel as of yet and was
shipped as a working external module up 2.6.23. However 2.6.24 has seen
the removal of certain features that mean MMioTrace will need to be
upstreamed for it to work with 2.6.25 or later kernels.
If you are interested in more details, you should have a look at the
MMioTrace page.
valgrind-mmt
Valgrind-mmt is a plugin for the valgrind debugging suite. It traces MMIO
accesses from a user-space process (like the X.org server) where the NVidia
DDX code
is loaded. This was originally written by Dave Airlie for tracing ATI
hardware and has since been extended by a number of other developers. It is used in
Nouveau in a way similar to renouveau: to dump the contents of a FIFO.
Valgrind-mmt allows reliably tracing the X.org FIFO, which is something
renouveau cannot do very well. Tracing the X.org FIFO is sometimes required
as it is the only way to see how some 2D features are implemented.
Using MMioTrace to implement a new feature
Commands are usually sent to the card by writing in the command FIFO, not
by touching registers directly. But initialization of the card (including
notably mode setting), as well as some other operations, are done via MMIO
operations from within the kernel.
Below is an example of how MMioTrace was used to reverse engineer the YV12
video overlay that is present in some NVidia cards.
Video formats
Videos are usually not encoded in the RGB colorspace. Most video codecs
work in the YUV colorspace instead, where Y stands for luminance (black and
white image), and U and V represent the chrominance (i.e. color). Since eye
perception is higher for luminance, codecs usually drop a fraction of U and
V samples in order to save space. When the card is asked through
e.g. X-Video to display a video frame, it is passed a buffer containing YUV
data, usually in YV12 or YUY2 format.
FourCC.org can give you details about
those formats, but for
the purposes of this article, we will just say that YUY2 is a format that
keeps one chrominance sample (U or V alternatively) per luminance sample,
thus giving "YUYVYUYV" to the card (16 bits per pixel), and YV12 is a format that
keeps two chrominance samples (one U, one V) per 2x2 luminance block, which
gives an effective 12 bits per pixel of video. YV12 is 25% smaller than
YUY2 and is the format used by most popular codecs. Your author has yet to
find any movie codec that does not output YV12. (or I420, which
conceptually is the same - it just inverts the position of U and V in the
buffer).
Some months ago, Nouveau's Xv implementation was inherited
from nv. Besides being extremely slow, nv supported only the YUY2 format, and
converted YV12 input to YUY2 in software before uploading the data to the
card. While working on improving performance, we quickly came to wonder if
NVidia cards supported YV12 in hardware. Due to the 25% size reduction,
this would naturally decrease the volume of bus transfers, which plays a
very important role in Xv throughput especially on PCI cards.
We verified that by running performance tests on the NVidia binary driver,
playing YV12 and YUY2 videos (using mplayer's -yuy2 option). Our performance
tests consisted simply of mplayer's "benchmark" mode. The results were
extremely clear: the operation required just over 20 seconds in YUY2 mode, and in
just over 15 seconds in YV12 mode.
No need to take your calculator, it is a 25% difference which matches the
data size exactly. The most obvious explanation is that the data is sent to
the hardware in YV12 format.
So the situation was: we had a Xv driver that handled YUY2 video only, we
knew (or thought, with a high degree of confidence and hope) that the
hardware supported YV12, but no existing driver like rivatv had code for
it. Some reverse engineering had to take place.
MMioTrace doesn't enter the arena just now, however. As mentioned above,
most of the time, commands are sent to the card by writing to the command
FIFO, and not by touching registers. So we first checked the X command FIFO
using valgrind-mmt and found some commands related to video.
However, it quickly turned out that those were software methods, that is to
say, dummy methods that make the card generate an interrupt asking for the
kernel to handle it. It's somehow similar to an ioctl() call into the
kernel module, except that it's in sync with the FIFO. First lesson
learned: Video overlay setup is being done by the kernel module.
We then MMioTraced the NVidia binary driver, playing YUY2 and YV12 video
(same dimensions, window position, ... - the only thing that differed was
the format), and compared the outputs. And among the 150 kilobytes of resulting data,
we found (for YUY2 mode):
NV_PVIDEO.[0].FORMAT <- 0x00110200
While for YV12 mode:
NV_PVIDEO.[0].FORMAT <- 0x00110101
NV_PVIDEO+0x800 <- 0x00000000
NV_PVIDEO+0x808 <- 0x07fcffff
NV_PVIDEO+0x820 <- 0x07f70000
So here we had a different value being written into FORMAT, and three
unknown registers. From a reading of existing documentation and code, it turned out
that the bit 0 of FORMAT was previously unknown to us.
Next we tried to get the feature to work in our driver. We tried it
without touching the three unknown registers, and got no video at all. So it had
an effect, but we weren't sure if it really was the "YV12 format"
bit. Further looking into MMioTraces showed that what was written into the
three registers was in fact fairly similar to what was done for the image
buffer setup, and we were able to make an educated guess at what was
supposed to be written here. (It was the set up of the color buffer, while
the "main" buffer was used for luminance data.)
In the end, we got YV12 to work in Nouveau's Xv without converting to YUY2,
which represented an increase in performance of (about) the expected 25%.
MMioTrace enabled us to discover how the card needed to be programmed to do
YV12 in hardware, which was apparently known by nobody outside of Nvidia
before.
This knowledge ended up in nv_video.c in NVPutOverlayImage:
/* Those are important only for planar formats (NV12) */
if ( uvoffset )
{
nvWriteVIDEO(pNv, NV_PVIDEO_UVPLANE_BASE(buffer), 0);
nvWriteVIDEO(pNv, NV_PVIDEO_UVPLANE_OFFSET_BUFF(buffer), uvoffset);
}
It is interesting to note that MMioTrace simply records all register reads
and writes - you can see almost everything that the kernel module does to
the card. The downside to "almost everything" is that the saved data set
gets large fast. Reducing the trace range and using it only for short
periods of time helps a bit but still...
after a few minutes of mmiotracing, you will get into the megabyte range
for your logs. Sifting through those thousands of lines to find what one is
looking for takes some time to get used to.
We used MMioTrace to reverse-engineer YV12 overlay, but we also used it to
reverse-engineer a very large part of card initialization code and
mode setting - and it will most certainly be useful for many other things that
involve a kernel module.
It is not limited to Nouveau, and is able to trace MMIO operations from any
of your (binary) kernel modules, thereby allowing reverse-engineering of
drivers for other hardware.
Current development in Unix graphics and its influence on Nouveau
We'll now take a peek into the future of 3D acceleration on Linux. 2007
saw a number of major changes in how Linux and X11 handle
graphics. A lot of improvements are coming into use: EXA for 2D
acceleration, TTM for memory
management, Gallium3D for 3D, the new DRI2
interface, etc. All this needs driver-side changes, which can take some time
to be done.
