Showing all newswire headlines

Two vulnerabilities have been discovered and fixed in CVS.

Multiple format string vulnerabilities were discovered in neon, an HTTP and WebDAV client library. These vulnerabilities could potentially be exploited by a malicious WebDAV server to execute arbitrary code with the privileges of the process using libneon.

Paul Szabo discovered a number of similar bugs in suidperl, a helper program to run perl scripts with setuid privileges. By exploiting these bugs, an attacker could abuse suidperl to discover information about files (such as testing for their existence and some of their permissions) that should not be accessible to unprivileged users.

Christian Jaeger reported a bug in logcheck which could potentially be exploited by a local user to overwrite files with root privileges. logcheck utilized a temporary directory under /var/tmp without taking security precautions. While this directory is created when logcheck is installed, and while it exists there is no vulnerability, if at any time this directory is removed, the potential for exploitation exists.

In a potentially crippling blow to The SCO Group, BayStar Capital is calling due its $20 million loan to the controversial Utah software company. Stunned SCO officials were scrambling Friday to get BayStar's explanation for the decision, declared in a letter to Lindon-based SCO late Thursday.

Underscoring Novell's commitment to the Linux operating system, the company's chief financial officer on Friday hinted at further acquisitions.

BANGALORE: IT major IBM on day said that it would set up a Linux and open source practice at the National Institute of Smart Government (NISG) to promote affordable computing in the country.

The Consortium for Open Source in Public Administration (Cospa) launches today with the goal of increasing and improving the use of open source software across Europe.

You're putting out system management fires, with five SSH sessions open on your desktop. The mail server needs a restart after that kernel patch, so you su to root and type reboot. Just as the connection closes, your brain catches up with your fingertips. The mail server's still up -- the system you rebooted was the firewall at the site 200 miles away. The firewall on which 50 users rely. The firewall that refuses to reboot without a cold reset. What do you do?

Microsoft is getting an earful from Open Source developers in the wake of the Windows' giant's first 100% Open Source release to SourceForge.

A Linux desktop should play to its strengths and not try to be a Windows clone in an attempt to replace Microsoft, according to Novell's Linux business strategist.

The usually simmering debate about open-source versus closed-source recently boiled over, following the leak of Microsoft Windows source code on the Internet. And it boiled over here too. After I wrote a column for one of PC Magazine's sister sites about the Windows source code leak and what it might reveal about the value of closed-source code as a security technique, 95 percent of the responses said that I didn't get the point: Open-source, being open, gets a better code review. Anyone can get the source, look at it, and find problems in it.

Applied Micro Circuits Corporation (AMCC) [NASDAQ: AMCC], today announced the availability of the new 3ware 9000 Series of hardware RAID controllers. The 3ware 9000 Series enables a completely new class of SATA RAID storage solutions for all mid-range to high-end Linux servers. The new controllers are available to OEMs, VARs, and system integrators in 12, 8, and 4-port configurations worldwide. The controllers will be on display at Real World Linux 2004 April 14-15 at the Metro Toronto Convention Centre in booth 409.

Greuff of VOID.AT discovered various format string vulnerabilities in the error output handling routines of the Neon HTTP and WebDAV client library. The Common Vulnerabilities and Exposures (CVE) project assigned the id CAN-2004-0179 to the problem.

According to a vendor security advisory based on hints from Stefan Esser and Jonathan Heussser, several vulnerabilities of various types exist in the Ethereal network protocol analyzer. Namely, it may be possible to make Ethereal crash or run arbitrary code by injecting a purposefully malformed packet onto the wire, by convincing someone to read a malformed packet trace file, or by creating a malformed color filter file.

If you've a yen to take the new SuSE Desktop exams, or to win a trip for two to LinuxWorld Expo in San Francisco, then you might want to consider heading on down to the French Quarter of New Orleans at the end of next month, and attending the First Annual Club LUG Conference, being hosted by Linux Professional Institute – US.

The government and military, said Dr. Inder Sing, chairman and CEO of LynuxWorks, are "employing prevention and 'defense in depth' to ensure the highest level of security." In other words, he argued, exploitable flaws are eliminated at each stage of the system design process.

Corel has finally shipped a Linux-native WordPerfect for Linux proof-of-concept. My understanding of this event is that if enough people show interest in the WordPerfect on Linux product, Corel will develop it further and we might see a full-scale commercial-grade word processor competing with the only 'real' choice we have at the moment - OpenOffice.org.

Red Hat Enterprise Linux v.3 has been certified by the Free Standards Group as meeting the specifications for the internationalised runtime environment set down by the Linux Standard Base project. The LSB is a community effort to standardise the elements of Linux-based operating systems so that independent software vendors can support all Linux-based operating systems.

Editor's note:: Because Sun Microsystems and Microsoft are making news as newfound "partners" and both will be embracing scripting languages in Web services run by Java and .NET, the open source Python suddenly takes on added strategic significance. Our colleague at Open Enterprise Trends spoke with Alex Martelli, author of two O'Reilly Associates books on Python in the enterprise -- "Python in a Nutshell" and "Python Cookbook."