LWN.net Weekly Edition for August 26, 2004

IBM brings the GPL to court

IBM's memo in support of its motion for a partial summary judgment on its copyright counterclaims is now available, via Groklaw, in plain text format. This one is truly worth a read; it is far shorter than the complex memo for IBM's other motion (the attempt to do away with the breach of contract charges), and it shows just how a GPL infringement case can be brought to court. SCO, which has made its disdain for the GPL clear over the last year and a half, is going to have an interesting time trying to dance around this one.

Summary judgment motions depend on the lack of a dispute over the relevant facts, so IBM leads off with its list of the facts which, it says, are undisputed. The very first one is a statement that Linux development started with Linus; this, of course, is very much a disputed fact in many circles. The SCO Group, however, is unlikely to have a great interest in ensuring that the GNU Project gets proper credit for its work, and thus will probably not make a big deal out of this issue in court.

IBM goes on to list its contributions to Linux; these include the Enterprise Volume Management System (which was never actually merged into the kernel), PowerPC64 support, the Omni print driver, JFS, PCI hotplug support, and more. Copyrights for all of these contributions have been registered. Each contribution is also listed with the exact number of lines of code; IBM is showing that it is possible to be specific about such topics. IBM points out just where SCO has distributed copies of each of the claimed contributions to Linux.

The final set of "undisputed facts" has to do with the GPL and SCO's actions relative to the GPL. IBM notes that it has not authorized the copying, modification, or distribution of its code except under the terms of the GPL. SCO, meanwhile, has denied the validity of the GPL and has attempted to add restrictions to IBM's GPL-licensed code by way of its lawsuit threats and "Linux license" scheme.

Several paragraphs describing SCO's activities have been redacted from the publicly-available version of the memo. It would be most interesting to know what IBM is arguing that cannot be made available to the world as a whole.

With the "undisputed facts" in place, IBM moves on to the "argument" portion of its memorandum. The first step is to reiterate that IBM owns its copyrights, and that SCO has, beyond doubt, redistributed the code. The full memo includes a "side-by-side comparison" of IBM's code with the version that appeared in SCO Linux Server 4.0. This step may have been a bit more than was truly necessary, given that SCO does not dispute that it distributes Linux, but IBM is being sure that all the bases are covered.

IBM still has to show that SCO's copying was copyright infringement, however. So that's where the argument goes next:

As stated, IBM has not authorized the copying, modification, or distribution of the IBM Copyrighted Works, except pursuant to the terms of the GPL or LGPL. SCO does not have permission or any license to copy, modify, or distribute the IBM Copyrighted Works for at least two independent reasons: (1) SCO has repudiated and disclaimed the GPL (and thus also the LGPL) as a source of legal rights, and (2) SCO has breached the GPL and LGPL and thus lost any rights it might have had under the GPL or LGPL.

The first argument is interesting. IBM has no trouble citing statements from SCO challenging the validity of the GPL; some of them appear in SCO's own filings in the same case. But the argument that, by publicly trashing the GPL, SCO has forfeited its right to distribute GPL-licensed code does not convince everybody. The case law on the subject appears to be inconclusive; there is no real way to know how the court will treat this argument until the time comes.

The second part of the argument - that SCO has flat-out breached the terms of the GPL - is more straightforward. SCO has very clearly attempted to impose additional restrictions on GPL-licensed code, and that is not an action that the GPL allows. IBM should have little trouble establishing this breach as a fact.

Inquiring minds are most curious to see how SCO will respond to this argument. SCO's lawyers would appear to have these options:

Argue that SCO could not have breached the GPL, because the GPL is not a valid license. As has been pointed out many times, this argument puts SCO into a position of clear infringement: if the GPL is not a valid license, then SCO has no license to distribute IBM's code.
Argue that SCO has adhered to the terms of the GPL. The facts say otherwise in the strongest of terms, however; every time SCO states that Linux cannot be used without an additional license - while still distributing the code in question - is a clear breach of the license.
Argue the the GPL gives SCO the right to redistribute the code, but that the GPL's prohibition on additional restrictions does not apply, or cannot be enforced. This argument would be an attempt to get the court to turn the GPL into something closer to the BSD license.

The third alternative above is the only one which holds out any hope for SCO in this case. Given that the U.S. courts have, in general, not been hospitable to the idea of rolling back the rights of copyright holders, it seems unlikely that this court would take a different tack now. It is also hard to see how the court could strike sections of the GPL without creating grave difficulties for many other software licenses.

So SCO is unlikely to prevail in an attempt to disable the operative terms of the GPL - in the long term. What SCO might be able to do is to create enough confusion around the issue that the judge is unable to hand down a summary judgment. In that case, IBM would have to argue its case in a full court trial next year, and SCO would get some breathing room to continue its campaign.

Such an outcome seems improbable, however. The facts seem clear, and SCO appears to be very much on the wrong side of them. In your editor's untrustworthy opinion, IBM seems much more likely to prevail on this motion than on its companion motion regarding the breach of contract claims. That result would clearly paint SCO's actions as an infringement of copyright, and it would put an end to SCO's attempts to put a tax on Linux. At the same time, it would put an end to claims that the GPL has never been tested in court. That would, needless to say, be an interesting day.

Comments (20 posted)

Other happenings on the SCO front

The hearing date for IBM's motion for a partial summary judgment on its tenth counterclaim (seeking a declaration that none of its Linux activities infringe upon SCO's copyrights) and SCO's attempt to dismiss that counterclaim is coming. So the memos to the court are flying in all directions.

SCO has filed its reply memorandum (PDF format) in support of its motion to dismiss or stay count ten. Therein, SCO claims that IBM's counterclaim is not "compulsory," that, instead, it is unrelated to the main case and could be considered separately. SCO says that IBM's counterclaim adds "undue complication and complexity" to the case, and thus should be dismissed. SCO wants the issue to simply go away.

IBM has also filed a reply memorandum (PDF); this one is in support of its motion for a partial summary judgment on the tenth counterclaim. It makes for interesting reading; IBM is putting its full strength into ripping apart SCO's claims. IBM's reasoning is, essentially:

SCO has made repeated public claims that the Linux kernel contains code copied directly from Unix, so the issue is relevant.
SCO has never shown any evidence that this copying has occurred, and has no such evidence to show.
The only thing that was even close to evidence was a declaration by Sandeep Gupta. IBM says it should be ignored because it was filed too late, because Mr. Gupta has no personal knowledge that would make him an expert witness, and the approach he used to compare Unix and Linux code is flawed.
In support of its position, IBM has submitted a declaration from one Brian Kernighan on the flaws in the code comparison methodology and stating that Mr. Gupta's results are incorrect. When it comes to Unix code, one might assume that Mr. Kernighan has a bit of expertise to draw on.
SCO's claims that it needs more time for discovery are bogus because SCO has been saying for over a year that it has tons of evidence already.
SCO did not even bother to try to answer most of IBM's "undisputed facts," and its filing was not organized properly.
SCO can't even put up convincing evidence that it owns the copyrights on Unix.

The memo goes on for 56 pages; it is an interesting read. It has long been clear that SCO management's public statements would come back to haunt the company; IBM is now doing its best to make that happen.

IBM has also been busy trying to strike the declarations SCO has been filing in support of its positions. IBM's reasoning is usually that the person making the declaration is in no position to know what he is talking about. For some amusement, see this version of John Harrop's declaration posted on Groklaw; all of the portions which IBM wishes to strike have been indicated there. If IBM is successful, little of the declaration will remain.

SCO is due to report its third quarter results. That announcement will, according to this press release, happen on August 31. SCO should be able to show more SCOsource income this time around, since the money from EV1Servers.Net should finally appear in its accounting. It is hard to imagine the numbers as a whole being good, however.

