Showing all newswire headlines

Max Vozeler discovered two format string vulnerabilities in ssmtp, a simple mail transport agent. Untrusted values in the functions die() and log_event() were passed to printf-like functions as format strings. These vulnerabilities could potentially be exploited by a remote mail relay to gain the privileges of the ssmtp process (including potentially root).

A number of vulnerabilities were discovered in tcpdump versions prior to 3.8.1 that, if fed a maliciously crafted packet, could be exploited to crash tcpdump.

On Monday, the new Mozilla 1.7 branch was cut from the trunk, in preparation for the final release of Mozilla 1.7 in mid-May. As well as 1.7, the branch will also provide the foundation for Mozilla Firefox 1.0 and several other Mozilla-based applications. Post-1.7, the new branch will replace 1.4 as the stable development baseline. Checkins to the branch require approval from drivers@mozilla.org — the trunk, meanwhile, is now open for 1.8 Alpha development work. Consult tinderbox for the latest tree status.

A new version of the X11 windowing system, used by Unix-like operating systems including Linux, will become generally available in ten days time. This is significant as it's likely to be the version that will face most users in future distributions. Known as X11R6.7, it's the first release from the XOrg consortium. This was originally founded to steer the specification in May 1999, but only recently decided to do something about it, citing the glacial pace of development by the XFree86 consortium.

The beauty of the open source software community -- and the General Public License that governs Linux and open source -- is that innovation must be shared with the community. This can also cause a bevy of sleepless nights for vendors, IT managers, developers and enterprise bean counters. Reciprocal, or "copyleft", provisions in the GPL give the license a viral aspect...

Approximately 650 MySQL users and supporters are spending April 14 - 16 in the conference center of the Peabody Hotel, with so much of their time occupied by MySQL training sessions that hardly any of them seem to be taking advantage of Orlando-area tourist attractions like Walt Disney World. These people came here to learn -- and possibly to swim with dolphins Thursday evening. The dolphin outing is totally appropriate; there's a dolphin in the MySQL logo. But long discussions about how to make MySQL run better and faster are this group's main course. The dolphin swim is just dessert.

A CANADIAN researcher has warned that Open Source will fall flat on its face unless it gets its act together. In First Monday, Michelle Levesque said that the Open Source concept fails because of its "user-interface design, documentation, feature-centric development, programming for the self and religious blindness". She warned that Open Source will remain an unknown quantity to most computer users until these problems were addressed.

Real World Linux 2004 Conference and Expo is under way this week at the Metro Convention Center in Canada's largest city, and NewsForge is there. Day 2 of the conference saw a lot more people and a lot more happening.

Updated Subversion packages that fix a vulnerability in neon, exploitable by a malicious DAV server, are now available.

Building the case for turning the Boy Scouts into a worldwide advocate of free software.

So, my challenge goes out to everyone to share their own experiences in getting an open source project off the ground, technically speaking. Are there tools out there that make this process much easier, and perhaps ones that I could take advantage of by moving my own open source project to? Also what experiences have people had with the different community projects?

Introducing open source software to those who will teach future generations of computer programmers was a major theme at the ICT in Education Conference held in Cape Town last week.

Two years after the start of the trademark dispute between Microsoft Corporation and Lindows Inc., the battle over the "LindowsOS" name is over - henceforth it will be called "Linspire."

Here is our promised in-depth look at the latest SUSE 9.1 beta. I found a little more flakiness than I would be comfortable with long-term, but I have been using this near-final version in my day-to-day work for nearly a week now and see no reason to go back to my previous installation.

"It is important to remember that open source is not free of cost – it is free to use and share. Its use must be part of a strategy as it can be costly in terms of migration, integration, training and systems management."

With Open Source proliferation on the rise, there is a surging demand for organizations specializing in handling demanding migration projects. Migration has become a key concern for enterprises dreaming of a complete Open Source environment, as legacy overhauls and application transfers impose a gargantuan challenge.

Shaun Colley discovered [1] that the scripts "mysqlbug" and "mysqld_multi" of the MySQL RDBMS [0] perform insecure creations of temporary files. An attacker could create symbolic links in /tmp to achieve the overwriting of files with the privileges of the user invoking the scripts. The RDBMS startup wrapper "mysqld_multi" is currently not used in OpenPKG, although it is contained in the "mysql" package. The "mysqlbug" script could be run manually by the administrator. The Common Vulnerabilities and Exposures (CVE) project assigned the ids CAN-2004-0381 [2] and CAN-2004-0388 [3] to the problem.

You already know Mozilla excels at providing state of the art Internet products like Mozilla Application Suite and currently in the oven Firefox and Thunderbird, as well as big bunch of other applications like ChatZilla and Mozilla Calendar (recently reviewed). But, what about eye candy?

The recently released Linux 2.6 kernel is going to be the heart of future enterprise Linux offerings. Taking it on a road test enables your IT shop to evaluate its hardware and software upgrade and replacement policies as well as its claims of improved peripheral connectivity.

A vulnerability was found in the R128 DRI driver by Alan Cox. This could allow local privilege escalation. The previous fix, in MDKSA-2004:015 only partially corrected the problem; the full fix is included (CAN-2004-0003).