|
|
| |
|
| |
LWN.net Weekly Edition for March 13, 2008
By Jake Edge
March 12, 2008
The Emacs development process is undergoing some changes; Richard Stallman
has handed off project
maintenance duties, while a change in the version control system (VCS)
seems to be in the offing. Some of the modernization suggestions made by
Eric Raymond last December are taking root. Stallman has not completely
stepped away from Emacs development—it's doubtful anyone expected him
to—but his approach on how to choose a VCS for Emacs is raising a few
eyebrows.
Currently, Emacs is tracked with CVS, but a distributed VCS (DVCS) is definitely
planned down the road—how far is unclear at this point. In
earlier discussions, Stallman was particularly interested in the offline
capabilities of DVCS; being able to do commits, diffs, and see revision
history while
unconnected to the internet is a useful feature for him. Many other Emacs
developers see a DVCS as a major upgrade to the development process, the
question then becomes which DVCS to use.
The main contenders are git, Mercurial (aka hg), or Bazaar (aka bzr); there are other options, of
course, but they were quickly
eliminated due to speed or feature set issues. There was some hope that
a comparative VCS study that Raymond was working on would help lead the project to the proper
choice, but the study has been delayed—a major release of Wesnoth is
underway which has taken Raymond from that task.
There were some discussions of the merits of the various systems but, in
the meantime, Bazaar joined the GNU project which changed the equation
somewhat. Stallman announced:
We should use Bzr because that is becoming a GNU package.
GNU packages should show loyalty to each other when possible,
and in this case it is possible.
As might be expected, short-circuiting a technical discussion for a
political expedient is not met with universal approval. Juanma Barranquero
sums up his (and others') objections:
What I'm trying to say is: I won't discuss which dVCS we choose
(unless it makes Windows development a PITA). But I agree with Jeremy
Maitin-Shepard that the cause of free software is strengthened by us
selecting among the free alternatives the one that best serves our
technical, not political, needs.
There is a certain irony in noting that one of the perceived weaknesses of git was its
poor support for Windows development. It is
certainly understandable, but the idea that one of the flagship GNU
projects would make a decision based on tool availability for a proprietary
operating system gives one pause. That isn't one of
Stallman's requirements of course, he sees the decision as essentially a choice amongst
equals:
We already know the most important thing about what we will find from
a careful study of git, mercurial and Bzr. We will find that each has
its advantages and disadvantages -- but none of them conclusive. Each
will be preferred by some people, but any one of them would work out
well enough.
As Thomas Lord (author of another GNU VCS, arch), points out, there is a cost to
agonizing over a choice like this:
Probably so but any group of smart people could easily spend
a year arguing about it. Not even a year arguing about which system
is best but a year arguing just about what "best" means in this context.
Over-optimizing a choice like that can be a *huge* resource
suck and projects and groups fail all the time because of falling
into such traps.
No technical barriers to using Bazaar have been raised, it is, as Stallman
asserts, a fairly arbitrary choice. Unsurprisingly, Stallman chooses the one
that serves his agenda. The new maintainers, Stefan Monnier and Chong
Yidong, presumably agree with that
agenda, in any case they have not indicated any resistance to the
choice.
So it seems that Emacs will be moving to Bazaar. Jason Earl has been
pulling the CVS history into a Bazaar repository that should be available
soon. The import process seems to be taking a fair amount of time—something on the order of a week—which is hopefully not indicative of
the operational speed of Bazaar. Assuming the conversion works and
developers can get their work done using it, this would be a pretty
high-profile project to use it. Other GNU software may follow suit, which
could be a big boost to the visibility of Bazaar; precisely
what Stallman was aiming for.
Comments (45 posted)
By Jonathan Corbet
March 12, 2008
In many parts of the world, the U.S. is looked upon as a place with
particularly poor taste in "intellectual property" legislation; the DMCA
and software patents are often held up as examples. DMCA-like laws have
since spread to other parts of the planet, which, for some reason, has not
made people living there any more appreciative of the American legal
regime. But it is often pointed out that software patents remain an almost
entirely American problem; people in other parts of the world (Europe, say)
need not worry about them.
If only it were so. On March 5, German police raided a booth at the CeBit
conference in Hannover. That booth, run by Meizu, contained an
iPhone-clone product, but nobody cared about that. Instead, the contraband
which absolutely had to be suppressed was a music player for which Sisvel
(an Italian company which has done this kind of thing before)
had not been paid royalties on its MP3 patents. The player, as it happens,
did not even have MP3 playback capability, but that didn't seem to matter.
The police duly cleared the booth of all mention of the offending device
and saved another day for free enterprise.
This is a pure software patent action, and the
U.S. has no part in it. Software patents are truly a global problem.
(Police raids raise the stakes in interesting way, though; even in the
U.S., things usually start with a polite letter from a lawyer first).
Anybody who wonders why companies like Red Hat exercise great care around
software patents (and MP3 patents in particular) need only look at episodes
like this. The selling of enterprise Linux products is likely to be
distinctly harder if your prospective customers see your conference booth
being forcibly shut down by the authorities.
Meanwhile, it occurred to your editor, while thinking about music players,
that little has been said about the Rockbox project on LWN in recent times.
Rockbox, remember, is a GPL-licensed firmware which runs on a wide
variety of music players. It offers a wider range of features, has
more codecs, is more customizable, and has better accessibility support
than the stock firmware on any of these devices. And it's free software.
Since LWN last looked at this project, the Rockbox developers have added a
number of new features and new platforms. The abandoned 3.0 release has never
happened; the Rockbox developers appear to have given up on the idea of
formal releases for now. The daily snapshots generally work quite well,
though, and there are lots of satisfied Rockbox users out there.
[PULL QUOTE:
Despite the fact that Rockbox supports a lot of players,
absolutely none of the supported platforms are currently in production. So
anybody looking to buy a player which can run Rockbox must go digging
around on auction sites.
END QUOTE]
The only problem is: it's not clear how many more such users may arrive in
the future. Despite the fact that Rockbox supports a lot of players,
absolutely none of the supported platforms are currently in production. So
anybody looking to buy a player which can run Rockbox must go digging
around on auction sites. Many Rockbox users do exactly that, but many more
potential users would rather not get their devices that way.
Rockbox ports to current devices are underway, but the developers are fighting an
uphill battle. Manufacturers tend to be uncooperative when it comes to
releasing hardware information, so a certain amount of reverse engineering
is required. And, by the time that work is done, the manufacturers have
moved on to a new product. Music players are consumer electronics devices,
and, like most such devices, their product lifetime tends to be quite
short. So developers on a project like Rockbox will forever be trying to
catch up.
Your editor, meanwhile, still lugs around his ancient iRiver H340. People
look at it strangely, as if they expect there to be a hatch on the back
so that the user can occasionally add another shovel full of coal. But it
works beautifully with Rockbox, and a replacement looks hard to find. Your
editor wishes that at least one manufacturer would realize that it could
provide better functionality at a lower cost by designing its players to
run Rockbox from the beginning. Perhaps the project needs better advocacy
within the player industry.
There is another approach which could be considered here. The OpenMoko
project is trying to rearrange the mobile telephone market by offering a
completely open product. Surely a music player, being a much simpler
device, would be amenable to the same treatment? As it turns out, there
are a couple groups of people trying to jump start just this kind of
effort. They have a
prototype design, and a
competing design as well. Both look like they could produce a
respectable player at a reasonable cost - a player designed to run free
software from the outset.
Designing a device which can run Rockbox and produce decent audio (and
video) output is not that hard, given the components which are available.
Turning it into a product which is small and sleek enough that people want
to buy it seems likely to be harder. Getting a full device manufactured at
a reasonable cost may be the hardest of all; that requires significant
up-front money and a distribution channel which can sell enough units to make
the whole thing cost-effective. There's also the little issue of those MP3
patents to take care of.
There is no real sign that the Rockbox player developers are thinking on
this level at this time. One of the prototype designs carries a Creative
Commons noncommercial license in an attempt to prevent others from thinking
that way. So the resulting hardware may end up being little more than a
kit for especially dedicated hobbyists. Unless somebody picks up the ball
and tries to commercialize a product like this, Rockbox may be stuck in its
role as the software of choice for last year's players. The good news in
all this is that Linux-based tablet devices seem likely to become cheaper,
more abundant, and more compact. Since these devices can make fine media
players, we may eventually get our completely open gadget via that path.
Modulo patent problems, of course.
Comments (23 posted)
By Jonathan Corbet
March 11, 2008
Those of us who were using Linux full-time around the turn of the century
will remember that the state of web browsing on Linux was a little scary
then. The only real option available was the binary-only Netscape 4
client; it was buggy and old. It really seemed like the web was going to
move forward without Linux, and that there was not a whole lot we could do
about it.
Things have improved somewhat on that front; we now have a few top-quality
web browsers to choose between. At the same time, though, one might be
forgiven for thinking that we are heading back into a similar situation,
but involving Flash this time around. For all practical purposes, there is
only one viable option for Flash on Linux: the binary-only plugin provided
by Adobe. But that plugin is not just proprietary software; it also is
somewhat old and buggy, and there is nothing we can do to fix it. For an
increasing part of the web experience, we still have a second-rate,
proprietary platform.
When one thinks of Flash, naturally, one thinks of video sites like
YouTube. But there is more to the Flash experience than silly videos and
obnoxious advertising. Some parts of Google are heavily into flash, as can
be seen from that company's finance sites or analytics offerings. Your
editor's children will attest that there's no end of game sites which
require Flash, and for which the Linux plugin fails to work properly.
Looking for any way to reduce the total amount of time spent in airplane
seats, your editor recently investigated "around the world" tickets; that
search ended up at this
travel planning site which, of course, requires Flash. And so on.
Like it or not, Flash is the language in which an increasing number of
interactive sites are being coded, and Linux does not have proper support
for it.
With this in mind, your editor decided to give the recently-announced Gnash 0.8.2 release a try. This
release was billed as the first beta version of Gnash, so there was reason
to hope that it would be something close to a true solution to the Flash
problem. In reality, Gnash is a step in the right direction, but the Flash
issue will be with us for some time yet.
For now, the acid test for a Flash player would appear to be YouTube, so
that is the first place your editor went. The experience there was mixed.
It is, in fact, possible to watch YouTube videos using the Gnash Firefox
plugin. Hearing them is another matter, though; they all played silently.
It would not be surprising to learn that getting audio is a matter of
filling in a missing codec - but would sure be nice if the software were to
say something to that effect. Pausing and playing the video worked, but
skipping around in it did not. Playing videos from other sites was
uniformly unsuccessful.
The "around the world" calculator appeared to load properly, but then took
off as if somebody were punching all of its buttons at once. Charts on
Google sites are uniformly blank. Some flash games mostly worked, others
showed more input-related confusion. Few of them were truly playable. On
the other hand, Flash "intros" and advertisements mostly work as intended -
just what your editor wanted.
So Gnash is not really there yet. In truth, this software is not in a
condition where the use of the term "beta" makes sense; there is a
lot of work yet to be done. There are few of us clamoring for
support for more obnoxious advertising - especially among the LWN
readership, as your plentiful emails over the last couple of months have
made clear. What we want is working support for the useful Flash
applications out there - and there are a few of those at this point. Gnash
does not, currently, provide that support. (Your editor also tried out Swfdec 0.6.0, with generally
worse results).
That said, it is clear that a lot of work has been done to get Gnash to
this point. Your editor has no real way to judge how much more is required
to get full support for even Flash version 7; chances are it is not a
small job. Needless to say, support for newer versions of Flash will
require even more work. But there now appears to be a solid platform upon
which that work can be done, and that is an important start. Gnash has the
look of a project which has overcome some of the biggest initial hurdles
and is now setting a pace to finish the job. With luck, it will have
reached the point where the fact that it almost works will inspire
new developers to come in and fill in the remaining pieces.
Adobe has the ability to make this job a lot easier. Your editor has
heard, informally, that the company has taken a less hostile position
toward the Gnash developers than it had in the past, but it certainly is still not
helping them. The Flash specifications are not available to anybody trying
to create a Flash player, and, unsurprisingly, the Flash EULA
forbids any sort of reverse engineering. That EULA, incidentally, also
forbids running Adobe's player on any "non-PC device," including tablets
and phones. That restriction suggests that Adobe sees business
opportunities in the lack of a free Flash player for such systems and
intends to ensure that this scarcity continues. So, despite the
occasionally friendly noises Adobe has been making toward the Linux
community, we should not expect a great deal of help from that direction.
Someday, people will figure out that closed standards (like Flash) are best
avoided. Meanwhile, Flash is a fact of life that we will need to
deal with. It appears that we are getting closer to being able to deal
with it - but we are not there yet.
Comments (49 posted)
Page editor: Jonathan Corbet
Security
By Jake Edge
March 12, 2008
Cross-site scripting (XSS) is a frequent topic on security forums because
it is a common web application flaw that can lead to variety of unpleasant
surprises. One of the more frequently seen abuses of an XSS flaw is in the
aid of a phishing attack. With the advent of Extended Validation (EV)
certificates coupled with the accompanying browser UI changes, some XSS attacks will
become much more powerful.
By now, most users are familiar with SSL certificates, which are used to
authenticate one or both sides of an HTTPS connection to the other. EV
certificates are a step up from a
more pedestrian SSL certificate as the recipient must undergo more scrutiny from the
certificate authority (CA) before being granted one. We covered EV certificates in more
detail in November 2006, but they are just now starting to be installed
more widely.
Netcraft reported
the problem a few weeks ago with regard to sourceforge.net. Sourceforge is one of
the 4,000 or so sites with an EV certificate, but it also has an XSS
problem. So anyone using the site for XSS purposes now gets the benefit of
the higher trust that is supposed to be embodied in an EV certificate.
Browser vendors are being encouraged to highlight the EV certificates in
their UI so as to give users more confidence in those sites. The most
recent Firefox 3 betas as well as IE7 are highlighting the site name in
green in the address bar to denote this higher trust. Unfortunately, the
extra validation does not extend to testing the site for XSS flaws, which could
leave users easily fooled.
A phishing attack could use an XSS flaw in a search box or error message, for
example, to add content to the appearance of a site. That content is really coming
from the XSS attack but it would appear under the "green means go" address
bar for the EV certificate-protected site. That content could include a
login screen that sent the credentials elsewhere or a cookie stealing
attack for session hijacking. For any site with sensitive information, XSS
attacks are already a problem, EV certificates just add another mechanism
for exploiting the user's trust.
Much like the padlock icon that appeared many years
ago to denote a "secure" (really, just encrypted) connection, this new green address bar indicator is
somewhat difficult to explain. Based on the vetting process for EV
certificates, there should be a real entity behind an EV
certificate—or at least there was one at the time of
issuance—but it is by no means an endorsement of the security of everything on a web
page that has one. It is, like the original padlock, more nuanced than that.
Unfortunately, users are not good at security nuances. They want yes or no
answers to "Is this site safe?"; that answer is nearly always "maybe" or
perhaps "probably". At one time, the padlock icon was seen as a "yes" answer;
now the green address bar may take its place. Somehow users need to be
taught to look beyond simple answers and websites need to clean up their
act so that their users are not scammed.
The number of sites with XSS
problems is staggering (a look at xssed.com
is instructive) and new ones crop up all the time.
In many ways, XSS is an attack against users rather than directly against a
site. This may make it less of a priority to fix than a direct attack,
like a SQL injection, might be. That is very unfortunate for their users, especially if
they have a shiny new EV certificate.
Comments (10 posted)
The LWN Security page has lots of useful information, but sometimes it
seems to stretch on for a long ways. A lot of that length is contained in
the "Updated vulnerabilities" section and we are starting to wonder if that
really adds that much to the page. It is collected automatically from our
daily security updates, so removing it won't help us kick out the weekly
edition any faster, but it might make reading the page, especially in the
"one big page" format, somewhat easier. If we removed that section, the
information will still appear in the daily summaries, of course, and be
available by searching our database. Before we do that, though, we'd like
to hear from our readers regarding their thoughts on the matter. Please
comment if you have thoughts one way or the other.
Comments (46 posted)
New vulnerabilities
java: multiple vulnerabilities
| Package(s): | java-1.5.0-sun |
CVE #(s): | CVE-2008-1185
CVE-2008-1186
CVE-2008-1187
CVE-2008-1188
CVE-2008-1189
CVE-2008-1190
CVE-2008-1191
CVE-2008-1192
CVE-2008-1193
CVE-2008-1194
CVE-2008-1195
CVE-2008-1196
|
| Created: | March 7, 2008 |
Updated: | July 16, 2008 |
| Description: |
From the Red Hat advisory:
Flaws in the JRE allowed an untrusted application or applet to elevate its
privileges. This could be exploited by a remote attacker to access local
files or execute local applications accessible to the user running the JRE
(CVE-2008-1185, CVE-2008-1186)
A flaw was found in the Java XSLT processing classes. An untrusted
application or applet could cause a denial of service, or execute arbitrary
code with the permissions of the user running the JRE. (CVE-2008-1187)
Several buffer overflow flaws were found in Java Web Start (JWS). An
untrusted JNLP application could access local files or execute local
applications accessible to the user running the JRE.
(CVE-2008-1188, CVE-2008-1189, CVE-2008-1190, CVE-2008-1191, CVE-2008-1196)
A flaw was found in the Java Plug-in. A remote attacker could bypass the
same origin policy, executing arbitrary code with the permissions of the
user running the JRE. (CVE-2008-1192)
A flaw was found in the JRE image parsing libraries. An untrusted
application or applet could cause a denial of service, or possible execute
arbitrary code with the permissions of the user running the JRE.
(CVE-2008-1193)
A flaw was found in the JRE color management library. An untrusted
application or applet could trigger a denial of service (JVM crash).
(CVE-2008-1194)
The JRE allowed untrusted JavaScript code to create local network
connections by the use of Java APIs. A remote attacker could use these
flaws to acesss local network services. (CVE-2008-1195)
|
| Alerts: |
|
Comments (none posted)
joomla: multiple vulnerabilities
| Package(s): | joomla |
CVE #(s): | CVE-2007-6642
CVE-2007-6643
CVE-2007-6644
CVE-2007-6645
|
| Created: | March 6, 2008 |
Updated: | March 12, 2008 |
| Description: |
The Joomla PHP-based content management system has the following vulnerabilities:
There are multiple cross-site request forgery vulnerabilities.
There is one cross-site scripting vulnerability.
There is a vulnerability where remote authenticated administrators can
promote arbitrary users to the administrator group, violating the intended
security model.
There is a registered user privilege escalation vulnerability. |
| Alerts: |
|
Comments (none posted)
kronolith: privilege escalation and more?
| Package(s): | kronolith |
CVE #(s): | |
| Created: | March 10, 2008 |
Updated: | March 12, 2008 |
| Description: |
The Fedora advisory is light on details:
Fix privilege escalation in Horde API. Fix missing ownership validation on
share changes.
|
| Alerts: |
|
Comments (none posted)
libnet-dns-perl: denial of service
| Package(s): | libnet-dns-perl |
CVE #(s): | CVE-2007-6341
CVE-2007-3409
|
| Created: | March 12, 2008 |
Updated: | March 27, 2008 |
| Description: |
The libnet-dns-perl package can crash when decoding malformed A records, creating a denial of service vulnerability. Also, the domain name expander can be sent into an infinite loop, also a denial of service problem. |
| Alerts: |
|
Comments (none posted)
lighttpd: cgi source disclosure
| Package(s): | lighttpd |
CVE #(s): | CVE-2008-1111
|
| Created: | March 7, 2008 |
Updated: | April 4, 2008 |
| Description: |
lighttpd
before 1.4.18 is vulnerable to cgi source disclosure. |
| Alerts: |
|
Comments (none posted)
MediaWiki: cross-site scripting
| Package(s): | mediawiki |
CVE #(s): | CVE-2008-0460
|
| Created: | March 7, 2008 |
Updated: | December 24, 2008 |
| Description: |
From the CVE entry: Cross-site scripting (XSS) vulnerability in api.php in
(1) MediaWiki 1.11 through 1.11.0rc1, 1.10 through 1.10.2, 1.9 through
1.9.4, and 1.8; and (2) the BotQuery extension for MediaWiki 1.7 and
earlier; when Internet Explorer is used, allows remote attackers to inject
arbitrary web script or HTML via unspecified vectors. |
| Alerts: |
|
Comments (none posted)
moin: multiple vulnerabilities
| Package(s): | moin |
CVE #(s): | CVE-2007-2637
CVE-2008-0782
CVE-2008-1098
CVE-2008-1099
|
| Created: | March 10, 2008 |
Updated: | January 30, 2009 |
| Description: |
From the Debian advisory:
CVE-2007-2637:
Access control lists for calendars and includes were
insufficiently enforced, which could lead to information
disclosure.
CVE-2008-0782:
A directory traversal vulnerability in cookie handling could
lead to local denial of service by overwriting files.
CVE-2008-1098:
Cross-site-scripting vulnerabilities have been discovered in
the GUI editor formatter and the code to delete pages.
CVE-2008-1099:
The macro code validates access control lists insufficiently,
which could lead to information disclosure.
|
| Alerts: |
|
Comments (none posted)
nx: multiple vulnerabilites
| Package(s): | nx |
CVE #(s): | |
| Created: | March 7, 2008 |
Updated: | March 12, 2008 |
| Description: |
There are multiple vulnerabilities in nx before 3.1.0. |
| Alerts: |
|
Comments (none posted)
pdflib: multiple buffer overflows
| Package(s): | pdflib |
CVE #(s): | CVE-2007-6561
|
| Created: | March 11, 2008 |
Updated: | March 12, 2008 |
| Description: |
From the CVE entry: Multiple stack-based buffer overflows in PDFLib allow user-assisted remote attackers to execute arbitrary code via a long filename argument to the PDF_load_image function that results in an overflow in the pdc_fsearch_fopen function, and possibly other vectors. |
| Alerts: |
|
Comments (none posted)
phpmyadmin: sql injection
| Package(s): | phpmyadmin |
CVE #(s): | CVE-2008-1149
|
| Created: | March 10, 2008 |
Updated: | February 2, 2009 |
| Description: |
From the Gentoo advisory:
Richard Cunningham reported that phpMyAdmin uses the $_REQUEST variable
of $_GET and $_POST as a source for its parameters.
An attacker could entice a user to visit a malicious web application
that sets an "sql_query" cookie and is hosted on the same domain as
phpMyAdmin, and thereby conduct SQL injection attacks with the
privileges of the user authenticating in phpMyAdmin afterwards.
|
| Alerts: |
|
Comments (none posted)
SynCE: several vulnerabilities
| Package(s): | synce-sync-engine |
CVE #(s): | CVE-2007-6703
CVE-2008-1136
|
| Created: | March 7, 2008 |
Updated: | March 12, 2008 |
| Description: |
Red Hat bug #436023:
"Unspecified vulnerability in vdccm before 0.10.1 in SynCE
(SynCE-dccm) might allow attackers to cause a denial of service via
unspecified vectors."
Red Hat bug #436024:
"The Utils::runScripts function in src/utils.cpp in vdccm 0.92
through 0.10.0 in SynCE (SynCE-dccm) allows remote attackers to execute
arbitrary commands via shell metacharacters in a certain string to TCP port
5679." |
| Alerts: |
|
Comments (none posted)
vlc: multiple vulnerabilities
| Package(s): | vlc |
CVE #(s): | CVE-2007-6681
CVE-2007-6682
CVE-2007-6683
CVE-2007-6684
CVE-2008-0295
CVE-2008-0296
CVE-2008-0984
|
| Created: | March 10, 2008 |
Updated: | April 23, 2008 |
| Description: |
From the Gentoo advisory:
* Michal Luczaj and Luigi Auriemma reported that VLC contains
boundary errors when handling subtitles in the ParseMicroDvd(),
ParseSSA(), and ParseVplayer() functions in the
modules/demux/subtitle.c file, allowing for a stack-based buffer
overflow (CVE-2007-6681).
* The web interface listening on port 8080/tcp contains a format
string error in the httpd_FileCallBack() function in the
network/httpd.c file (CVE-2007-6682).
* The browser plugin possibly contains an argument injection
vulnerability (CVE-2007-6683).
* The RSTP module triggers a NULL pointer dereference when processing
a request without a "Transport" parameter (CVE-2007-6684).
* Luigi Auriemma and Remi Denis-Courmont found a boundary error in
the modules/access/rtsp/real_sdpplin.c file when processing SDP data
for RTSP sessions (CVE-2008-0295) and a vulnerability in the
libaccess_realrtsp plugin (CVE-2008-0296), possibly resulting in a
heap-based buffer overflow.
* Felipe Manzano and Anibal Sacco (Core Security Technologies)
discovered an arbitrary memory overwrite vulnerability in VLC's
MPEG-4 file format parser (CVE-2008-0984).
|
| Alerts: |
|
Comments (none posted)
vobcopy: insecure temp file
| Package(s): | vobcopy |
CVE #(s): | CVE-2007-5718
|
| Created: | March 6, 2008 |
Updated: | March 12, 2008 |
| Description: |
From the Gentoo alert:
Joey Hess reported that vobcopy appends data to the file
"/tmp/vobcopy.bla" in an insecure manner.
A local attacker could exploit this vulnerability to conduct symlink
attacks and append data to arbitrary files with the privileges of the
user running Vobcopy. |
| Alerts: |
|
Comments (none posted)
Updated vulnerabilities
acroread: multiple vulnerabilities
| Package(s): | acroread |
CVE #(s): | CVE-2006-5857
CVE-2007-0045
CVE-2007-0046
|
| Created: | January 11, 2007 |
Updated: | October 26, 2009 |
| Description: |
Adobes acrobat reader has the following vulnerabilities:
The Adobe Reader Plugin has a cross site scripting vulnerability that
can be triggered by processes malformed URLs. Arbitrary JavaScript can
be served by a malicious web server, leading to a cross-site scripting
attack.
