Showing all newswire headlines

Several local root exploits have been discovered recently in the Linux kernel. This security advisory updates the PowerPC/Apus kernel for Debian GNU/Linux. The Common Vulnerabilities and Exposures project identifies the following problems that are fixed with this update:

There were some minimal changes relative to the last -rc4, mostly some configuration and build fixes, but a few important one-liners too. Changelog within.

Several local root exploits have been discovered recently in the Linux kernel. This security advisory updates the PowerPC/Apus kernel for Debian GNU/Linux. The Common Vulnerabilities and Exposures project identifies the following problems that are fixed with this update:

A medial software group hopes to prevent commercial "hijacking" of its healthcare messaging product, Argus, by vesting ownership in a new not-for-profit body, the Argus Foundation.

Red Hat Professional Workstation was designed to allow former users of the company's consumer product line to continue to use a supported platform without having to migrate to Red Hat Enterprise Linux. Unfortunately, it fails to live up to its predecessors in key areas, and is considerably more expensive in some usage scenarios. Home users should look to the Fedora Project if they wish to continue using Red Hat technology, or consider migrating to another Linux distribution. Small businesses should analyse their current expenditure and consider migrating to another vendor.

An application of the Linux Terminal Server Project in Manitoba's largest high school.

It's rare to find a PHP/PERL/Python developer who is also a database administrator. This is understandable. If they really spent time doing real database administration, their application development skills (or, at the very least, timelines) would suffer greatly for it. However, in some situations, where the back end is concerned, what you don't know can have a non-trivial and negative affect on your application's performance or security. At the very least, it will cause you to write a significant amount of front end code to do things a database feature might do for you with just a line or two of SQL or the tweaking of a configuration directive.

Paul Starzetz and Wojciech Purczynski of isec.pl discovered a critical security vulnerability in the memory management code of Linux inside the mremap(2) system call. Due to missing function return value check of internal functions a local attacker can gain root privileges.

The kernel package contains the Linux kernel (vmlinuz), the core of your Trustix Secure Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc.

New metamail packages are available for Slackware 8.1, 9.0, 9.1, and -current. These fix two format string bugs and two buffer overflows which could lead to unauthorized code execution.

Oliver Eikemeier has reported a vulnerability in clamav, which can be exploited by a malformed uuencoded message causing a denial of service for programs that rely on the clamav daemon, such as SMTP daemons.

Updated kernel packages that fix security vulnerabilities which may allow local users to gain root privileges are now available. These packages also resolve other minor issues.

New kernels are available for Slackware 9.1 and -current to fix a bounds-checking problem in the kernel's mremap() call which could be used by a local attacker to gain root privileges. Please note that this is not the same issue as CAN-2003-0985 which was fixed in early January.

[LXer Editor: The ACCC is the "Australian Competition and Consumer Commission"] An open source industry cluster in Victoria has asked the consumer watchdog to investigate concerns which it says have arisen from the SCO Group's announcement, on January 20, of the availability of a licence in Australia and New Zealand which "permits the use of SCO's intellectual property, in binary form only, as contained in Linux distributions."

Couldn't stop myself from trying the new Fedora 2-test1 release, even if it is an alpha!

Open Solutions Inc., a provider of integrated data processing technologies for community financial institutions, announced it has successfully completed its Linux pilot program and has validated Linux running in a live processing environment.

The Linux desktop is almost ready for prime time. Almost, I said. That's no mean feat, considering the two big challenges it faces in the workplace. On one hand, enterprises have relied for years on the potential manageability of the Windows platform; on the other hand, many users equate slicker graphics with better performance. Unfortunately, pretty pictures aren't enough to convince IT that there's anything as manageable as a Windows desktop is; if that were the case, Apple would rule the desktop.

The open-source community argues that with thousands of eyes looking at the code, the code is much more robust and the security of the resulting products is near absolute. But any CIO or CFO who hasn't heard that this is the method of the open-source community -- and who will be going through an IT audit -- will probably be reaching for the heart-attack pills about now.

Welcome to this year's seventh issue of DWN, the weekly newsletter for the Debian community. The debian-desktop sub-project has announced an IRC meeting on Wednesday, February 25th. Andrea Mennucc conducted several Google searches and found out that Debian is ranked in the middle field of popular distributions. Pablo Lorenzzoni also announced that registration for this years' Debian conference has opened.

If anyone has knowledge or evidence about who developed the virus, I hope he or she will come forth and make an accusation against specific people based on specific proof. But nobody should make accusations without proof, and there is no excuse for guilt by association. Not in New York, not in Cambridge, and not in the Free World.