|
|
| |
|
| |
LWN.net Weekly Edition for March 20, 2008
By Jake Edge March 19, 2008
Things are heating up in the Python world in advance of two major
synchronized releases of the language. As it heads towards Python 3000
(aka Py3k or Python 3.0), alongside the transitional version 2.6, the development team is narrowing its focus to
just those items that are required for the releases. Along the way, the
conversations taking place on python-devel provide a look inside the
development and release process decisions that a project needs to make as
releases loom.
Py3k is the next-generation version of Python, as we described last September. It
will not be backward compatible with programs written for Python 2.x in a
wide variety of ways. Python 2.6 is an effort to bridge the gap, enabling
much of the 3.0 functionality so that new programs can start using it. It
can
also provide warnings for code that will not work with Py3k.
Python 2.6 was originally scheduled for an April 2008 release, in advance of the August
2008 release planned for Py3k. Now the two are slated for synchronized
releases, roughly monthly, until the final release now scheduled for early
September 2008. The synchronization is seen as important for two reasons
as Python's Benevolent Dictator For Life (BDFL) Guido van Rossum outlines:
Not only could
this potentially save the release manager and his assistants some
time, doing the final releases together sends a clear signal to the
community that both versions will receive equal support.
Because Py3k is such a radical change, the 2.x series will continue for a
long time. van Rossum's recent PyCon keynote (PDF
slides) mentions five years as the time frame for 2.6 to be supported,
with 2.7 and 2.8 releases possible. A stable development platform for the
next few years is very
important for current Python users as is giving them a long time to migrate their
code.
The third alpha of Py3k was released at the end of February along with the first
alpha of 2.6. Additional alpha releases of each are slated for April and
May as laid out in Python Enhancement Proposal
(PEP) 361. Those are to be followed by betas in June and July with the
final release planned for September 3. All of that adds up to a fairly
aggressive schedule, but the team seems confident—at least so far.
One of the issues that the Python hackers are trying to figure out is how
to track the items still left to be done. van Rossum describes the scope
of the
problem:
In order to make such a tight release schedule we should try to come
up with a list of tasks that need to be done, and prioritize them.
This should include documentation, and supporting tools like 2to3. It
should include features, backports of features, cleanup, bugs, and
whatever else needs to be done (e.g. bugbot maintenance).
No one had any major objections to van Rossum's suggestion of using the bug tracker to track the tasks, with
Christian Heimes pointing out:
Despite the url bugs.python.org it's an issue tracker and not a bug
tracker. We track patches, feature requests, ideas and bugs in the same
tracker.
The bug tracker allows for different priorities to be set on bugs (or
tasks) that are entered into it, which led van Rossum and others to wonder
about the proper usage of that field. One of the problems is
distinguishing between issues that must be addressed before the next
release versus those that must be addressed sometime before the final
release. In some sense, both are "critical" and "show-stopping" (depending
on which show you are focused on). Brett Cannon reported the scheme they came up
with:
So "release blocker" blocks a release. "Critical" could very easily
block a release, but not the current one. "High" issues should be
addressed, but won't block anything. "Normal" is normal. And "low" is
for spelling errors and such.
This can elevate bugs that are relatively minor, but need to be handled
before a final release, into a category that inflates their importance.
But, not elevating the bugs can lead to them incorrectly being set aside
for a later release. van Rossum wondered about this bug priority
"inflation", but it
is the way that 2.6/3.0 release manager Barry Warsaw wants to handle things:
Critical is the right one to use.
Neal and I will basically be moving
issues between 'release blocker' and 'critical' with the former
meaning this issue blocks the upcoming release.
Other projects or project managers might make different decisions on how to
handle bug priorities, but the important thing is to make a reasonable
decision quickly. Once that was done, the tasks were added to the tracker
and could be prioritized correctly within the framework and without a lot of hand-wringing about
which way is "best". It is an important skill for project managers of all
kinds to learn.
Things are progressing rapidly on python-devel these days—not
surprising with two major releases due in less than six months. There is a lot
of work to be done, but the Python hackers aren't shrinking from those
tasks. In addition, the team has also been able to change their processes as
needed to support their tight schedule. With hard work and a bit of
luck that should put Py3k and its 2.6 sibling on our development machines
by autumn.
Comments (6 posted)
By Jonathan Corbet March 18, 2008
The Debian project is known for its public brawls, but the truth of the
matter is that the Debian developers have not lived up to that reputation
in recent years. The recent outburst over the attempted "semi-hijacking"
of the dpkg maintainership shows that Debian still knows how to run a flame
war, though. It also raises some interesting issues on how packages should
be maintained, how derivative distributions work with their upstream
versions, and what moral rights, if any, a program's initial author retains
years later.
Dpkg, of course, is the low-level package management tool used by
Debian-based distributions; it is the direct counterpart to the RPM tool
used by many other systems. Like RPM, it is a crucial component in that it
determines how systems will be managed - and how much hair administrators
will lose in the process. And, like RPM, it apparently causes a certain
sort of instability in those who work with it for too long.
Ian Jackson wrote dpkg back in 1993, but, by the time a few years had passed,
Ian had moved on to other projects. In recent times, though, he
has come back to working on dpkg - but for Ubuntu, not for the Debian
project directly. One of his largest projects has been the triggers
feature, which enables one package to respond to events involving other
packages in the system. This feature, which is similar to the RPM
capability by the same name, can help the system as a whole maintain
consistency as the package mix changes; it can also speed up package
installations. Triggers have been merged into Ubuntu's dpkg and are
currently being used by that distribution.
The upstream version of dpkg shipped by Debian does not have trigger
support, though, and one might wonder why. If one listens to Ian's side of
the story, the merging of
triggers has been pointlessly (perhaps even maliciously) blocked for
several months by Guillem Jover, the current Debian dpkg maintainer. So
Ian concluded that the only way to get triggers into Debian in time for the
next release ("lenny") was to carry out a
"semi-hijack" of the dpkg package. By semi-hijack, Ian meant that he
intended to displace Guillem while leaving in place the other developers
working on dpkg, who were encouraged to "please carry on with your
existing working practices."
Ian also proceeded to upload a version of dpkg with trigger support, and
without a number of other recently-added changes. It is worth noting that
all of this work went into a separate repository branch, pending a final
resolution of the matter. So when the upload was rejected (as it was) and
Ian was deprived of his commit privileges (as he was), there was no real
mess to clean up.
Those wanting a detailed history of this conflict can find it in this posting from Anthony Towns. It is a long
story, and your editor will only be able to look at parts of it.
One of the relevant issues here is that Guillem Jover appears to be a busy
developer who has not had as much time to maintain dpkg as is really
needed. Since the beginning of the year, he has orphaned a number of other
packages (directfb and bmv, for example) in order to spend more time on
dpkg. But, as a result of time constraints, a number of dpkg patches have
languished for too long.
While this was happening, Guillem put a fair amount of the time he did have
into reformatting the dpkg code and making a number of other low-level
changes, such as replacing zero constants with NULL. Ian
disagrees strongly with the reformatting and such - unsurprisingly, the
original code was in his preferred style.
And this is where a lot of the conflict comes in, at two different levels.
Ian disagrees with the coding style changes in general, saying:
Everyone who works on free software knows that reformatting it is a
no-no. You work with the coding style that's already there.
Many developers will disagree on the value of code reformatting; some
projects (the kernel, for example) see quite a bit of it. Judicious
cleaning-up of code can help with its long-term maintainability. All will
agree, though, that reformatting can make it harder to merge large changes
which were made against the code before the reformatting was done. This
appears to be a big part of Ian's complaint: unnecessary (to him) churn in
the dpkg code base makes it hard for him to maintain his trigger patches in
a condition where they can be merged.
Code churn is a part of the problem, but Ian's merge difficulties are also
a result of doing the trigger work in the Ubuntu tree rather than in Debian
directly. Ian did try to
unify things back in August, but that was after committing Ubuntu to
the modified code. Ubuntu's dpkg is currently significantly different from
Debian's version, and, while one assumes that, sooner or later, Debian will
acquire the trigger functionality, there is no real assurance that things
will go that way. Dpkg has been forked, for now, and the prospects for a
subsequent join are uncertain.
Ian also asserts that, as the creator of dpkg, he is entitled to
special consideration when it comes to the future of that package. His
semi-hijack announcement makes that point twice. But one of the key features
of free software is this: when you release code under a free license,
you give up some control. It seems pretty clear that Ian has long since lost
control over dpkg in Debian.
So who does control this package, and how will this issue be resolved?
Certainly Ian's hijack attempt found little sympathy, even among those who
think that dpkg has not been well maintained recently. There are some who
say that the disagreement should be taken to the Debian technical committee, which
is empowered to resolve technical disputes between developers. But faith
in this committee appears to be at a low point, as can be seen in this recent proposal to change how it is selected:
It's been pretty dysfunctional since forever, there's not much
that can be done internally to improve things, and since it's
almost entirely self-appointed and has no oversight whatsoever the
only way to change things externally is constitutional change.
Meanwhile, the discussion has gone quiet, suggesting that, perhaps, it has
been moved to a private venue. The dpkg commit
log, as of this writing, shows that changes are being merged, but
triggers are not among them. It is hard to imagine that the project will
fail to find a way to get the triggers feature merged and the maintenance
issues resolved, but that does not appear to have happened yet.
Comments (102 posted)
March 19, 2008
This article was contributed by Andrew Fife
On Saturday March 1st, Untangle and the Alameda County Computer
Resource Center (ACCRC) organized the first of what is hoped to be many
"Installfest for Schools" events. It took place at four San Francisco Bay area
locations (San Francisco, Berkeley, San Mateo and Novato) and refurbished
350 older computers with Ubuntu for northern California schools.
The primary goal of the installfest was to give children in
disadvantaged neighborhoods the same access to technology that students in
wealthy school districts grow up with. However, the event was also about
curbing waste. 132 million PCs were bought in the year 2000 alone and none
of them can run Vista. But older hardware works great with GNU/Linux and
extending the life of these PCs will keep thousands of tons of toxic
electronic waste out of the landfill. And let's not forget about budgetary
waste. With many states facing budget crises that will inevitably force
deeper classroom spending cutbacks, why should our schools to spend their
scarce resources on proprietary software licenses? In fact, cutbacks may
create an incredible window of opportunity for the GNU/Linux desktop
movement to establish itself within schools.
The installfest drew approximately 130 free and open source software community
volunteers across the four locations. We started with over 1,000 older,
discarded computers that had been collected by ACCRC through donations
from the general public, local businesses and municipal governments. Some
of the computers were smooth sailing: they met the hardware specification, had all
of the necessary components and installed without any problems. Other
computers had software install problems, but those were easy to solve
because so many of the Bay Area's most hardcore free and open source software gurus participated
and with their combined expertise, no error message went unattended to.
The rest of the computers required a little more care, as many of them were
missing a hard drive, NIC or enough RAM to run Ubuntu. Yet, by
disassembling problematic boxes it was easy to form a pool of spare parts that
could then be stitched back together to create working computers. The week
after the installfest, ACCRC put the finished systems through a 72-hour
burn-in test and we now have 350 computers that have already started being
donated to schools.
The Ascend School in Oakland received the first batch of nine computers.
Other schools that have received open source computers from the ACCRC
include:
- Lockwood School (Oakland)
- Whittier Elementary School (Oakland)
- Casa Grande High School (Petaluma)
- Woodside Elementary School (Concord)
- KIPP San Francisco Bay Academy (San Francisco)
- Mission High School (San Francisco)
This event was about donating open source computers to schools in Northern
California. However, ACCRC regularly donates to schools nationwide
(and sometimes internationally). Schools in need of computers should fill
out ACCRC's school
application form [PDF].
Computer hardware and software specifications
The minimum specifications for each computer were an 800mhz processor (PIII or AMD),
256MB Ram and a 20 GB hard drive, but we were pleasantly surprised to find a
handful of P4 processors in the mix as well. One location even received a
batch of 6 dual core systems with elegant slim cases—who throws those out
and what else are they looking to get rid of?—but ironically we couldn't
install them during the event because they were only equipped with DMS-59
DVI ports that required special monitor cables.
Each system received a fresh copy of Ubuntu 7.10 desktop with the latest
apt-get upgrade applied as of February 27, 2008. Because the computers
were going into schools with little or no GNU/Linux expertise, it was
important to try and create a positive first experience so we worked with
Creative Commons to package samples of pictures from Flickr and music
from Jamendo to show off the fun side of the donated computers. No
Starch Press also donated PDF copies of Ubuntu for non-Geeks that were
loaded on to each computer so that help for common support questions was never
more than a click away.
Install specifications
Each location was set up with 10 to 40 workstations that had permanent
keyboards, mice, monitors and cables so that the volunteers only had to
move the desktops themselves back and forth. The process was started by
booting from custom install CDs and the packages were applied over the
network via apache http web servers. The custom CDs were optimized to make
the Ubuntu OS installation as fast and easy as possible. Physically
placing the CD into the drive and booting from disc was really all that was
required because the additional content from Creative Commons and No Starch
Press were bundled as Debian packages that were automatically installed via
the network just like the other Ubuntu updates and patches.
The installfest networks were based on dual Pentium III servers with a RAID array and Gigabit network cards plugged into a 24-port Gigabit
switch. It was important to have a fast setup because updating as many as
40 systems at once placed a heavy load on drives and network connections.
Electricity was also a concern as most of the outlets available had 15 or
20 Amp circuits. Given the intensity of the installation/reboot workload
and the relatively power inefficient CRT monitors, we drew the line at 5
workstations per 15 Amp circuit because an extra machine might have fit,
but blowing the circuit breaker would have caused a big
disruption—especially if the breaker happened to be in a locked closet.
Community goes the extra mile
With 130 volunteers showing up, Untangle and ACCRC really had a lot of help
in pulling the Installfest for Schools off. However, the community did far
more than just show up, our volunteers really went the extra mile to save
the day on as we stumbled across a handful of unexpected hiccups. One
particularly inspirational moment was when the San Mateo location ran out
of computers, our volunteers drove their own cars across the Bay to pickup
extra hardware rather than close the location early! We also owe a debt of
gratitude to 3 members of the San Francisco Linux Users' Group (Christian
Einfeldt, Jim Stockford and Daniel Mizyrycki), who worked long hours to set up
and clean up that location.
We also received lots of help from free and open source software related
organizations. Mozilla in
particular really stepped up to the plate by blogging about the event and then
bringing schwag and pizza for all 130 volunteers! But Mozilla wanted to
get their hands dirty as well and Mozilla team members showed up to lend a
hand at each location. Creative Commons and the No Starch Press helped
put together content. Also, O'Reilly,
OSI, the Linux Foundation, Sun and
Canonical really helped get the word out with supportive blog mentions that
encouraged participation as well.
Future plans
Moving forward, Untangle and ACCRC hope to continue organizing bigger
and better Installfests for Schools. Our goal is to turn the one-time
regional event into a distributed national event occurring on a regular
basis. If we're able to find some friendly organizations to help out,
we may even be able to go international. Stay tuned because you'll be
hearing from us sooner rather than later about the next Installfest for
Schools.
Anyone wishing to help should stay informed by signing up for the
installfest mailing list. As we move more into a distributed
national event, we need all of the help that we can get identifying local
schools, old computer donors and feet on the street volunteers to make sure
everything goes smoothly. That work will be coordinated on the mailing list.
[ Andrew Fife, of Untangle, is one of the organizers of the project. ]
Comments (6 posted)
Page editor: Jonathan Corbet
Security
By Jake Edge March 19, 2008
Perhaps someday it will be considered discrimination against a sentient,
but these days a way to distinguish between programs and humans is required
for many web-based applications. Keeping spambots from posting comments in
weblogs or other bots from signing up for a web service are two of the most
common applications for separating humans and bots. As has often been the
case in the past, though, when the stakes are high enough, attackers will
find ways to circumvent barriers like this.
The most common means of testing for humans in web site sign-ups and the
like is a CAPTCHA
(Completely Automated Public Turing test to tell Computers and Humans
Apart). Typically these are images that contain some text that has been
mangled so that it is still recognizable by humans, but not by
programs—at least that is the theory. Variations on the theme
include asking math or "common sense" questions that programs
will supposedly not be able to figure out—more likely no
attacker has had enough interest breaking them. Serious CAPTCHAs
tend to use images that can be created on the fly, giving nearly infinite
variety.
Some of the most sophisticated CAPTCHAs are those used by various free web
mail services: Hotmail, Yahoo, and Gmail. These services provide quite a
bit of storage that might be of use to an attacker, but they also lend
their reputation to mail that gets sent from those accounts. Domains like
yahoo.com and gmail.com are very unlikely to be blacklisted. Mail coming
from those domains may also score lower in various spam testing rules,
which may be exactly what an attacker is looking for.
Various techniques have been tried in the past to circumvent CAPTCHAs, with
the most successful ones using humans. It seems that many folks will
happily solve
CAPTCHAs in order to view pornography or for cash.
Over the last year, though, CAPTCHA-breaking programs have started to appear.
In a very
detailed report, Websense presents evidence that Gmail's CAPTCHA has
been cracked. Earlier reports indicate that attackers have cracked
Yahoo, Windows Live, and Hotmail CAPTCHAs as well. Cracked does not mean
100% success rate—humans cannot even achieve that—it just needs
to work often enough to provide the attackers with the accounts they want.
These programs use some image processing and optical character recognition
(OCR) techniques to decipher the puzzle, removing humans from the equation
entirely. Typical success rates are in the 20-35% range. For attackers
with botnets available to spread out the work, this could yield an amazing
number of accounts in relatively short order.
CAPTCHAs have a number of bad characteristics: they are annoying to most
and unusable by those who are visually impaired. Yet they are pervasive.
Alternate techniques using audio have so far been found wanting; a more
interesting method is Asirra from Microsoft
Research.
Asirra uses 3 million images of dogs and cats from animal shelters that
have been categorized. The test then shows a dozen random
images from the database and asks the "human" to select all the cat
photos. This would seem much more difficult for a program to handle. The
picture database would need regular updates to thwart attackers just
collecting all the images and doing their own categorization—perhaps with
help from porn viewers or poor folk. Also,
computer recognition systems will someday be able to recognize dogs and cats.
It is a difficult problem to solve, but one that needs to be addressed.
Systems like OpenID are not
enough—it is not what they were designed for—as there is nothing stopping bots from having
OpenIDs. Some mechanism that would allow reputation or trust to accumulate on a
given ID might help prove that its holder is a human—or at least a
well-behaved bot. Designing a reputation service that is decentralized will also be difficult, but it is the right direction for
solving these kinds of problems.
Comments (17 posted)
Brief items
CERT is working put put together a set of secure coding standards -
essentially a long set of rules on how to avoid common mistakes which can
create security vulnerabilities. The standard for C is headed for a 1.0
release around mid-April. Before that happens, CERT is asking for one last
round of comments; see the
associated web site for more information.
Full Story (comments: 27)
New vulnerabilities
backup-manager: password disclosure
| Package(s): | backup-manager |
CVE #(s): | CVE-2007-4656
|
| Created: | March 17, 2008 |
Updated: | March 19, 2008 |
| Description: |
From the Debian advisory:
Micha Lenk discovered that backup-manager, a command-line backup tool,
sends the password as a command line argument when calling a FTP client,
which may allow a local attacker to read this password (which provides
access to all backed-up files) from the process listing.
|
| Alerts: |
|
Comments (none posted)
cups: heap overflow
| Package(s): | cups |
CVE #(s): | CVE-2008-0047
|
| Created: | March 19, 2008 |
Updated: | October 16, 2008 |
| Description: |
The cups package suffers from a heap overflow vulnerability in the cgiCompileSearch() function. This vulnerability could be exploited remotely if the print server shares printers over the network. |
| Alerts: |
|
Comments (none posted)
dovecot: multiple vulnerabilities
| Package(s): | dovecot |
CVE #(s): | CVE-2008-1199
CVE-2008-1218
|
| Created: | March 13, 2008 |
Updated: | October 7, 2008 |
| Description: |
From the Fedora alert:
CVE-2008-1199 If Dovecot was configured with mail_extra_groups = mail, users
having shell access to IMAP server could use this flaw to read, modify or delete
mails of other users stored in inbox files in /var/mail. /var/mail directory is
mail-group writable and user inbox files are by default created by useradd with
permission 660, <user>:mail. No mail_extra_groups is set by default, hence
default Fedora configuration was not affected by this problem. If your
configuration sets mail_extra_groups, see new options mail_privileged_group and
mail_access_groups introduced in Dovecot 1.0.11. (mail_extra_groups is still
accepted, but is deprecated now)
CVE-2008-1218 On Dovecot versions 1.0.11
and newer, it was possible to gain password-less login via passwords with tab
characters, which were not filtered properly. Dovecot versions in Fedora were
not affected by this unauthorized login flaw, but only by a related minor memory
leak in dovecot-auth worker process. |
| Alerts: |
|
Comments (none posted)
horde3: file execution and disclosure via directory traversal
| Package(s): | horde3 |
CVE #(s): | CVE-2008-1284
|
| Created: | March 17, 2008 |
Updated: | May 6, 2008 |
| Description: |
From the CVE entry:
Directory traversal vulnerability in Horde 3.1.6, Groupware before 1.0.5, and Groupware Webmail Edition before 1.0.6, when running with certain configurations, allows remote authenticated users to read and execute arbitrary files via ".." sequences and a null byte in the theme name. |
| Alerts: |
|
Comments (none posted)
ikiwiki: cross-site scripting
| Package(s): | ikiwiki |
CVE #(s): | CVE-2008-0808
CVE-2008-0809
|
| Created: | March 18, 2008 |
Updated: | March 19, 2008 |
| Description: |
From the Debian advisory: Josh Triplett discovered that ikiwiki did not block Javascript in URLs, leading to cross-site scripting vulnerabilities. |
| Alerts: |
|
Comments (none posted)
krb5: multiple remote vulnerabilities
| Package(s): | krb5 |
CVE #(s): | CVE-2008-0062
CVE-2008-0063
CVE-2008-0947
|
| Created: | March 19, 2008 |
Updated: | March 25, 2008 |
| Description: |
The "kdc" authentication component, part of the krb5 package, has a number of vulnerabilities, including denial of service, information (secret key) leaks, and, potentially, remote code execution. |
| Alerts: |
|
Comments (none posted)
krb5: double-free flaw
| Package(s): | krb5 |
CVE #(s): | CVE-2007-5971
|
| Created: | March 19, 2008 |
Updated: | May 20, 2010 |
| Description: |
The krb5 GSSAPI library suffers from a double-free flaw which could be exploited to crash applications using that library. |
| Alerts: |
|
Comments (none posted)
krb5: denial of service
| Package(s): | krb5 |
CVE #(s): | CVE-2008-0948
|
| Created: | March 19, 2008 |
Updated: | March 19, 2008 |
| Description: |
From the Red Hat advisory: A flaw was found in the RPC library used by the MIT Kerberos kadmind
server. An unauthenticated remote attacker could use this flaw to crash
kadmind. This issue only affected systems with certain resource limits
configured. |
| Alerts: |
|
Comments (none posted)
ldapscripts: password disclosure
| Package(s): | ldapscripts |
CVE #(s): | CVE-2007-5373
|
| Created: | March 17, 2008 |
Updated: | March 19, 2008 |
| Description: |
From the Debian advisory:
Don Armstrong discovered that ldapscripts, a suite of tools to manipulate
user accounts in LDAP, sends the password as a command line argument when
calling LDAP programs, which may allow a local attacker to read this password
from the process listing.
|
| Alerts: |
|
Comments (none posted)
lighttpd: information disclosure
| Package(s): | lighttpd |
CVE #(s): | CVE-2008-1270
|
| Created: | March 13, 2008 |
Updated: | April 10, 2008 |
| Description: |
From the Mitre advisory:
mod_userdir in lighttpd 1.4.18 and earlier, when userdir.path is not set, uses a default of $HOME, which might allow remote attackers to read arbitrary files, as demonstrated by accessing the ~nobody directory. |
| Alerts: |
|
Comments (none posted)
LIVE555 Media Server: denial of service
| Package(s): | live |
CVE #(s): | CVE-2007-6036
|
| Created: | March 14, 2008 |
Updated: | March 19, 2008 |
| Description: |
From the Gentoo advisory: Luigi Auriemma reported a signedness error in the
parseRTSPRequestString() function when processing short RTSP queries. A remote attacker could send a specially crafted RTSP query to the
vulnerable server, resulting in a crash. |
| Alerts: |
|
Comments (none posted)
phpMyAdmin: cross-site scripting
| Package(s): | phpMyAdmin |
CVE #(s): | CVE-2007-6100
|
| Created: | March 14, 2008 |
Updated: | March 19, 2008 |
| Description: |
Cross-site scripting (XSS) vulnerability in libraries/auth/cookie.auth.lib.php in phpMyAdmin before 2.11.2.2, when logins are authenticated with the cookie auth_type, allows remote attackers to inject arbitrary web script or HTML via the convcharset parameter to index.php, a different vulnerability than CVE-2005-0992. |
| Alerts: |
|
Comments (none posted)
roundup: unspecified vulnerability
| Package(s): | roundup |
CVE #(s): | CVE-2008-1474
|
| Created: | March 13, 2008 |
Updated: | May 28, 2008 |
| Description: |
Roundup suffers from a failure to properly escape HTML input, creating a cross-site scripting vulnerability. |
| Alerts: |
|
Comments (none posted)
sarg: arbitrary code execution
| Package(s): | sarg |
CVE #(s): | CVE-2008-1167
CVE-2008-1168
|
| Created: | March 13, 2008 |
Updated: | March 28, 2008 |
| Description: |
From the Gentoo alert:
Sarg is vulnerable to the execution of arbitrary code when processed
with untrusted input files.
Sarg (Squid Analysis Report Generator) is a tool that provides many
informations about the Squid web proxy server users activities: time,
sites, traffic, etc. |
| Alerts: |
|
Comments (none posted)
silc-toolkit: stack-based buffer overflow
| Package(s): | silc-toolkit |
CVE #(s): | CVE-2008-1227
|
| Created: | March 14, 2008 |
Updated: | July 31, 2008 |
| Description: |
Stack-based buffer overflow in the silc_fingerprint function in lib/silcutil/silcutil.c in Secure Internet Live Conferencing (SILC) Toolkit 1.1.5, and unspecified earlier versions, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via long input data. NOTE: some of these details are obtained from third party information. |
| Alerts: |
|
Comments (none posted)
smarty: arbitrary code execution via crafted search string
| Package(s): | smarty |
CVE #(s): | CVE-2008-1066
|
| Created: | March 17, 2008 |
Updated: | November 14, 2011 |
| Description: |
From the Debian advisory:
It was discovered that the regex module in Smarty, a PHP templating engine,
allows attackers to call arbitrary PHP functions via templates using the
regex_replace plugin by a specially crafted search string.
|
| Alerts: |
|
Comments (none posted)
unzip: arbitrary code execution
| Package(s): | unzip |
CVE #(s): | CVE-2008-0888
|
| Created: | March 18, 2008 |
Updated: | April 7, 2008 |
| Description: |
From the Debian advisory: Tavis Ormandy discovered that unzip, when processing specially crafted ZIP archives, could pass invalid pointers to the C library's free routine, potentially leading to arbitrary code execution. |
| Alerts: |
|
Comments (none posted)
xine-lib: buffer overflow
| Package(s): | xine |
CVE #(s): | CVE-2008-1161
|
| Created: | March 14, 2008 |
Updated: | August 21, 2008 |
| Description: |
Buffer overflow in the Matroska demuxer (demuxers/demux_matroska.c) in xine-lib before 1.1.10 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code or via a Matroska file with invalid frame sizes. |
| Alerts: |
|
Comments (none posted)
Updated vulnerabilities
acroread: multiple vulnerabilities
| Package(s): | acroread |
CVE #(s): | CVE-2006-5857
CVE-2007-0045
CVE-2007-0046
|
| Created: | January 11, 2007 |
Updated: | October 26, 2009 |
| Description: |
Adobes acrobat reader has the following vulnerabilities:
The Adobe Reader Plugin has a cross site scripting vulnerability that
can be triggered by processes malformed URLs. Arbitrary JavaScript can
be served by a malicious web server, leading to a cross-site scripting
attack.
Maliciously crafted PDF files can be used to trigger two vulnerabilities,
if an attacker can trick a user into viewing the files, arbitrary code
can be executed with the user's privileges. |
| Alerts: |
|
Comments (1 posted)
apache: cross-site scripting
| Package(s): | apache |
CVE #(s): | CVE-2006-3918
|
| Created: | August 9, 2006 |
Updated: | April 4, 2008 |
| Description: |
From the Red Hat advisory: "A bug was found in Apache where an invalid Expect header sent to the server
was returned to the user in an unescaped error message. This could
allow an attacker to perform a cross-site scripting attack if a victim was
tricked into connecting to a site and sending a carefully crafted Expect
header." |
| Alerts: |
|
Comments (none posted)
apache: several vulnerabilities
| Package(s): | apache |
CVE #(s): | CVE-2007-5000
CVE-2007-6388
CVE-2008-0005
|
| Created: | January 15, 2008 |
Updated: | July 29, 2008 |
| Description: |
A flaw was found in the mod_imap module. On sites where mod_imap was
enabled and an imagemap file was publicly available, a cross-site scripting
attack was possible. (CVE-2007-5000)
A flaw was found in the mod_status module. On sites where mod_status was
enabled and the status pages were publicly available, a cross-site
scripting attack was possible. (CVE-2007-6388)
A flaw was found in the mod_proxy_ftp module. On sites where mod_proxy_ftp
was enabled and a forward proxy was configured, a cross-site scripting
attack was possible against Web browsers which did not correctly derive the
response character set following the rules in RFC 2616. (CVE-2008-0005) |
| Alerts: |
|
Comments (1 posted)
asterisk: possible SQL injection
| Package(s): | asterisk |
CVE #(s): | CVE-2007-6170
|
| Created: | December 3, 2007 |
Updated: | April 15, 2008 |
| Description: |
Tilghman Lesher discovered that the logging engine of Asterisk, a free
software PBX and telephony toolkit, performs insufficient sanitizing of
call-related data, which may lead to SQL injection. |
| Alerts: |
|
Comments (none posted)
audacity: insecure tmpfile handling
| Package(s): | audacity |
CVE #(s): | CVE-2007-6061
|
| Created: | March 3, 2008 |
Updated: | May 12, 2008 |
| Description: |
From the Gentoo advisory:
Viktor Griph reported that the "AudacityApp::OnInit()" method in file
src/AudacityApp.cpp does not handle temporary files properly.
A local attacker could exploit this vulnerability to conduct symlink
attacks to delete arbitrary files and directories with the privileges
of the user running Audacity.
|
| Alerts: |
|
Comments (none posted)
avahi: denial of service
| Package(s): | avahi |
CVE #(s): | CVE-2007-3372
|
| Created: | June 28, 2007 |
Updated: | December 23, 2008 |
| Description: |
Avahi is vulnerable to a local denial of service that can be caused by
making an erroneous call to the assert() function. |
| Alerts: |
|
Comments (none posted)
bind: insecure permissions
| Package(s): | bind |
CVE #(s): | CVE-2007-6283
|
| Created: | December 21, 2007 |
Updated: | July 10, 2008 |
| Description: |
Red Hat Enterprise Linux 5 and Fedora install the Bind /etc/rndc.key file
with world-readable permissions, which allows local users to perform
unauthorized named commands, such as causing a denial of service by
stopping named. |
| Alerts: |
|
Comments (1 posted)
bind: off-by-one error
| Package(s): | bind |
CVE #(s): | CVE-2008-0122
|
| Created: | January 22, 2008 |
Updated: | July 10, 2008 |
| Description: |
Off-by-one error in the inet_network function in libc in FreeBSD 6.2, 6.3,
and 7.0-PRERELEASE and earlier allows context-dependent attackers to cause
a denial of service (crash) and possibly execute arbitrary code via crafted
input that triggers memory corruption. |
| Alerts: |
|
Comments (none posted)
boost: denial of service
| Package(s): | boost |
CVE #(s): | CVE-2008-0171
CVE-2008-0172
|
| Created: | January 17, 2008 |
Updated: | March 22, 2012 |
| Description: |
From the Ubuntu alert:
Will Drewry and Tavis Ormandy discovered that the boost library
did not properly perform input validation on regular expressions.
An attacker could send a specially crafted regular expression to
an application linked against boost and cause a denial of service
via application crash. |
| Alerts: |
|
Comments (none posted)
cacti: multiple vulnerabilities
| Package(s): | cacti |
CVE #(s): | CVE-2008-0783
CVE-2008-0784
CVE-2008-0785
CVE-2008-0786
|
| Created: | February 28, 2008 |
Updated: | July 16, 2008 |
| Description: |
From the Mandriva alert:
A number of vulnerabilities were found in the Cacti program, including
XSS vulnerabilities, SQL injection vulnerabilities, CRLF injection
vulnerabilities, and information disclosure vulnerabilities. |
| Alerts: |
|
Comments (none posted)
cacti: denial of service
| Package(s): | cacti |
CVE #(s): | CVE-2007-3112
CVE-2007-3113
|
| Created: | September 18, 2007 |
Updated: | December 16, 2009 |
| Description: |
A vulnerability in Cacti 0.8.6i and earlier versions allows remote
authenticated users to cause a denial of service (CPU consumption) via
large values of the graph_start, graph_end, graph_height, or graph_width
parameters. |
| Alerts: |
|
Comments (none posted)
cairo: integer overflow
| Package(s): | Cairo |
CVE #(s): | CVE-2007-5503
|
| Created: | November 29, 2007 |
Updated: | April 10, 2008 |
| Description: |
Cairo has an integer overflow vulnerability in the PNG image processing
code. If a user processes a specially crafted PNG image with an
application that is linked against cairo, arbitrary code can be executed
with the user's privileges. |
| Alerts: |
|
Comments (none posted)
clamav: arbitrary code execution
| Package(s): | clamav |
CVE #(s): | CVE-2008-0318
|
| Created: | February 13, 2008 |
Updated: | April 18, 2008 |
| Description: |
From the CVE:
Integer overflow in libclamav in ClamAV before 0.92.1, as used in clamd, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Petite packed PE file, which triggers a heap-based buffer overflow. |
| Alerts: |
|
Comments (1 posted)
clamav: arbitrary file overwrite
| Package(s): | clamav |
CVE #(s): | CVE-2007-6595
|
| Created: | February 18, 2008 |
Updated: | August 8, 2008 |
| Description: |
From the CVE entry:
ClamAV 0.92 allows local users to overwrite arbitrary files via a symlink attack on (1) temporary files in the cli_gentempfd function in libclamav/others.c or on (2) .ascii files in sigtool, when utf16-decode is enabled. |
| Alerts: |
|
Comments (4 posted)
clamav: heap corruption
| Package(s): | clamav |
CVE #(s): | CVE-2008-0728
|
| Created: | February 22, 2008 |
Updated: | April 18, 2008 |
| Description: |
From the CVE entry: libclamav/mew.c in libclamav in ClamAV before 0.92.1 has unknown impact and attack vectors that trigger "heap corruption." |
| Alerts: |
|
Comments (none posted)
clamav: integer overflow and off-by-one
| Package(s): | clamav |
CVE #(s): | CVE-2007-6335
CVE-2007-6336
|
| Created: | December 19, 2007 |
Updated: | July 17, 2008 |
| Description: |
ClamAV contains integer overflow and off-by-one errors which could be exploited (via specially-crafted email) to execute arbitrary code. |
| Alerts: |
|
Comments (none posted)
cpio: arbitrary code execution
| Package(s): | cpio |
CVE #(s): | CVE-2005-4268
|
| Created: | January 2, 2006 |
Updated: | March 17, 2010 |
| Description: |
Richard Harms discovered that cpio did not sufficiently validate file
properties when creating archives. Files with e. g. a very large size
caused a buffer overflow. By tricking a user or an automatic backup
system into putting a specially crafted file into a cpio archive, a
local attacker could probably exploit this to execute arbitrary code
with the privileges of the target user (which is likely root in an
automatic backup system). |
| Alerts: |
|
Comments (none posted)
vixie-cron: privilege escalation
| Package(s): | cron |
CVE #(s): | CVE-2006-2607
|
| Created: | May 31, 2006 |
Updated: | June 1, 2009 |
| Description: |
The Vixie cron daemon does not check the return code from setuid(); if that call can be made to fail, a local attacker may be able to execute commands as root. |
| Alerts: |
|
Comments (1 posted)
cscope: buffer overflows
| Package(s): | cscope |
CVE #(s): | CVE-2006-4262
|
| Created: | October 2, 2006 |
Updated: | June 16, 2009 |
| Description: |
Will Drewry of the Google Security Team discovered several buffer overflows
in cscope, a source browsing tool, which might lead to the execution of
arbitrary code. |
| Alerts: |
|
Comments (none posted)
cscope: buffer overflows
| Package(s): | cscope |
CVE #(s): | CVE-2004-2541
|
| Created: | May 22, 2006 |
Updated: | June 19, 2009 |
| Description: |
A buffer overflow in Cscope 15.5, and possibly multiple overflows, allows
remote attackers to execute arbitrary code via a C file with a long
#include line that is later browsed by the target. |
| Alerts: |
|
Comments (1 posted)
cups: denial of service
| Package(s): | cups |
CVE #(s): | CVE-2008-0882
|
| Created: | February 22, 2008 |
Updated: | April 3, 2008 |
| Description: |
From the Red Hat advisory: A flaw was found in the way CUPS handles the addition and removal of remote shared printers via IPP. A remote attacker could send malicious UDP IPP packets causing the CUPS daemon to crash. |
| Alerts: |
|
Comments (none posted)
cups: multiple vulnerabilities
Comments (none posted)
dbus: privilege escalation
| Package(s): | dbus |
CVE #(s): | CVE-2008-0595
|
| Created: | February 28, 2008 |
Updated: | October 14, 2008 |
| Description: |
From the Red Hat alert:
Havoc Pennington discovered a flaw in the way the dbus-daemon applies its
security policy. A user with the ability to connect to the dbus-daemon may
be able to execute certain method calls they should normally not have
permission to access. |
| Alerts: |
|
Comments (none posted)
debian-goodies: privilege escalation
| Package(s): | debian-goodies |
CVE #(s): | CVE-2007-3912
|
| Created: | October 5, 2007 |
Updated: | March 24, 2008 |
| Description: |
Thomas de Grenier de Latour discovered that the checkrestart program included
in debian-goodies did not correctly handle shell meta-characters. A local
attacker could exploit this to gain the privileges of the user running
checkrestart. |
| Alerts: |
|
Comments (none posted)
Django: denial of service
| Package(s): | Django |
CVE #(s): | CVE-2007-5712
|
| Created: | November 12, 2007 |
Updated: | September 22, 2008 |
| Description: |
From the CVE notice:
The internationalization (i18n) framework in Django 0.91, 0.95, 0.95.1, and 0.96, and as used in other products such as PyLucid, when the USE_I18N option and the i18n component are enabled, allows remote attackers to cause a denial of service (memory consumption) via many HTTP requests with large Accept-Language headers. |
| Alerts: |
|
Comments (none posted)
dovecot: privilege escalation
| Package(s): | dovecot |
CVE #(s): | CVE-2007-4211
|
| Created: | August 15, 2007 |
Updated: | May 21, 2008 |
| Description: |
From the rPath advisory: "Previous versions of the dovecot package are vulnerable to a
minor privilege escalation attack in which an authenticated
user may exploit an ACL plugin weakness to save message flags
without having proper permissions." |
| Alerts: |
|
Comments (none posted)
dovecot: directory traversal
| Package(s): | dovecot |
CVE #(s): | CVE-2007-2231
|
| Created: | May 8, 2007 |
Updated: | May 21, 2008 |
| Description: |
Directory traversal vulnerability in index/mbox/mbox-storage.c in Dovecot
before 1.0.rc29, when using the zlib plugin, allows remote attackers to
read arbitrary gzipped (.gz) mailboxes (mbox files) via a .. (dot dot)
sequence in the mailbox name. |
| Alerts: |
|
Comments (none posted)
dovecot: multiple vulnerabilities
| Package(s): | dovecot |
CVE #(s): | CVE-2007-6598
|
| Created: | January 3, 2008 |
Updated: | October 7, 2008 |
| Description: |
Dovecot has multiple vulnerabilities including an issue involving the
confusion between LDAP-authenticated logins across users with the
same password and a denial of service involving a connecting user. |
| Alerts: |
|
Comments (none posted)
eggdrop: stack-based buffer overflow
| Package(s): | eggdrop |
CVE #(s): | CVE-2007-2807
|
| Created: | September 7, 2007 |
Updated: | December 8, 2009 |
| Description: |
A stack-based buffer overflow in mod/server.mod/servrmsg.c in Eggdrop
1.6.18, and possibly earlier, allows user-assisted, malicious remote IRC
servers to execute arbitrary code via a long private message. |
| Alerts: |
|
Comments (none posted)
elinks: code execution
| Package(s): | elinks |
CVE #(s): | CVE-2007-2027
|
| Created: | May 7, 2007 |
Updated: | October 30, 2009 |
| Description: |
Arnaud Giersch discovered that elinks incorrectly attempted to load
gettext catalogs from a relative path. If a user were tricked into
running elinks from a specific directory, a local attacker could execute
code with user privileges. |
| Alerts: |
|
Comments (none posted)
elinks: arbitrary file access
| Package(s): | elinks |
CVE #(s): | CVE-2006-5925
|
| Created: | November 16, 2006 |
Updated: | October 22, 2009 |
| Description: |
The elinks text-mode browser has an arbitrary file access vulnerability
in the Elinks SMB protocol handler. If a user can be tricked into
visiting a specially crafted web page, arbitrary files may be read or
written with the user's permissions. |
| Alerts: |
|
Comments (none posted)
emacs: buffer overflow
| Package(s): | emacs |
CVE #(s): | CVE-2007-6109
|
| Created: | December 10, 2007 |
Updated: | May 6, 2008 |
| Description: |
From the National Vulnerability Database:
Buffer overflow in emacs allows attackers to have an unknown impact, as demonstrated via a vector involving the command line. |
| Alerts: |
|
Comments (none posted)
evolution: format string vulnerability
| Package(s): | evolution |
CVE #(s): | CVE-2008-0072
|
| Created: | March 5, 2008 |
Updated: | May 28, 2008 |
| Description: |
The encrypted mail display code in evolution suffers from a format string vulnerability which could be exploited by way of a specially crafted email message. |
| Alerts: |
|
Comments (none posted)
pop mail man-in-the-middle attacks
| Package(s): | evolution thunderbird mutt fetchmail |
CVE #(s): | CVE-2007-1558
|
| Created: | May 8, 2007 |
Updated: | July 3, 2009 |
| Description: |
The APOP protocol allows remote attackers to guess the first 3 characters
of a password via man-in-the-middle (MITM) attacks that use crafted message
IDs and MD5 collisions. NOTE: this design-level issue potentially affects
all products that use APOP, including (1) Thunderbird, (2) Evolution, (3)
mutt, and (4) fetchmail. |
| Alerts: |
|
Comments (none posted)
exiftags: multiple vulnerabilities
| Package(s): | exiftags |
CVE #(s): | CVE-2007-6354
CVE-2007-6355
CVE-2007-6356
|
| Created: | December 31, 2007 |
Updated: | April 1, 2008 |
| Description: |
From the Gentoo advisory: Meder Kydyraliev (Google Security) discovered that Exif metadata is not
properly sanitized before being processed, resulting in illegal memory
access in the postprop() and other functions (CVE-2007-6354). He also
discovered integer overflow vulnerabilities in the parsetag() and other
functions (CVE-2007-6355) and an infinite recursion in the readifds()
function caused by recursive IFD references (CVE-2007-6356). |
| Alerts: |
|
Comments (none posted)
exiv2: integer overflow
| Package(s): | exiv2 |
CVE #(s): | CVE-2007-6353
|
| Created: | December 21, 2007 |
Updated: | October 15, 2008 |
| Description: |
Integer overflow in exif.cpp in exiv2 library allows context-dependent attackers to execute arbitrary code via a crafted EXIF file that triggers a heap-based buffer overflow. |
| Alerts: |
|
Comments (none posted)
fetchmail: denial of service
| Package(s): | fetchmail |
CVE #(s): | CVE-2007-4565
|
| Created: | September 5, 2007 |
Updated: | October 30, 2009 |
| Description: |
fetchmail before 6.3.9 allows context-dependent attackers to cause a denial of service (NULL dereference and application crash) by refusing certain warning messages that are sent over SMTP. |
| Alerts: |
|
Comments (none posted)
firebird: multiple vulnerabilities
| Package(s): | firebird |
CVE #(s): | CVE-2008-0387
CVE-2008-0467
|
| Created: | March 3, 2008 |
Updated: | March 27, 2008 |
| Description: |
From the Gentoo advisory:
Firebird does not properly handle certain types of XDR requests,
resulting in an integer overflow (CVE-2008-0387). Furthermore, it is
vulnerable to a buffer overflow when processing usernames
(CVE-2008-0467).
A remote attacker could send specially crafted XDR requests or an
overly long username to the vulnerable server, possibly resulting in
the remote execution of arbitrary code with the privileges of the user
running the application.
|
| Alerts: |
|
Comments (none posted)
firebird: buffer overflow
| Package(s): | firebird |
CVE #(s): | CVE-2007-3181
|
| Created: | July 2, 2007 |
Updated: | March 27, 2008 |
| Description: |
The Firebird DBMS has a buffer overflow vulnerability involving
the processing of connect requests with an overly large p_cnct_count
value. Remote attackers can send a specially crafted
request to the server in order to potentially execute arbitrary code with
the permissions of the Firebird user. |
| Alerts: |
|
Comments (none posted)
firefox: multiple vulnerabilities
| Package(s): | firefox |
CVE #(s): | CVE-2008-0414
CVE-2008-0416
CVE-2008-0420
CVE-2008-0594
|
| Created: | February 8, 2008 |
Updated: | May 21, 2008 |
| Description: |
From the Ubuntu advisory:
Flaws were discovered in the file upload form control. A malicious
website could force arbitrary files from the user's computer to be
uploaded without consent. (CVE-2008-0414)
Various flaws were discovered in character encoding handling. If a
user were ticked into opening a malicious web page, an attacker
could perform cross-site scripting attacks. (CVE-2008-0416)
Flaws were discovered in the BMP decoder. By tricking a user into
opening a specially crafted BMP file, an attacker could obtain
sensitive information. (CVE-2008-0420)
Emil Ljungdahl and Lars-Olof Moilanen discovered that a web forgery
warning dialog wasn't displayed under certain circumstances. A
malicious website could exploit this to conduct phishing attacks
against the user. (CVE-2008-0594)
|
| Alerts: |
|
Comments (none posted)
firefox: multiple vulnerabilities
| Package(s): | firefox seamonkey thunderbird |
CVE #(s): | CVE-2008-0412
CVE-2008-0413
CVE-2008-0415
CVE-2008-0417
CVE-2008-0418
CVE-2008-0419
CVE-2008-0591
CVE-2008-0592
CVE-2008-0593
|
| Created: | February 8, 2008 |
Updated: | May 21, 2008 |
| Description: |
From the Red Hat advisory:
Several flaws were found in the way Firefox processed certain malformed web
content. A webpage containing malicious content could cause Firefox to
crash, or potentially execute arbitrary code as the user running Firefox.
(CVE-2008-0412, CVE-2008-0413, CVE-2008-0415, CVE-2008-0419)
Several flaws were found in the way Firefox displayed malformed web
content. A webpage containing specially-crafted content could trick a user
into surrendering sensitive information. (CVE-2008-0591, CVE-2008-0593)
A flaw was found in the way Firefox stored password data. If a user saves
login information for a malicious website, it could be possible to corrupt
the password database, preventing the user from properly accessing saved
password data. (CVE-2008-0417)
A flaw was found in the way Firefox handles certain chrome URLs. If a user
has certain extensions installed, it could allow a malicious website to
steal sensitive session data. Note: this flaw does not affect a default
installation of Firefox. (CVE-2008-0418)
A flaw was found in the way Firefox saves certain text files. If a
website offers a file of type "plain/text", rather than "text/plain",
Firefox will not show future "text/plain" content to the user in the
browser, forcing them to save those files locally to view the content.
(CVE-2008-0592)
|
| Alerts: |
|
Comments (2 posted)
firefox, thunderbird, seamonkey: multiple vulnerabilities
| Package(s): | firefox, thunderbird, seamonkey |
CVE #(s): | CVE-2007-3738
CVE-2007-3656
CVE-2007-3670
CVE-2007-3285
CVE-2007-3737
CVE-2007-3089
CVE-2007-3736
CVE-2007-3734
CVE-2007-3735
|
| Created: | July 18, 2007 |
Updated: | May 12, 2008 |
| Description: |
shutdown and moz_bug_r_a4 reported two separate ways to modify an
XPCNativeWrapper such that subsequent access by the browser would result in
executing user-supplied code. (CVE-2007-3738)
Michal Zalewski reported that it was possible to bypass the same-origin
checks and read from cached (wyciwyg) documents It is possible to access
wyciwyg:// documents without proper same domain policy checks through the
use of HTTP 302 redirects. This enables the attacker to steal sensitive
data displayed on dynamically generated pages; perform cache poisoning; and
execute own code or display own content with URL bar and SSL certificate
data of the attacked page (URL spoofing++). (CVE-2007-3656)
Internet Explorer calls registered URL protocols without escaping quotes
and may be used to pass unexpected and potentially dangerous data to the
application that registers that URL Protocol. (CVE-2007-3670)
Ronald van den Heetkamp reported that a filename URL containing %00
(encoded null) can cause Firefox to interpret the file extension
differently than the underlying Windows operating system potentially
leading to unsafe actions such as running a program. This is only
accessible locally. (CVE-2007-3285)
An attacker can use an element outside of a document to call an event
handler allowing content to run arbitrary code with chrome
privileges. (CVE-2007-3737)
Ronen Zilberman and Michal Zalewski both reported that it was possible to
exploit a timing issue to inject content into about:blank frames in a
page. When opening a window from a script, it is possible to spoof the
content of the newly opened window's frames within a short time frame,
while the window is loading. (CVE-2007-3089)
Mozilla contributor moz_bug_r_a4 demonstrated that the methods
addEventListener and setTimeout could be used to inject script into another
site in violation of the browser's same-origin policy. This could be used
to access or modify private or valuable information from that other
site. (CVE-2007-3736)
As part of the Firefox 2.0.0.5 update releases Mozilla developers fixed
many bugs to improve the stability of the product. Some of these crashes
that showed evidence of memory corruption under certain circumstances and
we presume that with enough effort at least some of these could be
exploited to run arbitrary code. Note: Thunderbird shares the browser
engine with Firefox and could be vulnerable if JavaScript were to be
enabled in mail. This is not the default setting and we strongly discourage
users from running JavaScript in mail. Without further investigation we
cannot rule out the possibility that for some of these an attacker might be
able to prepare memory for exploitation through some means other than
JavaScript, such as large images. (CVE-2007-3734, CVE-2007-3735) |
| Alerts: |
|
Comments (none posted)
flash-plugin: lots of problems
Comments (3 posted)
freetype: arbitrary code execution
| Package(s): | freetype |
CVE #(s): | CVE-2007-2754
|
| Created: | May 24, 2007 |
Updated: | June 1, 2010 |
| Description: |
The Freetype font rendering library versions 2.3.4 and below
has an integer sign error. Remote attackers may be able to
create a specially crafted TrueType Font file with a negative
n_points value that will cause an integer overflow and heap-based
buffer overflow, allowing the execution of arbitrary code. |
| Alerts: |
|
Comments (none posted)
freetype: integer overflows
| Package(s): | freetype |
CVE #(s): | CVE-2006-0747
CVE-2006-1861
CVE-2006-2493
CVE-2006-2661
CVE-2006-3467
|
| Created: | June 8, 2006 |
Updated: | June 1, 2010 |
| Description: |
The FreeType library has several integer overflow vulnerabilities.
If a user can be tricked into installing a specially
crafted font file, arbitrary code can be executed with the privilege
of the user. |
| Alerts: |
|
Comments (none posted)
gcc: file overwrite vulnerability
| Package(s): | gcc |
CVE #(s): | CVE-2006-3619
|
| Created: | September 6, 2006 |
Updated: | March 14, 2008 |
| Description: |
The fastjar utility found in the GNU compiler collection does not perform adequate file path checking, allowing the creation or overwriting of files outside of the current directory tree. |
| Alerts: |
|
Comments (none posted)
gd: buffer overflow
| Package(s): | gd |
CVE #(s): | CVE-2007-0455
|
| Created: | February 7, 2007 |
Updated: | November 18, 2009 |
| Description: |
The gd graphics library contains a buffer overflow which could enable a remote attacker to execute arbitrary code. Note that various other packages include code from gd and could also be vulnerable. |
| Alerts: |
|
Comments (2 posted)
gd: multiple vulnerabilities
| Package(s): | gd |
CVE #(s): | CVE-2007-3472
CVE-2007-3473
CVE-2007-3474
CVE-2007-3475
CVE-2007-3476
CVE-2007-3477
CVE-2007-3478
|
| Created: | August 6, 2007 |
Updated: | November 6, 2009 |
| Description: |
Integer overflow in gdImageCreateTrueColor function in the GD Graphics
Library (libgd) before 2.0.35 allows user-assisted remote attackers
to have unspecified remote attack vectors and impact. (CVE-2007-3472)
The gdImageCreateXbm function in the GD Graphics Library (libgd)
before 2.0.35 allows user-assisted remote attackers to cause a denial
of service (crash) via unspecified vectors involving a gdImageCreate
failure. (CVE-2007-3473)
Multiple unspecified vulnerabilities in the GIF reader in the
GD Graphics Library (libgd) before 2.0.35 allow user-assisted
remote attackers to have unspecified attack vectors and
impact. (CVE-2007-3474)
The GD Graphics Library (libgd) before 2.0.35 allows user-assisted
remote attackers to cause a denial of service (crash) via a GIF image
that has no global color map. (CVE-2007-3475)
Array index error in gd_gif_in.c in the GD Graphics Library (libgd)
before 2.0.35 allows user-assisted remote attackers to cause
a denial of service (crash and heap corruption) via large color
index values in crafted image data, which results in a segmentation
fault. (CVE-2007-3476)
The (a) imagearc and (b) imagefilledarc functions in GD Graphics
Library (libgd) before 2.0.35 allows attackers to cause a denial
of service (CPU consumption) via a large (1) start or (2) end angle
degree value. (CVE-2007-3477)
Race condition in gdImageStringFTEx (gdft_draw_bitmap) in gdft.c in the
GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote
attackers to cause a denial of service (crash) via unspecified vectors,
possibly involving truetype font (TTF) support. (CVE-2007-3478) |
| Alerts: |
|
Comments (none posted)
gedit: format string vulnerability
| Package(s): | gedit |
CVE #(s): | CAN-2005-1686
|
| Created: | June 9, 2005 |
Updated: | February 5, 2009 |
| Description: |
A format string vulnerability has been discovered in gedit. Calling
the program with specially crafted file names caused a buffer
overflow, which could be exploited to execute arbitrary code with the
privileges of the gedit user. |
| Alerts: |
|
Comments (1 posted)
ghostscript: buffer overflow
| Package(s): | ghostscript gs |
CVE #(s): | CVE-2008-0411
|
| Created: | February 27, 2008 |
Updated: | April 10, 2008 |
| Description: |
The Ghostscript color-space handling code suffers from a buffer overflow which may be exploitable by way of a specially-crafted postscript file. |
| Alerts: |
|
Comments (none posted)
gnome-screensaver: keyboard lock bypass
| Package(s): | gnome-screensaver |
CVE #(s): | CVE-2007-3920
|
| Created: | October 24, 2007 |
Updated: | October 15, 2009 |
| Description: |
From the Ubuntu advisory:
Jens Askengren discovered that gnome-screensaver became confused when
running under Compiz, and could lose keyboard lock focus. A local
attacker could exploit this to bypass the user's locked screen saver. |
| Alerts: |
|
Comments (none posted)
openssh: inappropriate use of trusted cookies
| Package(s): | gnome-ssh-askpass openssh |
CVE #(s): | CVE-2007-4752
|
| Created: | September 11, 2007 |
Updated: | August 25, 2008 |
| Description: |
OpenSSH in versions prior
4.7 could use a trusted X11 cookie if the creation of an untrusted
cookie failed. |
| Alerts: |
|
Comments (none posted)
gnumeric: arbitrary code execution
| Package(s): | gnumeric |
CVE #(s): | CVE-2008-0668
|
| Created: | February 13, 2008 |
Updated: | August 8, 2008 |
| Description: |
From the CVE:
The excel_read_HLINK function in plugins/excel/ms-excel-read.c in Gnome Office Gnumeric before 1.8.1 allows user-assisted remote attackers to execute arbitrary code via a crafted XLS file containing XLS HLINK opcodes, possibly because of an integer signedness error that leads to an integer overflow. NOTE: some of these details are obtained from third party information. |
| Alerts: |
|
Comments (none posted)
grip: buffer overflow
| Package(s): | grip |
CVE #(s): | CAN-2005-0706
|
| Created: | March 10, 2005 |
Updated: | November 19, 2008 |
| Description: |
Grip, a CD ripper, has a buffer overflow vulnerability that can
occur when the CDDB server returns more than 16 matches. |
| Alerts: |
|
Comments (none posted)
gzip: multiple vulnerabilities
| Package(s): | gzip |
CVE #(s): | CVE-2006-4334
CVE-2006-4335
CVE-2006-4336
CVE-2006-4337
CVE-2006-4338
|
| Created: | September 19, 2006 |
Updated: | January 20, 2010 |
| Description: |
Tavis Ormandy of the Google Security Team discovered two denial of service
flaws in the way gzip expanded archive files. If a victim expanded a
specially crafted archive, it could cause the gzip executable to hang or
crash.
Tavis Ormandy of the Google Security Team discovered several code execution
flaws in the way gzip expanded archive files. If a victim expanded a
specially crafted archive, it could cause the gzip executable to crash or
execute arbitrary code. |
| Alerts: |
|
Comments (1 posted)
horde: arbitrary file inclusion
| Package(s): | horde |
CVE #(s): | |
| Created: | March 13, 2008 |
Updated: | March 19, 2008 |
| Description: |
From the Fedora alert:
Fix arbitrary file inclusion through abuse of the theme preference. |
| Alerts: |
(No alerts in the database for this vulnerability)
|
Comments (none posted)
horde3: remote email deletion
| Package(s): | horde3 |
CVE #(s): | CVE-2007-6018
|
| Created: | January 21, 2008 |
Updated: | March 24, 2009 |
| Description: |
From the Debian advisory:
Ulf Harnhammer discovered that the HTML filter of the Horde web
application framework performed insufficient input sanitising, which
may lead to the deletion of emails if a user is tricked into viewing
a malformed email inside the Imp client. |
| Alerts: |
|
Comments (none posted)
httpd: cross-site scripting, denial of service
| Package(s): | httpd |
CVE #(s): | CVE-2007-6421
CVE-2007-6422
|
| Created: | January 15, 2008 |
Updated: | April 4, 2008 |
| Description: |
A flaw was found in the mod_proxy_balancer module. On sites where
mod_proxy_balancer was enabled, a cross-site scripting attack against an
authorized user was possible. (CVE-2007-6421)
A flaw was found in the mod_proxy_balancer module. On sites where
mod_proxy_balancer was enabled, an authorized user could send a carefully
crafted request that would cause the Apache child process handling that
request to crash. This could lead to a denial of service if using a
threaded Multi-Processing Module. (CVE-2007-6422) |
| Alerts: |
|
Comments (1 posted)
icu: arbitrary code execution
| Package(s): | icu |
CVE #(s): | CVE-2007-4770
CVE-2007-4771
|
| Created: | January 25, 2008 |
Updated: | May 15, 2008 |
| Description: |
From the Red Hat advisory:
Will Drewry reported multiple flaws in the way libicu processed certain
malformed regular expressions. If an application linked against ICU, such
as OpenOffice.org, processed a carefully crafted regular expression, it may
be possible to execute arbitrary code as the user running the application.
|
| Alerts: |
|
Comments (none posted)
imagemagick: multiple vulnerabilities
| Package(s): | imagemagick |
CVE #(s): | CVE-2007-4985
CVE-2007-4986
CVE-2007-4987
CVE-2007-4988
|
| Created: | October 4, 2007 |
Updated: | August 11, 2009 |
| Description: |
The ImageMagick image decoders have multiple vulnerabilities.
If a user can be tricked into processing a specially crafted
DCM, DIB, XBM, XCF, or XWD image, arbitrary code may be executed with
the user's privileges. |
| Alerts: |
|
Comments (none posted)
ImageMagick: integer overflows
| Package(s): | imagemagick |
CVE #(s): | CVE-2007-1797
|
| Created: | April 4, 2007 |
Updated: | August 11, 2009 |
| Description: |
Multiple integer overflows in ImageMagick before 6.3.3-5 allow remote
attackers to execute arbitrary code via (1) a crafted DCM image, which
results in a heap-based overflow in the ReadDCMImage function, or (2) the
(a) colors or (b) comments field in a crafted XWD image, which results in a
heap-based overflow in the ReadXWDImage function, different issues than
CVE-2007-1667. |
| Alerts: |
|
Comments (none posted)
jasper: denial of service
| Package(s): | jasper |
CVE #(s): | CVE-2007-2721
|
| Created: | June 1, 2007 |
Updated: | April 19, 2010 |
| Description: |
The jpc_qcx_getcompparms function in jpc/jpc_cs.c could allow remote
user-assisted attackers to cause a denial of service (crash) and possibly
corrupt the heap via malformed image files. |
| Alerts: |
|
Comments (none posted)
java: multiple vulnerabilities
| Package(s): | java |
CVE #(s): | CVE-2006-4339
CVE-2006-4790
CVE-2006-6731
CVE-2006-6736
CVE-2006-6737
CVE-2006-6745
|
| Created: | January 18, 2007 |
Updated: | June 4, 2010 |
| Description: |
java has multiple vulnerabilities, these include:
an RSA exponent padding attack vulnerability, two vulnerabilities
which allow untrusted applets to access data in other applets,
vulnerabilities that involve applets gaining privileges due to
serialization bugs in the JRE and buffer overflows in the java image
handling routines that can give attackers read/write/execute capabilities
for local files. |
| Alerts: |
|
Comments (1 posted)
java-1.5.0-sun: multiple vulnerabilities
| Package(s): | java-1.5.0-sun |
CVE #(s): | CVE-2007-3503
CVE-2007-3655
CVE-2007-3698
CVE-2007-3922
|
| Created: | August 6, 2007 |
Updated: | June 24, 2008 |
| Description: |
The Javadoc tool was able to generate HTML documentation pages that
contained cross-site scripting (XSS) vulnerabilities. A remote attacker
could use this to inject arbitrary web script or HTML. (CVE-2007-3503)
The Java Web Start URL parsing component contained a buffer overflow
vulnerability within the parsing code for JNLP files. A remote attacker
could create a malicious JNLP file that could trigger this flaw and execute
arbitrary code when opened. (CVE-2007-3655)
The JSSE component did not correctly process SSL/TLS handshake requests. A
remote attacker who is able to connect to a JSSE-based service could
trigger this flaw leading to a denial-of-service. (CVE-2007-3698)
A flaw was found in the applet class loader. An untrusted applet could use
this flaw to circumvent network access restrictions, possibly connecting to
services hosted on the machine that executed the applet. (CVE-2007-3922)
|
| Alerts: |
|
Comments (none posted)
java: multiple vulnerabilities
| Package(s): | java-1.5.0-sun |
CVE #(s): | CVE-2008-1185
CVE-2008-1186
CVE-2008-1187
CVE-2008-1188
CVE-2008-1189
CVE-2008-1190
CVE-2008-1191
CVE-2008-1192
CVE-2008-1193
CVE-2008-1194
CVE-2008-1195
CVE-2008-1196
|
| Created: | March 7, 2008 |
Updated: | July 16, 2008 |
| Description: |
From the Red Hat advisory:
Flaws in the JRE allowed an untrusted application or applet to elevate its
privileges. This could be exploited by a remote attacker to access local
files or execute local applications accessible to the user running the JRE
(CVE-2008-1185, CVE-2008-1186)
A flaw was found in the Java XSLT processing classes. An untrusted
application or applet could cause a denial of service, or execute arbitrary
code with the permissions of the user running the JRE. (CVE-2008-1187)
Several buffer overflow flaws were found in Java Web Start (JWS). An
untrusted JNLP application could access local files or execute local
applications accessible to the user running the JRE.
(CVE-2008-1188, CVE-2008-1189, CVE-2008-1190, CVE-2008-1191, CVE-2008-1196)
A flaw was found in the Java Plug-in. A remote attacker could bypass the
same origin policy, executing arbitrary code with the permissions of the
user running the JRE. (CVE-2008-1192)
A flaw was found in the JRE image parsing libraries. An untrusted
application or applet could cause a denial of service, or possible execute
arbitrary code with the permissions of the user running the JRE.
(CVE-2008-1193)
A flaw was found in the JRE color management library. An untrusted
application or applet could trigger a denial of service (JVM crash).
(CVE-2008-1194)
The JRE allowed untrusted JavaScript code to create local network
connections by the use of Java APIs. A remote attacker could use these
flaws to acesss local network services. (CVE-2008-1195)
|
| Alerts: |
|
Comments (none posted)
java: multiple vulnerabilities
| Package(s): | java-1.5.0-sun |
CVE #(s): | CVE-2008-0657
|
| Created: | February 12, 2008 |
Updated: | April 25, 2008 |
| Description: |
Multiple unspecified vulnerabilities in the Java Runtime Environment in Sun JDK and JRE 6 Update 1 and earlier, and 5.0 Update 13 and earlier, allow context-dependent attackers to gain privileges via an untrusted (1) application or (2) applet, as demonstrated by an application or applet that grants itself privileges to (a) read local files, (b) write to local files, or (c) execute local programs. |
| Alerts: |
|
Comments (none posted)
java-1.5.0-sun: multiple vulnerabilities
| Package(s): | java-1.5.0-sun |
CVE #(s): | CVE-2007-5232
CVE-2007-5238
CVE-2007-5239
CVE-2007-5240
CVE-2007-5273
CVE-2007-5274
|
| Created: | October 12, 2007 |
Updated: | April 25, 2008 |
| Description: |
Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier,
JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier,
and SDK and JRE 1.3.1_20 and earlier, when applet caching is enabled,
allows remote attackers to violate the security model for an applet's
outbound connections via a DNS rebinding attack. (CVE-2007-5232)
Java Web Start in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0
Update 12 and earlier, and SDK and JRE 1.4.2_15 and earlier does not
properly enforce access restrictions for untrusted applications, which
allows user-assisted remote attackers to obtain sensitive information (the
Java Web Start cache location) via an untrusted application, aka "three
vulnerabilities." (CVE-2007-5238)
Java Web Start in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0
Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE
1.3.1_20 and earlier does not properly enforce access restrictions for
untrusted (1) applications and (2) applets, which allows user-assisted
remote attackers to copy or rename arbitrary files when local users perform
drag-and-drop operations from the untrusted application or applet window
onto certain types of desktop applications. (CVE-2007-5239)
Visual truncation vulnerability in the Java Runtime Environment in Sun JDK
and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK
and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier allows
remote attackers to circumvent display of the untrusted-code warning banner
by creating a window larger than the workstation screen. (CVE-2007-5240)
Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier,
JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier,
and SDK and JRE 1.3.1_20 and earlier, when an HTTP proxy server is used,
allows remote attackers to violate the security model for an applet's
outbound connections via a multi-pin DNS rebinding attack in which the
applet download relies on DNS resolution on the proxy server, but the
applet's socket operations rely on DNS resolution on the local machine, a
different issue than CVE-2007-5274. NOTE: this is similar to
CVE-2007-5232. (CVE-2007-5273)
Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier,
JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier,
and SDK and JRE 1.3.1_20 and earlier, when Firefox or Opera is used, allows
remote attackers to violate the security model for JavaScript outbound
connections via a multi-pin DNS rebinding attack dependent on the
LiveConnect API, in which JavaScript download relies on DNS resolution by
the browser, but JavaScript socket operations rely on separate DNS
resolution by a Java Virtual Machine (JVM), a different issue than
CVE-2007-5273. NOTE: this is similar to CVE-2007-5232. (CVE-2007-5274) |
| Alerts: |
|
Comments (1 posted)
joomla: multiple vulnerabilities
| Package(s): | joomla |
CVE #(s): | CVE-2007-6642
CVE-2007-6643
CVE-2007-6644
CVE-2007-6645
|
| Created: | March 6, 2008 |
Updated: | March 12, 2008 |
| Description: |
The Joomla PHP-based content management system has the following vulnerabilities:
There are multiple cross-site request forgery vulnerabilities.
There is one cross-site scripting vulnerability.
There is a vulnerability where remote authenticated administrators can
promote arbitrary users to the administrator group, violating the intended
security model.
There is a registered user privilege escalation vulnerability. |
| Alerts: |
|
Comments (none posted)
JRockit: multiple vulnerabilities
Comments (none posted)
kazehakase: multiple vulnerabilities
| Package(s): | kazehakase |
CVE #(s): | |
| Created: | January 31, 2008 |
Updated: | April 23, 2008 |
| Description: |
The kazehakase web browser is vulnerable to buffer overflows and
memory corruption in PCRE. If a remote attacker can convince a user to
open specially crafted bookmarks, it can lead to the
execution of arbitrary code, denial of service or
arbitrary information disclosure. |
| Alerts: |
|
Comments (none posted)
kdebase: denial of service
| Package(s): | kdebase |
CVE #(s): | CVE-2007-5963
|
| Created: | December 18, 2007 |
Updated: | January 19, 2009 |
| Description: |
The kdebase package is vulnerable to a denial of service in which a local user can render KDM unusable for logins by any user or cause KDM to exceed system resource limits. |
| Alerts: |
|
Comments (none posted)
kdelibs: kate backup file permission leak
| Package(s): | kdelibs kate kwrite |
CVE #(s): | CAN-2005-1920
|
| Created: | July 19, 2005 |
Updated: | September 21, 2010 |
| Description: |
Kate / Kwrite, as shipped with KDE 3.2.x up to including 3.4.0, creates a file backup before saving a modified file. These backup files are created with default permissions, even if the original file had more strict permissions set. See this advisory for more information. |
| Alerts: |
|
Comments (1 posted)
kernel: out-of-bounds access
| Package(s): | kernel |
CVE #(s): | CVE-2007-4573
|
| Created: | September 25, 2007 |
Updated: | December 6, 2010 |
| Description: |
The IA32 system call emulation functionality in Linux kernel 2.4.x and
2.6.x before 2.6.22.7, when running on the x86_64 architecture, does not
zero extend the eax register after the 32bit entry path to ptrace is used,
which might allow local users to gain privileges by triggering an
out-of-bounds access to the system call table using the %RAX register. |
| Alerts: |
|
Comments (none posted)
kernel: denial of service
| Package(s): | kernel |
CVE #(s): | CVE-2007-4130
CVE-2007-6694
|
| Created: | February 1, 2008 |
Updated: | June 20, 2008 |
| Description: |
From the Red Hat advisory: A flaw was found in the way the Red Hat
Enterprise Linux 4 kernel handled page faults when a CPU used the NUMA
method for accessing memory on Itanium architectures. A local unprivileged
user could trigger this flaw and cause a denial of service (system panic).
A possible NULL pointer dereference was found in the chrp_show_cpuinfo
function when using the PowerPC architecture. This may have allowed a local
unprivileged user to cause a denial of service (crash). |
| Alerts: |
|
Comments (none posted)
kernel: ALSA returns incorrect write size
| Package(s): | kernel |
CVE #(s): | CVE-2007-4571
|
| Created: | September 28, 2007 |
Updated: | June 20, 2008 |
| Description: |
The snd_mem_proc_read function in sound/core/memalloc.c in the Advanced
Linux Sound Architecture (ALSA) in the Linux kernel before 2.6.22.8 does
not return the correct write size, which allows local users to obtain
sensitive information (kernel memory contents) via a small count argument,
as demonstrated by multiple reads of /proc/driver/snd-page-alloc. |
| Alerts: |
|
Comments (none posted)
kernel: insufficient range checks
| Package(s): | kernel |
CVE #(s): | CVE-2008-0007
|
| Created: | February 8, 2008 |
Updated: | January 8, 2009 |
| Description: |
From the SUSE advisory: Insufficient range checks in certain fault handlers could be used by local attackers to potentially read or write kernel memory. |
| Alerts: |
|
Comments (none posted)
kernel: denial of service
| Package(s): | kernel |
CVE #(s): | CVE-2006-4535
CVE-2006-4538
|
| Created: | September 18, 2006 |
Updated: | January 5, 2009 |
| Description: |
Sridhar Samudrala discovered a local denial of service vulnerability
in the handling of SCTP sockets. By opening such a socket with a
special SO_LINGER value, a local attacker could exploit this to crash
the kernel. (CVE-2006-4535)
Kirill Korotaev discovered that the ELF loader on the ia64 and sparc
platforms did not sufficiently verify the memory layout. By attempting
to execute a specially crafted executable, a local user could exploit
this to crash the kernel. (CVE-2006-4538) |
| Alerts: |
|
Comments (none posted)
kernel: remote denial of service
| Package(s): | kernel |
CVE #(s): | CVE-2006-6058
CVE-2007-4997
|
| Created: | November 9, 2007 |
Updated: | June 13, 2008 |
| Description: |
The Minix filesystem code in Linux kernel 2.6.x up to 2.6.18, and possibly
other versions, allows local users to cause a denial of service (hang) via
a malformed minix file stream that triggers an infinite loop in the
minix_bmap function. NOTE: this issue might be due to an integer overflow
or signedness error.
Integer underflow in the ieee80211_rx function in
net/ieee80211/ieee80211_rx.c in the Linux kernel 2.6.x before 2.6.23 allows
remote attackers to cause a denial of service (crash) via a crafted SKB
length value in a runt IEEE 802.11 frame when the IEEE80211_STYPE_QOS_DATA
flag is set, aka an "off-by-two error." |
| Alerts: |
|
Comments (1 posted)
kernel: local filesystem corruption
| Package(s): | kernel |
CVE #(s): | CVE-2008-0001
|
| Created: | January 17, 2008 |
Updated: | June 13, 2008 |
| Description: |
From the mitre.org CVE description:
VFS in the Linux kernel before 2.6.23.14 performs tests of access mode by using the flag variable instead of the acc_mode variable, which might allow local users to bypass file permissions. |
| Alerts: |
|
Comments (none posted)
kernel: several vulnerabilities
| Package(s): | kernel |
CVE #(s): | CVE-2006-5823
CVE-2006-6054
CVE-2007-1592
|
| Created: | June 12, 2007 |
Updated: | March 21, 2011 |
| Description: |
A flaw in the cramfs file system allows invalid compressed data to cause
memory corruption (CVE-2006-5823)
A flaw in the ext2 file system allows an invalid inode size to cause a
denial of service (system hang) (CVE-2006-6054)
A flaw in IPV6 flow label handling allows a local user to cause a denial of
service (crash) (CVE-2007-1592) |
| Alerts: |
|
Comments (none posted)
kernel: denial of service
| Package(s): | kernel |
CVE #(s): | CVE-2007-5500
|
| Created: | November 28, 2007 |
Updated: | July 8, 2008 |
| Description: |
The wait_task_stopped function in the Linux kernel before 2.6.23.8 checks a TASK_TRACED bit instead of an exit_state value, which allows local users to cause a denial of service (machine crash) via unspecified vectors. |
| Alerts: |
|
Comments (none posted)
kernel: denial of service
| Package(s): | kernel |
CVE #(s): | CVE-2006-2935
CVE-2006-4145
CVE-2006-3745
|
| Created: | September 1, 2006 |
Updated: | July 30, 2008 |
| Description: |
Previous versions of the kernel package are subject to several
vulnerabilities. Certain malformed UDF filesystems can cause the system to
crash (denial of service). Malformed CDROM firmware or USB storage devices
(such as USB keys) could cause system crash (denial of service), and if
they were intentionally malformed, can cause arbitrary code to run with
elevated privileges. In addition, the SCTP protocol is subject to a remote
system crash (denial of service) attack. |
| Alerts: |
|
Comments (none posted)
kernel: several vulnerabilities
| Package(s): | kernel |
CVE #(s): | CVE-2007-2172
CVE-2007-3739
CVE-2007-4308
|
| Created: | December 3, 2007 |
Updated: | January 8, 2009 |
| Description: |
A typo in Linux kernel 2.6 before 2.6.21-rc6 and 2.4 before 2.4.35 causes
RTA_MAX to be used as an array size instead of RTN_MAX, which leads to an
"out of bound access" by the (1) dn_fib_props (dn_fib.c, DECNet) and (2)
fib_props (fib_semantics.c, IPv4) functions. (CVE-2007-2172)
mm/mmap.c in the hugetlb kernel, when run on PowerPC systems, does not
prevent stack expansion from entering into reserved kernel page memory,
which allows local users to cause a denial of service (OOPS) via
unspecified vectors. (CVE-2007-3739)
The (1) aac_cfg_open and (2) aac_compat_ioctl functions in the SCSI layer
ioctl path in aacraid in the Linux kernel before 2.6.23-rc2 do not check
permissions for ioctls, which might allow local users to cause a denial of
service or gain privileges. (CVE-2007-4308) |
| Alerts: |
|
Comments (none posted)
kernel: buffer overflows
| Package(s): | kernel |
CVE #(s): | CVE-2007-5904
|
| Created: | December 3, 2007 |
Updated: | June 20, 2008 |
| Description: |
Multiple buffer overflows in CIFS VFS in Linux kernel 2.6.23 and earlier
allows remote attackers to cause a denial of service (crash) and possibly
execute arbitrary code via long SMB responses that trigger the overflows in
the SendReceive function. |
| Alerts: |
|
Comments (none posted)
kernel: multiple vulnerabilities
| Package(s): | kernel |
CVE #(s): | CVE-2006-5749
CVE-2006-4814
CVE-2006-6106
|
| Created: | January 5, 2007 |
Updated: | January 8, 2009 |
| Description: |
A security issue has been reported in Linux kernel due to an error in
drivers/isdn/i4l/isdn_ppp.c as the "isdn_ppp_ccp_reset_alloc_state()"
function never initializes an event timer before scheduling it with the
"add_timer()" function.
The mincore function in the kernel does not properly lock access to user
space, which has unspecified impact and attack vectors, possibly related to
a deadlock.
Another vulnerability has been reported in Linux kernel caused by a
boundary error within the handling of incoming CAPI messages in
net/bluetooth/cmtp/capi.c. This can be exploited to overwrite certain
Kernel data structures. |
| Alerts: |
|
Comments (none posted)
kernel: several vulnerabilities
| Package(s): | kernel |
CVE #(s): | CVE-2007-3851
CVE-2007-3848
CVE-2007-3105
|
| Created: | August 17, 2007 |
Updated: | January 8, 2009 |
| Description: |
The drm/i915 component in the Linux kernel before 2.6.22.2, when used with
i965G and later chipsets, allows local users with access to an X11 session
and Direct Rendering Manager (DRM) to write to arbitrary memory locations
and gain privileges via a crafted batchbuffer. (CVE-2007-3851)
Linux kernel 2.4.35 and other versions allows local users to send arbitrary
signals to a child process that is running at higher privileges by causing
a setuid-root parent process to die, which delivers an attacker-controlled
parent process death signal (PR_SET_PDEATHSIG). (CVE-2007-3848)
Stack-based buffer overflow in the random number generator (RNG)
implementation in the Linux kernel before 2.6.22 might allow local root
users to cause a denial of service or gain privileges by setting the
default wakeup threshold to a value greater than the output pool size,
which triggers writing random numbers to the stack by the pool transfer
function involving "bound check ordering". NOTE: this issue might only
cross privilege boundaries in environments that have granular assignment of
privileges for root. (CVE-2007-3105) |
| Alerts: |
|
Comments (1 posted)
kernel: denial of service vulnerabilities
| Package(s): | kernel |
CVE #(s): | CVE-2007-4133
CVE-2007-5093
|
| Created: | January 12, 2008 |
Updated: | November 20, 2008 |
| Description: |
The (1) hugetlb_vmtruncate_list and (2) hugetlb_vmtruncate functions
in fs/hugetlbfs/inode.c in the Linux kernel before 2.6.19-rc4 perform
certain prio_tree calculations using HPAGE_SIZE instead of PAGE_SIZE
units, which allows local users to cause a denial of service (panic)
via unspecified vectors.
The disconnect method in the Philips USB Webcam (pwc) driver in Linux
kernel 2.6.x before 2.6.22.6 relies on user space to close the device,
which allows user-assisted local attackers to cause a denial of service
(USB subsystem hang and CPU consumption in khubd) by not closing the
device after the disconnect is invoked. NOTE: this rarely crosses
privilege boundaries, unless the attacker can convince the victim to
unplug the affected device. |
| Alerts: |
|
Comments (none posted)
kernel: multiple vulnerabilities
| Package(s): | kernel |
CVE #(s): | CVE-2007-3104
CVE-2007-3740
CVE-2007-3843
CVE-2007-6063
|
| Created: | December 4, 2007 |
Updated: | January 8, 2009 |
| Description: |
The sysfs_readdir function in the Linux kernel 2.6 allows local users to
cause a denial of service (kernel OOPS) by dereferencing a null pointer to
an inode in a dentry. (CVE-2007-3104)
The CIFS filesystem, when Unix extension support is enabled, did not honor
the umask of a process, which allowed local users to gain
privileges.(CVE-2007-3740)
The Linux kernel checked the wrong global variable for the CIFS sec mount
option, which might allow remote attackers to spoof CIFS network traffic
that the client configured for security signatures, as demonstrated by lack
of signing despite sec=ntlmv2i in a SetupAndX request. (CVE-2007-3843)
Buffer overflow in the isdn_net_setcfg function in isdn_net.c in the Linux
kernel allowed local users to have an unknown impact via a crafted argument
to the isdn_ioctl function. (CVE-2007-6063) |
| Alerts: |
|
Comments (none posted)
kernel: denial of service
| Package(s): | kernel |
CVE #(s): | CVE-2007-5966
|
| Created: | December 19, 2007 |
Updated: | February 3, 2010 |
| Description: |
A bug in high-resolution timers (prior to kernel 2.6.22.15) can cause very long sleeps when large timeout values are used. |
| Alerts: |
|
Comments (none posted)
krb5: multiple vulnerabilities
| Package(s): | krb5 |
CVE #(s): | CVE-2007-2442
CVE-2007-2443
CVE-2007-2798
|
| Created: | June 27, 2007 |
Updated: | March 24, 2008 |
| Description: |
David Coffey discovered an uninitialized pointer free flaw in the
RPC library used by kadmind. A remote unauthenticated attacker who
could access kadmind could trigger the flaw causing kadmind to crash
or possibly execute arbitrary code (CVE-2007-2442).
David Coffey also discovered an overflow flaw in the same RPC library.
A remote unauthenticated attacker who could access kadmind could
trigger the flaw causing kadmind to crash or possibly execute arbitrary
code (CVE-2007-2443).
Finally, a stack buffer overflow vulnerability was found in kadmind
that allowed an unauthenticated user able to access kadmind the
ability to trigger the vulnerability and possibly execute arbitrary
code (CVE-2007-2798). |
| Alerts: |
|
Comments (none posted)
krb5: uninitialized pointers
| Package(s): | krb5 |
CVE #(s): | CVE-2006-6143
CVE-2006-3084
|
| Created: | January 10, 2007 |
Updated: | July 7, 2010 |
| Description: |
The kdamind daemon can, in some situations, perform operations on uninitialized pointers. This bug could conceivably open up the system to a code execution attack by an unauthenticated remote attacker, but it appears to be difficult to exploit. See this advisory for details. |
| Alerts: |
|
Comments (1 posted)
krb5: local privilege escalation
| Package(s): | krb5 |
CVE #(s): | CVE-2006-3083
|
| Created: | August 9, 2006 |
Updated: | July 7, 2010 |
| Description: |
Some kerberos applications fail to check the results of setuid() calls, with the result that, if that call fails, they could continue to execute as root after thinking they had switched to a nonprivileged user. A local attacker who can cause these calls to fail (through resource exhaustion, presumably) could exploit this bug to gain root privileges. |
| Alerts: |
|
Comments (none posted)
krb5: buffer overflow, uninitialized pointer
| Package(s): | krb5 |
CVE #(s): | CVE-2007-3999
CVE-2007-4000
|
| Created: | September 4, 2007 |
Updated: | March 24, 2008 |
| Description: |
Tenable Network Security discovered a stack buffer overflow flaw in the RPC
library used by kadmind. A remote unauthenticated attacker who can access
kadmind could trigger this flaw and cause kadmind to crash.
Garrett Wollman discovered an uninitialized pointer flaw in kadmind. A
remote unauthenticated attacker who can access kadmind could trigger this
flaw and cause kadmind to crash. |
| Alerts: |
|
Comments (none posted)
krb5: multiple vulnerabilities
| Package(s): | krb5 |
CVE #(s): | CVE-2007-0956
CVE-2007-0957
CVE-2007-1216
|
| Created: | April 3, 2007 |
Updated: | March 24, 2008 |
| Description: |
A flaw was found in the username handling of the MIT krb5 telnet daemon
(telnetd). A remote attacker who can access the telnet port of a target
machine could log in as root without requiring a password. MIT krb5 Security Advisory 2007-001
Buffer overflows were found which affect the Kerberos KDC and the kadmin
server daemon. A remote attacker who can access the KDC could exploit this
bug to run arbitrary code with the privileges of the KDC or kadmin server
processes. MIT krb5 Security Advisory
2007-002
A double-free flaw was found in the GSSAPI library used by the kadmin
server daemon. MIT krb5 Security Advisory
2007-003 |
| Alerts: |
|
Comments (none posted)
kronolith: privilege escalation and more?
| Package(s): | kronolith |
CVE #(s): | |
| Created: | March 10, 2008 |
Updated: | March 12, 2008 |
| Description: |
The Fedora advisory is light on details:
Fix privilege escalation in Horde API. Fix missing ownership validation on
share changes.
|
| Alerts: |
|
Comments (none posted)
lcms: stack-based buffer overflow
| Package(s): | lcms |
CVE #(s): | CVE-2007-2741
|
| Created: | November 23, 2007 |
Updated: | October 14, 2008 |
| Description: |
Stack-based buffer overflow in Little CMS (lmcs) before 1.15 allows remote
attackers to execute arbitrary code or cause a denial of service
(application crash) via a crafted ICC profile in a JPG file. |
| Alerts: |
|
Comments (none posted)
lftp: shell command execution
| Package(s): | lftp |
CVE #(s): | CVE-2007-2348
|
| Created: | May 4, 2007 |
Updated: | September 16, 2009 |
| Description: |
mirror --script in lftp before 3.5.9 does not properly quote shell
metacharacters, which might allow remote user-assisted attackers to execute
shell commands via a malicious script. NOTE: it is not clear whether this
issue crosses security boundaries, since the script already supports
commands such as "get" which could overwrite executable files. |
| Alerts: |
|
Comments (none posted)
libexif: integer overflow
| Package(s): | libexif |
CVE #(s): | CVE-2007-6352
|
| Created: | December 19, 2007 |
Updated: | October 15, 2008 |
| Description: |
From the Red Hat advisory: An integer overflow flaw was found in the way libexif parses Exif image
tags. If a victim opens a carefully crafted Exif image file, it could cause
the application linked against libexif to execute arbitrary code, or crash. |
| Alerts: |
|
Comments (none posted)
libexif: denial of service
| Package(s): | libexif |
CVE #(s): | CVE-2007-6351
|
| Created: | December 19, 2007 |
Updated: | October 15, 2008 |
| Description: |
From the Red Hat advisory: An infinite recursion flaw was found in the way libexif parses Exif image
tags. If a victim opens a carefully crafted Exif image file, it could cause
the application linked against libexif to crash. |
| Alerts: |
|
Comments (none posted)
libgd2: buffer overflow
| Package(s): | libgd2 |
CVE #(s): | CVE-2007-3996
|
| Created: | December 19, 2007 |
Updated: | October 13, 2009 |
| Description: |
The GD library does not perform proper bounds checking when creating images; as a result, an attacker could, via crafted input, potentially execute arbitrary code. |
| Alerts: |
|
Comments (none posted)
libmodplug: boundary errors
| Package(s): | libmodplug |
CVE #(s): | CVE-2006-4192
|
| Created: | December 11, 2006 |
Updated: | May 4, 2011 |
| Description: |
Luigi Auriemma has reported various boundary errors in load_it.cpp and
a boundary error in the "CSoundFile::ReadSample()" function in
sndfile.cpp. A remote attacker can entice a user to read crafted modules
or ITP files, which may trigger a buffer overflow resulting in the
execution of arbitrary code with the privileges of the user running the
application. |
| Alerts: |
|
Comments (none posted)
libnet-dns-perl: denial of service
| Package(s): | libnet-dns-perl |
CVE #(s): | CVE-2007-6341
CVE-2007-3409
|
| Created: | March 12, 2008 |
Updated: | March 27, 2008 |
| Description: |
The libnet-dns-perl package can crash when decoding malformed A records, creating a denial of service vulnerability. Also, the domain name expander can be sent into an infinite loop, also a denial of service problem. |
| Alerts: |
|
Comments (none posted)
libphp-phpmailer: command execution
| Package(s): | libphp-phpmailer |
CVE #(s): | CVE-2007-3215
|
| Created: | June 20, 2007 |
Updated: | June 25, 2009 |
| Description: |
libphp-phpmailer does not do sufficient input validation, enabling shell command injection attacks. |
| Alerts: |
|
Comments (none posted)
libpng: several vulnerabilities
| Package(s): | libpng |
CVE #(s): | CVE-2007-5266
CVE-2007-5267
CVE-2007-5268
CVE-2007-5269
|
| Created: | October 19, 2007 |
Updated: | March 23, 2009 |
| Description: |
Certain chunk handlers in libpng before 1.0.29 and 1.2.x before 1.2.21
allow remote attackers to cause a denial of service (crash) via crafted (1)
pCAL (png_handle_pCAL), (2) sCAL (png_handle_sCAL), (3) tEXt
(png_push_read_tEXt), (4) iTXt (png_handle_iTXt), and (5) ztXT
(png_handle_ztXt) chunking in PNG images, which trigger out-of-bounds read
operations. (CVE-2007-5269)
pngrtran.c in libpng before 1.0.29 and 1.2.x before 1.2.21 use (1) logical
instead of bitwise operations and (2) incorrect comparisons, which might
allow remote attackers to cause a denial of service (crash) via a crafted
PNG image. (CVE-2007-5268)
Off-by-one error in ICC profile chunk handling in the png_set_iCCP function
in pngset.c in libpng before 1.2.22 beta1 allows remote attackers to cause
a denial of service (crash) via a crafted PNG image, due to an incorrect
fix for CVE-2007-5266. (CVE-2007-5267)
Off-by-one error in ICC profile chunk handling in the png_set_iCCP function
in pngset.c in libpng before 1.0.29 beta1 and 1.2.x before 1.2.21 beta1
allows remote attackers to cause a denial of service (crash) via a crafted
PNG image that prevents a name field from being NULL terminated.
(CVE-2007-5266) |
| Alerts: |
|
Comments (none posted)
libpng: denial of service
| Package(s): | libpng |
CVE #(s): | CVE-2007-2445
|
| Created: | May 17, 2007 |
Updated: | March 23, 2009 |
| Description: |
Libpng can be crashed when processing malformed PNG files.
It may also be possible to exploit this vulnerability to execute arbitrary
code. |
| Alerts: |
|
Comments (none posted)
libpng: buffer overflow
| Package(s): | libpng |
CVE #(s): | CVE-2006-3334
|
| Created: | July 19, 2006 |
Updated: | December 15, 2008 |
| Description: |
In pngrutil.c, the function png_decompress_chunk() allocates
insufficient space for an error message, potentially overwriting stack
data, leading to a buffer overflow. |
| Alerts: |
|
Comments (none posted)
libpng: heap based buffer overflow
| Package(s): | libpng |
CVE #(s): | CVE-2006-0481
|
| Created: | February 13, 2006 |
Updated: | December 15, 2008 |
| Description: |
A heap based buffer overflow bug was found in the way libpng strips alpha
channels from a PNG image. An attacker could create a carefully crafted PNG
image file in such a way that it could cause an application linked with
libpng to crash or execute arbitrary code when the file is opened by a
victim. |
| Alerts: |
|
Comments (1 posted)
libtiff: buffer overflow
| Package(s): | libtiff |
CVE #(s): | CVE-2006-2193
|
| Created: | June 15, 2006 |
Updated: | September 1, 2008 |
| Description: |
The t2p_write_pdf_string function in libtiff 3.8.2 and earlier is vulnerable
to a buffer overflow. Attackers can use a TIFF file with UTF-8 characters
in the DocumentName tag to overflow a buffer, causing a denial of service,
and possibly the execution of arbitrary code. |
| Alerts: |
|
Comments (none posted)
libxml2 - arbitrary code execution
| Package(s): | libxml2 |
CVE #(s): | CAN-2004-0110
|
| Created: | February 26, 2004 |
Updated: | August 19, 2009 |
| Description: |
Yuuichi Teranishi discovered a flaw in libxml2 versions prior to 2.6.6.
When fetching a remote resource via FTP or HTTP, libxml2 uses special
parsing routines. These routines can overflow a buffer if passed a very
long URL. If an attacker is able to find an application using libxml2 that
parses remote resources and allows them to influence the URL, then this
flaw could be used to execute arbitrary code. |
| Alerts: |
|
Comments (none posted)
libxml2: multiple buffer overflows
| Package(s): | libxml2 |
CVE #(s): | CAN-2004-0989
|
| Created: | October 28, 2004 |
Updated: | August 19, 2009 |
| Description: |
libxml2 prior to version 2.6.14 has multiple buffer overflow
vulnerabilities, if a local user passes a specially crafted
FTP URL, arbitrary code may be executed. |
| Alerts: |
|
Comments (none posted)
liferea: weak permissions
| Package(s): | liferea |
CVE #(s): | CVE-2007-5751
|
| Created: | November 2, 2007 |
Updated: | December 22, 2008 |
| Description: |
Liferea before 1.4.6 uses weak permissions (0644) for the feedlist.opml backup file, which allows local users to obtain credentials. |
| Alerts: |
|
Comments (1 posted)
lighttpd: denial of service
| Package(s): | lighttpd |
CVE #(s): | CVE-2008-0983
|
| Created: | February 29, 2008 |
Updated: | July 15, 2008 |
| Description: |
From the CVE entry: lighttpd 1.4.18, and possibly other versions before 1.5.0, does not properly calculate the size of a file descriptor array, which allows remote attackers to cause a denial of service (crash) via a large number of connections, which triggers an out-of-bounds access. |
| Alerts: |
|
Comments (none posted)
lighttpd: cgi source disclosure
| Package(s): | lighttpd |
CVE #(s): | CVE-2008-1111
|
| Created: | March 7, 2008 |
Updated: | April 4, 2008 |
| Description: |
lighttpd
before 1.4.18 is vulnerable to cgi source disclosure. |
| Alerts: |
|
Comments (none posted)
lighttpd: denial of service
| Package(s): | lighttpd |
CVE #(s): | CVE-2007-3946
CVE-2007-3947
CVE-2007-3948
CVE-2007-3949
CVE-2007-3950
|
| Created: | July 19, 2007 |
Updated: | July 15, 2008 |
| Description: |
The lighttpd web server has multiple vulnerabilities involving
a remote access-control setting circumvention that is performed
by the sending of malformed requests. This can be used to crash
the server and cause a denial of service. |
| Alerts: |
|
Comments (none posted)
kernel: several vulnerabilities
| Package(s): | linux-2.6 |
CVE #(s): | CVE-2007-2878
CVE-2007-6151
|
| Created: | January 29, 2008 |
Updated: | January 8, 2009 |
| Description: |
From the Debian advisory: Bart Oldeman reported a denial of service (DoS) issue in the VFAT filesystem that allows local users to corrupt a kernel structure resulting in a system crash. This is only an issue for systems which make use of the VFAT compat ioctl interface, such as systems running an 'amd64' flavor kernel. ADLAB discovered a possible memory overrun in the ISDN subsystem that may permit a local user to overwrite kernel memory leading by issuing ioctls with unterminated data.
|
| Alerts: |
|
Comments (none posted)
kernel: local root privilege escalation
| Package(s): | linux-2.6 |
CVE #(s): | CVE-2008-0010
CVE-2008-0600
|
| Created: | February 11, 2008 |
Updated: | June 23, 2008 |
| Description: |
From the Debian advisory:
The vmsplice system call did not properly verify address arguments
passed by user space processes, which allowed local attackers to
overwrite arbitrary kernel memory, gaining root privileges
(CVE-2008-0010, CVE-2008-0600).
|
| Alerts: |
|
Comments (1 posted)
kernel: information leak, denial of service
| Package(s): | linux-2.6 |
CVE #(s): | CVE-2007-6206
CVE-2007-6417
|
| Created: | December 21, 2007 |
Updated: | September 1, 2010 |
| Description: |
Blake Frantz discovered that when a core file owned by a non-root user exists, and a root-owned process dumps core over it, the core file retains its original ownership. This could be used by a local user to gain access to sensitive information. (CVE-2007-6206)
Hugh Dickins discovered an issue in the tmpfs filesystem where, under a rare circumstance, a kernel page maybe improperly cleared, leaking sensitive kernel memory to userspace or resulting in a DoS (crash). (CVE-2007-6417) |
| Alerts: |
|
Comments (none posted)
vmware-player-kernel: several vulnerabilities
| Package(s): | linux-restricted-modules-2.6.17/20, vmware-player-kernel-2.6.15 |
CVE #(s): | CVE-2007-0061
CVE-2007-0062
CVE-2007-0063
CVE-2007-4496
CVE-2007-4497
|
| Created: | November 16, 2007 |
Updated: | March 13, 2009 |
| Description: |
Neel Mehta and Ryan Smith discovered that the VMWare Player DHCP server
did not correctly handle certain packet structures. Remote attackers
could send specially crafted packets and gain root privileges.
(CVE-2007-0061, CVE-2007-0062, CVE-2007-0063)
Rafal Wojtczvk discovered multiple memory corruption issues in VMWare
Player. Attackers with administrative privileges in a guest operating
system could cause a denial of service or possibly execute arbitrary
code on the host operating system. (CVE-2007-4496, CVE-2007-4497)
|
| Alerts: |
|
Comments (none posted)
lynx: arbitrary command execution
| Package(s): | lynx |
CVE #(s): | CVE-2005-2929
|
| Created: | November 14, 2005 |
Updated: | September 14, 2009 |
| Description: |
An arbitrary command execute bug was found in the lynx "lynxcgi:" URI
handler. An attacker could create a web page redirecting to a malicious URL
which could execute arbitrary code as the user running lynx. |
| Alerts: |
|
Comments (none posted)
mailman: cross-site scripting
| Package(s): | mailman |
CVE #(s): | CVE-2008-0564
|
| Created: | February 13, 2008 |
Updated: | April 15, 2011 |
| Description: |
From the Red Hat bugzilla entry:
Multiple cross-site scripting (XSS) vulnerabilities in Mailman before
2.1.10b1 allow remote attackers to inject arbitrary web script or HTML
via unspecified vectors related to (1) editing templates and (2) the
list's "info attribute" in the web administrator interface, a
different vulnerability than CVE-2006-3636.
|
| Alerts: |
|
Comments (none posted)
mapserver: multiple cross-site scripting vulnerabilities
| Package(s): | mapserver |
CVE #(s): | CVE-2007-4542
CVE-2007-4629
|
| Created: | September 5, 2007 |
Updated: | April 7, 2008 |
| Description: |
CVE-2007-4542: Multiple cross-site scripting (XSS) vulnerabilities in MapServer before 4.10.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving the (1) processLine function in maptemplate.c and the (2) writeError function in mapserv.c in the mapserv CGI program.
CVE-2007-4629: Buffer overflow in the processLine function in maptemplate.c in MapServer before 4.10.3 allows attackers to cause a denial of service and possibly execute arbitrary code via a mapfile with a long layer name, group name, or metadata entry name. |
| Alerts: |
|
Comments (none posted)
MediaWiki: cross-site scripting
| Package(s): | mediawiki |
CVE #(s): | CVE-2008-0460
|
| Created: | March 7, 2008 |
Updated: | December 24, 2008 |
| Description: |
From the CVE entry: Cross-site scripting (XSS) vulnerability in api.php in
(1) MediaWiki 1.11 through 1.11.0rc1, 1.10 through 1.10.2, 1.9 through
1.9.4, and 1.8; and (2) the BotQuery extension for MediaWiki 1.7 and
earlier; when Internet Explorer is used, allows remote attackers to inject
arbitrary web script or HTML via unspecified vectors. |
| Alerts: |
|
Comments (none posted)
moin: multiple XSS vulnerabilities
| Package(s): | moin |
CVE #(s): | CVE-2008-0780
CVE-2008-0781
|
| Created: | February 21, 2008 |
Updated: | June 18, 2009 |
| Description: |
moin has cross site scripting vulnerabilities in the login action
and the AttachFile action. |
| Alerts: |
|
Comments (none posted)
moin: multiple vulnerabilities
| Package(s): | moin |
CVE #(s): | CVE-2007-2637
CVE-2008-0782
CVE-2008-1098
CVE-2008-1099
|
| Created: | March 10, 2008 |
Updated: | January 30, 2009 |
| Description: |
From the Debian advisory:
CVE-2007-2637:
Access control lists for calendars and includes were
insufficiently enforced, which could lead to information
disclosure.
CVE-2008-0782:
A directory traversal vulnerability in cookie handling could
lead to local denial of service by overwriting files.
CVE-2008-1098:
Cross-site-scripting vulnerabilities have been discovered in
the GUI editor formatter and the code to delete pages.
CVE-2008-1099:
The macro code validates access control lists insufficiently,
which could lead to information disclosure.
|
| Alerts: |
|
Comments (none posted)
mono: arbitrary code execution via integer overflow
| Package(s): | mono |
CVE #(s): | CVE-2007-5197
|
| Created: | November 6, 2007 |
Updated: | December 7, 2009 |
| Description: |
From the Debian advisory: An integer overflow in the BigInteger data type implementation has been
discovered in the free .NET runtime Mono.
|
| Alerts: |
|
Comments (none posted)
moodle: cross-site scripting
| Package(s): | moodle |
CVE #(s): | CVE-2008-0123
|
| Created: | January 16, 2008 |
Updated: | November 12, 2008 |
| Description: |
Moodle suffers from a cross-site scripting vulnerability which is only open during the install process. |
| Alerts: |
|
Comments (none posted)
moodle: cross-site scripting
| Package(s): | moodle |
CVE #(s): | CVE-2007-3555
|
| Created: | August 7, 2007 |
Updated: | December 22, 2008 |
| Description: |
A cross-site scripting (XSS) vulnerability in index.php in Moodle 1.7.1
allows remote attackers to inject arbitrary web script or HTML via a style
expression in the search parameter. |
| Alerts: |
|
Comments (none posted)
mozilla: multiple vulnerabilities
| Package(s): | mozilla |
CVE #(s): | |
| Created: | February 13, 2008 |
Updated: | July 29, 2008 |
| Description: |
Here are the details from the Slackware 12.0 ChangeLog:
+--------------------------+
patches/packages/mozilla-firefox-2.0.0.12-i686-1.tgz:
Upgraded to firefox-2.0.0.12.
This upgrade fixes some more security bugs.
For more information, see:
http://www.mozilla.org/projects/security/known-vulnerabil...
(* Security fix *)
patches/packages/seamonkey-1.1.8-i486-1_slack12.0.tgz:
Upgraded to seamonkey-1.1.8.
This upgrade fixes some more security bugs.
For more information, see:
http://www.mozilla.org/projects/security/known-vulnerabil...
(* Security fix *)
+--------------------------+
|
| Alerts: |
|
Comments (none posted)
mplayer: buffer overflow
| Package(s): | mplayer |
CVE #(s): | CVE-2007-1246
|
| Created: | March 8, 2007 |
Updated: | April 1, 2008 |
| Description: |
MPlayer versions up to 1.0rc1 have a buffer overflow in the
loader/dmo/DMO_VideoDecoder.c DMO_VideoDecoder_Open function.
user-assisted remote attackers can use this to create a buffer overflow
and possibly execute arbitrary code. |
| Alerts: |
|
Comments (none posted)
mplayer: multiple vulnerabilities
| Package(s): | mplayer |
CVE #(s): | CVE-2008-0485
CVE-2008-0486
CVE-2008-0629
CVE-2008-0630
|
| Created: | February 13, 2008 |
Updated: | August 7, 2008 |
| Description: |
From the Debian advisory:
Several buffer overflows have been discovered in the MPlayer movie player,
which might lead to the execution of arbitrary code. The Common
Vulnerabilities and Exposures project identifies the following problems:
CVE-2008-0485:
Felipe Manzano and Anibal Sacco discovered a buffer overflow in
the demuxer for MOV files.
CVE-2008-0486:
Reimar Doeffinger discovered a buffer overflow in the FLAC header
parsing.
CVE-2008-0629:
Adam Bozanich discovered a buffer overflow in the CDDB access code.
CVE-2008-0630:
Adam Bozanich discovered a buffer overflow in URL parsing.
|
| Alerts: |
|
Comments (none posted)
mt-daapd: multiple vulnerabilities
| Package(s): | mt-daapd |
CVE #(s): | CVE-2007-5825
CVE-2007-5824
|
| Created: | December 31, 2007 |
Updated: | September 1, 2008 |
| Description: |
From the Gentoo advisory: nnp discovered multiple vulnerabilities in the XML-RPC handler in the
file webserver.c. The ws_addarg() function contains a format string
vulnerability, as it does not properly sanitize username and password
data from the "Authorization: Basic" HTTP header line (CVE-2007-5825).
The ws_decodepassword() and ws_getheaders() functions do not correctly
handle empty Authorization header lines, or header lines without a ':'
character, leading to NULL pointer dereferences (CVE-2007-5824). |
| Alerts: |
|
Comments (none posted)
mysql: denial of service
| Package(s): | mysql |
CVE #(s): | CVE-2007-1420
|
| Created: | March 22, 2007 |
Updated: | May 21, 2008 |
| Description: |
MySQL subselect queries using "ORDER BY" can be used by an attacker with
access to a MySQL instance in order to create an intermittent denial
of service. |
| Alerts: |
|
Comments (none posted)
mysql: format string bug
| Package(s): | mysql |
CVE #(s): | CVE-2006-3469
|
| Created: | July 21, 2006 |
Updated: | July 30, 2008 |
| Description: |
Jean-David Maillefer discovered a format string bug in the
date_format() function's error reporting. By calling the function with
invalid arguments, an authenticated user could exploit this to crash
the server. |
| Alerts: |
|
Comments (none posted)
MySQL: privilege violations
| Package(s): | mysql |
CVE #(s): | CVE-2006-4031
CVE-2006-4226
|
| Created: | August 25, 2006 |
Updated: | July 30, 2008 |
| Description: |
MySQL 4.1 before 4.1.21 and 5.0 before 5.0.24 allows a local user to access
a table through a previously created MERGE table, even after the user's
privileges are revoked for the original table, which might violate intended
security policy (CVE-2006-4031).
MySQL 4.1 before 4.1.21, 5.0 before 5.0.25, and 5.1 before 5.1.12, when run
on case-sensitive filesystems, allows remote authenticated users to create
or access a database when the database name differs only in case from a
database for which they have permissions (CVE-2006-4226). |
| Alerts: |
|
Comments (none posted)
mysql: privilege escalation
| Package(s): | mysql |
CVE #(s): | CVE-2007-6303
|
| Created: | December 19, 2007 |
Updated: | April 7, 2008 |
| Description: |
From the CVE entry: MySQL 5.0.x before 5.0.52, 5.1.x before 5.1.23, and 6.0.x before 6.0.4 does not update the DEFINER value of a view when the view is altered, which allows remote authenticated users to gain privileges via a sequence of statements including a CREATE SQL SECURITY DEFINER VIEW statement and an ALTER VIEW statement. |
| Alerts: |
|
Comments (none posted)
MySQL: logging bypass
| Package(s): | mysql |
CVE #(s): | CVE-2006-0903
|
| Created: | April 4, 2006 |
Updated: | May 21, 2008 |
| Description: |
MySQL 5.0.18 and earlier allows local users to bypass logging mechanisms
via SQL queries that contain the NULL character, which are not properly
handled by the mysql_real_query function. NOTE: this issue was originally
reported for the mysql_query function, but the vendor states that since
mysql_query expects a null character, this is not an issue for mysql_query. |
| Alerts: |
|
Comments (2 posted)
MySQL: privilege escalation
| Package(s): | MySQL |
CVE #(s): | CVE-2007-3781
CVE-2007-5969
|
| Created: | December 11, 2007 |
Updated: | May 21, 2008 |
| Description: |
MySQL Community Server before 5.0.51, when a table relies on symlinks created through explicit DATA DIRECTORY and INDEX DIRECTORY options, allows remote authenticated users to overwrite system table information and gain privileges via a RENAME TABLE statement that changes the symlink to point to an existing file. (CVE-2007-5969)
MySQL Community Server before 5.0.45 does not require privileges such as SELECT for the source table in a CREATE TABLE LIKE statement, which allows remote authenticated users to obtain sensitive information such as the table structure. (CVE-2007-3781) |
| Alerts: |
|
Comments (none posted)
mysql-dfsg: multiple vulnerabilities
| Package(s): | mysql-dfsg |
CVE #(s): | CVE-2007-2583
CVE-2007-2691
CVE-2007-2692
CVE-2007-3782
|
| Created: | November 27, 2007 |
Updated: | July 30, 2008 |
| Description: |
The in_decimal::set function in item_cmpfunc.cc in MySQL before 5.0.40, and
5.1 before 5.1.18-beta, allows context-dependent attackers to cause a
denial of service (crash) via a crafted IF clause that results in a
divide-by-zero error and a NULL pointer dereference. (CVE-2007-2583)
MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 does not
require the DROP privilege for RENAME TABLE statements, which allows remote
authenticated users to rename arbitrary tables. (CVE-2007-2691)
The mysql_change_db function in MySQL 5.0.x before 5.0.40 and 5.1.x before
5.1.18 does not restore THD::db_access privileges when returning from SQL
SECURITY INVOKER stored routines, which allows remote authenticated users
to gain privileges. (CVE-2007-2692)
MySQL Community Server before 5.0.45 allows remote authenticated users to
gain update privileges for a table in another database via a view that
refers to this external table. (CVE-2007-3782) |
| Alerts: |
|
Comments (none posted)
mysql: denial of service
| Package(s): | mysql-dfsg-5.0 |
CVE #(s): | CVE-2007-6304
|
| Created: | December 21, 2007 |
Updated: | April 7, 2008 |
| Description: |
Philip Stoev discovered that the the federated engine of MySQL
did not properly handle responses with a small number of columns.
An authenticated user could use a crafted response to a SHOW
TABLE STATUS query and cause a denial of service. |
| Alerts: |
|
Comments (none posted)
mysql: buffer overflows
| Package(s): | mysql-dfsg-5.0 |
CVE #(s): | CVE-2008-0226
CVE-2008-0227
|
| Created: | January 29, 2008 |
Updated: | July 21, 2008 |
| Description: |
From the Debian advisory: Luigi Auriemma discovered two buffer overflows in YaSSL, an SSL implementation included in the MySQL database package, which could lead to denial of service and possibly the execution of arbitrary code. |
| Alerts: |
|
Comments (none posted)
nagios: cross-site scripting
| Package(s): | nagios |
CVE #(s): | CVE-2007-5624
|
| Created: | December 7, 2007 |
Updated: | September 14, 2009 |
| Description: |
Cross-site scripting (XSS) vulnerability in Nagios 2.x before 2.10 allows remote attackers to inject arbitrary web script or HTML via unknown vectors to unspecified CGI scripts. |
| Alerts: |
|
Comments (none posted)
nagios-plugins: buffer overflow
| Package(s): | nagios-plugins |
CVE #(s): | CVE-2007-5198
|
| Created: | October 23, 2007 |
Updated: | April 17, 2008 |
| Description: |
Buffer overflow in the redir function in check_http.c in Nagios Plugins
before 1.4.10 allows remote web servers to execute arbitrary code via long
Location header responses (redirects). |
| Alerts: |
|
Comments (none posted)
nagios-plugins: check_snmp buffer overflow
| Package(s): | nagios-plugins |
CVE #(s): | CVE-2007-5623
|
| Created: | November 2, 2007 |
Updated: | April 17, 2008 |
| Description: |
Buffer overflow in the check_snmp function in Nagios Plugins (nagios-plugins) 1.4.10 allows remote attackers to cause a denial of service (crash) via crafted snmpget replies. |
| Alerts: |
|
Comments (none posted)
nbd: arbitrary code execution
| Package(s): | nbd |
CVE #(s): | CVE-2005-3534
|
| Created: | January 6, 2006 |
Updated: | March 7, 2011 |
| Description: |
Kurt Fitzner discovered that the NBD (network block device) server did not
correctly verify the maximum size of request packets. By sending specially
crafted large request packets, a remote attacker who is allowed to access
the server could exploit this to execute arbitrary code with root
privileges. |
| Alerts: |
|
Comments (none posted)
ncompress: buffer underflow
| Package(s): | ncompress |
CVE #(s): | CVE-2006-1168
|
| Created: | August 10, 2006 |
Updated: | February 21, 2012 |
| Description: |
The ncompress compression utility has a missing boundary check.
A local user can use a maliciously created file to cause a
a .bss buffer underflow. |
| Alerts: |
|
Comments (none posted)
netpbm: buffer overflow
| Package(s): | netpbm |
CVE #(s): | CVE-2008-0554
|
| Created: | February 8, 2008 |
Updated: | November 7, 2008 |
| Description: |
From the Mandriva advisory: A buffer overflow in the giftopnm utility in netpbm prior to version 10.27 could allow attackers to have an unknown impact via a specially crafted GIF file. |
| Alerts: |
|
Comments (none posted)
nginx: cross site scripting
| Package(s): | nginx |
CVE #(s): | |
| Created: | July 20, 2007 |
Updated: | September 14, 2009 |
| Description: |
Nginx [engine x] is an HTTP(S) server, HTTP(S) reverse proxy and IMAP/POP3
proxy server written by Igor Sysoev. The "msie_refresh" directive could
allow cross site scripting. |
| Alerts: |
|
Comments (none posted)
nss_ldap: credential or other information disclosure
| Package(s): | nss_ldap |
CVE #(s): | CVE-2007-5794
|
| Created: | November 26, 2007 |
Updated: | July 30, 2008 |
| Description: |
From the Gentoo advisory:
Josh Burley reported that nss_ldap does not properly handle the LDAP
connections due to a race condition that can be triggered by
multi-threaded applications using nss_ldap, which might lead to
requested data being returned to a wrong process.
|
| Alerts: |
|
Comments (none posted)
nx: multiple vulnerabilites
| Package(s): | nx |
CVE #(s): | |
| Created: | March 7, 2008 |
Updated: | March 12, 2008 |
| Description: |
There are multiple vulnerabilities in nx before 3.1.0. |
| Alerts: |
|
Comments (none posted)
openldap: denial of service
| Package(s): | openldap |
CVE #(s): | CVE-2008-0658
|
| Created: | February 13, 2008 |
Updated: | July 3, 2008 |
| Description: |
From the rPath advisory:
Previous versions of the openldap package are vulnerable to a Denial of
Service attack in which authenticated users can crash the slapd server.
|
| Alerts: |
|
Comments (none posted)
openldap: denial of service
| Package(s): | openldap |
CVE #(s): | CVE-2007-6698
|
| Created: | February 8, 2008 |
Updated: | April 25, 2008 |
| Description: |
From the CVE entry: The BDB backend for slapd in OpenLDAP before 2.3.36,
allows remote authenticated users to cause a denial of service (crash) via
a potentially-successful modify operation with the NOOP control set to
critical, possibly due to a double free vulnerability. |
| Alerts: |
|
Comments (none posted)
openldap: denial of service
| Package(s): | openldap |
CVE #(s): | CVE-2007-5707
|
| Created: | November 8, 2007 |
Updated: | April 9, 2008 |
| Description: |
The OpenLDAP Lightweight Directory Access Protocol suite has a problem
with handling of malformed objectClasses LDAP attributes by the slapd
daemon. Both local and remote attackers can use this to crash slapd,
causing a denial of service. |
| Alerts: |
|
Comments (none posted)
openldap: denial of service
| Package(s): | openldap |
CVE #(s): | CVE-2007-5708
|
| Created: | November 23, 2007 |
Updated: | April 9, 2008 |
| Description: |
slapo-pcache (overlays/pcache.c) in slapd in OpenLDAP before 2.3.39, when
running as a proxy-caching server, allocates memory using a malloc variant
instead of calloc, which prevents an array from being initialized properly
and might allow attackers to cause a denial of service (segmentation fault)
via unknown vectors that prevent the array from being null terminated. |
| Alerts: |
|
Comments (none posted)
OpenOffice.org: arbitrary code execution
| Package(s): | openoffice.org |
CVE #(s): | CVE-2007-0245
|
| Created: | June 13, 2007 |
Updated: | June 12, 2008 |
| Description: |
A specially crafted RTF file could cause the
filter to overwrite data on the heap, which may lead to the execution
of arbitrary code. |
| Alerts: |
|
Comments (none posted)
openoffice.org: arbitrary code execution via TIFF images
| Package(s): | openoffice.org |
CVE #(s): | CVE-2007-2834
|
| Created: | September 17, 2007 |
Updated: | June 12, 2008 |
| Description: |
A heap overflow vulnerability has been discovered in the TIFF parsing
code of the OpenOffice.org suite. The parser uses untrusted values
from the TIFF file to calculate the number of bytes of memory to
allocate. A specially crafted TIFF image could trigger an integer
overflow and subsequently a buffer overflow that could cause the
execution of arbitrary code. |
| Alerts: |
|
Comments (none posted)
openoffice.org: arbitrary code execution
| Package(s): | openoffice.org |
CVE #(s): | CVE-2007-4575
|
| Created: | December 5, 2007 |
Updated: | September 10, 2008 |
| Description: |
From the OpenOffice advisory:
A security vulnerability in HSQLDB, the default database engine shipped with OpenOffice.org 2 (all versions), may allow attackers to execute arbitrary static Java code, by manipulating database documents to be opened by a user. |
| Alerts: |
|
Comments (none posted)
openssh: remote denial of service
| Package(s): | openssh |
CVE #(s): | CVE-2006-4924
CVE-2006-5051
|
| Created: | September 27, 2006 |
Updated: | September 17, 2008 |
| Description: |
Openssh 4.4 fixes some
security issues, including a pre-authentication denial of service, an
unsafe signal hander and on portable OpenSSH a GSSAPI authentication abort
could be used to determine the validity of usernames on some platforms. |
| Alerts: |
|
Comments (none posted)
openssl: off-by-one error
| Package(s): | openssl |
CVE #(s): | CVE-2007-4995
|
| Created: | October 23, 2007 |
Updated: | May 13, 2008 |
| Description: |
Off-by-one error in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8f
and 0.9.7 allows remote attackers to execute arbitrary code via unspecified
vectors. |
| Alerts: |
|
Comments (none posted)
openssl: off-by-one error
| Package(s): | openssl |
CVE #(s): | CVE-2007-5135
|
| Created: | October 3, 2007 |
Updated: | July 31, 2008 |
| Description: |
From the Debian advisory: An off-by-one error has been identified in the SSL_get_shared_ciphers()
routine in the libssl library from OpenSSL, an implementation of Secure
Socket Layer cryptographic libraries and utilities. This error could
allow an attacker to crash an application making use of OpenSSL's libssl
library, or potentially execute arbitrary code in the security context
of the user running such an application. |
| Alerts: |
|
Comments (none posted)
openssl: private key attack
| Package(s): | openssl |
CVE #(s): | CVE-2007-3108
|
| Created: | August 7, 2007 |
Updated: | May 13, 2008 |
| Description: |
OpenSSL could allow a local user in certain circumstances to divulge
information about private keys being used. |
| Alerts: |
|
Comments (none posted)
pcre: CVE consolidation
| Package(s): | pcre |
CVE #(s): | CVE-2005-4872
CVE-2006-7227
CVE-2006-7224
|
| Created: | November 15, 2007 |
Updated: | May 13, 2008 |
| Description: |
PCRE has flaws in the way it handles malformed regular
expressions.
If an application linked against PCRE, such as Konqueror,
encounters a maliciously created regular expression, it may be possible
to run arbitrary code. Vulnerabilities CVE-2005-4872 and CVE-2006-7227
have been combined into CVE-2006-7224. |
| Alerts: |
|
Comments (5 posted)
pcre: two arbitrary code execution vulnerabilities
| Package(s): | pcre |
CVE #(s): | CVE-2007-1659
CVE-2007-1660
|
| Created: | November 6, 2007 |
Updated: | July 16, 2008 |
| Description: |
Multiple flaws were found in the way pcre handles certain malformed regular
expressions. If an application linked against pcre, such as Konqueror,
parses a malicious regular expression, it may be possible to run arbitrary
code as the user running the application. (CVE-2007-1659, CVE-2007-1660) |
| Alerts: |
|
Comments (none posted)
pcre: buffer overflows in library
| Package(s): | pcre |
CVE #(s): | CVE-2006-7228
CVE-2006-7230
CVE-2007-1661
CVE-2007-4766
CVE-2007-4767
|
| Created: | November 23, 2007 |
Updated: | July 16, 2008 |
| Description: |
Specially crafted regular expressions could lead to buffer overflows in the pcre library. Applications using pcre to process regular expressions from untrusted sources could therefore potentially be exploited by attackers to execute arbitrary code as the user running the application. |
| Alerts: |
|
Comments (1 posted)
pcre: buffer overflow
| Package(s): | pcre |
CVE #(s): | CVE-2008-0674
|
| Created: | February 19, 2008 |
Updated: | November 17, 2008 |
| Description: |
A buffer overflow caused by a character class containing a
very large number of characters with codepoints greater than 255 (in UTF-8 mode) may affect usages of pcre, when regular expressions from untrusted sources are compiled. |
| Alerts: |
|
Comments (none posted)
pcre: buffer overflows
| Package(s): | pcre3 |
CVE #(s): | CVE-2007-1662
CVE-2007-4768
|
| Created: | November 27, 2007 |
Updated: | May 7, 2008 |
| Description: |
Perl-Compatible Regular Expression (PCRE) library before 7.3 reads past the
end of the string when searching for unmatched brackets and parentheses,
which allows context-dependent attackers to cause a denial of service
(crash), possibly involving forward references. (CVE-2007-1662)
Heap-based buffer overflow in Perl-Compatible Regular Expression (PCRE)
library before 7.3 allows context-dependent attackers to execute arbitrary
code via a singleton Unicode sequence in a character class in a regex
pattern, which is incorrectly optimized. (CVE-2007-4768) |
| Alerts: |
|
Comments (none posted)
pdflib: multiple buffer overflows
| Package(s): | pdflib |
CVE #(s): | CVE-2007-6561
|
| Created: | March 11, 2008 |
Updated: | March 12, 2008 |
| Description: |
From the CVE entry: Multiple stack-based buffer overflows in PDFLib allow user-assisted remote attackers to execute arbitrary code via a long filename argument to the PDF_load_image function that results in an overflow in the pdc_fsearch_fopen function, and possibly other vectors. |
| Alerts: |
|
Comments (none posted)
peercast: buffer overflow
| Package(s): | peercast |
CVE #(s): | CVE-2007-6454
|
| Created: | December 28, 2007 |
Updated: | May 21, 2008 |
| Description: |
A heap-based buffer overflow in the handshakeHTTP function in servhs.cpp in PeerCast 0.1217 and earlier, and SVN 344 and earlier, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long SOURCE request. |
| Alerts: |
|
Comments (none posted)
perl-Net-DNS: predictable id sequence
| Package(s): | perl-Net-DNS |
CVE #(s): | CVE-2007-3377
|
| Created: | June 26, 2007 |
Updated: | March 12, 2008 |
| Description: |
Net::DNS before 0.60 uses an id sequence that is predictable and the same
in all child processes. |
| Alerts: |
|
Comments (none posted)
php: several vulnerabilities
| Package(s): | php |
CVE #(s): | CVE-2006-4481
CVE-2006-4484
CVE-2006-4485
|
| Created: | September 8, 2006 |
Updated: | June 13, 2008 |
| Description: |
The file_exists and imap_reopen functions in PHP before 5.1.5 do not check
for the safe_mode and open_basedir settings, which allows local users to
bypass the settings (CVE-2006-4481).
A buffer overflow in the LWZReadByte function in ext/gd/libgd/gd_gif_in.c
in the GD extension in PHP before 5.1.5 allows remote attackers to have an
unknown impact via a GIF file with input_code_size greater than
MAX_LWZ_BITS, which triggers an overflow when initializing the table array
(CVE-2006-4484).
The stripos function in PHP before 5.1.5 has unknown impact and attack
vectors related to an out-of-bounds read (CVE-2006-4485). |
| Alerts: |
|
Comments (1 posted)
php: multiple vulnerabilities
| Package(s): | php |
CVE #(s): | CVE-2007-3799
CVE-2007-3998
CVE-2007-4659
CVE-2007-4658
CVE-2007-4670
CVE-2007-4661
|
| Created: | October 23, 2007 |
Updated: | May 19, 2008 |
| Description: |
From the Red Hat advisory:
Various integer overflow flaws were found in the PHP gd extension. A
script that could be forced to resize images from an untrusted source could
possibly allow a remote attacker to execute arbitrary code as the apache
user. (CVE-2007-3996)
A previous security update introduced a bug into PHP session cookie
handling. This could allow an attacker to stop a victim from viewing a
vulnerable web site if the victim has first visited a malicious web page
under the control of the attacker, and that page can set a cookie for the
vulnerable web site. (CVE-2007-4670)
A flaw was found in the PHP money_format function. If a remote attacker
was able to pass arbitrary data to the money_format function this could
possibly result in an information leak or denial of service. Note that is
is unusual for a PHP script to pass user-supplied data to the money_format
function. (CVE-2007-4658)
A flaw was found in the PHP wordwrap function. If a remote attacker was
able to pass arbitrary data to the wordwrap function this could possibly
result in a denial of service. (CVE-2007-3998)
A bug was found in PHP session cookie handling. This could allow an
attacker to create a cross-site cookie insertion attack if a victim follows
an untrusted carefully-crafted URL. (CVE-2007-3799)
A flaw was found in handling of dynamic changes to global variables. A
script which used certain functions which change global variables could
be forced to enable the register_globals configuration option, possibly
resulting in global variable injection. (CVE-2007-4659)
An integer overflow flaw was found in the PHP chunk_split function. If a
remote attacker was able to pass arbitrary data to the third argument of
chunk_split they could possibly execute arbitrary code as the apache user.
Note that it is unusual for a PHP script to use the chunk_split function
with a user-supplied third argument. (CVE-2007-4661) |
| Alerts: |
|
Comments (none posted)
php: buffer overflows
| Package(s): | php |
CVE #(s): | CVE-2006-5465
|
| Created: | November 3, 2006 |
Updated: | January 18, 2010 |
| Description: |
The Hardened-PHP Project discovered buffer overflows in
htmlentities/htmlspecialchars internal routines to the PHP Project. Of
course the whole purpose of these functions is to be filled with user
input. (The overflow can only be when UTF-8 is used) |
| Alerts: |
|
Comments (none posted)
php5: multiple vulnerabilities
| Package(s): | php5 |
CVE #(s): | CVE-2007-4657
CVE-2007-4660
CVE-2007-4662
|
| Created: | November 30, 2007 |
Updated: | July 4, 2008 |
| Description: |
Multiple integer overflows in PHP 4 before 4.4.8, and PHP 5 before 5.2.4,
allow remote attackers to obtain sensitive information (memory contents) or
cause a denial of service (thread crash) via a large len value to the (1)
strspn or (2) strcspn function, which triggers an out-of-bounds read. NOTE:
this affects different product versions than CVE-2007-3996.
(CVE-2007-4657)
Unspecified vulnerability in the chunk_split function in PHP before 5.2.4
has unknown impact and attack vectors, related to an incorrect size
calculation. (CVE-2007-4660)
Buffer overflow in the php_openssl_make_REQ function in PHP before 5.2.4
has unknown impact and attack vectors. (CVE-2007-4662) |
| Alerts: |
|
Comments (none posted)
php5: multiple vulnerabilities
| Package(s): | php5 |
CVE #(s): | CVE-2007-4783
CVE-2007-4840
CVE-2007-5898
CVE-2007-5899
CVE-2007-5900
|
| Created: | November 20, 2007 |
Updated: | January 18, 2010 |
| Description: |
The php5 package contains multiple vulnerabilities, the most serious of which involve several Denial of Service attacks (application crashes and temporary application hangs). It is not currently known that these vulnerabilities can be exploited to execute malicious code. |
| Alerts: |
|
Comments (none posted)
phpmyadmin: multiple vulnerabilities
| Package(s): | phpmyadmin |
CVE #(s): | CVE-2006-6942
CVE-2006-6944
CVE-2007-1325
CVE-2007-1395
CVE-2007-2245
|
| Created: | September 10, 2007 |
Updated: | March 19, 2009 |
| Description: |
Several remote vulnerabilities have been discovered in phpMyAdmin, a
program to administrate MySQL over the web. The Common Vulnerabilities
and Exposures project identifies the following problems:
CVE-2007-1325:
The PMA_ArrayWalkRecursive function in libraries/common.lib.php
does not limit recursion on arrays provided by users, which allows
context-dependent attackers to cause a denial of service (web
server crash) via an array with many dimensions.
CVE-2007-1395:
Incomplete blacklist vulnerability in index.php allows remote
attackers to conduct cross-site scripting (XSS) attacks by
injecting arbitrary JavaScript or HTML in a (1) db or (2) table
parameter value followed by an uppercase </SCRIPT> end tag,
which bypasses the protection against lowercase </script>.
CVE-2007-2245:
Multiple cross-site scripting (XSS) vulnerabilities allow remote
attackers to inject arbitrary web script or HTML via (1) the
fieldkey parameter to browse_foreigners.php or (2) certain input
to the PMA_sanitize function.
CVE-2006-6942:
Multiple cross-site scripting (XSS) vulnerabilities allow remote
attackers to inject arbitrary HTML or web script via (1) a comment
for a table name, as exploited through (a) db_operations.php,
(2) the db parameter to (b) db_create.php, (3) the newname parameter
to db_operations.php, the (4) query_history_latest,
(5) query_history_latest_db, and (6) querydisplay_tab parameters to
(c) querywindow.php, and (7) the pos parameter to (d) sql.php.
CVE-2006-6944:
phpMyAdmin allows remote attackers to bypass Allow/Deny access rules
that use IP addresses via false headers.
|
| Alerts: |
|
Comments (none posted)
phpmyadmin: sql injection
| Package(s): | phpmyadmin |
CVE #(s): | CVE-2008-1149
|
| Created: | March 10, 2008 |
Updated: | February 2, 2009 |
| Description: |
From the Gentoo advisory:
Richard Cunningham reported that phpMyAdmin uses the $_REQUEST variable
of $_GET and $_POST as a source for its parameters.
An attacker could entice a user to visit a malicious web application
that sets an "sql_query" cookie and is hosted on the same domain as
phpMyAdmin, and thereby conduct SQL injection attacks with the
privileges of the user authenticating in phpMyAdmin afterwards.
|
| Alerts: |
|
Comments (none posted)
phpMyAdmin: cross-site scripting vulnerabilities
| Package(s): | phpMyAdmin |
CVE #(s): | CVE-2007-5386
CVE-2007-5589
|
| Created: | November 2, 2007 |
Updated: | March 14, 2008 |
| Description: |
Cross-site scripting (XSS) vulnerability in scripts/setup.php in phpMyAdmin
2.11.1, when accessed by a browser that does not URL-encode requests,
allows remote attackers to inject arbitrary web script or HTML via the
query string.
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before
2.11.1.2 allow remote attackers to inject arbitrary web script or HTML via
certain input available in (1) PHP_SELF in (a) server_status.php, and (b)
grab_globals.lib.php, (c) display_change_password.lib.php, and (d)
common.lib.php in libraries/; and certain input available in PHP_SELF and
(2) PATH_INFO in libraries/common.inc.php. NOTE: there might also be other
vectors related to (3) REQUEST_URI. |
| Alerts: |
|
Comments (none posted)
phpMyAdmin: information disclosure
| Package(s): | phpMyAdmin |
CVE #(s): | CVE-2007-0095
|
| Created: | December 11, 2007 |
Updated: | September 25, 2008 |
| Description: |
phpMyAdmin 2.9.1.1 allows remote attackers to obtain sensitive information
via a direct request for themes/darkblue_orange/layout.inc.php, which
reveals the path in an error message. |
| Alerts: |
|
Comments (none posted)
phpMyAdmin: SQL injection
| Package(s): | phpMyAdmin |
CVE #(s): | CVE-2007-5976
CVE-2007-5977
|
| Created: | November 22, 2007 |
Updated: | March 19, 2009 |
| Description: |
phpMyAdmin prior to version 2.11.2.1 has an SQL injection vulnerability
in db_create.php. Remote authenticated users with CREATE DATABASE privileges can use this to execute arbitrary SQL commands via the db parameter.
db_create.php also has a related cross-site scripting vulnerability.
Remote authenticated users can inject arbitrary web scripts or HTML
using a hex-encoded IMG element in the db parameter in a POST request. |
| Alerts: |
|
Comments (none posted)
phpPgAdmin: cross-site scripting
| Package(s): | phppgadmin |
CVE #(s): | CVE-2007-2865
CVE-2007-5728
|
| Created: | June 18, 2007 |
Updated: | January 21, 2009 |
| Description: |
A cross-site scripting (XSS) vulnerability in sqledit.php in phpPgAdmin
4.1.1 allows remote attackers to inject arbitrary web script or HTML via
the server parameter. |
| Alerts: |
|
Comments (none posted)
PostgreSQL: multiple vulnerabilities
| Package(s): | postgresql |
CVE #(s): | CVE-2007-6600
CVE-2007-4772
CVE-2007-6067
CVE-2007-4769
CVE-2007-6601
|
| Created: | January 9, 2008 |
Updated: | January 17, 2013 |
| Description: |
Several vulnerabilities have been found in the PostgreSQL database manager. The developers call the fixes "critical," but also note that, as of the time of the update, none of them were known to be exploited; see this advisory for more information. |
| Alerts: |
|
Comments (none posted)
python: information disclosure
| Package(s): | python |
CVE #(s): | CVE-2007-2052
|
| Created: | May 9, 2007 |
Updated: | July 30, 2009 |
| Description: |
Python 2.4 and 2.5 contain a bug in PyLocale_strxfrm() which could enable an attacker to read portions of unrelated memory. |
| Alerts: |
|
Comments (none posted)
python: integer overflows
| Package(s): | python |
CVE #(s): | CVE-2007-4965
|
| Created: | October 30, 2007 |
Updated: | July 30, 2009 |
| Description: |
Multiple integer overflows in the imageop module in Python 2.5.1 and
earlier allow context-dependent attackers to cause a denial of service
(application crash) and possibly obtain sensitive information (memory
contents) via crafted arguments to (1) the tovideo method, and unspecified
other vectors related to (2) imageop.c, (3) rbgimgmodule.c, and other
files, which trigger heap-based buffer overflows. |
| Alerts: |
|
Comments (none posted)
qemu: multiple vulnerabilities
Comments (none posted)
qemu: insufficient block device address range checking
| Package(s): | qemu, zen |
CVE #(s): | CVE-2008-0928
|
| Created: | February 29, 2008 |
Updated: | October 7, 2009 |
| Description: |
From Debian
Security: Ian Jackson discovered that accesses beyond end of qemu
emulated disk devices can result in accesses to emulator's virtual memory
space accesses and thus can allow user with sufficient privilege in guest
(root, as this would need modification to kernel's driver) to break out of
VM. |
| Alerts: |
|
Comments (none posted)
quagga: denial of service
| Package(s): | quagga |
CVE #(s): | CVE-2007-4826
|
| Created: | September 14, 2007 |
Updated: | October 25, 2010 |
| Description: |
The bgpd daemon in Quagga prior to 0.99.9 allowed remote BGP peers to cause
a denial of service crash via a malformed OPEN message or COMMUNITY
attribute. |
| Alerts: |
|
Comments (none posted)
quake: buffer overflow
| Package(s): | quake3-bin |
CVE #(s): | CVE-2006-2236
|
| Created: | May 10, 2006 |
Updated: | January 12, 2009 |
| Description: |
Games based on the Quake 3 engine are vulnerable to a buffer overflow exploitable by a hostile game server. |
| Alerts: |
|
Comments (none posted)
rails: multiple vulnerabilities
| Package(s): | rails |
CVE #(s): | CVE-2007-5380
CVE-2007-3227
CVE-2007-5379
|
| Created: | November 15, 2007 |
Updated: | December 21, 2009 |
| Description: |
Ruby on Rails has the following vulnerabilities:
ActiveResource does not properly sanitize filenames in the Hash.from_xml() function.
The session_id can be set from the URL from the session management.
The to_json() function does not properly sanitize input before it is
returned to the user. |
| Alerts: |
|
Comments (none posted)
rsync: restricted file access
| Package(s): | rsync |
CVE #(s): | CVE-2007-6199
CVE-2007-6200
|
| Created: | December 5, 2007 |
Updated: | September 23, 2011 |
| Description: |
From the CVE entry:
rsync before 3.0.0pre6, when running a writable rsync daemon that is not using chroot, allows remote attackers to access restricted files via unknown vectors that cause rsync to create a symlink that points outside of the module's hierarchy. |
| Alerts: |
|
Comments (none posted)
ruby: insufficient SSL certificate validation
| Package(s): | ruby |
CVE #(s): | CVE-2007-5162
CVE-2007-5770
|
| Created: | October 8, 2007 |
Updated: | October 10, 2008 |
| Description: |
The connect method in lib/net/http.rb in the (1) Net::HTTP and (2) Net::HTTPS libraries in Ruby 1.8.5 and 1.8.6 does not verify that the commonName (CN) field in a server certificate matches the domain name in an HTTPS request, which makes it easier for remote attackers to intercept SSL transmissions via a man-in-the-middle attack or spoofed web site. |
| Alerts: |
|
Comments (none posted)
ruby-gnome2: format string vulnerability
| Package(s): | ruby-gnome2 |
CVE #(s): | CVE-2007-6183
|
| Created: | December 7, 2007 |
Updated: | December 22, 2008 |
| Description: |
A format string vulnerability in the mdiag_initialize function in gtk/src/rbgtkmessagedialog.c in Ruby-GNOME 2 (aka Ruby/Gnome2) 0.16.0, and SVN versions before 20071127, allows context-dependent attackers to execute arbitrary code via format string specifiers in the message parameter. |
| Alerts: |
|
Comments (none posted)
samba: buffer overflow
| Package(s): | samba |
CVE #(s): | CVE-2007-4572
|
| Created: | November 15, 2007 |
Updated: | December 3, 2008 |
| Description: |
The Samba user authentication is vulnerable to a heap-based buffer overflow.
Remote unauthenticated users can use this to crash the Samba server
and cause a denial of service. |
| Alerts: |
|
Comments (none posted)
samba: stack-based buffer overflow
| Package(s): | samba |
CVE #(s): | CVE-2007-6015
|
| Created: | December 11, 2007 |
Updated: | December 3, 2008 |
| Description: |
A stack buffer overflow flaw was found in the way Samba authenticates
remote users. A remote unauthenticated user could trigger this flaw to
cause the Samba server to crash, or execute arbitrary code with the
permissions of the Samba server. |
| Alerts: |
|
Comments (none posted)
samba: buffer overflow
| Package(s): | samba |
CVE #(s): | CVE-2007-5398
|
| Created: | November 15, 2007 |
Updated: | December 3, 2008 |
| Description: |
Samba's mechanism for creating NetBIOS replies is vulnerable to a
buffer overflow. Samba servers that are configured to run as a
WINS server can be crashed by a remote unauthenticated user,
execution of arbitrary code may also be possible. |
| Alerts: |
|
Comments (none posted)
SDL_image: buffer overflows
| Package(s): | SDL_image |
CVE #(s): | CVE-2007-6697
CVE-2008-0544
|
| Created: | February 8, 2008 |
Updated: | March 27, 2008 |
| Description: |
From the Mandriva advisory: The LWZReadByte() and IMG_LoadLBM_RW() functions in SDL_image contain a boundary error that could be triggered to cause a static buffer overflow and a heap-based buffer overflow. If a user using an application linked against the SDL_image library were to open a carefully crafted GIF or IFF ILBM file, the application could crash or possibly allow for the execution of arbitrary code. |
| Alerts: |
|
Comments (none posted)
slocate: information disclosure
| Package(s): | slocate |
CVE #(s): | CVE-2007-0227
|
| Created: | February 22, 2007 |
Updated: | September 4, 2012 |
| Description: |
The slocate permission checking code has a local information disclosure
vulnerability. During the reporting of matching files, slocate does not
respect the parent directory's read permissions, resulting in hidden
filenames being viewable by other local users. |
| Alerts: |
|
Comments (none posted)
squid: denial of service
| Package(s): | squid |
CVE #(s): | CVE-2007-6239
|
| Created: | December 18, 2007 |
Updated: | March 25, 2009 |
| Description: |
A flaw was found in the way squid stored HTTP headers for cached objects
in system memory. An attacker could cause squid to use additional memory,
and trigger high CPU usage when processing requests for certain cached
objects, possibly leading to a denial of service. |
| Alerts: |
|
Comments (none posted)
streamripper: buffer overflow
| Package(s): | streamripper |
CVE #(s): | CVE-2007-4337
|
| Created: | September 14, 2007 |
Updated: | December 9, 2008 |
| Description: |
Chris Rohlf discovered several boundary errors in the
httplib_parse_sc_header() function when processing HTTP headers. |
| Alerts: |
|
Comments (none posted)
subversion: possible information leak
| Package(s): | subversion |
CVE #(s): | CVE-2007-2448
|
| Created: | October 30, 2007 |
Updated: | February 1, 2011 |
| Description: |
Subversion 1.4.3 and earlier does not properly implement the "partial
access" privilege for users who have access to changed paths but not copied
paths, which allows remote authenticated users to obtain sensitive
information (revision properties) via svn (1) propget, (2) proplist, or (3)
propedit. |
| Alerts: |
|
Comments (none posted)
Sun JDK/JRE: multiple vulnerabilities
| Package(s): | Sun JDK/JRE |
CVE #(s): | CVE-2007-2435
CVE-2007-2788
CVE-2007-2789
|
| Created: | June 1, 2007 |
Updated: | April 18, 2008 |
| Description: |
An unspecified vulnerability involving an "incorrect use of system
classes" was reported by the Fujitsu security team. Additionally, Chris
Evans from the Google Security Team reported an integer overflow
resulting in a buffer overflow in the ICC parser used with JPG or BMP
files, and an incorrect open() call to /dev/tty when processing certain
BMP files. |
| Alerts: |
|
Comments (none posted)
SynCE: several vulnerabilities
| Package(s): | synce-sync-engine |
CVE #(s): | CVE-2007-6703
CVE-2008-1136
|
| Created: | March 7, 2008 |
Updated: | March 12, 2008 |
| Description: |
Red Hat bug #436023:
"Unspecified vulnerability in vdccm before 0.10.1 in SynCE
(SynCE-dccm) might allow attackers to cause a denial of service via
unspecified vectors."
Red Hat bug #436024:
"The Utils::runScripts function in src/utils.cpp in vdccm 0.92
through 0.10.0 in SynCE (SynCE-dccm) allows remote attackers to execute
arbitrary commands via shell metacharacters in a certain string to TCP port
5679." |
| Alerts: |
|
Comments (none posted)
sysstat: insecure temporary files
| Package(s): | sysstat |
CVE #(s): | CVE-2007-3852
|
| Created: | August 20, 2007 |
Updated: | September 23, 2011 |
| Description: |
The init script (sysstat.in) in sysstat 5.1.2 up to 7.1.6 creates
/tmp/sysstat.run insecurely, which allows local users to execute arbitrary
code. |
| Alerts: |
|
Comments (1 posted)
tar: buffer overflow
| Package(s): | tar |
CVE #(s): | CVE-2007-4476
|
| Created: | October 16, 2007 |
Updated: | March 17, 2010 |
| Description: |
Buffer overflow in the safer_name_suffix function in GNU tar has unspecified attack vectors and impact, resulting in a "crashing stack." |
| Alerts: |
|
Comments (none posted)
tetex: buffer overflow
| Package(s): | tetex |
CVE #(s): | CVE-2007-0650
|
| Created: | May 8, 2007 |
Updated: | May 13, 2008 |
| Description: |
A buffer overflow in the open_sty function in mkind.c for makeindex 2.14 in
teTeX might allow user-assisted remote attackers to overwrite files and
possibly execute arbitrary code via a long filename. NOTE: other overflows
exist but might not be exploitable, such as a heap-based overflow in the
check_idx function. |
| Alerts: |
|
Comments (1 posted)
teTeX: multiple vulnerabilities
| Package(s): | tetex |
CVE #(s): | CVE-2007-5937
CVE-2007-5936
CVE-2007-5935
|
| Created: | November 19, 2007 |
Updated: | May 10, 2010 |
| Description: |
From the Gentoo advisory:
Joachim Schrod discovered several buffer overflow vulnerabilities and
an insecure temporary file creation in the "dvilj" application that is
used by dvips to convert DVI files to printer formats (CVE-2007-5937,
CVE-2007-5936). Bastien Roucaries reported that the "dvips" application
is vulnerable to two stack-based buffer overflows when processing DVI
documents with long \href{} URIs (CVE-2007-5935). teTeX also includes
code from Xpdf that is vulnerable to a memory corruption and two
heap-based buffer overflows (GLSA 200711-22); and it contains code from
T1Lib that is vulnerable to a buffer overflow when processing an overly
long font filename (GLSA 200710-12). |
| Alerts: |
|
Comments (none posted)
thunderbird: heap overflow
| Package(s): | thunderbird seamonkey |
CVE #(s): | CVE-2008-0304
|
| Created: | February 29, 2008 |
Updated: | January 8, 2009 |
| Description: |
Security research firm iDefense reported that researcher regenrecht
discovered a heap-based buffer overflow vulnerability in Mozilla mail code
which could potentially allow an attacker to run arbitrary code. The
vulnerability is caused by allocating a buffer that can be three bytes too
small in certain cases when viewing an email message with an external MIME body. |
| Alerts: |
|
Comments (none posted)
tk: buffer overflow
| Package(s): | tk |
CVE #(s): | CVE-2008-0553
|
| Created: | February 8, 2008 |
Updated: | November 6, 2008 |
| Description: |
From the Mandriva advisory: The ReadImage() function in Tk did not check CodeSize read from GIF images prior to initializing the append array, which could lead to a buffer overflow with unknown impact. |
| Alerts: |
|
Comments (none posted)
Tk: buffer overflow
| Package(s): | tk8.3 |
CVE #(s): | CVE-2007-5378
|
| Created: | November 28, 2007 |
Updated: | March 17, 2009 |
| Description: |
The Tk toolkit's GIF-reading code contains a buffer overflow which could be exploited via a malicious image file. Fixes may be found in versions 8.4.12 and 8.3.5. |
| Alerts: |
|
Comments (none posted)
tk: denial of service
| Package(s): | tk8.3 tk8.4 |
CVE #(s): | CVE-2007-5137
|
| Created: | October 12, 2007 |
Updated: | March 17, 2009 |
| Description: |
It was discovered that Tk could be made to overrun a buffer when loading
certain images. If a user were tricked into opening a specially crafted GIF
image, remote attackers could cause a denial of service or execute
arbitrary code with user privileges. |
| Alerts: |
|
Comments (none posted)
tomboy: execution of arbitrary code
| Package(s): | tomboy |
CVE #(s): | CVE-2005-4790
|
| Created: | November 9, 2007 |
Updated: | February 22, 2011 |
| Description: |
Jan Oravec reported that the "/usr/bin/tomboy" script sets the
"LD_LIBRARY_PATH" environment variable incorrectly, which might result
in the current working directory (.) to be included when searching for
dynamically linked libraries of the Mono Runtime application.
Note that the tomboy vulnerability was added in 2007. |
| Alerts: |
|
Comments (none posted)
tomcat: cross-site scripting
| Package(s): | tomcat |
CVE #(s): | CVE-2007-2449
CVE-2007-2450
|
| Created: | July 17, 2007 |
Updated: | February 17, 2009 |
| Description: |
Some JSPs within the 'examples' web application did not escape user
provided data. If the JSP examples were accessible, this flaw could allow a
remote attacker to perform cross-site scripting attacks (CVE-2007-2449).
Note: it is recommended the 'examples' web application not be installed on
a production system.
The Manager and Host Manager web applications did not escape user provided
data. If a user is logged in to the Manager or Host Manager web
application, an attacker could perform a cross-site scripting attack
(CVE-2007-2450). |
| Alerts: |
|
Comments (1 posted)
tomcat: multiple vulnerabilities
| Package(s): | tomcat |
CVE #(s): | CVE-2007-3382
CVE-2007-3385
CVE-2007-3386
|
| Created: | September 26, 2007 |
Updated: | September 13, 2010 |
| Description: |
Tomcat was found treating single quote characters -- ' -- as delimiters in
cookies. This could allow remote attackers to obtain sensitive information,
such as session IDs, for session hijacking attacks (CVE-2007-3382).
It was reported Tomcat did not properly handle the following character
sequence in a cookie: \" (a backslash followed by a double-quote). It was
possible remote attackers could use this failure to obtain sensitive
information, such as session IDs, for session hijacking attacks
(CVE-2007-3385).
A cross-site scripting (XSS) vulnerability existed in the Host Manager
Servlet. This allowed remote attackers to inject arbitrary HTML and web
script via crafted requests (CVE-2007-3386). |
| Alerts: |
|
Comments (none posted)
tomcat: arbitrary file disclosure via path traversal
| Package(s): | tomcat5 |
CVE #(s): | CVE-2007-5461
|
| Created: | November 19, 2007 |
Updated: | February 17, 2009 |
| Description: |
From the CVE entry:
Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag. |
| Alerts: |
|
Comments (none posted)
tomcat: multiple vulnerabilities
Comments (none posted)
tshark, wireshark: multiple vulnerabilities
| Package(s): | tshark,wireshark |
CVE #(s): | CVE-2008-1070
CVE-2008-1071
CVE-2008-1072
|
| Created: | March 3, 2008 |
Updated: | October 2, 2008 |
| Description: |
From the rPath advisory:
Previous versions of the wireshark package are vulnerable
to multiple types of Denial of Service attacks, including
crashes and excessive memory consumption. It has not been
determined that these vulnerabilities can be exploited to
execute malicious code.
|
| Alerts: |
|
Comments (none posted)
vim: arbitrary code execution
| Package(s): | vim |
CVE #(s): | CVE-2007-2953
|
| Created: | July 30, 2007 |
Updated: | November 27, 2008 |
| Description: |
vim is vulnerable to a user-assisted attack in which vim may execute arbitrary code when helptags is run on data that has been maliciously crafted. |
| Alerts: |
|
Comments (none posted)
vlc: multiple vulnerabilities
| Package(s): | vlc |
CVE #(s): | CVE-2007-6681
CVE-2007-6682
CVE-2007-6683
CVE-2007-6684
CVE-2008-0295
CVE-2008-0296
CVE-2008-0984
|
| Created: | March 10, 2008 |
Updated: | April 23, 2008 |
| Description: |
From the Gentoo advisory:
* Michal Luczaj and Luigi Auriemma reported that VLC contains
boundary errors when handling subtitles in the ParseMicroDvd(),
ParseSSA(), and ParseVplayer() functions in the
modules/demux/subtitle.c file, allowing for a stack-based buffer
overflow (CVE-2007-6681).
* The web interface listening on port 8080/tcp contains a format
string error in the httpd_FileCallBack() function in the
network/httpd.c file (CVE-2007-6682).
* The browser plugin possibly contains an argument injection
vulnerability (CVE-2007-6683).
* The RSTP module triggers a NULL pointer dereference when processing
a request without a "Transport" parameter (CVE-2007-6684).
* Luigi Auriemma and Remi Denis-Courmont found a boundary error in
the modules/access/rtsp/real_sdpplin.c file when processing SDP data
for RTSP sessions (CVE-2008-0295) and a vulnerability in the
libaccess_realrtsp plugin (CVE-2008-0296), possibly resulting in a
heap-based buffer overflow.
* Felipe Manzano and Anibal Sacco (Core Security Technologies)
discovered an arbitrary memory overwrite vulnerability in VLC's
MPEG-4 file format parser (CVE-2008-0984).
|
| Alerts: |
|
Comments (none posted)
vobcopy: insecure temp file
| Package(s): | vobcopy |
CVE #(s): | CVE-2007-5718
|
| Created: | March 6, 2008 |
Updated: | March 12, 2008 |
| Description: |
From the Gentoo alert:
Joey Hess reported that vobcopy appends data to the file
"/tmp/vobcopy.bla" in an insecure manner.
A local attacker could exploit this vulnerability to conduct symlink
attacks and append data to arbitrary files with the privileges of the
user running Vobcopy. |
| Alerts: |
|
Comments (none posted)
wml: multiple file overwrite vulnerabilities
| Package(s): | wml |
CVE #(s): | CVE-2008-0665
CVE-2008-0666
|
| Created: | February 11, 2008 |
Updated: | April 28, 2008 |
| Description: |
From the Debian advisory:
Frank Lichtenheld and Nico Golde discovered that WML, an off-line HTML
generation toolkit, creates insecure temporary files in the eperl and
ipp backends and in the wmg.cgi script, which could lead to local denial
of service by overwriting files.
|
| Alerts: |
|
Comments (none posted)
wordpress: remote editing via unknown vectors
| Package(s): | wordpress |
CVE #(s): | CVE-2008-0664
|
| Created: | February 13, 2008 |
Updated: | July 4, 2008 |
| Description: |
From the CVE:
The XML-RPC implementation (xmlrpc.php) in WordPress before 2.3.3, when registration is enabled, allows remote attackers to edit posts of other blog users via unknown vectors. |
| Alerts: |
|
Comments (none posted)
xdg-utils: arbitrary command execution
| Package(s): | xdg-utils |
CVE #(s): | CVE-2008-0386
|
| Created: | January 31, 2008 |
Updated: | February 3, 2009 |
| Description: |
From the Gentoo alert:
Miroslav Lichvar discovered that the "xdg-open" and "xdg-email" shell
scripts do not properly sanitize their input before processing it.
A remote attacker could entice a user to open a specially crafted link
with a vulnerable application using Xdg-Utils (e.g. an email client),
resulting in the execution of arbitrary code with the privileges of the
user running the application. |
| Alerts: |
|
Comments (1 posted)
xen-utils: insecure temp files
| Package(s): | xen-utils |
CVE #(s): | CVE-2007-3919
|
| Created: | October 25, 2007 |
Updated: | May 16, 2008 |
| Description: |
The xen-utils collection of XEN administrative tools uses temporary files
insecurely. Local users can use this to truncate arbitrary files. |
| Alerts: |
|
Comments (none posted)
XFree86 X.org: integer overflows
| Package(s): | xfree86 x.org |
CVE #(s): | CVE-2007-1003
CVE-2007-1667
CVE-2007-1351
CVE-2007-1352
|
| Created: | April 3, 2007 |
Updated: | August 11, 2009 |
| Description: |
iDefense reported an integer overflow flaw in the XFree86 XC-MISC
extension. A malicious authorized client could exploit this issue to cause
a denial of service (crash) or potentially execute arbitrary code with root
privileges on the XFree86 server. (CVE-2007-1003)
iDefense reported two integer overflows in the way X.org handled various
font files. A malicious local user could exploit these issues to
potentially execute arbitrary code with the privileges of the X.org server.
(CVE-2007-1351, CVE-2007-1352)
An integer overflow flaw was found in the XFree86 XGetPixel() function.
Improper use of this function could cause an application calling it to
function improperly, possibly leading to a crash or arbitrary code
execution. (CVE-2007-1667) |
| Alerts: |
|
Comments (none posted)
xine-lib: arbitrary code execution
| Package(s): | xine-lib |
CVE #(s): | CVE-2007-1387
|
| Created: | March 13, 2007 |
Updated: | April 1, 2008 |
| Description: |
Moritz Jodeit discovered that the DirectShow loader of Xine did not
correctly validate the size of an allocated buffer. By tricking a user
into opening a specially crafted media file, an attacker could execute
arbitrary code with the user's privileges. |
| Alerts: |
|
Comments (none posted)
xine-lib: buffer overflow
| Package(s): | xine-lib |
CVE #(s): | CVE-2008-0225
|
| Created: | January 16, 2008 |
Updated: | August 7, 2008 |
| Description: |
xine-lib contains a buffer overflow which could be exploited (via a specially-crafted stream) to execute arbitrary code; see this advisory for more information. |
| Alerts: |
|
Comments (none posted)
xine-lib: buffer overflows
| Package(s): | xine-lib |
CVE #(s): | CVE-2008-0238
|
| Created: | January 23, 2008 |
Updated: | August 7, 2008 |
| Description: |
From the CVE entry: Multiple heap-based buffer overflows in the rmff_dump_cont function in input/libreal/rmff.c in xine-lib 1.1.9 allow remote attackers to execute arbitrary code via the SDP (1) Title, (2) Author, or (3) Copyright attribute, related to the rmff_dump_header function. |
| Alerts: |
|
Comments (none posted)
xmms: BMP handling vulnerability
| Package(s): | xmms |
CVE #(s): | CVE-2007-0653
CVE-2007-0654
|
| Created: | March 28, 2007 |
Updated: | July 26, 2011 |
| Description: |
xmms suffers from vulnerabilities in its handling of BMP images. Should a hostile image be included in an xmms skin, it could lead to code execution on the user's system. |
| Alerts: |
|
Comments (none posted)
Xorg: multiple vulnerabilities
Comments (none posted)
X.org: temp file vulnerability
| Package(s): | X.org |
CVE #(s): | CVE-2007-3103
|
| Created: | July 12, 2007 |
Updated: | July 2, 2009 |
| Description: |
The X.Org X11 xfs font server has a temp file vulnerability in the
startup script. A local user can modify the permissions of the script
in order to elevate their local privileges. |
| Alerts: |
|
Comments (none posted)
xulrunner, firefox, thunderbird: multiple vulnerabilities
| Package(s): | xulrunner, firefox, thunderbird |
CVE #(s): | CVE-2007-1095
CVE-2007-2292
CVE-2007-3511
CVE-2007-5334
CVE-2007-5337
CVE-2007-5338
CVE-2007-5339
CVE-2007-5340
CVE-2006-2894
|
| Created: | October 22, 2007 |
Updated: | May 12, 2008 |
| Description: |
From the Debian advisory:
CVE-2007-1095:
Michal Zalewski discovered that the unload event handler had access to
the address of the next page to be loaded, which could allow information
disclosure or spoofing.
CVE-2007-2292:
Stefano Di Paola discovered that insufficient validation of user names
used in Digest authentication on a web site allows HTTP response splitting
attacks.
CVE-2007-3511:
It was discovered that insecure focus handling of the file upload
control can lead to information disclosure. This is a variant of
CVE-2006-2894.
CVE-2007-5334:
Eli Friedman discovered that web pages written in Xul markup can hide the
titlebar of windows, which can lead to spoofing attacks.
CVE-2007-5337:
Georgi Guninski discovered the insecure handling of smb:// and sftp:// URI
schemes may lead to information disclosure. This vulnerability is only
exploitable if Gnome-VFS support is present on the system.
CVE-2007-5338:
"moz_bug_r_a4" discovered that the protection scheme offered by XPCNativeWrappers
could be bypassed, which might allow privilege escalation.
CVE-2007-5339:
L. David Baron, Boris Zbarsky, Georgi Guninski, Paul Nickerson, Olli Pettay,
Jesse Ruderman, Vladimir Sukhoy, Daniel Veditz, and Martijn Wargers discovered
crashes in the layout engine, which might allow the execution of arbitrary code.
CVE-2007-5340:
Igor Bukanov, Eli Friedman, and Jesse Ruderman discovered crashes in the
Javascript engine, which might allow the execution of arbitrary code.
|
| Alerts: |
|
Comments (1 posted)
Page editor: Jake Edge
Kernel development
Brief items
The current 2.6 development kernel is 2.6.25-rc6, released on March 16. The
changes are mostly fixes, but there's still quite a few of them for this
point in the release cycle. See the announcement for details, or the
long-format changelog for lots of details.
A handful of changes have gone into the mainline git repository since the
2.6.25-rc6 release.
As of this writing, vger.kernel.org is down, slowing the development
process somewhat. Or, perhaps, slowing talk and speeding development.
Regardless, the failure (a disk in vger's RAID array) is being addressed
with the intent of getting vger back online as soon as possible.
Comments (1 posted)
Kernel development news
One man, 12 nights (13 days), one bottle of cuban rum and little
bits of scotch whisky, 82 'House M.D' series... feels good.
-- How Evgeniy
Polyakov gets work done
So, we're going to have to now convert all drivers, right? Nice, I can
always use a bump up in the "number of patches submitted" numbers :)
-- Greg Kroah-Hartman
Comments (none posted)
Carlo Wood seems to have mistakenly deleted his home directory and instead of reaching for his backups, he dug into the ext3 filesystem structure. The result is an in-depth look at ext3 including how to undelete files. The end result is an ext3grep tool that looks like it might be rather useful. " However, this is utter nonsense. All information is still there, also the block pointers. It is just slightly less likely that those are still there (than on ext2), since they have to be recovered from the journal. On top of that, the meta data is less coherently related to the real data so that heuristic algorithms are needed to find things back." (seen at Val Henson's weblog)
Comments (9 posted)
By Jonathan Corbet March 17, 2008
Most kernel patches delete some code, replacing it with newer and
(presumably) better code. Much of the time, it seems, the new code is more
voluminous than what came before.
Occasionally, though, a patch comes along which
deletes over 7600 lines of code - replacing it with a mere 314 lines -
while claiming to maintain the same functionality. Matthew Wilcox's generic semaphore patch is one
of those changes.
In essence, a semaphore is a counter with a wait queue attached to it.
When kernel code wants to access the resource protected by the semaphore,
it makes a call to:
void down(struct semaphore *sem);
This call will check the counter associated with sem; if it is
greater than zero, the counter will be decremented and control returns to
the caller. Otherwise the caller will be put to sleep until sometime in
the future when the counter has been increased again. Increasing the
counter - when the the protected resource is no longer needed - is done
with a call to up(). Semaphores can be used in any situation
where there is a need to put an upper limit on the number of processes
which can be within a given critical section at any time. In practice,
that upper limit is almost always set to one, resulting in semaphores which
are used as a straightforward mutual exclusion primitive.
In current kernels, semaphores are implemented with highly-optimized,
architecture-specific code. There are, in fact, more than twenty
independent semaphore implementations in the kernel code base. Matthew's
patch rips all of that out and replaces it with a single, generic
implementation which works on all architectures. After the patch is
applied, a semaphore looks like this:
struct semaphore {
spinlock_t lock;
int count;
struct list_head wait_list;
};
The implementation follows from this definition in a straightforward way:
the spinlock is used to protect manipulations of count, while
wait_list is used to put processes to sleep when they must wait
for count to increase. The actual code, of course, is somewhat
complicated by performance and interrupt-safety considerations, but it
remains relatively short and simple.
One might ask: why weren't semaphores done this way in the first place?
The answer is that, once upon a time (prior to 2.6.16), semaphores were one
of the primary mutual exclusion mechanisms in the kernel. The 2.6.16 cycle
brought in mutexes from the realtime tree, and most semaphore users were
converted over. So semaphores, which were once a performance-critical
primitive, are now much less so. As a result, any need there may have been
for carefully hand-tuned, architecture-specific code is gone. So the code
might as well go too.
The other question which comes up is: why are semaphores still being used
at all? The number of semaphore users has dropped considerably since
2.6.16, but there are still a number of them in the kernel. Some of those
could certainly be converted to mutexes, but doing so requires a careful
audit of the code to be sure that the semaphore's counting feature is not
being used. Once that work is done, it may turn out that, in some places,
a semaphore is truly the right data structure. So semaphores are likely to
remain - but they'll require rather less code than before.
Comments (11 posted)
By Jonathan Corbet March 18, 2008
The containers developers have what would seem to be a relatively
straightforward problem: they would like to control access to devices on a
per-container basis. Then containers could safely be granted access to
specific devices without compromising the overall security of the system -
even if a container has a root-capable process which can create new device
files. Implementing this feature has been a longer journey than these
developers had imagined, though, with the "device whitelist" feature being
sent around to different kernel subsystems almost like one of those famous
garbage barges from years past. A final resting place may have been found, though, and it
may signal a change in how some security decisions are made in the kernel
in the future.
The original version of the
patch, posted by Pavel Emelyanov, set up a control group for the management
of device accessibility within containers. The actual rules - and their
enforcement - were stored deep within the device model subsystem. This
drew an objection from Greg Kroah-Hartman, who suggested that, instead,
this kind of access control should done either with udev or with the Linux
security module (LSM) subsystem. Udev does not give the desired degree of
control and, apparently, can be problematic for those wanting to run older
distributions within containers, so it was not seriously considered. The
LSM suggestion was, after some resistance, taken to heart, though.
The result was the device
whitelist LSM patch, posted by Serge Hallyn. It was a stacking
security module which made changes to a number of hooks. This is where
James Morris came in and suggested that,
instead, the whitelist should just be added to the existing capabilities
security module. Then there would be no need for a separate module and
things could be generally simplified.
So Serge duly rolled out version 3 of the
patch which moved the whitelist into the capabilities module. But this
one ran into resistance as well. Quoting James
Morris again:
Moving this logic into LSM means that instead of the cgroups
security logic being called from one place in the main kernel
(where cgroups lives), it must be called identically from each LSM
(none of which are even aware of cgroups), which I think is pretty
obviously the wrong solution.
Casey Schaufler also didn't like this idea:
When the next feature comes along are we going to stuff it into
capabilities, too? Maybe we'll cram it into audit or CIPSO instead,
but how long can this go on? Eventually we need a mechanism that
allows more or less general mix-and-match, maybe with a few rules
like "don't mix plaids and stripes" to keep things sane or these
lesser facilities have no chance. Seems like we're still making LSM
too hard to use
At this point, the complaint was clearly not with just the device
whitelist, but with the capabilities module as well. It seems that
capabilities are a bit of a poor fit with the LSM idea as a whole. The
fact that they exist at all is a bit of a historical artifact; some
developers wanted to see them implemented that way to show the flexibility
of the LSM interface and to let capabilities be omitted from embedded
setups. As it happens, it's still not possible to remove capabilities, and
they impose a bit of a cost on all other security modules.
