Gentoo Logo

Gentoo Weekly Newsletter: May 24, 2004

Content:

1.  Gentoo News

Various Gentoo Documentation Updates

The Gentoo Documentation Project reports in their latest status report that they've updated several guides and added a few new ones, including the following:

New roles in Gentoo/PPC

The PPC team has changed some existing roles and assigned new developers to the subproject. First, Luca Barbato was elected operational manager. New developer Daniel Ostrow is taking charge of the stable project. David Holm will be in charge of the kernel, assisted by Luca and Jochen Maes. Jochen is also going to maintain the website and manage the documentation subproject. The Gentoo/PPC subproject is also looking for people who want to work on the team; interested parties should step forward in #gentoo-ppc on irc.freenode.net. For more information on Gentoo/PPC, see their website.

2.  Gentoo Security

Pound format string vulnerability

There is a format string flaw in Pound, allowing remote execution of arbitrary code with the rights of the Pound process.

For more information, please see the GLSA Announcement

ProFTPD Access Control List bypass vulnerability

Version 1.2.9 of ProFTPD introduced a vulnerability that causes CIDR-based Access Control Lists (ACLs) to be treated as "AllowAll", thereby allowing remote users full access to files available to the FTP daemon.

For more information, please see the GLSA Announcement

Icecast denial of service vulnerability

Icecast is vulnerable to a denial of service attack allowing remote users to crash the application.

For more information, please see the GLSA Announcement

KDE URI Handler Vulnerabilities

Vulnerabilities in KDE URI handlers makes your system vulnerable to various attacks.

For more information, please see the GLSA Announcement

CVS heap overflow vulnerability

CVS is subject to a heap overflow vulnerability allowing source repository compromise.

For more information, please see the GLSA Announcement

neon heap-based buffer overflow

A vulnerability potentially allowing remote execution of arbitrary code has been discovered in the neon library.

For more information, please see the GLSA Announcement

Buffer overflow in Subversion

There is a vulnerability in the Subversion date parsing code which may lead to denial of service attacks, or execution of arbitrary code. Both the client and server are vulnerable.

For more information, please see the GLSA Announcement

cadaver heap-based buffer overflow

There is a heap-based buffer overflow vulnerability in the neon library used in cadaver, possibly leading to execution of arbitrary code when connected to a malicious server.

For more information, please see the GLSA Announcement

Multiple XSS Vulnerabilities in SquirrelMail

SquirrelMail is subject to several XSS and one SQL injection vulnerability.

For more information, please see the GLSA Announcement

Multiple vulnerabilities in metamail

Several format string bugs and buffer overflows were discovered in metamail, potentially allowing execution of arbitrary code remotely.

For more information, please see the GLSA Announcement

Buffer Overflow in Firebird

A buffer overflow via environmental variables in Firebird may allow a local user to manipulate or destroy local databases and trojan the Firebird binaries.

For more information, please see the GLSA Announcement

3.  Heard in the Community

gentoo-user

Raving over rzip

"rzip" is an extremely efficient alternative to gzip. Some Gentoo users also gave it a shot and posted some feedback about it here.

XFree and unusual resolutions

If you have a laptop or flat-panel display with a screen resolution that's not one of the "typical" 800x600, 1024x768, or 1600x1200 sizes you may want to take a look here for some tips for making it look good under XFree86.

2004.1: The good, bad, and the ugly

Some people have been reporting problems using the 2004.1 CD on more exotic hardware--lockups, missed hardware detection, and the like. Read some of the feedback here.

Interesting USE flag

One Gentooer discovered an interesting and somewhat humorus USE flag in the "netcat" package this week. Check it out!

4.  Gentoo International

Germany: Rhein-Ruhr Gentooistas Meet Again

Next month on 4 June, same time (19:00 hours), same place as always: The Ruhrgebiet group of Gentoo activists meets at Gasthof Harlos again. An interesting side aspect and quite possibly a significant difference to similar events elsewhere is the availability of DSL at the premises, and just like last month, Gentoo dev Pylon will bring a wireless access point. Polish your antennas, compile your kernels with WLAN support, and off you go to a big friendly evening with the regulars. Possible bowling included, coordination thread in the forums as usual.

