Showing all newswire headlines

You already know Mozilla excels at providing state of the art Internet products like Mozilla Application Suite and currently in the oven Firefox and Thunderbird, as well as big bunch of other applications like ChatZilla and Mozilla Calendar (recently reviewed). But, what about eye candy?

The recently released Linux 2.6 kernel is going to be the heart of future enterprise Linux offerings. Taking it on a road test enables your IT shop to evaluate its hardware and software upgrade and replacement policies as well as its claims of improved peripheral connectivity.

A vulnerability was found in the R128 DRI driver by Alan Cox. This could allow local privilege escalation. The previous fix, in MDKSA-2004:015 only partially corrected the problem; the full fix is included (CAN-2004-0003).

Sebastian Krahmer from the SuSE Security Team discovered [1] a flaw in Concurrent Versions System (CVS) [0] clients where RCS "diff files" can create files with absolute pathnames. An attacker could create a fake malicious CVS server that would cause arbitrary files to be created or overwritten when a victim connects to it. The Common Vulnerabilities and Exposures (CVE) project assigned the id CAN-2004-0180 [2] to the problem.

There have been 12 security alerts posted already today, and each time I think I've posted the last one, another appears. This raises a question that I've had for a while, and now seems a good time to ask... Should we make a filtering program for the LXer homepage?

Sebastian Krahmer from the SUSE security team discovered a remotely exploitable vulnerability in the CVS client. When doing a cvs checkout or update over a network, the client accepts absolute pathnames in the RCS diff files. A maliciously configured server could then create any file with content on the local user's disk. This problem affects all versions of CVS prior to 1.11.15 which has fixed the problem.

A recent commentary by Robin Miller regarding squabbling within the free software and open source communities was a useful wake-up call. This bickering is having a detrimental effect on our ability to confront those who are trying to convince policy and opinion makers against the use of free and open source software (FOSS). These challenges are neither severe nor insurmountable, but they do require the parties understand the differences between internal and external debate.

Two vulnerabilities have been discovered in mysql, a common database system. Two scripts contained in the package don't create temporary files in a secure fashion. This could allow a local attacker to overwrite files with the privileges of the user invoking the MySQL server, which is often the root user.

The Sourceforge project administrator has claimed that Via's "Padlock" software violates the GNU general public licence (GPL). Via Padlock, said Eric Harmon, breaks the conditions of the GPL in three ways.

A recent study comparing Windows and Linux vulnerabilities showed that Microsoft is quicker at responding to problems in its software, while many of the leading Linux distributions lag in reaction time. The study conducted by Forrester Research..

Several serious problems have been discovered in the Linux kernel. This update takes care of Linux 2.4.17 for the PowerPC/apus and S/390 architectures.

iDefense reported a buffer overflow flaw in the ISO9660 filesystem code. An attacker could create a malicious filesystem in such a way that they could gain root privileges if that filesystem is mounted. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0109 to this issue.

Several serious problems have been discovered in the Linux kernel. This update takes care of Linux 2.4.17 for the IA-64 architecture.

iDEFENSE Inc. informed us about a buffer overflow in the linux 2.4 kernel code which handles ISO9660 filesystems. The original code is not able to handle very long symlink names. The vulnerability can be triggered locally by mounting removable media that contains a malformed filesystem or by using the loopback device. Exploiting this buffer overflow results in kernel-level access to the system.

During the analyzation of the CVS protocol and their implementation, the SuSE Security Team discovered a flaw within the handling of pathnames. Evil CVS servers could specify absolute pathnames during checkouts and updates, which allows to create arbitrary files with the permissions of the user invoking the CVS client. This could lead to a compromise of the system.

I wanted to write something about the great progress being carried on linux as OS of choice for a professional Digital Audio Workstation (DAW) since a long time. With the inclusion of the Advanced Linux Sound Architecture (ALSA) into the 2.6 kernels, time has come to extend my experiences to all of you.

Several serious problems have been discovered in the Linux kernel. This update takes care of Linux 2.4.17 and 2.4.18 for the hppa (PA-RISC) architecture.

iDEFENSE Inc. informed us about a buffer overflow in the linux 2.4 kernel code which handles ISO9660 filesystems. The original code is not able to handle very long symlink names. The vulnerability can be triggered locally by mounting removable media that contains a malformed filesystem or by using the loopback device. Exploiting this buffer overflow results in kernel-level access to the system.

Several serious problems have been discovered in the Linux kernel. This update takes care of Linux 2.4.18 for the alpha, i386 and powerpc architectures.

Mandrakesoft today announce the availability of Mandrakelinux 10.0 Official, a full-featured operating system that includes a full suite of desktop and server applications. Mandrakelinux 10.0 Official is available for download to Mandrakeclub Members, and as part of Mandrakesoft's complete range of retail packs, now available for pre-order on http://www.mandrakestore.com and soon in retail stores (Suggested Retail Price for all products are shown below).