Showing all newswire headlines

We are approaching the published end of life date for errata support for our final Red Hat Linux distribution. We'd like to remind you of this date and the options available to you for migrating your Red Hat Linux implementations: Red Hat Enterprise Linux and the Fedora Project.

A project to catalogue and describe security vulnerabilities, derived from the ideals of the open source movement, opened to the public yesterday (31 March). The Open Source Vulnerability Database (OSVDB) aims to plug what it sees a gap in information security market.

While acknowledging obstacles remain, a Sun Microsystems official on Tuesday left open the possibility that Sun might offer its Java programming language under an open source format.

JSR 133, which has been active for nearly three years, has recently issued its public recommendation on what to do about the Java Memory Model (JMM). In part 1 of this series, the author focused on some of the serious flaws that were found in the original JMM, which resulted in some surprisingly difficult semantics for concepts that were supposed to be simple. This month, he reveals how the semantics of volatile and final will change under the new JMM, changes that will bring their semantics in line with most developers' intuition. Some of these changes are already present in JDK 1.4; others will have to wait until JDK 1.5.

In this issue we cover the release of Fedora Core 2 test2, talk a bit about the X.org replacement of XFree86, have some Yum tips, look into SELinux again, and much more.

According to a security advisory [0] from the vendor, a vulnerability exists in the URL unescaping logic of the Squid Web Proxy Cache [1]. This bug could allow an attacker to bypass certain access controls by inserting a NUL character into decoded URLs. The Common Vulnerabilities and Exposures (CVE) project assigned the id CAN-2004-0189 [2] to the problem.

The Mozilla Foundation's new Firefox 0.8 Web browser, once known as Firebird, is a great alternative for those who long for a change of pace from Microsoft's Internet Explorer.

Several local root exploits have been discovered recently in the Linux kernel. This security advisory updates the mips kernel 2.4.19 for Debian GNU/Linux.

The Training Camp, education centers that offer IT certifications, has been designated an LPI-US approved training partner by the Linux Professional Institute. LPI offers vendor-neutral Linux certifications for IT professionals and enthusiasts.

Open source proponent OpenOSX has announced that Gimp 2.0.0, built to run in Mac OS X v.10.3 "Panther," is available now. The application provides a Mac interface for the popular GIMP (GNU Image Manipulation Program).

Debian Security Advisories (DSA) have been declared CVE-compatible at the RSA Conference 2004, in San Francisco, February 24th, 2004.

As the bigger guns in the enterprise Linux space move to commercialize their software as much as possible, the Debian project continues to provide a Linux distribution that offers organizations the sort of commodity infrastructure for which Linux was originally known.

Japan, China and South Korea will meet to consider standardising ways to use the Linux operating system as a viable alternative to Microsoft Windows. A meeting of senior officials from the three East Asian countries will be held in Beijing on Saturday on policies related to information technologies, an official at the Japanese Ministry of Economy, Trade and Industry said.

Two years ago, when Rick Carey was chief technology architect at Merrill Lynch, he was crazy about Linux and especially about Red Hat, the leading Linux distributor. At the time, he was leading the charge to migrate all of the computer systems at Merrill to Linux. But these days, things have changed. Carey, who is now chief technology architect at Bank One, says that although he still likes Linux, he's not rushing into any deployments of the open-source operating system. Chicago-based Bank One has run some Linux pilot programs, but it is not planning any big roll-outs, Carey says.

Thales Group used MontaVista Linux to minimize hardware resources and maximize functionality in its new parking lot fare collection system, it says. The "Largo WiLi" system has operated successfully at Paris Orly airport since May 2003, and at Paris Charles de Gaulle airport since November 2003.

Sun Microsystems at its quarterly "software summit" Tuesday announced that the beta version of Java Studio Creator, its drag-and-drop, rapid application development platform, is now available for download, with general access for the final build scheduled for sometime in June.

Open Source Risk Management, a company hoping to profit from intensifying legal scrutiny of Linux and other open-source programs, will take a first step in its plan with a $495 seminar series, the company said Wednesday.

Wind River was named the overall Best of Show winner at the 2004 Embedded Systems Conference (ESC) for its full-scale replica of the VxWorks-based Mars Rover. Category winners were also announced for six device categories.

ith a graphical user interface (GUI). This update fixes several vulnerabilities[2] in Ethereal.

This update fixes a buffer overflow vulnerability[1,2] in the URI parsing code of the nanoftp and nanohttp modules of libxml2.