Maliciously crafted PDF files can be used to trigger two vulnerabilities,
if an attacker can trick a user into viewing the files, arbitrary code
can be executed with the user's privileges. |
| Alerts: |
|
Comments (1 posted)
am-utils: overwrite arbitrary files
| Package(s): | am-utils |
CVE #(s): | |
| Created: | February 29, 2008 |
Updated: | March 5, 2008 |
| Description: |
The am-utils package could be vulnerable to an attack in which one local
user can modify the contents of arbitrary files to which other local users
running expn have write access. |
| Alerts: |
|
Comments (none posted)
apache: cross-site scripting
| Package(s): | apache |
CVE #(s): | CVE-2006-3918
|
| Created: | August 9, 2006 |
Updated: | April 4, 2008 |
| Description: |
From the Red Hat advisory: "A bug was found in Apache where an invalid Expect header sent to the server
was returned to the user in an unescaped error message. This could
allow an attacker to perform a cross-site scripting attack if a victim was
tricked into connecting to a site and sending a carefully crafted Expect
header." |
| Alerts: |
|
Comments (none posted)
apache: several vulnerabilities
| Package(s): | apache |
CVE #(s): | CVE-2007-5000
CVE-2007-6388
CVE-2008-0005
|
| Created: | January 15, 2008 |
Updated: | July 29, 2008 |
| Description: |
A flaw was found in the mod_imap module. On sites where mod_imap was
enabled and an imagemap file was publicly available, a cross-site scripting
attack was possible. (CVE-2007-5000)
A flaw was found in the mod_status module. On sites where mod_status was
enabled and the status pages were publicly available, a cross-site
scripting attack was possible. (CVE-2007-6388)
A flaw was found in the mod_proxy_ftp module. On sites where mod_proxy_ftp
was enabled and a forward proxy was configured, a cross-site scripting
attack was possible against Web browsers which did not correctly derive the
response character set following the rules in RFC 2616. (CVE-2008-0005) |
| Alerts: |
|
Comments (1 posted)
asterisk: possible SQL injection
| Package(s): | asterisk |
CVE #(s): | CVE-2007-6170
|
| Created: | December 3, 2007 |
Updated: | April 15, 2008 |
| Description: |
Tilghman Lesher discovered that the logging engine of Asterisk, a free
software PBX and telephony toolkit, performs insufficient sanitizing of
call-related data, which may lead to SQL injection. |
| Alerts: |
|
Comments (none posted)
audacity: insecure tmpfile handling
| Package(s): | audacity |
CVE #(s): | CVE-2007-6061
|
| Created: | March 3, 2008 |
Updated: | May 12, 2008 |
| Description: |
From the Gentoo advisory:
Viktor Griph reported that the "AudacityApp::OnInit()" method in file
src/AudacityApp.cpp does not handle temporary files properly.
A local attacker could exploit this vulnerability to conduct symlink
attacks to delete arbitrary files and directories with the privileges
of the user running Audacity.
|
| Alerts: |
|
Comments (none posted)
avahi: denial of service
| Package(s): | avahi |
CVE #(s): | CVE-2007-3372
|
| Created: | June 28, 2007 |
Updated: | December 23, 2008 |
| Description: |
Avahi is vulnerable to a local denial of service that can be caused by
making an erroneous call to the assert() function. |
| Alerts: |
|
Comments (none posted)
bind: insecure permissions
| Package(s): | bind |
CVE #(s): | CVE-2007-6283
|
| Created: | December 21, 2007 |
Updated: | July 10, 2008 |
| Description: |
Red Hat Enterprise Linux 5 and Fedora install the Bind /etc/rndc.key file
with world-readable permissions, which allows local users to perform
unauthorized named commands, such as causing a denial of service by
stopping named. |
| Alerts: |
|
Comments (1 posted)
bind: off-by-one error
| Package(s): | bind |
CVE #(s): | CVE-2008-0122
|
| Created: | January 22, 2008 |
Updated: | July 10, 2008 |
| Description: |
Off-by-one error in the inet_network function in libc in FreeBSD 6.2, 6.3,
and 7.0-PRERELEASE and earlier allows context-dependent attackers to cause
a denial of service (crash) and possibly execute arbitrary code via crafted
input that triggers memory corruption. |
| Alerts: |
|
Comments (none posted)
boost: denial of service
| Package(s): | boost |
CVE #(s): | CVE-2008-0171
CVE-2008-0172
|
| Created: | January 17, 2008 |
Updated: | March 22, 2012 |
| Description: |
From the Ubuntu alert:
Will Drewry and Tavis Ormandy discovered that the boost library
did not properly perform input validation on regular expressions.
An attacker could send a specially crafted regular expression to
an application linked against boost and cause a denial of service
via application crash. |
| Alerts: |
|
Comments (none posted)
cacti: multiple vulnerabilities
| Package(s): | cacti |
CVE #(s): | CVE-2008-0783
CVE-2008-0784
CVE-2008-0785
CVE-2008-0786
|
| Created: | February 28, 2008 |
Updated: | July 16, 2008 |
| Description: |
From the Mandriva alert:
A number of vulnerabilities were found in the Cacti program, including
XSS vulnerabilities, SQL injection vulnerabilities, CRLF injection
vulnerabilities, and information disclosure vulnerabilities. |
| Alerts: |
|
Comments (none posted)
cacti: denial of service
| Package(s): | cacti |
CVE #(s): | CVE-2007-3112
CVE-2007-3113
|
| Created: | September 18, 2007 |
Updated: | December 16, 2009 |
| Description: |
A vulnerability in Cacti 0.8.6i and earlier versions allows remote
authenticated users to cause a denial of service (CPU consumption) via
large values of the graph_start, graph_end, graph_height, or graph_width
parameters. |
| Alerts: |
|
Comments (none posted)
cairo: integer overflow
| Package(s): | Cairo |
CVE #(s): | CVE-2007-5503
|
| Created: | November 29, 2007 |
Updated: | April 10, 2008 |
| Description: |
Cairo has an integer overflow vulnerability in the PNG image processing
code. If a user processes a specially crafted PNG image with an
application that is linked against cairo, arbitrary code can be executed
with the user's privileges. |
| Alerts: |
|
Comments (none posted)
clamav: arbitrary code execution
| Package(s): | clamav |
CVE #(s): | CVE-2008-0318
|
| Created: | February 13, 2008 |
Updated: | April 18, 2008 |
| Description: |
From the CVE:
Integer overflow in libclamav in ClamAV before 0.92.1, as used in clamd, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Petite packed PE file, which triggers a heap-based buffer overflow. |
| Alerts: |
|
Comments (1 posted)
clamav: arbitrary file overwrite
| Package(s): | clamav |
CVE #(s): | CVE-2007-6595
|
| Created: | February 18, 2008 |
Updated: | August 8, 2008 |
| Description: |
From the CVE entry:
ClamAV 0.92 allows local users to overwrite arbitrary files via a symlink attack on (1) temporary files in the cli_gentempfd function in libclamav/others.c or on (2) .ascii files in sigtool, when utf16-decode is enabled. |
| Alerts: |
|
Comments (4 posted)
clamav: heap corruption
| Package(s): | clamav |
CVE #(s): | CVE-2008-0728
|
| Created: | February 22, 2008 |
Updated: | April 18, 2008 |
| Description: |
From the CVE entry: libclamav/mew.c in libclamav in ClamAV before 0.92.1 has unknown impact and attack vectors that trigger "heap corruption." |
| Alerts: |
|
Comments (none posted)
clamav: integer overflow and off-by-one
| Package(s): | clamav |
CVE #(s): | CVE-2007-6335
CVE-2007-6336
|
| Created: | December 19, 2007 |
Updated: | July 17, 2008 |
| Description: |
ClamAV contains integer overflow and off-by-one errors which could be exploited (via specially-crafted email) to execute arbitrary code. |
| Alerts: |
|
Comments (none posted)
cpio: arbitrary code execution
| Package(s): | cpio |
CVE #(s): | CVE-2005-4268
|
| Created: | January 2, 2006 |
Updated: | March 17, 2010 |
| Description: |
Richard Harms discovered that cpio did not sufficiently validate file
properties when creating archives. Files with e. g. a very large size
caused a buffer overflow. By tricking a user or an automatic backup
system into putting a specially crafted file into a cpio archive, a
local attacker could probably exploit this to execute arbitrary code
with the privileges of the target user (which is likely root in an
automatic backup system). |
| Alerts: |
|
Comments (none posted)
vixie-cron: privilege escalation
| Package(s): | cron |
CVE #(s): | CVE-2006-2607
|
| Created: | May 31, 2006 |
Updated: | June 1, 2009 |
| Description: |
The Vixie cron daemon does not check the return code from setuid(); if that call can be made to fail, a local attacker may be able to execute commands as root. |
| Alerts: |
|
Comments (1 posted)
cscope: buffer overflows
| Package(s): | cscope |
CVE #(s): | CVE-2006-4262
|
| Created: | October 2, 2006 |
Updated: | June 16, 2009 |
| Description: |
Will Drewry of the Google Security Team discovered several buffer overflows
in cscope, a source browsing tool, which might lead to the execution of
arbitrary code. |
| Alerts: |
|
Comments (none posted)
cscope: buffer overflows
| Package(s): | cscope |
CVE #(s): | CVE-2004-2541
|
| Created: | May 22, 2006 |
Updated: | June 19, 2009 |
| Description: |
A buffer overflow in Cscope 15.5, and possibly multiple overflows, allows
remote attackers to execute arbitrary code via a C file with a long
#include line that is later browsed by the target. |
| Alerts: |
|
Comments (1 posted)
cups: denial of service
| Package(s): | cups |
CVE #(s): | CVE-2008-0882
|
| Created: | February 22, 2008 |
Updated: | April 3, 2008 |
| Description: |
From the Red Hat advisory: A flaw was found in the way CUPS handles the addition and removal of remote shared printers via IPP. A remote attacker could send malicious UDP IPP packets causing the CUPS daemon to crash. |
| Alerts: |
|
Comments (none posted)
cups: multiple vulnerabilities
| Package(s): | cups |
CVE #(s): | CVE-2008-0596
CVE-2008-0597
|
| Created: | February 25, 2008 |
Updated: | March 6, 2008 |
| Description: |
From the Red Hat advisory:
A flaw was found in the way CUPS handled the addition and removal of remote
shared printers via IPP. A remote attacker could send malicious UDP IPP
packets causing the CUPS daemon to attempt to dereference already freed
memory and crash. (CVE-2008-0597)
A memory management flaw was found in the way CUPS handled the addition and
removal of remote shared printers via IPP. When shared printer was
removed, allocated memory was not properly freed, leading to a memory leak
possibly causing CUPS daemon crash after exhausting available memory.
(CVE-2008-0596)
These issues were found during the investigation of CVE-2008-0882. |
| Alerts: |
|
Comments (none posted)
cups: multiple vulnerabilities
Comments (none posted)
dbus: privilege escalation
| Package(s): | dbus |
CVE #(s): | CVE-2008-0595
|
| Created: | February 28, 2008 |
Updated: | October 14, 2008 |
| Description: |
From the Red Hat alert:
Havoc Pennington discovered a flaw in the way the dbus-daemon applies its
security policy. A user with the ability to connect to the dbus-daemon may
be able to execute certain method calls they should normally not have
permission to access. |
| Alerts: |
|
Comments (none posted)
debian-goodies: privilege escalation
| Package(s): | debian-goodies |
CVE #(s): | CVE-2007-3912
|
| Created: | October 5, 2007 |
Updated: | March 24, 2008 |
| Description: |
Thomas de Grenier de Latour discovered that the checkrestart program included
in debian-goodies did not correctly handle shell meta-characters. A local
attacker could exploit this to gain the privileges of the user running
checkrestart. |
| Alerts: |
|
Comments (none posted)
Django: denial of service
| Package(s): | Django |
CVE #(s): | CVE-2007-5712
|
| Created: | November 12, 2007 |
Updated: | September 22, 2008 |
| Description: |
From the CVE notice:
The internationalization (i18n) framework in Django 0.91, 0.95, 0.95.1, and 0.96, and as used in other products such as PyLucid, when the USE_I18N option and the i18n component are enabled, allows remote attackers to cause a denial of service (memory consumption) via many HTTP requests with large Accept-Language headers. |
| Alerts: |
|
Comments (none posted)
dovecot: privilege escalation
| Package(s): | dovecot |
CVE #(s): | CVE-2007-4211
|
| Created: | August 15, 2007 |
Updated: | May 21, 2008 |
| Description: |
From the rPath advisory: "Previous versions of the dovecot package are vulnerable to a
minor privilege escalation attack in which an authenticated
user may exploit an ACL plugin weakness to save message flags
without having proper permissions." |
| Alerts: |
|
Comments (none posted)
dovecot: directory traversal
| Package(s): | dovecot |
CVE #(s): | CVE-2007-2231
|
| Created: | May 8, 2007 |
Updated: | May 21, 2008 |
| Description: |
Directory traversal vulnerability in index/mbox/mbox-storage.c in Dovecot
before 1.0.rc29, when using the zlib plugin, allows remote attackers to
read arbitrary gzipped (.gz) mailboxes (mbox files) via a .. (dot dot)
sequence in the mailbox name. |
| Alerts: |
|
Comments (none posted)
dovecot: multiple vulnerabilities
| Package(s): | dovecot |
CVE #(s): | CVE-2007-6598
|
| Created: | January 3, 2008 |
Updated: | October 7, 2008 |
| Description: |
Dovecot has multiple vulnerabilities including an issue involving the
confusion between LDAP-authenticated logins across users with the
same password and a denial of service involving a connecting user. |
| Alerts: |
|
Comments (none posted)
eggdrop: stack-based buffer overflow
| Package(s): | eggdrop |
CVE #(s): | CVE-2007-2807
|
| Created: | September 7, 2007 |
Updated: | December 8, 2009 |
| Description: |
A stack-based buffer overflow in mod/server.mod/servrmsg.c in Eggdrop
1.6.18, and possibly earlier, allows user-assisted, malicious remote IRC
servers to execute arbitrary code via a long private message. |
| Alerts: |
|
Comments (none posted)
elinks: code execution
| Package(s): | elinks |
CVE #(s): | CVE-2007-2027
|
| Created: | May 7, 2007 |
Updated: | October 30, 2009 |
| Description: |
Arnaud Giersch discovered that elinks incorrectly attempted to load
gettext catalogs from a relative path. If a user were tricked into
running elinks from a specific directory, a local attacker could execute
code with user privileges. |
| Alerts: |
|
Comments (none posted)
elinks: arbitrary file access
| Package(s): | elinks |
CVE #(s): | CVE-2006-5925
|
| Created: | November 16, 2006 |
Updated: | October 22, 2009 |
| Description: |
The elinks text-mode browser has an arbitrary file access vulnerability
in the Elinks SMB protocol handler. If a user can be tricked into
visiting a specially crafted web page, arbitrary files may be read or
written with the user's permissions. |
| Alerts: |
|
Comments (none posted)
emacs: buffer overflow
| Package(s): | emacs |
CVE #(s): | CVE-2007-6109
|
| Created: | December 10, 2007 |
Updated: | May 6, 2008 |
| Description: |
From the National Vulnerability Database:
Buffer overflow in emacs allows attackers to have an unknown impact, as demonstrated via a vector involving the command line. |
| Alerts: |
|
Comments (none posted)
evolution: format string vulnerability
| Package(s): | evolution |
CVE #(s): | CVE-2008-0072
|
| Created: | March 5, 2008 |
Updated: | May 28, 2008 |
| Description: |
The encrypted mail display code in evolution suffers from a format string vulnerability which could be exploited by way of a specially crafted email message. |
| Alerts: |
|
Comments (none posted)
pop mail man-in-the-middle attacks
| Package(s): | evolution thunderbird mutt fetchmail |
CVE #(s): | CVE-2007-1558
|
| Created: | May 8, 2007 |
Updated: | July 3, 2009 |
| Description: |
The APOP protocol allows remote attackers to guess the first 3 characters
of a password via man-in-the-middle (MITM) attacks that use crafted message
IDs and MD5 collisions. NOTE: this design-level issue potentially affects
all products that use APOP, including (1) Thunderbird, (2) Evolution, (3)
mutt, and (4) fetchmail. |
| Alerts: |
|
Comments (none posted)
exiftags: multiple vulnerabilities
| Package(s): | exiftags |
CVE #(s): | CVE-2007-6354
CVE-2007-6355
CVE-2007-6356
|
| Created: | December 31, 2007 |
Updated: | April 1, 2008 |
| Description: |
From the Gentoo advisory: Meder Kydyraliev (Google Security) discovered that Exif metadata is not
properly sanitized before being processed, resulting in illegal memory
access in the postprop() and other functions (CVE-2007-6354). He also
discovered integer overflow vulnerabilities in the parsetag() and other
functions (CVE-2007-6355) and an infinite recursion in the readifds()
function caused by recursive IFD references (CVE-2007-6356). |
| Alerts: |
|
Comments (none posted)
exiv2: integer overflow
| Package(s): | exiv2 |
CVE #(s): | CVE-2007-6353
|
| Created: | December 21, 2007 |
Updated: | October 15, 2008 |
| Description: |
Integer overflow in exif.cpp in exiv2 library allows context-dependent attackers to execute arbitrary code via a crafted EXIF file that triggers a heap-based buffer overflow. |
| Alerts: |
|
Comments (none posted)
fetchmail: denial of service
| Package(s): | fetchmail |
CVE #(s): | CVE-2007-4565
|
| Created: | September 5, 2007 |
Updated: | October 30, 2009 |
| Description: |
fetchmail before 6.3.9 allows context-dependent attackers to cause a denial of service (NULL dereference and application crash) by refusing certain warning messages that are sent over SMTP. |
| Alerts: |
|
Comments (none posted)
firebird: multiple vulnerabilities
| Package(s): | firebird |
CVE #(s): | CVE-2008-0387
CVE-2008-0467
|
| Created: | March 3, 2008 |
Updated: | March 27, 2008 |
| Description: |
From the Gentoo advisory:
Firebird does not properly handle certain types of XDR requests,
resulting in an integer overflow (CVE-2008-0387). Furthermore, it is
vulnerable to a buffer overflow when processing usernames
(CVE-2008-0467).
A remote attacker could send specially crafted XDR requests or an
overly long username to the vulnerable server, possibly resulting in
the remote execution of arbitrary code with the privileges of the user
running the application.
|
| Alerts: |
|
Comments (none posted)
firebird: buffer overflow
| Package(s): | firebird |
CVE #(s): | CVE-2007-3181
|
| Created: | July 2, 2007 |
Updated: | March 27, 2008 |
| Description: |
The Firebird DBMS has a buffer overflow vulnerability involving
the processing of connect requests with an overly large p_cnct_count
value. Remote attackers can send a specially crafted
request to the server in order to potentially execute arbitrary code with
the permissions of the Firebird user. |
| Alerts: |
|
Comments (none posted)
firefox: multiple vulnerabilities
| Package(s): | firefox |
CVE #(s): | CVE-2008-0414
CVE-2008-0416
CVE-2008-0420
CVE-2008-0594
|
| Created: | February 8, 2008 |
Updated: | May 21, 2008 |
| Description: |
From the Ubuntu advisory:
Flaws were discovered in the file upload form control. A malicious
website could force arbitrary files from the user's computer to be
uploaded without consent. (CVE-2008-0414)
Various flaws were discovered in character encoding handling. If a
user were ticked into opening a malicious web page, an attacker
could perform cross-site scripting attacks. (CVE-2008-0416)
Flaws were discovered in the BMP decoder. By tricking a user into
opening a specially crafted BMP file, an attacker could obtain
sensitive information. (CVE-2008-0420)
Emil Ljungdahl and Lars-Olof Moilanen discovered that a web forgery
warning dialog wasn't displayed under certain circumstances. A
malicious website could exploit this to conduct phishing attacks
against the user. (CVE-2008-0594)
|
| Alerts: |
|
Comments (none posted)
firefox: multiple vulnerabilities
| Package(s): | firefox seamonkey thunderbird |
CVE #(s): | CVE-2008-0412
CVE-2008-0413
CVE-2008-0415
CVE-2008-0417
CVE-2008-0418
CVE-2008-0419
CVE-2008-0591
CVE-2008-0592
CVE-2008-0593
|
| Created: | February 8, 2008 |
Updated: | May 21, 2008 |
| Description: |
From the Red Hat advisory:
Several flaws were found in the way Firefox processed certain malformed web
content. A webpage containing malicious content could cause Firefox to
crash, or potentially execute arbitrary code as the user running Firefox.
(CVE-2008-0412, CVE-2008-0413, CVE-2008-0415, CVE-2008-0419)
Several flaws were found in the way Firefox displayed malformed web
content. A webpage containing specially-crafted content could trick a user
into surrendering sensitive information. (CVE-2008-0591, CVE-2008-0593)
A flaw was found in the way Firefox stored password data. If a user saves
login information for a malicious website, it could be possible to corrupt
the password database, preventing the user from properly accessing saved
password data. (CVE-2008-0417)
A flaw was found in the way Firefox handles certain chrome URLs. If a user
has certain extensions installed, it could allow a malicious website to
steal sensitive session data. Note: this flaw does not affect a default
installation of Firefox. (CVE-2008-0418)
A flaw was found in the way Firefox saves certain text files. If a
website offers a file of type "plain/text", rather than "text/plain",
Firefox will not show future "text/plain" content to the user in the
browser, forcing them to save those files locally to view the content.
(CVE-2008-0592)
|
| Alerts: |
|
Comments (2 posted)
firefox, thunderbird, seamonkey: multiple vulnerabilities
| Package(s): | firefox, thunderbird, seamonkey |
CVE #(s): | CVE-2007-3738
CVE-2007-3656
CVE-2007-3670
CVE-2007-3285
CVE-2007-3737
CVE-2007-3089
CVE-2007-3736
CVE-2007-3734
CVE-2007-3735
|
| Created: | July 18, 2007 |
Updated: | May 12, 2008 |
| Description: |
shutdown and moz_bug_r_a4 reported two separate ways to modify an
XPCNativeWrapper such that subsequent access by the browser would result in
executing user-supplied code. (CVE-2007-3738)
Michal Zalewski reported that it was possible to bypass the same-origin
checks and read from cached (wyciwyg) documents It is possible to access
wyciwyg:// documents without proper same domain policy checks through the
use of HTTP 302 redirects. This enables the attacker to steal sensitive
data displayed on dynamically generated pages; perform cache poisoning; and
execute own code or display own content with URL bar and SSL certificate
data of the attacked page (URL spoofing++). (CVE-2007-3656)
Internet Explorer calls registered URL protocols without escaping quotes
and may be used to pass unexpected and potentially dangerous data to the
application that registers that URL Protocol. (CVE-2007-3670)
Ronald van den Heetkamp reported that a filename URL containing %00
(encoded null) can cause Firefox to interpret the file extension
differently than the underlying Windows operating system potentially
leading to unsafe actions such as running a program. This is only
accessible locally. (CVE-2007-3285)
An attacker can use an element outside of a document to call an event
handler allowing content to run arbitrary code with chrome
privileges. (CVE-2007-3737)
Ronen Zilberman and Michal Zalewski both reported that it was possible to
exploit a timing issue to inject content into about:blank frames in a
page. When opening a window from a script, it is possible to spoof the
content of the newly opened window's frames within a short time frame,
while the window is loading. (CVE-2007-3089)
Mozilla contributor moz_bug_r_a4 demonstrated that the methods
addEventListener and setTimeout could be used to inject script into another
site in violation of the browser's same-origin policy. This could be used
to access or modify private or valuable information from that other
site. (CVE-2007-3736)
As part of the Firefox 2.0.0.5 update releases Mozilla developers fixed
many bugs to improve the stability of the product. Some of these crashes
that showed evidence of memory corruption under certain circumstances and
we presume that with enough effort at least some of these could be
exploited to run arbitrary code. Note: Thunderbird shares the browser
engine with Firefox and could be vulnerable if JavaScript were to be
enabled in mail. This is not the default setting and we strongly discourage
users from running JavaScript in mail. Without further investigation we
cannot rule out the possibility that for some of these an attacker might be
able to prepare memory for exploitation through some means other than
JavaScript, such as large images. (CVE-2007-3734, CVE-2007-3735) |
| Alerts: |
|
Comments (none posted)
flash-plugin: lots of problems
Comments (3 posted)
freetype: arbitrary code execution
| Package(s): | freetype |
CVE #(s): | CVE-2007-2754
|
| Created: | May 24, 2007 |
Updated: | June 1, 2010 |
| Description: |
The Freetype font rendering library versions 2.3.4 and below
has an integer sign error. Remote attackers may be able to
create a specially crafted TrueType Font file with a negative
n_points value that will cause an integer overflow and heap-based
buffer overflow, allowing the execution of arbitrary code. |
| Alerts: |
|
Comments (none posted)
freetype: integer overflows
| Package(s): | freetype |
CVE #(s): | CVE-2006-0747
CVE-2006-1861
CVE-2006-2493
CVE-2006-2661
CVE-2006-3467
|
| Created: | June 8, 2006 |
Updated: | June 1, 2010 |
| Description: |
The FreeType library has several integer overflow vulnerabilities.