With the advent of programmable graphics hardware, the old graphics driver
model in Mesa became unsuitable. The current Mesa model is designed for
cards which are based around OpenGL fixed-function
operations. Fixed-function cards have hardware blocks designed for each part
of the GL pipeline. The driver model for this requires each new piece of
fixed functionality to call into the driver, which can get complex. This
also causes a lot of code to be duplicated in each driver.
A new driver model, called Gallium3D, tries to simplify the driver
interface and increase the amount of shared code. It is designed to cater
for OpenGL 3.0's needs as well as current OpenGL and DirectX APIs. It is
also designed to allow portable drivers across all major platforms/OSes. It
assumes programmable graphics hardware with, at least, fragment shaders.
Now that we know why the design was changed, let's have a look at the
architecture of Gallium3D. Gallium3D splits the DRI driver into 3 major
components, the common "state tracker", the OS dependent "winsys" layer and
hardware specific 3D driver.
The winsys is in charge of 2D action and most of the housekeeping and
OS-specific bits, while the hardware driver does the 3D. Each driver needs
to implement a hardware driver and a Winsys part. If an existing driver
gets ported to another OS, only the Winsys parts needs to be redone.
There is also a fully working reference software 3D driver called softpipe.
It is a software renderer showing the Gallium3D concepts and how to implement
them, which also acts as a software fallback driver for things the hardware
cannot handle.
Another component of the new graphics subsystem is the TTM based memory
manager. TTM is a unified in-kernel manager for all GPU accessible memory.
Previous memory management was split between X drivers, mostly using static
allocations. TTM was originally designed and implemented for Intel
hardware, and had to be adapted to handle NVidia hardware and Nouveau
software design. The main feature added to TTM was called fence classing,
which was required to support NVidia's multiple hardware contexts.
Current Status
When we shifted work from reverse engineering to driver development last
year, we were asked when a driver would be ready. We predicted late 2007,
but we only got part of the work done.
Except for NV5x cards, we basically have a good-to-reasonably-well working
2D driver. Releasing an official "2D" driver was considered but, at this
point, the kernel interfaces are not considered stable enough to support
for the
long term. When a DRM kernel module is shipped in Linus's kernel, the
interfaces are required to be supported indefinitely. This would be unwise
for Nouveau as the interface is evolving to accommodate changes for TTM and
mode setting, and supporting old interfaces may place hard-to-support
requirements on newer ones.
Currently, Nouveau can claim:
- basic 2D rendering on all cards (through EXA)
- EXA composite (implementing the XRENDER extension) works via the 3D engine on
all cards except NV5x and NV04. In the case of NV04, hardware limitations
make a composite implementation difficult if not impossible.
NV1x was just recently completed, which was a major feat as
these cards only have two fixed function register combiners and no shaders
- Xv from NV04 up to NV4x thanks to the work of Arthur Huillet.
Depending on the hardware, either blitter (on NV4->NV4x), overlay (on NV4->NV30) or video texture (on NV40).
Xv performance is on par with that of the nvidia binary driver on some cards.
- PPC support:
at least some PPC based systems work. Most endian-based problems
are solved thanks to the help of the PS3 RSX project and Ben Herrenschmidt. However,
some systems are exhibiting DMA hangs when trying to do uploads to the
card. The code is currently being audited and most of the PPC bugs have been fixed.
- xrandr 1.2 support is being worked on, basic mode setting should work mostly
on NV3x, NV4x and NV5x cards. More sophisticated features, like dual head
support, are actively being worked on and progress is fast.
- the Nouveau specific DRM code has some preliminary work done for TTM. e.g.
we have one FIFO allocated for DRM use only. However, a fair amount of work
is left until we have something really useful there.
- Ben Skeggs is working on a Gallium3D driver for NV4x and NV5x. This driver does
work for NV4x but is neither feature complete nor bug free. NV5x does not work
currently.
- Stephane is working on supporting shaderless cards with Gallium3D. That would
be a generic framework which, in case of NVidia cards, could support
shader instructions on cards ≥NV04 <NV30. This framework is not specifically
designed for NVidia cards but should help older ATI/Intel cards too.
The weak spot is currently the NV50. On these cards, 2D is working the same
as nv but saving and restoring the console / virtual terminal state doesn't
work.
All that is nice and somewhat important to have, but I hear you ask "what
about 3D"? The short answer is: We don't have 3D working. The longer
answer is: NV5x doesn't work and needs more reverse engineering as a lot
has changed from NV4x. For all other cards the needed information is
available but there are many pieces in the puzzle to build a final driver.
As a proof of concept, glxgears works on NV1x, NV3x and NV4x but with some
glitches. However, work on the Mesa DRI driver has ceased in order to
target Gallium3D.
A somewhat working Gallium3D driver exists with many bugs and glitches.
The NV4x is getting better everyday but isn't usable for games
yet. Gallium3D itself is still a work in progress and the same holds true
for our Gallium3D driver.
Currently, a fair amount work is going on in the mode setting field, with
Maarten Maathuis and Stuart Bennett enhancing this part of the code. This
leads to RandR1.2 (dual head) support in Nouveau. Once this is done, we
plan to move it into kernel land, following the other drivers. A kernel API
has been defined for that purpose. Basically this API looks like a
simplified randr1.2 api which should
make porting easy.
So what is coming next?
This is only a rough outlook of what we want to do mid term:
- Finish 2D work which includes mode setting and RandR1.2
- more reverse engineering for NV5x cards.
- Implement TTM support
- Implement Gallium3D drivers. This one is obvious for the cards with
shaders, However as Gallium3D expects shaders, older cards are left in the cold
unless Stephane gets his framework working.
In case the framework isn't feasible, a DRI driver for older cards may be
the only option.
By the way: If you are interested in more details, please have a look at
our Wiki and TiNDC ("The Irregular Nouveau Development Companions") or join
us in #nouveau on freenode (logs are available).
So to keep tradition lets have some screenshots. Here's a shot of Neverball running under the
Nouveau driver:
![[Neverball under Nouveau]](/images/ns/kernel/nv/lwn_neverballnouveau_ok_small.png)
And OpenArena with a Nouveau Gallium3D build from January 2008
displays this:
![[OpenArena under Nouveau]](/images/ns/kernel/nv/lwn_openarenanouveau_ok_small.png)
It seems the weapon is a bit too dark but otherwise we couldn't find obvious
differences.
Further information about Gallium3D can be found on the
Tungsten Graphics site.