SCO has announced, again, that it has made peace with BayStar. It might have actually happened this time.

Comments (3 posted)

Grokking the Grokster Decision

August 25, 2004

By Pamela Jones, Editor of Groklaw

The best way to understand what a case means if, like me, you aren't a lawyer, is to ask some. In the recent decision in MGM v. Grokster et al, filed on August 19, it's easy to do so, because there were amici briefs filed by law professors on both sides of the question. There is no better way to understand what a case is about than to read such briefs. The Electric Frontier Foundation, which represented StreamCast Networks, Inc., one of the victorious defendants, has made the legal documents available.

On MGM's side, 9 law professors submitted an amicus brief explaining why they felt the lower court had made a mistake in granting Grokster and StreamCast a partial summary judgment and requesting that the Ninth Circuit Court of Appeals reverse the decision. On the other side, 40 law professors submitted an opposing amicus brief, supporting the lower court's decision and urging the Ninth Circuit Court of Appeals to affirm it. Both groups tried to persuade the three-judge panel that the law was on their side.

All of this goes to show you that the law is not reliable like math. You don't ever want to plot a course to Mars based on legal opinions, because you might not arrive safely at your destination. You can always find a lawyer somewhere who will argue a side, both sides, or all sides of any issue. In the Grokster case, some of the finest lawyers in the world contributed their thoughts, on both sides, making it one of the most interesting and significant cases of the year.

The appeals court decision was extraordinary, in that they accepted what can best be described as arguments you can find in Larry Lessig's book, "Free Culture," argued most ably by EFF's Fred von Lohmann for StreamCast and Michael Page of Keker & Van Nest for Grokster. The oral arguments are a delight to listen to, and EFF has them available as Ogg, WMA and MP3 files. Groklaw has made an unofficial transcript of the proceedings.

The court decided to draw a line in the sand and tell the Hollywood copyright forces that their push to extend and morph copyright law beyond its current borders, in effect to rewrite the Supreme Court's 1984 Sony- Betamax decision (Sony Corporation of America v. Universal City Studios, Inc., 464 U.S. 417, 104 S. Ct. 774, 78 L. Ed. 2d 574 ), so as to make it easier to go after contributory infringers, was unacceptable. Sony held that as long as a technology has substantial non-infringing uses, it can't be held liable for copyright infringement by users. The Hollywood copyright forces were trying to get the court to accept instead the new idea that if infringement levels reached a certain percentage, then manufacturers and programmers could be held liable.

Remembering that this is the same appeals court that upheld Napster, it's an extraordinary development and, in my opinion, a most significant victory, particularly for programmers, who stood to lose a great deal had the case gone the other way. Why? Because the copyright forces wanted to hold distributors of software tools -- and that means programmers too, not just companies -- liable for the infringements of end users.

It was nothing less than an attempt, as the ruling put it, to get the judiciary to fashion a new way to go after distributors and programmers for vicarious and contributory copyright infringement. Why? Simply because, as the law professors on MGM's side delicately put it, such a transmogrification would satisfy "the policy interests of indirect liability -- particularly for online infringement, where locating, suing, enjoining and recovering from millions of direct infringers is extremely difficult and inefficient."

In short, MGM and the music industry wanted the courts to make it easy for them. Going after the actual infringers on P2P systems is hard and expensive. So, they asked the court to let them go after those making and distributing software that some might use for the infringement instead. The conceivable consequences of such an expansion of vicarious liability were set forth in oral argument by Mr. Page:

To expand the law of vicarious liability, to attach liability to anyone who in theory could have acted as a policeman, leaves no border on it at all and leaves every technology vendor, every inventor, every merchant at the mercy of copyright holders who want to look around and go, 'You could have done something about this. You're liable.'

The court refused, based on the Sony-Betamax case, telling them to get Congress to fashion a more nuanced remedy than any court can give. Distinguishing the technology of Napster from that of Morpheus and Grokster (the centralized server in the former), the court noted that 10% of files shared on the systems are non-infringing, which is, in the words of Judge Noonan in the oral hearings, "a lot of files".

The court accepted the argument that every new technology is met by the music and entertainment industry with cries of theft and predictions of copyright doom along with demands that courts shut down the new technology. This happened with the invention of cassette recorders, VCRs, radio, and cable, as Lessig points out in "Free Culture". But throughout history, US courts have been loathe to kill a new technology just to satisfy the old, vested interests affected by the new tech. Once again, the court has told those clamoring for a judicial remedy that they must seek a remedy in the legislature, if any is to be found.

Jason Shultz, an attorney with EFF, explains the significance of the Grokster decision, particularly to programmers:

One of the biggest wins in Grokster for programmers was the explicit rejection of two principles that the RIAA and MPAA were pushing the Court to adopt in order to 'update' the Sony Betamax rule. If either rule had been adopted for Peer to Peer companies, it would have applied to programmers as well. Both rules would have been disastrous.

1) The first was that makers of technology (including programmers) should be liable for the infringements of their users based on the proportion of users who use the technology to infringe, instead of whether or not the code is merely capable of substantial non-infringing uses. The Plaintiffs argued that since over 90% of P2P users infringed copyright, that was high enough to hold the programmers and distributors liable. This would have been a very dangerous rule for any programmer, especially those who release open source code, because it is almost impossible to predict all the ways in which your users will employ your code. . . . [T]o hold . . . programmers . . . liable for the future, unpredictable and unintended uses of code would change the legal landscape of programming dramatically and make it a very dangerous road to go down. Fortunately, the Court rejected this attempt to 'update' Sony Betamax and stuck with the time-honored rule that any technology with a substantial non-infringing use cannot be held contributorily liable for infringements by end users.

2) The second major victory was an explicit rejection of the RIAA/MPAA's other proposal --- that under vicarious liability, programmers and distributors of technology should be held liable for end user infringements if they could have re-designed their products to allow less infringement, but didn't. In this case, the MPAA/RIAA argued that the P2P companies could have forced updates on users that installed filters into their programs to filter out copyrighted works, but didn't. This 'willful blindness', Hollywood argued, should make the P2P companies responsible for the infringements of their end users. Such a ruling would have been an absolute nightmare for any programmer, not only because again, it is almost impossible to predict all the ways one will use a program to infringe and then preemptively restrict them, but also because the reality is that no venture capitalist will fund a software project in such a world. If programmers and companies are liable unless they make their programs as incapable of copying as possible, very few programs will ever be written. The only pragmatic way to release a program, then, is to get MPAA/RIAA approval beforehand -- essentially handing Hollywood veto power over any new code or program released. Again, the Court rejected this approach, giving programmers protection from both financial ruin and attempts to undermine their freedom to write code as they see fit.

EFF took the case for just these reasons. We saw how Hollywood wanted to change the law and all the bad precedent it would set. So we defended the P2P companies on these principles in order to protect every technology maker, including open source programmers. Under the eyes of the law, even non-commercial open source programmers are no different that P2P companies and without the legal protections in Grokster, all programmers would suffer. Thus, EFF stepped up to the plate to defend the freedom to code for everyone.

They not only stepped up to the plate. They hit a home run. Of course, the losing side has the option of an appeal to the Supreme Court. And, as it happens -- actually, I'm sure it's no happenstance -- there is already an attempt to overturn Grokster's holding, by means of the Inducing Infringement of Copyrights Act of 2004 [INDUCE], currently working its way though Congress, with the backing of the RIAA/MPAA. It is sponsored by Senators Patrick Leahy and Orrin Hatch, who has said it is explicitly meant to reverse Grokster, so as to accomplish the very things that the Ninth Circuit Court of Appeals just rejected. Such a law would find companies and programmers liable if they release code that makes it easier for copyright infringement to occur, although in light of this stunning Grokster ruling, they may find it is a harder sell now, since its language, as well as Mr. Hatch's in pushing it, contradicts the Ninth Circuit Court of Appeals' decision.

