[4112] in linux-announce channel archive
Linux-Announce Digest #404
daemon@ATHENA.MIT.EDU (Digestifier)
Tue May 6 20:13:53 2003
From: Digestifier <Linux-Announce-Request@senator-bedfellow.mit.edu>
To: Linux-Announce@senator-bedfellow.mit.edu
Reply-To: Linux-Announce@senator-bedfellow.mit.edu
Date: Tue, 6 May 2003 20:13:04 EDT
Linux-Announce Digest #404, Volume #4 Tue, 6 May 2003 20:13:04 EDT
Contents:
ANNOUNCE: NAR 0.1 NetWorker Activity Reporter (David Stes)
Oregon Open Source bill HB2892 needs your support (Doug Dingus)
[LOCAL] Kolkata LUG's May meeting (Webmaster - iLUG-Cal)
ANNOUNCE: Atari 8bit filesystem driver for Linux 0.1 released (Michael Beck)
ANNOUNCEMENT- Small Precludes (A small OpenGL demo program) ("Jason Nunn")
ANNOUNCE: http_fetcher-1.0.2 HTTP library (Lyle Hanson)
ANN: bohtml 1.10 Released (Tim Daneliuk)
RE COMMERCIAL:clusters with Linux 7.3 MPICH (sales)
Linux Advisory Watch - April 25th 2003 (Jennifer Olson)
----------------------------------------------------------------------------
From: David Stes <stes@pandora.be>
Subject: ANNOUNCE: NAR 0.1 NetWorker Activity Reporter
Date: 6 May 2003 02:55:05 GMT
ANNOUNCE: NAR 0.1 - NetWorker Activity Reporter
NAR, the NetWorker Activity Reporter, is a reporting tool for the Legato
NetWorker backup software for Linux and Unix platforms.
NAR prints out the duration (in seconds) of save sessions and the amount
of data that was backed up (in MB/s, megabytes per second).
NAR gives an overview of what save sessions were active at what time, in
a format that is a little bit like the SAR (system activity reporter) format.
NAR is released under the GNU GPL.
The URL is : http://nmhds.sourceforge.net
##########################################################################
# Send submissions for comp.os.linux.announce to: cola@stump.algebra.com #
# PLEASE remember a short description of the software and the LOCATION. #
# This group is archived at http://stump.algebra.com/~cola/ #
##########################################################################
------------------------------
From: doug@opengeek.org (Doug Dingus)
Subject: Oregon Open Source bill HB2892 needs your support
Date: 6 May 2003 02:55:09 GMT
Hello Everyone, if you live in Oregon and are interested in seeing
more government use of Open Source Software, please take a brief
moment to contact your State Representitive and House Speaker Karen
Minnis.
Please feel free to forward, post discuss or whatever you need to do
to let others know what is happening with HB 2892.
Briefly, the bill is stalled in committee. Speaker Minnis is the one
that stalled it. Jim Craven is the AeA (American Electronics
Association) lobbyist responsible full time for keeping it that way.
You can get more information here from the lead author of the bill Ken
Barber in his latest piece in the Oregonian:
http://www.oregonlive.com/commentary/oregonian/index.ssf?/base/editorial/1051876782142831.xml
There is more information here:
http://www.mwvlug.org/legislation/journal/journal_2.html
and...
http://www.mwvlug.org/legislation/index.html
You can find your State Rep here: (Ask them why the bill is stalled
in the house)
http://www.leg.state.or.us/findlegsltr/findset.htm
You can contact Speaker Karen Minnis here: (Use the phone if you have
time! E-mail is being sorted and screened. A phone or fax will get
more notice. Ask for a response as to why this is happening.)
Contact Info:
Speaker Minnis
900 Court St. NE
Room 269
Salem, OR 97301
Phn: 503-986-1200
Fax: 503- 986-1201
e-mail: rep.karenminnis@state.or.us
The issue of Open Source is not dead in the Legislature, HB 2892 can
move forward if Minnis sees enough public support for HB 2892. We
need that support to come from concerned Oregonians. Pass the word
along!
Thanks --your efforts matter during this precarious time.
Doug Dingus
##########################################################################
# Send submissions for comp.os.linux.announce to: cola@stump.algebra.com #
# PLEASE remember a short description of the software and the LOCATION. #
# This group is archived at http://stump.algebra.com/~cola/ #
##########################################################################
------------------------------
From: Webmaster - iLUG-Cal <webmaster@ilug-cal.org>
Subject: [LOCAL] Kolkata LUG's May meeting
Date: 6 May 2003 03:00:02 GMT
Hi,
The Kolkata LUG is meets this month on the 10th. Details below.