Conclusion
So that is our current status, our roadmap shows the next milestone would be
Quake which is not so far away on NV4x, but which has some problems to overcome on
the other cards. Our first estimate of Autumn / Winter 2007 held up well for
the 2D part but, as we detailed earlier, was somewhat delayed due to decisions
out of our control like TTM and Gallium. However, the decision was the right
one as Nouveau will be one of the most advanced and future proof drivers
available.
And finally:
I would like to take this opportunity and thank Arthur Huillet, Ben Skeggs
David Airlie and Stephane Marchesin for their great help on this article. It
definitely was a team effort!
Comments (3 posted)
Patches and updates
Kernel trees
Build system
Core kernel code
Development tools
Device drivers
Filesystems and block I/O
Memory management
Networking
Architecture-specific
Security-related
Virtualization and containers
Benchmarks and bugs
Miscellaneous
Page editor: Jonathan Corbet
Distributions
News and Editorials
By Rebecca Sobol
February 27, 2008
In the process of reading through a number of distribution mailing lists
your editor encountered several items that seemed worthy of mention, but
none that seemed to provide enough for a complete article. So the
following will be a brief look at a variety of topics.
The Fedora Bug
Zappers subproject was recently
announced on the fedora-devel mailing list. This is a team of people
who triage bugs and act as a bridge between the users and developers. The
team is meeting regularly, and new bug zappers are always welcome.
Donnie Berkholz ran an informal survey that was answered by 50 Gentoo
developers. The results have been graphed, one page per question. For
example, the question "What are the top 3 issues facing
Gentoo?" is here.
"Developers' top 5 issues are manpower, publicity, goals, developer
friction, and leadership." The pie chart shown on the previous page
has been replaced by a bar chart. There
are eight more questions that remain to be charted.
The openSUSE project has been discussing
the creation of a developer blog. Although other blogs exist they tend to
range off-topic. This would be specifically a place to talk about
development topics, such as new features in YaST. Posts would be tagged so
that people who wanted to find more about YaST could find all entries with
that tag.
Ubuntu wants all users to be involved with bug squashing. Do 5 a day - every day!, says Daniel Holbach.
What you can do? That's up to you, your interests and your abilities.
- If you're a developer, you can help out reviewing patches and getting
them uploaded.
- If you want to just confirm new bugs, you can do that.
- If you have experience with a certain package and want to triage bugs
you can do that and forward them upstream if necessary.
- If you know your way around Ubuntu quite well, you can help assign
bugs to the right package.
That's not a bad idea, regardless of your distribution of choice.
Comments (3 posted)
New Releases
The Foresight team has announced the fourth alpha test release of the
upcoming Foresight GNOME Edition 2.0. This latest release features
numerous bug fixes, package updates, and GNOME 2.21.90.
Full Story (comments: none)
The fifth alpha of Ubuntu's Hardy Heron is available for testing. This
release is available as Ubuntu, Kubuntu, Edubuntu, Ubuntu JeOS, Xubuntu,
Gobuntu and UbuntuStudio. Alpha 5 includes several new features that are
ready for large-scale testing.
Full Story (comments: 1)
This version of Launchpad has lots of bug fixes and new features, faster
PPA builds, enhanced bug subscriptions and more karma. " There's also
exciting news for Launchpad beta testers! You can now apply to use
Launchpad to run a mailing list for a team you're involved with."
Full Story (comments: 1)
Distribution News
Debian GNU/Linux
Debian Project Leader Sam Hocevar has some news for Debian developers
introducing new FTP assistants, setting up a Debian Marketing Team, a look
at improving the init system, and the upcoming DPL election.
Full Story (comments: none)
Fedora
The Fedora Education Special Interest Group has been formed. There is a wiki page and a mailing
list. Interested people are invited to join.
Full Story (comments: none)
The Fedora Amateur Radio SIG or Fedora-Hams for short, has been announced.
" We have been busy this past week submitting packages for review,
most of them have been accepted and are now in Fedora, more waiting for
reviews and more that still need packaging to be finished. On my
FedoraPeople.org page I have a list of the packages in fedora, in review,
in progress and dreams."
Full Story (comments: none)
Click below for a recap of the February 19th meeting of the Fedora board.
Full Story (comments: none)
To support the 10th anniversary of LWN.net, the Fedora Project has
purchased 65 subscriptions to be given to Fedora contributors in a lottery.
Interested people will have hopefully already replied to the announcement
since the deadline is March 1. We would just like to say Thank You Fedora
and congratulations to the winners!
Full Story (comments: none)
SUSE Linux and openSUSE
There has been some discussion (click below for the starting point and a
link to the thread) about forming openSUSE local user
groups. Short term goals include promoting the 11.0 release and
organizing 11.0 release parties.
Full Story (comments: none)
Other distributions
PCLinuxOS has started a security
forum to inform users of security updates. If you are running PCLOS
you'll want to keep up with this forum.
Comments (none posted)
Distribution Newsletters
The most recent Fedora Weekly News covers a wide variety of Fedora topics including: FUDCon for Fedora 10, lots of FOSDEM coverage, the Amateur Radio and Education SIGs, a way for Fedora contributors to get an LWN subscription and more. Click below for the edition.
Full Story (comments: none)
This edition of the OpenSUSE Weekly
News covers the availability of Factory Live CDs, FOSDEM 2008 is Over,
Mono Hack Week Summary, In Tips and Tricks: How to fix the Amarok Update
Problems; How to try out openSUSE releases with VirtualBox, In the Press:
SUSE Linux on the ThinkPad T61 Review; Compiz wins "Window Manager of the
Year" Award, and several other topics.
Comments (none posted)
Issue #79 of the Ubuntu Weekly Newsletter is out. Contents include articles on the release of Hardy Heron Alpha 5, the introduction of the Intrepid Ibex, the 5-a-day bug squashing effort and more. Click below for the full edition.
Full Story (comments: none)
The DistroWatch
Weekly for February 25, 2008 is out. " Great week for all the
fans of FreeBSD - according to the project's updated release engineering
page, the delayed FreeBSD 7.0 should be up on the mirrors within hours! In
the news section, Ubuntu introduces the all-new Intrepid Ibex, Gentoo polls
its developers on issues facing the project, gNewSense announces a new
level of package freedom in its repositories, and PCLinuxOS sets up a
dedicated forum board for security notices. Other topics in this week's
issue include a quick tutorial on using the cut and paste commands for
manipulating columns of data in text files and a brief introduction to
Ultimate Edition, an Ubuntu-based distribution for the desktop."
Comments (none posted)
Distribution meetings
openSUSE will be at CeBIT next week (March 4 - 9, 2008). Stop by and say
hello if you are there, and look for openSUSE presentations on Saturday and
Sunday.
