Various Gentoo Documentation Updates
The Gentoo Documentation Project reports in their latest status report that they've updated several guides and added a few new ones, including the following:
The PPC team has changed some existing roles and assigned new developers to the subproject. First, Luca Barbato was elected operational manager. New developer Daniel Ostrow is taking charge of the stable project. David Holm will be in charge of the kernel, assisted by Luca and Jochen Maes. Jochen is also going to maintain the website and manage the documentation subproject. The Gentoo/PPC subproject is also looking for people who want to work on the team; interested parties should step forward in #gentoo-ppc on irc.freenode.net. For more information on Gentoo/PPC, see their website.
Pound format string vulnerability
There is a format string flaw in Pound, allowing remote execution of arbitrary code with the rights of the Pound process.
For more information, please see the GLSA Announcement
ProFTPD Access Control List bypass vulnerability
Version 1.2.9 of ProFTPD introduced a vulnerability that causes CIDR-based Access Control Lists (ACLs) to be treated as "AllowAll", thereby allowing remote users full access to files available to the FTP daemon.
For more information, please see the GLSA Announcement
Icecast denial of service vulnerability
Icecast is vulnerable to a denial of service attack allowing remote users to crash the application.
For more information, please see the GLSA Announcement
KDE URI Handler Vulnerabilities
Vulnerabilities in KDE URI handlers makes your system vulnerable to various attacks.
For more information, please see the GLSA Announcement
CVS heap overflow vulnerability
CVS is subject to a heap overflow vulnerability allowing source repository compromise.
For more information, please see the GLSA Announcement
neon heap-based buffer overflow
A vulnerability potentially allowing remote execution of arbitrary code has been discovered in the neon library.
For more information, please see the GLSA Announcement
There is a vulnerability in the Subversion date parsing code which may lead to denial of service attacks, or execution of arbitrary code. Both the client and server are vulnerable.
For more information, please see the GLSA Announcement
cadaver heap-based buffer overflow
There is a heap-based buffer overflow vulnerability in the neon library used in cadaver, possibly leading to execution of arbitrary code when connected to a malicious server.
For more information, please see the GLSA Announcement
Multiple XSS Vulnerabilities in SquirrelMail
SquirrelMail is subject to several XSS and one SQL injection vulnerability.
For more information, please see the GLSA Announcement
Multiple vulnerabilities in metamail
Several format string bugs and buffer overflows were discovered in metamail, potentially allowing execution of arbitrary code remotely.
For more information, please see the GLSA Announcement
A buffer overflow via environmental variables in Firebird may allow a local user to manipulate or destroy local databases and trojan the Firebird binaries.
For more information, please see the GLSA Announcement
Raving over rzip
"rzip" is an extremely efficient alternative to gzip. Some Gentoo users also gave it a shot and posted some feedback about it here.
XFree and unusual resolutions
If you have a laptop or flat-panel display with a screen resolution that's not one of the "typical" 800x600, 1024x768, or 1600x1200 sizes you may want to take a look here for some tips for making it look good under XFree86.
2004.1: The good, bad, and the ugly
Some people have been reporting problems using the 2004.1 CD on more exotic hardware--lockups, missed hardware detection, and the like. Read some of the feedback here.
Interesting USE flag
One Gentooer discovered an interesting and somewhat humorus USE flag in the "netcat" package this week. Check it out!
Germany: Rhein-Ruhr Gentooistas Meet Again
Next month on 4 June, same time (19:00 hours), same place as always: The Ruhrgebiet group of Gentoo activists meets at Gasthof Harlos again. An interesting side aspect and quite possibly a significant difference to similar events elsewhere is the availability of DSL at the premises, and just like last month, Gentoo dev Pylon will bring a wireless access point. Polish your antennas, compile your kernels with WLAN support, and off you go to a big friendly evening with the regulars. Possible bowling included, coordination thread in the forums as usual.
Quick 'cd' trick
To return to the previous directory in the shell (bash, ksh, zsh, etc), use cd -
Code Listing 5.1 |
$ pwd /home/rd $ cd /tmp $ cd - $ pwd /home/rd |
The following developers recently left the Gentoo team:
The following developers recently joined the Gentoo Linux team:
The following developers recently changed roles within the Gentoo Linux project:
Interested in contributing to the Gentoo Weekly Newsletter? Send us an email.
Please send us your feedback and help make the GWN better.
9. GWN Subscription Information
To subscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn-subscribe@gentoo.org.
To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn-unsubscribe@gentoo.org from the email address you are subscribed under.
The Gentoo Weekly Newsletter is also available in the following languages: