Gentoo Logo

Gentoo Weekly Newsletter: April 12th, 2004

Content:

1.  Gentoo News

Gentoo Weekly Newsletter reorganizing

Recently we've been receiving emails from users about missing sections and content in the newsletter. We've had some contributors leave the team, and others have been unable to participate due to personal issues, but once we start adding some new contributors to the team and reorganizing, we should be right back on track. Those who responded to the recruitment drive last week, please hold on as we determine what positions we need filled and begin responding to applicants. Thanks to all our readers for reading the newsletter each week; we'll bring back all our regular content as quickly as possible.

Gentoo Linux Project seeking SAMBA developers

The Gentoo Linux Project is seeking developers who have experience with SAMBA. Send an email to recruiters@gentoo.org with some background info if you're interested.

2.  Gentoo Security

Insecure sandbox temporary lockfile vulnerabilities in Portage

A flaw has been found in the temporary file handling algorithms for the sandboxing code used within Portage. Lockfiles created during normal Portage operation of portage could be manipulated by local users resulting in the truncation of hard linked files; causing a Denial of Service attack on the system.

For more information, please see the GLSA Announcement

KDE Personal Information Management Suite Remote Buffer Overflow Vulnerability

KDE-PIM may be vulnerable to a remote buffer overflow attack that may allow unauthorized access to an affected system.

For more information, please see the GLSA Announcement

Tcpdump Vulnerabilities in ISAKMP Parsing

There are multiple vulnerabilities in tcpdump and libpcap related to parsing of ISAKMP packets.

For more information, please see the GLSA Announcement

Multiple vulnerabilities in sysstat

Multiple vulnerabilities in the way sysstat handles symlinks may allow an attacker to execute arbitrary code or overwrite arbitrary files

For more information, please see the GLSA Announcement

ipsec-tools contains an X.509 certificates vulnerability.

ipsec-tools contains a vulnerability that affects connections authenticated with X.509 certificates.

For more information, please see the GLSA Announcement

Util-linux login may leak sensitive data

The login program included in util-linux could leak sensitive information under certain conditions.

For more information, please see the GLSA Announcement

ClamAV RAR Archive Remote Denial Of Service Vulnerability

ClamAV is vulnerable to a denial of service attack when processing certain RAR archives.

For more information, please see the GLSA Announcement

GNU Automake symbolic link vulnerability

Automake may be vulnerable to a symbolic link attack which may allow an attacker to modify data or elevate their privileges.

For more information, please see the GLSA Announcement

Cross-realm trust vulnerability in Heimdal

Heimdal contains cross-realm vulnerability allowing someone with control over a realm to impersonate anyone in the cross-realm trust path.

For more information, please see the GLSA Announcement

iproute local Denial of Service vulnerability

The iproute package allows local users to cause a denial of service.

For more information, please see the GLSA Announcement

Multiple Vulnerabilities in pwlib

Multiple vulnerabilites have been found in pwlib that may lead to a remote denial of service or buffer overflow attack.

For more information, please see the GLSA Announcement

Scorched 3D server chat box format string vulnerability

Scorched 3D is vulnerable to a format string attack in the chat box that leads to Denial of Service on the game server and possibly allows execution of arbitrary code.

For more information, please see the GLSA Announcement

3.  Heard in the Community

Web Forums

Week of the Xorg

Two unusually active threads have developed last week providing opinions and experience concerning the alternative to XFree86 some people have been trying out lately. In any case, the forked X server from X.org certainly looks popular enough to attract six pages worth of postings within just three days since the creation of the discussion thread, and even the Howto thread had dozens of Gentooists post addenda or corrections:

4.  Gentoo International

Italy/Switzerland: Joint GECHI and Ticino LUG Meeting

On Friday and Saturday, 16 and 17 April, the notorious GECHI group of Italian Gentoo users will join forces with the Ticino Linx User Group to organize a friendly event at one of three SUPSI (Scuola Universitaria Professionale della Svizzera Italiana) sites in Switzerland, this one located in a town called Manno, not far from the Italian border. Dates and times are to be taken with a grain of salt (check the TiLUG site for details), but the Forum coordination thread appears to have everything under control. And in any case, springtime in Ticino is supposed to be lovely....

5.  Bugzilla

Summary

Statistics

The Gentoo community uses Bugzilla (bugs.gentoo.org) to record and track bugs, notifications, suggestions and other interactions with the development team. Between 03 April 2004 and 09 April 2004, activity on the site has resulted in:

  • 642 new bugs during this period
  • 336 bugs closed or resolved during this period
  • 22 previously closed bugs were reopened this period

Of the 5570 currently open bugs: 128 are labeled 'blocker', 199 are labeled 'critical', and 454 are labeled 'major'.

Closed Bug Rankings

The developers and teams who have closed the most bugs during this period are:

New Bug Rankings

The developers and teams who have been assigned the most new bugs during this period are:

6.  Tips and Tricks

Shell Autologout with TMOUT

Adding the TMOUT environment variable to your shell startup scripts will automatically log out of an interactive shell after the specified number of seconds.

