Gentoo Weekly Newsletter: April 12th, 2004

Yuji Carlos Kosugi  Editor
AJ Armstrong  Contributor
Brian Downey  Contributor
Luke Giuliani  Contributor
Grant Goodyear  Contributor
Aron Griffis  Contributor
Stuart Herbert  Contributor
Kurt Lieber  Contributor
Rafael Cordones Marcos  Contributor
David Narayan  Contributor
David Nielsen  Contributor
Ulrich Plate  Contributor
Simon Holm Thagersen  Danish Translation
Jesper Brodersen  Danish Translation
Arne Mejlholm  Danish Translation
Hendrik Eeckhaut  Dutch Translation
Jorn Eilander  Dutch Translation
Bernard Kerckenaere  Dutch Translation
Peter ter Borg  Dutch Translation
Jochen Maes  Dutch Translation
Roderick Goessen  Dutch Translation
Gerard van den Berg  Dutch Translation
Matthieu Montaudouin  French Translation
Xavier Neys  French Translation
Martin Prieto  French Translation
Antoine Raillon  French Translation
Sebastien Cevey  French Translation
Jean-Christophe Choisy  French Translation
Thomas Raschbacher German Translation
Steffen Lassahn German Translation
Matthias F. Brandstetter German Translation
Lukas Domagala German Translation
Tobias Scherbaum German Translation
Daniel Gerholdt German Translation
Marc Herren German Translation
Tobias Matzat German Translation
Marco Mascherpa  Italian Translation
Claudio Merloni  Italian Translation
Stefano Lucidi  Italian Translation
Katuyuki Konno  Japanese Translation
Hiroyuki Takeda  Japanese Translation
Masato Hatakeyama  Japanese Translation
Masayoshi Nakamura  Japanese Translation
Yasunori Fukudome  Japanese Translation
Tomoyuki Sakurai  Japanese Translation
Lukasz Strzygowski  Polish Translation
Karol Goralski  Polish Translation
Atila "Jedi" Bohlke Vasconcelos  Portuguese (Brazil) Translation
Eduardo Belloti  Portuguese (Brazil) Translation
João Rafael Moraes Nicola  Portuguese (Brazil) Translation
Marcelo Gonçalves de Azambuja  Portuguese (Brazil) Translation
Otavio Rodolfo Piske  Portuguese (Brazil) Translation
Pablo N. Hess -- NatuNobilis  Portuguese (Brazil) Translation
Pedro de Medeiros  Portuguese (Brazil) Translation
Ventura Barbeiro  Portuguese (Brazil) Translation
Bruno Ferreira  Portuguese (Portugal) Translation
Gustavo Felisberto  Portuguese (Portugal) Translation
José Costa  Portuguese (Portugal) Translation
Luis Medina  Portuguese (Portugal) Translation
Ricardo Loureiro  Portuguese (Portugal) Translation
Aleksandr Martyncev  Russian Translator
Sergey Galkin  Russian Translator
Sergey Kuleshov  Russian Translator
Alex Spirin  Russian Translator
Denis Zaletov  Russian Translator
Lanark  Spanish Translation
Fernando J. Pereda  Spanish Translation
Lluis Peinado Cifuentes  Spanish Translation
Zephryn Xirdal T  Spanish Translation
Guillermo Juarez  Spanish Translation
Jesús García Crespo  Spanish Translation
Carlos Castillo  Spanish Translation
Julio Castillo  Spanish Translation
Sergio Gómez  Spanish Translation
Aycan Irican  Turkish Translation
Bugra Cakir  Turkish Translation
Cagil Seker  Turkish Translation
Emre Kazdagli  Turkish Translation
Evrim Ulu  Turkish Translation
Gursel Kaynak  Turkish Translation

Updated 12 April 2004

1.  Gentoo News

Gentoo Weekly Newsletter reorganizing

Recently we've been receiving emails from users about missing sections and content in the newsletter. We've had some contributors leave the team, and others have been unable to participate due to personal issues, but once we start adding some new contributors to the team and reorganizing, we should be right back on track. Those who responded to the recruitment drive last week, please hold on as we determine what positions we need filled and begin responding to applicants. Thanks to all our readers for reading the newsletter each week; we'll bring back all our regular content as quickly as possible.

Gentoo Linux Project seeking SAMBA developers

The Gentoo Linux Project is seeking developers who have experience with SAMBA. Send an email to recruiters@gentoo.org with some background info if you're interested.

2.  Gentoo Security

Insecure sandbox temporary lockfile vulnerabilities in Portage

A flaw has been found in the temporary file handling algorithms for the sandboxing code used within Portage. Lockfiles created during normal Portage operation of portage could be manipulated by local users resulting in the truncation of hard linked files; causing a Denial of Service attack on the system.