Date and Time: 10th May, 2003, 16:30 (IST) onwards
Venue: Saltlake (see http://www.ilug-cal.org/node.php?id=130 for the details
and map)
Agenda:
4:30 PM -4:45 PM : Introductions
1. 4:45 PM - 5:45 PM : Backup and disaster-recovery strategy for SOHO users
using FLOSS Tools. -(by Indranil Dasgupta)
Intended Audience: Beginner / Intermediate
2. 5:45 PM - 6:30 PM : Winmodems and GNU/Linux. -(by Sayamindu Dasgupta)
Intended Audience: Beginner/Intermediate
...and
1. Tabling of ILUG-CAL Income-Expense Accounts.
2. Linux outreach programme - Indra'da to finally show his draft.
3. Discussion about proposed LAN-Party and Installfest on 18th May. Look for a
definite head-count.
Cover Charges: 1. Earning members : Rs 50/-
2. Non Earning members:- Rs 25/-
-cheers-
Sayamindu Dasgupta
Webmaster: iLUG-Cal
--
:
####[ GNU/Linux One Stanza Tip (LOST) ]#######################
Sub : Lesser known commands (watch) LOST #332
Want to run a command periodically? Just type: $ watch <cmd>
watch runs a command repeatedly, displaying the first screen.
This allows you to watch the program output change over time.
Look at its man page for details.
####<deepak@despammed.com>####################################
:
##########################################################################
# Send submissions for comp.os.linux.announce to: cola@stump.algebra.com #
# PLEASE remember a short description of the software and the LOCATION. #
# This group is archived at http://stump.algebra.com/~cola/ #
##########################################################################
------------------------------
From: Michael Beck <beck@ipd.info.uni-karlsruhe.de>
Subject: ANNOUNCE: Atari 8bit filesystem driver for Linux 0.1 released
Date: 6 May 2003 03:00:07 GMT
Hi,
On the website
http://www.rho-sigma.de/atari8bit/fs.html
you can find the first public release of the Atari 8bit filesystem
driver for Linux.
About:
ATR8FS is a ATARI 8bit filesystem for Linux released under the GPL. It
originated from the 8bit ATARI machines. It allows to read disk images from
a more than twenty years old computer :-)
Features of Version 0.1
- Can mount ATR images (currently the only possibiliy to access
a ATARI 8bit disk :-)
- Can read DOS2 compatible filesystems, like DOS 2.0S, DOS 2.0D,
DOS 2.5, BiboDOS, MyDOS ...
- Can read DOS3 filesystems
- Can read DOS4 (Antic DOS) filesystems
- Can read SpartaDOS 2+ compatible filesystems
- Currently NO write support
- Currently no direct disk access
- Alpha implementation, not heavily tested yet
Have fun,
--
Michael Beck beck@ipd.info.uni-karlsruhe.de
##########################################################################
# Send submissions for comp.os.linux.announce to: cola@stump.algebra.com #
# PLEASE remember a short description of the software and the LOCATION. #
# This group is archived at http://stump.algebra.com/~cola/ #
##########################################################################
------------------------------
From: "Jason Nunn" <jsno8192@yahoo.com.au>
Subject: ANNOUNCEMENT- Small Precludes (A small OpenGL demo program)
Date: 6 May 2003 03:05:01 GMT
Hello all,
I've just completed a small OpenGL demoy thing program that displays alot
of pretty graphics and animations. Have a look if you like. It's been
developed on a MD 9.0 machine. You'll need an 3D accelerated graphics
card, and OpenGL.
(Nb/ it's about 1.6 Mb)
http://jsno.arafuraconnect.com.au/rel/unix_projects/small_precludes.tar.bz2
or
http://jsno.portalcomputing.com.au/rel/unix_projects/small_precludes.tar.bz2
Give this link to anyone who has a modern linux box and hardware ;).
Following is the synopsis of the README.
See ya
:jason
--$-----------------------------------------------------------------------
The Small Precludes Demo - By Jason Nunn, (C) 2000
==================================================
Hello,
This started out as being a small project in July 2000 to learn OpenGL. I
had just quit my job at the time (Hallmark Computer Intl), and was a bit
bored. OpenGL was a passing curiousity. It also jeered up the time I wrote
demos in the early 90's ! ;).