Full Story (comments: none)
Newsletters and articles of interest
Austin Acton made a back to
back comparison of Fedora rawhide and Mandriva cooker. Since these are
both development snapshots the results may vary from day-to-day, but the
results are still interesting.
Full Story (comments: none)
Interviews
The Fedora wiki interviews continue with a conversation with Dan Williams, NetworkManager hacker. " So you bring up your mobile broadband card and tell NM to share that connection over wireless. NM might create a new Ad-Hoc wireless network, get an automatic IPv4 address, set up NAT, and advertise itself as a router for other wireless clients like Mac OS X does. Magic."
Comments (24 posted)
People of
openSUSE has been interviewing openSUSE contributors. The most recent
interview
is with Rossana Motta, well-know among SuSELinuxSupport forum users.
" What especially motivates you to participate in the openSUSE
project? It has been, and always is, awesome to be part of Opensuse
community, not only to learn more about linux and computers in general but
also to "meet" great people located all over the earth. I really feel like
in a big family, that is walking all together to improve the whole
community and OS."
Comments (none posted)
Steve Lawson interviews
Wolvix creators Wolven and Oithona. " I first tried Wolvix as a live CD in its 1.0.5 version
back in November 2006 and was immediately blown away by it. Since then
I've had Wolvix 1.1.0 (Hunter) installed in two different virtual machines
and a laptop, as well as having run it repeatedly as a live CD on various
machines, and it has never let me down once. As it's now based on Slackware
11.0, Wolvix is rock-solid stable and, thanks to its pairing with the
lightweight Xfce desktop environment (Fluxbox is available as an option),
it's also remarkably quick, particularly useful for older, less
well-specified PCs."
Comments (none posted)
O'ReillyNet takes
a look at the soon to be released FreeBSD 7.0. " Federico
Biancuzzi interviewed two dozen developers to discuss all the cool details
of FreeBSD 7.0: networking and SMP performance, SCTP support, the new IPSEC
stack, virtualization, monitoring frameworks, ports, storage limits and a
new journaling facility, what changed in the accounting file format,
jemalloc(), ULE, and more."
Comments (none posted)
Page editor: Rebecca Sobol
Development
By Forrest Cook
February 26, 2008
The
Linux Desktop Testing Project
is a cross-UNIX GUI testing framework.
The project was started in 2005.
In the Linux world, LDTP originally just supported the GNOME desktop
environment.
KDE support was planned from the beginning, this capability is
now in place with the recently released KDE 4.0.
In addition to operating with the two major Linux desktops,
LDTP is being used by Mozilla and OpenOffice.org.
From the LDTP home page:
![[LDTP]](/images/ns/ldtp-logo-small.png)
Linux Desktop (GUI Application) Testing Project (LDTP) is aimed at producing high quality test automation framework and cutting-edge tools that can be used to test Linux Desktop and improve it. It uses the Accessibility libraries to poke through the application's user interface. The framework also has tools to record test-cases based on user-selection on the application. LDTP is a Linux / Unix GUI application testing tool. It runs on Linux / Solaris / FreeBSD / Embedded environment (Palm source).
Version 0.8 of LDTP was
investigated
last February on LWN, take a look to get an overview of the software's
operation.
LDTP version 0.9.0 was
released
in August 2007, it featured new Firefox automation support and bug fixes.
This week, version 1.0.0 was
announced:
This release features
number of important breakthroughs in LDTP as well as in the field of Test
Automation. This release note covers a brief introduction on LDTP followed
by the list of new features and major bug fixes which makes this new version
of LDTP the best of the breed. Useful references have been included at the
end of this article for those who wish to hack / use LDTP.
New features in this release include the
Object Oriented LDTP, the LDTP Editor with
record and replay
functionality, major bug fixes and lots of work on the
documentation.
The Linux Desktop Testing Project is maturing and its scope is
getting wider.
LDTP can become an important tool for automated
testing of GUI-based applications. With a bit of effort on the
part of developers, LDTP can improve the quality of applications
and speed up the testing of new releases.
Comments (none posted)
System Applications
Backup Software
Version 1.0.4 of SafeKeep has been
announced.
" This is release 1.0.4 of SafeKeep, a centralized and easy to use backup application that combines the best features of a mirror and an incremental backup.
What's new in this release:
- Add options to allow the query of the backup repository
- Important fixes when dealing with snapshots
- Make it more compatible with Python 2.2 (more work remains)
- Avoid build-time dependency on asciidoc which depends on Python 2.3
- Add some clarifications to the documentation
- Add support for FreeBSD"
Comments (none posted)
Clusters and Grids
Stable version 2.4.0 of the RSPLIB Open Source RSerPool package is out.
" RSPLIB is the Open Source implementation (GPLv3) of the IETF's upcoming
standard for Reliable Server Pooling (RSerPool). It provides protocols and
functionalities for the management of server pools and sessions between
users and pools. In particular, RSerPool takes care for server selection and
session failover support among servers of a pool."
Full Story (comments: none)
Database Software
The February 24, 2008 edition of the Postgres Weekly News
is online with the latest PostgreSQL DBMS articles and resources.
Full Story (comments: none)
Printing
Version 1.3.6 of the Common UNIX Printing System (CUPS) has been
announced.
" The new release fixes some platform-specific build problems, web interface issues, PDF and PostScript filter option handling, and a number of minor bugs discovered during routine code audits."
Comments (none posted)
Web Site Development
Version 2.0alpha1 of the Midgard web development platform has been announced.
" The first alpha of the Midgard 2.0 branch is targeted at web framework
and desktop developers. This release does not consist of the CMS
components, but instead targets at providing the development tools for
building a modern web framework. Framework based not only on one tool,
but which can connect multiple technologies and languages.
The version 3 of MidCOM web content management components for PHP5 are
currently in the process of being ported to the Midgard 2.0 platform."
Full Story (comments: none)
Desktop Applications
Audio Applications
Version 1.2 of Sonic Visualiser, a tool that can display audio spectrums
and more, has been
announced.
" This is a significant feature release, containing a number of new features over the previous 1.0 including an exciting new audio alignment capability."
Comments (none posted)
Data Visualization
Version 2.1.0 of Gmsh
has been announced.
" Gmsh is an automatic 3D finite element grid generator with a build-in CAD engine and post-processor. Its design goal is to provide a simple meshing tool for academic problems with parametric input and advanced visualization capabilities.
Gmsh is built around four modules: geometry, mesh, solver and post-processing. The specification of any input to these modules is done either interactively using the graphical user interface or in ASCII text files using Gmsh's own scripting language." This version adds
a new post-processing database and other improvements.
