Showing all newswire headlines

There has been a lot of change lately at Sun Microsystems Inc, and it does not look like it is going to abate any time soon. Sun is in the midst of trying to transform itself, a Herculean task akin to that which rivals IBM Corp and Hewlett-Packard Co have suffered through.

Version 2.6 of The GNOME Project's desktop environment for Linux and Unix is faster and more polished than the release it replaces and further brightens the prospects of Linux as a viable corporate desktop replacement. GNOME 2.6 is open-source software and is freely available for download at http://www.gnome.org.

In most cases, support for open-source products is just as good as commercial products.

3D gaming solutions specialist Discreet has launched smoke 6, the industry’s first established high-end non-linear editing and finishing system for the Linux operating system. The solution has been described as one of the most sophisticated digital media applications ever released on the Linux operating system.

Leading appliances manufacturer Samsung Electronics is reportedly prepared to use Linux as the major operating system in its products.

A security problem which could allow a server to create arbitrary files on a client machine, and another security problem which may allow a client to view files outside of the CVS repository have been fixed with the release of cvs-1.11.15.

Herbert Xu reported that local users could cause a denial of service against iproute, a set of tools for controlling networking in Linux kernels. iproute uses the netlink interface to communicate with the kernel, but failed to verify that the messages it received came from the kernel (rather than from other user processes).

There are three announcements from OSRM making headlines today: OSRM certifies the Linux kernel is free of copyright infringement, OSRM has opened a legal defense center; Individual programmers can get coverage. Bruce Perens has joined the Board of Directors of OSRM.

There were 36 security alerts issued last week:

• 3 from Conectiva
• 15 from Debian
• 2 from Fedora
• 1 from Gentoo
• 3 from Mandrake
• 4 from OpenPKG
• 3 from Red Hat
• 1 from Slackware
• 3 from SUSE
• 1 from Trustix

Mozilla, in case you didn't know, is a project to build an open source web browser (Firefox) and email suite (Thunderbird). I had cause to use it recently when I ran into a little browser plug-in (from a security company called CoreStreet) that plays back to you the name of the web site that you are on. It's a neat little applet that CoreStreet intends to distribute for free to assist web users in seeing through some of the Phishing scams that are currently in play.

There are similarities among all these operating systems but when you've used one relatively exclusively for many years, you become conditioned to look for certain signs that indicate potential problems and instinctively react to those signs.

FAA Flight-safety Certified Operating Systems Deliver the Reliability and Security Required for Defense Systems; Linux Does Not

Two new vulnerabilities have been found in the HTTP interface of monit, possibly leading to denial of service or execution of arbitrary code.

XChat is vulnerable to a stack overflow that may allow a remote attacker to run arbitrary code.

There are multiple format string vulnerabilities in the neon library used in cadaver, possibly leading to execution of arbitrary code when connected to a malicious server.

An increasing number of developers worldwide are interested in GNOME, the user-friendly GUI and desktop development platform for UNIX and Linux. However, the development documentation for GNOME, while voluminous, is intimidating to a developer not wholly familiar with the GNOME development process. To help rectify this situation, No Starch Press and the GNOME Foundation announce the release of The Official GNOME 2 Developers Guide, the first English-language book about developing with GNOME 2.

New Linux distros still fail a task that Windows 95 -- yes, 95! -- easily handles, namely working with mainstream sound cards. That sends the cost of commercial, paid versions of Linux dramatically higher.

A vulnerability has been discovered in the index support of the ZCatalog plug-in in Zope, an open source web application server. A flaw in the security settings of ZCatalog allows anonymous users to call arbitrary methods of catalog indexes. The vulnerability also allows untrusted code to do the same.

Several serious problems have been discovered in the Linux kernel. This update takes care of Linux 2.4.17 for the MIPS architecture.

Upgraded tcpdump packages are available for Slackware 8.1, 9.0, 9.1, and -current to fix denial-of-service issues. Sites using tcpdump should upgrade to the new packages.