When I started coding the small scenes, I went to pieces a bit, and the
whole thing dragged on till about Feb 2001 (I only intended to play with
it for a month ! -- I was also interrupted by other projects). I
eventually became too busy with projects within my new job. Small
Precludes consequently got shelved... which was a pity, because at that
point, it was virtually finished, and basically needed to be bolted
together.
A couple of weeks ago (April Fools Day, 2003), I got retrenched from my
current job (Arafura Connect). So, I'm unemployed again, with no projects
to invent or code. So, off the shelf it came ! ;). I'm a finisher, and
that's what I intended to do with Small Precludes-- Even if only a handful
of people get to see it (and appreciate it).
I used to write demos back in my early 20's and late teens. Some of you
(but I doubt any of you) will remember me from the Hornet demo group and
the Hornet demo news letters in the mid 90's ?.
This demo is pathetic compared with even old demos, although some of it
looks nice... But I'm rusty, and it was only a personal learning exercise
anyway. When it comes to graphics and music, I have none these skills (I
never did, I was simply more patient back then and people had a much more
tolerant standard ;). I guess the demo maker of today comes in the form of
a web developer ?..
...Anyway, I hope you enjoy this archaic and obsolete form of electronic
entertainment, for all it's worth. If you like it, write me a line ;).
Thank you.
:Jason Nunn <jsno8192@yahoo.com.au>
Darwin, Northern Territory, Australia
Sun Apr 27 23:26:46 CST 2003
oo0oo
--$-----------------------------------------------------------------------
##########################################################################
# Send submissions for comp.os.linux.announce to: cola@stump.algebra.com #
# PLEASE remember a short description of the software and the LOCATION. #
# This group is archived at http://stump.algebra.com/~cola/ #
##########################################################################
------------------------------
From: Lyle Hanson <lhanson@users.sourceforge.net>
Subject: ANNOUNCE: http_fetcher-1.0.2 HTTP library
Date: 6 May 2003 03:05:04 GMT
HTTP Fetcher 1.0.2 is now available. This is a bugfix release that fixes
a possible buffer overflow, a memory leak, and improves portability.
See:
http://http-fetcher.sourceforge.net
BLURB:
http-fetcher is a small, robust, flexible library for downloading files
via HTTP using the GET method. It's easy to use, but it also allows you
to customize and manipulate your file requests through altering the User
Agent, Referer, timeout, etc. The error reporting functions give you a
simple, clean interface through which to obtain information about a
problem.
Download and enjoy!
##########################################################################
# Send submissions for comp.os.linux.announce to: cola@stump.algebra.com #
# PLEASE remember a short description of the software and the LOCATION. #
# This group is archived at http://stump.algebra.com/~cola/ #
##########################################################################
------------------------------
From: Tim Daneliuk <tundra@tundraware.com>
Subject: ANN: bohtml 1.10 Released
Date: 6 May 2003 03:40:01 GMT
Reply-To: tundra@tundraware.com
nohtml 1.10 is released and available at:
http://www.tundraware.com/Software/nohtml/
This program removes HTML attachments in email. It is written in
Python and implemented as a filter which uses stdin and stdout. The
program is designed primarily to be used in email alias definitions.
By piping a given user's email through 'nohtml.py' first, only the
textual portion of the message will actually be delivered. This is
especially useful if you run mailing lists and want to stop HTML
from ever reaching them.
============================================================================
Tim Daneliuk tundra@tundraware.com
PGP Key: http://www.tundraware.com/PGP/TundraWare.PGP.Keys.txt
##########################################################################
# Send submissions for comp.os.linux.announce to: cola@stump.algebra.com #
# PLEASE remember a short description of the software and the LOCATION. #
# This group is archived at http://stump.algebra.com/~cola/ #
##########################################################################
------------------------------
From: sales <sales@storeanywhere.com>
Subject: RE COMMERCIAL:clusters with Linux 7.3 MPICH
Date: 6 May 2003 15:35:01 GMT
On promotion and well sold products. Please check our website:
http://www.storeanywhere.com
8 processors cluster for $5780
Include:
1 4u Dual AMD 2000mp Master Node
3 Dual AMD 2000mp Client Node
1 24 port 10/100 SWITCH
1 22u black frame rack with wheels
Red Hat Linux v7.3 (CD) with MPICH
All hardware and software fully installed and tested.