If a user can be tricked into installing a specially
crafted font file, arbitrary code can be executed with the privilege
of the user. |
| Alerts: |
|
Comments (none posted)
gcc: file overwrite vulnerability
| Package(s): | gcc |
CVE #(s): | CVE-2006-3619
|
| Created: | September 6, 2006 |
Updated: | March 14, 2008 |
| Description: |
The fastjar utility found in the GNU compiler collection does not perform adequate file path checking, allowing the creation or overwriting of files outside of the current directory tree. |
| Alerts: |
|
Comments (none posted)
gd: buffer overflow
| Package(s): | gd |
CVE #(s): | CVE-2007-0455
|
| Created: | February 7, 2007 |
Updated: | November 18, 2009 |
| Description: |
The gd graphics library contains a buffer overflow which could enable a remote attacker to execute arbitrary code. Note that various other packages include code from gd and could also be vulnerable. |
| Alerts: |
|
Comments (2 posted)
gd: multiple vulnerabilities
| Package(s): | gd |
CVE #(s): | CVE-2007-3472
CVE-2007-3473
CVE-2007-3474
CVE-2007-3475
CVE-2007-3476
CVE-2007-3477
CVE-2007-3478
|
| Created: | August 6, 2007 |
Updated: | November 6, 2009 |
| Description: |
Integer overflow in gdImageCreateTrueColor function in the GD Graphics
Library (libgd) before 2.0.35 allows user-assisted remote attackers
to have unspecified remote attack vectors and impact. (CVE-2007-3472)
The gdImageCreateXbm function in the GD Graphics Library (libgd)
before 2.0.35 allows user-assisted remote attackers to cause a denial
of service (crash) via unspecified vectors involving a gdImageCreate
failure. (CVE-2007-3473)
Multiple unspecified vulnerabilities in the GIF reader in the
GD Graphics Library (libgd) before 2.0.35 allow user-assisted
remote attackers to have unspecified attack vectors and
impact. (CVE-2007-3474)
The GD Graphics Library (libgd) before 2.0.35 allows user-assisted
remote attackers to cause a denial of service (crash) via a GIF image
that has no global color map. (CVE-2007-3475)
Array index error in gd_gif_in.c in the GD Graphics Library (libgd)
before 2.0.35 allows user-assisted remote attackers to cause
a denial of service (crash and heap corruption) via large color
index values in crafted image data, which results in a segmentation
fault. (CVE-2007-3476)
The (a) imagearc and (b) imagefilledarc functions in GD Graphics
Library (libgd) before 2.0.35 allows attackers to cause a denial
of service (CPU consumption) via a large (1) start or (2) end angle
degree value. (CVE-2007-3477)
Race condition in gdImageStringFTEx (gdft_draw_bitmap) in gdft.c in the
GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote
attackers to cause a denial of service (crash) via unspecified vectors,
possibly involving truetype font (TTF) support. (CVE-2007-3478) |
| Alerts: |
|
Comments (none posted)
gedit: format string vulnerability
| Package(s): | gedit |
CVE #(s): | CAN-2005-1686
|
| Created: | June 9, 2005 |
Updated: | February 5, 2009 |
| Description: |
A format string vulnerability has been discovered in gedit. Calling
the program with specially crafted file names caused a buffer
overflow, which could be exploited to execute arbitrary code with the
privileges of the gedit user. |
| Alerts: |
|
Comments (1 posted)
ghostscript: buffer overflow
| Package(s): | ghostscript gs |
CVE #(s): | CVE-2008-0411
|
| Created: | February 27, 2008 |
Updated: | April 10, 2008 |
| Description: |
The Ghostscript color-space handling code suffers from a buffer overflow which may be exploitable by way of a specially-crafted postscript file. |
| Alerts: |
|
Comments (none posted)
gnome-screensaver: keyboard lock bypass
| Package(s): | gnome-screensaver |
CVE #(s): | CVE-2007-3920
|
| Created: | October 24, 2007 |
Updated: | October 15, 2009 |
| Description: |
From the Ubuntu advisory:
Jens Askengren discovered that gnome-screensaver became confused when
running under Compiz, and could lose keyboard lock focus. A local
attacker could exploit this to bypass the user's locked screen saver. |
| Alerts: |
|
Comments (none posted)
openssh: inappropriate use of trusted cookies
| Package(s): | gnome-ssh-askpass openssh |
CVE #(s): | CVE-2007-4752
|
| Created: | September 11, 2007 |
Updated: | August 25, 2008 |
| Description: |
OpenSSH in versions prior
4.7 could use a trusted X11 cookie if the creation of an untrusted
cookie failed. |
| Alerts: |
|
Comments (none posted)
gnumeric: arbitrary code execution
| Package(s): | gnumeric |
CVE #(s): | CVE-2008-0668
|
| Created: | February 13, 2008 |
Updated: | August 8, 2008 |
| Description: |
From the CVE:
The excel_read_HLINK function in plugins/excel/ms-excel-read.c in Gnome Office Gnumeric before 1.8.1 allows user-assisted remote attackers to execute arbitrary code via a crafted XLS file containing XLS HLINK opcodes, possibly because of an integer signedness error that leads to an integer overflow. NOTE: some of these details are obtained from third party information. |
| Alerts: |
|
Comments (none posted)
grip: buffer overflow
| Package(s): | grip |
CVE #(s): | CAN-2005-0706
|
| Created: | March 10, 2005 |
Updated: | November 19, 2008 |
| Description: |
Grip, a CD ripper, has a buffer overflow vulnerability that can
occur when the CDDB server returns more than 16 matches. |
| Alerts: |
|
Comments (none posted)
gzip: multiple vulnerabilities
| Package(s): | gzip |
CVE #(s): | CVE-2006-4334
CVE-2006-4335
CVE-2006-4336
CVE-2006-4337
CVE-2006-4338
|
| Created: | September 19, 2006 |
Updated: | January 20, 2010 |
| Description: |
Tavis Ormandy of the Google Security Team discovered two denial of service
flaws in the way gzip expanded archive files. If a victim expanded a
specially crafted archive, it could cause the gzip executable to hang or
crash.
Tavis Ormandy of the Google Security Team discovered several code execution
flaws in the way gzip expanded archive files. If a victim expanded a
specially crafted archive, it could cause the gzip executable to crash or
execute arbitrary code. |
| Alerts: |
|
Comments (1 posted)
horde3: remote email deletion
| Package(s): | horde3 |
CVE #(s): | CVE-2007-6018
|
| Created: | January 21, 2008 |
Updated: | March 24, 2009 |
| Description: |
From the Debian advisory:
Ulf Harnhammer discovered that the HTML filter of the Horde web
application framework performed insufficient input sanitising, which
may lead to the deletion of emails if a user is tricked into viewing
a malformed email inside the Imp client. |
| Alerts: |
|
Comments (none posted)
horde-kronolith: local file inclusion
| Package(s): | horde-kronolith |
CVE #(s): | CVE-2006-6175
|
| Created: | January 17, 2007 |
Updated: | March 7, 2008 |
| Description: |
Kronolith contains a mistake in lib/FBView.php where a raw, unfiltered
string is used instead of a sanitized string to view local files. An
authenticated attacker could craft an HTTP GET request that uses directory
traversal techniques to execute any file on the web server as PHP code,
which could allow information disclosure or arbitrary code execution with
the rights of the user running the PHP application (usually the webserver
user). |
| Alerts: |
|
Comments (none posted)
httpd: cross-site scripting, denial of service
| Package(s): | httpd |
CVE #(s): | CVE-2007-6421
CVE-2007-6422
|
| Created: | January 15, 2008 |
Updated: | April 4, 2008 |
| Description: |
A flaw was found in the mod_proxy_balancer module. On sites where
mod_proxy_balancer was enabled, a cross-site scripting attack against an
authorized user was possible. (CVE-2007-6421)
A flaw was found in the mod_proxy_balancer module. On sites where
mod_proxy_balancer was enabled, an authorized user could send a carefully
crafted request that would cause the Apache child process handling that
request to crash. This could lead to a denial of service if using a
threaded Multi-Processing Module. (CVE-2007-6422) |
| Alerts: |
|
Comments (1 posted)
icu: arbitrary code execution
| Package(s): | icu |
CVE #(s): | CVE-2007-4770
CVE-2007-4771
|
| Created: | January 25, 2008 |
Updated: | May 15, 2008 |
| Description: |
From the Red Hat advisory:
Will Drewry reported multiple flaws in the way libicu processed certain
malformed regular expressions. If an application linked against ICU, such
as OpenOffice.org, processed a carefully crafted regular expression, it may
be possible to execute arbitrary code as the user running the application.
|
| Alerts: |
|
Comments (none posted)
imagemagick: multiple vulnerabilities
| Package(s): | imagemagick |
CVE #(s): | CVE-2007-4985
CVE-2007-4986
CVE-2007-4987
CVE-2007-4988
|
| Created: | October 4, 2007 |
Updated: | August 11, 2009 |
| Description: |
The ImageMagick image decoders have multiple vulnerabilities.
If a user can be tricked into processing a specially crafted
DCM, DIB, XBM, XCF, or XWD image, arbitrary code may be executed with
the user's privileges. |
| Alerts: |
|
Comments (none posted)
ImageMagick: integer overflows
| Package(s): | imagemagick |
CVE #(s): | CVE-2007-1797
|
| Created: | April 4, 2007 |
Updated: | August 11, 2009 |
| Description: |
Multiple integer overflows in ImageMagick before 6.3.3-5 allow remote
attackers to execute arbitrary code via (1) a crafted DCM image, which
results in a heap-based overflow in the ReadDCMImage function, or (2) the
(a) colors or (b) comments field in a crafted XWD image, which results in a
heap-based overflow in the ReadXWDImage function, different issues than
CVE-2007-1667. |
| Alerts: |
|
Comments (none posted)
jasper: denial of service
| Package(s): | jasper |
CVE #(s): | CVE-2007-2721
|
| Created: | June 1, 2007 |
Updated: | April 19, 2010 |
| Description: |
The jpc_qcx_getcompparms function in jpc/jpc_cs.c could allow remote
user-assisted attackers to cause a denial of service (crash) and possibly
corrupt the heap via malformed image files. |
| Alerts: |
|
Comments (none posted)
java: multiple vulnerabilities
| Package(s): | java |
CVE #(s): | CVE-2006-4339
CVE-2006-4790
CVE-2006-6731
CVE-2006-6736
CVE-2006-6737
CVE-2006-6745
|
| Created: | January 18, 2007 |
Updated: | June 4, 2010 |
| Description: |
java has multiple vulnerabilities, these include:
an RSA exponent padding attack vulnerability, two vulnerabilities
which allow untrusted applets to access data in other applets,
vulnerabilities that involve applets gaining privileges due to
serialization bugs in the JRE and buffer overflows in the java image
handling routines that can give attackers read/write/execute capabilities
for local files. |
| Alerts: |
|
Comments (1 posted)
java-1.5.0-sun: multiple vulnerabilities
| Package(s): | java-1.5.0-sun |
CVE #(s): | CVE-2007-3503
CVE-2007-3655
CVE-2007-3698
CVE-2007-3922
|
| Created: | August 6, 2007 |
Updated: | June 24, 2008 |
| Description: |
The Javadoc tool was able to generate HTML documentation pages that
contained cross-site scripting (XSS) vulnerabilities. A remote attacker
could use this to inject arbitrary web script or HTML. (CVE-2007-3503)
The Java Web Start URL parsing component contained a buffer overflow
vulnerability within the parsing code for JNLP files. A remote attacker
could create a malicious JNLP file that could trigger this flaw and execute
arbitrary code when opened. (CVE-2007-3655)
The JSSE component did not correctly process SSL/TLS handshake requests. A
remote attacker who is able to connect to a JSSE-based service could
trigger this flaw leading to a denial-of-service. (CVE-2007-3698)
A flaw was found in the applet class loader. An untrusted applet could use
this flaw to circumvent network access restrictions, possibly connecting to
services hosted on the machine that executed the applet. (CVE-2007-3922)
|
| Alerts: |
|
Comments (none posted)
java: multiple vulnerabilities
| Package(s): | java-1.5.0-sun |
CVE #(s): | CVE-2008-0657
|
| Created: | February 12, 2008 |
Updated: | April 25, 2008 |
| Description: |
Multiple unspecified vulnerabilities in the Java Runtime Environment in Sun JDK and JRE 6 Update 1 and earlier, and 5.0 Update 13 and earlier, allow context-dependent attackers to gain privileges via an untrusted (1) application or (2) applet, as demonstrated by an application or applet that grants itself privileges to (a) read local files, (b) write to local files, or (c) execute local programs. |
| Alerts: |
|
Comments (none posted)
java-1.5.0-sun: multiple vulnerabilities
| Package(s): | java-1.5.0-sun |
CVE #(s): | CVE-2007-5232
CVE-2007-5238
CVE-2007-5239
CVE-2007-5240
CVE-2007-5273
CVE-2007-5274
|
| Created: | October 12, 2007 |
Updated: | April 25, 2008 |
| Description: |
Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier,
JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier,
and SDK and JRE 1.3.1_20 and earlier, when applet caching is enabled,
allows remote attackers to violate the security model for an applet's
outbound connections via a DNS rebinding attack. (CVE-2007-5232)
Java Web Start in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0
Update 12 and earlier, and SDK and JRE 1.4.2_15 and earlier does not
properly enforce access restrictions for untrusted applications, which
allows user-assisted remote attackers to obtain sensitive information (the
Java Web Start cache location) via an untrusted application, aka "three
vulnerabilities." (CVE-2007-5238)
Java Web Start in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0
Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE
1.3.1_20 and earlier does not properly enforce access restrictions for
untrusted (1) applications and (2) applets, which allows user-assisted
remote attackers to copy or rename arbitrary files when local users perform
drag-and-drop operations from the untrusted application or applet window
onto certain types of desktop applications. (CVE-2007-5239)
Visual truncation vulnerability in the Java Runtime Environment in Sun JDK
and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK
and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier allows
remote attackers to circumvent display of the untrusted-code warning banner
by creating a window larger than the workstation screen. (CVE-2007-5240)
Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier,
JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier,
and SDK and JRE 1.3.1_20 and earlier, when an HTTP proxy server is used,
allows remote attackers to violate the security model for an applet's
outbound connections via a multi-pin DNS rebinding attack in which the
applet download relies on DNS resolution on the proxy server, but the
applet's socket operations rely on DNS resolution on the local machine, a
different issue than CVE-2007-5274. NOTE: this is similar to
CVE-2007-5232. (CVE-2007-5273)
Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier,
JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier,
and SDK and JRE 1.3.1_20 and earlier, when Firefox or Opera is used, allows
remote attackers to violate the security model for JavaScript outbound
connections via a multi-pin DNS rebinding attack dependent on the
LiveConnect API, in which JavaScript download relies on DNS resolution by
the browser, but JavaScript socket operations rely on separate DNS
resolution by a Java Virtual Machine (JVM), a different issue than
CVE-2007-5273. NOTE: this is similar to CVE-2007-5232. (CVE-2007-5274) |
| Alerts: |
|
Comments (1 posted)
JRockit: multiple vulnerabilities
Comments (none posted)
kazehakase: multiple vulnerabilities
| Package(s): | kazehakase |
CVE #(s): | |
| Created: | January 31, 2008 |
Updated: | April 23, 2008 |
| Description: |
The kazehakase web browser is vulnerable to buffer overflows and
memory corruption in PCRE. If a remote attacker can convince a user to
open specially crafted bookmarks, it can lead to the
execution of arbitrary code, denial of service or
arbitrary information disclosure. |
| Alerts: |
|
Comments (none posted)
kdebase: denial of service
| Package(s): | kdebase |
CVE #(s): | CVE-2007-5963
|
| Created: | December 18, 2007 |
Updated: | January 19, 2009 |
| Description: |
The kdebase package is vulnerable to a denial of service in which a local user can render KDM unusable for logins by any user or cause KDM to exceed system resource limits. |
| Alerts: |
|
Comments (none posted)
kdelibs: kate backup file permission leak
| Package(s): | kdelibs kate kwrite |
CVE #(s): | CAN-2005-1920
|
| Created: | July 19, 2005 |
Updated: | September 21, 2010 |
| Description: |
Kate / Kwrite, as shipped with KDE 3.2.x up to including 3.4.0, creates a file backup before saving a modified file. These backup files are created with default permissions, even if the original file had more strict permissions set. See this advisory for more information. |
| Alerts: |
|
Comments (1 posted)
kernel: out-of-bounds access
| Package(s): | kernel |
CVE #(s): | CVE-2007-4573
|
| Created: | September 25, 2007 |
Updated: | December 6, 2010 |
| Description: |
The IA32 system call emulation functionality in Linux kernel 2.4.x and
2.6.x before 2.6.22.7, when running on the x86_64 architecture, does not
zero extend the eax register after the 32bit entry path to ptrace is used,
which might allow local users to gain privileges by triggering an
out-of-bounds access to the system call table using the %RAX register. |
| Alerts: |
|
Comments (none posted)
kernel: denial of service
| Package(s): | kernel |
CVE #(s): | CVE-2007-4130
CVE-2007-6694
|
| Created: | February 1, 2008 |
Updated: | June 20, 2008 |
| Description: |
From the Red Hat advisory: A flaw was found in the way the Red Hat
Enterprise Linux 4 kernel handled page faults when a CPU used the NUMA
method for accessing memory on Itanium architectures. A local unprivileged
user could trigger this flaw and cause a denial of service (system panic).
A possible NULL pointer dereference was found in the chrp_show_cpuinfo
function when using the PowerPC architecture. This may have allowed a local
unprivileged user to cause a denial of service (crash). |
| Alerts: |
|
Comments (none posted)
kernel: ALSA returns incorrect write size
| Package(s): | kernel |
CVE #(s): | CVE-2007-4571
|
| Created: | September 28, 2007 |
Updated: | June 20, 2008 |
| Description: |
The snd_mem_proc_read function in sound/core/memalloc.c in the Advanced
Linux Sound Architecture (ALSA) in the Linux kernel before 2.6.22.8 does
not return the correct write size, which allows local users to obtain
sensitive information (kernel memory contents) via a small count argument,
as demonstrated by multiple reads of /proc/driver/snd-page-alloc. |
| Alerts: |
|
Comments (none posted)
kernel: denial of service
| Package(s): | kernel |
CVE #(s): | CVE-2007-3731
|
| Created: | March 3, 2008 |
Updated: | March 5, 2008 |
| Description: |
From the rPath advisory:
Previous versions of the Linux kernel package contain a vulnerability
in the ptrace system call which allows local users to cause a Denial
of Service.
|
| Alerts: |
|
Comments (none posted)
kernel: insufficient range checks
| Package(s): | kernel |
CVE #(s): | CVE-2008-0007
|
| Created: | February 8, 2008 |
Updated: | January 8, 2009 |
| Description: |
From the SUSE advisory: Insufficient range checks in certain fault handlers could be used by local attackers to potentially read or write kernel memory. |
| Alerts: |
|
Comments (none posted)
kernel: denial of service
| Package(s): | kernel |
CVE #(s): | CVE-2006-6921
|
| Created: | March 5, 2008 |
Updated: | March 5, 2008 |
| Description: |
From the Red Hat advisory: a flaw was found in the handling of zombie processes. A local user could
create processes that would not be properly reaped, possibly causing a
denial of service. |
| Alerts: |
|
Comments (none posted)
kernel: information disclosure
| Package(s): | kernel |
CVE #(s): | CVE-2007-6207
|
| Created: | March 5, 2008 |
Updated: | March 5, 2008 |
| Description: |
From the Red Hat advisory: a flaw in the hypervisor for hosts running on Itanium architectures
allowed an Intel VTi domain to read arbitrary physical memory from other
Intel VTi domains, which could make information available to unauthorized
users. |
| Alerts: |
|
Comments (none posted)
kernel: denial of service
| Package(s): | kernel |
CVE #(s): | CVE-2006-4535
CVE-2006-4538
|
| Created: | September 18, 2006 |
Updated: | January 5, 2009 |
| Description: |
Sridhar Samudrala discovered a local denial of service vulnerability
in the handling of SCTP sockets. By opening such a socket with a
special SO_LINGER value, a local attacker could exploit this to crash
the kernel. (CVE-2006-4535)
Kirill Korotaev discovered that the ELF loader on the ia64 and sparc
platforms did not sufficiently verify the memory layout. By attempting
to execute a specially crafted executable, a local user could exploit
this to crash the kernel. (CVE-2006-4538) |
| Alerts: |
|
Comments (none posted)
kernel: remote denial of service
| Package(s): | kernel |
CVE #(s): | CVE-2006-6058
CVE-2007-4997
|
| Created: | November 9, 2007 |
Updated: | June 13, 2008 |
| Description: |
The Minix filesystem code in Linux kernel 2.6.x up to 2.6.18, and possibly
other versions, allows local users to cause a denial of service (hang) via
a malformed minix file stream that triggers an infinite loop in the
minix_bmap function. NOTE: this issue might be due to an integer overflow
or signedness error.
Integer underflow in the ieee80211_rx function in
net/ieee80211/ieee80211_rx.c in the Linux kernel 2.6.x before 2.6.23 allows
remote attackers to cause a denial of service (crash) via a crafted SKB
length value in a runt IEEE 802.11 frame when the IEEE80211_STYPE_QOS_DATA
flag is set, aka an "off-by-two error." |
| Alerts: |
|
Comments (1 posted)
kernel: local filesystem corruption
| Package(s): | kernel |
CVE #(s): | CVE-2008-0001
|
| Created: | January 17, 2008 |
Updated: | June 13, 2008 |
| Description: |
From the mitre.org CVE description:
VFS in the Linux kernel before 2.6.23.14 performs tests of access mode by using the flag variable instead of the acc_mode variable, which might allow local users to bypass file permissions. |
| Alerts: |
|
Comments (none posted)
kernel: several vulnerabilities
| Package(s): | kernel |
CVE #(s): | CVE-2007-1353
CVE-2007-2451
CVE-2007-2453
|
| Created: | June 11, 2007 |
Updated: | March 6, 2008 |
| Description: |
Ilja van Sprundel discovered that Bluetooth setsockopt calls could leak
kernel memory contents via an uninitialized stack buffer. A local attacker
could exploit this flaw to view sensitive kernel information.
(CVE-2007-1353)
The GEODE-AES driver did not correctly initialize its encryption key.
Any data encrypted using this type of device would be easily compromised.
(CVE-2007-2451)
The random number generator was hashing a subset of the available
entropy, leading to slightly less random numbers. Additionally, systems
without an entropy source would be seeded with the same inputs at boot
time, leading to a repeatable series of random numbers. (CVE-2007-2453) |
| Alerts: |
|
Comments (none posted)
kernel: several vulnerabilities
| Package(s): | kernel |
CVE #(s): | CVE-2006-5823
CVE-2006-6054
CVE-2007-1592
|
| Created: | June 12, 2007 |
Updated: | March 21, 2011 |
| Description: |
A flaw in the cramfs file system allows invalid compressed data to cause
memory corruption (CVE-2006-5823)
A flaw in the ext2 file system allows an invalid inode size to cause a
denial of service (system hang) (CVE-2006-6054)
A flaw in IPV6 flow label handling allows a local user to cause a denial of
service (crash) (CVE-2007-1592) |
| Alerts: |
|
Comments (none posted)
kernel: denial of service
| Package(s): | kernel |
CVE #(s): | CVE-2007-5500
|
| Created: | November 28, 2007 |
Updated: | July 8, 2008 |
| Description: |
The wait_task_stopped function in the Linux kernel before 2.6.23.8 checks a TASK_TRACED bit instead of an exit_state value, which allows local users to cause a denial of service (machine crash) via unspecified vectors. |
| Alerts: |
|
Comments (none posted)
kernel: denial of service
| Package(s): | kernel |
CVE #(s): | CVE-2007-5501
|
| Created: | November 28, 2007 |
Updated: | March 7, 2008 |
| Description: |
The tcp_sacktag_write_queue function in net/ipv4/tcp_input.c in Linux kernel 2.6.21 through 2.6.23.7, and 2.6.24-rc through 2.6.24-rc2, allows remote attackers to cause a denial of service (crash) via crafted ACK responses that trigger a NULL pointer dereference. |
| Alerts: |
|
Comments (none posted)
kernel: denial of service
| Package(s): | kernel |
CVE #(s): | CVE-2006-2935
CVE-2006-4145
CVE-2006-3745
|
| Created: | September 1, 2006 |
Updated: | July 30, 2008 |
| Description: |
Previous versions of the kernel package are subject to several
vulnerabilities. Certain malformed UDF filesystems can cause the system to
crash (denial of service). Malformed CDROM firmware or USB storage devices
(such as USB keys) could cause system crash (denial of service), and if
they were intentionally malformed, can cause arbitrary code to run with
elevated privileges. In addition, the SCTP protocol is subject to a remote
system crash (denial of service) attack. |
| Alerts: |
|
Comments (none posted)
kernel: several vulnerabilities
| Package(s): | kernel |
CVE #(s): | CVE-2007-2172
CVE-2007-3739
CVE-2007-4308
|
| Created: | December 3, 2007 |
Updated: | January 8, 2009 |
| Description: |
A typo in Linux kernel 2.6 before 2.6.21-rc6 and 2.4 before 2.4.35 causes
RTA_MAX to be used as an array size instead of RTN_MAX, which leads to an
"out of bound access" by the (1) dn_fib_props (dn_fib.c, DECNet) and (2)
fib_props (fib_semantics.c, IPv4) functions. (CVE-2007-2172)
mm/mmap.c in the hugetlb kernel, when run on PowerPC systems, does not
prevent stack expansion from entering into reserved kernel page memory,
which allows local users to cause a denial of service (OOPS) via
unspecified vectors. (CVE-2007-3739)
The (1) aac_cfg_open and (2) aac_compat_ioctl functions in the SCSI layer
ioctl path in aacraid in the Linux kernel before 2.6.23-rc2 do not check
permissions for ioctls, which might allow local users to cause a denial of
service or gain privileges. (CVE-2007-4308) |
| Alerts: |
|
Comments (none posted)
kernel: buffer overflows
| Package(s): | kernel |
CVE #(s): | CVE-2007-5904
|
| Created: | December 3, 2007 |
Updated: | June 20, 2008 |
| Description: |
Multiple buffer overflows in CIFS VFS in Linux kernel 2.6.23 and earlier
allows remote attackers to cause a denial of service (crash) and possibly
execute arbitrary code via long SMB responses that trigger the overflows in
the SendReceive function. |
| Alerts: |
|
Comments (none posted)
kernel: multiple vulnerabilities
| Package(s): | kernel |
CVE #(s): | CVE-2006-5749
CVE-2006-4814
CVE-2006-6106
|
| Created: | January 5, 2007 |
Updated: | January 8, 2009 |
| Description: |
A security issue has been reported in Linux kernel due to an error in
drivers/isdn/i4l/isdn_ppp.c as the "isdn_ppp_ccp_reset_alloc_state()"
function never initializes an event timer before scheduling it with the
"add_timer()" function.
The mincore function in the kernel does not properly lock access to user
space, which has unspecified impact and attack vectors, possibly related to
a deadlock.
Another vulnerability has been reported in Linux kernel caused by a
boundary error within the handling of incoming CAPI messages in
net/bluetooth/cmtp/capi.c. This can be exploited to overwrite certain
Kernel data structures. |
| Alerts: |
|
Comments (none posted)
kernel: several vulnerabilities
| Package(s): | kernel |
CVE #(s): | CVE-2007-3851
CVE-2007-3848
CVE-2007-3105
|
| Created: | August 17, 2007 |
Updated: | January 8, 2009 |
| Description: |
The drm/i915 component in the Linux kernel before 2.6.22.2, when used with
i965G and later chipsets, allows local users with access to an X11 session
and Direct Rendering Manager (DRM) to write to arbitrary memory locations
and gain privileges via a crafted batchbuffer. (CVE-2007-3851)
Linux kernel 2.4.35 and other versions allows local users to send arbitrary
signals to a child process that is running at higher privileges by causing
a setuid-root parent process to die, which delivers an attacker-controlled
parent process death signal (PR_SET_PDEATHSIG). (CVE-2007-3848)
Stack-based buffer overflow in the random number generator (RNG)
implementation in the Linux kernel before 2.6.22 might allow local root
users to cause a denial of service or gain privileges by setting the
default wakeup threshold to a value greater than the output pool size,
which triggers writing random numbers to the stack by the pool transfer
function involving "bound check ordering". NOTE: this issue might only
cross privilege boundaries in environments that have granular assignment of
privileges for root. (CVE-2007-3105) |
| Alerts: |
|
Comments (1 posted)
kernel: denial of service vulnerabilities
| Package(s): | kernel |
CVE #(s): | CVE-2007-4133
CVE-2007-5093
|
| Created: | January 12, 2008 |
Updated: | November 20, 2008 |
| Description: |
The (1) hugetlb_vmtruncate_list and (2) hugetlb_vmtruncate functions
in fs/hugetlbfs/inode.c in the Linux kernel before 2.6.19-rc4 perform
certain prio_tree calculations using HPAGE_SIZE instead of PAGE_SIZE
units, which allows local users to cause a denial of service (panic)
via unspecified vectors.