Code Listing 6.1: .bash_profile

(Timeout if no input is given for 1 hour)
TMOUT=3600
  

7.  Moves, Adds, and Changes

Moves

The following developers recently left the Gentoo team:

  • none this week

Adds

The following developers recently joined the Gentoo Linux team:

  • Jonathan Hood (squinky86) - accessibility, sword
  • Yi Qiang (khai) - gnome
  • Patrick Lauer (bonsaikitten) - cygwin, x86
  • Danny Van (kugelfang) - amd64
  • Roger Miliker (roger55) - releng

Changes

The following developers recently changed roles within the Gentoo Linux project:

  • none this week

8.  Contribute to GWN

Interested in contributing to the Gentoo Weekly Newsletter? Send us an email.

9.  GWN Feedback

Please send us your feedback and help make the GWN better.

10.  GWN Subscription Information

To subscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn-subscribe@gentoo.org.

To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn-unsubscribe@gentoo.org from the email address you are subscribed under.

11.  Other Languages

The Gentoo Weekly Newsletter is also available in the following languages:



Print

Page updated 12 April 2004

Summary: This is the Gentoo Weekly Newsletter for the week of April 12th, 2004.

Yuji Carlos Kosugi
Editor

AJ Armstrong
Contributor

Brian Downey
Contributor

Luke Giuliani
Contributor

Grant Goodyear
Contributor

Aron Griffis
Contributor

Stuart Herbert
Contributor

Kurt Lieber
Contributor

Rafael Cordones Marcos
Contributor

David Narayan
Contributor

David Nielsen
Contributor

Ulrich Plate
Contributor

Simon Holm Thagersen
Danish Translation

Jesper Brodersen
Danish Translation

Arne Mejlholm
Danish Translation

Hendrik Eeckhaut
Dutch Translation

Jorn Eilander
Dutch Translation

Bernard Kerckenaere
Dutch Translation

Peter ter Borg
Dutch Translation

Jochen Maes
Dutch Translation

Roderick Goessen
Dutch Translation

Gerard van den Berg
Dutch Translation

Matthieu Montaudouin
French Translation

Xavier Neys
French Translation

Martin Prieto
French Translation

Antoine Raillon
French Translation

Sebastien Cevey
French Translation

Jean-Christophe Choisy
French Translation

Thomas Raschbacher
German Translation

Steffen Lassahn
German Translation

Matthias F. Brandstetter
German Translation

Lukas Domagala
German Translation

Tobias Scherbaum
German Translation

Daniel Gerholdt
German Translation

Marc Herren
German Translation

Tobias Matzat
German Translation

Marco Mascherpa
Italian Translation

Claudio Merloni
Italian Translation

Stefano Lucidi
Italian Translation

Katuyuki Konno
Japanese Translation

Hiroyuki Takeda
Japanese Translation

Masato Hatakeyama
Japanese Translation

Masayoshi Nakamura
Japanese Translation

Yasunori Fukudome
Japanese Translation

Tomoyuki Sakurai
Japanese Translation

Lukasz Strzygowski
Polish Translation

Karol Goralski
Polish Translation

Atila "Jedi" Bohlke Vasconcelos
Portuguese (Brazil) Translation

Eduardo Belloti
Portuguese (Brazil) Translation

João Rafael Moraes Nicola
Portuguese (Brazil) Translation

Marcelo Gonçalves de Azambuja
Portuguese (Brazil) Translation

Otavio Rodolfo Piske
Portuguese (Brazil) Translation

Pablo N. Hess -- NatuNobilis
Portuguese (Brazil) Translation

Pedro de Medeiros
Portuguese (Brazil) Translation

Ventura Barbeiro
Portuguese (Brazil) Translation

Bruno Ferreira
Portuguese (Portugal) Translation

Gustavo Felisberto
Portuguese (Portugal) Translation

José Costa
Portuguese (Portugal) Translation

Luis Medina
Portuguese (Portugal) Translation

Ricardo Loureiro
Portuguese (Portugal) Translation

Aleksandr Martyncev
Russian Translator

Sergey Galkin
Russian Translator

Sergey Kuleshov
Russian Translator

Alex Spirin
Russian Translator

Denis Zaletov
Russian Translator

Lanark
Spanish Translation

Fernando J. Pereda
Spanish Translation

Lluis Peinado Cifuentes
Spanish Translation

Zephryn Xirdal T
Spanish Translation

Guillermo Juarez
Spanish Translation

Jesús García Crespo
Spanish Translation

Carlos Castillo
Spanish Translation

Julio Castillo
Spanish Translation

Sergio Gómez
Spanish Translation

Aycan Irican
Turkish Translation

Bugra Cakir
Turkish Translation

Cagil Seker
Turkish Translation

Emre Kazdagli
Turkish Translation

Evrim Ulu
Turkish Translation

Gursel Kaynak
Turkish Translation

Donate to support our development efforts.

Copyright 2001-2014 Gentoo Foundation, Inc. Questions, Comments? Contact us.