Comments (none posted)
Desktop Environments
The following new GNOME software has been announced this week:
You can find more new GNOME software releases at
gnomefiles.org.
Comments (none posted)
KDE.News presents another
quickies
article with lots of KDE news bites.
" The Nepomuk KDE project that is creating the social semantic desktop on top of KDE has launched its new website. Go there for numerous tutorials integrating Nepomuk features like "who sent me this file?". The German Kubuntu team has an interview with Amarok release dude, Harald Sitter..."
Comments (none posted)
The following new KDE software has been announced this week:
You can find more new KDE software releases at
kde-apps.org.
Comments (none posted)
For readers interested in X.org development: Adam Jackson has posted a
plan for the upcoming 7.4 release. Much of the timing seems driven by a
desire to have a stable release in time for Fedora 9; that leads to a
projected date of April 25. There's a lot of problems to be resolved
between now and then, but, as Adam puts it, " These are just bugs.
They're fixable. And we need to fix them."
Full Story (comments: 14)
The following new Xorg software has been announced this week:
More information can be found on the
X.Org Foundation wiki.
Comments (none posted)
Desktop Publishing
Version 1.5.4 of LyX, a GUI front-end to the TeX typesetting system,
has been announced.
" This is a maintenance
release. Besides the usual stability improvements and fixes, this release
comes with major improvements in the handling of Chinese, Korean and
Japanese (CJK) languages and scripts, and introduces some minor new
features (such as a character count option)."
Full Story (comments: 1)
Electronics
Version 0.7 of UrJTAG has been
announced.
" UrJTAG aims to create an enhanced, modern tool for communicating over JTAG with flash chips, CPUs, and many more. It is a descendant of the popular openwince JTAG tools with a lot of additional features and enhancements.
UrJTAG, descendant of the openwince JTAG tools, can now read BSDL descriptions natively, transfers data over USB much faster, and got some new bus and cable drivers. Numerous improvements have been added, many bugs have been fixed."
Comments (none posted)
Financial Applications
Version 1.2.13 of LedgerSMB, a web-based accounting system,
has been announced.
" This release corrects all known issues
with running LedgerSMB 1.2.x on PostgreSQL 8.3 and although other issues may
surface, we will fix those as they are brought to our attention."
Full Story (comments: none)
Games
GnomeDesktop
takes a look at PyChess Philidor developments.
" PyChess Philidor 0.8 has been released. This happens after nearly a year
coding, and a rewrite of large parts of the codebase for stability and
features. If you haven't already beaten fruit, gnuchess, pychess-engine
and your friend with PyChess, now is time to!"
Comments (none posted)
A new Ryzom.org State of the Game notice has been mailed out.
" It has been more than a year since our last update here. A lot happened,
and I will try to sum it up for those who aren't regular visitors of the
Ryzom.org forums. But first, I need to attract your attention on a very
important part of this email:
It is very important that you contact all Ryzom players you know or have
known, to ask them to subscribe to this mailing list. With Gameforge
shutting down the servers (and maybe the offic[i]al forums), that's the
only way to keep a way to reach the whole Ryzom community when needed."
Full Story (comments: none)
Interoperability
Version 0.9.56 of Wine has been
announced.
Changes include:
Proper handling of OpenGL/Direct3D windows with menu bars,
Stubs for all the d3dx9_xx dlls, Several graphics optimizations,
Many installer fixes, Improved MIME message support, and
Lots of bug fixes.
Comments (none posted)
Mail Clients
Version 3.3.1 of Claws Mail has been
announced.
" New in this release:
Forbid attaching anything containing "../" or ".ssh/" in mailto:
URIs. Add a hidden preference, 'use_networkmanager', to disable
NetworkManager handling. Updated translations: French, Hebrew.
Bug fixes."
Comments (none posted)
Thunderbird 2.0.0.12 is out; it contains a number of fixes, including some
for a set of security
issues. The announcement also reminds users that Thunderbird 1.5
is no longer supported. For those wondering about the quality of
Thunderbird 2.0 support - this update took a while to arrive - it's
worth noting that the
developers are concerned too and will, presumably, act to improve the
security update process.
Full Story (comments: 1)
Music Applications
Version 1.4 of QM Vamp Plugins, a set of audio analysis plugins
in the Vamp plugin format, has been announced.
" This release is a major update including new plugins and numerous bug
fixes. Note onset detector, beat tracker, tempo estimator, key
estimator, tonal change detector, structural segmenter, timbral and
rhythmic similarity, chromagram, constant-Q spectrogram, and MFCC
calculation plugins are included."
Full Story (comments: none)
Version 0.1.1 of Qtractor, an Audio/MIDI multi-track sequencer application, has been announced.
" After some time in quarantine, meaning that it just passed almost 40
days since its last public appearance, the frivolous debutante has
matured a bit but not that much. Truth is, it is not quite healed and in
fact, it is getting seriously bloated ;)"
Full Story (comments: none)
Science
Version 1.11.0 of Staden Package has been
announced.
" A fully developed set of DNA sequence assembly (Gap4), editing and analysis tools (Spin) for Unix, Linux, MacOSX and MS Windows.
Finally I decided enough beta releases and packaged an official version of io_lib 1.11.0. Hence from here on I'll support multiple SRF revisions should it change, but I'm confident it's now at a reasonably stable point."
Comments (none posted)
Speech Software
Version 2.14 of DictionaryMaker has been
announced, it features a new export function feature and a bug fix.
" DictionaryMaker is a graphical tool for creating electronic pronunciation dictionaries (for natural languages). The system allows a user to develop a pronunciation dictionary without requiring expert linguistic knowledge or programming expertise."
Comments (none posted)
Video Applications
Version 1.0.0 of Schroedinger, an implementation of the Dirac video codec
specification, has been announced.
" This release is mainly intended for early adopters and integrators, in
order to work out many of the kinks that inevitably arise when a project
gains more wide usage."
Full Story (comments: 2)
Languages and Tools
C
Version 4.3.0-rc1 of GCC,
the Gnu Compiler Collection, has been announced.
" Please test the tarballs there and report any problems to Bugzilla."
Full Story (comments: none)
Caml
The February 26, 2008 edition of the Caml Weekly News
is out with new articles about the Caml language.
Full Story (comments: none)
Haskell
The February 23, 2008 edition of the
Haskell Weekly News
is online. It includes details of the one hundred unique new and updated Haskell libraries and applications in the past two weeks, including mutable arrays, compression, games, web frameworks, data structures, a file system, Haskell tools, concurrency, graphics, cryptography, systems administration, signal processing, new guis and several audio libraries.