The disconnect method in the Philips USB Webcam (pwc) driver in Linux
kernel 2.6.x before 2.6.22.6 relies on user space to close the device,
which allows user-assisted local attackers to cause a denial of service
(USB subsystem hang and CPU consumption in khubd) by not closing the
device after the disconnect is invoked. NOTE: this rarely crosses
privilege boundaries, unless the attacker can convince the victim to
unplug the affected device. |
| Alerts: |
|
Comments (none posted)
kernel: multiple vulnerabilities
| Package(s): | kernel |
CVE #(s): | CVE-2007-3104
CVE-2007-3740
CVE-2007-3843
CVE-2007-6063
|
| Created: | December 4, 2007 |
Updated: | January 8, 2009 |
| Description: |
The sysfs_readdir function in the Linux kernel 2.6 allows local users to
cause a denial of service (kernel OOPS) by dereferencing a null pointer to
an inode in a dentry. (CVE-2007-3104)
The CIFS filesystem, when Unix extension support is enabled, did not honor
the umask of a process, which allowed local users to gain
privileges.(CVE-2007-3740)
The Linux kernel checked the wrong global variable for the CIFS sec mount
option, which might allow remote attackers to spoof CIFS network traffic
that the client configured for security signatures, as demonstrated by lack
of signing despite sec=ntlmv2i in a SetupAndX request. (CVE-2007-3843)
Buffer overflow in the isdn_net_setcfg function in isdn_net.c in the Linux
kernel allowed local users to have an unknown impact via a crafted argument
to the isdn_ioctl function. (CVE-2007-6063) |
| Alerts: |
|
Comments (none posted)
kernel: denial of service
| Package(s): | kernel |
CVE #(s): | CVE-2007-5966
|
| Created: | December 19, 2007 |
Updated: | February 3, 2010 |
| Description: |
A bug in high-resolution timers (prior to kernel 2.6.22.15) can cause very long sleeps when large timeout values are used. |
| Alerts: |
|
Comments (none posted)
kernel: arbitrary code execution
| Package(s): | kernel-source-2.4.27 |
CVE #(s): | CVE-2004-2731
|
| Created: | February 25, 2008 |
Updated: | March 6, 2008 |
| Description: |
From the Debian advisory:
CVE-2004-2731:
infamous41md reported multiple integer overflows in the Sbus PROM
driver that would allow for a DoS (Denial of Service) attack by a
local user, and possibly the execution of arbitrary code.
|
| Alerts: |
|
Comments (none posted)
kernel: memory corruption
| Package(s): | kernel-source-2.4.27 |
CVE #(s): | CVE-2006-5753
|
| Created: | February 25, 2008 |
Updated: | March 6, 2008 |
| Description: |
From the Debian advisory:
CVE-2006-5753:
Eric Sandeen provided a fix for a local memory corruption vulnerability
resulting from a misinterpretation of return values when operating on
inodes which have been marked bad.
|
| Alerts: |
|
Comments (none posted)
kernel: denial of service
| Package(s): | kernel-source-2.4.27 |
CVE #(s): | CVE-2006-6053
|
| Created: | February 25, 2008 |
Updated: | March 6, 2008 |
| Description: |
From the Debian advisory:
CVE-2006-6053:
LMH reported a potential local DoS which could be exploited by a malicious
user with the privileges to mount and read a corrupted ext3 filesystem.
|
| Alerts: |
|
Comments (none posted)
kernel: denial of service
| Package(s): | kernel-source-2.4.27 |
CVE #(s): | CVE-2007-2525
|
| Created: | February 25, 2008 |
Updated: | March 6, 2008 |
| Description: |
From the Debian advisory:
CVE-2007-2525:
Florian Zumbiehl discovered a memory leak in the PPPOE subsystem caused
by releasing a socket before PPPIOCGCHAN is called upon it. This could
be used by a local user to DoS a system by consuming all available memory.
|
| Alerts: |
|
Comments (none posted)
kernel: reduction in random entropy
| Package(s): | kernel-source-2.4.27 |
CVE #(s): | CVE-2007-4311
|
| Created: | February 25, 2008 |
Updated: | March 6, 2008 |
| Description: |
From the Debian advisory:
CVE-2007-4311:
PaX team discovered an issue in the random driver where a defect in the
reseeding code leads to a reduction in entropy.
|
| Alerts: |
|
Comments (none posted)
krb5: multiple vulnerabilities
| Package(s): | krb5 |
CVE #(s): | CVE-2007-2442
CVE-2007-2443
CVE-2007-2798
|
| Created: | June 27, 2007 |
Updated: | March 24, 2008 |
| Description: |
David Coffey discovered an uninitialized pointer free flaw in the
RPC library used by kadmind. A remote unauthenticated attacker who
could access kadmind could trigger the flaw causing kadmind to crash
or possibly execute arbitrary code (CVE-2007-2442).
David Coffey also discovered an overflow flaw in the same RPC library.
A remote unauthenticated attacker who could access kadmind could
trigger the flaw causing kadmind to crash or possibly execute arbitrary
code (CVE-2007-2443).
Finally, a stack buffer overflow vulnerability was found in kadmind
that allowed an unauthenticated user able to access kadmind the
ability to trigger the vulnerability and possibly execute arbitrary
code (CVE-2007-2798). |
| Alerts: |
|
Comments (none posted)
krb5: uninitialized pointers
| Package(s): | krb5 |
CVE #(s): | CVE-2006-6143
CVE-2006-3084
|
| Created: | January 10, 2007 |
Updated: | July 7, 2010 |
| Description: |
The kdamind daemon can, in some situations, perform operations on uninitialized pointers. This bug could conceivably open up the system to a code execution attack by an unauthenticated remote attacker, but it appears to be difficult to exploit. See this advisory for details. |
| Alerts: |
|
Comments (1 posted)
krb5: local privilege escalation
| Package(s): | krb5 |
CVE #(s): | CVE-2006-3083
|
| Created: | August 9, 2006 |
Updated: | July 7, 2010 |
| Description: |
Some kerberos applications fail to check the results of setuid() calls, with the result that, if that call fails, they could continue to execute as root after thinking they had switched to a nonprivileged user. A local attacker who can cause these calls to fail (through resource exhaustion, presumably) could exploit this bug to gain root privileges. |
| Alerts: |
|
Comments (none posted)
krb5: buffer overflow, uninitialized pointer
| Package(s): | krb5 |
CVE #(s): | CVE-2007-3999
CVE-2007-4000
|
| Created: | September 4, 2007 |
Updated: | March 24, 2008 |
| Description: |
Tenable Network Security discovered a stack buffer overflow flaw in the RPC
library used by kadmind. A remote unauthenticated attacker who can access
kadmind could trigger this flaw and cause kadmind to crash.
Garrett Wollman discovered an uninitialized pointer flaw in kadmind. A
remote unauthenticated attacker who can access kadmind could trigger this
flaw and cause kadmind to crash. |
| Alerts: |
|
Comments (none posted)
krb5: multiple vulnerabilities
| Package(s): | krb5 |
CVE #(s): | CVE-2007-0956
CVE-2007-0957
CVE-2007-1216
|
| Created: | April 3, 2007 |
Updated: | March 24, 2008 |
| Description: |
A flaw was found in the username handling of the MIT krb5 telnet daemon
(telnetd). A remote attacker who can access the telnet port of a target
machine could log in as root without requiring a password. MIT krb5 Security Advisory 2007-001
Buffer overflows were found which affect the Kerberos KDC and the kadmin
server daemon. A remote attacker who can access the KDC could exploit this
bug to run arbitrary code with the privileges of the KDC or kadmin server
processes. MIT krb5 Security Advisory
2007-002
A double-free flaw was found in the GSSAPI library used by the kadmin
server daemon. MIT krb5 Security Advisory
2007-003 |
| Alerts: |
|
Comments (none posted)
lcms: stack-based buffer overflow
| Package(s): | lcms |
CVE #(s): | CVE-2007-2741
|
| Created: | November 23, 2007 |
Updated: | October 14, 2008 |
| Description: |
Stack-based buffer overflow in Little CMS (lmcs) before 1.15 allows remote
attackers to execute arbitrary code or cause a denial of service
(application crash) via a crafted ICC profile in a JPG file. |
| Alerts: |
|
Comments (none posted)
lftp: shell command execution
| Package(s): | lftp |
CVE #(s): | CVE-2007-2348
|
| Created: | May 4, 2007 |
Updated: | September 16, 2009 |
| Description: |
mirror --script in lftp before 3.5.9 does not properly quote shell
metacharacters, which might allow remote user-assisted attackers to execute
shell commands via a malicious script. NOTE: it is not clear whether this
issue crosses security boundaries, since the script already supports
commands such as "get" which could overwrite executable files. |
| Alerts: |
|
Comments (none posted)
libcdio: arbitrary code execution
| Package(s): | libcdio |
CVE #(s): | CVE-2007-6613
|
| Created: | January 21, 2008 |
Updated: | March 7, 2008 |
| Description: |
From the Gentoo advisory:
Devon Miller reported a boundary error in the "print_iso9660_recurse()"
function in files cd-info.c and iso-info.c when processing long
filenames within Joliet images.
A remote attacker could entice a user to open a specially crafted ISO
image in the cd-info and iso-info applications, resulting in the
execution of arbitrary code with the privileges of the user running the
application. Applications linking against shared libraries of libcdio
are not affected. |
| Alerts: |
|
Comments (1 posted)
libexif: integer overflow
| Package(s): | libexif |
CVE #(s): | CVE-2007-6352
|
| Created: | December 19, 2007 |
Updated: | October 15, 2008 |
| Description: |
From the Red Hat advisory: An integer overflow flaw was found in the way libexif parses Exif image
tags. If a victim opens a carefully crafted Exif image file, it could cause
the application linked against libexif to execute arbitrary code, or crash. |
| Alerts: |
|
Comments (none posted)
libexif: denial of service
| Package(s): | libexif |
CVE #(s): | CVE-2007-6351
|
| Created: | December 19, 2007 |
Updated: | October 15, 2008 |
| Description: |
From the Red Hat advisory: An infinite recursion flaw was found in the way libexif parses Exif image
tags. If a victim opens a carefully crafted Exif image file, it could cause
the application linked against libexif to crash. |
| Alerts: |
|
Comments (none posted)
libgd2: buffer overflow
| Package(s): | libgd2 |
CVE #(s): | CVE-2007-3996
|
| Created: | December 19, 2007 |
Updated: | October 13, 2009 |
| Description: |
The GD library does not perform proper bounds checking when creating images; as a result, an attacker could, via crafted input, potentially execute arbitrary code. |
| Alerts: |
|
Comments (none posted)
libmodplug: boundary errors
| Package(s): | libmodplug |
CVE #(s): | CVE-2006-4192
|
| Created: | December 11, 2006 |
Updated: | May 4, 2011 |
| Description: |
Luigi Auriemma has reported various boundary errors in load_it.cpp and
a boundary error in the "CSoundFile::ReadSample()" function in
sndfile.cpp. A remote attacker can entice a user to read crafted modules
or ITP files, which may trigger a buffer overflow resulting in the
execution of arbitrary code with the privileges of the user running the
application. |
| Alerts: |
|
Comments (none posted)
libphp-phpmailer: command execution
| Package(s): | libphp-phpmailer |
CVE #(s): | CVE-2007-3215
|
| Created: | June 20, 2007 |
Updated: | June 25, 2009 |
| Description: |
libphp-phpmailer does not do sufficient input validation, enabling shell command injection attacks. |
| Alerts: |
|
Comments (none posted)
libpng: several vulnerabilities
| Package(s): | libpng |
CVE #(s): | CVE-2007-5266
CVE-2007-5267
CVE-2007-5268
CVE-2007-5269
|
| Created: | October 19, 2007 |
Updated: | March 23, 2009 |
| Description: |
Certain chunk handlers in libpng before 1.0.29 and 1.2.x before 1.2.21
allow remote attackers to cause a denial of service (crash) via crafted (1)
pCAL (png_handle_pCAL), (2) sCAL (png_handle_sCAL), (3) tEXt
(png_push_read_tEXt), (4) iTXt (png_handle_iTXt), and (5) ztXT
(png_handle_ztXt) chunking in PNG images, which trigger out-of-bounds read
operations. (CVE-2007-5269)
pngrtran.c in libpng before 1.0.29 and 1.2.x before 1.2.21 use (1) logical
instead of bitwise operations and (2) incorrect comparisons, which might
allow remote attackers to cause a denial of service (crash) via a crafted
PNG image. (CVE-2007-5268)
Off-by-one error in ICC profile chunk handling in the png_set_iCCP function
in pngset.c in libpng before 1.2.22 beta1 allows remote attackers to cause
a denial of service (crash) via a crafted PNG image, due to an incorrect
fix for CVE-2007-5266. (CVE-2007-5267)
Off-by-one error in ICC profile chunk handling in the png_set_iCCP function
in pngset.c in libpng before 1.0.29 beta1 and 1.2.x before 1.2.21 beta1
allows remote attackers to cause a denial of service (crash) via a crafted
PNG image that prevents a name field from being NULL terminated.
(CVE-2007-5266) |
| Alerts: |
|
Comments (none posted)
libpng: denial of service
| Package(s): | libpng |
CVE #(s): | CVE-2007-2445
|
| Created: | May 17, 2007 |
Updated: | March 23, 2009 |
| Description: |
Libpng can be crashed when processing malformed PNG files.
It may also be possible to exploit this vulnerability to execute arbitrary
code. |
| Alerts: |
|
Comments (none posted)
libpng: buffer overflow
| Package(s): | libpng |
CVE #(s): | CVE-2006-3334
|
| Created: | July 19, 2006 |
Updated: | December 15, 2008 |
| Description: |
In pngrutil.c, the function png_decompress_chunk() allocates
insufficient space for an error message, potentially overwriting stack
data, leading to a buffer overflow. |
| Alerts: |
|
Comments (none posted)
libpng: heap based buffer overflow
| Package(s): | libpng |
CVE #(s): | CVE-2006-0481
|
| Created: | February 13, 2006 |
Updated: | December 15, 2008 |
| Description: |
A heap based buffer overflow bug was found in the way libpng strips alpha
channels from a PNG image. An attacker could create a carefully crafted PNG
image file in such a way that it could cause an application linked with
libpng to crash or execute arbitrary code when the file is opened by a
victim. |
| Alerts: |
|
Comments (1 posted)
libtiff: buffer overflow
| Package(s): | libtiff |
CVE #(s): | CVE-2006-2193
|
| Created: | June 15, 2006 |
Updated: | September 1, 2008 |
| Description: |
The t2p_write_pdf_string function in libtiff 3.8.2 and earlier is vulnerable
to a buffer overflow. Attackers can use a TIFF file with UTF-8 characters
in the DocumentName tag to overflow a buffer, causing a denial of service,
and possibly the execution of arbitrary code. |
| Alerts: |
|
Comments (none posted)
libxml2 - arbitrary code execution
| Package(s): | libxml2 |
CVE #(s): | CAN-2004-0110
|
| Created: | February 26, 2004 |
Updated: | August 19, 2009 |
| Description: |
Yuuichi Teranishi discovered a flaw in libxml2 versions prior to 2.6.6.
When fetching a remote resource via FTP or HTTP, libxml2 uses special
parsing routines. These routines can overflow a buffer if passed a very
long URL. If an attacker is able to find an application using libxml2 that
parses remote resources and allows them to influence the URL, then this
flaw could be used to execute arbitrary code. |
| Alerts: |
|
Comments (none posted)
libxml2: multiple buffer overflows
| Package(s): | libxml2 |
CVE #(s): | CAN-2004-0989
|
| Created: | October 28, 2004 |
Updated: | August 19, 2009 |
| Description: |
libxml2 prior to version 2.6.14 has multiple buffer overflow
vulnerabilities, if a local user passes a specially crafted
FTP URL, arbitrary code may be executed. |
| Alerts: |
|
Comments (none posted)
liferea: weak permissions
| Package(s): | liferea |
CVE #(s): | CVE-2007-5751
|
| Created: | November 2, 2007 |
Updated: | December 22, 2008 |
| Description: |
Liferea before 1.4.6 uses weak permissions (0644) for the feedlist.opml backup file, which allows local users to obtain credentials. |
| Alerts: |
|
Comments (1 posted)
lighttpd: denial of service
| Package(s): | lighttpd |
CVE #(s): | CVE-2008-0983
|
| Created: | February 29, 2008 |
Updated: | July 15, 2008 |
| Description: |
From the CVE entry: lighttpd 1.4.18, and possibly other versions before 1.5.0, does not properly calculate the size of a file descriptor array, which allows remote attackers to cause a denial of service (crash) via a large number of connections, which triggers an out-of-bounds access. |
| Alerts: |
|
Comments (none posted)
lighttpd: denial of service
| Package(s): | lighttpd |
CVE #(s): | CVE-2007-3946
CVE-2007-3947
CVE-2007-3948
CVE-2007-3949
CVE-2007-3950
|
| Created: | July 19, 2007 |
Updated: | July 15, 2008 |
| Description: |
The lighttpd web server has multiple vulnerabilities involving
a remote access-control setting circumvention that is performed
by the sending of malformed requests. This can be used to crash
the server and cause a denial of service. |
| Alerts: |
|
Comments (none posted)
kernel: several vulnerabilities
| Package(s): | linux-2.6 |
CVE #(s): | CVE-2007-2878
CVE-2007-6151
|
| Created: | January 29, 2008 |
Updated: | January 8, 2009 |
| Description: |
From the Debian advisory: Bart Oldeman reported a denial of service (DoS) issue in the VFAT filesystem that allows local users to corrupt a kernel structure resulting in a system crash. This is only an issue for systems which make use of the VFAT compat ioctl interface, such as systems running an 'amd64' flavor kernel. ADLAB discovered a possible memory overrun in the ISDN subsystem that may permit a local user to overwrite kernel memory leading by issuing ioctls with unterminated data.
|
| Alerts: |
|
Comments (none posted)
kernel: local root privilege escalation
| Package(s): | linux-2.6 |
CVE #(s): | CVE-2008-0010
CVE-2008-0600
|
| Created: | February 11, 2008 |
Updated: | June 23, 2008 |
| Description: |
From the Debian advisory:
The vmsplice system call did not properly verify address arguments
passed by user space processes, which allowed local attackers to
overwrite arbitrary kernel memory, gaining root privileges
(CVE-2008-0010, CVE-2008-0600).
|
| Alerts: |
|
Comments (1 posted)
kernel: information leak, denial of service
| Package(s): | linux-2.6 |
CVE #(s): | CVE-2007-6206
CVE-2007-6417
|
| Created: | December 21, 2007 |
Updated: | September 1, 2010 |
| Description: |
Blake Frantz discovered that when a core file owned by a non-root user exists, and a root-owned process dumps core over it, the core file retains its original ownership. This could be used by a local user to gain access to sensitive information. (CVE-2007-6206)
Hugh Dickins discovered an issue in the tmpfs filesystem where, under a rare circumstance, a kernel page maybe improperly cleared, leaking sensitive kernel memory to userspace or resulting in a DoS (crash). (CVE-2007-6417) |
| Alerts: |
|
Comments (none posted)
vmware-player-kernel: several vulnerabilities
| Package(s): | linux-restricted-modules-2.6.17/20, vmware-player-kernel-2.6.15 |
CVE #(s): | CVE-2007-0061
CVE-2007-0062
CVE-2007-0063
CVE-2007-4496
CVE-2007-4497
|
| Created: | November 16, 2007 |
Updated: | March 13, 2009 |
| Description: |
Neel Mehta and Ryan Smith discovered that the VMWare Player DHCP server
did not correctly handle certain packet structures. Remote attackers
could send specially crafted packets and gain root privileges.
(CVE-2007-0061, CVE-2007-0062, CVE-2007-0063)
Rafal Wojtczvk discovered multiple memory corruption issues in VMWare
Player. Attackers with administrative privileges in a guest operating
system could cause a denial of service or possibly execute arbitrary
code on the host operating system. (CVE-2007-4496, CVE-2007-4497)
|
| Alerts: |
|
Comments (none posted)
lynx: arbitrary command execution
| Package(s): | lynx |
CVE #(s): | CVE-2005-2929
|
| Created: | November 14, 2005 |
Updated: | September 14, 2009 |
| Description: |
An arbitrary command execute bug was found in the lynx "lynxcgi:" URI
handler. An attacker could create a web page redirecting to a malicious URL
which could execute arbitrary code as the user running lynx. |
| Alerts: |
|
Comments (none posted)
mailman: cross-site scripting
| Package(s): | mailman |
CVE #(s): | CVE-2008-0564
|
| Created: | February 13, 2008 |
Updated: | April 15, 2011 |
| Description: |
From the Red Hat bugzilla entry:
Multiple cross-site scripting (XSS) vulnerabilities in Mailman before
2.1.10b1 allow remote attackers to inject arbitrary web script or HTML
via unspecified vectors related to (1) editing templates and (2) the
list's "info attribute" in the web administrator interface, a
different vulnerability than CVE-2006-3636.
|
| Alerts: |
|
Comments (none posted)
mapserver: multiple cross-site scripting vulnerabilities
| Package(s): | mapserver |
CVE #(s): | CVE-2007-4542
CVE-2007-4629
|
| Created: | September 5, 2007 |
Updated: | April 7, 2008 |
| Description: |
CVE-2007-4542: Multiple cross-site scripting (XSS) vulnerabilities in MapServer before 4.10.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving the (1) processLine function in maptemplate.c and the (2) writeError function in mapserv.c in the mapserv CGI program.
CVE-2007-4629: Buffer overflow in the processLine function in maptemplate.c in MapServer before 4.10.3 allows attackers to cause a denial of service and possibly execute arbitrary code via a mapfile with a long layer name, group name, or metadata entry name. |
| Alerts: |
|
Comments (none posted)
mod_jk: proxy bypass
| Package(s): | mod_jk |
CVE #(s): | CVE-2007-1860
|
| Created: | May 30, 2007 |
Updated: | March 7, 2008 |
| Description: |
From the Red Hat advisory: "Versions of mod_jk before 1.2.23 decoded request URLs by default inside
Apache httpd and forwarded the encoded URL to Tomcat, which itself did a
second decoding. If Tomcat was used behind mod_jk and configured to only
proxy some contexts, an attacker could construct a carefully crafted HTTP
request to work around the context restriction and potentially access
non-proxied content." |
| Alerts: |
|
Comments (none posted)
moin: arbitrary JavaScript execution
| Package(s): | moin |
CVE #(s): | CVE-2007-2423
|
| Created: | May 8, 2007 |
Updated: | March 10, 2008 |
| Description: |
A flaw was discovered in MoinMoin's error reporting when using the
AttachFile action. By tricking a user into viewing a crafted MoinMoin
URL, an attacker could execute arbitrary JavaScript as the current
MoinMoin user, possibly exposing the user's authentication information
for the domain where MoinMoin was hosted. |
| Alerts: |
|
Comments (none posted)
moin: multiple XSS vulnerabilities
| Package(s): | moin |
CVE #(s): | CVE-2008-0780
CVE-2008-0781
|
| Created: | February 21, 2008 |
Updated: | June 18, 2009 |
| Description: |
moin has cross site scripting vulnerabilities in the login action
and the AttachFile action. |
| Alerts: |
|
Comments (none posted)
mono: arbitrary code execution via integer overflow
| Package(s): | mono |
CVE #(s): | CVE-2007-5197
|
| Created: | November 6, 2007 |
Updated: | December 7, 2009 |
| Description: |
From the Debian advisory: An integer overflow in the BigInteger data type implementation has been
discovered in the free .NET runtime Mono.
|
| Alerts: |
|
Comments (none posted)
moodle: cross-site scripting
| Package(s): | moodle |
CVE #(s): | CVE-2008-0123
|
| Created: | January 16, 2008 |
Updated: | November 12, 2008 |
| Description: |
Moodle suffers from a cross-site scripting vulnerability which is only open during the install process. |
| Alerts: |
|
Comments (none posted)
moodle: cross-site scripting
| Package(s): | moodle |
CVE #(s): | CVE-2007-3555
|
| Created: | August 7, 2007 |
Updated: | December 22, 2008 |
| Description: |
A cross-site scripting (XSS) vulnerability in index.php in Moodle 1.7.1
allows remote attackers to inject arbitrary web script or HTML via a style
expression in the search parameter. |
| Alerts: |
|
Comments (none posted)
mozilla: multiple vulnerabilities
| Package(s): | mozilla |
CVE #(s): | |
| Created: | February 13, 2008 |
Updated: | July 29, 2008 |
| Description: |
Here are the details from the Slackware 12.0 ChangeLog:
+--------------------------+
patches/packages/mozilla-firefox-2.0.0.12-i686-1.tgz:
Upgraded to firefox-2.0.0.12.
This upgrade fixes some more security bugs.
For more information, see:
http://www.mozilla.org/projects/security/known-vulnerabil...
(* Security fix *)
patches/packages/seamonkey-1.1.8-i486-1_slack12.0.tgz:
Upgraded to seamonkey-1.1.8.
This upgrade fixes some more security bugs.
For more information, see:
http://www.mozilla.org/projects/security/known-vulnerabil...
(* Security fix *)
+--------------------------+
|
| Alerts: |
|
Comments (none posted)
mplayer: buffer overflow
| Package(s): | mplayer |
CVE #(s): | CVE-2007-1246
|
| Created: | March 8, 2007 |
Updated: | April 1, 2008 |
| Description: |
MPlayer versions up to 1.0rc1 have a buffer overflow in the
loader/dmo/DMO_VideoDecoder.c DMO_VideoDecoder_Open function.
user-assisted remote attackers can use this to create a buffer overflow
and possibly execute arbitrary code. |
| Alerts: |
|
Comments (none posted)
mplayer: multiple vulnerabilities
| Package(s): | mplayer |
CVE #(s): | CVE-2008-0485
CVE-2008-0486
CVE-2008-0629
CVE-2008-0630
|
| Created: | February 13, 2008 |
Updated: | August 7, 2008 |
| Description: |
From the Debian advisory:
Several buffer overflows have been discovered in the MPlayer movie player,
which might lead to the execution of arbitrary code. The Common
Vulnerabilities and Exposures project identifies the following problems:
CVE-2008-0485:
Felipe Manzano and Anibal Sacco discovered a buffer overflow in
the demuxer for MOV files.
CVE-2008-0486:
Reimar Doeffinger discovered a buffer overflow in the FLAC header
parsing.
