Gentoo Weekly Newsletter: April 12th, 2004Gentoo Weekly Newsletter reorganizing Recently we've been receiving emails from users about missing sections and content in the newsletter. We've had some contributors leave the team, and others have been unable to participate due to personal issues, but once we start adding some new contributors to the team and reorganizing, we should be right back on track. Those who responded to the recruitment drive last week, please hold on as we determine what positions we need filled and begin responding to applicants. Thanks to all our readers for reading the newsletter each week; we'll bring back all our regular content as quickly as possible. Gentoo Linux Project seeking SAMBA developers The Gentoo Linux Project is seeking developers who have experience with SAMBA. Send an email to recruiters@gentoo.org with some background info if you're interested. Insecure sandbox temporary lockfile vulnerabilities in Portage A flaw has been found in the temporary file handling algorithms for the sandboxing code used within Portage. Lockfiles created during normal Portage operation of portage could be manipulated by local users resulting in the truncation of hard linked files; causing a Denial of Service attack on the system. For more information, please see the GLSA Announcement KDE Personal Information Management Suite Remote Buffer Overflow Vulnerability KDE-PIM may be vulnerable to a remote buffer overflow attack that may allow unauthorized access to an affected system. For more information, please see the GLSA Announcement Tcpdump Vulnerabilities in ISAKMP Parsing There are multiple vulnerabilities in tcpdump and libpcap related to parsing of ISAKMP packets. For more information, please see the GLSA Announcement Multiple vulnerabilities in sysstat Multiple vulnerabilities in the way sysstat handles symlinks may allow an attacker to execute arbitrary code or overwrite arbitrary files For more information, please see the GLSA Announcement ipsec-tools contains an X.509 certificates vulnerability. ipsec-tools contains a vulnerability that affects connections authenticated with X.509 certificates. For more information, please see the GLSA Announcement Util-linux login may leak sensitive data The login program included in util-linux could leak sensitive information under certain conditions. For more information, please see the GLSA Announcement ClamAV RAR Archive Remote Denial Of Service Vulnerability ClamAV is vulnerable to a denial of service attack when processing certain RAR archives. For more information, please see the GLSA Announcement GNU Automake symbolic link vulnerability Automake may be vulnerable to a symbolic link attack which may allow an attacker to modify data or elevate their privileges. For more information, please see the GLSA Announcement Cross-realm trust vulnerability in Heimdal Heimdal contains cross-realm vulnerability allowing someone with control over a realm to impersonate anyone in the cross-realm trust path. For more information, please see the GLSA Announcement iproute local Denial of Service vulnerability The iproute package allows local users to cause a denial of service. For more information, please see the GLSA Announcement Multiple Vulnerabilities in pwlib Multiple vulnerabilites have been found in pwlib that may lead to a remote denial of service or buffer overflow attack. For more information, please see the GLSA Announcement Scorched 3D server chat box format string vulnerability Scorched 3D is vulnerable to a format string attack in the chat box that leads to Denial of Service on the game server and possibly allows execution of arbitrary code. For more information, please see the GLSA Announcement Week of the Xorg Two unusually active threads have developed last week providing opinions and experience concerning the alternative to XFree86 some people have been trying out lately. In any case, the forked X server from X.org certainly looks popular enough to attract six pages worth of postings within just three days since the creation of the discussion thread, and even the Howto thread had dozens of Gentooists post addenda or corrections: Italy/Switzerland: Joint GECHI and Ticino LUG Meeting On Friday and Saturday, 16 and 17 April, the notorious GECHI group of Italian Gentoo users will join forces with the Ticino Linx User Group to organize a friendly event at one of three SUPSI (Scuola Universitaria Professionale della Svizzera Italiana) sites in Switzerland, this one located in a town called Manno, not far from the Italian border. Dates and times are to be taken with a grain of salt (check the TiLUG site for details), but the Forum coordination thread appears to have everything under control. And in any case, springtime in Ticino is supposed to be lovely.... The Gentoo community uses Bugzilla (bugs.gentoo.org) to record and track bugs, notifications, suggestions and other interactions with the development team. Between 03 April 2004 and 09 April 2004, activity on the site has resulted in:
Of the 5570 currently open bugs: 128 are labeled 'blocker', 199 are labeled 'critical', and 454 are labeled 'major'. The developers and teams who have closed the most bugs during this period are:
The developers and teams who have been assigned the most new bugs during this period are:
Shell Autologout with TMOUT Adding the TMOUT environment variable to your shell startup scripts will automatically log out of an interactive shell after the specified number of seconds.
The following developers recently left the Gentoo team:
The following developers recently joined the Gentoo Linux team:
The following developers recently changed roles within the Gentoo Linux project:
Interested in contributing to the Gentoo Weekly Newsletter? Send us an email. Please send us your feedback and help make the GWN better. 10. GWN Subscription Information To subscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn-subscribe@gentoo.org. To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn-unsubscribe@gentoo.org from the email address you are subscribed under. The Gentoo Weekly Newsletter is also available in the following languages:
|
|