Master node:
Dual AMD 2000mp
TYAN S2466 dual CPU motherboard
80G 7200rpm hard Drive
1GB DDR 2100rpm Ram
8mb AGP Card 52X CD-Rom
2 10/100 PCI ethernet card
4U 19" RackServer Chassis with Power Supply & Slide rails
Red Hat Linux v7.3 (CD) with MPICH
Client node:
Dual AMD 2000mp
TYAN S2466 dual CPU motherboard
20G 7200rpm hard Drive
512mb DDR 2100rpm Ram
8mb AGP Card 52X CD-Rom
3.5? Floppy Drive 2 10/100 PCI ethernet card
2U 19" RackServer Chassis with Power Supply & Slide rails
Red Hat Linux v7.3 (CD) with MPICH
To order you can do so directly on line or call us on:
718-934-7313. Any queries please send the e-mail to
sales@storeanywhere.com.
##########################################################################
# Send submissions for comp.os.linux.announce to: cola@stump.algebra.com #
# PLEASE remember a short description of the software and the LOCATION. #
# This group is archived at http://stump.algebra.com/~cola/ #
##########################################################################
------------------------------
Date: Tue, 6 May 2003 18:30:18 CST
From: Jennifer Olson <jen@guardiandigital.com>
Subject: Linux Advisory Watch - April 25th 2003
+----------------------------------------------------------------+
| LinuxSecurity.com Linux Advisory Watch |
| April 25th, 2002 Volume 4, Number 16a |
+----------------------------------------------------------------+
Editors: Dave Wreski Benjamin Thomas
dave@linuxsecurity.com ben@linuxsecurity.com
Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilitiaes that have been announced throughout the week. It
includes pointers to updated packages and descriptions of each
vulnerability.
This week, advisories were released for vixie-cron, tcpdump, balsa,
sendmail-wide, ircii, mime-support, kdelibs, gkrellm, snort, ethereal, and
xinetd. The distributors include Contectiva, Debian, Mandrake, Red Hat,
Slackware, SuSE, and Turbo Linux.
Thawte: Certify your Software Integrity.
As a software developer you know that the product you make available on
the Internet can be tampered with if it is not secured. Our Free Guide
will show you how to securely distribute your code over the Internet and
how these certificates operate with different software platforms:
Find out more!
http://ads.linuxsecurity.com/cgi-bin/ad_redirect.pl?id=thawte15
Days of the Honeynet: Attacks, Tools, Incidents - Among other benefits,
running a honeynet makes one acutely aware about "what is going on" out
there. While placing a network IDS outside one's firewall might also
provide a similar flood of alerts, a honeypot provides a unique
prospective on what will be going on when a related server is compromised
used by the intruders.
http://www.linuxsecurity.com/feature_stories/feature_story-141.html
====================================================================
* Comprehensive SPAM Protection! - Guardian Digital's Secure Mail Suite is
unparalleled in security, ease of management, and features. Open source
technology constantly adapts to new threats. Email firewall, simplified
administration, automatically updated.
--> http://guardiandigital.com/cgi-bin/ad_redirect.pl?id=mailnews2
====================================================================
Making It Big: Large Scale Network Forensics (Part 1 of 2) - Computer
forensics have hit the big time. A previously superniche technology,
forensics have moved into the collective consciousness of IT sys. admins.
and Corporate CSOs.
http://www.linuxsecurity.com/feature_stories/feature_story-139.html
+---------------------------------+
| Package: vixie-cron | ----------------------------//
+---------------------------------+
Description:
The vixie-cron package contains the Vixie version of cron. Cron is a
standard UNIX daemon that runs specified programs at scheduled times.
Vendor Alerts:
Conectiva:
Contectiva Vendor Advisory:
http://www.linuxsecurity.com/advisories/connectiva_advisory-3187.html
+---------------------------------+
| Package: tcpdump | ----------------------------//
+---------------------------------+
Description:
tcpdump fails to check the boundaries of some buffers when parsing NFS
traffic. A remote atacker can exploit this vulnerability to crash the
tcpdump process or to potentially execute arbitrary code with the
privileges of the user running it (tcpdump is usually run by the root
user). This vulnerability was discovered by the tcpdump developers.
Vendor Alerts:
Conectiva:
Contectiva Vendor Advisory:
http://www.linuxsecurity.com/advisories/connectiva_advisory-3191.html
Red Hat:
Red Hat Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-3198.html
+---------------------------------+
| Package: balsa | ----------------------------//
+---------------------------------+
Description:
An attacker who is able to control an IMAP server accessed by Balsa can
exploit this vulnerability to remotely crash the client or execute
arbitrary code with the privileges of the user running it. This update
fixes this vulnerability.