CVE-2008-0629:
Adam Bozanich discovered a buffer overflow in the CDDB access code.
CVE-2008-0630:
Adam Bozanich discovered a buffer overflow in URL parsing.
|
| Alerts: |
|
Comments (none posted)
mt-daapd: multiple vulnerabilities
| Package(s): | mt-daapd |
CVE #(s): | CVE-2007-5825
CVE-2007-5824
|
| Created: | December 31, 2007 |
Updated: | September 1, 2008 |
| Description: |
From the Gentoo advisory: nnp discovered multiple vulnerabilities in the XML-RPC handler in the
file webserver.c. The ws_addarg() function contains a format string
vulnerability, as it does not properly sanitize username and password
data from the "Authorization: Basic" HTTP header line (CVE-2007-5825).
The ws_decodepassword() and ws_getheaders() functions do not correctly
handle empty Authorization header lines, or header lines without a ':'
character, leading to NULL pointer dereferences (CVE-2007-5824). |
| Alerts: |
|
Comments (none posted)
mysql: denial of service
| Package(s): | mysql |
CVE #(s): | CVE-2007-1420
|
| Created: | March 22, 2007 |
Updated: | May 21, 2008 |
| Description: |
MySQL subselect queries using "ORDER BY" can be used by an attacker with
access to a MySQL instance in order to create an intermittent denial
of service. |
| Alerts: |
|
Comments (none posted)
mysql: format string bug
| Package(s): | mysql |
CVE #(s): | CVE-2006-3469
|
| Created: | July 21, 2006 |
Updated: | July 30, 2008 |
| Description: |
Jean-David Maillefer discovered a format string bug in the
date_format() function's error reporting. By calling the function with
invalid arguments, an authenticated user could exploit this to crash
the server. |
| Alerts: |
|
Comments (none posted)
MySQL: privilege violations
| Package(s): | mysql |
CVE #(s): | CVE-2006-4031
CVE-2006-4226
|
| Created: | August 25, 2006 |
Updated: | July 30, 2008 |
| Description: |
MySQL 4.1 before 4.1.21 and 5.0 before 5.0.24 allows a local user to access
a table through a previously created MERGE table, even after the user's
privileges are revoked for the original table, which might violate intended
security policy (CVE-2006-4031).
MySQL 4.1 before 4.1.21, 5.0 before 5.0.25, and 5.1 before 5.1.12, when run
on case-sensitive filesystems, allows remote authenticated users to create
or access a database when the database name differs only in case from a
database for which they have permissions (CVE-2006-4226). |
| Alerts: |
|
Comments (none posted)
mysql: privilege escalation
| Package(s): | mysql |
CVE #(s): | CVE-2007-6303
|
| Created: | December 19, 2007 |
Updated: | April 7, 2008 |
| Description: |
From the CVE entry: MySQL 5.0.x before 5.0.52, 5.1.x before 5.1.23, and 6.0.x before 6.0.4 does not update the DEFINER value of a view when the view is altered, which allows remote authenticated users to gain privileges via a sequence of statements including a CREATE SQL SECURITY DEFINER VIEW statement and an ALTER VIEW statement. |
| Alerts: |
|
Comments (none posted)
MySQL: logging bypass
| Package(s): | mysql |
CVE #(s): | CVE-2006-0903
|
| Created: | April 4, 2006 |
Updated: | May 21, 2008 |
| Description: |
MySQL 5.0.18 and earlier allows local users to bypass logging mechanisms
via SQL queries that contain the NULL character, which are not properly
handled by the mysql_real_query function. NOTE: this issue was originally
reported for the mysql_query function, but the vendor states that since
mysql_query expects a null character, this is not an issue for mysql_query. |
| Alerts: |
|
Comments (2 posted)
MySQL: privilege escalation
| Package(s): | MySQL |
CVE #(s): | CVE-2007-3781
CVE-2007-5969
|
| Created: | December 11, 2007 |
Updated: | May 21, 2008 |
| Description: |
MySQL Community Server before 5.0.51, when a table relies on symlinks created through explicit DATA DIRECTORY and INDEX DIRECTORY options, allows remote authenticated users to overwrite system table information and gain privileges via a RENAME TABLE statement that changes the symlink to point to an existing file. (CVE-2007-5969)
MySQL Community Server before 5.0.45 does not require privileges such as SELECT for the source table in a CREATE TABLE LIKE statement, which allows remote authenticated users to obtain sensitive information such as the table structure. (CVE-2007-3781) |
| Alerts: |
|
Comments (none posted)
mysql-dfsg: multiple vulnerabilities
| Package(s): | mysql-dfsg |
CVE #(s): | CVE-2007-2583
CVE-2007-2691
CVE-2007-2692
CVE-2007-3782
|
| Created: | November 27, 2007 |
Updated: | July 30, 2008 |
| Description: |
The in_decimal::set function in item_cmpfunc.cc in MySQL before 5.0.40, and
5.1 before 5.1.18-beta, allows context-dependent attackers to cause a
denial of service (crash) via a crafted IF clause that results in a
divide-by-zero error and a NULL pointer dereference. (CVE-2007-2583)
MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 does not
require the DROP privilege for RENAME TABLE statements, which allows remote
authenticated users to rename arbitrary tables. (CVE-2007-2691)
The mysql_change_db function in MySQL 5.0.x before 5.0.40 and 5.1.x before
5.1.18 does not restore THD::db_access privileges when returning from SQL
SECURITY INVOKER stored routines, which allows remote authenticated users
to gain privileges. (CVE-2007-2692)
MySQL Community Server before 5.0.45 allows remote authenticated users to
gain update privileges for a table in another database via a view that
refers to this external table. (CVE-2007-3782) |
| Alerts: |
|
Comments (none posted)
mysql: denial of service
| Package(s): | mysql-dfsg-5.0 |
CVE #(s): | CVE-2007-6304
|
| Created: | December 21, 2007 |
Updated: | April 7, 2008 |
| Description: |
Philip Stoev discovered that the the federated engine of MySQL
did not properly handle responses with a small number of columns.
An authenticated user could use a crafted response to a SHOW
TABLE STATUS query and cause a denial of service. |
| Alerts: |
|
Comments (none posted)
mysql: buffer overflows
| Package(s): | mysql-dfsg-5.0 |
CVE #(s): | CVE-2008-0226
CVE-2008-0227
|
| Created: | January 29, 2008 |
Updated: | July 21, 2008 |
| Description: |
From the Debian advisory: Luigi Auriemma discovered two buffer overflows in YaSSL, an SSL implementation included in the MySQL database package, which could lead to denial of service and possibly the execution of arbitrary code. |
| Alerts: |
|
Comments (none posted)
nagios: cross-site scripting
| Package(s): | nagios |
CVE #(s): | CVE-2007-5624
|
| Created: | December 7, 2007 |
Updated: | September 14, 2009 |
| Description: |
Cross-site scripting (XSS) vulnerability in Nagios 2.x before 2.10 allows remote attackers to inject arbitrary web script or HTML via unknown vectors to unspecified CGI scripts. |
| Alerts: |
|
Comments (none posted)
nagios-plugins: buffer overflow
| Package(s): | nagios-plugins |
CVE #(s): | CVE-2007-5198
|
| Created: | October 23, 2007 |
Updated: | April 17, 2008 |
| Description: |
Buffer overflow in the redir function in check_http.c in Nagios Plugins
before 1.4.10 allows remote web servers to execute arbitrary code via long
Location header responses (redirects). |
| Alerts: |
|
Comments (none posted)
nagios-plugins: check_snmp buffer overflow
| Package(s): | nagios-plugins |
CVE #(s): | CVE-2007-5623
|
| Created: | November 2, 2007 |
Updated: | April 17, 2008 |
| Description: |
Buffer overflow in the check_snmp function in Nagios Plugins (nagios-plugins) 1.4.10 allows remote attackers to cause a denial of service (crash) via crafted snmpget replies. |
| Alerts: |
|
Comments (none posted)
nbd: arbitrary code execution
| Package(s): | nbd |
CVE #(s): | CVE-2005-3534
|
| Created: | January 6, 2006 |
Updated: | March 7, 2011 |
| Description: |
Kurt Fitzner discovered that the NBD (network block device) server did not
correctly verify the maximum size of request packets. By sending specially
crafted large request packets, a remote attacker who is allowed to access
the server could exploit this to execute arbitrary code with root
privileges. |
| Alerts: |
|
Comments (none posted)
ncompress: buffer underflow
| Package(s): | ncompress |
CVE #(s): | CVE-2006-1168
|
| Created: | August 10, 2006 |
Updated: | February 21, 2012 |
| Description: |
The ncompress compression utility has a missing boundary check.
A local user can use a maliciously created file to cause a
a .bss buffer underflow. |
| Alerts: |
|
Comments (none posted)
netpbm: buffer overflow
| Package(s): | netpbm |
CVE #(s): | CVE-2008-0554
|
| Created: | February 8, 2008 |
Updated: | November 7, 2008 |
| Description: |
From the Mandriva advisory: A buffer overflow in the giftopnm utility in netpbm prior to version 10.27 could allow attackers to have an unknown impact via a specially crafted GIF file. |
| Alerts: |
|
Comments (none posted)
nginx: cross site scripting
| Package(s): | nginx |
CVE #(s): | |
| Created: | July 20, 2007 |
Updated: | September 14, 2009 |
| Description: |
Nginx [engine x] is an HTTP(S) server, HTTP(S) reverse proxy and IMAP/POP3
proxy server written by Igor Sysoev. The "msie_refresh" directive could
allow cross site scripting. |
| Alerts: |
|
Comments (none posted)
nss_ldap: credential or other information disclosure
| Package(s): | nss_ldap |
CVE #(s): | CVE-2007-5794
|
| Created: | November 26, 2007 |
Updated: | July 30, 2008 |
| Description: |
From the Gentoo advisory:
Josh Burley reported that nss_ldap does not properly handle the LDAP
connections due to a race condition that can be triggered by
multi-threaded applications using nss_ldap, which might lead to
requested data being returned to a wrong process.
|
| Alerts: |
|
Comments (none posted)
openldap: denial of service
| Package(s): | openldap |
CVE #(s): | CVE-2008-0658
|
| Created: | February 13, 2008 |
Updated: | July 3, 2008 |
| Description: |
From the rPath advisory:
Previous versions of the openldap package are vulnerable to a Denial of
Service attack in which authenticated users can crash the slapd server.
|
| Alerts: |
|
Comments (none posted)
openldap: denial of service
| Package(s): | openldap |
CVE #(s): | CVE-2007-6698
|
| Created: | February 8, 2008 |
Updated: | April 25, 2008 |
| Description: |
From the CVE entry: The BDB backend for slapd in OpenLDAP before 2.3.36,
allows remote authenticated users to cause a denial of service (crash) via
a potentially-successful modify operation with the NOOP control set to
critical, possibly due to a double free vulnerability. |
| Alerts: |
|
Comments (none posted)
openldap: denial of service
| Package(s): | openldap |
CVE #(s): | CVE-2007-5707
|
| Created: | November 8, 2007 |
Updated: | April 9, 2008 |
| Description: |
The OpenLDAP Lightweight Directory Access Protocol suite has a problem
with handling of malformed objectClasses LDAP attributes by the slapd
daemon. Both local and remote attackers can use this to crash slapd,
causing a denial of service. |
| Alerts: |
|
Comments (none posted)
openldap: denial of service
| Package(s): | openldap |
CVE #(s): | CVE-2007-5708
|
| Created: | November 23, 2007 |
Updated: | April 9, 2008 |
| Description: |
slapo-pcache (overlays/pcache.c) in slapd in OpenLDAP before 2.3.39, when
running as a proxy-caching server, allocates memory using a malloc variant
instead of calloc, which prevents an array from being initialized properly
and might allow attackers to cause a denial of service (segmentation fault)
via unknown vectors that prevent the array from being null terminated. |
| Alerts: |
|
Comments (none posted)
OpenOffice.org: arbitrary code execution
| Package(s): | openoffice.org |
CVE #(s): | CVE-2007-0245
|
| Created: | June 13, 2007 |
Updated: | June 12, 2008 |
| Description: |
A specially crafted RTF file could cause the
filter to overwrite data on the heap, which may lead to the execution
of arbitrary code. |
| Alerts: |
|
Comments (none posted)
openoffice.org: arbitrary code execution via TIFF images
| Package(s): | openoffice.org |
CVE #(s): | CVE-2007-2834
|
| Created: | September 17, 2007 |
Updated: | June 12, 2008 |
| Description: |
A heap overflow vulnerability has been discovered in the TIFF parsing
code of the OpenOffice.org suite. The parser uses untrusted values
from the TIFF file to calculate the number of bytes of memory to
allocate. A specially crafted TIFF image could trigger an integer
overflow and subsequently a buffer overflow that could cause the
execution of arbitrary code. |
| Alerts: |
|
Comments (none posted)
openoffice.org: arbitrary code execution
| Package(s): | openoffice.org |
CVE #(s): | CVE-2007-4575
|
| Created: | December 5, 2007 |
Updated: | September 10, 2008 |
| Description: |
From the OpenOffice advisory:
A security vulnerability in HSQLDB, the default database engine shipped with OpenOffice.org 2 (all versions), may allow attackers to execute arbitrary static Java code, by manipulating database documents to be opened by a user. |
| Alerts: |
|
Comments (none posted)
openssh: remote denial of service
| Package(s): | openssh |
CVE #(s): | CVE-2006-4924
CVE-2006-5051
|
| Created: | September 27, 2006 |
Updated: | September 17, 2008 |
| Description: |
Openssh 4.4 fixes some
security issues, including a pre-authentication denial of service, an
unsafe signal hander and on portable OpenSSH a GSSAPI authentication abort
could be used to determine the validity of usernames on some platforms. |
| Alerts: |
|
Comments (none posted)
openssl: off-by-one error
| Package(s): | openssl |
CVE #(s): | CVE-2007-4995
|
| Created: | October 23, 2007 |
Updated: | May 13, 2008 |
| Description: |
Off-by-one error in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8f
and 0.9.7 allows remote attackers to execute arbitrary code via unspecified
vectors. |
| Alerts: |
|
Comments (none posted)
openssl: off-by-one error
| Package(s): | openssl |
CVE #(s): | CVE-2007-5135
|
| Created: | October 3, 2007 |
Updated: | July 31, 2008 |
| Description: |
From the Debian advisory: An off-by-one error has been identified in the SSL_get_shared_ciphers()
routine in the libssl library from OpenSSL, an implementation of Secure
Socket Layer cryptographic libraries and utilities. This error could
allow an attacker to crash an application making use of OpenSSL's libssl
library, or potentially execute arbitrary code in the security context
of the user running such an application. |
| Alerts: |
|
Comments (none posted)
openssl: private key attack
| Package(s): | openssl |
CVE #(s): | CVE-2007-3108
|
| Created: | August 7, 2007 |
Updated: | May 13, 2008 |
| Description: |
OpenSSL could allow a local user in certain circumstances to divulge
information about private keys being used. |
| Alerts: |
|
Comments (none posted)
opera: several vulnerabilities
| Package(s): | opera |
CVE #(s): | CVE-2008-1080
CVE-2008-1081
CVE-2008-1082
|
| Created: | February 29, 2008 |
Updated: | March 5, 2008 |
| Description: |
Opera version 9.26 fixes: an issue where simulated text inputs could trick users into uploading arbitrary files, image properties can no longer be used to execute scripts, and an issue where the representation of DOM attribute values could allow cross site scripting. |
| Alerts: |
|
Comments (none posted)
pcre: CVE consolidation
| Package(s): | pcre |
CVE #(s): | CVE-2005-4872
CVE-2006-7227
CVE-2006-7224
|
| Created: | November 15, 2007 |
Updated: | May 13, 2008 |
| Description: |
PCRE has flaws in the way it handles malformed regular
expressions.
If an application linked against PCRE, such as Konqueror,
encounters a maliciously created regular expression, it may be possible
to run arbitrary code. Vulnerabilities CVE-2005-4872 and CVE-2006-7227
have been combined into CVE-2006-7224. |
| Alerts: |
|
Comments (5 posted)
pcre: two arbitrary code execution vulnerabilities
| Package(s): | pcre |
CVE #(s): | CVE-2007-1659
CVE-2007-1660
|
| Created: | November 6, 2007 |
Updated: | July 16, 2008 |
| Description: |
Multiple flaws were found in the way pcre handles certain malformed regular
expressions. If an application linked against pcre, such as Konqueror,
parses a malicious regular expression, it may be possible to run arbitrary
code as the user running the application. (CVE-2007-1659, CVE-2007-1660) |
| Alerts: |
|
Comments (none posted)
pcre: buffer overflows in library
| Package(s): | pcre |
CVE #(s): | CVE-2006-7228
CVE-2006-7230
CVE-2007-1661
CVE-2007-4766
CVE-2007-4767
|
| Created: | November 23, 2007 |
Updated: | July 16, 2008 |
| Description: |
Specially crafted regular expressions could lead to buffer overflows in the pcre library. Applications using pcre to process regular expressions from untrusted sources could therefore potentially be exploited by attackers to execute arbitrary code as the user running the application. |
| Alerts: |
|
Comments (1 posted)
pcre: buffer overflow
| Package(s): | pcre |
CVE #(s): | CVE-2008-0674
|
| Created: | February 19, 2008 |
Updated: | November 17, 2008 |
| Description: |
A buffer overflow caused by a character class containing a
very large number of characters with codepoints greater than 255 (in UTF-8 mode) may affect usages of pcre, when regular expressions from untrusted sources are compiled. |
| Alerts: |
|
Comments (none posted)
pcre: buffer overflows
| Package(s): | pcre3 |
CVE #(s): | CVE-2007-1662
CVE-2007-4768
|
| Created: | November 27, 2007 |
Updated: | May 7, 2008 |
| Description: |
Perl-Compatible Regular Expression (PCRE) library before 7.3 reads past the
end of the string when searching for unmatched brackets and parentheses,
which allows context-dependent attackers to cause a denial of service
(crash), possibly involving forward references. (CVE-2007-1662)
Heap-based buffer overflow in Perl-Compatible Regular Expression (PCRE)
library before 7.3 allows context-dependent attackers to execute arbitrary
code via a singleton Unicode sequence in a character class in a regex
pattern, which is incorrectly optimized. (CVE-2007-4768) |
| Alerts: |
|
Comments (none posted)
peercast: buffer overflow
| Package(s): | peercast |
CVE #(s): | CVE-2007-6454
|
| Created: | December 28, 2007 |
Updated: | May 21, 2008 |
| Description: |
A heap-based buffer overflow in the handshakeHTTP function in servhs.cpp in PeerCast 0.1217 and earlier, and SVN 344 and earlier, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long SOURCE request. |
| Alerts: |
|
Comments (none posted)
perl-Net-DNS: predictable id sequence
| Package(s): | perl-Net-DNS |
CVE #(s): | CVE-2007-3377
|
| Created: | June 26, 2007 |
Updated: | March 12, 2008 |
| Description: |
Net::DNS before 0.60 uses an id sequence that is predictable and the same
in all child processes. |
| Alerts: |
|
Comments (none posted)
php: several vulnerabilities
| Package(s): | php |
CVE #(s): | CVE-2006-4481
CVE-2006-4484
CVE-2006-4485
|
| Created: | September 8, 2006 |
Updated: | June 13, 2008 |
| Description: |
The file_exists and imap_reopen functions in PHP before 5.1.5 do not check
for the safe_mode and open_basedir settings, which allows local users to
bypass the settings (CVE-2006-4481).
A buffer overflow in the LWZReadByte function in ext/gd/libgd/gd_gif_in.c
in the GD extension in PHP before 5.1.5 allows remote attackers to have an
unknown impact via a GIF file with input_code_size greater than
MAX_LWZ_BITS, which triggers an overflow when initializing the table array
(CVE-2006-4484).
The stripos function in PHP before 5.1.5 has unknown impact and attack
vectors related to an out-of-bounds read (CVE-2006-4485). |
| Alerts: |
|
Comments (1 posted)
php: multiple vulnerabilities
| Package(s): | php |
CVE #(s): | CVE-2007-3799
CVE-2007-3998
CVE-2007-4659
CVE-2007-4658
CVE-2007-4670
CVE-2007-4661
|
| Created: | October 23, 2007 |
Updated: | May 19, 2008 |
| Description: |
From the Red Hat advisory:
Various integer overflow flaws were found in the PHP gd extension. A
script that could be forced to resize images from an untrusted source could
possibly allow a remote attacker to execute arbitrary code as the apache
user. (CVE-2007-3996)
A previous security update introduced a bug into PHP session cookie
handling. This could allow an attacker to stop a victim from viewing a
vulnerable web site if the victim has first visited a malicious web page
under the control of the attacker, and that page can set a cookie for the
vulnerable web site. (CVE-2007-4670)
A flaw was found in the PHP money_format function. If a remote attacker
was able to pass arbitrary data to the money_format function this could
possibly result in an information leak or denial of service. Note that is
is unusual for a PHP script to pass user-supplied data to the money_format
function. (CVE-2007-4658)
A flaw was found in the PHP wordwrap function. If a remote attacker was
able to pass arbitrary data to the wordwrap function this could possibly
result in a denial of service. (CVE-2007-3998)
A bug was found in PHP session cookie handling. This could allow an
attacker to create a cross-site cookie insertion attack if a victim follows
an untrusted carefully-crafted URL. (CVE-2007-3799)
A flaw was found in handling of dynamic changes to global variables. A
script which used certain functions which change global variables could
be forced to enable the register_globals configuration option, possibly
resulting in global variable injection. (CVE-2007-4659)
An integer overflow flaw was found in the PHP chunk_split function. If a
remote attacker was able to pass arbitrary data to the third argument of
chunk_split they could possibly execute arbitrary code as the apache user.
Note that it is unusual for a PHP script to use the chunk_split function
with a user-supplied third argument. (CVE-2007-4661) |
| Alerts: |
|
Comments (none posted)
php: buffer overflows
| Package(s): | php |
CVE #(s): | CVE-2006-5465
|
| Created: | November 3, 2006 |
Updated: | January 18, 2010 |
| Description: |
The Hardened-PHP Project discovered buffer overflows in
htmlentities/htmlspecialchars internal routines to the PHP Project. Of
course the whole purpose of these functions is to be filled with user
input. (The overflow can only be when UTF-8 is used) |
| Alerts: |
|
Comments (none posted)
php5: multiple vulnerabilities
| Package(s): | php5 |
CVE #(s): | CVE-2007-4657
CVE-2007-4660
CVE-2007-4662
|
| Created: | November 30, 2007 |
Updated: | July 4, 2008 |
| Description: |
Multiple integer overflows in PHP 4 before 4.4.8, and PHP 5 before 5.2.4,
allow remote attackers to obtain sensitive information (memory contents) or
cause a denial of service (thread crash) via a large len value to the (1)
strspn or (2) strcspn function, which triggers an out-of-bounds read. NOTE:
this affects different product versions than CVE-2007-3996.
(CVE-2007-4657)
Unspecified vulnerability in the chunk_split function in PHP before 5.2.4
has unknown impact and attack vectors, related to an incorrect size
calculation. (CVE-2007-4660)
Buffer overflow in the php_openssl_make_REQ function in PHP before 5.2.4
has unknown impact and attack vectors. (CVE-2007-4662) |
| Alerts: |
|
Comments (none posted)
php5: multiple vulnerabilities
| Package(s): | php5 |
CVE #(s): | CVE-2007-4783
CVE-2007-4840
CVE-2007-5898
CVE-2007-5899
CVE-2007-5900
|
| Created: | November 20, 2007 |
Updated: | January 18, 2010 |
| Description: |
The php5 package contains multiple vulnerabilities, the most serious of which involve several Denial of Service attacks (application crashes and temporary application hangs). It is not currently known that these vulnerabilities can be exploited to execute malicious code. |
| Alerts: |
|
Comments (none posted)
phpmyadmin: multiple vulnerabilities
| Package(s): | phpmyadmin |
CVE #(s): | CVE-2006-6942
CVE-2006-6944
CVE-2007-1325
CVE-2007-1395
CVE-2007-2245
|
| Created: | September 10, 2007 |
Updated: | March 19, 2009 |
| Description: |
Several remote vulnerabilities have been discovered in phpMyAdmin, a
program to administrate MySQL over the web. The Common Vulnerabilities
and Exposures project identifies the following problems:
CVE-2007-1325:
The PMA_ArrayWalkRecursive function in libraries/common.lib.php
does not limit recursion on arrays provided by users, which allows
context-dependent attackers to cause a denial of service (web
server crash) via an array with many dimensions.
CVE-2007-1395:
Incomplete blacklist vulnerability in index.php allows remote
attackers to conduct cross-site scripting (XSS) attacks by
injecting arbitrary JavaScript or HTML in a (1) db or (2) table
parameter value followed by an uppercase </SCRIPT> end tag,
which bypasses the protection against lowercase </script>.
CVE-2007-2245:
Multiple cross-site scripting (XSS) vulnerabilities allow remote
attackers to inject arbitrary web script or HTML via (1) the
fieldkey parameter to browse_foreigners.php or (2) certain input
to the PMA_sanitize function.
CVE-2006-6942:
Multiple cross-site scripting (XSS) vulnerabilities allow remote
attackers to inject arbitrary HTML or web script via (1) a comment
for a table name, as exploited through (a) db_operations.php,
(2) the db parameter to (b) db_create.php, (3) the newname parameter
to db_operations.php, the (4) query_history_latest,
(5) query_history_latest_db, and (6) querydisplay_tab parameters to
(c) querywindow.php, and (7) the pos parameter to (d) sql.php.
CVE-2006-6944:
phpMyAdmin allows remote attackers to bypass Allow/Deny access rules
that use IP addresses via false headers.
|
| Alerts: |
|
Comments (none posted)
phpMyAdmin: cross-site scripting vulnerabilities
| Package(s): | phpMyAdmin |
CVE #(s): | CVE-2007-5386
CVE-2007-5589
|
| Created: | November 2, 2007 |
Updated: | March 14, 2008 |
| Description: |
Cross-site scripting (XSS) vulnerability in scripts/setup.php in phpMyAdmin
2.11.1, when accessed by a browser that does not URL-encode requests,
allows remote attackers to inject arbitrary web script or HTML via the
query string.
