A flaw in libxml2 versions prior to 2.6.6 was found by Yuuichi Teranishi. When fetching a remote source via FTP or HTTP, libxml2 uses special parsing routines that can overflow a buffer if passed a very long URL. In the event that the attacker can find a program that uses libxml2 which parses remote resources and allows them to influence the URL, this flaw could be used to execute arbitrary code. The updated packages provide a backported fix to correct the problem.
The NISCC uncovered bugs in pwlib prior to version 1.6.0 via a test suite for the H.225 protocol. An attacker could trigger these bugs by sending carefully crafted messages to an application that uses pwlib, and the severity would vary based on the application, but likely would result in a Denial of Service (DoS).
A change in licensing terms by the well-known open source projects Apache and XFree86 has led to the Free Software Foundation listing both licences as being incompatible with the General Public Licence or GPL.
PHP's creator offers his thoughts on the PHP phenomenon, what has shaped and motivated the language, and where the PHP movement is heading
OpenLDAP is an open source suite of software that includes the LDAP server daemon (slapd), a replication daemon (slurpd) and a small collection of command line client tools, like ldapsearch and ldapadd, among others. In this article, we'll set up and populate a small but functional LDAP server using the slapd daemon, and start to make use of it with a Linux client.
Tips, news, and other fun content from the Mozilla group.
On March 13th there's going to be a bug squish fest at the Sydney University by is local user group. Isaac Jones described that reporting and fixing bugs in software one uses frequently is one of the easiest ways to get involved in Free Software. Bradley Kuhn reminded us of the GIF patent that IBM holds until 2006, even though the Unisys patent will expire soon.
Updated kernel packages that fix security vulnerabilities which may allow local users to gain root privileges are now available. These packages also resolve other minor issues.
Editor's note: According to Bob Kramer, "...the Initiative for Software Choice (ISC) was created to address the proliferation of restrictive 'preference' proposals springing up across the globe. Virtually all of these proposals have been structured to favor free and/or open source software (OSS) over other viable alternatives in government procurements." Kramer doesn't think this is a good idea. He wrote this article in response to Joe Barr's recent NewsForge commentary about the United Nations World Summit on Information Society.
Upgraded Features Include Advanced Security and Authentication, Graphical Administrative User Interface, Enhanced Enterprise Integration Options
Running on an eight-node cluster of industry-standard HP ProLiant DL740 servers, each with four Intel Xeon 3.0GHz processors on Red Hat Enterprise Linux v. 3, Oracle Database 10g and Oracle Real Application Clusters achieved 22,387.9 QphH@3000GB at an unmatched price performance of $93/QphH@3000GB. This record Linux server result demonstrates the power of Oracle Database 10g and Oracle Real Application Clusters to deliver high performance, complex query processing on small, low-cost clustered servers. Oracle now holds world records for TPC-H benchmarks at one and three TB scale factors on Linux.
The SCO Group, Inc., the owner of the UNIX(R) operating system and a leading provider of UNIX-based solutions, today announced a lawsuit to be filed against DaimlerChrysler Corporation for its alleged violations of its UNIX software agreement with SCO.
Eric S. Raymond has written an open letter to Autozone. "We'll be with you -- and that 'we' includes a lot of expertise in the technical, legal, and historical issues bound up in SCO's lawsuit. If there is any assistance that I personally or the Open Source Initiative can reasonably provide, please do not hesitate to ask."
The SCO Group, Inc., the owner of the UNIX(R) operating system and a leading provider of UNIX-based solutions, today announced it has filed suit against AutoZone, Inc., for its alleged violations of SCO's UNIX copyrights through its use of Linux.
PeopleSoft EnterpriseOne 8.10, to be released in the second quarter, will run on Red Hat Inc.'s distribution of Linux.
When Joseph Guallar-Esteve was laid off from IBM in the summer of 2001, he thought it would take months to find another job in technology. After all, he had seen some of his friends remain unemployed for nearly a year before finding work. But Guallar-Esteve had an edge: He knew Linux.
[Updated 3 March 2004] Revised libxml2 packages are now available as the original packages did not contain a complete patch.
The Haryana government has chosen to go the open-source way and signed an agreement with Sun Microsystems to use it open-source based office suite, StarOffice 7. StarOffice 7 will be adopted across all the state government departments.
Many companies have employment policies that stipulate that the company owns anything its employees develop. What happens when an employee works on an open source project? How is it possible for your employee to give away their developments while fulfilling the requirements of his or her employment agreement?
Unitech has confirmed it will ship a Linux-based PDA co-developed with IBM on March 11. The PDA will use a PowerPC chip, and, like the Enterprise Zaurus developed by Sharp in conjunction with IBM, will likely target enterprise customers.