Yes, that Mr. Hatch, the father of one of the attorneys representing SCO, Brent Hatch. The apple doesn't fall very far from the tree.

In a case like this, it makes sense to distribute the result via the available peer-to-peer networks. So, for those whose browsers are set up for such things, the EFF has published a magnet link and an ed2k link for downloading the decision. It doesn't hurt to boost the clearly non-infringing content available on P2P networks. One thing about the Hollywood copyright sharks: you can be sure they'll be circling back around.

Comments (13 posted)

Novell's results

August 25, 2004

This article was contributed by Joe 'Zonker' Brockmeier.

Novell announced its 3rd quarter financial results on Thursday of last week. To get some additional information on Novell's results, we spoke to Novell spokesperson Bruce Lowry about the results, and how the purchase of SUSE Linux and Ximian is working out for Novell.

First on the agenda was Novell's financial results. Novell brought in $305 million in the third quarter, with a profit of $23 million, compared to $283 million in the third quarter of 2003 and a loss of $12 million during that period. Part of Novell's overall profits this quarter resulted from one-time payment of $19 million from The Canopy Group.

Overall, Lowry said that the company was happy with the profit from the third quarter, but "a little disappointed with the top-line revenue number". He explained that the sales of the company's Netware products had slowed their decline in recent quarters, but resumed a 12 percent decline in sales in the third quarter.

While Novell's other product lines have not been meeting expectations, SUSE Linux provided a welcome boost to Novell's bottom line this quarter. SUSE's revenues were up $2 million in the quarter, a 20 percent increase from the second quarter. A big factor in SUSE's increased revenues was a single customer that ordered 12,000 subscriptions to SUSE Enterprise. Lowry wouldn't disclose the customer's name, but said that the customer is a venture-backed company using SUSE in a "ASP sort of environment".

The $12 million in revenue from SUSE products broke down into three parts, $4 million was from subscription revenue, $5 million was from SUSE retail sales, and $3 million included "tech support alliance fees and other software products from SUSE Linux". Lowry noted that the SUSE subscriptions would continue to show revenue in future quarters, as subscription revenue is distributed over the life of the subscription rather than reported entirely in one quarter.

Ximian's revenue is not broken out separately by Novell, as the company mainly purchased Ximian as "a technology buy".

We basically said that the impact on earnings would be negligible...it's almost impossible to do that now. The major products were Ximian Desktop, which we're now combining into SUSE, hopefully later this year. The other main sort of component was Red Carpet Enterprise... what we did was added [that] to ZENworks.

We asked Lowry how the integration of SUSE and Ximian into Novell was going. Lowry said that the Ximian integration into Novell was "totally complete" and that the SUSE integration is "moving forward very rapidly", but noted that there was still work to be done, and that integrating a German company into Novell presented additional complications.

Lowry declined to offer specifics about the upcoming SUSE release with Ximian Desktop integrated into the release, saying that Novell was being "pretty tight-lipped" about the release. However, Lowry said that SUSE will continue to support KDE and GNOME.

It seems to be an issue that people continue to be hooked on, that we're trying to get beyond. But, we're trying to give people choice. We'll be adding the things you'd expect Novell to add... it's obviously going to be focused on the enterprise user.

We also asked whether the company would also be pushing Mono in its SUSE product line in order to help adoption of Mono. Lowry said that Mono is not shipped with SUSE Linux Enterprise Server 9, and said that Novell has "talked very loosely about it appearing in the desktop".

It's still very much an early stage thing, I have heard talk of pilot deployments of Mono in corporate environments. It's still fairly narrow...it's definitely an early stage technology.

