Showing headlines posted by dave

Mozilla, in case you didn't know, is a project to build an open source web browser (Firefox) and email suite (Thunderbird). I had cause to use it recently when I ran into a little browser plug-in (from a security company called CoreStreet) that plays back to you the name of the web site that you are on. It's a neat little applet that CoreStreet intends to distribute for free to assist web users in seeing through some of the Phishing scams that are currently in play.

There are similarities among all these operating systems but when you've used one relatively exclusively for many years, you become conditioned to look for certain signs that indicate potential problems and instinctively react to those signs.

FAA Flight-safety Certified Operating Systems Deliver the Reliability and Security Required for Defense Systems; Linux Does Not

Two new vulnerabilities have been found in the HTTP interface of monit, possibly leading to denial of service or execution of arbitrary code.

XChat is vulnerable to a stack overflow that may allow a remote attacker to run arbitrary code.

There are multiple format string vulnerabilities in the neon library used in cadaver, possibly leading to execution of arbitrary code when connected to a malicious server.

An increasing number of developers worldwide are interested in GNOME, the user-friendly GUI and desktop development platform for UNIX and Linux. However, the development documentation for GNOME, while voluminous, is intimidating to a developer not wholly familiar with the GNOME development process. To help rectify this situation, No Starch Press and the GNOME Foundation announce the release of The Official GNOME 2 Developers Guide, the first English-language book about developing with GNOME 2.

New Linux distros still fail a task that Windows 95 -- yes, 95! -- easily handles, namely working with mainstream sound cards. That sends the cost of commercial, paid versions of Linux dramatically higher.

A vulnerability has been discovered in the index support of the ZCatalog plug-in in Zope, an open source web application server. A flaw in the security settings of ZCatalog allows anonymous users to call arbitrary methods of catalog indexes. The vulnerability also allows untrusted code to do the same.

Several serious problems have been discovered in the Linux kernel. This update takes care of Linux 2.4.17 for the MIPS architecture.

Upgraded tcpdump packages are available for Slackware 8.1, 9.0, 9.1, and -current to fix denial-of-service issues. Sites using tcpdump should upgrade to the new packages.

Media Excel is shipping a real-time software decoder and streaming package for Linux on x86. SoftStream Player supports MPEG-2, MPEG-4, and H.264 compressed video, and targets Celeron, VIA C3, and Transmeta Crusoe based devices powerful enough to do without a hardware decoder.

Several serious problems have been discovered in the Linux kernel. This update takes care of Linux 2.4.17 for the PowerPC/apus and S/390 architectures.

BayStar Capital is seeking to get back the $20 million it invested in the SCO Group, raising issues for SCO's expensive and controversial legal campaign that argues Linux infringes its Unix copyrights.

Two vulnerabilities have been discovered and fixed in CVS.

Multiple format string vulnerabilities were discovered in neon, an HTTP and WebDAV client library. These vulnerabilities could potentially be exploited by a malicious WebDAV server to execute arbitrary code with the privileges of the process using libneon.

Paul Szabo discovered a number of similar bugs in suidperl, a helper program to run perl scripts with setuid privileges. By exploiting these bugs, an attacker could abuse suidperl to discover information about files (such as testing for their existence and some of their permissions) that should not be accessible to unprivileged users.

Christian Jaeger reported a bug in logcheck which could potentially be exploited by a local user to overwrite files with root privileges. logcheck utilized a temporary directory under /var/tmp without taking security precautions. While this directory is created when logcheck is installed, and while it exists there is no vulnerability, if at any time this directory is removed, the potential for exploitation exists.

In a potentially crippling blow to The SCO Group, BayStar Capital is calling due its $20 million loan to the controversial Utah software company. Stunned SCO officials were scrambling Friday to get BayStar's explanation for the decision, declared in a letter to Lindon-based SCO late Thursday.

Underscoring Novell's commitment to the Linux operating system, the company's chief financial officer on Friday hinted at further acquisitions.