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before
2.11.1.2 allow remote attackers to inject arbitrary web script or HTML via
certain input available in (1) PHP_SELF in (a) server_status.php, and (b)
grab_globals.lib.php, (c) display_change_password.lib.php, and (d)
common.lib.php in libraries/; and certain input available in PHP_SELF and
(2) PATH_INFO in libraries/common.inc.php. NOTE: there might also be other
vectors related to (3) REQUEST_URI. |
| Alerts: |
|
Comments (none posted)
phpMyAdmin: information disclosure
| Package(s): | phpMyAdmin |
CVE #(s): | CVE-2007-0095
|
| Created: | December 11, 2007 |
Updated: | September 25, 2008 |
| Description: |
phpMyAdmin 2.9.1.1 allows remote attackers to obtain sensitive information
via a direct request for themes/darkblue_orange/layout.inc.php, which
reveals the path in an error message. |
| Alerts: |
|
Comments (none posted)
phpMyAdmin: SQL injection
| Package(s): | phpMyAdmin |
CVE #(s): | CVE-2007-5976
CVE-2007-5977
|
| Created: | November 22, 2007 |
Updated: | March 19, 2009 |
| Description: |
phpMyAdmin prior to version 2.11.2.1 has an SQL injection vulnerability
in db_create.php. Remote authenticated users with CREATE DATABASE privileges can use this to execute arbitrary SQL commands via the db parameter.
db_create.php also has a related cross-site scripting vulnerability.
Remote authenticated users can inject arbitrary web scripts or HTML
using a hex-encoded IMG element in the db parameter in a POST request. |
| Alerts: |
|
Comments (none posted)
phpPgAdmin: cross-site scripting
| Package(s): | phppgadmin |
CVE #(s): | CVE-2007-2865
CVE-2007-5728
|
| Created: | June 18, 2007 |
Updated: | January 21, 2009 |
| Description: |
A cross-site scripting (XSS) vulnerability in sqledit.php in phpPgAdmin
4.1.1 allows remote attackers to inject arbitrary web script or HTML via
the server parameter. |
| Alerts: |
|
Comments (none posted)
PostgreSQL: multiple vulnerabilities
| Package(s): | postgresql |
CVE #(s): | CVE-2007-6600
CVE-2007-4772
CVE-2007-6067
CVE-2007-4769
CVE-2007-6601
|
| Created: | January 9, 2008 |
Updated: | January 17, 2013 |
| Description: |
Several vulnerabilities have been found in the PostgreSQL database manager. The developers call the fixes "critical," but also note that, as of the time of the update, none of them were known to be exploited; see this advisory for more information. |
| Alerts: |
|
Comments (none posted)
pulseaudio: denial of service
| Package(s): | pulseaudio |
CVE #(s): | CVE-2007-1804
|
| Created: | May 30, 2007 |
Updated: | March 10, 2008 |
| Description: |
The pulseaudio network code suffers from a denial of service vulnerability exploitable by an unauthenticated attacker. |
| Alerts: |
|
Comments (none posted)
python: information disclosure
| Package(s): | python |
CVE #(s): | CVE-2007-2052
|
| Created: | May 9, 2007 |
Updated: | July 30, 2009 |
| Description: |
Python 2.4 and 2.5 contain a bug in PyLocale_strxfrm() which could enable an attacker to read portions of unrelated memory. |
| Alerts: |
|
Comments (none posted)
python: integer overflows
| Package(s): | python |
CVE #(s): | CVE-2007-4965
|
| Created: | October 30, 2007 |
Updated: | July 30, 2009 |
| Description: |
Multiple integer overflows in the imageop module in Python 2.5.1 and
earlier allow context-dependent attackers to cause a denial of service
(application crash) and possibly obtain sensitive information (memory
contents) via crafted arguments to (1) the tovideo method, and unspecified
other vectors related to (2) imageop.c, (3) rbgimgmodule.c, and other
files, which trigger heap-based buffer overflows. |
| Alerts: |
|
Comments (none posted)
qemu: multiple vulnerabilities
Comments (none posted)
qemu: insufficient block device address range checking
| Package(s): | qemu, zen |
CVE #(s): | CVE-2008-0928
|
| Created: | February 29, 2008 |
Updated: | October 7, 2009 |
| Description: |
From Debian
Security: Ian Jackson discovered that accesses beyond end of qemu
emulated disk devices can result in accesses to emulator's virtual memory
space accesses and thus can allow user with sufficient privilege in guest
(root, as this would need modification to kernel's driver) to break out of
VM. |
| Alerts: |
|
Comments (none posted)
quagga: denial of service
| Package(s): | quagga |
CVE #(s): | CVE-2007-4826
|
| Created: | September 14, 2007 |
Updated: | October 25, 2010 |
| Description: |
The bgpd daemon in Quagga prior to 0.99.9 allowed remote BGP peers to cause
a denial of service crash via a malformed OPEN message or COMMUNITY
attribute. |
| Alerts: |
|
Comments (none posted)
quake: buffer overflow
| Package(s): | quake3-bin |
CVE #(s): | CVE-2006-2236
|
| Created: | May 10, 2006 |
Updated: | January 12, 2009 |
| Description: |
Games based on the Quake 3 engine are vulnerable to a buffer overflow exploitable by a hostile game server. |
| Alerts: |
|
Comments (none posted)
rails: multiple vulnerabilities
| Package(s): | rails |
CVE #(s): | CVE-2007-5380
CVE-2007-3227
CVE-2007-5379
|
| Created: | November 15, 2007 |
Updated: | December 21, 2009 |
| Description: |
Ruby on Rails has the following vulnerabilities:
ActiveResource does not properly sanitize filenames in the Hash.from_xml() function.
The session_id can be set from the URL from the session management.
The to_json() function does not properly sanitize input before it is
returned to the user. |
| Alerts: |
|
Comments (none posted)
rsync: restricted file access
| Package(s): | rsync |
CVE #(s): | CVE-2007-6199
CVE-2007-6200
|
| Created: | December 5, 2007 |
Updated: | September 23, 2011 |
| Description: |
From the CVE entry:
rsync before 3.0.0pre6, when running a writable rsync daemon that is not using chroot, allows remote attackers to access restricted files via unknown vectors that cause rsync to create a symlink that points outside of the module's hierarchy. |
| Alerts: |
|
Comments (none posted)
ruby: insufficient SSL certificate validation
| Package(s): | ruby |
CVE #(s): | CVE-2007-5162
CVE-2007-5770
|
| Created: | October 8, 2007 |
Updated: | October 10, 2008 |
| Description: |
The connect method in lib/net/http.rb in the (1) Net::HTTP and (2) Net::HTTPS libraries in Ruby 1.8.5 and 1.8.6 does not verify that the commonName (CN) field in a server certificate matches the domain name in an HTTPS request, which makes it easier for remote attackers to intercept SSL transmissions via a man-in-the-middle attack or spoofed web site. |
| Alerts: |
|
Comments (none posted)
ruby-gnome2: format string vulnerability
| Package(s): | ruby-gnome2 |
CVE #(s): | CVE-2007-6183
|
| Created: | December 7, 2007 |
Updated: | December 22, 2008 |
| Description: |
A format string vulnerability in the mdiag_initialize function in gtk/src/rbgtkmessagedialog.c in Ruby-GNOME 2 (aka Ruby/Gnome2) 0.16.0, and SVN versions before 20071127, allows context-dependent attackers to execute arbitrary code via format string specifiers in the message parameter. |
| Alerts: |
|
Comments (none posted)
samba: buffer overflow
| Package(s): | samba |
CVE #(s): | CVE-2007-4572
|
| Created: | November 15, 2007 |
Updated: | December 3, 2008 |
| Description: |
The Samba user authentication is vulnerable to a heap-based buffer overflow.
Remote unauthenticated users can use this to crash the Samba server
and cause a denial of service. |
| Alerts: |
|
Comments (none posted)
samba: stack-based buffer overflow
| Package(s): | samba |
CVE #(s): | CVE-2007-6015
|
| Created: | December 11, 2007 |
Updated: | December 3, 2008 |
| Description: |
A stack buffer overflow flaw was found in the way Samba authenticates
remote users. A remote unauthenticated user could trigger this flaw to
cause the Samba server to crash, or execute arbitrary code with the
permissions of the Samba server. |
| Alerts: |
|
Comments (none posted)
samba: buffer overflow
| Package(s): | samba |
CVE #(s): | CVE-2007-5398
|
| Created: | November 15, 2007 |
Updated: | December 3, 2008 |
| Description: |
Samba's mechanism for creating NetBIOS replies is vulnerable to a
buffer overflow. Samba servers that are configured to run as a
WINS server can be crashed by a remote unauthenticated user,
execution of arbitrary code may also be possible. |
| Alerts: |
|
Comments (none posted)
SDL_image: buffer overflows
| Package(s): | SDL_image |
CVE #(s): | CVE-2007-6697
CVE-2008-0544
|
| Created: | February 8, 2008 |
Updated: | March 27, 2008 |
| Description: |
From the Mandriva advisory: The LWZReadByte() and IMG_LoadLBM_RW() functions in SDL_image contain a boundary error that could be triggered to cause a static buffer overflow and a heap-based buffer overflow. If a user using an application linked against the SDL_image library were to open a carefully crafted GIF or IFF ILBM file, the application could crash or possibly allow for the execution of arbitrary code. |
| Alerts: |
|
Comments (none posted)
slocate: information disclosure
| Package(s): | slocate |
CVE #(s): | CVE-2007-0227
|
| Created: | February 22, 2007 |
Updated: | September 4, 2012 |
| Description: |
The slocate permission checking code has a local information disclosure
vulnerability. During the reporting of matching files, slocate does not
respect the parent directory's read permissions, resulting in hidden
filenames being viewable by other local users. |
| Alerts: |
|
Comments (none posted)
squid: denial of service
| Package(s): | squid |
CVE #(s): | CVE-2007-6239
|
| Created: | December 18, 2007 |
Updated: | March 25, 2009 |
| Description: |
A flaw was found in the way squid stored HTTP headers for cached objects
in system memory. An attacker could cause squid to use additional memory,
and trigger high CPU usage when processing requests for certain cached
objects, possibly leading to a denial of service. |
| Alerts: |
|
Comments (none posted)
streamripper: buffer overflow
| Package(s): | streamripper |
CVE #(s): | CVE-2007-4337
|
| Created: | September 14, 2007 |
Updated: | December 9, 2008 |
| Description: |
Chris Rohlf discovered several boundary errors in the
httplib_parse_sc_header() function when processing HTTP headers. |
| Alerts: |
|
Comments (none posted)
subversion: possible information leak
| Package(s): | subversion |
CVE #(s): | CVE-2007-2448
|
| Created: | October 30, 2007 |
Updated: | February 1, 2011 |
| Description: |
Subversion 1.4.3 and earlier does not properly implement the "partial
access" privilege for users who have access to changed paths but not copied
paths, which allows remote authenticated users to obtain sensitive
information (revision properties) via svn (1) propget, (2) proplist, or (3)
propedit. |
| Alerts: |
|
Comments (none posted)
Sun JDK/JRE: multiple vulnerabilities
| Package(s): | Sun JDK/JRE |
CVE #(s): | CVE-2007-2435
CVE-2007-2788
CVE-2007-2789
|
| Created: | June 1, 2007 |
Updated: | April 18, 2008 |
| Description: |
An unspecified vulnerability involving an "incorrect use of system
classes" was reported by the Fujitsu security team. Additionally, Chris
Evans from the Google Security Team reported an integer overflow
resulting in a buffer overflow in the ICC parser used with JPG or BMP
files, and an incorrect open() call to /dev/tty when processing certain
BMP files. |
| Alerts: |
|
Comments (none posted)
sysstat: insecure temporary files
| Package(s): | sysstat |
CVE #(s): | CVE-2007-3852
|
| Created: | August 20, 2007 |
Updated: | September 23, 2011 |
| Description: |
The init script (sysstat.in) in sysstat 5.1.2 up to 7.1.6 creates
/tmp/sysstat.run insecurely, which allows local users to execute arbitrary
code. |
| Alerts: |
|
Comments (1 posted)
tar: buffer overflow
| Package(s): | tar |
CVE #(s): | CVE-2007-4476
|
| Created: | October 16, 2007 |
Updated: | March 17, 2010 |
| Description: |
Buffer overflow in the safer_name_suffix function in GNU tar has unspecified attack vectors and impact, resulting in a "crashing stack." |
| Alerts: |
|
Comments (none posted)
tetex: buffer overflow
| Package(s): | tetex |
CVE #(s): | CVE-2007-0650
|
| Created: | May 8, 2007 |
Updated: | May 13, 2008 |
| Description: |
A buffer overflow in the open_sty function in mkind.c for makeindex 2.14 in
teTeX might allow user-assisted remote attackers to overwrite files and
possibly execute arbitrary code via a long filename. NOTE: other overflows
exist but might not be exploitable, such as a heap-based overflow in the
check_idx function. |
| Alerts: |
|
Comments (1 posted)
teTeX: multiple vulnerabilities
| Package(s): | tetex |
CVE #(s): | CVE-2007-5937
CVE-2007-5936
CVE-2007-5935
|
| Created: | November 19, 2007 |
Updated: | May 10, 2010 |
| Description: |
From the Gentoo advisory:
Joachim Schrod discovered several buffer overflow vulnerabilities and
an insecure temporary file creation in the "dvilj" application that is
used by dvips to convert DVI files to printer formats (CVE-2007-5937,
CVE-2007-5936). Bastien Roucaries reported that the "dvips" application
is vulnerable to two stack-based buffer overflows when processing DVI
documents with long \href{} URIs (CVE-2007-5935). teTeX also includes
code from Xpdf that is vulnerable to a memory corruption and two
heap-based buffer overflows (GLSA 200711-22); and it contains code from
T1Lib that is vulnerable to a buffer overflow when processing an overly
long font filename (GLSA 200710-12). |
| Alerts: |
|
Comments (none posted)
thunderbird: heap overflow
| Package(s): | thunderbird seamonkey |
CVE #(s): | CVE-2008-0304
|
| Created: | February 29, 2008 |
Updated: | January 8, 2009 |
| Description: |
Security research firm iDefense reported that researcher regenrecht
discovered a heap-based buffer overflow vulnerability in Mozilla mail code
which could potentially allow an attacker to run arbitrary code. The
vulnerability is caused by allocating a buffer that can be three bytes too
small in certain cases when viewing an email message with an external MIME body. |
| Alerts: |
|
Comments (none posted)
tk: buffer overflow
| Package(s): | tk |
CVE #(s): | CVE-2008-0553
|
| Created: | February 8, 2008 |
Updated: | November 6, 2008 |
| Description: |
From the Mandriva advisory: The ReadImage() function in Tk did not check CodeSize read from GIF images prior to initializing the append array, which could lead to a buffer overflow with unknown impact. |
| Alerts: |
|
Comments (none posted)
Tk: buffer overflow
| Package(s): | tk8.3 |
CVE #(s): | CVE-2007-5378
|
| Created: | November 28, 2007 |
Updated: | March 17, 2009 |
| Description: |
The Tk toolkit's GIF-reading code contains a buffer overflow which could be exploited via a malicious image file. Fixes may be found in versions 8.4.12 and 8.3.5. |
| Alerts: |
|
Comments (none posted)
tk: denial of service
| Package(s): | tk8.3 tk8.4 |
CVE #(s): | CVE-2007-5137
|
| Created: | October 12, 2007 |
Updated: | March 17, 2009 |
| Description: |
It was discovered that Tk could be made to overrun a buffer when loading
certain images. If a user were tricked into opening a specially crafted GIF
image, remote attackers could cause a denial of service or execute
arbitrary code with user privileges. |
| Alerts: |
|
Comments (none posted)
tomboy: execution of arbitrary code
| Package(s): | tomboy |
CVE #(s): | CVE-2005-4790
|
| Created: | November 9, 2007 |
Updated: | February 22, 2011 |
| Description: |
Jan Oravec reported that the "/usr/bin/tomboy" script sets the
"LD_LIBRARY_PATH" environment variable incorrectly, which might result
in the current working directory (.) to be included when searching for
dynamically linked libraries of the Mono Runtime application.
Note that the tomboy vulnerability was added in 2007. |
| Alerts: |
|
Comments (none posted)
tomcat: cross-site scripting
| Package(s): | tomcat |
CVE #(s): | CVE-2007-2449
CVE-2007-2450
|
| Created: | July 17, 2007 |
Updated: | February 17, 2009 |
| Description: |
Some JSPs within the 'examples' web application did not escape user
provided data. If the JSP examples were accessible, this flaw could allow a
remote attacker to perform cross-site scripting attacks (CVE-2007-2449).
Note: it is recommended the 'examples' web application not be installed on
a production system.
The Manager and Host Manager web applications did not escape user provided
data. If a user is logged in to the Manager or Host Manager web
application, an attacker could perform a cross-site scripting attack
(CVE-2007-2450). |
| Alerts: |
|
Comments (1 posted)
tomcat: multiple vulnerabilities
| Package(s): | tomcat |
CVE #(s): | CVE-2007-3382
CVE-2007-3385
CVE-2007-3386
|
| Created: | September 26, 2007 |
Updated: | September 13, 2010 |
| Description: |
Tomcat was found treating single quote characters -- ' -- as delimiters in
cookies. This could allow remote attackers to obtain sensitive information,
such as session IDs, for session hijacking attacks (CVE-2007-3382).
It was reported Tomcat did not properly handle the following character
sequence in a cookie: \" (a backslash followed by a double-quote). It was
possible remote attackers could use this failure to obtain sensitive
information, such as session IDs, for session hijacking attacks
(CVE-2007-3385).
A cross-site scripting (XSS) vulnerability existed in the Host Manager
Servlet. This allowed remote attackers to inject arbitrary HTML and web
script via crafted requests (CVE-2007-3386). |
| Alerts: |
|
Comments (none posted)
tomcat: arbitrary file disclosure via path traversal
| Package(s): | tomcat5 |
CVE #(s): | CVE-2007-5461
|
| Created: | November 19, 2007 |
Updated: | February 17, 2009 |
| Description: |
From the CVE entry:
Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag. |
| Alerts: |
|
Comments (none posted)
tomcat: multiple vulnerabilities
Comments (none posted)
tomcat: information disclosure
| Package(s): | tomcat5.5 |
CVE #(s): | CVE-2008-0128
|
| Created: | January 21, 2008 |
Updated: | March 7, 2008 |
| Description: |
From the Debian advisory:
Olaf Kock discovered that HTTPS encryption was insufficiently
enforced for single-sign-on cookies, which could result in
information disclosure.
|
| Alerts: |
|
Comments (none posted)
tshark, wireshark: multiple vulnerabilities
| Package(s): | tshark,wireshark |
CVE #(s): | CVE-2008-1070
CVE-2008-1071
CVE-2008-1072
|
| Created: | March 3, 2008 |
Updated: | October 2, 2008 |
| Description: |
From the rPath advisory:
Previous versions of the wireshark package are vulnerable
to multiple types of Denial of Service attacks, including
crashes and excessive memory consumption. It has not been
determined that these vulnerabilities can be exploited to
execute malicious code.
|
| Alerts: |
|
Comments (none posted)
viewvc: multiple access violations
| Package(s): | viewvc |
CVE #(s): | |
| Created: | March 3, 2008 |
Updated: | March 5, 2008 |
| Description: |
From the Fedora advisory:
These security issues have been fixed: - omit commits of all-forbidden files
from query results - disallow direct URL navigation to hidden CVSROOT folder -
strip forbidden paths from revision view - don't traverse log history thru
forbidden locations - honor forbiddenness via diff view path parameters
|
| Alerts: |
|
Comments (none posted)
vim: arbitrary code execution
| Package(s): | vim |
CVE #(s): | CVE-2007-2953
|
| Created: | July 30, 2007 |
Updated: | November 27, 2008 |
| Description: |
vim is vulnerable to a user-assisted attack in which vim may execute arbitrary code when helptags is run on data that has been maliciously crafted. |
| Alerts: |
|
Comments (none posted)
vlc: several vulnerabilities
| Package(s): | vlc |
CVE #(s): | CVE-2007-3316
CVE-2007-3467
CVE-2007-3468
|
| Created: | July 10, 2007 |
Updated: | March 10, 2008 |
| Description: |
Several remote vulnerabilities have been discovered in the VideoLan
multimedia player and streamer, which may lead to the execution of
arbitrary code. |
| Alerts: |
|
Comments (none posted)
wml: multiple file overwrite vulnerabilities
| Package(s): | wml |
CVE #(s): | CVE-2008-0665
CVE-2008-0666
|
| Created: | February 11, 2008 |
Updated: | April 28, 2008 |
| Description: |
From the Debian advisory:
Frank Lichtenheld and Nico Golde discovered that WML, an off-line HTML
generation toolkit, creates insecure temporary files in the eperl and
ipp backends and in the wmg.cgi script, which could lead to local denial
of service by overwriting files.
|
| Alerts: |
|
Comments (none posted)
wordpress: remote editing via unknown vectors
| Package(s): | wordpress |
CVE #(s): | CVE-2008-0664
|
| Created: | February 13, 2008 |
Updated: | July 4, 2008 |
| Description: |
From the CVE:
The XML-RPC implementation (xmlrpc.php) in WordPress before 2.3.3, when registration is enabled, allows remote attackers to edit posts of other blog users via unknown vectors. |
| Alerts: |
|
Comments (none posted)
xdg-utils: arbitrary command execution
| Package(s): | xdg-utils |
CVE #(s): | CVE-2008-0386
|
| Created: | January 31, 2008 |
Updated: | February 3, 2009 |
| Description: |
From the Gentoo alert:
Miroslav Lichvar discovered that the "xdg-open" and "xdg-email" shell
scripts do not properly sanitize their input before processing it.
A remote attacker could entice a user to open a specially crafted link
with a vulnerable application using Xdg-Utils (e.g. an email client),
resulting in the execution of arbitrary code with the privileges of the
user running the application. |
| Alerts: |
|
Comments (1 posted)
xen-utils: insecure temp files
| Package(s): | xen-utils |
CVE #(s): | CVE-2007-3919
|
| Created: | October 25, 2007 |
Updated: | May 16, 2008 |
| Description: |
The xen-utils collection of XEN administrative tools uses temporary files
insecurely. Local users can use this to truncate arbitrary files. |
| Alerts: |
|
Comments (none posted)
XFree86 X.org: integer overflows
| Package(s): | xfree86 x.org |
CVE #(s): | CVE-2007-1003
CVE-2007-1667
CVE-2007-1351
CVE-2007-1352
|
| Created: | April 3, 2007 |
Updated: | August 11, 2009 |
| Description: |
iDefense reported an integer overflow flaw in the XFree86 XC-MISC
extension. A malicious authorized client could exploit this issue to cause
a denial of service (crash) or potentially execute arbitrary code with root
privileges on the XFree86 server. (CVE-2007-1003)
iDefense reported two integer overflows in the way X.org handled various
font files. A malicious local user could exploit these issues to
potentially execute arbitrary code with the privileges of the X.org server.
(CVE-2007-1351, CVE-2007-1352)
An integer overflow flaw was found in the XFree86 XGetPixel() function.
Improper use of this function could cause an application calling it to
function improperly, possibly leading to a crash or arbitrary code
execution. (CVE-2007-1667) |
| Alerts: |
|
Comments (none posted)
xine-lib: arbitrary code execution
| Package(s): | xine-lib |
CVE #(s): | CVE-2007-1387
|
| Created: | March 13, 2007 |
Updated: | April 1, 2008 |
| Description: |
Moritz Jodeit discovered that the DirectShow loader of Xine did not
correctly validate the size of an allocated buffer. By tricking a user
into opening a specially crafted media file, an attacker could execute
arbitrary code with the user's privileges. |
| Alerts: |
|
Comments (none posted)
xine-lib: buffer overflow
| Package(s): | xine-lib |
CVE #(s): | CVE-2008-0225
|
| Created: | January 16, 2008 |
Updated: | August 7, 2008 |
| Description: |
xine-lib contains a buffer overflow which could be exploited (via a specially-crafted stream) to execute arbitrary code; see this advisory for more information. |
| Alerts: |
|
Comments (none posted)
xine-lib: buffer overflows
| Package(s): | xine-lib |
CVE #(s): | CVE-2008-0238
|
| Created: | January 23, 2008 |
Updated: | August 7, 2008 |
| Description: |
From the CVE entry: Multiple heap-based buffer overflows in the rmff_dump_cont function in input/libreal/rmff.c in xine-lib 1.1.9 allow remote attackers to execute arbitrary code via the SDP (1) Title, (2) Author, or (3) Copyright attribute, related to the rmff_dump_header function. |
| Alerts: |
|
Comments (none posted)
xmms: BMP handling vulnerability
| Package(s): | xmms |
CVE #(s): | CVE-2007-0653
CVE-2007-0654
|
| Created: | March 28, 2007 |
Updated: | July 26, 2011 |
| Description: |
xmms suffers from vulnerabilities in its handling of BMP images. Should a hostile image be included in an xmms skin, it could lead to code execution on the user's system. |
| Alerts: |
|
Comments (none posted)
Xorg: multiple vulnerabilities
Comments (none posted)
X.org: temp file vulnerability
| Package(s): | X.org |
CVE #(s): | CVE-2007-3103
|
| Created: | July 12, 2007 |
Updated: | July 2, 2009 |
| Description: |
The X.Org X11 xfs font server has a temp file vulnerability in the
startup script. A local user can modify the permissions of the script
in order to elevate their local privileges. |
| Alerts: |
|
Comments (none posted)
xulrunner, firefox, thunderbird: multiple vulnerabilities
| Package(s): | xulrunner, firefox, thunderbird |
CVE #(s): | CVE-2007-1095
CVE-2007-2292
CVE-2007-3511
CVE-2007-5334
CVE-2007-5337
CVE-2007-5338
CVE-2007-5339
CVE-2007-5340
CVE-2006-2894
|
| Created: | October 22, 2007 |
Updated: | May 12, 2008 |
| Description: |
From the Debian advisory:
CVE-2007-1095:
Michal Zalewski discovered that the unload event handler had access to
the address of the next page to be loaded, which could allow information
disclosure or spoofing.
CVE-2007-2292:
Stefano Di Paola discovered that insufficient validation of user names
used in Digest authentication on a web site allows HTTP response splitting
attacks.
CVE-2007-3511:
It was discovered that insecure focus handling of the file upload
control can lead to information disclosure. This is a variant of
CVE-2006-2894.
CVE-2007-5334:
Eli Friedman discovered that web pages written in Xul markup can hide the
titlebar of windows, which can lead to spoofing attacks.
CVE-2007-5337:
Georgi Guninski discovered the insecure handling of smb:// and sftp:// URI
schemes may lead to information disclosure. This vulnerability is only
exploitable if Gnome-VFS support is present on the system.
CVE-2007-5338:
"moz_bug_r_a4" discovered that the protection scheme offered by XPCNativeWrappers
could be bypassed, which might allow privilege escalation.
CVE-2007-5339:
L. David Baron, Boris Zbarsky, Georgi Guninski, Paul Nickerson, Olli Pettay,
Jesse Ruderman, Vladimir Sukhoy, Daniel Veditz, and Martijn Wargers discovered
crashes in the layout engine, which might allow the execution of arbitrary code.