He did say that Novell had been using Mono more for internal projects, and mentioned Novell's iFolder, which is now written with Mono. Lowry also mentioned the addition of JBoss to SUSE Linux Enterprise Server 9, and to the next major release of Novell exteNd as a replacement for Novell exteNd Application Server.

We'll be replacing the proprietary application server in the next major release, eating our own dogfood. We're going to look at open source and leverage open source where we can. It makes no sense to try to compete with a proprietary product in the same place... it's a mixed world. It's hard to envision a scenario where everything becomes open source.

It should be interesting to see how Novell continues to balance between open source and proprietary offerings. With iFolder, Ximian's Evolution Connector, and SUSE YaST, Novell has shown that it is willing to open source some of its technology when it makes sense for the company to do so -- and so long as that technology isn't a profit center for Novell.

Unfortunately, Novell does seem to be backing away from support of other distributions with Ximian Desktop, with only SUSE and older versions of Red Hat Linux listed as supported. Overall, though, it seems that Novell's entry into the Linux market has been both successful and beneficial for the community and has certainly been beneficial for Novell. Though Novell's income from SUSE is currently only a small fraction of their revenue, it does seem to be Novell's best chance for growth.

Comments (3 posted)

Page editor: Jonathan Corbet

Security

Distribution of security fixes

The LD_DEBUG environment variable is one of those obscure, useful features found in glibc. By setting LD_DEBUG to one of a few specific values (use help to get the full list), you can get a great deal of information on just how the dynamic library loader is resolving symbols and performing relocation. This information can be most useful for tracking down certain kinds of obscure shareable library problems.

LD_DEBUG can be verbose; it can also provide information about security-critical programs - especially those running setuid - which perhaps should not be made available to just anybody. The large amount of output created by LD_DEBUG can also be used as a sort of poor-man's single-stepping mechanism. If you can control when the standard output will block, you can stop a setuid program at almost any library call. This capability can be most useful if you are trying to exploit a difficult race condition, such as a temporary file vulnerability. The ability to stop a program at an arbitrary point can turn a small, difficult window into a wide-open one which can be exploited at leisure.

Thus, it would make sense to disallow LD_DEBUG for setuid binaries. Unfortunately, this didn't occur to the glibc implementors, who did not add any checks for setuid operation in the LD_DEBUG code. Gentoo has recently issued an update fixing the problem; no other distributors have followed suit as of this writing.

As it turns out, some distributors do not need to. OpenWall fixed this problem over three years ago; ALT Linux also patched glibc in its distribution. Somehow, however, the fixes applied by these distributors never got into wider distribution.

This is not the first time that somebody has discovered a security problem for which a fix had been available for years. These incidents are, at best, a missed opportunity: known holes with available fixes remain unpatched for long periods of time. A less pleasant possibility is that crackers can look at the patches applied by security-conscious distributions (such as OpenWall) in search of holes which have not been fixed elsewhere. Security fixes are best applied universally.

The obvious way to ensure widespread diffusion of security fixes is to submit them back to the package's maintainer. Such patches should almost always be accepted - or the maintainer should come up with a better way to fix the problem. If the maintainer refuses to fix the problem, there is always the time-honored technique of posting an advisory to Bugtraq. What should not be an option is keeping security fixes to ones self.

Comments (16 posted)

New vulnerabilities

Cacti: SQL injection vulnerability

Package(s):

cacti

CVE #(s):

Created:

August 23, 2004

Updated:

August 25, 2004

Description:

Cacti is vulnerable to a SQL injection attack where an attacker may inject SQL into the Username field. An attacker could use these vulnerabilities to compromise the Cacti service and potentially execute programs with the permissions of the user running Cacti.