For more information, please see the GLSA Announcement

KDE Personal Information Management Suite Remote Buffer Overflow Vulnerability

KDE-PIM may be vulnerable to a remote buffer overflow attack that may allow unauthorized access to an affected system.

For more information, please see the GLSA Announcement

Tcpdump Vulnerabilities in ISAKMP Parsing

There are multiple vulnerabilities in tcpdump and libpcap related to parsing of ISAKMP packets.

For more information, please see the GLSA Announcement

Multiple vulnerabilities in sysstat

Multiple vulnerabilities in the way sysstat handles symlinks may allow an attacker to execute arbitrary code or overwrite arbitrary files

For more information, please see the GLSA Announcement

ipsec-tools contains an X.509 certificates vulnerability.

ipsec-tools contains a vulnerability that affects connections authenticated with X.509 certificates.

For more information, please see the GLSA Announcement

Util-linux login may leak sensitive data

The login program included in util-linux could leak sensitive information under certain conditions.

For more information, please see the GLSA Announcement

ClamAV RAR Archive Remote Denial Of Service Vulnerability

ClamAV is vulnerable to a denial of service attack when processing certain RAR archives.

For more information, please see the GLSA Announcement

GNU Automake symbolic link vulnerability

Automake may be vulnerable to a symbolic link attack which may allow an attacker to modify data or elevate their privileges.

For more information, please see the GLSA Announcement

Cross-realm trust vulnerability in Heimdal

Heimdal contains cross-realm vulnerability allowing someone with control over a realm to impersonate anyone in the cross-realm trust path.

For more information, please see the GLSA Announcement

iproute local Denial of Service vulnerability

The iproute package allows local users to cause a denial of service.

For more information, please see the GLSA Announcement

Multiple Vulnerabilities in pwlib

Multiple vulnerabilites have been found in pwlib that may lead to a remote denial of service or buffer overflow attack.

For more information, please see the GLSA Announcement

Scorched 3D server chat box format string vulnerability

Scorched 3D is vulnerable to a format string attack in the chat box that leads to Denial of Service on the game server and possibly allows execution of arbitrary code.

For more information, please see the GLSA Announcement

3.  Heard in the Community

Web Forums

Week of the Xorg

Two unusually active threads have developed last week providing opinions and experience concerning the alternative to XFree86 some people have been trying out lately. In any case, the forked X server from X.org certainly looks popular enough to attract six pages worth of postings within just three days since the creation of the discussion thread, and even the Howto thread had dozens of Gentooists post addenda or corrections:

4.  Gentoo International

Italy/Switzerland: Joint GECHI and Ticino LUG Meeting

On Friday and Saturday, 16 and 17 April, the notorious GECHI group of Italian Gentoo users will join forces with the Ticino Linx User Group to organize a friendly event at one of three SUPSI (Scuola Universitaria Professionale della Svizzera Italiana) sites in Switzerland, this one located in a town called Manno, not far from the Italian border. Dates and times are to be taken with a grain of salt (check the TiLUG site for details), but the Forum coordination thread appears to have everything under control. And in any case, springtime in Ticino is supposed to be lovely....

5.  Bugzilla

Summary

Statistics

The Gentoo community uses Bugzilla (bugs.gentoo.org) to record and track bugs, notifications, suggestions and other interactions with the development team. Between 03 April 2004 and 09 April 2004, activity on the site has resulted in:

Of the 5570 currently open bugs: 128 are labeled 'blocker', 199 are labeled 'critical', and 454 are labeled 'major'.

Closed Bug Rankings

The developers and teams who have closed the most bugs during this period are:

New Bug Rankings

The developers and teams who have been assigned the most new bugs during this period are:

6.  Tips and Tricks

Shell Autologout with TMOUT

Adding the TMOUT environment variable to your shell startup scripts will automatically log out of an interactive shell after the specified number of seconds.

Code Listing 6.1: .bash_profile

(Timeout if no input is given for 1 hour)
TMOUT=3600

7.  Moves, Adds, and Changes

Moves

The following developers recently left the Gentoo team:

Adds

The following developers recently joined the Gentoo Linux team:

Changes

The following developers recently changed roles within the Gentoo Linux project:

8.  Contribute to GWN

Interested in contributing to the Gentoo Weekly Newsletter? Send us an email.

9.  GWN Feedback

Please send us your feedback and help make the GWN better.

10.  GWN Subscription Information

To subscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn-subscribe@gentoo.org.

To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn-unsubscribe@gentoo.org from the email address you are subscribed under.

11.  Other Languages

The Gentoo Weekly Newsletter is also available in the following languages: