Showing all newswire headlines

A bunch of vulnerabilities in tcpdump [0] were found and addressed in the past. All of them are in the area of packet decoding. Faulty decoder functions can result in denial of service attacks through infinite loops, memory starvation and application crashes. In the worst case arbitrary code execution is possible.

This week, advisories were released for phpgroupware, kernel, jitterbug, ethereal, kdepim, cvs, kdepim, and tcpdump. The distributors include Debian, Gentoo, Mandrake, Red Hat, Slackware, SuSE, and Trustix.

By Michael S. Mimoso, Senior News Editor. Red Hat Inc. on Wednesday issued four security alerts that include fixes for problems in

Tcpdump is a well known tool for administrators to analyze network traffic. There is a bug in the tcpdump code responsible for handling ISAKMP messages. This bug allows remote attackers to destroy a current tcpdump session by tricking the tcpdump program with evil ISAKMP messages to enter an endless loop.

The do_mremap() function of the Linux Kernel is used to manage (move, resize) Virtual Memory Areas (VMAs). By exploiting an incorrect bounds check in do_mremap() during the remapping of memory it is possible to create a VMA with the size of 0. In normal operation do_mremap() leaves a memory hole of one page and creates an additional VMA of two pages. In case of exploitation no hole is created but the new VMA has a 0 bytes length. The Linux Kernel's memory management is corrupted from this point and can be abused by local users to gain root privileges. Additionally Andi Kleen of SUSE LINUX found and fixed another bug in the 32bit emulation of ptrace() which allows to modify CPU registers from user-space to get full access to system ressources.

Fools recall that for the past few months, SCO (the software maker formerly known as Caldera) has been shaking down Linux providers, even taking a $3 billion

OTCBB:ANTS), a developer of high-performance SQL database management systems, announced today that it has successfully ported the ANTs Data Server to the Linux

COMMENTARY--One of my dirty little secrets is that I have never successfully installed Linux on anything. I've tried many times Server to the Linux

Updated Net-SNMP packages are available to correct a security vulnerability and other bugs.

There are several templating systems available; some are native to PHP while others have been ported to PHP from other programming languages.

libnss_wins was not being built. It is now.

Minor cleanup of the kernel source package. No other kernel package is affected.

A problem in tcpdump was discovered, where it was possible to crash the program by sending carefully crafted packets on the network.

SCO announced it has begun making the SCO Intellectual Property License available to companies and organizations worldwide including small-to-medium size businesses and large corporations.

Two easily-identified Microsoft trolls were also in the main auditorium audience, asking the same questions Microsoft hirelings ask at open source conferences

In the wake of the ongoing SCO lawsuit, open source developers must take steps to ensure they don't become the victims of further legal action.

This vulnerability allows for a carefully crafted .VCF file to potentially enable a local attacker to compromise the privacy of a victim's data or execute arbitrary commands with the victim's privileges. This can also be used by remote attackers if the victim enables previews for remote files; however this is disabled by default.

The krozat screensaver in Mandrake Linux 9.1 and 9.2 had a memory leak. The updated packages correct the problem.

The kwin4 application would crash on startup. The updated packages fix this problem.

A problem with qt3 would cause improper behaviour of using accelerator keys in KDE applications such as Konqueror, KMail, and others. Using these keys would either crash the program or simply not work. The updated packages fix this problem.