Alerts:

Gentoo	200408-21-err	cacti	2004-08-23
Gentoo	200408-21	cacti	2004-08-23

Filesystem	Space usage
Filesystem	Empty	New kernel tree	Built kernel tree
reiser4	188	206,000	659,000
ext3	32,800	271,000	727,000

Filesystem	Test
Filesystem	Untar	Build	Grep	find (name)	find (stat)
reiser4	67/41	1583/386	78/12	12.5/1.3	15.2/4.0
ext3	55/24	1400/217	62/8	10.4/1.1	12.1/2.5

Date	Event	Location
August 26 - 29, 2004	KDE Community World Summit 2004(aKademy)	(Filmakademie Ludwigsburg)Ludwigsburg (Stuttgart Region), Germany
September 2 - 3, 2004	Python for Scientific Computing(SciPy)	(CalTech)Pasadena, CA
September 2 - 4, 2004	2nd Swiss Unix Conference	(Technopark)Zurich, Switzerland
September 9 - 10, 2004	Linux Expo Shanghai	(Shanghai Exhibition Center)Shanghai, China
September 13 - 16, 2004	Embedded Systems Conference	(Hynes Convention Center)Boston, MA
September 15 - 17, 2004	YAPC::Europe 2004	Belfast, Northern Ireland
September 20 - 23, 2004	New Security Paradigms Workshop(NSPW)	(White Point Beach Resort)Nova Scotia
September 20 - 22, 2004	Plone Conference 2004	Vienna, Austria.
September 22 - 24, 2004	OpenOffice.org Conference(OOoCon 2004)	(Humboldt University)Berlin, Germany
September 22 - 24, 2004	php\|works 2004	(Holiday Inn Yorkdale Hotel & Conference Centre)Toronto, Canada
September 27 - October 1, 2004	4th International SANE Conference(SANE)	(Amsterdam RAI Centre)Amsterdam, The Netherlands
September 27 - 29, 2004	ConSec '04	(J.J.Pickle Research Center)Austin, Texas
September 29 - October 1, 2004	OSCOM 4	(Swiss Federal Institute of Technology)Zurich, Switzerland
October 2, 2004	Ohio LinuxFest	Columbus, Ohio
October 6 - 7, 2004	LinuxWorld Conference and Expo	(Olympia Exhibition Centre)London, England, UK
October 8 - 10, 2004	Linucon	(Red Lion Hotel)Austin, TX
October 10 - 17, 2004	MySQL Swell	Across the Mediterranean
October 11 - 15, 2004	11th Annual Tcl/Tk Conference	(Bourbon Orleans Hotel)New Orleans, LA
October 21 - 22, 2004	Web.It 2004	Bari, Italy
October 21 - 22, 2004	5. Encuentro Linux	Valparaiso, Chile

LWN.net Weekly Edition for August 26, 2004

Security

New vulnerabilities

Cacti: SQL injection vulnerability

courier-imap: Remote Format String Vulnerability

icecast-server: missing escape

qt3: BMP image parser heap overflow

roundup: remote file access vulnerability

zlib: denial of service

Kernel development

Brief items

Kernel development news

Patches and updates

Kernel trees

Architecture-specific

Core kernel code

Development tools

Device drivers

Documentation

Filesystems and block I/O

Janitorial

Memory management

Security-related

Benchmarks and bugs

Miscellaneous

Distributions

News and Editorials

Distribution News

Minor distribution updates

Distribution reviews

Development

System Applications

Database Software

Interoperability

Mail Software

Networking Tools

Peer to Peer

Printing

Web Site Development

Miscellaneous

Desktop Applications

Audio Applications

Desktop Environments

Desktop Publishing

Electronics

Financial Applications

Games

Graphics

GUI Packages

Interoperability

Music Applications

News Readers

PDA Software

Web Browsers

Miscellaneous

Languages and Tools

Assembly Language

Caml

Lisp

Python

Scheme

Tcl/Tk

XML

Build Tools

IDEs

Miscellaneous

Linux in the news

Recommended Reading

Trade Shows and Conferences