Comments (none posted)
Java
Maintenance release version 0.97 of GNU Classpath has been announced.
" We are proud to announce the release of 0.97 "I Aten't Dead"
GNU Classpath, essential libraries for java, is a project to create
free core class libraries for use with runtimes, compilers and tools
for the java programming language.
The GNU Classpath developer snapshot releases are not directly aimed
at the end user but are meant to be integrated into larger development
platforms."
Full Story (comments: none)
Lisp
Version 1.0.15 of Steel Bank Common Lisp (SBCL) has been announced.
" This version revives Alpha support, improves backtrace information,
implements POSIX mktemp and mkdtemp, and fixes many bugs."
Full Story (comments: none)
Perl
The February 10-16, 2008 edition of
This Week on perl5-porters is out with the latest Perl 5 news.
Comments (none posted)
Python
The February 26, 2008 edition of the Python-URL! is online with
a new collection of Python article links.
Full Story (comments: none)
Tcl/Tk
The February 22, 2008 edition of the Tcl-URL! is online with new
Tcl/Tk articles and resources.
Full Story (comments: none)
Editors
Richard Stallman's approach to the maintenance of the Emacs editor has come
under occasional fire. He has now announced that he will be handing the
maintainership over to developers Chong Yidong and Stefan Monnier; it will
be interesting to see how the Emacs development process changes.
Meanwhile, pretest version 22.1.91 (leading
up to the upcoming stable 22.2 release) is now available.
Comments (58 posted)
Libraries
Version 4.0.3 of IT++ has been
announced, it features an important bug fix.
" IT++ is a C++ library of mathematical, signal processing and communication system routines/functions. Its main use is in simulation of communication systems or for performing research in the area of communications.
Although IT++ 4.0.2 was published only a few days ago, we decided to prepare the next maintenance release quite fast."
Comments (none posted)
Version Control
Version 1.5.4.3 of the GIT distributed version control system
has been announced.
" Largest user visible change in this is RPM packaging updates by
Kristian Høgsberg. 'git-core' will only be pure git without
pulling foreign SCM packages in as its dependencies anymore when
you do "yum install git-core"."
Full Story (comments: none)
Version 0.39 of the monotone version control system has been announced.
" It has new
features and a few changes in the automate interface and a new
section in the manual, about merge conflicts and ways to resolve
them, among other changes."
Full Story (comments: none)
Page editor: Forrest Cook
Linux in the news
Recommended Reading
Over at LinuxWorld, Don Marti takes a look at SELinux mitigating real security threats. " But the announcements of several recent security holes tell a new story: SELinux, if turned on, can prevent an attacker from using an exploit to its full destructive potential. For example, one vulnerability in the Hewlett-Packard Linux Imaging and Printing Project's software would have allowed an attacker to run arbitrary commands as root."
Comments (none posted)
Trade Shows and Conferences
Fred Trotter has a report on Janice
Honeyman-Buck's talk at the Healthcare Information and Management Systems
Society (HIMSS) conference. " To start her talk, she gave an overview
of what Open Source is. Of course for me it is old hat, but she did a good
job of informing her large and diverse audience about the basics of Open
Source. She covered the basics, MySQL, Apache, Linux, Firefox. But then she
talked about OpenEMR."
Comments (none posted)
The KDE PIM team got together
for three days of hacking, discussing and community building. " The
big topics were Akonadi and KDE 4.1. The team settled on the plan to
release KDE PIM with KDE 4.1 based on the traditional backends and include
the first platform release of Akonadi as the future base for PIM
applications in and around KDE. The meeting was kindly hosted by Intevation
and supported by the KDE e.V. and KDAB."
Comments (none posted)
Interviews
Red Hat Magazine has posted the third installment in its video interview with Alan Cox. Topics this time include his current kernel work and Red Hat's patent portfolio.
Comments (none posted)
Groklaw is carrying a Sean Daly interview with Mozilla Europe President Tristan Nitot from FOSDEM08. An audio version [Ogg] and transcript are available. " There are many reasons for that. And actually, for every country, I think, there's a mix of reasons, and the top reason may change from country to country. So for example, I'll talk about Germany. In Germany, people are really into privacy and security and, well, we all know the track record of the dominant player in these two areas. And so they have always been reluctant in giving or using Microsoft software. And so when Firefox showed up, you know, well, a lot of people switched to Firefox instantly. And since then, they are kind of leading the pack. They are past 30%, probably closer to 35% with Firefox."
Comments (none posted)
Miscellaneous
KDE.News takes a look at
Kommander's future. " Kommander, the graphical scripting tool, has
been radically improved for KDE 3.5.9. While our next goal is a KDE 4
executor, then a full update we wanted to offer some new functionality for
KDE 3 users. Best of all, shortly you will be able to run what was built in
KDE 3 unaltered and native in KDE 4. In 3.5.9 the focus was on the
executor, but new features are in the editor. That includes popup menus,
KPart creation, a DatePicker widget, widget creation on the fly, embedded
widgets, standard dialogs, and a lot more. There is a new plugin
architecture and new plugins for database, KParts, HTTP connections and
even a KHTML widget."
Comments (none posted)
Page editor: Forrest Cook
Announcements
Non-Commercial announcements
The GNOME Foundation has announced the availability of a small fund for the
sponsoring of accessibility projects. " GNOME Outreach Program: Accessibility starts accepting applications on
March 1st and will run towards the end of the year. There will be two
tracks to the program: In the first track accepted individuals will work
towards accomplishing one of the major projects nominated for the
program, earning US$6,000 and can take up to six months to complete the
task. The second track will reward contributors US$1,000 for fixing five
bugs out of a pool of accessibility bugs nominated by the program
judges."
Full Story (comments: none)
The Free Software Foundation Europe comments on Microsoft's
recent interoperability pledge.
" Yesterday's media briefing by Microsoft on its its pledge to release
interoperability information for flagship products contained little
actual news. Over the years Microsoft has made multiple similar pledges
and they at times proved to be detrimental rather than beneficial for
interoperability. Examining the terms of the Microsoft's latest action
shows no major change of policy.
The announcement confirmed that Microsoft was planning to use its
software patent portfolio against interoperating products by requiring a
patent license for all commercial activity. This is consistent with
its previous attempts at allowing competition only where it provides no
actual challenge to its monopolies."
Full Story (comments: none)
The Open Solutions Alliance has announced its 1 year anniversary.
" The Open Solutions Alliance (OSA), a nonprofit, vendor-neutral
consortium dedicated to driving the interoperability and mainstream adoption of comprehensive open
solutions, marked its one-year anniversary with three new members, a global focus, and significant
advances toward seamless interoperability between commercial open-source applications."
