Showing all newswire headlines

According to a Mandrake Linux security advisory [0], a denial of service (DoS) vulnerability exists in the header rewriting code of Fetchmail [1]. The code's intention is to hack message headers so replies work properly. However, logic in the reply_hack() function fails to allocate enough memory for long lines and may write past a memory boundary. This could allow an attacker to cause a denial of service by sending a specially crafted email and crashing fetchmail. The Common Vulnerabilities and Exposures (CVE) project assigned the id CAN-2003-0792 [2] to the problem.

Automake may be vulnerable to a symbolic link attack which may allow an attacker to modify data or elevate their privileges.

PicoPeta Simputers of Bangalore, India, has launched the first retail versions of the Simputer, conceived as a Linux based 'platform for social change' that could inexpensively bring easy-to-use computers to rural Indian villages. Three models are available, priced from US $240 to $480.

Red Hat says several universities and students worldwide have purchased more than 13,000 Red Hat Academic Solutions subscriptions and site licenses.

This week at the Linux Users' Group of Davis meeting in California, Bill Kendrick presented the KDE environment, and dozens of applications, in a talk entitled KDE 3.2: A User's Perspective. The presentation was geared towards both Linux users who haven't looked at KDE in a while, as well as non-Linux users who are interested in what kind of environment Open Source software can provide for them, says Kendrick.

What's easier? To completely move to a FOSS-compliant OS immediately, or to start the transition to FOSS world by using their apps on Windows?

You may have heard Linux is difficult to learn and use. Certainly Linux is different, but pointing and clicking work the same regardless of the underlying operating system. My four-year-old granddaughter, K.D., hasn't had any trouble figuring it out, and if she can do it, you can too.

Linux users and distributors were divided on the question of whether Linux distributions should become simpler or more during a panel discussion at the ClusterWorld Conference & Expo in California.

The first thing that many newcomers to Linux comment upon is how similar it is to Windows. However, it wasn't always like that; the resemblance is only skin deep and distributions such as Fedora Red Hat (the subject of this weeks Bootcamp) are a fairly recent effort to make Linux more user-friendly.

The growing acceptance of Linux is good news for fans of the open-source operating system, but it is not without a dark side. If the mainstream market pays more attention to Linux, so will people who write viruses and worms and break into computer systems.

What is a distribution and how does it differ from the distribution next door? Do they provide a different-enough experience to the user who is in search of a capable desktop?

The German TV show Giga presented by NBC Europe has Mozilla Firefox (0.8) listed as #1 on their Tool of the Day toplist. Firefox has held its lead for the four weeks it has been listed so far and today Mozilla Firebird (0.7) has been added to the list a second time to offer the users a chance to compare both versions (although it is more likely that the moderators just didn't notice it is one and the same product in two different versions).

MySQL is "The World's Most Popular Open Source Database," at least according to the MySQL Web site. But in spite of this popularity many corporations are resistant to adopting MySQL. There are several reasons for this, from the misguided belief that open source is the software equivalent of a child's wood shop project to the belief that nothing free is ever good. There was, however, one valid complaint against MySQL-unlike its shrink-wrapped counterparts, such as Oracle or DB2, MySQL doesn't support stored procedures. Make that past tense-the latest developer release, MySQL 5.0, does support stored procedures.

Claims of speed hikes of up to 1,000 per cent are being made by developers Linus Torvalds and Andrew Morton, both of the Open Software Development Lab, for the Linux 2.6 kernel. You could be forgiven for being sceptical. To be fair, though, it's also been reported that the main claim for the kernel's improved I/O scheduling can increase database workload processing by as much as 15 per cent.

Merits of simpler Linux distribution debated at ClusterWorld.

It's been about three years since I woke up one morning and discovered my Web/mail server was rooted. Thinking back, I must have assumed that just running Linux was enough to keep me out of harm's way. These days I am not so cocky. I try to keep current with security patches for the apps I run. I don't run services I don't need or use. And there is a firewall between me and the wild. One thing I haven't made a part of my regular routine -- not yet, at least -- is checking for rootkits on a regular basis. That may be about to change, since I found a nifty little project called rootkit hunter.

According to a posting on Bugtraq [1], Shaun Colley discovered and researched a stack-based buffer overflow vulnerability which exists in the GNU Sharutils [2] due to lack of bounds checking when handling the '-o' command-line option.

According to a security advisory published by Rapid7 [0], two vulnerabilities exists in the ISAKMP packet display functions of tcpdump [1]. The Common Vulnerabilities and Exposures (CVE) project has reviewed both problems. CAN-2004-0183 [2] identifies an overflow when displaying ISAKMP delete payloads with large number of SPIs, while CAN-2004-0184 [3] identifies an integer underflow when displaying ISAKMP identification payload. These vulnerabilities appear only when verbose packet display is enabled by running tcpdump with the -v option.

KD Executor is a record and playback tool for Qt and KDE applications. In addition, it contains a test environment which uses this record and playback tool for testing Qt and KDE applications.

Enterprises are feeling the pain of impending, expensive Microsoft Exchange upgrades. As an alternative, IBM Lotus has been offering Domino-based products for Red Hat Inc. and SuSE Linux AG and says its commitment to Linux is going to grow. In this interview, Lotus' Linux strategist Ken Brunsen and messaging and collaboration senior manager John Woods talk about the viability of Linux as a messaging platform, the headaches associated with Exchange and whether Notes will soon run on Linux.