5.  Tips and Tricks

Quick 'cd' trick

To return to the previous directory in the shell (bash, ksh, zsh, etc), use cd -

Code Listing 5.1

$ pwd
/home/rd
$ cd /tmp
$ cd -
$ pwd
/home/rd

6.  Moves, Adds, and Changes

Moves

The following developers recently left the Gentoo team:

  • None this week

Adds

The following developers recently joined the Gentoo Linux team:

  • Daniel Ostrow (dostrow) - PPC
  • Konstantin Arkhipov - openmosix

Changes

The following developers recently changed roles within the Gentoo Linux project:

  • None this week

7.  Contribute to GWN

Interested in contributing to the Gentoo Weekly Newsletter? Send us an email.

8.  GWN Feedback

Please send us your feedback and help make the GWN better.

9.  GWN Subscription Information

To subscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn-subscribe@gentoo.org.

To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn-unsubscribe@gentoo.org from the email address you are subscribed under.

10.  Other Languages

The Gentoo Weekly Newsletter is also available in the following languages:



Print

Page updated 24 May 2004

Summary: This is the Gentoo Weekly Newsletter for the week of May 24th, 2004.

Yuji Carlos Kosugi
Editor

AJ Armstrong
Contributor

Brian Downey
Contributor

Stuart Herbert
Contributor

Kurt Lieber
Contributor

David Narayan
Contributor

Ulrich Plate
Contributor

Simon Holm Thagersen
Danish Translation

Jesper Brodersen
Danish Translation

Arne Mejlholm
Danish Translation

Hendrik Eeckhaut
Dutch Translation

Jorn Eilander
Dutch Translation

Bernard Kerckenaere
Dutch Translation

Peter ter Borg
Dutch Translation

Jochen Maes
Dutch Translation

Roderick Goessen
Dutch Translation

Gerard van den Berg
Dutch Translation

Matthieu Montaudouin
French Translation

Xavier Neys
French Translation

Martin Prieto
French Translation

Antoine Raillon
French Translation

Sebastien Cevey
French Translation

Jean-Christophe Choisy
French Translation

Thomas Raschbacher
German Translation

Steffen Lassahn
German Translation

Matthias F. Brandstetter
German Translation

Lukas Domagala
German Translation

Tobias Scherbaum
German Translation

Daniel Gerholdt
German Translation

Marc Herren
German Translation

Tobias Matzat
German Translation

Marco Mascherpa
Italian Translation

Claudio Merloni
Italian Translation

Stefano Lucidi
Italian Translation

Katuyuki Konno
Japanese Translation

Hiroyuki Takeda
Japanese Translation

Masato Hatakeyama
Japanese Translation

Masayoshi Nakamura
Japanese Translation

Yasunori Fukudome
Japanese Translation

Tomoyuki Sakurai
Japanese Translation

Lukasz Strzygowski
Polish Translation

Karol Goralski
Polish Translation

Atila "Jedi" Bohlke Vasconcelos
Portuguese (Brazil) Translation

Eduardo Belloti
Portuguese (Brazil) Translation

João Rafael Moraes Nicola
Portuguese (Brazil) Translation

Marcelo Gonçalves de Azambuja
Portuguese (Brazil) Translation

Otavio Rodolfo Piske
Portuguese (Brazil) Translation

Pablo N. Hess -- NatuNobilis
Portuguese (Brazil) Translation

Pedro de Medeiros
Portuguese (Brazil) Translation

Ventura Barbeiro
Portuguese (Brazil) Translation

Bruno Ferreira
Portuguese (Portugal) Translation

Gustavo Felisberto
Portuguese (Portugal) Translation

José Costa
Portuguese (Portugal) Translation

Luis Medina
Portuguese (Portugal) Translation

Ricardo Loureiro
Portuguese (Portugal) Translation

Aleksandr Martyncev
Russian Translator

Sergey Galkin
Russian Translator

Sergey Kuleshov
Russian Translator

Alex Spirin
Russian Translator

Denis Zaletov
Russian Translator

Lanark
Spanish Translation

Fernando J. Pereda
Spanish Translation

Lluis Peinado Cifuentes
Spanish Translation

Zephryn Xirdal T
Spanish Translation

Guillermo Juarez
Spanish Translation

Jesús García Crespo
Spanish Translation

Carlos Castillo
Spanish Translation

Julio Castillo
Spanish Translation

Sergio Gómez
Spanish Translation

Aycan Irican
Turkish Translation

Bugra Cakir
Turkish Translation

Cagil Seker
Turkish Translation

Emre Kazdagli
Turkish Translation

Evrim Ulu
Turkish Translation

Gursel Kaynak
Turkish Translation

Donate to support our development efforts.

Copyright 2001-2014 Gentoo Foundation, Inc. Questions, Comments? Contact us.