Full Story (comments: none)
Commercial announcements
Guardian Digital has announced successful deployments of SurfSecure.
" Open Source veteran Guardian Digital is proud to capitalize on the increased
need for robust web and content filtering with SurfSecure, based on the open
source foundation of the EnGarde Secure Linux platform.
After introducing the totally revamped solution late last year, various ISP,
government and other B2B organizations have adopted it. This is a result of
increased functionality and ease of use, but also because of the company's
experience in fully supporting its open source solutions."
Full Story (comments: none)
The announcement is sweeping enough to make one check the calendar, but we are still a month and a week early for pranks. Microsoft is making available specifications for APIs and communication protocols for Exchange, Office, SQL Server, SharePoint, and others without requiring a license or royalty payments. They will indicate what patents they believe cover any of the protocols and " will license all of these patents on reasonable and non-discriminatory terms, at low royalty rates." There may be lurking dangers, but it appears to be a sincere effort at providing interoperability. " 'Customers need all their vendors, including and especially Microsoft, to deliver software and services that are flexible enough such that any developer can use their open interfaces and data to effectively integrate applications or to compose entirely new solutions,' said Ozzie. 'By increasing the openness of our products, we will provide developers additional opportunity to innovate and deliver value for customers.'"
Comments (29 posted)
Novell, Inc. has
announced the availability of SUSE Linux Enterprise Point of Service.
" Enterprise Point of Service allows
retailers to customize and manage point of service (POS) systems, reducing
their in-store and data center costs while increasing system flexibility
and reliability."
Comments (none posted)
Open-Xchange Inc. has announced a new program for Zimbra customers.
" Open-Xchange Inc., the market-leading independent open source
alternative to Microsoft Exchange, today announced a special program for Zimbra customers concerns
about their investment in light of the pending Microsoft/Yahoo deal.
Zimbra customers can fax the Open-Xchange Competitive Upgrade form to Open-Xchange together with a copy of their last
two years groupware invoice and Open-Xchange will offer a two year subscription to an equivalent
Open-Xchange product for 50% of the cost of their invoice."
Full Story (comments: none)
Sun Microsystems has
announced
the completion of the MySQL acquisition.
" Sun Microsystems, Inc. today announced it has completed the acquisition of MySQL AB, developer of the world's most popular open source database, for approximately $1 billion in total consideration. Sun also unveiled the immediate availability of MySQL's complete portfolio of products and enterprise services backed by its 17,000-strong global sales and services organization and its extensive international network of authorized distribution channels."
Comments (none posted)
Timesys has announced Linux support for the AT91SAM9RL microcontroller from
Atmel. Ideal for rapid design validation, Timesys is offering a free Board
Support Package (BSP) for the Atmel 9RL.
Full Story (comments: none)
New Books
No Starch Press has published the book Groovy Recipes
by Scott Davis.
Full Story (comments: none)
O'Reilly has published the book Subject to Change
by Peter Merholz, Todd Wilkens, Brandon Schauer, David Verba.
Full Story (comments: none)
Resources
The release of GPU programming information by AMD/ATI has been welcomed, but
there have been occasional complaints that the company has still held back
on the documentation needed to make use of 3D acceleration. Those
complaints should now come to an end: AMD has released 3D programming
information for the R5xx chip family. Expect improved support for those
chips (and probably R3xx and R4xx as well) soon. Hopefully the R6xx
manuals will not be long in coming.
Full Story (comments: 28)
Contests and Awards
LinuxQuestions.org has announced
the winners of its 2007 Members Choice Award.
" Among the winners are
Ubuntu, Firefox, MySQL, KDE, Compiz, Nagios and OpenOffice.org. The
Members Choice Awards allow members of the Linux community to choose
their favorite products in a variety of categories including Server
Distribution of the Year, Desktop Distribution of the Year, Office
Suite of the Year and Web Browser of the Year. The total number of
categories this year was 27."
Full Story (comments: 9)
The Electronic Frontier Foundation reports that this year's Pioneer Awards
will go to Mitchell Baker and the Mozilla Foundation, Michael Geist, and
Mark Klein. " The award ceremony will be held at 7pm, March 4th at
the San Diego Marriott Hotel and Marina in conjunction with the O'Reilly
Emerging Technology Conference (ETech)."
Full Story (comments: none)
Voting is open for the 2008 SourceForge.net Community Choice Awards.
" Ross Turk, Community Manager at SourceForge.net today
announced the guidelines for the 2008 Community Choice Awards.
Starting this year, the awards are open to any open source project,
even those hosted outside of SourceForge. Keeping with tradition, the
awards are chosen based solely on community voting in an open voting
process."
Full Story (comments: none)
Education and Certification
LinuxCertified has
announced
a new Linux System and Network Administration BootCamp.
" This workshop is designed for information technology professionals and is designed to cover the most important Linux administration areas.
LinuxCertified,Inc. a leading provider of Linux training, will offer weekend Linux system administration bootcamp on March 8th - 9th, 2008 in South Bay (CA). This workshop is designed for busy information technology professionals and is designed to cover the most important Linux administration areas."
Comments (none posted)
Meeting Minutes
The minutes from the February 20, 2008 Perl 6 Design Meeting
have been published.
" The Perl 6 design team met by phone on 20 February 2008. Larry, Allison, Patrick, Jerry, Will, Jesse, and chromatic attended."
Comments (none posted)
Calls for Presentations
A call for papers has gone out for the Workshop on Open Source Software for Computer and Network Forensics.
" We are currently inviting the submission of full papers to the 1st Workshop
on Open Source Software for Computer and Network Forensics (OSSCoNF),
which will be held in conjunction with OSS2008, the Fourth International
Conference on Open Source Systems. The conference will take place in
September 7-10, 2008, in Milan, Italy. Workshops will be on September
10th, immediately after the main OSS2008 conference."
The submission deadline is June 7.
Full Story (comments: none)
Upcoming Events
The 2008 Fedora Users and Developers Conference (FUDCon)
has been announced.
" The next North American FUDCon will be in Boston, MA. It will be held
from June 19-21, in parallel with this year's Red Hat Summit."
Full Story (comments: none)
The final countdown for LAC2008 has been announced.
" The Linux Audio Conference 2008 is prepared. The organisation team of
LAC2008 is looking forward to welcoming the international Linux audio
community in Cologne. The conference is taking place at the Academy
of Media Arts (KHM) from February 28 to March 2, 2008."
Full Story (comments: none)
Registration is open for LugRadio Live USA 2008.
" LugRadio Live USA 2008, the 'rock-conference' from the team behind the
popular LugRadio podcast, brings the
successful and unique formula of the UK LugRadio Live events to The
Metreon in San Francisco on the 12th and 13th April 2008. The event is
supported extensively by Google and also supported by Dice.