The core problem is this: LSM, fundamentally, is a restrictive mechanism. An
LSM hook can deny an action, but it can never empower a process to do
something it would not have been allowed to do in the absence of the
security module. The decision to disallow "authoritative hooks" was made explicitly back in
2001 as a way of restricting the scope of LSM modules and, hopefully,
ensuring that those modules would not themselves become security problems.
But capabilities are an inherently authoritative mechanism - a capability
check verifies the existence of a special permission which would otherwise
not be there. The device whitelist is the same sort of thing: it grants
access which would otherwise be denied. So it fits poorly with the LSM
model.
Serge came back with yet another
patch which takes the whitelist code out of the LSM framework and,
instead, inserts a separate set of hooks into the relevant places in the
code. Those hooks sit right next to the LSM hooks, but operate in a
permissive manner. So far, this approach seems to be passing muster, with
no developers (yet) talking about booting it out into yet another
subsystem.
Things may yet change, though. Casey Schaufler is now talking about the creation of a "Linux
privilege module" framework for the management of all permissions checks.
The normal discretionary access control checks could be moved there, as
could all capability and "are they root?" logic. And, of course, the
device whitelist code. Nobody has really spoken out against this idea -
but, then, nobody has seen any code yet either. But, if things continue in
this direction, authoritative hooks may have finally found a home, many
years after having been rejected from the LSM mechanism.
Comments (8 posted)
By Jonathan Corbet March 19, 2008
While attending conferences, your editor has, for some years, made a point
of seeing just how many other attendees have some sort of suspend and
resume functionality working on their laptops. There is, after all,
obvious value in being able to sit down in a lecture hall, open the lid,
and immediately start heckling the speaker via IRC without having to wait
for the entire bootstrap sequence to unfold. But, regardless of whether
one is talking about suspend-to-RAM ("suspend") or suspend-to-disk
("hibernation"), there are surprisingly few people using this capability.
Despite the efforts which have been made by developers and distributors,
suspend and hibernate still just do not work reliably for a lot of people.
For your editor, suspend always works, but the success rate of the
resume operation is about 95% - just enough to keep using it while
inspiring a fair amount of profanity in inopportune places.
Various approaches to fixing suspend and hibernation have been proposed;
these include TuxOnIce and kexec jump. Another
possibility, though, is to simply fix the code which is in the kernel now.
There is a lot that has to be done to make that goal a reality, including
making the whole process more robust and separating the suspend and
hibernation cases which, as Linus has stated rather strongly several times,
are really two different problems. To that end, Rafael Wysocki has posted
a new suspend and hibernation
infrastructure for devices which has the potential to improve the
situation - but at a cost of creating no less than 20 separate device
callbacks.
For the (relatively) simple suspend case, there are four basic callbacks
which should be provided in the new pm_ops structure by each bus
and, eventually, by every device:
int (*prepare)(struct device *dev);
int (*suspend)(struct device *dev);
int (*resume)(struct device *dev);
void (*complete)(struct device *dev);
When the system is suspending, each device will first see a call to its
prepare() callback. This call can be seen as a sort of warning
that the suspend is coming, and that any necessary preparation work should
be done. This work includes preventing the addition of any new child
devices and anything which might require the involvement of user space.
Any significant memory allocations should also be done at this time; the
system is still functional at this point and, if necessary, I/O can be
performed to make memory available. What should not happen in
prepare() is actually putting the device into a low-power state;
it needs to remain functional and available.
As usual, a return value of zero indicates that the preparation was
successful, while a negative error code indicates failure. In cases where
the failure is temporary (a race with the addition of a new child device is
one possibility), the callback should return -EAGAIN, which will
cause a repeat attempt later in the process.
At a later point, suspend() will be called to actually power down
the device. With the current patch, each device will see a
prepare() call quickly followed by suspend(). Future
versions are likely to change things so that all devices get a
prepare() call before any of them are suspended; that way, even
the last prepare() callback can count on the availability of a
fully-functioning system.
The resume process calls resume() to wake the device up, restore
it to its previous state, and generally make it ready to operate. Once the
resume process is done, complete() is called to clean up anything
left over from prepare(). A call to complete() could
also be made directly after prepare() (without an intervening
suspend) if the suspend process fails somewhere else in the system.
The hibernation process is more complicated, in that there are more
intermediate states. In this case, too, the process begins with a call to
prepare(). Then calls are made to:
int (*freeze)(struct device *dev);
int (*poweroff)(struct device *dev);
The freeze() callback happens before the hibernation image (the
system image which is written to persistent store) is created; it should
put the device into a quiescent state but leave it operational. Then,
after the hibernation image has been saved and another call to
prepare() made, poweroff() is called
to shut things down.
When the system is powered back up, the process is reversed through calls
to:
int (*quiesce)(struct device *dev);
int (*restore)(struct device *dev);
The call to quiesce() will happen early in the resume process,
after the hibernation image has been loaded from disk, but before it has
been used to recreate the pre-hibernation system's memory. This callback
should quiet the device so that memory can be reassembled without being
corrupted by device operations. A call to complete() will follow,
then a call to restore(), which should put the device back into a
fully-functional state. A final complete() call finishes the
process.
There are still two more hibernation-related callbacks:
int (*thaw)(struct device *dev);
int (*recover)(struct device *dev);
These functions will be called when things go wrong; once again, each of
these calls will be followed by a call to complete(). The purpose
of thaw() is to undo the work done by freeze() or
quiesce(); it should put the device back into a working state.
The recover() call will be made if the creation of the hibernation
image fails, or if restoring from that image fails; its job is to clean up
and get the hardware back into an operating state.
For added fun, there are actually two sets of pm_ops callbacks. One
is for normal system operation, but there is another set intended to be
called when interrupts are disabled and only one CPU is operational - just
before the system goes down or just after it comes back up.
Clearly, interactions with devices will be different in such an
environment, so different callbacks make sense. But the result is that
fully 20 callbacks must be provided for full suspend and hibernate
functionality. These callbacks have been added to the bus_type
structure as:
struct pm_ops *pm;
struct pm_ops *pm_noirq;
Fields by the same name have also been added to the pci_driver
structure, allowing each device driver to add its own version of these
callbacks. For now, the old PCI driver suspend() and
resume() callbacks will be used if the pm_ops structures
have not been provided, and no drivers have been converted (at least in the
patch as posted).
As of this writing, discussion of the patch is hampered by an outage at
vger.kernel.org. There are some concerns, though, and things are likely to
change in future revisions. Among other things, the number of "no IRQ"
callbacks may be reduced. But, with luck, the final resolution will leave
us all in a position where suspend and hibernate work reliably.
Comments (7 posted)
Patches and updates
Kernel trees
Core kernel code
Development tools
Device drivers
Filesystems and block I/O
Memory management
Architecture-specific
Security-related
Virtualization and containers
Miscellaneous
Page editor: Jonathan Corbet
Distributions
News and Editorials
By Rebecca Sobol March 19, 2008
The openSUSE project takes another step
in becoming a true community project. The current openSUSE board, appointed by
Novell, will soon be replaced by an elected board. The question that is
being debated on the opensuse-project
mailing list is " Who can vote for the openSUSE board?"
Among the openSUSE community there are Members and a larger number of Users. ""openSUSE Members"
are specifically distinguished contributors who have brought a continued
and substantial contribution to the openSUSE project. They are approved by
the openSUSE board."
Becoming a user is as easy as registering on the wiki.
Some possible answers to the "who can vote" question include:
- members only
- anyone (members + registered users)
- members + non-members vouched for by members
- members + users who have signed the Guiding
Principles
At this time the number of members is low. There are concerns that having
members (who are appointed by the board) as the only voters for the board
could exclude the greater community. On the other hand opening up
elections to the greater user community is difficult to police. It should
be verifiable that those who are eligible to vote have only one vote
counted. Other projects may serve as a guide for this issue.
Debian has the Debian Voting
Information page which defines how voting is done and how votes are
counted. Debian restricts voting to Debian Developers (DDs), who much sign
their vote with their key which is also on the official keyring. DDs may
vote more than once, but only the last vote is counted, so voting is
restricted and it's easy to insure one-vote-per-person.
The Fedora project has defined Fedora Board
Elections more recently than Debian. This document states that 5 of 9
seats on the board are appointed by the board. Voting is open for the
remaining seats to those who have a valid account in the Fedora Account
System. Getting an account on the
Fedora Account System requires an application and approval process that
is somewhat similar to becoming an openSUSE Member.
The GNOME Foundation
Elections process was also raised as a model. GNOME membership is open to
any contributor willing to go through the application process.
Given those three examples it does seem that voting privileges are
typically restricted to a subset of the community that has made both a
commitment and continuing contributions to the project. The main
difference is that openSUSE membership is relatively new and is therefore a
small segment of the greater community. Over time the membership will grow
and members only elections may become more appealing. In any case, the
procedures that are defined for this election may be changed for subsequent
elections.
Comments (1 posted)
New Releases
The first release candidate for 64 Studio 2.1 is available for testing.
Click below for a look at known bugs, download and other information.
Full Story (comments: none)
The first beta of the Debian Lenny installer is available for testing.
There are many new features that were not in the etch installer.
" The debian-installer team is still looking for active contributors
for new features, bug triaging and squashing, improvements on the manual
and the developer documentation. If you want Lenny to release on time,
please join and help."
Full Story (comments: none)
Foresight Linux 2.0 has been released for the
x86 and x86_64 platforms, it features the recently released
GNOME 2.22 desktop environment.
" Foresight Linux is a Linux distribution for your desktop that features
a rolling release schedule that always keeps your desktop up to date.
Foresight includes innovative applications that make using your
computer easy, including Banshee for music management, F-Spot for
photo management, as well as vibrant user and developer community.
New in Foresight 2.0:
The Foresight 2.0 features a new tar-based installer,
that should install in less than 10 minutes, including formatting a
200 GB hard drive."
Full Story (comments: 9)
The second release candidate of Mandriva Linux 2008.1 is available.
" This pre-release includes support for easy synchronization of
Windows Mobile 5+, Blackberry and Nokia devices, the Codeina multimedia
codec installation system, support for Radeon HD 3xxx series graphics
cards, more improvements to the Mandriva software installation tools, the
finalized 2008 Spring theme, a new metapackage for easily installing a
complete LAMP setup, and available KDE 4.0.2."
Full Story (comments: none)
Ulteo has released the Ulteo Application System (AS) Beta1. The AS is an
installable version of Ulteo, for the local PC, that comes with
applications and features. The previously released Online Desktop (OD)
uses the network to provide applications and online document storage.
" automatic synchronization of documents with the Ulteo Online
Desktop, automatic upgrading, new "My Digital life" panel, full
installation in about 5 minutes, hundreds applications available--That's
what user can find in this just-released installable version of Ulteo
Application System Beta1."
Full Story (comments: none)
Distribution News
Debian GNU/Linux
Russ Allbery presents a look at Debian lintian development. " Lintian
has been under fairly active development for the past couple of years.
We've been averaging a "large" release closing a double-digit number of
bugs every couple of months or so, usually followed by a few quick bug fix
releases in new checks. There have been 18 Lintian releases since the etch
release. Lintian currently has 674 different tags, up from the 500
milestone about four years ago despite consolidation of closely-related
tags."
Full Story (comments: none)
Debian bug squashing parties are happening in real life. Even if you are
not close to any of the actual locations where people are squashing bugs,
you join in on IRC. Click below for more information on where and when
people will be squashing those release critical bugs in Lenny.
Full Story (comments: none)
Petter Reinholdtsen looks at the status of the release goal of converting
the Debian boot sequencing to use dynamic and dependency based ordering
instead of hardcoded sequence numbers. " To weed out these bugs,
testing is needed. As there are still a lot of problems with packages not
propagating into testing, I would recommend to limit testing to unstable
installations at the moment."
Full Story (comments: none)
Fedora
The Fedora project board met on March 11 and decided to remove the pointers to the "non-free" Fluendo codecs from Codeina (aka CodecBuddy) for Fedora 9. This is a big change from the Fedora 8 behavior. The only Fluendo codec that will still be referenced from Codeina is the free MP3 codec, which may have patent problems in some jurisdictions. As might be guessed, there are folks on both sides of this contentious issue. Some think it runs counter to the ideals of Fedora, while others lament the treatment of Fluendo.
LWN covered Codeina/CodecBuddy last November.
Comments (18 posted)
The Fedora Project has been worried about remaining in compliance with
the GPL while handing out binary distribution CDs. The result is this set
of guidelines. " Now, if someone at the show asks, you can encourage them to download the
code themselves (and become a contributor to Fedora). If they insist on
getting source code on physical media, then provide them with CDs with
the source code. This is an additional bit of work on the part of our
Ambassadors, but it protects both the Ambassadors, and the Fedora
Project, from any undue criticism and future obligation under these
licenses."
Full Story (comments: 19)
K12Linux sub-project is working to integrate LTSP5 into Fedora 9. LTSP
enables any machine to become a terminal server and to boot thin clients.
Full Story (comments: none)
Here's a look at the March 4, 2008 meeting of the Fedora Board, where
topics included Secondary Arch Hosting, Post-release updates of custom
spins, and several other topics.
Full Story (comments: none)
Click below for a look at the March 11 meeting of the Fedora board. Topics
discussed include Post-release updates of custom spins, Google Start Page,
Codeina, and several other topics.
Full Story (comments: none)
Michael Tiemann's "Fedora in the Enterprise" speech from FUDCon Raleigh
2008 is now available in Ogg Theora format on the Fedora
torrent site. " Unfortunately, some scheduling and technical
conflicts meant we couldn't capture the entire speech, but only the first
15 minutes. We're sorry for the inconvenience, and hope you enjoy the
segment we were able to provide."
Full Story (comments: none)
Gentoo Linux
Click below for some notes from the March 13 meeting of the Gentoo
council. Continuing topics include slacker arches, GLEP 46 and EAPI=0.
New topics include Summer of Code, package maintainers, amd64 arch team and
big bug list, and more.
Full Story (comments: none)
Mandriva Linux
Adam Williamson has been working on " the easiest ever support for
synchronizing with Windows Mobile 5 and 6 devices in any
distribution", for the upcoming Mandriva Linux 2008 Spring.
" Support is included for synchronizing with both KDE (KDE PIM) and
GNOME (Evolution). Similarly easy synchronization is also possible with
many Nokia phones and with Blackberry devices."
Full Story (comments: none)
SUSE Linux and openSUSE
openSUSE Packaging Days is an event for application developers, project
contributors and anyone else who wants to learn how to provide binary
packages for all the popular distributions. The openSUSE Build Service
will do most of the work for you. Join in on IRC Freenode at
#opensuse-buildservice during April 4 - 5, 2008, where community members
will be standing by to to provide support and answer questions about
using the build service and creating packages.
Full Story (comments: none)
openSUSE has been accepted into the Google Summer of Code 2008.
" We're now in the "interim period" for students to discuss
application ideas with mentoring organizations. (That'd be us.) Students
will then have from March 24th through March 31st to apply to
Google." Students should look at the ideas page for more
information and timeline.
Full Story (comments: none)
openSUSE has made available videos from FOSDEM. They are linked from this page.
Full Story (comments: none)
Ubuntu family
It's official: SELinux is now available in the Ubuntu development ("Hardy Heron") distribution. " This is the result of the amazing work of the ubuntu-security and ubuntu-hardened teams, as well as the huge contributions from the folks at Tresys. (note: SELinux will not be the default, but is available as a security option.)" Installing it is a simple apt operation.
Comments (none posted)
Matt Zimmerman reports on two decisions made by the Ubuntu Technical Board
regarding the Ubuntu 8.04 release. 1) Automatic indexing in tracker will be
disabled by default. 2) The SPARC port will not be officially supported in
Ubuntu 8.04. Click below for details.
Full Story (comments: none)
Ubuntu hug days have going on regularly, each one targeting some part of
Hardy that needs work. This one on the 20th is dedicated to
NetworkManager. Find out more about Hug Days.
Full Story (comments: none)
New Distributions
Clonezilla
Live combines Debian
Live with Clonezilla
to create a tool for easily cloning individual machines using a CD, DVD or
USB flash drive. Clonezilla live 1.0.9-19 (stable) was recently announced.
Comments (none posted)
Distribution Newsletters
The Ubuntu Weekly Newsletter for March 15, 2008 covers the Ubuntu 8.04 beta
freeze, Ubuntu Classroom team, the return of Ubuntustats.com, LoCo projects
from the Jordanian, New Mexico, and UK teams, Ubuntu Studio at Sheffield
University, and much more.
Full Story (comments: none)
In this week's openSUSE Weekly
News you'll find Videos and Slides from FOSDEM 2008, openSUSE to
Participate in Google Summer of Code 2008, Novell Free Hugs at CeBit 2008,
KIWI-LTSP 0.3.14 Now Out, LimeJeOS, the openSUSE-based JeOS is Born,
Banshee 1.0Alpha1 is Available with 1-Click-Install, New KDE Four Live and
updated KDE 4.1 Snapshot Packages, HP to preload SUSE Linux Enterprise
Desktop on Notebooks, Desktops, In Tips and Tricks: Best Practices for
Editing Configuration Files, Upcoming: openSUSE 11.0 Alpha 3 (later today),
and more.
Comments (none posted)
The March
edition of the Gentoo Monthly Newsletter covers Gentoo Trustee Election
Result, New operations lead for SPARC, New Gentoo Book, Council Meeting
Summary, and several other topics.
Comments (none posted)
The Fedora Weekly News for March 10, 2008 is out. " In Announcements,
we have "Announcing the relaunch of the Fedora BugZappers!" In Planet
Fedora, we have "OLS (Ottawa Linux Symposium)", "Fluendo, Bastien, et al",
"Desktop User Guide (Needs help to finish it off)", and "OpenExpo 2008 -
Day 2"" Several other topics are covered as well.
Full Story (comments: none)
This edition of misc development news covers the Debian Documentation
Project switch to SVN, Machine-interpretable debian/copyright, WNPP status
changes sent to PTS subscribers, a new method for device probing in
grub-install / update-grub and policy checker linda removed from
testing/unstable. Click below for details.
Full Story (comments: none)
The DistroWatch
Weekly for March 17, 2008 is out. " PC-BSD, a user-friendly
variant of FreeBSD with a web-based software installation system, continues
to deliver updated releases on a regular basis. We'll take a look at the
just-released version 1.5. Does it support modern hardware well? And can it
challenge the popular desktop Linux distributions? Read below for some
answers. In the news section, Ubuntu enters a beta freeze stage, KNOPPIX
gets busy with bug fixes, the Hungarian PCLinuxOS community releases
PCe17OS, OpenBSD publishes the 4.3 information page, and Dru Lavigne
announces the availability of an up-to-date BSDA certification DVD. Also in
this issue, learn about pkg-get, a package management utility for
OpenSolaris and follow an interesting analysis of the DistroWatch Page Hit
Ranking logs as published by a group of data mining researchers in
France."
Comments (none posted)
Distribution meetings
Registration for DebConf8 will close at the end of this month. DebConf8
will take place in Mar del Plata, Argentina from Sunday 10 to Saturday 16
August 2008.
Full Story (comments: none)
Interviews
People of openSUSE introduce
Timo Hönig. " What do you think was your most important
contribution to the openSUSE project/community or what is the contribution
that you're most proud of? Definitely the times when I broke D-Bus in
late RC phase. Those times made people realized how buggy their own
applications are, as the applications nicely threw signal 11. Other than
that, all of my open source projects."
Comments (none posted)
Distribution reviews
Linux-Watch
takes a look at the Red Hat Enterprise Linux 5.2 beta release.
" This beta is being made available across the entire RHEL family. So you can try both the vanilla RHEL 5.2 and the Advanced Platform version on the AMD and Intel 64, Itanium, S/390, System p, and System z platforms. The beta for the RHEL 5 Desktop for x86 and AMD64/Intel is also being made available.
The major upgrades are going to be in virtualization. RHEL is upgrading its core virtualization hypervisor, Xen, to Xen 3.1.2. It also features improvements in its NUMA (Non-Uniform Memory Access) interface as well as support for up to 64 processors per system with up to 512GB of memory per server."
Comments (6 posted)
Page editor: Rebecca Sobol
Development
By Forrest Cook March 19, 2008
The Banshee project
is creating a music management and playback utility for the GNOME
desktop. The Banshee home page states:
Import, organize, play, and share your music using Banshee's simple, powerful interface.
Rip CDs, play and sync your iPod, create playlists, and burn audio and MP3 CDs. Most portable music devices are supported.
Banshee also has support for podcasting, smart playlists, music recommendations, and much more.
Version 1.0 Alpha 1 (0.98.1) of Banshee has been
announced.
New features in this release include:
- A code rewrite with an emphasis on performance improvements and better resource usage.
- A new Album Browser feature with the ability to display album artwork.
- A Play Queue feature for building on-the-fly music playlists.
- New search capabilities for locating artists, albums and song titles.
- Integration with the Last.fm music sharing service.
- A built-in 10 band audio equalizer.
- The new ability to play from a playlist while browsing new sources.
The version 1-0.98.1
change log file has more detailed information on the new release.
This 1.0 alpha release of Banshee is missing a number of features that were present in the earlier 0.13.2 version. There is no support for hardware
devices yet, so it is not possible to import or burn CDs, talk to iPod
devices or deal with USB or MTP devices. Numerous plugins have also
been left out, so it is not possible to access podcasts, internet radio,
music sharing services, etc. The release announcement states:
Do not despair, these features will be added back before the final 1.0 release. Many hardware related features are projected to land in the Alpha 2 and 3 releases of Banshee 1.0. We expect releases in quick succession leading up to the final 1.0 release.
Banshee 1-0.98.1 was installed on a system running an Athlon XP 1700
processor and 512MB of RAM. The operating system was the alpha 6
release of Ubuntu Hardy Heron for i386.
The following steps were required to get the software running:
#apt-get install gnome-common automake1.9 monodoc
#apt-get build-dep banshee
The banshee-1-0.98.1.tar.bz2 source file was downloaded,
uncompressed and untarred.
$./configure --prefix=/usr
$make
#make install
$banshee-1
Banshee fired up as expected. Your author converted a few CDs
to flac files and copied them to the system for testing.
It did not take much effort
to figure out how to play individual tracks and build playlists.
The standard play/pause buttons and skip to previous or next track
buttons worked as one would expect. The built-in equalizer worked,
although it tended to produce audible clipping if a frequency band
was turned up too high.
Unlike earlier versions of Banshee,
the only internet music channel shown in version 1.0 was Last.fm.
It was possible to use the standalone last.fm binary to access the
site, but Banshee was only able to list the selections, not play them.
The error message: don't know how to handle audio/mpeg...
led to the source of the problem. The installation page was
consulted, a large collection of
gstreamer0.10-plugins were installed with the Synaptic package
manager, and Banshee was restarted. Last.fm content came through
loud and clear.
One final issue was noticed with Banshee. When the application was
run from the command line and exited using the GUI, it left the
GNOME terminal in a locked-up state.
Future releases of Banshee will likely include fixes for
some of the aforementioned issues. Banshee is an interesting
application that can be used for combining a wide variety
of audio listening functions into one place.
Comments (8 posted)
System Applications
Database Software
Stable version 2.2.1 of DbUnit has been
announced.
" DbUnit is a JUnit extension targeted for database-driven projects that, among other things, puts your database into a known state between test runs.
The DbUnit Framework team is pleased to announce the dbunit-2.2.1 release!
Changes in this version include:
New features: Created H2 data factory Issue: 1897612.
New point Datatype on MySqlDataTypeFactory Issue: 1798605.Thanks to Vera Wahler. Fixed Bugs".
Comments (none posted)
Versions 8.3.1 and 8.2.7 of the PostgreSQL DBMS have been announced.
" Updates for versions 8.3 and 8.2 of the PostgreSQL database management
system are available today. This minor release fixes more than 20 minor
issues uncovered by our community in PostgreSQL 8.3.0 and 8.2.6 over the
last few weeks. All users of 8.3 and 8.2 are urged to schedule an upgrade
at the earliest reasonable opportunity."
Full Story (comments: none)
The March 16, 2008 edition of the Postgres Weekly News
is online with the latest PostgreSQL DBMS articles and resources.
Full Story (comments: none)
Version 3.5.7 of the SQLite DBMS has been
announced.
" Version 3.5.7 fixes several minor and obscure bugs, especially in the autoconf-generated makefile. Upgrading is optional. This release of SQLite is considered stable and ready for production use."
Comments (none posted)
Device Drivers
Version 0.8 of umtsmon has been
announced.
" This program is to control your UMTS PCCard: enter SIM PIN code, send and receive SMS and control/monitor the network connection.
umtsmon 0.8 has a lot of new features".
Comments (none posted)
Filesystem Utilities
Version 0.9 of allmydata.org, a secure decentralized filesystem, is out.
" This release of allmydata.org "Tahoe" will form the basis of the next
consumer backup product from Allmydata, Inc.
This release adds extensive "visibility into the grid" -- the web user
interface now shows detailed information about the nodes comprising
the grid and fine-grained statistics about the time and space used for
the storage and retrieval operations."
Full Story (comments: none)
Version 0.686.3 of FreeNAS has been
announced. FreeNAS is available as a bootable ISO image.
" NAS (Network Attached Storage) server supporting: CIFS, FTP, NFS, RSYNC, SSH, AFP, Unison, UPnP, iSCSI protocols, local and MS Domain authentication, Software RAID (JBOD,0,1,5), disk encryption with a Full WEB configuration interface. 32MB only.
Majors changes:
- Remove consolehm sensor support because it doesn't work/recognize up-to-date hardware.
Will be replaced with FreeBSD 7.0 sensor framework in FreeNAS 0.7. - WebGUI uses NiftyCubes for rounded corners with CSS and Javascript.
- Validate minutes/hours/days/months/week days configuration on misc WebGUI pages
(e.g. scheduled shutdown/reboot, RSYNC local, ...)."
Comments (none posted)
Networking Tools
The initial release of ezRADIUS has been
announced. The software is:
" FreeRADIUS and chillispot web-based management. It's easy, simple and expandable. The main aim is to provide wireless administrator a simple web-based management application to manage wireless client. FreeRADIUS must configured to use MySQL as backend.
Beta version of ezRADIUS finally released. This is initial release for testbed and feedback gaining."
Comments (none posted)
Web Site Development
Version 0.01 of the cross-platform Flourish Player has been
announced.
" Flourish Player aims to be a simple, fully customizable Flash (SWF) audio player able to be embedded into HTML pages. It can be built and fully customized using only free software. I am proud to announce that Flourish Player - the flash audio player for the web that can be fully customized with a toolchain containing only free and open source software - has now been released in version v0.01."
Comments (none posted)
Version 1.8.7 of Midgard has been released.
" The Midgard Project has released stable, 1.8.7
release version of the Midgard Open Source Content Management System.
Midgard 1.8.7 "Flying Pancake" release includes major bugfixes and
enhancements."
Full Story (comments: none)
Desktop Applications
Audio Applications
Version 1.5.0 of
Audacious, an audio player, has been announced.
" We've been able to keep the hg tree in a releasable state during this entire development cycle, so we've gone ahead and released Audacious 1.5.0.
You will probably want to be aware of some changes in direction, in a nutshell, we're moving support for winamp2 skins to a plugin, and providing a new default UI which we feel is more suited to audacious."
Comments (none posted)
Version 1.36.02 of eSpeak,
a text to speech synthesizer, has been announced.
Changes include a faster top speed, improvements to the Polish version and
bug fixes.
Comments (none posted)
Version 0.5.0 of pytagsfs, a FUSE filesystem that presents multiple views
of tagged media files, is out.
" This release
includes significant enhancements as well as critical bug fixes:
* Support for Python 2.4.
* Support for source tree monitoring with Gamin; pytagsfs should now be
cross-platform compatible.
* Improved performance handling updates to the source tree.
* Support for more graceful handling of path collisions.
* Fixes for two serious bugs affecting data integrity (#195476, #195477)."
Full Story (comments: none)
Business Applications
Version 4.0 of Millennium BSA has been
announced.
" Millennium Business Suite Anywhere (BSA) is web based ERP/CRM solution with integrated BPM. Millennium BSA automates resources' planning (MRPII), distribution, inventory, payroll, HR, purchase, sales. Millennium BSA is distributed under GPL V2."
Comments (none posted)
Desktop Environments
GnomeDesktop covers
the release of GNOME 2.22.
" Among the most significant additions in this release are the addition of a photo and video taking application that integrates with your webcam called Cheese, a new VNC viewer called Vinagre and the addition of an advanced and integrated IDE, Anjuta.
Notable improvements are the improved support for DVD playback, subtitles and VLC support in the Totem video player, an improved international clock applet, Google calendar integration in Evolution, improved accessibility for web apps and a whole new library to support networked file-systems."
Comments (none posted)
Version 2.22.0 of GARNOME, the bleeding edge GNOME distribution, is out.
" We are pleased to announce the release of GARNOME 2.22.0. This release
incorporates the GNOME 2.22.0 Desktop and Developer Platform, fine-tuned
with love by the GARNOME Team.
It includes updates and fixes after the GNOME freeze, together with a
host of third-party GNOME packages, Bindings and the Mono(tm) Platform."
Full Story (comments: none)
The GNOME 2.23 schedule has been announced.
" The official schedule of GNOME 2.23/2.24 development cycle is available at:
http://live.gnome.org/TwoPointTwentythree".
Full Story (comments: none)
The following new GNOME software has been announced this week:
You can find more new GNOME software releases at
gnomefiles.org.
Comments (none posted)
The following new KDE software has been announced this week:
You can find more new KDE software releases at
kde-apps.org.
Comments (none posted)
An RFC has gone out for a new XCB socket handoff mechanism for Xlib/XCB
and other libraries.
" Libraries like Xlib/XCB, some XCB language bindings, and potentially
others have a common problem: they want to share the X connection with
XCB. This requires coordination of request sequence numbers. XCB
currently has an Xlib-specific lock, and allows Xlib to block XCB from
making requests. The attached patches to XCB replace that lock with a
handoff mechanism, xcb_take_socket, allowing external code to ask XCB
for permission to take over the write side of the socket and send raw
data with xcb_writev. The caller of xcb_take_socket must supply a
callback which XCB can call when it wants the write side of the socket
back to make a request. This callback synchronizes with the external
socket owner, flushes any output queues if appropriate, and then returns
the sequence number of the last request sent over the socket."
Full Story (comments: 1)
The following new Xorg software has been announced this week:
- libxkbfile 1.0.5 (bug fix and build change)
- libXScrnSaver 1.1.3 (new features and bug fixes)
- libXv 1.0.4 (code cleanup and documentation work)
- xf86-video-apm 1.2.0 (new features, build and bug fixes, code cleanup)
- xf86-video-ark 0.7.0 (new features, build and big fixes, code cleanup)
- xf86-video-ast 0.85.0 (new features, build and bug fixes, code cleanup)
- xf86-video-chips 1.2.0 (new features, build and bug fixes, code cleanup)
- xf86-video-cirrus 1.2.0 (new features, build and bug fixes, code cleanup)
- xf86-video-fbdev 0.4.0 (new features, build and bug fixes, code cleanup)
- xf86-video-glint 1.2.0 (new features, build and bug fixes, code cleanup)
- xf86-video-i128 1.3.0 (new features, build and bug fixes, code cleanup)
- xf86-video-i740 1.2.0 (new features, build and bug fixes, code cleanup)
- xf86-video-neomagic 1.2.0 (new features, build and bug fixes, code cleanup)
- xf86-video-rendition 4.2.0 (new features, build and bug fixes, code cleanup)
- xf86-video-s3 0.6.0 (new features, build and bug fixes, code cleanup)
- xf86-video-s3virge 1.10.0 (new features, build and bug fixes, code cleanup)
- xf86-video-savage 2.2.0 (new features, build and bug fixes, code cleanup)
- xf86-video-siliconmotion 1.6.0 (new features, build and bug fixes, code cleanup)
- xf86-video-sis 0.10.0 (new features, build and bug fixes, code cleanup)
- xf86-video-sisusb 0.9.0 (new features, build and bug fixes, code cleanup)
- xf86-video-tdfx 1.4.0 (new features, build and bug fixes, code cleanup)
- xf86-video-trident 1.3.0 (new features, build and bug fixes, code cleanup)
- xf86-video-tseng 1.2.0 (new features, build and bug fixes, code cleanup)
- xf86-video-v4l 0.2.0 (new features, build and bug fixes, code cleanup)
- xf86-video-vmware 10.16.0 (new features, build and bug fixes, code cleanup)
More information can be found on the
X.Org Foundation wiki.
Comments (none posted)
Music Applications
Version 2.3 of jack-keyboard has been announced, it includes one new
feature and some bug fixes.
" jack-keyboard is a virtual MIDI keyboard - a program that allows you to
send JACK MIDI events (play ;-) using your PC keyboard. It's somewhat
similar to vkeybd, except it uses JACK MIDI instead of ALSA, and the
keyboard mapping is much better - it uses the same layout as trackers
(like Impulse Tracker) did, so you have two and half octaves under your
fingers."
Full Story (comments: none)
Video Applications
The initial release of pAny2DVD has been
announced.
" Let your videos convert to DVD-compliant MPEG-2 video format!
pany2dvd.pl is a simple cmdline tool that helps you convert your video files into DVD-compliant MPEG2 video. The process of determining the right parameters is fairly sophisticated and almost fully automated."
Comments (none posted)
Languages and Tools
C
The March 15, 2008 edition of the GCC 4.2.4 Status Report
has been published.
" The GCC 4.2 branch is open for commits under normal release branch
rules. All fixes going on that branch should first have gone on trunk
and 4.3 branch.
GCC 4.2.4 is due around 2008-04-02, so 4.2.4-rc1 should be built by
one of the release managers around 2008-03-26. Any further 4.2
releases after 4.2.4 may depend on whether there is expressed user and
developer interest in further releases from this branch, or whether
4.3 has been widely adopted in place of 4.2."
Full Story (comments: none)
The March 15, 2008 edition of the GCC 4.3.1 Status Report
has been published.
" The GCC 4.3 branch is open for commits under normal release branch
rules.
GCC 4.3.1 is due no later than 2008-05-05, but if a workaround for the
x86 direction flag issue is agreed and committed soon then 4.3.1-rc1
may come around a week after such a workaround is committed to the
branch, with the release following about a week later subject to no
problems requiring 4.3.1-rc2 to be built."
Full Story (comments: none)
Caml
The March 18, 2008 edition of the Caml Weekly News
is out with new articles about the Caml language.
Full Story (comments: none)
Java
Version 1.5.1 of OpenSwing has been
announced.
" OpenSwing is a component library that provides a rich set of advanced graphics components and a framework for developing java applications based on Swing front-end. It can be applied both to rich client applications and Rich Internet Applications.
In this release:
Included support for JPA/EJB 3.0/TopLink Essentials: JPAUtils class has been provided to easily support grid pagination, filtering, sorting
from OpenSwing GridControl to JPA API.
Added "demo35" sample application to show how to combine JPA with OpenSwing.
Updated web site documentation by adding description about how to use together JPA and OpenSwing."
Comments (none posted)
Perl
The March 1-8, 2008 edition of
This Week on perl5-porters is out with the latest Perl 5 news.
Comments (none posted)
The minutes from the March 12, 2008 Perl 6 Design Meeting
have been published.
" The Perl 6 design team met by phone on 12 March 2008. Allison, Jerry, Will, Mitchell, Nicholas, Jesse, and chromatic attended."
Comments (none posted)
Python
The
release schedule for Python 2.6/3.0 is out.
" Neal Norwitz and I have worked out the schedule for Python 2.6 and
3.0, which will be released in lockstep. We will be following a
monthly release schedule, with releases to occur on the first
Wednesday of the month. We'll move to a 2 week schedule for the
release candidates.
Executive summary: Python 2.6 and 3.0 finals are planned for September
3, 2008."
Comments (none posted)
The March 18, 2008 edition of the Python-URL! is online with
a new collection of Python article links.
Full Story (comments: none)
Tcl/Tk
The March 17, 2008 edition of the Tcl-URL! is online with new
Tcl/Tk articles and resources.
Full Story (comments: none)
Version Control
Version 0.29 of Guilt, a series of bash scripts which add a Mercurial
queues-like functionality and interface to git, is out.
" This release is quite uneventful. It is made up of a few fixes here and
there, and complete regression suite rewrite. Unfortunately, most of the
exciting Guilt development went on in a topic branch, but the changes are
far too invasive for me to include them in v0.29, so I'm going to merge that
in for v0.30."
Full Story (comments: none)
Miscellaneous
Version 2.18.50.0.5 of the Linux binutils has been announced.
" This is the beta release of binutils 2.18.50.0.5 for Linux, which is
based on binutils 2008 0314 in CVS on sourceware.org plus various
changes. It is purely for Linux.
All relevant patches in patches have been applied to the source tree.
You can take a look at patches/README to see what have been applied and
in what order they have been applied."
Full Story (comments: none)
Version 2.2 of Libtool, a generic library support script, has been
announced.
" It seems that after years of development, Libtool-2.0 was skipped and,
instead, Libtool-2.2 has been released!"
Full Story (comments: 3)
Page editor: Forrest Cook
Linux in the news
Recommended Reading
Another one from the "benefits of the patent system" department: Fortune talks
with Seagate CEO Bill Watkins about why that company is not worried
about the increasing popularity of flash-based solid-state drives.
" But in case flash prices continue to plummet and the flash drives
really do catch on, Watkins has something else up his sleeve.... Seagate
and Western Digital (WDC), two of the
major hard drive makers, have patents that deal with many of the ways a
storage device communicates with a computer, Watkins says. It stands to
reason that sooner or later, Seagate will sue - particularly if it looks
like SSDs could become a real threat."
Comments (20 posted)
Following up on yesterday's item about the threats made by Sequoia Voting against Ed Felten: NJ.com reports that plans for an independent audit of Sequoia's voting machines have been dropped. " Sequoia maintains the errors, which were documented in at least five counties, occurred due to mistakes by poll workers. The firm, which is based in Colorado, examined machines in Middlesex Count, and concluded that poll workers had pushed the wrong buttons on the control panels, resulting in errors in the numbers of ballots cast.
But officials found it odd that such an error never occurred before and the clerk's association wanted further testing.
On the advice of county's attorneys, however, [county clerk Joanne] Rajoppi said today she must forego all plans for independent analysis."
Comments (15 posted)
Trade Shows and Conferences
eWeek reports
on Novell's plans for SUSE Linux Enterprise Server 11, as discussed at the
company's BrainShare 2008 conference. " The technical areas of
primary focus will be the mission-critical data center, the tools to allow
Unix-to-Linux migration, green IT, and continued work on the Linux desktop,
[CTO Jeff] Jaffe said. On the mission-critical data center front, SLES 11
will include automated and assisted self-healing capabilities, including
single-node clusters and automated hardware failure detection, he
said."
Comments (6 posted)
Interviews
EFYtimes has an interview with KDE founder Matthias Ettrich covering KDE history, his role at Trolltech, KDE 4, and more. " I mean, try to compare Windows XP with KDE 3: nobody in their right mind would choose Windows over GNU/Linux based on the desktop experience alone. The Web problem has also been solved. Microsoft clearly lost the Web war -- they failed to enhance the Web in a proprietary way. What remains are some legal issues on the multimedia side that can be mostly worked around, the office documents formats issue and the flood of applications that only run on Windows, mostly games."
Comments (12 posted)
InfoWorld presents
an interview
with the Linux Foundation's executive director Jim Zemlin.
" InfoWorld: So are Microsoft's days as the dominant provider of desktop and server and maybe even handheld operating systems numbered?
Zemlin: Monopolies don't last forever, so I mean, I think they've got a long way to go. It's just natural over time that people aren't going to allow a single company to dominate the market. But the more important thing that Microsoft I think is grappling with now, and you saw that recently they've opened up their protocols and they're trying to be a more open company, is they realize that there's been a fundamental shift in how companies create innovative products and compete in the marketplace. And companies are doing that through open and mass collaboration."
Comments (1 posted)
kubuntu-de.org has an interview with Tobias König regarding Akonadi, the new personal information storage facility for KDE 4. " At first the most important: Akonadi is not a groupware server! In contrast, Akonadi is an intermediate storage and abstraction layer for PIM data. This is similar to Phonon, for multimedia or Solid for hardware. Akonadi abstracts the access and maintenance of data for the rest of the system (i.e. the address book or the calendar). This is achieved by offering a common interface for all the data."
Comments (none posted)
Reviews
ars technica reviews the newly-freed Komodo Edit release. " Komodo Edit has a decent range of features that put it squarely between a conventional editor and a full-fledged IDE. The feature set includes basic project management, a snippet system, effective find-and-replace with support for regular expressions, extremely robust support for plug-ins and user modification, a tab-based multiple document interface, syntax highlighting and folding, code completion and tips, and basic code validation."
Comments (4 posted)
Page editor: Forrest Cook
Announcements
Non-Commercial announcements
Busybox developers have agreed to dismiss another GPL enforcement lawsuit, this time against Verizon Communications. Verizon was distributing Actiontec equipment that had Busybox installed and were not providing the code to downstream users. " 'Actiontec takes great pride in providing innovative, quality products
to its customers, while respecting the intellectual property rights of
third parties,' said Dean Chang, Actiontec's President and CEO. 'We
appreciate the value of the technological contributions of the open
source community, and look forward with renewed commitment to working
cooperatively with them.'" Click below for the full press release from the Software Freedom Law Center.
Full Story (comments: 3)
The Electronic Frontier Foundation has announced that the
U.S. Patent and Trademark Office has granted a request for a
reexamination of an online gaming patent.
" Sheldon F. Goldberg was awarded the illegitimate patent for
online gaming systems that use tournament-style play,
advertising, and real-time updates of ladder-rankings in
multi-player games. Goldberg has used this bogus patent to
coerce licensing fees from numerous small businesses.
In the reexamination request, EFF along with Paul Grewal
and Brad Waugh of Day Casebeer Madrid & Batchelder show
that the technology covered by the Goldberg patent had been
widely disseminated in the public domain for years before
Goldberg made his claim."
Full Story (comments: none)
The Audacity
sound editor project will be involved in the 2008 Google Summer of Code.
" We are now seeking student participants. As we wrote in our application: At student selection stage, we look for evidence that the student has a real interest in our project, 'Do they actually use it?' rather than just choosing some project that is part of GSoC."
Comments (none posted)
The gEDA electronic design tool project has
announced
a list of projects that could be used in the 2008 Google Summer of Code.
" This page contains various ideas for projects, organized by the tool. You can use these as fodder for creating your application to Google. Also, if you have your own idea, feel free to share it with the gEDA developers they might like it more than any project on this list!"
Comments (none posted)
The WorldForge virtual world project has
announced
its participation in the Google Summer of Code.
" WorldForge has been accepted as a mentoring organization for the Google Summer of Code 2008.
If you are a student interested in participating, see our project ideas list, visit us in the #lounge channel on irc.worldforge.org or say hello on the general mailing list. We are looking forward to hearing from you."
Comments (none posted)
Alan Robertson has announced the ten year anniversary of the
Linux-HA project.
" The 10-year anniversary of the first working code was this week. I
announced it 10 years ago yesterday."
Full Story (comments: 2)
Ivan Krstić, the developer behind the One Laptop Per Child security model
(among other things), has posted a message about
his departure from that project. " I cannot subscribe to the
organization's new aims or structure in good faith, nor can I reconcile
them with my personal ethic. Having exhausted other options, three weeks
ago I resigned my post at OLPC. It's been an outstanding experience, and I
truly wish OLPC the best in its future endeavors. My belief in the mission
is in no way compromised, and I will miss my coworkers dearly."
Comments (7 posted)
Ed Felten, who is starting to make a habit of drawing cease-and-desist notices from manufacturers, has posted a notice from Sequoia Voting Systems telling him not to analyze any voting machines. " Sequoia has also retained counsel to stop any infringement of our intellectual properties, including any non-compliant analysis. We will also take appropriate steps to protect against any publication of Sequoia software, its behavior, reports regarding same or any other infringement of our intellectual property." Certainly a democracy would have no reason to want to know about the "behavior" of its voting machines.
Comments (44 posted)
The United States PostgreSQL
Association has been launched. The association will support PostgreSQL
in the US through user group development, conferences, education
initiatives and fun.
Full Story (comments: 1)
USENIX has announced that it has decided to offer open access to the proceedings from all of its conferences. " This significant decision will allow universal access to some of the most important technical research in advanced computing. In making this move USENIX is setting the standard for open access to information, an essential part of its mission." One might argue that it's a bit late to be "setting standards" in this regard, but it's still a good thing.
Comments (3 posted)
Commercial announcements
Alcatel-Lucent and Red Hat have
announced a partnership.
" Alcatel-Lucent and Red Hat, the leading
provider of open source solutions, will integrate Red Hat Enterprise Linux
and Realtime technologies in Alcatel-Lucent communication products for
small and medium enterprises (SME). The collaboration supports
Alcatel-Lucent's Dynamic Enterprise commitment to interconnecting people,networks, process and knowledge in a flexible, open environment while
helping Red Hat expand its business."
Comments (none posted)
Funambol is helping the AGPLv3 license to achieve OSI approval.
" Funambol, the leading provider of Mobile 2.0 messaging
software powered by open source, today announced that the AGPLv3 has received formal approval by
the Open Source Initiative (OSI). Funambol led the process of the license's approval by the OSI
after adopting AGPLv3 in November. It was the first company to adopt the license, which closes the
"ASP loophole"."
Full Story (comments: none)
Ingres Corporation has
announced the launch of
Ingres CAFE.
" Ingres Corporation, a leading provider of open source
database management software, announced today the creation of Ingres
CAFE(TM) (Consolidated Application Foundation for Eclipse), which brings
together in one bundle all the components developers need to create and
deploy rich Java applications built using the Eclipse Foundation's open
source development framework."
Comments (none posted)
Linspire, Inc. has
announced a partnership with Fluendo S.A. involving the distribution
of multimedia software via the CNR.com site.
" Immediately
available and one-click accessible through CNR.com's easy-to-use software
delivery service, Fluendo's multimedia software products are now available
to Freespire 2.0, Linspire 6.0, Ubuntu 7.04 and 7.10 users and will soon
expand to additional popular Linux distributions".
Comments (none posted)
Quim Gil has posted a brief note with pointers to a talk by Ari Jaaksi (in text, audio (MP3) and PDF slides forms) on how Nokia wants to work with the open source community. " We at Nokia are working hard to get it. We have to. We need to get better in communicating our strategies and plans. We need to be more open and get even more involved in various projects and communities. We must be better at articulating our views, providing information and code back, and supporting the community. We must be sure we support freedom and openness and do not try to limit anybodys work. But at the same time, we must be better at telling what is OK for us and what is not."
Comments (16 posted)
Novell has
announced that it will work with Sesame Workshop.
" Novell today announced that Sesame Workshop, the non-profit educational
organization behind the ground-breaking children's television program
"Sesame Street," has selected Novell to streamline its hardware and
software infrastructure."
Comments (none posted)
Packt Publishing Ltd has
announced that it has donated more than $100K to open-source projects.
" Following its first donation
to the phpMyAdmin project in April 2004, the company has gone on to provide
sustained support for over thirty different open source projects.
Packt has introduced initiatives such as the Open Source Project
Royalty Scheme and Open Source CMS Award to provide sustained donations to
projects over the last four years. The Open Source Project Royalty Scheme
allows projects to benefit from the publication of a book, as they are
allocated a percentage of every copy sold."
Comments (none posted)
SourceLabs has
announced new Self-Support offering for Linux and Java.
" Until now customers have had to choose between using open source
software without support or buying traditional support contracts from
vendors at a cost and service level that hasn't always made sense. Now they
have a third choice," said Byron Sebastian, CEO and Founder of SourceLabs.
"Our Self-Support Suites together with our Swik.net social network use
unique patent-pending technology that enables open source professionals to
quickly access better information and analytical tools than support vendors
have traditionally had at their fingertips. Much in the same way OSS
commoditized the software industry, marking a huge shift in the way
technology is developed and operates, we are extending that value to
software support."
Comments (none posted)
The Open Group has
announced that Sun
Microsystems, Inc. has become a platinum member of the organization.
" In this capacity, Sun will play a leading role in advancing
best practices, standards and professional certification programs related
to enterprise architects and IT Specialists, including The Open Group's
Architecture Framework (TOGAF(TM)), IT Architect Certification (ITAC) and
the IT Specialist Certification (ITSC)."
Comments (none posted)
New Books
O'Reilly has published the book The Facebook Application Platform
by Shelley D. Farnham.
Full Story (comments: none)
Rocky Nook has published the book The Photograph: Composition & Color Design by Harald Mante.
Full Story (comments: none)
Resources
The March 17, 2008 edition of the FSFE Newsletter is online
with the latest Free Software Foundation Europe news.
Topics include:
Microsoft's so-called 'interoperability' pledge excludes primary competitors,
FSFE calls on Microsoft to release interoperability information without restrictions,
FSFE at FOSDEM in Brussels, Belgium,
SELF conference in Sofia, Bulgaria,
FSFE participates in a global day for document liberation,
FSFE announces the first European Licensing and Legal Workshop,
Jonas ?berg in Sofia, Bulgaria,
FSFE Context Briefing on DIS-29500: Deprecated before use?,
"Fairware" for the Protestant Church in Germany,
Late breakfast for Rhineland Fellows and RMS in Berlin.
Full Story (comments: none)
Upcoming Events
The Linux Users' Group of Davis will hold its next
"Linux Installfest" workshop in Davis, California on
April 13, 2008.
Full Story (comments: none)
TechWeb has
announced the keynote lineup for Web 2.0 Expo San
Francisco 2008. Registration has been opened for the conference.
" TechWeb (formerly CMP) and
O'Reilly Media, Inc., co-producers of Web 2.0 Expo, today announced the
lineup of keynotes scheduled to appear at the upcoming Web 2.0 Expo San
Francisco 2008 -- a list that includes Marc Andreessen, Max Levchin and
Johnathan Schwartz, and many others. Web 2.0 Expo is the global annual
gathering of developers, designers, marketers, and business professionals
building the next generation Web, taking place April 22-25, 2008 at Moscone
West."
Comments (none posted)
Events: March 27, 2008 to May 26, 2008
The following event listing is taken from the
LWN.net Calendar.
| Date(s) | Event | Location |
March 26 March 28 |
CanSecWest 2008 |
Vancouver, BC, Canada |
March 29 March 30 |
PostgreSQL Conference East 2008 |
College Park, MD, USA |
March 31 April 2 |
UKUUG Spring 2008 Conference - Dynamic Languages |
Birmingham, England |
| March 31 |
2008 European Workshop on System Security |
Glasgow, Scotland |
March 31 April 2 |
UKUUG Spring 2008 Conference |
Birmingham, England |
March 31 April 2 |
Sharkfest Wireshark Network Analysis Summit |
Los Altos Hills, CA, USA |
| April 2 |
First meeting UKUUG PostgreSQL SIG |
Birmingham, England |
April 3 April 4 |
E-Mail Systems Conference 2008 (Exim and other mail systems) |
Birmingham, England |
April 4 April 5 |
openSUSE Packaging Days II |
IRC, Everywhere |
April 7 April 9 |
IT360 Conference & Expo |
Toronto, Canada |
April 7 April 11 |
Django Bootcamp with Juan Pablo Claude |
Atlanta, Georgia, USA |
April 8 April 10 |
Linux Foundation Collaboration Summit |
Austin, TX, USA |
April 10 April 13 |
Go-OO Conference 2008 |
Prague, Czech Republic |
April 12 April 13 |
Open Source Developers Conference Taiwan, 2008 |
Taipei, Taiwan |
April 12 April 13 |
LugRadio Live USA 2008 |
San Francisco, CA, USA |
April 12 April 18 |
KDevelop Developer Meeting 2008 |
Munich, Germany |
April 14 April 18 |
Embedded Systems Conference - Silicon Valley |
San Jose, CA, USA |
April 14 April 17 |
MySQL Conference and Expo |
Santa Clara, CA, USA |
April 14 April 18 |
Samba eXPerience 2008 |
Göttingen, Germany |
April 15 April 17 |
Embedded Linux Conference 2008 |
Mountain View, CA, USA |
April 15 April 17 |
SOA in Health Care |
Chicago, IL, USA |
April 16 April 18 |
X Developers' Conference 2008 |
Mountain View, CA, USA |
April 16 April 18 |
X Developers' Conference for 2008 |
Mountain View, USA |
April 16 April 18 |
Croatian Linux User Conference |
Zagreb, Croatia |
April 17 April 19 |
9th International Free Software Forum |
Porto Alegre, Brazil |
April 18 April 19 |
Third Annual Silicon Valley Ruby Conference |
San Jose, CA, USA |
April 18 April 20 |
National Collegiate Cyber Defense Competition |
San Antonio, TX, USA |
April 18 April 20 |
Penguicon 2008 |
Troy, Michigan, USA |
April 21 April 25 |
Open Source meets Industry: Application Park and International Congress |
Hannover, Germany |
| April 22 |
The Mobile Future |
Santa Clara, CA, USA |
April 22 April 25 |
Web 2.0 Expo |
San Francisco, CA, USA |
| April 22 |
OSADL International Congress |
Hannover, Germany |
April 23 April 24 |
Troopers 2008 Security Conference |
Munich, Germany |
| April 23 |
Linux Foundation Spring Legal Summit |
Schaumburg, IL, USA |
April 25 April 29 |
Open Tech Summit Taiwan 2008 |
Taipei, Taiwan |
April 25 April 26 |
Guademy 2008 |
Valencia, Spain |
April 27 May 2 |
INTEROP Las Vegas 2008 |
Las Vegas, NV, USA |
April 28 May 4 |
Monotone Developer Summit |
Wuppertal, Germany |
May 2 May 3 |
Maker Faire Bay Area |
San Mateo, CA, USA |
May 5 May 9 |
Ruby on Rails Bootcamp with Charles B. Quinn |
Atlanta, Georgia, USA |
| May 8 |
Embedded Masterclass 2008 |
London, UK |
May 8 May 11 |
Libre Graphics Meeting 2008 |
Wroclaw, Poland |
May 8 May 9 |
IV WHYFLOSS CONFERENCE MADRID 08 |
Madrid, Spain |
May 9 May 11 |
Pycon Italia Due |
Firenze, Italy |
May 12 May 14 |
Where 2.0 Conference |
Burlingame, CA, USA |
| May 13 |
Embedded Masterclass 2008 |
Bristol, UK |
| May 15 |
NLUUG spring conference 2008 |
Ede, the Netherlands |
May 15 May 16 |
YAPC::Asia 2008 |
Tokyo, Japan |
May 15 May 16 |
V WHYFLOSS CONFERENCE CORRIENTES 08 |
Corrientes, Argentina |
May 16 May 17 |
FOSSCamp 2008 |
Prague, Czech Republic |
May 17 May 18 |
4th Int. Workshop on Software Engineering for Secure Systems (SESS'08) |
Leipzig, Germany |
May 17 May 18 |
French-speaking Python Days |
Paris, France |
May 19 May 23 |
AFS and Kerberos Best Practices Workshop 2008 |
Newark, NJ, USA |
May 20 May 23 |
PGCon 2008 |
Ottawa, Ontario, Canada |
May 20 May 21 |
Digital Standards Organization (Digistan) Workshop |
The Hague, The Netherlands |
May 21 May 22 |
EUSecWest 2008 |
London, England |
May 21 May 22 |
linuxdays.ch Genève |
Genève, Switzerland |
If your event does not appear here, please
tell us about it.
Page editor: Forrest Cook
|
|
|