Vendor Alerts:
Conectiva:
Contectiva Vendor Advisory:
http://www.linuxsecurity.com/advisories/connectiva_advisory-3195.html
+---------------------------------+
| Package: sendmail-wide | ----------------------------//
+---------------------------------+
Description:
Michal Zalewski discovered a buffer overflow, triggered by a char to int
conversion, in the address parsing code in sendmail, a widely used
powerful, efficient, and scalable mail transport agent. This problem is
potentially remotely exploitable.
Vendor Alerts:
Debian:
Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-3188.html
+---------------------------------+
| Package: ircii | ----------------------------//
+---------------------------------+
Description:
Timo Sirainen discovered several problems in ircII, a popular client for
Internet Relay Chat (IRC). A malicious server could craft special reply
strings, triggering the client to write beyond buffer boundaries. This
could lead to a denial of service if the client only crashes, but may also
lead to executing of arbitrary code under the user id of the chatting
user.
Vendor Alerts:
Debian:
Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-3188.html
+---------------------------------+
| Package: mime-support | ----------------------------//
+---------------------------------+
Description:
Colin Phipps discovered several problems in mime-support, that contains
support programs for the MIME control files 'mime.types' and 'mailcap'.
When a temporary file is to be used it is created insecurely, allowing an
attacker to overwrite arbitrary under the user id of the person executing
run-mailcap, most probably root. Additionally the program did not properly
escape shell escape characters when executing a command. This is unlikely
to be exploitable, though.
Vendor Alerts:
Debian:
Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-3193.html
http://www.linuxsecurity.com/advisories/debian_advisory-3196.html
+---------------------------------+
| Package: kdelibs | ----------------------------//
+---------------------------------+
Description:
The KDE team discoverd a vulnerability in the way KDE uses Ghostscript
software for processing of PostScript (PS) and PDF files. An attacker
could provide a malicious PostScript or PDF file via mail or websites that
could lead to executing arbitrary commands under the privileges of the
user viewing the file or when the browser generates a directory listing
with thumbnails.
Vendor Alerts:
Debian:
Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-3197.html
Mandrake:
Mandrake Vendor Advisory:
http://www.linuxsecurity.com/advisories/mandrake_advisory-3189.html
Slackware:
Slackware Vendor Advisory:
http://www.linuxsecurity.com/advisories/slackware_advisory-3190.html
SuSE
SuSE Vendor Advisory:
http://www.linuxsecurity.com/advisories/suse_advisory-3201.html
+---------------------------------+
| Package: gkrellm | ----------------------------//
+---------------------------------+
Description:
There are multiple vulnerabilities in gkrellm.
Vendor Alerts:
Debian:
Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-3199.html
+---------------------------------+
| Package: snort | ----------------------------//
+---------------------------------+
Description:
The Sourcefire Vulnerability Research Team has learned of an integer
overflow in the Snort stream4 preprocessor used by the Sourcefire Network
Sensor product line. The Snort stream4 preprocessor (spp_stream4)
incorrectly calculates segment size parameters during stream reassembly
for certain sequence number ranges which can lead to an integer overflow
that can be expanded to a heap overflow.
Vendor Alerts:
Gentoo:
Gentoo Vendor Advisory:
http://www.linuxsecurity.com/advisories/gentoo_advisory-3194.html
+---------------------------------+
| Package: ethereal | ----------------------------//
+---------------------------------+
Description:
Updated ethereal packages are now available which fix a format string bug
and a heap-based buffer overflow.
Vendor Alerts:
Red Hat:
Red Hat Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-3200.html
+---------------------------------+
| Package: xinetd | ----------------------------//
+---------------------------------+
Description:
The xinetd has the memory leaks when the connections are refused.
Vendor Alerts:
TurboLinux:
Turbo Linux Vendor Advisory:
http://www.linuxsecurity.com/advisories/turbolinux_advisory-3202.html
========================================================================
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email vuln-newsletter-request@linuxsecurity.com
with "unsubscribe" in the subject of the message.
========================================================================
##########################################################################
# Send submissions for comp.os.linux.announce to: cola@stump.algebra.com #
# PLEASE remember a short description of the software and the LOCATION. #
# This group is archived at http://stump.algebra.com/~cola/ #
##########################################################################
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: Linux-Announce-Request@NEWS-DIGESTS.MIT.EDU
You can submit announcements to be moderated via:
Internet: linux-announce@NEWS.ORNL.GOV
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Announce Digest
******************************
