Showing all newswire headlines

Several serious problems have been discovered in the Linux kernel. This update takes care of Linux 2.4.17 for the PowerPC/apus and S/390 architectures.

iDefense reported a buffer overflow flaw in the ISO9660 filesystem code. An attacker could create a malicious filesystem in such a way that they could gain root privileges if that filesystem is mounted. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0109 to this issue.

Several serious problems have been discovered in the Linux kernel. This update takes care of Linux 2.4.17 for the IA-64 architecture.

iDEFENSE Inc. informed us about a buffer overflow in the linux 2.4 kernel code which handles ISO9660 filesystems. The original code is not able to handle very long symlink names. The vulnerability can be triggered locally by mounting removable media that contains a malformed filesystem or by using the loopback device. Exploiting this buffer overflow results in kernel-level access to the system.

During the analyzation of the CVS protocol and their implementation, the SuSE Security Team discovered a flaw within the handling of pathnames. Evil CVS servers could specify absolute pathnames during checkouts and updates, which allows to create arbitrary files with the permissions of the user invoking the CVS client. This could lead to a compromise of the system.

I wanted to write something about the great progress being carried on linux as OS of choice for a professional Digital Audio Workstation (DAW) since a long time. With the inclusion of the Advanced Linux Sound Architecture (ALSA) into the 2.6 kernels, time has come to extend my experiences to all of you.

Several serious problems have been discovered in the Linux kernel. This update takes care of Linux 2.4.17 and 2.4.18 for the hppa (PA-RISC) architecture.

iDEFENSE Inc. informed us about a buffer overflow in the linux 2.4 kernel code which handles ISO9660 filesystems. The original code is not able to handle very long symlink names. The vulnerability can be triggered locally by mounting removable media that contains a malformed filesystem or by using the loopback device. Exploiting this buffer overflow results in kernel-level access to the system.

Several serious problems have been discovered in the Linux kernel. This update takes care of Linux 2.4.18 for the alpha, i386 and powerpc architectures.

Mandrakesoft today announce the availability of Mandrakelinux 10.0 Official, a full-featured operating system that includes a full suite of desktop and server applications. Mandrakelinux 10.0 Official is available for download to Mandrakeclub Members, and as part of Mandrakesoft's complete range of retail packs, now available for pre-order on http://www.mandrakestore.com and soon in retail stores (Suggested Retail Price for all products are shown below).

Updated cvs packages that fix a client vulnerability that could be exploited by a malicious server are now available.

An updated cadaver package that fixes a vulnerability in neon exploitable by a malicious DAV server is now available.

This intermediate tutorial covers different mechanisms for capturing and manipulating packets. Security applications -- such as VPNs, firewalls, and sniffers, and network apps such as routers -- rely on methods like those described here to do their work. Once you have the hang of them, you will rely on them too. You won't want to miss this tutorial all about packet interception, covering kernels from 2.2.x to the present and techniques from divert socket and netfilter to interrupt handling and messing with the kernel source code itself.

Real World Linux 2004 Conference and Expo is taking place this year at the Metro Toronto Convention Center, North building, next to the Canadian National Tower in the middle of Canada's largest city.

Multi user Solaris and Linux boxes at the prestigious Stanford University campus have been turned over by hackers. According to an "advisory", or warning as we used to call it, put out by the university's Information Technology Systems and Services department its Solaris and Linux computers were the target of a "large number of sophisticated attacks by an individual or a group."

If I started a new automobile company, and called it Daverolet, and marketed my product as a replacement for Chevrolet, that would be dishonest and shady. And, if I made a distro, marketed it as a replacement for Windows, and called it Dindows, that would be the exact same thing. There is no difference, and it smacks of used-car salesmanship techniques. I have always been nauseated to see Lindows show up in my pending stories queue.

Few programming languages can boast a rise in popularity as meteoric as that of PHP. The now well-publicized story of a Do-It-Yourself (DIY) scripting-language-turned-IT-industry blockbuster shows that success is not always the product of methodical planning and marketing studies. But the real questions are now related to how this success will survive adoption by the big IT industry. The very fact that Oracle, among other major players, is focusing some of its attention on PHP indicates that the language has come of age.

Attention has focused of late on how open-source Linux is displacing Solaris, Windows NT and other OSs. Effects are being felt in the database world as well, as MySQL especially seems to be displacing other DBs and gaining open-source traction.

A Swedish upstart is challenging Microsoft in the database arena by utilizing the same low-end-assault tactics that the software giant employed to gain a foothold.

Lindows, Inc. today announced that the company's desktop Linux operating system LindowsOS has been renamed to Linspire. The website http://www.lindows.com has been replaced by http://www.linspire.com, which will now be the primary site for consumers who are looking for information, who want to purchase any Lindows, Inc. products, or are looking for support for previously purchased software.