Showing headlines posted by dave

In this issue we cover the release of Fedora Core 2 test2, talk a bit about the X.org replacement of XFree86, have some Yum tips, look into SELinux again, and much more.

According to a security advisory [0] from the vendor, a vulnerability exists in the URL unescaping logic of the Squid Web Proxy Cache [1]. This bug could allow an attacker to bypass certain access controls by inserting a NUL character into decoded URLs. The Common Vulnerabilities and Exposures (CVE) project assigned the id CAN-2004-0189 [2] to the problem.

The Mozilla Foundation's new Firefox 0.8 Web browser, once known as Firebird, is a great alternative for those who long for a change of pace from Microsoft's Internet Explorer.

Several local root exploits have been discovered recently in the Linux kernel. This security advisory updates the mips kernel 2.4.19 for Debian GNU/Linux.

The Training Camp, education centers that offer IT certifications, has been designated an LPI-US approved training partner by the Linux Professional Institute. LPI offers vendor-neutral Linux certifications for IT professionals and enthusiasts.

Open source proponent OpenOSX has announced that Gimp 2.0.0, built to run in Mac OS X v.10.3 "Panther," is available now. The application provides a Mac interface for the popular GIMP (GNU Image Manipulation Program).

Debian Security Advisories (DSA) have been declared CVE-compatible at the RSA Conference 2004, in San Francisco, February 24th, 2004.

As the bigger guns in the enterprise Linux space move to commercialize their software as much as possible, the Debian project continues to provide a Linux distribution that offers organizations the sort of commodity infrastructure for which Linux was originally known.

Japan, China and South Korea will meet to consider standardising ways to use the Linux operating system as a viable alternative to Microsoft Windows. A meeting of senior officials from the three East Asian countries will be held in Beijing on Saturday on policies related to information technologies, an official at the Japanese Ministry of Economy, Trade and Industry said.

Two years ago, when Rick Carey was chief technology architect at Merrill Lynch, he was crazy about Linux and especially about Red Hat, the leading Linux distributor. At the time, he was leading the charge to migrate all of the computer systems at Merrill to Linux. But these days, things have changed. Carey, who is now chief technology architect at Bank One, says that although he still likes Linux, he's not rushing into any deployments of the open-source operating system. Chicago-based Bank One has run some Linux pilot programs, but it is not planning any big roll-outs, Carey says.

Thales Group used MontaVista Linux to minimize hardware resources and maximize functionality in its new parking lot fare collection system, it says. The "Largo WiLi" system has operated successfully at Paris Orly airport since May 2003, and at Paris Charles de Gaulle airport since November 2003.

Sun Microsystems at its quarterly "software summit" Tuesday announced that the beta version of Java Studio Creator, its drag-and-drop, rapid application development platform, is now available for download, with general access for the final build scheduled for sometime in June.

Open Source Risk Management, a company hoping to profit from intensifying legal scrutiny of Linux and other open-source programs, will take a first step in its plan with a $495 seminar series, the company said Wednesday.

Wind River was named the overall Best of Show winner at the 2004 Embedded Systems Conference (ESC) for its full-scale replica of the VxWorks-based Mars Rover. Category winners were also announced for six device categories.

ith a graphical user interface (GUI). This update fixes several vulnerabilities[2] in Ethereal.

This update fixes a buffer overflow vulnerability[1,2] in the URI parsing code of the nanoftp and nanohttp modules of libxml2.

IBM computer microprocessors are going open source. Big Blue now wants companies and developers to actively participate in the design of IBM's Power microchips, and is encouraging researchers, chip fabricators and electrical engineers to customize Power chips for use in specialized systems or devices.

OpenSSL[1] implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as full-strength general purpose cryptography functions. It's used (as a library) by several projects, like Apache, OpenSSH, Bind, OpenLDAP and many others clients and servers programs.

Open-source database vendor MySQL recently initiated some restrictions on the bundling of MySQL libraries with the PHP scripting language. Some observers criticized the restrictions as an example of the fragility of open-source technology, suggesting that the limitations could break the easy-deployment model of LAMP (Linux-Apache-MySQL-PHP). As it turns out, their fears were unwarranted.

Red Hat Inc. took the first step this week toward the inclusion of Security Enhanced Linux in its enterprise offerings when it released Fedora Core 2, test2.