CVE-2007-5340:
Igor Bukanov, Eli Friedman, and Jesse Ruderman discovered crashes in the
Javascript engine, which might allow the execution of arbitrary code.
|
| Alerts: |
|
Comments (1 posted)
Page editor: Jake Edge
Kernel development
Brief items
The current 2.6 development kernel is 2.6.25-rc5, released on March 9. Linus
says: " So the size of the -rc patches is finally starting to shrink,
but we still have way too many outstanding regression reports." See
the announcement for the short-form changelog, or the
long-form changelog for all the details.
The flow of patches into the mainline git repository continues; they are
mostly fixes, but, since the 2.6.25-rc5 release, Linus has also merged
drivers for JMicron jmb38x MemoryStick host controllers, Varitronix
VL-PS-COG-T350MCQB-01 displays, and RouterBoard 500 PATA Compact Flash
controllers and removed the x86 quicklist feature.
The current -mm tree is 2.6.25-rc5-mm1. Recent changes
to -mm include a number of memory policy changes, a rework of the signal
delivery code, the simple tracing
infrastructure, and a lot of cleanup patches.
There have been no stable kernel releases over the last week.
Comments (none posted)
Kernel development news
Things are going much much more smoothly now than they were in
2.6.24-rcX and 2.6.23-rcX. Tree integration problems are
negligible and build errors are far fewer and runtime problems seem
to be less too. Fingers crossed.
-- Andrew Morton
That is not particularly important, because Linux isn't a GNU
package. If it were a GNU package, I would write to its
maintainers to suggest using Bzr.
-- Richard Stallman
Comments (16 posted)
By Jonathan Corbet
March 10, 2008
As any device driver author knows, hardware can be a pain sometimes. In
the early days of Linux, peripherals attached to the ISA bus inflicted
their particular variety of pain by being unable to use more than
24 bits to access memory. What that meant, in practical terms, was
that ISA devices could not perform DMA operations on memory above 16MB.
The PCI bus lifted that restriction, but, for some time, there were quite a
few "PCI" devices that were minimally modified ISA peripherals; many of
those retained the 16MB limit.
To handle the needs of these devices, Linux has long maintained the DMA
memory zone. Drivers which need to allocate memory from that zone would
specify GFP_DMA in their allocation requests. The memory management code
takes special care to keep memory in that zone available so that DMA
requests can be satisfied. In this way, the system can provide reasonable
assurance that memory will be available to perform DMA in ways which meet
the special needs of this particularly challenged hardware.
The only problem is that there aren't a whole lot of devices out there
which still have the old 24-bit addressing limitation. So the DMA zone
tends to sit idle. Meanwhile, there are devices with other sorts of
limitations. Many peripherals only handle 32-bit addresses, so their DMA
buffers must be allocated in the bottom 4GB of memory. There is a subset,
however, with stranger limitations - 30 or 31-bit addresses, for example.
The kernel's DMA library provides a way for drivers to disclose that sort
of embarrassing limitation, but the memory management code does not really
help the DMA layer make allocations which satisfy those constraints. So
drivers for such devices must use the DMA zone (which may not be present on
all architectures), or hope that normal zone memory fits the bill.
Andi Kleen has set out to clean up this situation with a new DMA memory allocator. His
solution is to take a chunk of memory out of the kernel's buddy allocator
entirely and manage it in an entirely different way, forming a reserve pool
for DMA allocations. The result is a bit
of a departure from normal Linux memory management algorithms, but it may
well be better suited to the task at hand.
The new "mask" allocator grabs a configurable chunk of low memory at boot
time. Allocations from this region are made with a separate set of calls,
with the core API being:
struct page *alloc_pages_mask(gfp_t gfp, unsigned size, u64 mask);
void __free_pages_mask(struct page *page, unsigned size);
void *get_pages_mask(gfp_t gfp, unsigned size, u64 mask);
void free_pages_mask(void *mem, unsigned size);
alloc_pages_mask() looks a lot like the longstanding
alloc_pages() function, but there's some important differences.
The size parameter is the desired size of the allocation, rather
than the "order" value used by alloc_pages(), and mask
describes the range of usable addresses for this allocation. Though
mask looks like a bitmask, it is really better understood as the
address value that the allocated memory should have; "holes" in the mask
would make no sense.
A call to alloc_pages_mask() will first attempt to allocate the
requested memory using the normal Linux memory allocator, on the assumption
that the reserved DMA memory is an especially limited resource. If the
allocation fails, perhaps because there's no physically-contiguous chunk of
sufficient size available, then the allocator will dip into the reserved
DMA pool. If the normal allocation succeeds, though, the allocated memory
must still be tested against the maximum allowable address: the normal
memory allocator, remember, has no support for allocating below an arbitrary
address. So if the returned memory is out of bounds, it must be
immediately freed and the reserved pool will be used instead.
That reserved pool is not managed like the rest of memory. Rather than the
buddy lists maintained by the slab allocator, the DMA allocator has a
simple bitmap describing which pages are available. It will normally cycle
through the entire memory region, allocating the next available chunk of
sufficient size. If that chunk is above the memory limit, though, the
allocator will move back to the lower end of the reserved pool and allocate
from there instead. Since DMA allocations tend to be short-lived, one
would expect that a suitable block of memory would either be available or
become available in the near future.
One other difference of note is that, unlike the slab allocator, the DMA
allocator does not round memory allocation sizes up to the next power of
two. DMA allocations can be relatively large, so that rounding can result
in significant internal fragmentation and memory waste.
At the next level up, Andi has added a new form of mempool which uses the
DMA allocator:
mempool_t *mempool_create_pool_pmask(int min_nr, int size, u64 mask);
This pool will behave like normal mempools, with the exception that all
allocations will be below the limit passed in as mask. These pools are used
in the block layer, where memory allocations for DMA must succeed.
One might object that reserving a big chunk of low memory for this purpose
reduces the total amount of memory available to the system - especially if
the DMA allocator is cherry-picking normal memory whenever it can anyway.
But the cost is not as bad as one might think. These patches do away with
the old DMA zone, which, for all practical purposes, was already managed as
a reserved (and often unused) memory area. Some 64-bit architectures also
set aside a significant chunk (around 64MB) of low memory for the swiotlb -
essentially a set of bounce buffers used for impedance matching between
high memory (>4GB) buffers and devices which cannot handle more than
32-bit addresses. With Andi's patch set, the swiotlb, too, makes
allocations from the DMA area and no longer has its own dedicated memory
pool. So the total amount of memory set aside for I/O will not change very
much; it could, in fact, get smaller.
For most driver authors, there will be little in the way of required
changes if this patch set gets merged. The DMA layer already allows
drivers to specify an address mask with dma_set_mask(); with the
DMA allocator in place, that mask will be better observed. The one change
which might affect a few drivers is further down the line: eventually the
GFP_DMA memory allocation flag will go away. Any driver which
still uses this flag should set a proper mask instead.
So far, there has been little discussion resulting from the posting of
these patches. Silence does not mean assent, of course, but it would
appear that there is little opposition to this set of changes.
Comments (2 posted)
By Jonathan Corbet
March 12, 2008
We have not yet reached a point where systems - even high-end boxes - come
with a terabyte of installed memory. But products like those from Violin Memory make it clear that
the day is coming; one can buy a Violin box with 500GB in it now. So it
seems worth asking the question: once one has spent the not inconsiderable
sum to buy a box like that, what does one do with all that memory -
especially now that the Firefox developers have gotten serious about fixing
memory leaks?
Perhaps it's time for some wild ideas. And there is no better source for
such ideas than Daniel Phillips, whose Ramback patch has stirred up a
bit of discussion this week. The core idea behind Ramback is that all of
that memory is turned into a ramdisk, but with a persistent device attached
to it. In normal conditions, all application I/O involves only the
ramdisk, and is, thus, quite fast ("Every little factor of 25
performance increase really helps."). In the background, the kernel
worries
about synchronizing data from the ramdisk onto permanent storage. But the
synchronization process is mostly concerned with I/O performance, rather
than providing guarantees about just when any given block will make it onto
the disk platters.
Ramback thus differs from the normal block I/O caching done by the kernel
in a number of ways. It keeps the entire device in memory, so that, in
steady-state operation, applications need never encounter a disk I/O
delay. Should an application call fsync(), the expected result
(blocking until the data is written to physical media) will not happen.
Filesystems take great care to order operations in a way that minimizes the
risk of data loss in a crash; Ramback ignores all of that and writes data
to physical media in whatever order it decides is best. As Daniel put it, the "most basic principle" of
Ramback's design is:
[T]he backing store is not expected to represent a consistent
filesystem state during normal operation. Only the ramdisk needs
to maintain a consistent state, which I have taken care to ensure.
You just need to believe in your battery, Linux and the hardware it
runs on. Which of these do you mistrust?
Ramback does include an emergency mode which will endeavor to bring the
disk up to date in a hurry should the UPS indicate that power has been
lost. But that does not seem to be enough for everybody.
In the resulting discussion, nobody complained about the sort of
performance benefits that a tool like Ramback could provide. But there was
a lot of concern about data integrity; it seems that many people distrust
their battery, their hardware, and Linux. And that has led to a
sort of impasse, with several developers claiming that Ramback would be too
risky to use and Daniel dismissing their concerns as FUD.
FUD or not, those concerns are likely to be a difficult barrier for Ramback
to overcome. Meanwhile, Daniel is looking for people to help test out the
code, but that presents challenges of its own:
This driver is ready to try for a sufficiently brave developer. It
will deadlock and livelock in various ways and you will have to
reboot to remove it. But it can already be coaxed into running
well enough for benchmarks, and when it solidifies it will be
pretty darn amazing.
So far, reports from suitably courageous testers have been, well, scarce.
Your editor fears that this work could suffer the same fate as many of
Daniel's other patches: they can contain brilliant ideas and great coding
but just don't quite survive the encounter with the real, messy world.
But we need people thinking about how our systems will work in the
coming years; one hopes that Daniel won't stop.
Comments (33 posted)
By Jake Edge
March 7, 2008
A change to GCC for a recent release coupled with a kernel bug has created
a messy situation, with possible security implications. GCC changed some
assumptions about x86 processor flags, in accordance with the ABI standard,
that can lead to memory corruption for programs built with GCC 4.3.0. No
one has come up with a way to exploit the flaw, at least yet, but it
clearly is a problem that needs to be addressed.
The problem revolves around the x86 direction flag (DF), which governs
whether block memory operations operate forward through memory or
backwards. The main use for the flag is to support overlapping memory
copies, where working backwards through memory may be required so that the data
being copied does not get overwritten as the copy progresses. Debian
hacker Aurélien Jarno reported the problem to
linux-kernel on March 5th, which was found when building Steel Bank
Common Lisp (SBCL) using the new compiler.
GCC's most recent
release, 4.3.0, assumes that the direction flag has been cleared
(i.e. memory operations go in a forward direction) at the entry of each
function, as is specified by the ABI (which is, somewhat amusingly, found at
sco.com [PDF]). Unfortunately, this clashes with
Linux signal handlers, which get called, incorrectly, with the flag in
whatever state it was in when the signal occurred. This has the effect of
leaking one bit of state from the user space process that was running when
the signal occurred to the signal handler, which could be in another process.
That, in itself, is a bug, seemingly with fairly minimal impact. Prior to 4.3, GCC
would emit a cld (clear direction flag) opcode before doing inline
string
or memory operations, so those operations would start from a known state.
In 4.3, GCC relies on the ABI mandate that the direction flag is cleared before
entry to a function, which means that the kernel needs to arrange that
before calling a signal handler. It currently doesn't, but a small patch fixes that.
The window of vulnerability is small, but was observed in SBCL. The
sequence of events that would lead to memory corruption are as follows:
- a user space program does an operation (memmove() for example)
that sets DF
- a signal occurs for some process
- the kernel calls the signal handler
- the signal handler does a memmove() in what it thinks is a
forward direction
- the memory is copied in the reverse direction, leading to corruption
It is hard to see how that could be turned into a security breach, but it
would be a mistake to assume that it can't. Other kernel bugs, like the
one that allowed the recent vmsplice()
exploit, have looked liked memory corruption, but were found to be more than
that. The DF issue may turn out to be harmless from a security standpoint,
but it should not be assumed.
So, now the question is: what to do about it. It is clear that the kernel
should not leak the DF state to signal handlers, regardless of what GCC
does. It is interesting to note that this behavior is the same (DF is not
cleared on entry to a signal handler) on BSD
kernels, leading some to claim that it is the ABI that is incorrect and
that GCC should revert to its old behavior. Solaris kernels do
clear the DF before calling signal handlers. This problem has existed for
15 years; GCC has always emitted code that worked correctly on kernels
that did not follow the ABI, until now.
Part of the problem is that there are an enormous number of installed
kernels that are vulnerable to this problem, but only if GCC 4.3 is
installed. That version of GCC is not, yet, in widespread use, so the
thinking is that GCC should revert its behavior now, before it gets into
distributions. As kernels with the fix become more widespread, the
"proper" behavior could be restored. The GCC folks don't necessarily see
it that way, so it is unclear what will happen.
While it is true that distributors can control what kernel version and GCC
version they ship, those aren't the only ways that either GCC or
GCC-compiled binaries get installed. It is a bit of ticking time bomb for
random memory corruption at a minimum. Handling those bug reports will be
very difficult and time consuming. While the new behavior of GCC is
correct, and the kernel is broken, it would be very helpful to back out
this change, perhaps providing the new behavior via a command-line argument
for those who are sure their binaries will be running on patched kernels. Some discussion
on the gcc-devel list would indicate that a GCC 4.3.0.1 or 4.3.1 may be
forthcoming.
Comments (53 posted)
Patches and updates
Kernel trees
Core kernel code
Development tools
Device drivers
Documentation
Filesystems and block I/O
Memory management
Networking
Architecture-specific
Security-related
Virtualization and containers
Miscellaneous
Page editor: Jonathan Corbet
Distributions
News and Editorials
By Jake Edge
March 12, 2008
A note from the Debian security
team shows a number of new initiatives and plans. The team recently
expanded by two while looking for up to two more folks to round it out.
That, coupled with a number of new initiatives makes for some interesting
news from the Debian security world.
Adding people to the team adds
more eyes to find bugs, but, perhaps more importantly, adds more hands to
actually patch the code when bugs are found. In many cases, the upstream
project will
fix the vulnerability in its latest release, leaving the distribution security team
to backport the fix into whatever version they are shipping. This takes
knowledge; one must understand the code and how to build it for Debian. They
have not set the bar low for the kind of folks they are looking for:
You need to be familiar with how the wide variety Debian packages
are maintained, patched and built. If you're not scared by
packages generating their patch series by applying sed statements
from cdbs include files before passing the patches through an
awk filter to quilt until they're finally built with yada, you
might be the right person.
The team is now using Request Tracker to track security bugs and updates.
Two separate categories have been established, one for upstream bugs that
are not yet public, the other for publicly known bugs. This allows the
team to track all the bugs, but not prematurely release information about
security vulnerabilities that are not yet public.
Two other changes will help with the quality of security patches. The
first is a public patch review mailing list that is being formed to allow
interested parties to see what patches are being proposed. Presumably this
would only apply to public vulnerabilities or the list membership will need
to be tightly controlled.
The other quality boosting change is to use the time between when a patch
is completed and when it is has been ported and built for all of the
architectures to further test the patch. The team is looking for large
installations that normally install security updates in their own test
environment before rolling them out to their live systems. Leveraging
those test environments to further exercise the patched code can only lead
to better code in the long run.
Security is an important part of any distribution, so it is nice to see
these kinds of initiatives. More team members, testing, and tracking are
all likely to bring about a faster and better response to security problems
in the future.
Comments (none posted)
New Releases
The first release candidate of 64 Studio 2.1 has been announced. Click
below for a list of known bugs and other information.
Full Story (comments: none)
The sixth Alpha release of the Hardy Heron is available for testing. It
can be downloaded for Ubuntu, Kubuntu, Kubuntu-KDE4, Edubuntu, Ubuntu JeOS,
Xubuntu, Gobuntu and UbuntuStudio; depending on your flavor preference.
Full Story (comments: none)
Distribution News
Debian GNU/Linux
Three candidates for the Debian Project Leader (DPL) position have been identified. Marc 'HE' Brockschmidt, Raphaël Hertzog, and Steve McIntyre will be starting to campaign for the position. Voting begins March 30th. Click below for more information.
Full Story (comments: none)
Debian now support the armel architecture. " Armel supports many
modern ARM instruction sets that were not possible with the old port, such
as thumb, VFP and NEON. And very important for the port in general, armel
is well supported upstream, while the old abi risks bitrotting."
Full Story (comments: none)
Fedora
The official re-launch of the Fedora Bug Triage Process has been
announced. " Are you looking for a meaningful way to contribute to
Fedora that does not require you to be a developer or package maintainer?
Do you have a genuine desire to help people? Do you want to learn more
about a particular component within Fedora? If so, then the triage team is
for you!"
Full Story (comments: none)
You can now watch for Fedora bugs in your RSS reader. Locate the newest
bugs for triaging by adding a feed for Fedora 7, Fedora 8 or rawhide.
Full Story (comments: none)
A new Fedora Bangladesh mailing list has been created for Fedora and Red
Hat Bangladeshi Users.
Full Story (comments: none)
The Brazilian branch of the Fedora Project has announced the release of the
first issue of Revista Fedora Brasil (Fedora Brazil Magazine), an online
magazine about Fedora made by Brazilian Ambassadors and Linux community
members for those who speak Portuguese. The first edition features Fedora 8
and contains much more.
Full Story (comments: 1)
Red Hat Enterprise Linux
This is about a month old, better late than never...Red Hat Magazine has put up a "tips and tricks article" on a question which must be on the top of everybody's list: How does one properly refer to Red Hat Enterprise Linux? They provide a couple dozen verbose alternatives, then assert: " It is never correct to abbreviate 'Red Hat Enterprise Linux' as 'RHEL'" A search for "RHEL" on redhat.com suggests that a few in-house people haven't gotten this memo yet. (Seen on 451 CAOS Theory).
Comments (23 posted)
SUSE Linux and openSUSE
The openSUSE project has announced the merger of the three largest English
speaking dedicated SUSE forums, into the new official openSUSE Forums at
forums.opensuse.org.
Full Story (comments: none)
Distribution Newsletters
The Ubuntu Weekly Newsletter for March 8, 2008 covers the release of Hardy
Alpha 6, interesting Brainstorm stats, interview with Server developer
Mathias Gug, and much more.
Full Story (comments: none)
The March 2008
edition of PCLinuxOS Magazine is out. Articles include "Dansguardian
Howto", "Miro, Miro, on the wall", "KDE User Guide Chapter 1", and much
more.
Comments (none posted)
This week the OpenSUSE Weekly
News covers the announcement of the Official openSUSE Forums, Preparing
for Board elections, openSUSE User-base growing nicely, Firefox 3.0 Beta 4
Packages, New YaST/ZYpp repository layout, In Tips and Tricks: Creating a
DVD from YouTube videos, and more.
Comments (none posted)
The Fedora Weekly News for March 3, 2008 is out. This edition looks at
Planet Fedora articles "Bonnie in Laurinburg", "RSS feeds of bugs!",
"Howto: Test the WebKit engine in Fedora" and "Hints for making Evolution
faster"; Fedora Marketing articles "Interview with Max Spevack and Paul
Frields", "Linux Powers The Spiderwick Chronicles", "Name for Fedora
Compute Grid Project", "ext4 Implementation Interview"; and several other
topics.
Full Story (comments: none)
The DistroWatch
Weekly for March 10, 2008 is out. " This week belongs to the fans
of GNOME. The brand new version 2.22 of the popular desktop environment is
scheduled for release on Wednesday and everything suggests that we can
expect another great set of improvements that will grace the upcoming
releases of all major distributions. In the news section, we'll take a
quick look at the new features and applications in Mandriva Linux 2008.1,
follow the development of the Xfce spin of Fedora 9, pass on a request from
Theo de Raadt to test the upcoming OpenBSD 4.3, and link to the freely
downloadable DVD images of Yellow Dog Linux 6.0. Finally, while we all
await impatiently the first beta release of Gentoo Linux 2008.0, we take a
look at some of the exciting new features in the upcoming release of the
Gentoo-based Sabayon Linux 3.5."
Comments (none posted)
Interviews
Rodrigo Menezes talks with
Eric Sandeen about the ext4 implementation in Fedora 9. " How
much upstream development does Fedora drive on Ext4? Eric Sandeen:
ext4 development has been a joint effort by several entities. A quick look
at the linux-ext4 mailing list will show contributions from several
companies and individuals, all interested in helping to develop ext4. One
of my responsibilities at Red Hat is to do filesystem work for Fedora and
RHEL, so I've also been doing what I can to move things along by submitting
patches, testing, fixing, etc."
Comments (29 posted)
People of openSUSE introduce
Detlef Reichelt. " When did you join the openSUSE community and
what made you do that? In the year 2004 I joined the PackMan-Team. At
this time I was looking for x86_64 RPMs. When I realized that there was
nothing available, I rebuilt the PackMan-RPMs for x86_64."
Comments (none posted)
Page editor: Rebecca Sobol
Development
By Forrest Cook
March 11, 2008
The
S.M.A.R.T. Monitoring Tools (Smartmontools) is a cross-platform
set of utilities that are able to monitor operating data from
hard drives:
The smartmontools package contains two utility programs (smartctl and smartd) to control and monitor storage systems using the Self-Monitoring, Analysis and Reporting Technology System (SMART) built into most modern ATA and SCSI hard disks.
In many cases, these utilities will provide advanced warning of disk degradation and failure. It should run on any modern Darwin (Mac OSX), Linux, FreeBSD, NetBSD, OpenBSD, Solaris, OS/2, eComStation, QNX, or Windows system.
Wikipedia defines
SMART
as the Self-Monitoring, Analysis, and Reporting Technology:
"Mechanical failures, which are usually predictable failures, account for 60 percent of drive failure. The purpose of S.M.A.R.T. is to warn a user or system administrator of impending drive failure while time remains to take preventative action such as copying the data to a replacement device. Approximately 30% of failures can be predicted by S.M.A.R.T."
Version 5.38 of Smartmontools was recently
announced. Improvements include:
- Several Libata/Marvell driver improvements.
- New additions to the drive database.
- ATA-8 updates.
- New Dragonfly support.
- Support for the QNX operating system.
- A new no-fork option for smartd.
- Better support for systems with large numbers of disks.
- Improvements to the descriptions of the SMART Attribute list.
- A workaround for a Samsung firmware bug.
- Improvements to the CCISS support system.
- New selective self-test command line options.
- Build system portability improvements.
- Numerous bug fixes.
Building Smartmontools was straightforward. The code was downloaded and
unpacked. The usual configure, make and make install steps were
performed on an Ubuntu 7.04 system with no troubles.
The operation instructions from the README file were followed and
the software was able to discover data from the one hard drive on
the test system. This
example output
shows the wide variety of drive information that Smartmontools
can display. The drive appears to be healthy.
If you are a systems administrator who needs to keep track of hard
drive reliability data, Smartmontools be able to provide
some useful drive information. With the addition of a small
amount of glue-logic scripting, it should not be too difficult to
set up an automated drive monitoring system.
Comments (10 posted)
System Applications
Database Software
Release Candidate 2 of the
Firebird DBMS has been announced.
" The Firebird Project team is happy to announce that download kits for the second (and hopefully, last) V.2.1 release candidate are now available for Windows and Linux 32-bit and 64-bit platforms. MacOSX Intel 32-bit are there, x64 still in QA, coming soon.
You are invited to test it with as much rigour and vigor as you like and report your experiences (good or bad) back to the firebird-devel or the firebird-test list."
Comments (none posted)
Version 6.0.4 alpha of the MySQL DBMS has been announced.
" MySQL 6.0.4-alpha, a new version of the MySQL database system including
the Falcon transactional storage engine (now at beta stage), has been
released."
Full Story (comments: none)
Version 8.3 of Security-Enhanced PostgreSQL (SE-PostgreSQL), a DBMS that is
built on the SELinux architecture, has been announced.
" The base version was upgraded to PostgreSQL 8.3.0
It enabled to share external libraries (like -contrib package)
with original PostgreSQL.
Cumulative bugfixes."
Full Story (comments: none)
The March 9, 2008 edition of the Postgres Weekly News
is online with the latest PostgreSQL DBMS articles and resources.
Full Story (comments: none)
Interoperability
Version 3.0.28a of Samba has been announced.
" This is a bug fix release of the Samba 3.0.28 code base and
is the version that servers should be run for for all current
Samba 3.0 bug fixes."
Full Story (comments: none)
Networking Tools
The Alpha 7 release of d3vscan has been
announced.
" d3vscan is a simple yet powerful[] network and bluetooth scanner which is based on PyGTK.
d3vscan is a network manager which is able to uniquely identify and graphically plot network & Bluetooth devices to provide a higher degree of understanding of a particular network.d3vscan is also simple enough to be used by an average end user for free.
Alpha 7 release features Map View for Bluetooth and Network modes."
Comments (none posted)
Security
Version 0.9.6 of conntrack-tools has been announced.
" The netfilter project proudly presents another development release of
the conntrack-tools. This release includes important improvements, new
features and bugfixes".
Full Story (comments: none)
Version 0.0.89 of libnetfilter_conntrack has been announced.
" libnetfilter_conntrack is a userspace library providing a programming
interface (API) to the in-kernel connection tracking state table.
This release includes new features and minor fixes."
Full Story (comments: none)
Version 0.0.33 of libnfnetlink has been announced.
" The netfilter project proudly presents libnfnetlink 0.0.33. This release
includes minor bugfixes and updates. Changelog attached.
libnfnetlink is the low-level library for netfilter related
kernel/userspace communication."
Full Story (comments: none)
Web Site Development
Version 1.4.19 of
lighttpd,
a light-weight web server, has been announced.
" It has been almost half a year since 1.4.18. 6months. Jan has been working on many interesting features for 1.5. [1] Currently he ports it to glib2.
But back to 1.4.19. Yes again the release date was nailed down by a few security bugs. *cough* Nevertheless we got a ton of other nice bugfixes. All praise our new lighttpd hero Stefan Bühler. Big thank you from my side."
Comments (none posted)
Desktop Applications
Animation Software
Version 0.61.08 of Synfig, a vector-based 2D animation package,
has been released.
" Synfig version 0.61.08 was released on March 3rd 2008. It is the result
of several months of contributions by the free software community. It
has security fixes, far fewer bugs, several usability enhancements, a few
new features and other improvements."
