48 entries found:
) Next »
You know the general trend: NoSQL databases are catching on for big data applications. The challenge: Where are the NoSQL partner programs? A quick check of the market finds very few in place.
2007 Open Source CMS Award Launched with $20,000 Prize Fund
LXer Feature: 04-Aug-2006
GNU/Linux -- Like No Other Hotrod, Ever
While others appear to be going backwards, Linux just keeps racing ahead.
'Linux supports more devices, "out of the box", than any other operating system ever has.'
"Yes, that's right, we support more things than anyone else. And more than anyone else ever has in the past. Linux has a very long list of things that we have supported before anyone else ever did."
-- Greg Kroah-Hartman, OLS 2006 Keynote
project released version 2.4
of their unique RPM-based cross-platform multi-instance Unix software packaging facility. OpenPKG 2.4 consists of 562 selected (from a pool of over 880) packages.
The OpenPKG project released version 2.3 of their unique RPM-based cross-platform multi-instance Unix software packaging facility. OpenPKG 2.3 consists of 545 selected (from a pool of over 850) packages.
The OpenPKG project releases version 2.2 of the unique cross-platform software packaging facility.
project released version 2.1
of their unique RPM-based cross-platform Unix software packaging facility. OpenPKG 2.1 consists of 495 selected (from a pool of 770) packages which include latest versions of popular Unix software like Apache, Bash, BIND, GCC, INN, Mozilla, MySQL, OpenSSH, Perl, Postfix, PostgreSQL, Samba, Squid, teTeX and Vim -- all carefully packaged for easy deployment on 21 different Unix platforms, including FreeBSD 4.10/5.2, Debian GNU/Linux 3.0/3.1, Red Hat Linux 9, Red Hat Enterprise Linux 3, Fedora Core 2, SuSE Linux 9.0/9.1, and Sun Solaris 2.6/8/9/10. The major technical efforts for this release were spent on the porting of all packages to five additional Unix platforms, the necessary adjustments to packages required by GCC 3.4 and the consolidation and packaging of the developer tool chain.
Greuff of VOID.AT discovered various format string vulnerabilities in the error output handling routines of the Neon HTTP and WebDAV client library. The Common Vulnerabilities and Exposures (CVE) project assigned the id CAN-2004-0179 to the problem.
According to a vendor security advisory based on hints from Stefan Esser and Jonathan Heussser, several vulnerabilities of various types exist in the Ethereal network protocol analyzer. Namely, it may be possible to make Ethereal crash or run arbitrary code by injecting a purposefully malformed packet onto the wire, by convincing someone to read a malformed packet trace file, or by creating a malformed color filter file.
Shaun Colley discovered  that the scripts "mysqlbug" and "mysqld_multi" of the MySQL RDBMS  perform insecure creations of temporary files. An attacker could create symbolic links in /tmp to achieve the overwriting of files with the privileges of the user invoking the scripts. The RDBMS startup wrapper "mysqld_multi" is currently not used in OpenPKG, although it is contained in the "mysql" package. The "mysqlbug" script could be run manually by the administrator. The Common Vulnerabilities and Exposures (CVE) project assigned the ids CAN-2004-0381  and CAN-2004-0388  to the problem.
Sebastian Krahmer from the SuSE Security Team discovered  a flaw in Concurrent Versions System (CVS)  clients where RCS "diff files" can create files with absolute pathnames. An attacker could create a fake malicious CVS server that would cause arbitrary files to be created or overwritten when a victim connects to it. The Common Vulnerabilities and Exposures (CVE) project assigned the id CAN-2004-0180  to the problem.
According to a Mandrake Linux security advisory , a denial of service (DoS) vulnerability exists in the header rewriting code of Fetchmail . The code's intention is to hack message headers so replies work properly. However, logic in the reply_hack() function fails to allocate enough memory for long lines and may write past a memory boundary. This could allow an attacker to cause a denial of service by sending a specially crafted email and crashing fetchmail. The Common Vulnerabilities and Exposures (CVE) project assigned the id CAN-2003-0792  to the problem.
According to a posting on Bugtraq , Shaun Colley discovered and researched a stack-based buffer overflow vulnerability which exists in the GNU Sharutils  due to lack of bounds checking when handling the '-o' command-line option.
According to a security advisory published by Rapid7 , two vulnerabilities exists in the ISAKMP packet display functions of tcpdump . The Common Vulnerabilities and Exposures (CVE) project has reviewed both problems. CAN-2004-0183  identifies an overflow when displaying ISAKMP delete payloads with large number of SPIs, while CAN-2004-0184  identifies an integer underflow when displaying ISAKMP identification payload. These vulnerabilities appear only when verbose packet display is enabled by running tcpdump with the -v option.
According to a message from Ilya Teterin posted on Bugtraq , the Midnight Commander application  uses a uninitialized buffer to handle symlinks in VFS. This allows attackers to execute arbitrary code during symlink conversion. The Common Vulnerabilities and Exposures (CVE) project assigned the id CAN-2003-1023  to the problem.
According to a security advisory  from the vendor, a vulnerability exists in the URL unescaping logic of the Squid Web Proxy Cache . This bug could allow an attacker to bypass certain access controls by inserting a NUL character into decoded URLs. The Common Vulnerabilities and Exposures (CVE) project assigned the id CAN-2004-0189  to the problem.
According to an OpenSSL security advisory, a denial of service vulnerabilities exist in OpenSSL versions 0.9.6c to 0.9.6l inclusive and versions 0.9.7a to 0.9.7c inclusive.
Alerted by a posting on Bugtraq  the UUDeview  package was reviewed. It was found that 0.5.19 and later contains a bug which leads to failure retrieving the filename during decode. All versions suffered from insecure temporary file handling. Version 0.5.20 contains bug fixes for the parsing of header lines, exact handling of maximum line length and fixes for two buffer overflows which needed backporting. The corected packages listed above remedy all of these problems.
According to a posting on Bugtraq , a buffer overflow exists in the mail user agent Mutt . It can be triggered by incoming messages and there are reports about spam that has actually triggered this problem and crashed Mutt. The bug was reported to Red Hat by Niels Heinen. The Common Vulnerabilities and Exposures (CVE) project assigned the id CAN-2004-0078  to the problem.
According to a posting on Bugtraq , an issue regarding the insecure creation of a temporary directory exists in GNU libtool  versions before 1.5.2. Use of mkdir(1) along with option "-p" makes libtool vulnerable to symlink attacks. Stefan Nordhausen commited a fix that removes the use of option "-p" in version 1.5.2. Discussion on Bugtraq further indicates that an additional race condition issue exists in the same context using chmod(1), reported by Joseph S. Myers back in March 2000 . The updated OpenPKG versions of libtool contain fixes for both issues.
There were 16 security alerts issued last week:
- 5 from Debian
- 1 from Fedora
- 2 from Fedora Legacy
- 2 from Gentoo
- 2 from Mandrake
- 1 from OpenPKG
- 1 from Red Hat
- 2 from Trustix
A flaw in the HTTP and FTP client sub-library of libxml2  found by Yuuichi Teranishi can be exploited to cause a buffer overflow if passed a very long URL . This could be used by an attacker to execute arbitrary code on the host computer. The Common Vulnerabilities and Exposures (CVE) project assigned the id CAN-2004-0110  to the problem.
The OpenPKG project releases version 2.0 of the unique cross-platform software packaging facility.
A bunch of vulnerabilities in tcpdump  were found and addressed
in the past. All of them are in the area of packet decoding. Faulty
decoder functions can result in denial of service attacks through
infinite loops, memory starvation and application crashes. In the
worst case arbitrary code execution is possible.
) Next »