LugRadio Live USA 2008 brings together over 30 speakers across three
stages, 30+ exhibitors, a range of BOF sessions, debate panels,
lightbulb talk sessions, demos and much more, all wrapped up in the
unique event that the UK incarnation has become known for, combining
an incredibly loose, social, inclusive, and amusing atmosphere - if
you are new to LugRadio Live, it is nothing you will have seen before."
Full Story (comments: none)
The keynote speakers have been announced for the 2008
MySQL Conference & Expo.
" Sun's Jonathan Schwartz and MySQL's Marten Mickos
to Kick Off the World's Largest Open Source Database Event.
The sixth annual MySQL Conference &
Expo, co-presented by MySQL AB and O'Reilly Media, is expected to bring
together 2,000 open source and database users from some of the most
exciting and fastest-growing companies in the world, as well as from the
large and active MySQL community. The conference will take place April
14-17, 2008, in Santa Clara, California."
Full Story (comments: none)
Events: March 6, 2008 to May 5, 2008
The following event listing is taken from the
LWN.net Calendar.
| Date(s) | Event | Location |
|---|
March 3
March 6 |
O'Reilly Emerging Technology Conference |
San Diego, CA, USA |
March 3
March 6 |
Drupalcon Boston 2008 |
Boston, MA, USA |
March 4
March 9 |
CeBIT Germany |
Hannover, Germany |
March 8
March 14 |
Asia OSS Conference & Showcase 2008 |
Guangzhou, China |
March 11
March 12 |
4th AustralAsian Cleantech Forum |
Melbourne, Australia |
March 14
March 16 |
PyCon 2008 |
Chicago, IL, USA |
| March 15 |
FSF Associate Members Meeting |
Cambridge, MA, USA |
March 16
March 19 |
BossaConference 2008 - International Conference on Open Source Software for Mobile Embedded Platforms |
Pernambuco, Brazil |
March 16
March 21 |
Novell BrainShare 2008 |
Salt Lake City, UT, USA |
March 16
March 20 |
Free Software and Open Source Foundation for Africa |
Dakar, Senegal |
March 17
March 20 |
Eclipse Community Conference |
Santa Clara, CA, USA |
March 17
March 20 |
Spring VON.x Conference |
San Jose, CA, USA |
March 19
March 20 |
LinuxWorld Expo 2008 Brussels |
Brussels, Belgium |
| March 24 |
SDForum Global Open Source Conference |
San Francisco, CA, USA |
March 26
March 28 |
CanSecWest 2008 |
Vancouver, BC, Canada |
| March 26 |
Document Freedom Day |
Everywhere, Worldwide |
March 29
March 30 |
PostgreSQL Conference East 2008 |
College Park, MD, USA |
March 31
April 2 |
UKUUG Spring 2008 Conference - Dynamic Languages |
Birmingham, England |
| March 31 |
2008 European Workshop on System Security |
Glasgow, Scotland |
March 31
April 2 |
UKUUG Spring 2008 Conference |
Birmingham, England |
March 31
April 2 |
Sharkfest Wireshark Network Analysis Summit |
Los Altos Hills, CA, USA |
| April 2 |
First meeting UKUUG PostgreSQL SIG |
Birmingham, England |
April 3
April 4 |
E-Mail Systems Conference 2008 (Exim and other mail systems) |
Birmingham, England |
April 4
April 5 |
openSUSE Packaging Days II |
IRC, Everywhere |
April 7
April 9 |
IT360 Conference & Expo |
Toronto, Canada |
April 7
April 11 |
Django Bootcamp with Juan Pablo Claude |
Atlanta, Georgia, USA |
April 8
April 10 |
Linux Foundation Collaboration Summit |
Austin, TX, USA |
April 10
April 13 |
Go-OO Conference 2008 |
Prague, Czech Republic |
April 12
April 13 |
Open Source Developers Conference Taiwan, 2008 |
Taipei, Taiwan |
April 12
April 13 |
LugRadio Live USA 2008 |
San Francisco, CA, USA |
April 12
April 18 |
KDevelop Developer Meeting 2008 |
Munich, Germany |
April 14
April 18 |
Embedded Systems Conference - Silicon Valley |
San Jose, CA, USA |
April 14
April 17 |
MySQL Conference and Expo |
Santa Clara, CA, USA |
April 14
April 18 |
Samba eXPerience 2008 |
Göttingen, Germany |
April 15
April 17 |
Embedded Linux Conference 2008 |
Mountain View, CA, USA |
April 15
April 17 |
SOA in Health Care |
Chicago, IL, USA |
April 16
April 18 |
X Developers' Conference 2008 |
Mountain View, CA, USA |
April 16
April 18 |
X Developers' Conference for 2008 |
Mountain View, USA |
April 16
April 18 |
Croatian Linux User Conference |
Zagreb, Croatia |
April 17
April 19 |
9th International Free Software Forum |
Porto Alegre, Brazil |
April 18
April 19 |
Third Annual Silicon Valley Ruby Conference |
San Jose, CA, USA |
April 18
April 20 |
National Collegiate Cyber Defense Competition |
San Antonio, TX, USA |
April 18
April 20 |
Penguicon 2008 |
Troy, Michigan, USA |
April 21
April 25 |
Open Source meets Industry: Application Park and International Congress |
Hannover, Germany |
| April 22 |
The Mobile Future |
Santa Clara, CA, USA |
April 22
April 25 |
Web 2.0 Expo |
San Francisco, CA, USA |
| April 22 |
OSADL International Congress |
Hannover, Germany |
April 23
April 24 |
Troopers 2008 Security Conference |
Munich, Germany |
| April 23 |
Linux Foundation Spring Legal Summit |
Schaumburg, IL, USA |
April 25
April 29 |
Open Tech Summit Taiwan 2008 |
Taipei, Taiwan |
April 25
April 26 |
Guademy 2008 |
Valencia, Spain |
April 27
May 2 |
INTEROP Las Vegas 2008 |
Las Vegas, NV, USA |
April 28
May 4 |
Monotone Developer Summit |
Wuppertal, Germany |
May 2
May 3 |
Maker Faire Bay Area |
San Mateo, CA, USA |
If your event does not appear here, please
tell us about it.
Audio and Video programs
Florent Berthaut has released Hitmuri "Des Leurres", the music
is freely downloadable.
" Hi everyone,
i've just released a new album entirely made with linux ( Tapeutape +
Jack-Rack + Freewheeling + Ardour)."
Full Story (comments: none)
Page editor: Forrest Cook
|
|
|