Full Story (comments: none)
The March 10, 2008 edition of the
Synfig Irregular News
covers the latest news from the Synfig 2D vector animation studio project.
Full Story (comments: none)
Audio Applications
Version 0.9.8.5 of the Snd-ls audio editor and version 0.1.1 of San Dysth,
a software synthesizer, are out.
Full Story (comments: none)
Desktop Environments
GNOME 2.22 is out, right on schedule. There's a lot of new stuff in this
release, including the "cheese" photo application, more 3D effects, a new
virtual filesystem layer, Flash playback with swfdec, a remote desktop
viewer, and much more; see the release
notes for details and screenshots.
Full Story (comments: 17)
The following new GNOME software has been announced this week:
- Accerciser 1.2.0 (bug fixes and translation work)
- Alacarte 0.11.5 (bug fix and translation work)
- Anjuta DevStudio 2.4.0 (bug fixes and translation work)
- atk 1.22.0 (translation work)
- at-spi 1.22.0 (bug fix and translation work)
- cairomm 1.4.8 (bug fixes)
- cairomm 1.5.0 (unstable release, bug fixes)
- cheese 2.22.0 (bug fixes, documentation and translation work)
- Deskbar-Applet 2.22.0 (bug fixes and translation work)
- Deskbar-Applet 2.22.1 (bug fix)
- Ekiga 2.0.12 (new feature, bug fixes and translation work)
- Empathy 0.22.0 (new feature, bug fixes and translation work)
- Epiphany Extensions 2.22.0 (Compatibility change for Epiphany 2.22.0)
- Evince 2.22.0 (bug fixes and translation work)
- Evolution 2.22 (new features and bug fixes)
- Eye of GNOME 2.22.0 (new features, bug fixes and translation work)
- fast-user-switch-applet 2.22.0 (translation work)
- gail 1.22.0 (translation work)
- gcalctool 5.22.0 (bug fixes and translation work)
- gdl 0.7.11 (translation work)
- GDM2 2.20.4 (bug fixes and translation work)
- Glade 3.4.3 (bug fixes)
- GLib 2.16.1 (bug fixes)
- glibmm 2.16.0 (new features)
- gnome-applets 2.22.0 (new features, bug fixes, documentation and translation work)
- gnome-build 0.2.4 (translation work)
- gnome-control-center 2.22.0 (bug fixes and translation work)
- Gnome Games 2.22.0 (bug fixes and translation work)
- gnome-keyring 2.22.0 (new features, bug fixes and translation work)
- gnome-main-menu 0.9.9 (initial public upstream release)
- gnome-phone-manager 0.50 (bug fixes)
- GNOME Power Manager 2.22.0 (code branched)
- Gnome Scan 0.6 (bug fixes and translation work)
- gnome-settings-daemon 2.22.0 (bug fixes and translation work)
- Gnumeric 1.8.2 (bug fixes)
- GTK+ 2.12.9 (bug fixes)
- Gtk2-Perl 2.22.0 (new features and bug fixes)
- libgee 0.1.2 (new features and bug fixes)
- libxklavier 3.5 (bug fixes)
- metacity 2.22.0 (translation work)
- metacity 2.23.2 (code cleanup)
- mousetweaks 2.22.0 (translation work)
- Orca v2.22.0 (bug fixes and translation work)
- Pango-1.20.0 (new features)
- Rarian 0.8.0 (code cleanup and optimization)
- Seahorse 2.22.0 (new features, bug fixes and translation work)
- Tomboy 0.10.0 (new features, bug fixes and translation work)
- Yelp 2.22.0 (bug fixes and translation work)
- Zenity 2.22.0 (documentation translation work)
You can find more new GNOME software releases at
gnomefiles.org.
Comments (2 posted)
KDE.News takes a look
at KDE 4.0.2.
" KDE 4.0.2 has, along with the bugfixes some new features in Plasma. The panel can now be configured to sit somewhere else than at the bottom and UI options for changing its size have been added. Do not let yourself be distracted by those new things, there are also plenty of bugfixes, performance improvements and translation updates in there, among which support for two new languages: Persian and Icelandic. KDE 4.0.2 is thus available in 49 whopping languages, and more are soon to come."
Comments (none posted)
The following new KDE software has been announced this week:
You can find more new KDE software releases at
kde-apps.org.
Comments (none posted)
The following new Xorg software has been announced this week:
More information can be found on the
X.Org Foundation wiki.
Comments (none posted)
Educational Software
Version 5.5.0 of FET has been
announced.
" FET is free timetabling software for schools, high-schools and universities. Scheduling is done automatically."
Comments (none posted)
Electronics
Stable version 3.4.28 of
XCircuit,
an electronic schematic capture application, is out with numerous
enhancements.
Comments (none posted)
GUI Packages
Version 1.1.8rc2 of FLTK has been
announced.
Changes include:
" documentation fixes,
updated included image and compression libraries to their current releases
fixed fl_read_image issue on X11."
Comments (none posted)
Interoperability
Version 0.9.57 of Wine has been
announced.
Changes include:
Support for multiple OpenGL pixel formats.
Improved support for color profiles.
Many window management fixes.
Better fullscreen support.
Lots of bug fixes.
Comments (none posted)
Multimedia
Version 3.5 of Elisa has been announced.
" Elisa is a project to create an open source cross platform media
center solution. While our primary development and deployment platform
is GNU/Linux and Unix operating systems we also currently support
MacOSX and also hope to support Microsoft Windows in the future. In
addition to personal video recorder functionality (PVR) and Music
Jukebox support, Elisa will also interoperate with devices following
the DLNA standard like Intel's ViiV systems.
Elisa uses Twisted and GStreamer."
Full Story (comments: none)
Office Suites
The OpenOffice.org project has announced that, as of the first
OpenOffice.org 3.0 beta release, that software will be licensed under
version 3 of the GNU LGPL. " This move forward is the natural evolutionary step to take for a codebase
using a license from the FSF license family. The drafting process for the
license involved substantial FOSS community input and we will benefit from
this work. In particular, the new license includes additional protections
for the community against software patents." The contributor
agreement for OOo is also changing.
Full Story (comments: 9)
Video Applications
The Schrödinger project has announced the availability of the 1.0 version of the Dirac video codec. " Schrödinger core is implemented in ANSI C with further assembly level optimisations provided through the liboil optimisation library. The Schrödinger decoding and encoding components offer a stable ABI for developers which will enable easy integration of Dirac support for application and media framework developers. The Schrödinger project also includes a set of GStreamer plugins as an example of how to use the Schrödinger library in a modern multimedia framework."
(thanks to Timo Jyrinki)
Comments (18 posted)
Gnash 0.8.2 - deemed the first beta release - is available. " Gnash is a GPL'd SWF movie player and browser plugin for
Firefox, Mozilla, and Konqueror. Gnash supports many SWF v7
features and ActionScript 2 classes. with growing support for SWF v8
and v9." There is a long list of improvements made since the alpha
release; click below for details.
Full Story (comments: 21)
Web Browsers
"Pavlov" has posted a detailed look at what was done to reduce memory usage in Firefox 3. " Another fantastic change from Alfred Kayser changed the way we store animated GIFs so that they take up a lot less memory. We now store the animated frames as 8bit data along with a palette rather than storing them as 32 bits per pixel. This savings can be huge for large animations. One extreme example from the bug showed us drop from using 368MB down to 108MB savings of 260MB!"
Comments (17 posted)
MozillaZine has
announced the availability of the Beta 4 release of
Mozilla Firefox 3.
" Mozilla Firefox 3 Beta 4 has been released for testing. The fourth beta of the next major Firefox version offers over 900 bug fixes over Beta 3, including improvements in download manager, full page zoom, better integration with Vista, Mac OS X and Linux, and significant improvements in speed and memory usage."
Comments (none posted)
Languages and Tools
C
Version 4.3.0 of the Gnu Compiler Collection (GCC) is out.
" GCC 4.3.0 is a major release, containing substantial new functionality
not available in GCC 4.2.x or previous GCC releases."
See the article
GCC 4.3.0 exposes a kernel bug
for a discussion of an issue raised by the x86 direction flag (DF).
Full Story (comments: none)
C#
Novell has sent out a press release on the availability of MonoDevelop 1.0 and the Mono 2.0 beta release. " MonoDevelop enables
developers to quickly write desktop and ASP.NET Web applications on Linux
and Mac OS X. MonoDevelop will make it easier for developers to port .NET
applications created with Visual Studio to Linux and Mac OS X and to
maintain a single code base for all three platforms."
Comments (3 posted)
Caml
The March 11, 2008 edition of the Caml Weekly News
is out with new articles about the Caml language.
Full Story (comments: none)
Haskell
The March 09, 2008 edition of the
Haskell Weekly News
is online. Nearly 100 new and updated libraries and tools have been released, along with new jobs, and Haskell.org's participation in the Google Summer of Code project.
Comments (none posted)
HTML
Version 1.0 of CSSBox has been
announced. The software description states:
" An (X)HTML/CSS rendering engine written in pure Java. Its primary purpose is to provide a complete information about the rendered page suitable for further processing. However, it also allows displaying the rendered document.
The 1.0 version of the CSSBox rendering engine has been released. It contains a new block width computation algorithm, many improvements and bugfixes."
Comments (none posted)
Java
Version 0.0.1 of Avian has been
announced, it includes major bug fixes.
" Avian is a lightweight virtual machine and class library, both written from scratch to provide a useful subset of Java's features. It's well-suited to cross-platform applications which need a typesafe language but must remain small and self-contained."
(Thanks to Joel Dice).
Comments (none posted)
Version 0.97.1 of GNU Classpath has been announced.
" We are proud to announce the release of GNU Classpath 0.97.1, the
first bugfix release for GNU Classpath 0.97.
GNU Classpath, essential libraries for java, is a project to create
free core class libraries for use with runtimes, compilers and tools
for the java programming language."
Full Story (comments: none)
Perl
The February 24-29, 2008 edition of
This Week on perl5-porters is out with the latest Perl 5 news.
Comments (none posted)
Python
Version 0.7.5 of CodeInvestigator, a tracing tool for Python programs,
has been announced. Changes include new Firefox support and a bug fix.
Full Story (comments: none)
The March 10, 2008 edition of the Python-URL! is online with
a new collection of Python article links.
Full Story (comments: none)
Tcl/Tk
The March 5, 2008 edition of the Tcl-URL! is online with new
Tcl/Tk articles and resources.
Full Story (comments: none)
Cross Compilers
Version 2.8.0 RC1 of SDCC,
the Small Device C Compiler, has been announced.
This version adds many new capabilities and some bug fixes.
" SDCC is a retargettable, optimizing ANSI - C compiler that targets the Intel 8051, Maxim 80DS390, Zilog Z80 and the Motorola 68HC08 based MCUs. Work is in progress on supporting the Microchip PIC16 and PIC18 series. SDCC is Free Open Source Software, distributed under GNU General Public License (GPL)."
Comments (none posted)
Editors
ActiveState has announced
that its "Komodo Edit" utility is now available under any of the MPL, GPL,
or LGPL. " Komodo Edit, based on the award-winning Komodo IDE, offers
sophisticated support for all major scripting languages, including in-depth
autocomplete and calltips, multi-language file support, syntax coloring and
syntax checking, Vi emulation, and Emacs key bindings."
Comments (8 posted)
Libraries
The first release of UnitsC++ has been
announced.
" UnitsC++ is a lightweight C++ library that lets you use unit objects for performing type-safe numerical calculations involving physical units. It 1) is easy to use, 2) results in very readable code, 3) is easy to change to fit your needs.
UnitsC++ targets scientists and engineers writing code in C++ that performs numerical calculations."
Comments (none posted)
Version Control
Version 1.5.4.4 of the GIT distributed version control system is out
with numerous enhancements and bug fixes.
Full Story (comments: none)
Page editor: Forrest Cook
Linux in the news
Recommended Reading
Intranet Journal covers
10 hurdles for Linux on the desktop. " In the past, many desktop
Linux users have opted to simply point to the hardware industry or
Microsoft as the root cause of a lack of mainstream adoption. In reality,
there are actually core issues extending beyond hardware -- and competition
from the proprietary markets -- that simply must be dealt with head on.
With that said, hardware compatibility and competition from closed-source
vendors are valid issues, just not solid core excuses for the lack of
mainstream interest. Here are the real hurdles..."
Comments (6 posted)
Over at Datamation, Bruce Byfield has a thoughtful piece about Linux and world domination. " At its most basic, free software is about helping users gain control of their computers so that they can participate unhindered in the digital conversations of the networks and the Internet. It's about installing software freely, rather than being dictated to by the manufacturer. It's about using your computer the way that you want, instead of ceding control to lock-down devices installed by software vendors without permission on your machine."
Comments (38 posted)
Trade Shows and Conferences
KDE was present at CeBIT 2008
in Hannover. " Thanks to our great community the KDE booth was always
very well staffed, both by experienced KDE contributors and our friends in
the Fedora community, but also by users who volunteered and so made their
first-time contributions to the KDE world. It's nice to see such
enthusiastic new contributors coming to KDE!"
Comments (none posted)
Miguel de Icaza spoke
out against Microsoft at the MIX 08 conference. " Open-source
pioneer and Novell Vice President Miguel de Icaza Thursday for the first
time publicly slammed his company's cross-patent licensing agreement with
Microsoft as he defended himself against lack of patent protection for
third parties that distribute his company's Moonlight project, which ports
Microsoft's Silverlight technology to Linux."
Comments (76 posted)
Companies
BetaNews
covers the planned launch of Nero Linux 3.5
" During the CeBIT computer show in Hannover, Germany, Nero announced plans to launch Nero Linux 3.5, which now promises to run on Linux subnotebooks with smaller screen resolutions.
Although there are several different options for Linux users wanting to create CDs or DVDs, Nero Linux is different because it offers users the ability to back up Blu-ray and HD DVD content easily. Further, the GUI in the Linux version is very similar to the one used in Windows."
Comments (none posted)
Linux-Watch
covers
Red Hat's hiring of two intellectual property lawyers.
" It's a sign of the times when a major open-source company makes a big deal of hiring not top developers, but top lawyers. On March 5, Red Hat announced that it is hiring top intellectual property attorneys Robert Tiller, as vice president and assistant general counsel, and Richard Fontana, as open-source licensing and patent counsel."
Comments (1 posted)
This press
release has some mixed messages. On the one hand: " Computers
that run the Linux operating system instead of Microsoft Corp.'s Windows
didn't attract enough attention from Wal-Mart customers, and the chain has
stopped selling them in stores, a spokeswoman said Monday." But
this report goes on to say that " Walmart.com now carries an updated
version, the gPC2, also for $199, without a monitor. The site also sells a
tiny Linux-driven laptop, the Everex CloudBook, for $399."
Comments (26 posted)
Linux Adoption
IT Business Canada looks at Linux in the small-medium business (SMB) market. It is a huge market that is being targeted by many proprietary and free software vendors with Linux making some headway. " Rupani adds that other cost savings associated with open source include using Linux servers in a variety of roles such as file server and Web server. In addition, Linux servers can service a large number of users at no extra cost apart from the additional hardware."
Comments (none posted)
Linux at Work
ZDNet
reports on a Linux-based live CD that can analyze
computers used in criminal activities.
" Called Simple (Simple Image Preview Live Environment), the software allows investigators to view and acquire forensic data at the scene of the crime without compromising the integrity of data as it is collected.
"It's a Linux Live CD that we have built from the ground up. We customised the kernel and the underlying operating system so that, when it runs, it's incapable of writing to the hard disk or any other storage," Peter Hannay, the software developer behind the forensic acquisition tool, told ZDNet.com.au."
Comments (14 posted)
Resources
ZDNet India has some tips on securing /tmp and friends on Linux. " One problem with directories meant to store temporary files is that they can often be targeted as places to store bots and rootkits that compromise the system. This is because in most cases, anyone (or any process) can write to these directories."
Comments (22 posted)
Miscellaneous
Laptop Magazine is reporting two interesting things about the OLPC. The first is that contrary to other reports, Nicholas Negroponte is not looking to "replace" himself, but is looking for a CEO for the company. The second is that Windows XP will be available for the XO soon. " 'Microsoft and OLPC are in discussion on how to release it, as well as how to announce,' he said. Negroponte added that the Windows operating system should be available on the XO in less than 60 days." (seen on OLPC News)
Comments (8 posted)
SearchEnterpriseLinux.com
looks at the Samba 4 release schedule.
" Are you curious about Samba 4, the ambitious new version of the open source program that provides an interface between Linux and Unix print and file servers and Microsoft Windows clients? As of last month, version 4.0.0alpha2 is available for download, and Samba team authentication developer Andrew Bartlett is encouraging others to play around with the release and report the findings."
Comments (none posted)
Page editor: Forrest Cook
Announcements
Non-Commercial announcements
The Software Freedom Law Center has sent out a press release on the settlement of another BusyBox GPL-infringement lawsuit. " As a result of the plaintiffs agreeing to dismiss the lawsuit and reinstate High-Gain Antennas' rights to distribute BusyBox under the GPL, High-Gain Antennas has agreed to appoint an Open Source Compliance Officer within its organization to monitor and ensure GPL compliance, to publish the source code for the version of BusyBox it previously distributed on its Web site, and to undertake substantial efforts to notify previous recipients of BusyBox from High-Gain Antennas of their rights to the software under the GPL. The settlement also includes an undisclosed amount of financial consideration paid by High-Gain Antennas to the plaintiffs."
Comments (45 posted)
The GNOME Foundation has released an annual report as a
rather slickly-produced PDF file. " We have completed our
original goal. Ten years ago, GNU/Linux distributions did not include a free
and usable web browser. Ten years ago, using only free software,
you could not do graphic design and illustration, you could not
balance your checkbook, you could not download pictures from
your camera to the computer, you could not do phone calls over
the Internet, you could not create a spreadsheet with pie charts, and
you could not plug a USB drive into your computer and expect it to
'just work'. Okay, USB sticks didn't exist ten years ago, but you get
the idea."
Full Story (comments: 23)
MozillaZine has
announced the participation of the Mozilla project in the
Google Summer of Code 2008.
" Gervase Markham wrote in to inform us that Mozilla intends to participate in Google Summer of Code 2008 as a mentoring organization. Gerv's weblog post calls on interested people to submit proposals at the Brainstorming page at mozilla wiki."
Comments (none posted)
The OpenOffice.org office suite project has announced license change
and a new contributor agreement.
" The license for code is changing from the early LGPL v 2.1 to 3.0
effective the Beta of OpenOffice.org 3.0. (The actual date of this
beta has not been finalized.)
The Joint Copyright Assignment form (JCA) is being replaced by the
Sun Microsystems Inc. Contributor Agreement (SCA). This change is
effective immediately with this announcement."
Full Story (comments: none)
The Free Software Foundation Europe has announced a petition that
calls for open standards in the European Parliament.
" At a time when the EU Commission investigates the anti-competitive
behaviour of a market-dominant player, the European Parliament (EP)
still imposes that same specific software choice on both the European
Union's citizens and its own MEPs. OpenForum Europe, The European
Software Market Association, and the Free Software Foundation Europe
today launched a petition to call on the EP to use Open Standards so
that all citizens can participate in the democratic process."
Full Story (comments: none)
The Software Freedom Law Center has posted a position paper on Microsoft's recently-announced "Open Specification Promise" and how it relates to free software. " In response to these requests for clarification, we publicly conclude that the OSP provides no assurance to GPL developers and that it is unsafe to rely upon the OSP for any free software implementation, whether under the GPL or another free software license."
Comments (6 posted)
Commercial announcements
Funambol has
announced new Code Sniper projects.
" Code Sniper is Funambol's community program that rewards developers
with monetary bounties to work on open source projects that benefit mobile
users around the globe. This new slate of Code Sniper projects ranges from
syncing pictures of friends on social networks to the address book on a
mobile phone, to making it easy to invite your mobile contacts to join your
favorite social network. All of the apps developed as part of Code Sniper
are made freely available under standard open source licensing."
Comments (none posted)
ActiveState has announced Komodo IDE 4.3.
" After an award-winning major release a year ago, ActiveState's
Komodo IDE continues its evolution with major new features and improvements in Komodo IDE 4.3,
released today. The integrated development environment (IDE) for dynamic languages added powerful
Find in Project and Replace in Files features, new Unit Testing integration, improved Source Code
Control, and an Abbreviation feature in addition to performance improvements."
Full Story (comments: none)
Microsoft Corp. has
announced their Document Interoperability Initiative.
" Microsoft Corp.
today announced the launch of its Document Interoperability Initiative,
which is aimed at promoting user choice among document formats and expanded
opportunity for developers, partners and competitors. The launch of this
initiative is an important step in Microsoft's commitment to implement a
set of strategic changes in its technology and business practices to expand
interoperability through the implementation of its interoperability
principles. The Document Interoperability Initiative focuses on bringing
vendors together to promote interoperability between document format
implementations through testing and refining those implementations,
creation of format implementation test suites, and the creation of
templates designed for optimal interoperability between different formats."
Comments (3 posted)
New Books
O'Reilly has published the book ScreenOS Cookbook
by Stefan Brunner, Vik Davar, David Delcourt, Ken Draper, Joe Kelly and
Sunil Wadhwa.
Full Story (comments: none)
SitePoint has published the book The Ultimate CSS Reference
by Tommy Olssen and Paul O'Brien.
Full Story (comments: none)
Resources
OpenCollector.org
has announced
a paper [pdf] on the clean room design practice for reverse engineering
hardware.
" Wade D. Peterson of Silicore (the people who created the free Wishbone SOC architecture) has written a major new paper on clean room design practice, full of detail on the legal aspects of reverse engineering and practical methods for separating copyright and patent governed aspects of a design, essential for creating open and interoperable designs."
Comments (none posted)
Contests and Awards
Bjarne Stroustrup has received a Dr. Dobb's Excellence in Programming Award.
" 2008-Best-selling author Bjarne Stroustrup, inventor of C++ and author of
the Addison-Wesley title The C++ Programming Language, was presented with the Dr. Dobb's Journal
Excellence in Programming Award at the SD West conference on Wednesday. The award acknowledges
significant achievements in object-oriented programming, software architecture, and modeling."
Full Story (comments: none)
Meeting Minutes
The minutes are available from the March 6, 2008
GNOME Summer of Code meeting.
" Present:
Adam Schreiber
Buddhika Laknath Semage
Christian Kellner
Gabriel Burt
Johannes Schmid
Lucas Rocha
Marco Barisione
Rob Taylor
Sandy Armstrong
Vincent Untz".
Full Story (comments: none)
Calls for Presentations
A
call for presentations has gone out for the
Flash Memory Summit 2008. The event takes place in Santa Clara, CA
on August 12-14, 2008. The submission deadline is April 25.
Comments (none posted)
The LinuxWorld conference is looking for Birds of a Feather (BOF) session proposals as well as free software projects to exhibit in the .org pavilion. The conference is being held August 4-7 at the Moscone Center in San Francisco. The deadline for .org pavilion applications is April 11, while BOF proposals need to be in by May 5. Click below for more information.
Full Story (comments: 1)
Upcoming Events
SDForum has
announced the Global Open Source Conference, which takes place on
March 24, 2008 in San Francisco, CA.
" Speakers at the event will
discuss the opportunities for open source software companies and developersthanks to government initiatives using open source, as well as sharinglearning lessons and successes from around the world.
"Open source has quickly changed the global software industry," said
Don Brown of Atlassian Software Systems, a speaker at the event. "A huge
demand has arisen for open source companies worldwide as more governments
enforce policies mandating open source and international markets continue
to open.""
Comments (none posted)
GoOOoCon 2008 will take place in Prague, Czech Republic on April 10-13, 2008.
" The Novell team thought that, what with the next OOoCon being in
Beijing and the cost of travel there (etc.) and of course the broad
focus of that conference; that it would be good to have a very
hacker-focused event in Europe. So, we're inviting all hyper-technical
people (with or without long hair) to join the Novell go-oo team for
part of their annual team face-to-face in Prague."
Full Story (comments: none)
The KVM developer forum 2008 has been announced.
" The KVM Forum 2008 will also give developers an opportunity to update
the community on the work that they are doing and coordinate efforts for
the betterment of KVM and Linux virtualization.
Please reserve these dates, the event will take on June 11th - 13th, at
Marriot Napa Valley, California, USA. For those of you who want to get
there earlier, we will be holding a reception cocktail on June 10th
evening time. The registration web site will be up shortly as will the
call for papers".
Full Story (comments: none)
The Linux Foundation has announced the speakers for its 2nd Annual Linux
Foundation Collaboration Summit." The Collaboration Summit is designed
to accelerate collaboration and problem solving in the Linux community by
bringing key stakeholders together in a neutral setting. While there are a
variety of industry and developer conferences, the LF Collaboration Summit
is the only one to combine participation from developers, users, vendors,
ISVs, attorneys and C-level executives to tackle the most pressing issues
facing Linux." The summit takes place April 8 - 10, 2008 at the UT
Super Computing Center in Austin, TX.
Full Story (comments: none)
Registration
is open
for PTPW 2008.
" Registration and payment for the Portuguese Perl Workshop is finally open. Seats for the workshop and for the training classes are limited, so grab yours soon. Workshop seats: 100."
Comments (none posted)
PyCon 2008 begins on March 13.
" PyCon 2008 kicks off Thursday, March 13 at the Crowne Plaza Chicago
O'Hare Hotel featuring talks and tutorials from Caltech, Google, Lockheed Martin, Microsoft, One
Laptop per Child, Red Hat, and the University of California, Berkeley. Organized by the Python
Software Foundation, and staffed entirely by volunteers, this annual community conference boasts
more than double the number of tutorials compared to 2007."
Full Story (comments: none)
Mailing Lists
A new
OLPC-Health mailing list has been created.
Full Story (comments: none)
Web sites
MacForge.net
has been launched.
" MacTech(r) Magazine announced
today that its MacForge(tm) Mac open source project index now has over
50,000 projects. In 2005, MacForge.net was created for not only the
experienced open source user, but to introduce the Mac technical community
to the wonderful array of projects available."
Full Story (comments: none)
Audio and Video programs
Videos from the Linux.conf.au 2008 Gaming Miniconf are available.
" There where loads of interesting talks, so
if you where silly enough to not be there, you can now get in on the
fun. Find out about a program which makes games from children's crayon
drawings. Listen to how FOSS is being used to teach the next generation
of game developers and find out how FOSS is being used in Australian
commercial game companies. Don't forget to view the pyglet pinata
session for the coolest live coding session you have ever seen (Space
Invaders in under 40 minutes). Even Rusty Russell, our favourite kernel
hacker turned game developer, makes an appearance with Pong Hero!"
Full Story (comments: none)
Page editor: Forrest Cook
|
|
|